A series of documents recently published by The Intercept shows that the NSA has been tracking Bitcoin users for years. The documents were provided by NSA whistleblower Edward Snowden. While many other federal agencies are paying private contractors, such as Chainalysis, to provide information on Bitcoin transactions and users, the US intelligence community has been running their own cryptocurrency surveillance programs. What was supposed to be a counterterrorism program has been morphed into a law enforcement program. People who committed drug crimes were also targets for surveillance.
The Bitcoin surveillance program known as MONKEYROCKET operates under the NSA’s OAKSTAR program. Under OAKSTAR, the NSA partners with private telecommunications corporations to tap into fiber optics networks and collect Upstream intelligence. The OAKSTAR program became known to the public during the first series of documents released in 2013 from the collection of documents Edward Snowden gave to journalists. The NSA does what is known as a “full take” on the data, which means they copy all data passing through the network, including metadata and content. Fiber optics networks are tapped and copies of the data sent on those networks is sent to the NSA’s European Technical Center in Wiesbaden, Germany.
In an NSA report from March of 2013, the MONKEYROCKET program was described as being the only source for signals intelligence development (SIGDEV) for Bitcoin targets. However, it appears the NSA has since created other programs which help collect signals intelligence on cryptocurrency users. According to another report from the NSA, MONKEYROCKET is a “non-Western internet anonymization service” that became operational in July of 2012. The NSA had planned for the MONKEYROCKET service to attract people engaged in terrorism, with large user bases in China and Iran. NSA documents referred to MONKEYROCKET as a “browsing product.” Some have speculated that the service was a VPN. The program had 16,000 registered users in July of 2012. The NSA’s fake anonymization service was used to lure Bitcoin users into using the service so that the NSA could conduct surveillance on the user and their Bitcoin transactions.
While the documents do not prove that the NSA helped unmask Silk Road’s Dread Pirate Roberts, it shows that the NSA was conducting surveillance on Bitcoin users half a year before Ross Ulbricht’s arrest. During the trial, Ross Ulbricht’s lawyers argued that the evidence against him was obtained illegally from intelligence agencies. The NSA had helped shut down an electronic payments system used by criminals called Liberty Reserve, which was shut down by American law enforcement agencies for money laundering in 2013 using the USA PATRIOT Act. The federal government began prosecuting Ross Ulbricht five months after Liberty Reserve shut down.
Information obtained through the NSA’s warrantless mass surveillance programs is often passed on to federal and state law enforcement agencies. Law enforcement often use a process called parallel construction to hide the fact that an investigation began with a tip or evidence from an NSA intercept obtained without a warrant. Shortly before the end of Obama’s presidency, the President expanded law enforcement’s ability to access raw intercepts from the NSA. The OAKSTAR and MONKEYROCKET programs are operating under Executive Order 12333.
American intelligence agencies like the NSA are authorized under Executive Order 12333 to collect and share data that is “incidentally obtained” and that “may indicate involvement in activities that may violate federal, state, local or foreign laws.” President Ronald Reagan first signed Executive Order 12333 in late 1981 and gave new authorities to American intelligence agencies. The order was expanded through three amendments made during President George W. Bush’s two terms in office, in 2003, 2004, and 2008, and further expanded through another order issued by President Barack Obama. The NSA’s interest in tracking Bitcoin users and transactions could lead to increased interest in, and use of, privacy-centric cryptocurrencies such as Monero. The NSA also seems to be interested in finding a way to track the untraceable Monero transactions, and in a recent leak it appeared the NSA was working with the Army on finding ways to compromise Monero’s privacy features.