eDiscovery Considerations in Relation to Blockchain & BTC

By Josh Markarian | January 8, 2021

Electronic Discovery Blockchain & Bitcoin Key

What is Cryptocurrency

Cryptocurrency is a digital form of currency that exists outside of centralized authority which is also known as decentralized finance (DeFi). Cryptocurrency is an alternative to fiat money, which is any physical currency that is backed by central governing authority such as the US Dollar and Euro. While Bitcoin (BTC) is the most popular digital coin, the total number of cryptocurrencies and “alt-coins” keeps growing. There have been growing indicators of a more wide-spread mainstream adoption of crypto from 2021 having logged the highest number of active BTC addresses, to the popping up of Bitcoin ATM’s available throughout the world.

Bitcoin and other cryptocurrencies live on the Blockchain, a ledger of individual transactions with asymmetric encryption. Asymmetric encryption is when both a public & private key are required to decrypt a transaction.

Things to note:

The bitcoin address is also known as a public key hash (PKH)
The private key is the gatekeeper to the bitcoin. It is what allows the BTC transfer and access to the BTC wallet. Typically private keys are further encoded into a series of random phrases known as seed phrases.

Not only is the blockchain public, all transactions are equal. Blockchain is unique due to the anonymity it provides while also maintaining a level of transparence through it’s public accessibilty. However this anonymity is what tends to make cryptocurrency and blockchain more susceptible to being used for fraudulent and illegal activities. One thing to remember however, is that blockchain transactional records are permanent and non-alterable.

Implications on eDiscovery & Digital Forensics

So how does this all relate to eDiscovery & Digital Forensics? Given that cryptocurrency is a digital currency it falls into the realm of ESI which as we know is discoverable if you can identify the relevant data sources. Bitcoin and other alt-coins are commonly stored in what’s known as wallets which store their assets. Wallets come in both cold and hot storage; hot storage is basically online storage on a server or anything on a network while cold storage is offline storage which is more commonly used. During cold storage a USB drive, hard drive, or other device is used to store the cryptocurrency securely off a network.

This means that that cold storage wallet can be forensically imaged and then analyzed. Of course there are multiple new challenges posed such as accessing the wallet which can only be done through the private key. Once imaged wallets can be forensically investigated for suspicion transactions, building a timeline of events, and identifying suspicious files within the wallet.

Future Considerations on Managing Cryptocurrency & eDiscovery

Anything that relies on anonymity will always pose a challenge within eDiscovery. However, counsel should push to educate within the space to prepare.
Explore how eDiscovery technology and continuous active learning (CAL) models may help speed up the time it takes to identify BTC addresses and decode the blockchain. For example making the connection between a custodian and a Bitcoin address / wallet.
As cryptocurrencies continue to gain wide-spread adoption, future issues are bound to arise. The sectors of eDiscovery and Digital Forensics are no different and will have unique challenges tied directly to blockchain and BTC that may not be evident until they eventually arise.

[1] What Is Blockchain?, Baker Hostetler via Zapproved. Available at: <https://zapproved.com/blog/what-is-blockchain> [Accessed 6 January 2021].

[2] E-Discovery and Cryptocurrencies – What you need to know. JD Supra. Available at: <https://www.jdsupra.com/legalnews/e-discovery-and-cryptocurrencies-what-70531> [Accessed 7 January 2021].

Posted in Blog Posts, eDiscovery