The Woman Who Led Crypto Policing in the U.S. Guesses What’s Next for Regulation

Dan Eady/Shutterstock.com

Some people still don't understand that cryptocurrency isn’t criminal.

As an assistant U.S. Attorney for northern California, Kathryn Haun peered into some of the darkest corners of the cryptocurrency world. Among her greatest hits were the prosecution of a pair of rogue federal agents who were stealing bitcoin while investigating the illicit marketplace Silk Road in 2015, and settling a criminal investigation into Ripple later that same year.

Those were uncertain times for the cryptocurrency world. It was associated with black-market drugs through Silk Road and the meteoric rise—and just as sudden collapse—of the Tokyo-based Mt. Gox exchange. Haun, who goes by Katie, became the point person for all things cryptocurrency in the U.S. government, heading the first cross-agency task force on the industry. She held that post until last year.

Despite Haun’s experience with the crooks and scammers in the bitcoin world, she emerged as a vocal supporter of cryptocurrencies. Her time in government also made her a sought-after interpreter of regulatory trends affecting the crypto world. After leaving the Justice Department last May, she now teaches a class on cryptocurrency at Stanford’s business school, with economist Susan Athey, and sits on the board of Coinbase, one of the biggest crypto exchanges.

Quartz spoke to Haun by phone to get her read on the U.S. government’s sharpening focus on crypto regulation; the industry insider who tipped her off to a rogue agent; and “crypto Twitter.” The conversation has been edited for length and clarity.

Quartz: According to reports, you started looking into bitcoin almost by accident. Take us back to that moment in 2012—what happened?

Haun: My background at that point in my career was organized crime and murders. I had just come off doing a two-month murder trial that involved rival criminal enterprises murdering each other and 80 defendants. It was the latest in a series of trials I had done on organized crime, which I had always found very fascinating and fulfilling work. At that point, I decided I was ready for a change. I felt I had been there, done that, in terms of the organized crime world. I was thinking of leaving the government.

Then my boss comes in one day and says here’s something totally different you might want to sink your teeth into. How about you prosecute this “bitcoin”? How do you prosecute bitcoin?! We had never heard of it. That very night I started reading about it and very quickly I learned that [prosecuting bitcoin] was impossible, of course. No more possible than prosecuting cash or prosecuting the internet, or prosecuting any kind of technology.

It’s not like there was “crypto Twitter,” or maybe there was but I just wasn’t on Twitter then. I read everything I could and I was watching YouTube videos and I started learning about the technology. Some of the people who taught me a lot about the technology early on were a couple of federal agents. They were on the younger side.

What was your approach to dealing with early bitcoin cases?

I quickly learned prosecuting the technology of bitcoin wasn’t possible, number one; nor was it desirable, number two. Instead, what I set about doing was prosecuting some of the criminal uses of bitcoin. You know about some of [the cases], but not all of them are public. Some of them have remained under seal.

The task force I was leading was focused on some of the worst criminal use cases involving cryptocurrency. I want to stress it wasn’t because cryptocurrency was used; it was because crimes were committed. It wasn’t about the medium of transaction.

My role was was not just prosecuting criminal use-cases, but really educating, serving, and doing outreach—being a liaison for the cryptocurrency community and for the government, and also doing a fair bit of training within the government. We were still trying to get people to understand cryptocurrency isn’t criminal.

How did you arrive at that conclusion?

One thing has to do with jurisdiction. I was based here in the heart of Silicon Valley. I was surrounded by a lot of people working in the cryptocurrency field, with processes that I knew was completely above board. By the nature of where I was, I was surrounded by some of these technologists and developers. That was the first cue right there—it’s not like all of these people are working on this big criminal enterprise.

What was your relationship like with the crypto industry back then?

It’s hard to say what my relationship was. It wasn’t a one-size-fits-all thing. I think we can say the Digital Currency Task Force that I was running was really out there trying to be engaged with the community. The community realized we’re not here trying to shut [them] down. We’re trying to get information. A lot of the community didn’t want bad actors. They wanted the technology to go mainstream, and that’s true I think of the majority of companies the task force was interfacing with.

What was the tone of those meetings with the community like in the early days?

Every interaction was a bit different. Sometimes, because we didn’t want to cause alarm to a particular company, we didn’t want to just go and serve a subpoena or a search warrant. Sometimes, we would be introduced to a company through a friendly introduction.

When [companies] saw some of the cases that came out publicly, when the Shaun Bridges and Carl Mark Force cases came out publicly, some in the community were like, “Oh, we do want those types of cases prosecuted.” It turns out we need the cooperation of players in the cryptocurrency space to bring those cases. Some in the space also went out of their way to piece together evidence. It was a delicate thing, because we couldn’t reveal what we were working on.

So crypto people were pretty welcoming?

I would not say welcoming. But I also wouldn’t say they slammed the door.

I think there was a common interest in keeping these various behaviors off the platform, and that was shared by a lot of members of the cryptocurrency community. It wasn’t in anyone’s business interest to have nefarious activity on their platform. While they weren’t welcoming, they weren’t unwilling to participate. They understood the need for the legal or investigative process.

You convicted Bridges and Force—undercover federal agents who stole bitcoin when they were assigned to investigate the Silk Road case—partly thanks to evidence from the bitcoin blockchain. How did that come about?

I can’t necessarily take credit for that. Especially for this case, it was something where the agents I was working with, from the Internal Revenue Service, FBI, and Homeland Security Investigations, were very deep into this technology, and who knew because we have a wallet address, we can use a wallet explorer and track this. And I was asking to show me how.

We were trying to figure this out in real-time, using blockchain.info, a wallet explorer. These were public tools, which was an important thing at the time, because these agents were still employed by the federal government. Something that’s not well known is that one of those agents [who was convicted] was the self-appointed digital currency person for the Secret Service. We were really nervous that if we were using any legal process, even a secret government legal process, it would be discovered by the target of our investigation. Having these public tools was very helpful.

The use of blockchain data in this case is also often held up as an example of why anonymity in bitcoin is a myth.

Exactly, because it’s pseudonymous. A lot of criminal actors in the early days thought it was anonymous, but really it’s pseudonymous. But that wasn’t widely known at the time. The exhibits used in that case were derived from the blockchain and really illustrated how this could be traced.

During the time the Silk Road case was going on, there was a lot of chatter in the bitcoin world about what you were up to. I remember one rumor that you were in Japan investigating Mt. Gox.

I think there was a lot of buzz going on there. Oftentimes I would read something like, she is in this country and that means this exchange is going down, and I would read it and laugh because I was on personal vacation. So I think it was a lot of FUD. There were other times it was correct: For example, I was in Japan related to the Mt. Gox hack.

Reading the regulatory tea leaves

What’s your gut feeling at the moment on the future of crypto regulation?

In the last year there has been a lot of attention by the community on the ICO space, and I’m really separating out the ICO space from the rest of the crypto community. There’s a lot of news and attention around that, so you’re getting a lot of regulatory focus. Not just because it’s new, but because of the amount of money being raised.

People in the ICO space are just focused on the Securities Exchange Commission [SEC], but all along I’ve said more agencies than just the SEC are going to be involved in bringing actions against ICOs. I mean Treasury, Commodity Futures Trading Commission [CFTC], Justice Department, possibly the Federal Trade Commission and Consumer Financial Protection Bureau, and not to mention state attorneys general, or state regulators. And this is just in the US.

When you’re talking about the exchange space, we’ve already seen the SEC issue a kind of warning to the exchanges not to offer what the SEC deems are securities. I don’t think they just issued that warning and they’re not going to do anything. I think they’re going to look and see: We issued this guidance and who didn’t follow it?

We saw this early on with FinCen [the U.S. Treasury’s Financial Crimes Enforcement Network] in 2013, when it issued the first guidance of any U.S. regulator. It was saying virtual currency must follow things like the Bank Secrecy Act, or register with FinCen. They didn’t go immediately and do a bunch of enforcement actions. They waited to see who wasn’t following that guidance and they started bringing that action.

Which agencies are going to have the biggest impact in the next six to 12 months?

Six to 12 months ends up being a really short horizon. Let’s talk about the DOJ—and the same is true of the SEC—they don’t want to take the first actions in the space, and be called to court and lose the action. They will want everything buttoned up. They will pick the right vehicle.

If push comes to shove, 90% of these things resolve themselves short of a trial. But in our system, if you’re talking about enforcement actions, entities have the right to go to trial. It’s not a right that’s exercised a whole lot because the odds aren’t in favor typically. Things typically don’t end well for the people opposing the government, because the government chooses its cases carefully.

Six to 12 months is a bit of an expedited timeline considering all the things [DOJ] has to do to make it a criminal case. Part of that delay is we are gathering documents from outside entities. Suppose you’re taking search records from Google, or records from a bank. It’s not like they’re just going to hand it over. That takes months to obtain.

With the SEC, they are by and large on a shorter time horizon, because they are not always criminal [cases]. They don’t have the same burden of proof if someone went to court.

What entities are in the government’s cross-hairs?

From my time in government I happen to know, and I can’t comment on those publicly. We’ve already seen that the DOJ and SEC are looking at exchanges. DOJ did the prosecution of BTC-e. They did a joint action with Treasury. Treasury assessed a $110 million penalty and DOJ criminally indicted that entity.

We have also seen the SEC issue that statement warning exchanges. I think one could draw inferences that the government is looking to exchanges. But they’re not just looking to exchanges.

What are the other regulatory hotspots?

I think a regulatory hotspot is ICOs. I think that’s where we’re going to see the regulatory action. Factors that the government will typically, but not exclusively look to: They would look to size; how much money was raised? Whether there was any product already built; did investors lose money? And atmospherics: We’ve seen a lot of investigative reporting. Regulators also read the news. Are any ICOs getting a lot of negative publicity? Those are four things. A fifth thing is, where are they located? Where is the product the ICO produces located? Where are the people who invested located? Here is where I make my point about extra-territoriality: Just because something is not headquartered in the U.S. doesn’t mean they won’t look at it. The DOJ and FBI have more ability to bring cases outside their jurisdiction. The SEC is by and large all in the United States.

Another hotspot will be cases of pure fraud. You’re not going to get creative or stretch the law at all. Will this be brought under the Computer Fraud and Abuse Act? I think not. I think it’s just traditional cases of wire fraud that are going on. Clear-cut cases of fraud is another area we will see some regulatory action.

And then in terms of enforcement, where we’re going to get more clarity will be from bodies like the CFTC or the SEC. As you know, there are certain applications pending, they will have to start acting on some of these.

Do you mean applications for things like ETFs?

I think things like ETFs, or with the CFTC, i think some [companies] had applied for certain types of licenses.

And you think enforcement around ICOs will take more than 12 months?

In the ICO space, yes.

How does regulation of crypto in the U.S. compare to the rest of the world?

I wouldn’t say it’s behind, but I also wouldn’t say it’s leading the pack. I think it’s somewhere in the middle. We’ve seen some bodies in the U.S. start to show they are working cooperatively with foreign regulators to come up with standards. We saw with the CFTC, they have signed an agreement to work with the FCA [the UK’s Financial Conduct Authority]. I think that’s very interesting.

This goes back to your question about what government was thinking was back in the early days. Back in 2013, I wasn’t the only one in government thinking that way. Because the Senate held a hearing, the first hearing it held on bitcoin. Three government witnesses testified there. All three emphasized the point that there is absolutely nothing illegal about bitcoin or the technology itself.

One of the overarching points I’d like to make is: I think I have a realistic view of the technology, but I also think that like with any technology it will have good people who use it and bad people who use it. That doesn’t separate it from any other technological advancement, like the internet or email. I’m not going to be one of those people saying there’s no criminal use of cryptocurrency—of course there is. I’m also not going to be one of those people saying it’s mostly used by criminals. That’s also not true.

The SEC chairman has named “gatekeepers” such as lawyers among the bad actors in ICOs. Will any high-profile lawyers or other big firms who advise on ICOs get caught up in regulatory actions?

I had the occasion to meet with [SEC chairman] Jay Clayton at Stanford recently. He reiterated the point about the gatekeepers failing, and he got quite a bit of pushback on that. I can’t really speculate, but I think something is definitely in the works there, from his comments.

That said, I’d be pretty surprised if it were some of the big—these are your words—firms. But I don’t know.

The Silk Road tipster

Let’s return to the Silk Road, a case that had many twists and turns. What are some little known facts of that case?

I actually got a tip on that case, which is why we opened it. It was from someone in the cryptocurrency community. We got a tip that there was a rogue agent on the [Silk Road] payroll, which we took with a grain of salt at the time, given the conspiracy theories that were out there about the government. But we actually looked into it and what we found was very surprising to everyone.

How did that tip cross your desk?

It was an in-person meeting. A person came to see us, where they said: We think you’ve got a rogue agent on the payroll. Ironically, it was a lot of the evidence we were given by the cryptocurrency platforms and community that helped us crack the case. The financial institutions dragged their heels, they took forever, and in some cases, didn’t respond at all. I can’t tell you how many financial institutions I never received replies from.

What else can you share about how you got this tip?

It happened in-person in my office in San Francisco. [The tipster] had concerns about who they could report it to because if they went to the office [DEA agent Carl Mark Force] was part of, he could be tipped off. The conduct alleged in that indictment, it was more than just the Silk Road, there were other individuals being extorted, and that bit is less focused on. I had worked with this particular individual [the tipster] in the context of another cryptocurrency matter, and that’s how it came to be that he was in a meeting in my office.

He pulled me aside out of the presence of [other] agents to reveal it, and I told them. One of them was Tigran [IRS agent and blockchain analyst Tigran Gambaryan], and I worked with Tigran closely.

The tipster was not aware of the second actor in that case, Shaun Bridges. A lot of people don’t realize that without the blockchain analysis, and without the fact that we used bitcoin, we would never have caught that second actor. We frankly would probably not have enough evidence to bring charges against either of them. It was the patterns that emerged on the blockchain that told us we were dealing with a second individual.

Life after government

How did the Coinbase board position come about?

Through my work at the department I knew a number of crypto exchanges, all of the major ones at the time. My first interaction with Coinbase was much like any other crypto platform. I did think at that time Coinbase was the company in the space looking down the road to get regulated. They were the first platform that went to get money transmitter licenses in all the states they were doing business. I think it’s fair to say they weren’t shying away from regulation.

Was it a case of Coinbase founder Brian Armstrong pitching you?

I don’t want to say publicly how that came about. It wasn’t something that was planned.

What’s your media diet like in terms of crypto information?

I’m new to Twitter. I only joined Twitter this year. I would say “crypto Twitter” is where I try to take in more than I say. I follow some reporters like yourself and others in the space. I don’t usually go to Reddit. At some point, there is a bit too much. Cryptocurrency is not the only field I’m working in; I’m also working in cybersecurity. One could fill up their entire day, and then some, just by reading crypto Twitter and Reddit and all of these.

Are you concerned that you come across as a cheerleader for the crypto industry?

I don’t have that concern. I think I have a nuanced view. I am very bullish on the technology, but I also recognize its limitations.