Bitcoin isn't PRISM-proof

In the aftermath of the revelation of PRISM, the NSA spying program that collects user data from nine major U.S. tech companies, many have highlighted alternate options from organizations that are not known to be cooperating with government surveillance efforts.

Among those alternatives, Bitcoin has been pegged as a more private payment option. At, which lists alternatives to all the services that fall under the PRISM umbrella, Bitcoin is the only listed alternative to online payment services, such as PayPal and Google Wallet.

10 scary facts about Bitcoin

Bitcoin ATM is 'horrible for money laundering', says co-creator

But users should know that Bitcoin is not as anonymous as it seems, and while there is no evidence that Bitcoin services are collaborating with federal agencies, information on Bitcoin transactions is readily available to them on the Internet.

A 2011 study conducted by University College Dublin researchers Fergal Reid and Martin Harrigan concluded that although anonymity has been one of Bitcoin's main selling points, "Bitcoin is not inherently anonymous."

"We have performed a passive analysis of anonymity in the Bitcoin system using publicly available data and tools from network analysis," the researchers wrote in a blog post. "The results show that the actions of many users are far from anonymous. We note that several centralized services, e.g. exchanges, mixers and wallet services, have access to even more information should they wish to piece together users' activity. We also point out that an active analysis, using say marked Bitcoins and collaborating users, could reveal even more details."

In 2012, the publicly available data on Bitcoin transactions was used by researchers Adi Shamir and Dorit Ron to identify the first ever transaction on the network, which is believed to be from an account held by Bitcoin's mysterious creator, known only as Satoshi Nakamoto. While these transactions were covered up quite well, Ron and Shamir concluded that they are not entirely untraceable.

"Finally, we noted that the subgraph which contains these large transactions along with their neighborhood has many strange looking structures which could be an attempt to conceal the existence and relationship between these transactions, but such an attempt can be foiled by following the money trail in a sufficiently persistent way," the report explains.

This may not come as a surprise to the most passionate members of the Bitcoin community, who look at Bitcoin as a movement to revolutionize online payments, rather than a tool to remain anonymous on the Internet. Zach Harvey, co-founder of Lamassu and co-creator of the Bitcoin ATM, says Bitcoin is actually "horrible for money laundering" because the veil of anonymity can be lifted.

Indeed, late last month the online currency exchange service Liberty Network, which is similar to Bitcoin, was infiltrated by international law enforcement agencies that allege it laundered more than $6 billion in money for criminal organizations. The investigation was brought down after an undercover agent created an account on Liberty Network and listed the purpose as "cocaine."

Basically, if independent researchers can trace Bitcoin transactions back to the people responsible, and the U.S. government can investigate digital currencies hosted overseas (Liberty Network was based in Costa Rica), then the NSA, CIA, FBI or any other federal agency can likely peek into Bitcoin activity as well.

Colin Neagle covers emerging technologies and the startup scene for Network World. Follow him on Twitter and keep up with the Microsoft, Cisco and Open Source community blogs. Colin's email address is

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags GooglesecuritysoftwarepaypalWide Area Network

More about CiscoFBIGoogleMicrosoftNSAPayPalPrism

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Colin Neagle

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place