The Cryptocurrency and Regulation of Official Digital Currency Bill, 2021, which is likely to be introduced in the Lok Sabha in the coming Winter Session of Parliament beginning 29 November, will signal the end of private cryptocurrency deals in India and introduce a regulatory framework in this sector. The official digital currency to be introduced by the Reserve Bank of India will be recognised and will, in all likelihood, be the official cryptocurrency of the country.
The broad consensus seems to be that it would be prudent on the part of the Narendra Modi government to regulate this business rather than ban it completely. There is an apprehension that roughly 10 crore Indians who possess or deal in cryptocurrency will continue to dabble in it in spite of the ban, making it the biggest underground black market illegal financial trade in decades. The share market will pale in insignificance.
The worst fear of any online trading activity and agency, in the private or public sector is the possibility of cyber-attack. According to the Indian Computer Emergency Response Team (CERT-In) there have been more than six lakh cyber security breaches in the first six months of this year with government institutions accounting for 12,000 incidents. Pakistan-originated malware that had earlier targeted the power sector and government organisations in India has now mutated, like a real-life virus, to adopt new cyber-attack capabilities.
The modified remote access trojan, dubbed ‘ReverseRat 2.0’, has “added functionality such as taking remote photos via webcams and retrieving files on USB devices inserted into the compromised machines”, according to Back Lotus Labs report. According to reports Afghanistan, India, Iran and Jordan were among those governments targeted by attackers using a forged United Nations Meeting platform (UNODC) to lure government targets.
For example Quoine Pte Ltd, which trades under the brand name Liquid, is exempted by the Monetary Authority of Singapore (MAS) from holding a licence to provide Digital Payment Token (DPT) services and warns customers that they may not be able to recover all the money or DPTs paid to them if the business fails. In August this year, this company became a victim of cyber-attack resulting in the theft of cryptocurrency assets worth 97 million dollars from its warm wallets (an online account used by customers for easy access for trading in cryptocurrency).
A cyber-attack on government operated or licenced cyber exchanges will seriously erode the confidence of investors even in other markets trading in financial instruments. The regulatory body needs to insulate all such exchanges and financial markets from such an eventuality.
Not just another trading activity
Cryptocurrencies emerged from the idea of ‘mining’ bitcoins using a complicated algorithm and high-end computers with multiple functions running parallely. Soon, the blockchain technique became more popular than the end product. The biggest advantage of this technique was the ease with which the trader could conceal all private information. This in itself becomes the source of many illegal, shady and anti-national activities. The regulation attempt by the government appears to be the right way to prevent the misuse of the technology but derive maximum benefit out of it. Like any other “legally permissible gambling business”, this trade in government-minted cryptocurrency will also generate profit fit enough to be taxed. This tax revenue could be one of the incentives for the government to allow this trade with restriction rather than ban it and lose the “sin tax”.
Cryptocurrencies are not just another trading activity. They have the potential to turn into a lethal weapon in the wrong hands with sinister motives. Trading in arms and weapons including medium range nuclear warheads are possible with cryptocurrencies without going through the overtly traceable computer operations which are easy to track.
In order to prevent tracing of transactions and protect privacy of the customers the cryptocurrency platforms use various techniques such as Dual Key Stealth Address Protocol (DKSAP), which allows the sender to generate a new address for every new transaction. By using ring user signature technique, the sender can make the transaction totally untraceable. Such multiple transactions can originate from one source but reach different buyers or beneficiaries without anyone in the ring coming to know the other, not to speak of the security agencies. Finally, the Zero Knowledge Succinct Non-Interactive Argument of Knowledge (Zk-SNARKs or Snark as it is referred to) devised to conceal account balance allows the currency holder to authenticate and validate a transaction without divulging critical personal information or even location.
The new regulation by the government should seriously consider imposing technology mechanisms in such a manner that each cryptocurrency deal, like share market operations, should be traceable and subject to scrutiny and audit. The idea behind such a mechanism should be to insulate the cryptocurrency deals from being turned into a tool that could compromise national security.
This does not mean that the user has to surrender their personal information or compromise with their confidentiality for the sake of net profit. Like any other financial instrument, cryptocurrency too should have all the features of guaranteeing protection of information that is of confidential in nature but allow the authorities to detect fraud, concealment of income, misuse with anti-national intent or security breach.
The government’s regulation may need further correction over a period of time but certainly this is a good beginning, which will test both the market’s sincerity and the government’s prudence.
The author is the former editor of ‘Organiser’. He tweets @seshadrichari. Views are personal.
(Edited by Prashant)