When the regulator comes knocking
It appears that the grace period for crypto is drawing to an end. The Financial Stability Board has noticed stable coins and it is only a matter of time before other regulators notice it too. What does this mean for crypto? What can we do to alleviate the concerns (justified or not) of these powerful entities?
Know Your decentralized Customer
KYC is the foundation of Anti Money Laundering (AML) laws. Especially the concept of Economic Beneficiary. I believe that we should have a decentralized version of this concept based on Decentralized IDentities (DID) and Self Sovereign Identities (SSI).
Using cryptography and especially Zero Knowledge Proofs, it is possible to prove that you have passed a KYC process and that you have been approved, without disclosing anything about yourself. There is a way to keep all the DeFi projects alive if we can agree on DID formats and if we can convince the regulator that it is safe.
The regulator is not after us
Some in the community suffer from a victim syndrome and think that the powers that be are coming for them because they threaten the status quo. I don’t think so. Of course, DeFi is not welcomed by all the banks but some big names have invested considerable resources and would like to see blockchain succeed.
All the regulator needs is to be convinced that we can do a good job all the while keeping the money launderers and terrorists out. It is the European Commission that has created PSD2 which forces all the banks to give access to their customer’s data if the customer gives permission. The authorities are not against opening up and improving efficiency.
We need to be the ones to act
If we leave it to the authorities, they will create a monster of centralized regulation because that is the only way they know how. We, the blockchain community, need to produce a viable solution before the regulator even starts to think about how to solve this issue.
Estonia has shown that governments can be progressive when it created the e-residency program. A first step would be to link your Ethereum or Bitcoin address to an e-identity in order to allow the tracking of funds.
But this is not possible in many cases as countries around the world are not always as free and open as the European ones. In some places on earth it can be dangerous to tell the authorities that you own something. For those places we need an anonymous solution.
Zero Knowledge KYC (ZK-KYC)
The technology to do a ZK-KYC exists today! We need to start using it and improve it in order for the regulator to be able to say:
We see you’re providing us with the tools to regulate you
This is the only way in which we can escape a new Crypto Users Registry or other monstrosity of centralized data honey-pot.
The rules could be as simple as: If you do not disclose your identity when compelled to do so, all your addresses will be frozen instantly and you will not be permitted to move funds anymore.
This might appear to negate what crypto is all about: being an off-shore bank account for the poor. A store of value that is out of reach of any judge. But this (being out of reach for judges) might be the price to pay to keep crypto legal.
The nice thing about crypto is that the identity can disclose publicly only the jurisdiction it is subject to, in order to make it impossible for an Italian judge to freeze Swiss assets.
Standards not projects
The second important thing is to create a standard. The Decentralized Identity Foundation (DIF) is doing just that and this work must be supported as much as possible. It must not be that a single project emerges which creates a de-facto standard and imposes its world view on all. This should be modeled on the internet with a standard that anyone is able to implement.
Implementations too
Of course we need at least a reference implementation and it must be open source and provide an open battery of tests so that any subsequent implementation can verify how well it did. Taking a leaf out of the Websocket test suite
Conclusion
The regulator will come, there is little doubt about that, and it will not allow value to be transferred anonymously without any safeguards. Everyone will need to be able to provide traceability and disclose the origin of funds if required.
The only way we, as the blockchain community, have to avoid disclosing our identities to a central authority is to show the central authority how to track something without knowing who it is. With the guarantee that they can find out if needed.
In the end blockchain is a much more transparent platform than the current model and it is more hostile to criminals too. We must protect the honest majority by making it possible to catch the nasty criminals.
