Thursday, May 2, 2013

The IRS and Bitcoins

 Forbes columnist Robert W. Wood writes (my highlight):
Bitcoin is virtual currency much in the news these days. It’s peer-to-peer so there’s no central bank or government. But if you think that means the IRS won’t get a piece, think again. 
The IRS already gets a piece where you swap one product or service for another, as the IRS explains at its Bartering Tax Center. Soon the IRS may have a Bitcoin Center too. The Treasury unit called FinCEN, the Financial Crimes Enforcement Network, already has rules about Bitcoin and the IRS is likely to follow. 
In the meantime, the tax rules seem pretty clear. If you provide services or sell goods for Bitcoin, you have income. If you exchange Bitcoins for cash, whether you have gain may depend on whether Bitcoin is really currency or commodity. The latter seems more likely, meaning you have gain to the extent of the appreciation in your Bitcoin.
Income is income, whether you get it in cash or in kind. Bitcoin may be acc
Also, keep in mind that Bitcoins are not that anonymous.This is from the wiki on Bitcoins and anonymity:

Chart 1
Chart 2

While the Bitcoin technology can support strong anonymity, the current implementation is usually not very anonymous.

The main problem is that every transaction is publicly logged. Anyone can see the flow of Bitcoins from address to address (see first image). Alone, this information can't identify anyone because the addresses are just random numbers. However, if any of the addresses in a transaction's past or future can be tied to an actual identity, it might be possible to work from that point and figure out who owns all of the other addresses. This identity information might come from network analysis, surveillance, or just Googling the address. The officially-encouraged practice of using a new address for every transaction is designed to make this attack more difficult.

The flow of Bitcoins from address to address is public. 
The second image shows a simple example. Someone runs both a money exchanger and a site meant to trap people. When Mr. Doe buys from the exchanger and uses those same coins to buy something from the trap site, the attacker can prove that these two transactions were made by the same person. The block chain would show:

Finding an "identity anchor" allows you to ruin the anonymity of the system. 
Import coins from address A. Send 100 to B. Authorized by (signature).Import coins from address B. Send 100 to C. Authorized by (signature).You can't change your "sending address"; Mr. Doe must send coins from the same address that he received them on: address B. The attacker knows for a fact that address B is Mr. Doe because the attacker received $5 from Mr. Doe's Paypal account and then sent 100 BTC to that very same address.
Another example: someone is scammed and posts the address they were using on the Bitcoin forum. It is possible to see which address they sent coins to. When coins are sent from this (the scammer's) address, the addresses that receive them can also be easily found and posted on the forum. In this way, all of these coins are marked as "dirty", potentially over an infinite number of future transactions. When some smart and honest person notices that his address is now listed, he can reveal who he received those coins from. The Bitcoin community can now break some legs, asking, "Who did you receive these coins from? What did you create this address for?" Eventually the original scammer will be found. Clearly, this becomes more difficult the more addresses that exist between the "target" and the "identity point".
You might be thinking that this attack is not feasible. But consider this case:
You live in China and want to buy a "real" newspaper for Bitcoins.You join the Bitcoin forum and use your address as a signature. Since you are very helpful, you manage to get 30 BTC after a few months.Unfortunately, you choose poorly in who you buy the newspaper from: you've chosen a government agent! Maybe you are under the mistaken impression that Bitcoin is perfectly anonymous.
The government agent looks at the block chain and Googles (or Baidus) every address in it. He finds your address in your signature on the Bitcoin forum. You've left enough personal information in your posts to be identified, so you are now scheduled to be "reeducated".
You need to protect yourself from both forward attacks (getting something that identifies you using coins that you got with methods that must remain secret, like the scammer example) and reverse attacks (getting something that must remain secret using coins that identify you, like the newspaper example).

1 comment: