On June 5, cryptocurrency exchange Coinbase came under fire for its alleged efforts to sell crypto surveillance services to both the United States Drug Enforcement Administration and the Internal Revenue Service.

In the days since, Coinbase representatives have made it clear that the company’s analytics services do not share any personally identifiable data with law enforcement. They claim to source all data from publicly available information.

Big brother has been keeping tabs for nearly a decade

Though Coinbase’s denial may contain a grain of truth, a source who has worked in compliance for crypto exchanges and Bitcoin ATM companies revealed to Cointelegraph that multiple government entities have been actively monitoring users across nearly every centralized exchange and custodial crypto service provider for years.

Speaking on the condition of anonymity, this source indicated that crypto surveillance tactics go all the way back to Bitcoin’s (BTC) earliest days. They said these practices became a much broader effort after the much-maligned Mt. Gox incident, in which 850,000 BTC went missing on the once-popular crypto exchange in late 2013.

Our source explained:

“I’ve worked for crypto exchanges, bitcoin ATM companies, general crypto services providers, and more. They all engage in surveillance practices. They have no choice.”

When it comes to keeping tabs on users, they said that the U.S. government’s favored methodology is called a Suspicious Activity Report, or SAR. While SARs are common in most money transmission businesses, crypto SARs appear to operate under different standards. They stated that:

“In traditional institutions, a transaction needs to meet certain criteria in most cases to be deemed suspicious. That’s not really true for Bitcoin and other cryptocurrencies though. As far as the government is concerned, the threshold of ‘suspicious’ is met as soon as cryptocurrency is involved.”

They elaborated:

“Custodial entities are legally required to file SARs for basically any [suspicious] crypto-related transaction above $5,000, regardless of the user’s other activity. Many file for lower amounts. The entities are legally barred from revealing this reporting data to users, or any member of the public. We can not tell you we’ve filed a report on you — ever. And entities can not refuse to comply with these reporting tactics because if they do, they will lose the licenses which allow them to operate. They may face fines or even imprisonment.”

Who are they and what do they want to know?

When asked which agencies are most interested in users’ crypto data, our source revealed that “reports are shared with FinCEN, the IRS, the FBI, various other federal law enforcement agencies. It runs the whole gamut.”

And it isn’t just U.S. law enforcement:

“It’s the U.S., China, Japan, Russia, the UK, others I’m sure; it depends on where you’re based. But nearly every world power has legally mandated methods of reviewing centralized user data.”

Our source also revealed that the information requested is fairly robust. Agencies want to know:

“What coins you hold, how often you trade, the initial source of any funds used to buy crypto, the amount of profit you’ve taken within a certain period of time. They can and do ask for it all. They also keep track of where your coins are sent once they leave centralized custody. So if you’re keeping your coins in cold storage, there is a good chance that some office within one or more world governments is aware of that wallet address. No matter where you move them, if a centralized exchange has ever held those coins, they can track you.”

Are you being watched?

So, how can you know if you’re one of the people who has been, or is currently being, monitored by a government agency? That is an eerily simple question to answer, says our source: “If you’ve ever filled out AML information, there’s a good chance that data has been requested by someone. Monitoring crypto users is the entire point of AML and KYC. Why do you think places collect this information at sign up? You are being watched.”

Though services cannot legally inform their users that they have filed activity reports, there are apparently signs people can watch out for:

“Frozen accounts or funds. If you’ve had login issues that barred you from accessing your account. Anything like that likely means you have been subjected to a suspicious activity report without your knowledge. Or a government entity may have requested insight about you or your funds, in which case you may not be allowed to move forward until their review is complete.”

Can you avoid surveillance?

Blockchain participants operate in an industry largely built upon the ideals of individual sovereignty and personal privacy. There are numerous projects in the space that are working to build decentralized variants of popular crypto service offerings. When it comes to avoiding the demands of surveilling governments around the world, our source was clear:

“Decentralized exchanges and privacy coins are the only answer that I am aware of. Use centralized services at your own peril.”