Pages:
Author

Topic: New Bitinstant OFAC Rule (Read 2884 times)

newbie
Activity: 32
Merit: 0
April 26, 2013, 02:28:21 PM
#25
Bump
newbie
Activity: 32
Merit: 0
April 19, 2013, 02:26:02 AM
#24
So what exactly happens is:
You enter name and DOB in,
Bitinstant has other company's api query the database thing
checks if you're good
if you're good then the purchase continues and nothing is saved at all, or logged?

Just want it from someone from the top that knows what actually happens...
so nothing is saved or logged and everything is purged? are you sure?
maybe I'm wearing a tinfoil hat but it's my right to wear it xD
Thanks,
Computerlamp
newbie
Activity: 56
Merit: 0
November 08, 2012, 09:18:15 PM
#23
;-)
legendary
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
November 08, 2012, 08:05:05 PM
#22

No, the service that we use does nothing of that sort.

They just have an API that interfaces with the gov't updated list.


Not to come across as antagonistic, but:

I worked about a year ago for the largest Internet telecommunications company, entirely API-driven.  You might have heard of them -- they're pre-IPO.

Every single API request was logged and saved.  At multiple levels.  We were required by law to keep these logs.  Had we discarded them, we would have been punished.  Severely.

I'm only letting you guys know because, if you weren't aware of this, you should be aware now.  I can only speak from experience and reasonable deduction, of course.


If a customer of ours is on the list, he would not get past our homepage.


Ah!  So the chances of someone already in your system experiencing a blockade of funds are close to nil.  OK.


Right now, we don't have the API fully integrated so I wont find out until after the transfer.

However, we will not and do not freeze funds, ect.

Our job is to simply report it, with a 1 page form that we are given.


This is an interesting development.  Thanks for the info.  Maybe you guys want to blog about this, and include these details in the blog post.

As usual and as always, remember: I do not hold you or anyone at BitInstant in ill regard.

We did!

http://blog.bitinstant.com/blog/2012/11/5/re-opening-of-bitcoin-payments.html

Thanks

Appreciate the concern and you being a valued customer  Smiley

Charlie
newbie
Activity: 56
Merit: 0
November 08, 2012, 06:43:04 PM
#21

No, the service that we use does nothing of that sort.

They just have an API that interfaces with the gov't updated list.


Not to come across as antagonistic, but:

I worked about a year ago for the largest Internet telecommunications company, entirely API-driven.  You might have heard of them -- they're pre-IPO.

Every single API request was logged and saved.  At multiple levels.  We were required by law to keep these logs.  Had we discarded them, we would have been punished.  Severely.

I'm only letting you guys know because, if you weren't aware of this, you should be aware now.  I can only speak from experience and reasonable deduction, of course.


If a customer of ours is on the list, he would not get past our homepage.


Ah!  So the chances of someone already in your system experiencing a blockade of funds are close to nil.  OK.


Right now, we don't have the API fully integrated so I wont find out until after the transfer.

However, we will not and do not freeze funds, ect.

Our job is to simply report it, with a 1 page form that we are given.


This is an interesting development.  Thanks for the info.  Maybe you guys want to blog about this, and include these details in the blog post.

As usual and as always, remember: I do not hold you or anyone at BitInstant in ill regard.
legendary
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
November 08, 2012, 06:34:35 PM
#20

That's one way to look up information, but that's not what Yankee says BitInstant does.  Read his post.  They look the information up on a commercial partner's service.  This service logs everything you search, at the very least in their Web server logs.  Make no mistake, the queries are almost certainly logged with a timestamp, and BitInstant does not control when or even if those logs are ever purged..

For all we know, this service could be reporting who looked up whom when directly to the depraved people that conform OFAC.  They might even be "legally required" to do so for commercial third-party queries, as opposed to people who just download the database.


No, the service that we use does nothing of that sort.

They just have an API that interfaces with the gov't updated list.

^... lol....


What happens when bitinstant puts a name in and the exact name reappears on the database?


What are the next steps if this happens?

That probably means you ain't getting your money or your Bitcoins back.  That is a blacklist, after all, just like the no-fly list.

Yankee: say Person X attempts to withdraw money using BitInstant, and Person X is verbatim on the list (might be a different Person X, but still, on the list).  What will you do regarding the money transfer?  Will you refuse to execute the transfer and return the bitcoins to this person?  Will you keep the bitcoins and the dollars, and refuse to return them to Person X?  What portion of this decision is forced on you by external actors?

If a customer of ours is on the list, he would not get past our homepage.

Right now, we don't have the API fully integrated so I wont find out until after the transfer.

However, we will not and do not freeze funds, ect.

Our job is to simply report it, with a 1 page form that we are given.
newbie
Activity: 56
Merit: 0
November 08, 2012, 05:38:24 PM
#19
More than a decade ago I was hired by a bank to help enhance a system they used to run a remittance network to Mexico.  This is where I learned about the OFAC list for the first time.  It's simple and stupid at the same time.  One of the steps they were required to do was to query to see if a beneficiary name is on the list, and take additional steps if it was.  It is simple string matching.  The people at the bank were fully aware that it was something stupid and easily circumvented but nevertheless something they were required to do.

This is valuable info.  Thanks, man.
newbie
Activity: 56
Merit: 0
November 08, 2012, 05:32:39 PM
#18
^... lol....


What happens when bitinstant puts a name in and the exact name reappears on the database?


What are the next steps if this happens?

That probably means you ain't getting your money or your Bitcoins back.  That is a blacklist, after all, just like the no-fly list.

Yankee: say Person X attempts to withdraw money using BitInstant, and Person X is verbatim on the list (might be a different Person X, but still, on the list).  What will you do regarding the money transfer?  Will you refuse to execute the transfer and return the bitcoins to this person?  Will you keep the bitcoins and the dollars, and refuse to return them to Person X?  What portion of this decision is forced on you by external actors?
newbie
Activity: 56
Merit: 0
November 08, 2012, 05:31:40 PM
#17

OFAC (well technically SDN) is a database.    You (or anyone on the planet) can download a copy.   You can then QUERY the database LOCALLY. If you (yes YOU) download a copy of the database and query your name how exactly would the government "know" what you queried?  Magical gubbermint gnomes?

TL/DR version
Step 1) Download the SDN http://www.treasury.gov/ofac/downloads/sdnlist.txt
Step 2) Open it up in a text editor and search for your name?
Step 3) Huh (something involving gubbermint gnomes) Huh
Step 4) Gubbermint magically knows what you search for?


That's one way to look up information, but that's not what Yankee says BitInstant does.  Read his post.  They look the information up on a commercial partner's service.  This service logs everything you search, at the very least in their Web server logs.  Make no mistake, the queries are almost certainly logged with a timestamp, and BitInstant does not control when or even if those logs are ever purged..

For all we know, this service could be reporting who looked up whom when directly to the depraved people that conform OFAC.  They might even be "legally required" to do so for commercial third-party queries, as opposed to people who just download the database.

------------------------------------------------

Finally, I'd like to address your misrepresentations of my character:

What are you talking about?  How about your learn more and stop making stupid assumptions.

Be honest you have no idea what you are talking to and simply spreading FUD.  Troll on brother.

Look, I don't know who you are and I don't know why you feel that I've somehow "wronged" you enough to earn a gratuituous personal attack from you, but if you can't engage me in terms other than defamation, insults and misrepresentation, please don't engage me at all.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
November 08, 2012, 04:12:30 PM
#16
More than a decade ago I was hired by a bank to help enhance a system they used to run a remittance network to Mexico.  This is where I learned about the OFAC list for the first time.  It's simple and stupid at the same time.  One of the steps they were required to do was to query to see if a beneficiary name is on the list, and take additional steps if it was.  It is simple string matching.  The people at the bank were fully aware that it was something stupid and easily circumvented but nevertheless something they were required to do.
legendary
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
November 08, 2012, 03:55:01 PM
#15

What happens when bitinstant puts a name in and the exact name reappears on the database?


God I hope that never happens.

If it does, I think I have to fill out one of these http://www.treasury.gov/resource-center/sanctions/Pages/forms-index.aspx
hero member
Activity: 1078
Merit: 502
November 08, 2012, 03:36:52 PM
#14
^... lol....


What happens when bitinstant puts a name in and the exact name reappears on the database?


What are the next steps if this happens?
donator
Activity: 1218
Merit: 1079
Gerald Davis
November 08, 2012, 03:33:14 PM
#13
Right now, due to the process you are forced to use, they cannot connect Bitcoin purchases with specific people -- at best they can only connect time/date of purchase with a specific name.  So you are literally correct in what you said.

What are you talking about?  How about your learn more and stop making stupid assumptions.  OFAC (well technically SDN) is a database.    You (or anyone on the planet) can download a copy.   You can then QUERY the database LOCALLY.    If you (yes YOU) download a copy of the database and query your name how exactly would the government "know" what you queried?  Magical gubbermint gnomes?

TL/DR version
Step 1) Download the SDN http://www.treasury.gov/ofac/downloads/sdnlist.txt
Step 2) Open it up in a text editor and search for your name?
Step 3) Huh (something involving gubbermint gnomes) Huh
Step 4) Gubbermint magically knows what you search for?

Be honest you have no idea what you are talking to and simply spreading FUD.  Troll on brother.
newbie
Activity: 56
Merit: 0
November 08, 2012, 03:17:24 PM
#12
This is simply not true. No one is building a list of Bitcoiners, please don't spread such a dumbfounded rumor.

Yankee, with all due respect, I don't spread rumors.  I said it was a possibility.

Quote
We don't give a list to the government or anything, we simply check if your name is on their list and thats it.

Right now, due to the process you are forced to use, they cannot connect Bitcoin purchases with specific people -- at best they can only connect time/date of purchase with a specific name.  So you are literally correct in what you said.

However, there is no guarantee that the process won't change in the future and encroach on Bitcoiners' privacy further.  Remember how "Social Security numbers are not an identity card" gave way to "please give us your Social Security number to verify it's you"?  Well, gradualism is the way these crooks operate, as history proves.

Remember that, right now, pretty much every bank transaction out of the financial system into another currency is logged and available to these crooks (this is how they punish anyone who attempts to send money to, e.g., Iran).  It would not be surprising to see them start pushing to extend the same regime to Bitcoin (which they are beginning to see as a currency, no doubt you know that).

As always, I reiterate my sympathy to you guys.
hero member
Activity: 1078
Merit: 502
November 08, 2012, 09:03:03 AM
#11
I typed my name in and this is what I get:


LANGA, Andrew; DOB 13 Jan 1965; Deputy Minister of Environment and Tourism (individual) [ZIMBABWE].



legendary
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
November 08, 2012, 08:58:41 AM
#10
Given this level of organizational sociopathy, there is absolutely no guarantee that the information you give OFAC (or good people doing business while threatened by OFAC, like BitInstant and other exchangers) won't be used against you.  In fact, chances are, they will, as they have (which you can see above).  Building a list of which people got how many Bitcoins is merely their first step.  

This is simply not true. No one is building a list of Bitcoiners, please don't spread such a dumbfounded rumor.

We don't give a list to the government or anything, we simply check if your name is on their list and thats it.

Anyone can freely check: http://apps.finra.org/rulesregulation/ofac/1/default.aspx

What's your policy on logging those checks? Are they logged? If so, how long before the logs are purged?


http://bitinstant.com/security outlines our policy that has never changed.

We don't pass your information to the government, we pay a private company to check the names on our behalf.

Thanks

-Charlie

newbie
Activity: 56
Merit: 0
November 08, 2012, 02:30:45 AM
#9
This OFAC entity strikes me as malevolent:

Quote
As part of its efforts to support the Iraq sanctions, in 2005 OFAC fined Voices in the Wilderness $20,000 for gifting medicine and other humanitarian supplies to Iraqis.[7] In a similar case, OFAC is still attempting to collect (as of 2011) a $10,000 fine, plus interest, against Bert Sacks for bringing medicine to residents of Basra.

OFAC means "Office of Foreign Assets Control".  They are a group of people exclusively dedicated to ruining the life of anyone who decides to give their property to OFAC's listed "enemies" (that is, total strangers who OFAC would literally prefer to see dead, see above).  Given this level of organizational sociopathy, there is absolutely no guarantee that the information you give OFAC (or good people doing business while threatened by OFAC, like BitInstant and other exchangers) won't be used against you.  In fact, chances are, they will, as they have (which you can see above).  Building a list of which people got how many Bitcoins is merely their first step.  They've punished your fellow men for helping other people, do you think they won't punish you or collaborate with others to punish you?

Whatever the purpose of this name / DOB business is, I would categorically recommend anyone to not cooperate.  Providing OFAC false but credible information is one way to accomplish such a goal.  If you don't have it in you to do this, I suggest you use LocalBitcoins or Bitcoin-OTC instead.

I'm sorry that BitInstant was involuntarily dragged into becoming informants of this criminal organization.
sr. member
Activity: 420
Merit: 250
November 08, 2012, 02:18:19 AM
#8
What's your policy on logging those checks? Are they logged? If so, how long before the logs are purged?
legendary
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
November 07, 2012, 05:51:44 PM
#7
I understand where you're coming from Charlie and I understand you need to follow the law...but seriously you could put anyone's name and DOB up there...I'm just wondering out loud about what lawmaker would think that is any kind of evidence in the even of an investigation or means anything at all. Thanks for answering though. Long live bitinstant!

-cb

Pleasure, thanks!

The point is not for an investigation

We cross check it with the OFAC blacklist. If its a fake name / DOB then your transfer may not process and you will be banned from using BitInstant
member
Activity: 94
Merit: 10
November 07, 2012, 05:48:51 PM
#6
I understand where you're coming from Charlie and I understand you need to follow the law...but seriously you could put anyone's name and DOB up there...I'm just wondering out loud about what lawmaker would think that is any kind of evidence in the even of an investigation or means anything at all. Thanks for answering though. Long live bitinstant!

-cb
Pages:
Jump to: