Photo illustration by Rafael Henrique/SOPA Images/LightRocket.
I worry that the introduction of anonymous payments in the messaging app Signal could have big implications for regulators around the world who have been looking for an excuse to eliminate end-to-end payments.
Platformer was the first to report a year ago that Signal was considering adding cryptocurrencies to the platform. Moxie Marlinspike is the CEO of Signal, and he has been an adviser to the Mobile coin, which is designed to make payments as anonymous as cash. The idea of MobileCoin is to build a system that hides everything from everyone.
Marlinspike told me last year that Signal had begun some design explorations around a MobileCoin integration. Marlinspike told me that if they decided to put payments into Signal, they would try to think carefully about how they did that. It is hard to be completely hypothetical.
The work to integrate MobileCoin was already underway, just as nervous employees had told me. In the spring, Signal announced a test of the integration in the United Kingdom, and it was quietly rolled out to the rest of the world in November. The company's usually very active website had nothing to say about it. Andy Greenberg is in the magazine.
Josh Goldbard, the founder of MobileCoin, said that the timing of the launch spurred massive adoption of thecryptocurrencies, which now sees thousands of daily transactions. There are over a hundred million devices on planet Earth that have the ability to send an end-to-end encrypted payment in five seconds or less, according to Goldbard.
>
Signal didn't respond to requests for comment on the global roll out of the payments feature. In April of last year, the creator of Signal told WIRED that he wanted to add payments to the app to match features from rivals, while also bringing privacy protections to monetary transactions. When you pay your therapist for a session over Signal, you can feel a sense of privacy, according to Marlinspike.
There is nothing sinister about adding payments into a messaging app, and Signal is not alone in doing so. The combination of end-to-end encryption in messaging and a coin with privacy features is what sets Signal apart.
Current and former Signal employees told me last year that they were worried about what that combination would bring to the app. They told me that anonymous transactions would attract criminals and that regulatory scrutiny would follow. The addition of anonymous payments was a needless provocation, given that end-to-end encryption already faces legal challenges around the globe. It could give more fodder to the people who want to end encryption.
I think it is important that private communication systems are widely available in a world of authoritarianism. Anti-money-laundering and Know Your Customer (KYC) laws are useful in fighting terrorists, murder-for-hire plotters, and other harms. It seems to me that if messaging apps are going to add payments in the future, they should do so in a way that is consistent with the laws.
I am told that other supporters of end-to-end encryption have privately urged Signal to be more cautious about its payment plans. Signal is funded by a nonprofit organization and relies on donations.
The question is how regulators will respond. India is trying to implement rules that would require any messages sent on the internet to betraceable. The case is still pending after the Indian government was sued to prevent the rules from taking effect.
Adding pseudo-anonymous money transfer functions increases their legal attack surface.
The European Union is considering ways to limit or break the security of the internet. There are occasional calls for companies to introduce back doors for law enforcement, but there is no legislation in the US to do so.
The United States has anti-money-laundering and KYC laws. You can't buy MobileCoin from a US-based address. The risk is that prosecutors could still use existing laws to put pressure on encryption.
Alex Stamos, who was Facebook's chief security officer at the time, said thatSignal andWhatsApp have effectively protected end-to-end encryption from multiple legal attacks. Adding pseudo-anonymous money transfer functions increases their legal attack surface, while creating the possibility of real-life harms that will harm them in court, legislatures and public opinion.
New York's Department of Financial Services could be the culprit behind a new attack on encryption.
The First Amendment has never protected the anonymity of the movement of money, and payment processors have very serious federal and state laws that they must comply with.
Signal didn't reply to the request for comment. A FAQ page on its website says this about MobileCoin.
People and entities misuse all types of financial platforms. Buy mobile coin is a website that applies best practices of financial institutions around the world to prevent bad actors from obtaining mobile coin. Any third-party entities that buy, sell, or trade MobileCoin apply their own standards and practices to vet persons or entities trying to purchase the coin.
The foundation that runs Diem has committed to following anti-money-laundering laws. Diem is not yet available on the platform that launched the test last month, in keeping with the cursed nature of the project.
There are many ways that Signal could head off a conflict with regulators. KYC features could be added or replaced with a more compliant currency. The company hasn't said anything over the past year, so it's not clear if it intends to do either.
If that is the case, backers of encryption can only hope that Signal won't harm end-to-end encryption more broadly. A high-profile fight over money laundering is not something we need.
