Another way to buy bitcoin is also spreading the word to the masses: bitcoin ATMs. These kiosks are popping up in cities where people who want to buy or sell bitcoin can reach them, and many others walking past are still hearing about bitcoin for the first time. This publicity comes with a disturbing catch, though: biometric authentication (scanning the customer’s body to prove identity). This prompts an obvious question…
Does biometric authentication completely undermine the inherent privacy of bitcoin?
CoinMe set up the first bitcoin ATM in Seattle, Washington. According to their web site, potential customers will need to jump through a series of hoops just to create an account on the machine. Use of the kiosk requires a valid phone number, four palm scans, a new photo taken at the kiosk, and a scan of government issued identification.
One thing that appeals to people is the virtual anonymity of bitcoin. Not even a government can easily monitor how much is bought, sold, or transferred so long as bitcoin users are careful. When a company records biometrics and government identification, it’s impossible to be anonymous. Customers could immediately transfer the bitcoin from a CoinMe paper wallet to a different wallet, but there’s still a record of those individuals having used the ATM to purchase specific amounts of bitcoin at specific times.
What might the people running bitcoin ATMs do with that information? What measures are in place to be sure it doesn’t get into the hands of advertisers or identity thieves? Do they share all the information they collect with the IRS or the NSA?
We reached out to both CoinMe and Robocoin, another bitcoin ATM service using biometric authentication, with concerns about how they would handle our personal information. Neither company responded to our e-mails, so it is still unknown to us how these companies might treat their customers’ information. Further investigation at least led to an announcement from Robocoin about compliance with “Know Your Customer” regulations in the United States. These regulations require personally identifying information in order to conduct financial transactions, and are meant to prevent money laundering and the funding of terrorism. Last year the public learned of the United States government’s massive domestic spying programs, targeting of political dissidents by the IRS, and fraud in nearly every 3-letter agency in government. Are these regulations truly in place to keep us safe? Or do they actually enable crime on behalf of the politically connected and those who control such a system?
Lamassu‘s bitcoin ATMs require no personal identification. Simply present your QR code, insert money, and watch the bits rain down into your digital wallet. Without biometric authentication, though, it isn’t likely Lamassu’s machines will catch on in the United States due to non-compliance with legislation. Fortunately, bitcoin’s inherent anonymity will be preserved in the international use of these ATMs.
As technology takes the world beyond centralized currency, the United States will also have to change with the times. We don’t need government to babysit us; citizens of the world will need to be trusted to handle our own financial transactions. Government cannot effectively regulate bitcoin anyway. It is beyond one nation, beyond the federal reserve, and beyond the NSA. There are fundamental questions about privacy and the role of government that need to be answered. Other nations do not have such ridiculous control over such an amazing technology. When personal computers can easily and privately purchase bitcoin online without biometric scanning, it seems absurd to force biometric authentication for bitcoin ATMs. The United States is significantly behind the times.