- Big Brother is watching you!
- Data access is not just for the government
- Hackers will not be left out
At the end of May, the US Security and Exchange Commission’s (SEC) newest mass surveillance tool, the Consolidated Audit Trail (CAT), became “fully operational”. SEC-registered broker-dealers, exchanges and alternative trading systems are now required to collect and report trading information relating to every transaction in the US, as well as the personal information of every retail brokerage customer in the US.
This doesn’t just affect customers of traditional financial institutions: the privacy of participants in the digital asset economy can also be seriously compromised.
Big Brother is watching you!
Orwell’s ideas are becoming a reality in the US. Designed to collect and store detailed customer data in the US financial markets, the Consolidated Audit Trail will be the largest securities transaction database ever created. Even though CAT is designed under the guise of “enabling regulators to efficiently and accurately track all activity in US markets,” it threatens to make massive uncontrolled government surveillance a reality.
Under the SEC’s CAT-related requirements, regulated organizations will be forced to collect a wealth of data on transactions, traders and retail customers, including customer names, addresses and account details. As for digital asset market participants, this information could eventually include transaction IDs and wallet addresses, giving those with access to the database a view of current and retrospective information about users’ transactions over time.
The implications for the digital asset industry are worrisome, especially given the recent finalization of rules for dealers that the Blockchain Association and others are challenging in federal court, and even more so if the SEC finalizes a proposed rule that would significantly expand the definition of what constitutes an “exchange.”
Data access is not just for the government
If these new rules remain in effect, newly minted “dealers” and “exchanges” will be required to report information about users of digital assets to the Consolidated Audit Trail (CAT).
This means that unprecedented amounts of cryptocurrency trading data and customers’ personal information will enter the SEC’s surveillance network. What’s worse, CAT data isn’t just available to the SEC and its thousands of employees. Individually identifiable data in CAT is available to a network of relevant government agencies and private self-regulatory organizations without warrant or reasonable suspicion of wrongdoing. This greatly expands the pool of individuals who can potentially access Americans’ personal financial lives and trading activities, all in the name of making the SEC’s job a little easier.
Former Attorney General William Barr recently expressed concern about the potential violations of constitutional rights that would occur because of CAT: “The Constitution prohibits mass surveillance of private activities based merely on the possibility that someone might commit a crime … Even when the government seeks information about a citizen … it must normally show that it is investigating specific suspected wrongdoing.”
Yet, there has been no statement from the SEC as to how it will respect the constitutional rights of individuals.
Even SEC Commissioner Esther Pierce has been sounding the alarm about the effects of CAT’s unchecked surveillance on the government for years, explaining that the cost “to liberty and privacy is not worth the purported benefit. After all, tracking our trading behavior won’t stop bad events from happening in the markets, it will just make it a bit easier to understand what happened after the fact.”
Hackers will not be left behind
In addition to privacy concerns, the database is an absolute “lure” for information, making it particularly attractive to hackers. While the SEC recognized this serious security risk in its 2020 proposal to improve database security, it has yet to implement amendments to CAT that would improve cybersecurity. But there is no such thing as a completely secure database – everyone knows that.
Privacy is normal. People should not revert to a social norm where privacy equates to wrongdoing, especially in personal financial matters. Having the government looking over the shoulder of its citizen making a transaction is not normal, especially when those transactions may involve the disclosure of sensitive information, such as through political donations or payment for medical procedures.
Overly broad financial oversight regimes like the consolidated audit trail pose a serious threat to Americans’ constitutional rights, and if they quietly become law, the world will get another totalitarian empire.
