New Crypto Legislation: Criminal Implications

The landscape of cryptocurrency in the United States is poised for potential shifts with the incoming presidential administration. While there’s growing anticipation of more pro-crypto legislation from Congress and the Trump administration, a critical element – cybersecurity – might be overlooked. Cryptocurrency, encompassing Bitcoin, Ethereum, Dogecoin, and others, has certainly amassed a considerable following in the US. About 17% of American adults have engaged in crypto trading. However, this market share has remained stagnant since 2021 according to Pew Research Center. This relative lack of growth is compounded by the fact that a substantial majority, 63% of American adults, have significant doubts about the safety and reliability of cryptocurrencies.

Political Priorities: Industry vs. Consumer

Despite widespread public skepticism regarding cryptocurrency, the incoming administration seems to be primarily focusing on the needs of the crypto industry, rather than the concerns of consumers. Dusty Johnson (R-South Dakota), a key figure in drafting the Financial Innovation and Technology for the 21st Century Act (FIT21), emphasized the industry’s need for a clear regulatory structure. FIT21, which passed the House with bipartisan backing, proposes a framework for digital assets under US law. While FIT21 does include some measures for crypto cybersecurity, Johnson anticipates further developments in this area under the new administration. Glenn "GT" Thompson (R-Pennsylvania), Chairman of the House Committee on Agriculture and another co-author of FIT21, also underscores the importance of the cybersecurity provisions within the bill. These provisions require financial intermediaries to actively evaluate and mitigate cyber vulnerabilities to protect their services and their customers’ assets. Thompson stresses that these cybersecurity requirements are essential for safeguarding digital asset markets and their participants.

The Influence of Pro-Crypto Figures

However, the emphasis on security isn’t a guarantee. Experts like Jeff Le at Security Scorecard, point to the composition of the incoming economic team. Comprising figures like SEC Chair-designate Paul Atkins, Commerce Secretary Howard Lutnick, and Treasury Secretary-designate Scott Bessent, they are viewed as long-time supporters of cryptocurrencies. Furthermore, President-elect Trump has designated venture capital investor David Sacks as his AI and crypto "czar." This concentration of pro-crypto influence suggests a potential de-prioritization of comprehensive cybersecurity regulations. These appointments are critical because in the realm of politics, as the saying goes, "personnel is policy." In essence, those in key positions of power tend to shape the policies and priorities of that organization, and in this case, the incoming administration.

Cybersecurity Regulation: An Uncertain Outlook

The cryptocurrency industry’s political involvement is also a significant factor. In the 2024 election cycle, the industry donated substantial sums, not solely to the Republican Party, but to lawmakers perceived as being sympathetic to crypto regulation. This approach is likely to continue into the future as evidenced by the pro-crypto PAC, Fairshake, along with its affiliates, raising significant funds in preparation for the 2026 midterm elections. They are backed by substantial figures from the cryptocurrency sphere. This level of financial involvement can exert considerable sway over politicians and policy-making. Industry advocates tend to favor fewer rules, whereas proponents of consumer protection typically favor more regulations that safeguard the consumer.

This leads to the question: while proponents advocate for a more pro-crypto environment, are they as keen on additional regulations, specifically on the cybersecurity side? It’s a rare sight to witness crypto backers advocating for increased regulation. One reason is that the anonymity and decentralization offered by cryptocurrency, often cited as key benefits, are in direct conflict with stricter regulatory measures. These inherent characteristics also make cryptocurrencies challenging to regulate using traditional frameworks. Given the current indications from key figures in the upcoming administration, along with the strong influence of crypto proponents, experts predict there will not be significant advancements in cryptocurrency regulation within the next four years, particularly on the area of consumer protection.

Cybercrime and the Cryptocurrency Connection

The lack of regulatory movement has implications for cybersecurity. There’s a clear relationship between a pro-crypto environment and investors’ increased enthusiasm for digital assets. And when the value of digital assets like Bitcoin increases, so does the potential reward for cybercriminals. Cybercrime is often driven by the potential for financial gain, and when the value of cryptocurrencies like Bitcoin goes up, cybercriminals are likely to exploit the situation. For example, in ransomware attacks, while ransoms are listed in USD, payments are most frequently executed in Bitcoin. A lack of regulation essentially signals that existing cybercrime operations in the space will continue to be viable and are unlikely to be subject to government interference.

Cybercriminals are also adopting advanced strategies to evade regulations and scrutiny by using more obscure cryptocurrencies, such as Monero. These lesser-known currencies offer greater anonymity, making it harder for law enforcement to track transactions.

A Narrower Path to Regulation: Focusing on Ransom Payments

Given the challenges inherent in regulating cryptocurrencies themselves, authorities are more likely to focus on regulating entities that issue cryptocurrency payments, specifically ransom payments and transactions of a similar nature. This approach may include increased requirements for reporting ransom payments. This type of regulation focuses on the end-users of cryptocurrencies rather than the underlying digital assets themselves, making it a more palatable option in the current political environment.

Ransomware is not the only reason parties might utilize cryptocurrency. Crypto is a common payment method in cases of digital extortion, often to further protect the identity of the criminal. Additionally, parties may use cryptocurrency to obtain leaked credentials, or data acquired from illicit online forums. In another scenario, private individuals participating in bug bounty programs (whether voluntary or coerced) might request payment in cryptocurrency to maintain privacy. While other reasons for businesses to use cryptocurrencies exist, these are among the most typical. However, these actions could negatively impact the value of cryptocurrency by virtue of changing transaction volume.

Balancing Transparency and Security

Cybersecurity legislation could address companies paying ransoms in cryptocurrency. Steve McNew of FTI Consulting emphasizes that there’s more to the issue than just public policy. Companies that are victims of cyberattacks and required to disclose ransom payments could potentially become more vulnerable to future attacks. Therefore, while mandatory disclosures could provide valuable insights into the flow of funds and the types of cryptocurrencies used, they could also create new security challenges for companies, and their partners, employees, and customers. Policy decisions in this area, then, need to carefully weigh the need for transparency alongside the potential for exacerbating risks. Unfortunately, FIT21 did not address these issues specifically during its passage through the House.

Legislation and International Collaboration

Some legislative efforts may address this challenge by allowing companies to share cybersecurity threat data with the government, as well as other entities. Another potential approach is to establish clear protocols for ransomware payments to ensure that they are made through a controlled and legally compliant system, which could include the usage of cryptocurrencies. However, it’s unclear whether the new administration will continue the outgoing administration’s leadership role in the International Counter Ransomware Initiative, which is focused on preventing the payment of such ransoms.

The Challenge of Defining the Basics

Beyond specific issues like ransomware, fundamental aspects of cryptocurrency, even including its definition, could hinder legislation, including efforts to foster innovation and adoption. Establishing essential parameters and a governance structure for the industry is key before any meaningful legislation can be enacted. A crucial step is designating the proper authority to oversee digital assets: The SEC? The CFTC? Another body? Furthermore, essential matters including taxation and broker-dealer definitions for digital asset markets need to be defined to ensure the effectiveness of any future regulation. Unfortunately, these issues were a major point of dispute in the previous administration, and, given a closely divided House, crafting an agreement could prove to be difficult moving forward.

Summary

The upcoming political landscape presents both opportunities and challenges for cryptocurrency. While there is anticipation of more pro-crypto legislation under the Trump administration, there is potential for cybersecurity concerns to be overlooked. This risk is driven by the prioritization of the industry’s interests over consumer protection, the appointment of pro-crypto individuals to key leadership positions, and the significant political influence of the cryptocurrency industry. As a result, experts predict minimal regulatory advancements in the next four years. This, in turn, could cause a rise in cybercrime, given the correlation between a pro-crypto environment and the value of digital assets. While the focus of regulation may shift towards organizations issuing cryptocurrency payments, such as ransom payments, there remains considerable groundwork to be done in establishing basic governance structures for the cryptocurrency industry.

Frequently Asked Questions (FAQ)

  • What is cryptocurrency? Cryptocurrency is a digital or virtual currency that uses cryptography for security and operates independently of a central bank.
  • What is the FIT21 Act? The Financial Innovation and Technology for the 21st Century Act (FIT21) is legislation addressing the treatment of digital assets under U.S. law. It includes some cybersecurity provisions.
  • Why is cybersecurity a concern for cryptocurrency? Cryptocurrency transactions are often irreversible, and security breaches can result in significant financial losses. The anonymity can also hinder law enforcement efforts.
  • What is the "International Counter Ransomware Initiative?" A coalition of 68 countries working together to prevent the payment of ransomware and thereby reduce the financial motivation for these attacks.
  • Why are some cryptocurrencies, like Monero, harder to regulate? They offer increased anonymity, making them more difficult to track transactions than more public cryptocurrencies such as Bitcoin.
  • Why is it difficult to regulate cryptocurrency? The decentralized nature of cryptocurrency makes it difficult to regulate using traditional financial frameworks. Also, different countries have different standards and regulations.
  • What are "bug bounty" programs? These are programs whereby organizations will reward people for discovering, and reporting, issues in there software or hardware.

References

  • Pew Research Center. (2024). Majority of Americans Aren’t Confident in the Safety and Reliability of Cryptocurrency.
  • Various CNBC articles covering relevant quotes and perspectives mentioned by individuals.
  • Information on bill FIT21 from the U.S. Congress public records.
  • Information about the International Counter Ransomware Initiative from public sources.
  • Security Scorecard. (Information related to Jeff Le’s position and opinions).
  • GuidePoint Security (Information related to Jason Baker’s position and opinions).
  • FTI Consulting (Information related to Steve McNew’s position and opinions).