
Germany's biggest Bitcoin exchange surrenders user data to the police - MatthiasP
https://www.reddit.com/r/Bitcoin/comments/6r9n1f/germanys_biggest_bitcoin_exchange_bitcoin/
======
xya
Ironically, bitcoinblog.de, (which is the blog of bitcoin.de) published an
article in November 2016, citing the lack of anonymity in bitcoin
transactions, that would drive around 1/5 of bitcoin users to not using
bitcoin anymore. the article I am referring to:
[https://bitcoinblog.de/2016/11/09/ein-fuenftel-der-
bitcoin-n...](https://bitcoinblog.de/2016/11/09/ein-fuenftel-der-bitcoin-
nutzer-erwaegt-bitcoin-wegen-mangelnder-anonymitaet-nicht-mehr-zu-benutzen/)

------
yAnonymous
I get user data protection and all that, but when you know that the charges
are drug-related and they'd get a warrant anyway, why not cooperate and make
it easier for everyone?

Would you risk having your servers seized for someone you know committed a
crime? If you do, you make it very easy for competitors to shut you down.

edit: I'm assuming they don't blindly trust the police, but can verify the
transactions to the drug site themselves. If that's not the case, making the
police get a warrant would be the right thing to do.

~~~
skrause
Because if you make it too easy for the police they'll just ask for too much
all the time, even for things where they wouldn't get a warrant. This is
happening in Germany all the time when a provider wants to be nice to the
police.

If they say "we'll get a warrant anyway", just response "okay, so get the
warrant and come back and I'll give you the data". Then at least it's up to a
judge to decide where giving out data is warranted, and not up to an oridinary
policeman and sysadmin.

~~~
yAnonymous
See my edit. I'm assuming they can verify the allegations, due to the nature
of BTC transactions.

A warrant possibly means that they go out of business, because the servers are
physically seized. If you tell me you'd risk that for a stranger who you can
tell probably committed a crime, I don't believe you.

~~~
Joe-Z
>A warrant possibly means that they go out of business, because the servers
are physically seized

Why would the police be interested in destroying a legitimate business just
because they want data for 8 users?

They can just as well get the warrant and then get the data the same way they
did now.

~~~
cr1895
>Why would the police be interested in destroying a legitimate business

Lavabit comes to mind. I'm sure there are other examples too.

------
benedictp
They released on Facebook a statement to this article:
[https://www.facebook.com/bitcoin.de/posts/1621138617927372](https://www.facebook.com/bitcoin.de/posts/1621138617927372)

> The protection of our unscrupulous customers and their bitcoins is more
> important to us than the protection of the data of offenders.

Another interesseting thing:

> We only issue data from customers to investigating authorities if they can
> inquire in writing in specific cases and can demonstrate a legitimate
> interest in specific criminal offenses. This has always been the case from
> our point of view.

Big question here: So they've done it several times?

~~~
d0lph
Not necessarily, might just have been their policy.

------
INTPenis
I'd think most of them would cooperate with the police.

We've already seen local cops in Sweden and Denmark track drug dealers through
bitcoin. They must have had the cooperation of exchanges and banks to make
that happen.

So I expect exchanges to cooperate on the same level that banks cooperate with
police.

------
saimiam
I want to understand this a bit better from an operational perspective..

Say my DigitalOcean VPS hosted in Germany provides a service X which can be
subverted for illegal purposes. Will the police have to me to ask for data or
can they go to DO and demand access to the data without my knowledge?

~~~
teamhappy
Im not a lawyer, but I assume the laws behind this look pretty much the same
in every western country.

I assume that if you want to search/seize somebodies property then you have
get a warrant made out the the legal owner of the property. (Obviously you
don't have to get a warrant if the owner voluntarily hands out the data...) In
your example DO is the legal owner of the server your VPS runs on. I can't see
why DO would be required to tell you about it.

I don't know how the owners of data centers play into this. I guess if you
have somebody else's property in your possession and the cops have a warrant
then you have to hand it to them.

Keep in mind that the actual data on the VPS may be protected by all sorts of
privacy laws if, e.g., you run a mail server on it.

Edit: I forgot to mention that the location of the server and the jurisdiction
the legal owner is under also play a large role. Also don't forget which
jurisdiction you're under. Nobody cares that you've rented a server from a
russian company located on the dark side of the moon. In this case they'll
probably make the warrant out to you rather than the legal owner. And you'll
have to comply.

~~~
saimiam
By this logic, a renter has no right against unlawful searches on their own
place of residence. The police just needs to ask the landlord for permission
to search a rented property.

I'm just asking, not challenging what you're saying.

~~~
teamhappy
Yeah I know. I guess the other extreme would be a rental car or something. I
can't imagine the guy currently renting the car being involved in the legal
process.

I don't know what happens when a landlord hides weapons or something under the
floorboards and then rents the place to somebody. Say the people renting the
place are on vacation and the police has a warrant (made out to the landlord
in this example). Maybe they can go in with the landlord (and, at least in
Germany, they also need an independent witness) but are only allowed to search
the actual property and not the stuff in it (because the landlord doesn't own
the stuff). I don't know. But this kind of renting is well covered by laws
(including lots of laws protecting the renters).

"Renting" a VPS (webspace would be a better example) probably isn't defined by
any laws. It feels more like user data connected to a (paid) software service.
Renting a dedicated server is a different story.

