<aside> <img src="/icons/book_gray.svg" alt="/icons/book_gray.svg" width="40px" />
This is a chapter from the book Token Economy (Third Edition) by Shermin Voshmgir. Paper & audio formats are available on Amazon and other bookstores. Find copyright information at the end of the page.
</aside>
Early blockchain networks provided a high level of transparency, making transaction histories fully visible to anyone. This compromised privacy and reduced a token’s fungibility. Over the years, a range of privacy-preserving solutions have been developed, aiming to balance the need for institutional accountability with individual privacy.
Disclaimer: Most of the examples mentioned in this chapter are subject to frequent protocol changes. Consequently, certain details might be out of date by the time this book is read. Nonetheless, the content is structured to present a broad picture, independent of potential protocol changes or new solutions that may emerge.
Privacy, as defined by the Oxford Dictionary, is a “state in which one is not observed or disturbed by other people” or the “state of being free from public attention.” Democratically governed countries have protected individual privacy at various levels of the law—sometimes even constitutionally. The secrecy of correspondence, for example, originated in the 17th and 18th centuries in Germany, Austria, and France. It is a law that ensures letters remain unopened by government or private entities. This principle has extended to modern communication technologies like phones and the Internet. While the U.S. lacks explicit constitutional guarantees for the secrecy of correspondence, case law interpreting the Fourth Amendment protects the privacy of the home and property, potentially supporting a “right to cryptographic encryption.” However, national approaches vary, with some countries explicitly granting the right to encryption in law, while others do not.
The Internet era has amplified debates over the privacy of one’s digital footprints. Prominent figures have highlighted the commodification of personal data and the risks of mass surveillance. Evgeny Morozov warned of digital repression, Edward Snowden exposed global surveillance programs, and Shoshana Zuboff coined the term “surveillance capitalism” to critique the economic exploitation of personal information. These perspectives underline the socio-political implications of privacy in an interconnected and data-driven world.
The EU’s General Data Protection Regulation (GDPR), adopted in 2016, has become a global model for privacy laws suited to the digital age, empowering users to control their data. However, GDPR’s focus on privacy conflicts with the growing body of AML and KYC regulations, creating an unresolved tension between these objectives. The balance between individual privacy rights and broader societal goals—such as preventing money laundering or terrorism—varies across jurisdictions, sparking global debate that continues regardless of the underlying technology used.
Web3 protocols have introduced new privacy challenges that, at the time of writing, have not been sufficiently addressed by regulations like GDPR. Some countries have mandated that citizens surrender private keys upon legal demand, while others have banned privacy-preserving blockchain systems and their tokens due to concerns over illicit use. The Financial Action Task Force (FATF), through its 2019 regulations, requires “Virtual Asset Service Providers” to identify transaction participants, thereby imposing Know-Your-Customer obligations. Consequently, many crypto exchanges have delisted privacy tokens over time, although Zcash’s “public-by-default” design has allowed it to remain relatively compliant with regulations.
In the early 1990s, the U.S. government classified encryption software as a “munition,” placing it under national security export regulations and forcing cryptography scholars to register as arms dealers if they wished to publish their academic work. This climate led to a landmark legal challenge when a Ph.D. student at the University of California developed an encryption algorithm and sought to publish its source code in an academic paper. Allegedly, the U.S. State Department informed him that even if he applied to become an arms dealer, his export license would be denied “because his technology was too secure.” With the support of the “Electronic Frontier Foundation (EFF),” Bernstein took the case to court in 1995. The ruling was pivotal, classifying source code as a form of protected speech under the First Amendment. By confirming that software source code “does not meaningfully differ from natural language, musical language, or mathematical language,” this decision made it possible for encryption software to be published without government pre-approval. Although the ruling was based on free speech rather than the right to privacy, it indirectly laid the groundwork for online privacy rights by allowing robust encryption tools to be developed and distributed freely.
On an international level, encryption regulations also evolved. In the 1990s, European countries such as France and Russia imposed strict limits on the use and export of cryptographic tools—often requiring licenses or state-approved algorithms. For instance, France mandated that encryption keys be registered with the government until its policies were relaxed in 1999. Similarly, India enforced stringent encryption regulations, requiring service providers to use government-approved algorithms and limiting key lengths for certain communications. In contrast, countries like Germany and Switzerland have historically embraced more privacy-focused policies, encouraging secure communication practices while balancing regulatory oversight. These differing approaches highlight a global patchwork of policies that reflect varying priorities between collective security interests and individual privacy.
As personal computers, mobile phones, and Internet services became ubiquitous, governments around the world began demanding backdoor access to information from companies such as e-commerce providers, social media networks, and device manufacturers. Law enforcement argued for mandatory “backdoor” encryption accessible under judicial authority, claiming that while they supported “strong encryption,” they needed a “trap door and key” to combat crime. Privacy advocates and computer scientists pushed back, noting that installing backdoors creates additional technical vulnerabilities and complexity. Legally, privacy advocates in the U.S. argue that forcing cryptographic backdoors infringes upon the First Amendment (code as speech), the Fourth Amendment (the sanctity of the home and personal effects), and the Fifth Amendment (protection against self-incrimination). The right to privacy—both as “the right to be left alone” and as “informational privacy”—is deeply implicated.
One notable incident occurred in 2014 when Apple announced default encryption on its mobile devices; the encryption was so robust that even Apple could not unlock the devices in response to law enforcement requests. Google soon pledged to take similar steps. As former Chief Justice John Roberts once noted when denying law enforcement’s request for broad access to citizens’ data, “Privacy comes at a cost.”
Moving to the blockchain era, networks that are more privacy-preserving than Bitcoin have come under regulatory scrutiny over the years. Monero, a privacy-focused blockchain network and cryptocurrency, has increasingly become a target of financial regulators due to its capability to facilitate anonymous transactions. Monero has been delisted from several major exchanges globally amid growing regulatory pressure surrounding AML compliance and transparency requirements, and its developers have faced legal action. For example, in 2019, Ricardo Spagni, a prominent Monero developer, was arrested in the U.S. on charges unrelated to Monero but connected to fraud allegations from his time at a South African company. These incidents, along with its delistings, have sparked debates about whether privacy-focused Web3 solutions such as Monero should be regulated and whether their use of privacy-enhancing technologies inherently conflicts with regulatory frameworks.
The controversies echo broader discussions around Tornado Cash—a privacy-enhancing application for the Ethereum ecosystem—where sanctions and arrests raised similar questions regarding the legality and ethics of privacy-preserving tools that can be used for both legitimate and illicit purposes. In August 2022, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, alleging its use in laundering illicit funds. This action sparked debates over the legality of sanctioning open-source code and the balance between privacy and regulatory compliance. In 2024, a U.S. appeals court overturned these sanctions, ruling that the Department of the Treasury had exceeded its authority when sanctioning Tornado Cash.
Ultimately, ongoing debates about encryption—whether in traditional systems or within Web3—underscore a central tension in digital rights: privacy by default versus transparency by design for law enforcement access. The lessons of past legal battles remind us that when backdoors are mandated or encryption is restricted, the potential for abuse and the erosion of fundamental rights may prove too high a cost.
For money to function effectively as a medium of exchange, it must meet the criterion of fungibility—meaning each unit of a currency is equal and interchangeable. Fungibility is closely tied to the degree of privacy or anonymity that a token provides. It requires obscuring links to identifiable individuals (“non-individualization”) and protecting the privacy of transaction data. Traditional forms of money, such as cash, have the highest level of fungibility because physical coins and bills carry no transactional history that can feasibly be traced to previous owners. This makes cash the most anonymous and fungible form of money. Historical legal precedents, like Scotland’s 1749 ruling that the provenance of a coin or banknote is irrelevant, underline the importance of fungibility in state-issued currencies.