โBitcoin is growing and many people recognise that it is thriving today and will continue to thrive in the future. Accepting this begs the question โ how do [privacy and identity] operate together?โ
So asks PricewaterhouseCoopers (PwC) in its โTrusted Bitcoin Ecosystem White Paper,โ a 2017 summary of a proof-of-concept for regulatory-compliance bitcoin transactions.
The very concept of โTrusted Bitcoin,โ to many of us, is an oxymoron, but it strikes to the core of a tension emerging alongside Bitcoinโs prominence: How can officials corral such an incorrigible technological beast into the bullpen of existing regulation?
โFor regulators and institutions,โ PwCโs report continues, โ[how privacy and identity interact] presents a challenging decision. Do they choose to engage the technology and market opportunity or not? Do they attempt to control or not? As cryptocurrencies at odds with regulation (privacy related or not) continue to proliferate, these questions will become increasingly important.โ
Increasingly important indeed. The central issue behind PwCโs question has been blown open lately, following the recommendation by the G7โs Financial Action Task Force (FATF) that cryptocurrency service providers (e.g., exchanges, wallets and other similar companies) comply with the travel rule โ a banking mandate that requires institutions to share identity information on users for transfers equal to or greater than $1,000.
A โCompliant Ecosystemโ for Bitcoin Companies
As cryptocurrency service providers rush to find solutions that satisfy the FATF recommendation, they may already have a ready-to-deploy solution that doesnโt require changes to established laws.
โOur solution meets global regulatory requirements today, without requiring the regulator to change,โ Netki CEO Justin Newton told Bitcoin Magazine.
Founded in 2014, Netki believes that it has devised an answer to this question with its TransactID solution, which was also cited by PwC in its Trusted Bitcoin Ecosystem trial. During the trial, conducted for the Monetary Authority of Singapore (MAS), the Singaporean agency โasked for examples of how to build a compliant ecosystem, [and] the only solution they found in use by a regulated entity was ours,โ according to Newton.
This solution leverages a modified version of BIP 75, an improvement proposal that Netki drafted in 2016 in cooperation with BRD wallet, and x.509 certificates, a decades-old public key framework that undergirds HTTPS web browsing. On the surface, the improvement proposal has practical applications for creating ID/address lists for public keys. This makes wallets more โreadableโ and user friendly, and it is part of the reason BRD backed the proposal.
It also allows its users to store additional identity information other than names, such as addresses and emails. Upon BIP 75โs unveiling, community members, like then Core contributor Peter Todd, voiced privacy concerns as they became worried the proposal would be used for KYC purposes. These caveats were valid, and even prescient, because this is exactly how Netki intends to use the solution.
โI think that their concerns are understandable and are something we thought about as we were approaching the protocol,โ Newton, who helped to architect BIP 75, told Bitcoin Magazine. โIt is for that reason that we designed the protocol in a way that, while it allows companies to meet their compliance requirements, it doesnโt create things like centralized chokepoints, honeypots of transaction and identity data tied together or other items that would give regulators wider or deeper controls or views than they are strictly entitled to by law.โ
Ready-to-Deploy Solution
Newton continued to say that Netki does not โclaim to provide an anonymous solution, but users privacy is a core tenet of [its] design.โ The second-layer technology creates a private, encrypted channel between the wallets involved in a transaction to facilitate a closed loop flow of information. None of this information touches the public ledger and it exists in a vacuum; because the channels are encrypted and strictly between two entities, they are not aggregated into the โhoneypots of transaction and identity dataโ that lead to such leaks as the Equifax breach in 2017.
โThe protocol is designed with the concept of minimal disclosure in mind, so that the counterparties can choose to exchange only the bare minimum of data either required by law, or desired by the participants,โ Newton said.
This flexibility will be key for meeting the needs of regulators in different jurisdictions. For instance, in the U.S., the travel rule only applies to transfers between money services businesses, while, in places like Switzerland, it applies in any case, be the recipients/senders of a transaction a bank or individual.
Netki also believes its solution is the only completely compliant tool available to officials at the moment. CipherTrace and Shyft unveiled their own solution to FATFโs guidance in July 2019. Using zero-knowledge proofs, the software allows institutions to share references to KYC data without divulging the data itself. Newton claimed that this wonโt cut it for regulators who require that โinformation actually be exchanged between the counterparties in the transaction,โ not just references to this information.
As such, Netki goes the full nine yards to provide all of the relevant KYC data in a way that, according to it, doesnโt expose this info to anyone but the two parties involved in the transaction. Netki actually created BIP 75 โto meet compliance requirements around U.S. Treasuryโs travel rule, as well as OFAC [Office of Foreign Assets Control] or sanctions requirements worldwide,โ Newton said.
Compliance Necessary?
This impetus came after Ripple filed a consent decree with the Financial Crimes Enforcement Network (FinCEN) in 2015 that noted it had violated the travel rule and would comply with it going forward. Unbeknownst to many, FinCEN actually indicted that cryptocurrency service providers were subject to the travel rule in 2013. Only recently have other jurisdictions been brought into the conversation, following FATFโs recommendations and Bitcoin exceeding the wider publicโs expectations.
Newton sees the travel rule, and officialsโ cracking down on businesses that donโt heed it, as an โexistential threatโ to the cryptocurrency ecosystem. Compliance is inevitable, he believes, and the cryptocurrency ecosystemโs infrastructure will eventually be subsumed by existing regulations and red tape.
โI believe that we are going to see increasing controls put on cryptocurrency networks over time,โ Newton said. โThis is a natural evolution as the value of networks grow, as the more value there is moving through the network, the more risk it poses from a regulatorโs perspective and the more controls that need to be put in place.โ
