Let me preface this post by saying and I am not a lawyer, nor should you construe this document as legal counsel of any kind. I am however a huge fan of Coinbase. They were an early mover in the digital currency space, have received significant venture capital funding and clearly are making a concerted effort to push Bitcoin into the mainstream. My interactions with them have been consistently professional and the service they have provided has been virtually seamless. They are one of the only companies doing bidirectional USD to BTC conversion, allowing consumers to attach their bank account in order to buy and sell Bitcoin via transfer.

Although their monetization strategy isn’t discussed at great length publicly, one would imagine that in addition to a 1% flat fee they profit from bidirectional order flow with their customers. If their platform is reasonably sophisticated they would be matching buy and sell orders internally before going to an external market, reaping more savings. This off-chain trading allows for significantly higher transaction rates than block-chain based technology. This is a walled-garden approach, bringing the inter-customer infrastructure in house to facilitate micro payments, faster transactions and other usability features.

The service is great, but is it legal under current regulation? Coinbase is an online wallet, which allows external parties to send Bitcoin inbound to be auto-settled to USD. An analogy would be a bank that puts a bucket out front with your name on it. In the middle of the night someone drops a few bricks of gold in that bucket. The bank takes the gold, sells it for dollars and sticks that money in your bank account, no questions asked. They certainly know one side of that transaction, you as a customer have provided them with enough information to verify your identity. Is that enough? There is no way to determine whether you are initiating the Bitcoin transfer inbound, or if a third party is sending you money. There is certainly no way to determine the validity of that third party in the current system.

To my mind that seems like a slight of hand. Anti money laundering and know-your-customer regulation is fairly strict about identity and banking relationships. The argument could be made that you are buying and selling an asset that you own, but without being able to prove ownership it seems like a two party transaction where only one party is positively identified. Regulation is creeping into physical cash deposits with Chase requiring ID, and there are rules about receiving inbound wires from known criminal elements. Iran and other embargoed countries cannot simply send money into the US without it being noted, well unless they use Coinbase.

I hear people clamoring about risk management engines and threat analysis, but Bitcoin is programmatic money. A hundred proxies could just as easily receive money as a single person. The bank secrecy act of 1970 sets the bank reporting requirements at $10,000 USD. A $10,000 USD transfer could be trickle accumulated and settled out trivially. There exist simply hundreds of ways to obfuscate the public ledger. What is the functional difference between a large shared wallet, a purpose-built mixing service, and an exchange? Has anyone conclusively been able to prove identity tracking across the blockchain in all but the most trivial cases? It seems that in most instances a user’s identity is compromised by inadvertently tainting their transactions with a known or published address.

What about money services businesses? The MSB situation in the United States is obviously absurd, requiring in many instances per-state licensing. I don’t have the exact numbers but I believe at least 28 states have differing laws on the subject. Coinbase is no doubt pursuing these licenses if they don’t already have them, a good use for the war chest. So if Coinbase isn’t outright in violation of the law, it certainly is skirting around a very sensitive issue. Electronic transfer has been carefully regulated for decades, but new technology has done a total end-run around the current system.

The current banking system and the US government has constructed an extraordinarily expensive and convoluted infrastructure in order to control capital inflow and outflow. It operates like a financial Maginot line, a series of barricades and obstacles meant to prevent uncontrolled and un-monitored flow built on 20th century know-how. It is both an extraordinary testament of engineering and completely and utterly useless in the face of new technology and the promise of trust-less digital cash and peer to peer transfer.

Ultimately, maybe it doesn’t matter whether Coinbase is in perfect compliance with the regulation, when clearly the rules are outdated and ineffective. You can’t put this genie back into the bottle, and trying to make new technology completely conform is perhaps missing the point. It seems more likely that multiple ecosystems will begin to develop, some of which are in perfect compliance, and others that are outside the general rule of law. So is Coinbase legal? A definite maybe.