Behind the Blockchain — How far should the law go to unmask crypto crime?

In the complex world of cryptoassets, how do we balance a right to privacy with measures to target the criminals exploiting the tech, writes Louis Fairweather? 

“The State will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of social disintegration. Many of these concerns will be valid [...] Various criminal and foreign elements will be active users of CryptoNet. But this will not halt the spread of crypto anarchy.”

– The Crypto Anarchist Manifesto, 1988

It might not sound too appealing, but this was Timothy May’s argument in favour of cryptographic technology. May welcomed the forthcoming cryptographic revolution, which would make interactions over networks “untraceable” and “alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and [...] the nature of trust and reputation”.

May was also a strong libertarian, which might explain why he considers the misuse of cryptographic technology by criminals a price worth paying for the privacy that it affords to the user. Over the next few decades, May’s dream came true. Alas, the libertarian’s dream is the state’s nightmare. As predicted, various criminals are now active users of cryptographic technology. The privacy of this technology is so strong that it is hard to estimate how much illicit cash is held in cryptoassets, but the National Assessment Centre at the UK’s National Crime Agency puts this figure in the billions.

This article intends to show both sides of the coin, by highlighting how cryptoassets can help us to manifest our right to privacy, and how criminals can abuse this mechanism. Firstly, we will ‘decrypt’ the technical details to understand more about the blockchain technology behind cryptocurrency and the data which it protects. Secondly, we will consider how the search and seizure of cryptoassets might interfere with the right to privacy guaranteed by the European Convention on Human Rights.

Decrypting crypto

Cryptocurrency transfers are facilitated by blockchain technology. A blockchain is a ledger that records each transaction and is operated by a network of computers running specialist software. Any time a user creates a new transaction, the information is broadcast across the network, which makes sure that the sender’s and the recipient’s information is accurate and that the sender has sufficient funds for the transaction in their cryptowallet.

Valid transactions are grouped into ‘blocks’ and added to the ‘chain’ that updates the ledger. Cryptowallet software continuously checks the blockchain for new transactions and updates the wallets of the sender and receiver accordingly. The underlying principle is that the blockchain allows transactions to take place between two people without the need for a ‘trusted third party’ (such as a bank).

The identity of users is protected by the use of keys (long strings of digits and letters used for identification and certification purposes). There is a public key, which is used to generate a public address (a much shorter string of digits and letters derived from the key). There is also a private key, which is used to generate a digital signature that certifies the sender’s right to spend the cryptocurrency in their wallet. When making a cryptoasset transfer, senders must provide their own public address and digital signature, the amount being sent and the recipient’s public address.

Many cryptoasset owners use trading platforms that offer a ‘custodial wallet’, meaning that the third party manages the user’s keys. However, it is ‘non-custodial wallets’ that are favoured by those looking to protect their anonymity. With a non-custodial wallet, there is no third party processing the identifying information, which makes the possibility of anyone establishing the identity of the owner even more remote (without sophisticated forensics, that is).

There is no greater testament to the privacy offered by cryptographic technology than Satoshi Nakamoto, the pseudonymous creator of bitcoin. Anyone with access to the blockchain can verify that Nakamoto’s cryptowallet currently holds 1.1 million bitcoins, an amount that has not changed since 2010. In July 2025, this put Nakamoto’s net worth at an estimated $135 billion. Yet, Nakamoto’s identity has never been revealed.

Considering the right to privacy

In the UK, our right to privacy (or “right to respect for [our] private and family life”, as it is known) is guaranteed by the European Convention on Human Rights and the Human Rights Act 1998. Any interference with our right to privacy must be prescribed by law and necessary in a democratic society in pursuit of one of the legitimate aims contained within the Convention. This includes “the prevention of disorder or crime”. It is for the member states of the Council of Europe to make sure that their efforts to prevent cryptographic networks becoming hubs for criminal behaviour do not interfere with our right to respect for privacy.

Before passing the Economic Crime and Corporate Transparency Act 2024 (ECCTA) into law, the Home Office carried out a detailed assessment of how the new powers to search for and seize cryptoassets engaged with the right to privacy. It is well established in the case law of the European Court of Human Rights that searching a person’s home and seizing their property may be necessary to prevent crime. However, the measures taken by the state must be relevant, sufficient and proportional to the prevention of the crime. As such, there must be adequate safeguards against abuse (for example, a requirement for prior judicial authorisation).

For the most part, the safeguards relating to the search and seizure of cryptoassets and cryptoasset-related items mirror the safeguards for the seizure of other property permitted by the Proceeds of Crime Act 2002. There’s an initial detention period of 48 hours, and any further detention must be authorised by a court. However, there are two important distinctions which account for the unique properties of cryptoassets.

Firstly, cryptoasset-related items (which includes anything that contains or gives access to information that is likely to assist in a seizure of a cryptoasset) may be seized even where those items are necessary for a person’s employment or their basic domestic needs. Secondly, in considering whether to grant further detention, a court can only do so where it is satisfied that police are working “diligently and expeditiously” to determine that the item is a cryptoasset-related item, or, to seize any cryptoassets if that determination has already been made.

Considering the value of a cryptoasset-related item may not be apparent on seizure, and considering that the Proceeds of Crime Act 2002 never previously accounted for the seizure of property “for the purpose of seizing other property”, the need for the new power is apparent – as is the need for the safeguards contained within, which the Home Office concludes: “represent a proportionate balance between the interference with Article 8 rights and the legitimate aim of preserving property in anticipation that it may be used to satisfy a criminal confiscation order”.

It is also worth briefly considering the potential use of surveillance measures to bypass the protection offered by cryptographic technology for the detection of crime. There is no such power within the ECCTA, but it is something that the European Court of Human Rights considered last year in Podchasov v Russia.

While this case concerned the police interception of communications protected by end-to-end encryption, some parallels can be drawn with the idea of using surveillance measures to establish the ownership of a cryptoasset. At the centre of this case was a Russian law that imposed an obligation on internet communications service providers to forfeit encrypted electronic messages to law enforcement or security services on request, along with any technical information to allow law enforcement agencies to decrypt those messages.

The court concluded that the law lacked adequate safeguards against weakening encryption for all users and, therefore, could not be said to be necessary in a democratic society for the prevention of crime. In reaching this conclusion, the court emphasised that encryption can serve a useful purpose of helping citizens protect themselves against “abuse of information technologies”, including hacking, identity theft and the improper disclosure of confidential information. (If anyone could find Satoshi Nakamoto for a comment, he would undoubtedly agree). The court emphasised that “this should be given due consideration when assessing measures which may weaken encryption”.

Conclusion

Any appeal that the philosophy of ‘crypto anarchy’ may have had in 1988 has been lost in 2025, when cryptoassets pose such a major threat. Yet, the philosophy underlying the right to privacy still holds all the relevance it did in 1947, when the drafting committee of the Universal Declaration of Human Rights found that “an International Bill of Rights cannot be fulfilled unless the sanctity of the home and the privacy of correspondence are generally respected”. Just as cryptographic technology has developed in a way that allows us to realise our right to privacy, so have surveillance technologies which undermine our right to privacy in other ways.

Alas, our human rights framework must remain flexible to respond to the threats to our rights posed by new technologies. The right to privacy was not established to allow people to launder money if they so pleased; just as the “legitimate aims” were drafted into the Convention to prevent states from interfering with this right whenever they so pleased. Blockchain or no blockchain, our right to privacy is worthy of protection.

Louis Fairweather is a CPD Legal Researcher at the Law Society of Scotland