Firm Blog Postings

Blockchain and Our Privacy


Nine years ago, an individual, or group of individuals, known as Satoshi Nakamoto released a Whitepaper titled Bitcoin: A Peer-to-Peer Electronic Cash System. 1 Since its release, there has been a fascinating interest in the technology behind Bitcoin, blockchain technology. In the whitepaper, Nakamoto describes blockchain technology without actually mentioning it by name. Individuals from all over the globe have speculated, studied and published theories on how blockchain technology works, how it will impact our personal and professional lives in the future along with the seemingly limitless possibilities of hopeful grandeur. Blockchain enthusiasts have already begun to label it as being just as revolutionary as the internet was in the 1990’s. Many are predicting it to be a major disruption to financial institutions that will ultimately change accounting, finance and legal professions. Enthusiasts claim that it is the most secure form of transaction available these days. Just like the internet, or any new technology released to the masses, there will be a learning curve as to what exactly blockchain is, how it works and what its potential is. Because blockchain is still considered to be in its infancy, the consequences of using it, whether good or bad, remains unknown. Whether we like it or not, and whether we are ready or not, blockchain is here. Is blockchain technology something that we, as ordinary citizens, should accept and be excited about? Or is it yet another attack on our privacy?


What is Blockchain Technology?

Blockchain technology is a distributed peer to peer public ledger of transactions that is neither owned nor controlled by any one individual or entity. The information on the blockchain is not stored on a centralized database like those used by banks or large companies. 2 Instead, volunteers from around the world provide their own computers (“nodes”) that collectively creates a decentralized distributed database that encrypts the information stored on the blockchain. In fact, anyone who wants to volunteer their node to verify transactions on the blockchain may join the network and do so. 3

According to Nakamoto, when new transactions occur, they are broadcast to every node on the network. The nodes gather new transactions into a block to verify. When a node verifies a transaction, it broadcasts the block to every node. The nodes accept the block by working on creating the next block in the chain. The nodes each compete with one another to be the first to verify the first transaction in a new block. The first node to verify a transaction or create a new block is rewarded with new cryptocurrency coins or transaction fees. Nakamoto argues that this incentive is a way for nodes to support the network and encourage honesty. 4

Once verified, the blockchain permanently records every transfer of funds from one user account to another and stores that information into encrypted blocks. It is available to anyone who wants to access it.


Is the Blockchain Anonymous?

A common misconception with the Bitcoin blockchain is that many people believe that every transaction is fully anonymous and untraceable, when in fact, it is pseudonymous and completely traceable. 5 In order to purchase Bitcoins, an account, or wallet, must be set up with a Bitcoin exchange service. The service provides each individual with a Bitcoin address. These addresses are stored with every transaction they are a party to. A summary of the transactions associated with the address can then be located on the exchange service website. The privacy policy for the exchange service, Coinbase, explains how much information is collected through their service. Information collected when using such services includes: name, address, phone number, email, Skype ID, full bank account and routing numbers and/or credit card numbers used to link the account. Information about transactions and other activities on the site are also collected. If the user decides to limit the use of their personal information, certain features may not be available to them. 6

Linking an identity to a Bitcoin address may be done in a number of ways. It is a given that exchange services like Coinbase are able to make the connection between the two. In addition, there are new emerging companies like Elliptic that specialize in making this connection to combat illicit activity occurring on the Bitcoin blockchain. Another way this can be accomplished is explained by the following example. Suppose two friends agree to and execute a transaction on the Bitcoin blockchain. They both will see each other’s wallet address and be able to look at each other’s past and future transactions. They may see an unusual transaction, or one they don’t agree with morally and disclose that information to others. If the individuals are public figures would it be surprising to anyone if their activities were made known?


Conversely, if a criminal can make this link by hacking an exchange service, the hacker would know personal identifiable information which they could then use in conjunction with the blockchain to find information about the finances and spending patterns of their next target.


One of the reasons blockchain enthusiasts like the idea of a decentralized database is because it will hinder cybercriminals’ ability to steal personal identifiable information. While this may be true in the infancy stage of the blockchain, it will not always be the case. At the rate at which technology is developed, if decryption technology does not exist, it will most likely be developed and used to decrypt the blockchain, making all parties to all transactions known. 7 In January 2016, the Bitcoin Blockchain was 50 GB in size. By January 2017, the Bitcoin blockchain almost doubled to 98GB and growing. 8 The Bitcoin Blockchain’s size could very well be over 200GB at the time of this writing. There is a lot of information for a criminal with the right technology to work with.


The internet has given us a convenient means of conducting our entire lives digitally. For example, we give our information to companies to store on hand for recurring monthly payments so we don’t have to remember to pay them. We use credit and debit cards that have our information on them when we make purchases with them. The downsides to these conveniences are shown in the following illustration.


In 2012, Target was able to figure out that a teenage girl was pregnant before her father. Target had about 25 items that, when purchased in combinations, had a positive correlation to pregnancy. Target gathers information by assigning every shopper an ID number that records every interaction that shopper has with Target. Using the items she purchased, along with her name and address collected from her credit card or perhaps a Target card, she was sent advertisements for baby products in the mail. 9 It is fascinating that Target found a way to identify pregnant women with accuracy, but at what expense? How often do we read the privacy statement that comes with the card we use at the grocery store to see what we are exchanging for store discounts? How often do we scroll down the Terms and Conditions page looking for the check box to acknowledge that we’ve read and understand it?


As previously discussed, the privacy policy for Coinbase explicitly lists out the many avenues in which they are able to collect information about their users. What do they do with this information? Steven Goldfeder at Princeton University conducted a study about the way information leaks when individuals use Bitcoin. He claims that even if users use additional privacy protections like CoinJoin, which comingles multiple users’ Bitcoins making a transaction more difficult to trace back to one particular user, web trackers and cookies have been known to intentionally leak information like: name, address, email, browsing habits, and purchase amounts for purposes of advertising and analytics. He further claimed that “many merchant websites have far more serious (and likely unintentional) information leaks that directly reveal the exact transaction on the blockchain to dozens of trackers.” The study also revealed that a link can still be made on a hidden transaction if the leak includes the amount and time of the purchase. 10

In 2015, the personal information of 32 million people was published on the dark web after it was hacked from Ashley Madison, a popular dating service for married people. 11 The difference between personal information being stolen on merchant websites like Ashley Madison and Coinbase is the amount of financial information obtained. With Coinbase, our personal information along with our wallet ID will be disclosed. Using the wallet ID, our financial activities will also be disclosed. Whereas with Ashley Madison, or any other merchant website, our personal information along with only the Ashley Madison transactions will be made known. Bitcoin exchanges like Coinbase are only one hack away from world publication of their users’ information on the blockchain.


The blockchain is only a secure and private way of making payments if exchange services are trustworthy and proactive enough in properly preventing cybercriminals from stealing personal information and if no one had a desire to link personal information to wallet IDs. Because of the day and age in which we live, it is highly doubtful that cyberattacks will stop anytime soon along with the desire for merchants to analyze leaked data in order to better advertise their products to consumers.


Although technology has made, and continues to make our lives easier, it is important to remember the amount of privacy we trade when using it. Other than not using technological services, taking the time to develop the habit of reading over various privacy statements and having a full understanding of how our information can be used along with the risks we assume when using these types of services is more likely than not the most proactive way of protecting ourselves. However, at the rate at which technology grows it will be that much more important to protect our privacy moving forward. It is no different with the blockchain. The amount of personal information and spending patterns and habits that could end up being exposed to the world is just not worth the privacy given up.

Expert Forensic Accounting Services

Chicago | Las Vegas


Insurance Claims
Accounting Investigations
Mergers & Acquisitions
Due Diligence Reviews
Dispute Advisory Services
Special Examinations
Contract Audits and Recoveries


Expert Witness Testimony
Commercial Damages
Shareholder/Partner Disputes
Bankruptcy and Insolvency
CPA Malpractice Claims
Contract Disputes
Estate and Trust Disputes
Data Mining & Electronic Discovery


Individual, Trust, and Estate
S-Corp & C-Corp, Partnership
Year-end Tax Planning
and Estimated Tax
Taxation of Executive Compensation
Reasonable Compensation Estimates
Tax Disputes and Audits