“Bitcoin is growing and many people recognise that it is thriving today and will continue to thrive in the future. Accepting this begs the question — how do [privacy and identity] operate together?”
So asks PricewaterhouseCoopers (PwC) in its “Trusted Bitcoin Ecosystem White Paper,” a 2017 summary of a proof-of-concept for regulatory-compliance bitcoin transactions.
The very concept of “Trusted Bitcoin,” to many of us, is an oxymoron, but it strikes to the core of a tension emerging alongside Bitcoin’s prominence: How can officials corral such an incorrigible technological beast into the bullpen of existing regulation?
“For regulators and institutions,” PwC’s report continues, “[how privacy and identity interact] presents a challenging decision. Do they choose to engage the technology and market opportunity or not? Do they attempt to control or not? As cryptocurrencies at odds with regulation (privacy related or not) continue to proliferate, these questions will become increasingly important.”
Increasingly important indeed. The central issue behind PwC’s question has been blown open lately, following the recommendation by the G7’s Financial Action Task Force (FATF) that cryptocurrency service providers (e.g., exchanges, wallets and other similar companies) comply with the travel rule — a banking mandate that requires institutions to share identity information on users for transfers equal to or greater than $1,000.
A “Compliant Ecosystem” for Bitcoin Companies
As cryptocurrency service providers rush to find solutions that satisfy the FATF recommendation, they may already have a ready-to-deploy solution that doesn’t require changes to established laws.
“Our solution meets global regulatory requirements today, without requiring the regulator to change,” Netki CEO Justin Newton told Bitcoin Magazine.
Founded in 2014, Netki believes that it has devised an answer to this question with its TransactID solution, which was also cited by PwC in its Trusted Bitcoin Ecosystem trial. During the trial, conducted for the Monetary Authority of Singapore (MAS), the Singaporean agency “asked for examples of how to build a compliant ecosystem, [and] the only solution they found in use by a regulated entity was ours,” according to Newton.
This solution leverages a modified version of BIP 75, an improvement proposal that Netki drafted in 2016 in cooperation with BRD wallet, and x.509 certificates, a decades-old public key framework that undergirds HTTPS web browsing. On the surface, the improvement proposal has practical applications for creating ID/address lists for public keys. This makes wallets more “readable” and user friendly, and it is part of the reason BRD backed the proposal.
It also allows its users to store additional identity information other than names, such as addresses and emails. Upon BIP 75’s unveiling, community members, like then Core contributor Peter Todd, voiced privacy concerns as they became worried the proposal would be used for KYC purposes. These caveats were valid, and even prescient, because this is exactly how Netki intends to use the solution.
“I think that their concerns are understandable and are something we thought about as we were approaching the protocol,” Newton, who helped to architect BIP 75, told Bitcoin Magazine. “It is for that reason that we designed the protocol in a way that, while it allows companies to meet their compliance requirements, it doesn’t create things like centralized chokepoints, honeypots of transaction and identity data tied together or other items that would give regulators wider or deeper controls or views than they are strictly entitled to by law.”
Newton continued to say that Netki does not “claim to provide an anonymous solution, but users privacy is a core tenet of [its] design.” The second-layer technology creates a private, encrypted channel between the wallets involved in a transaction to facilitate a closed loop flow of information. None of this information touches the public ledger and it exists in a vacuum; because the channels are encrypted and strictly between two entities, they are not aggregated into the “honeypots of transaction and identity data” that lead to such leaks as the Equifax breach in 2017.
“The protocol is designed with the concept of minimal disclosure in mind, so that the counterparties can choose to exchange only the bare minimum of data either required by law, or desired by the participants,” Newton said.
This flexibility will be key for meeting the needs of regulators in different jurisdictions. For instance, in the U.S., the travel rule only applies to transfers between money services businesses, while, in places like Switzerland, it applies in any case, be the recipients/senders of a transaction a bank or individual.
Netki also believes its solution is the only completely compliant tool available to officials at the moment. CipherTrace and Shyft unveiled their own solution to FATF’s guidance in July 2019. Using zero-knowledge proofs, the software allows institutions to share references to KYC data without divulging the data itself. Newton claimed that this won’t cut it for regulators who require that “information actually be exchanged between the counterparties in the transaction,” not just references to this information.
As such, Netki goes the full nine yards to provide all of the relevant KYC data in a way that, according to it, doesn’t expose this info to anyone but the two parties involved in the transaction. Netki actually created BIP 75 “to meet compliance requirements around U.S. Treasury’s travel rule, as well as OFAC [Office of Foreign Assets Control] or sanctions requirements worldwide,” Newton said.
This impetus came after Ripple filed a consent decree with the Financial Crimes Enforcement Network (FinCEN) in 2015 that noted it had violated the travel rule and would comply with it going forward. Unbeknownst to many, FinCEN actually indicted that cryptocurrency service providers were subject to the travel rule in 2013. Only recently have other jurisdictions been brought into the conversation, following FATF’s recommendations and Bitcoin exceeding the wider public’s expectations.
Newton sees the travel rule, and officials’ cracking down on businesses that don’t heed it, as an “existential threat” to the cryptocurrency ecosystem. Compliance is inevitable, he believes, and the cryptocurrency ecosystem’s infrastructure will eventually be subsumed by existing regulations and red tape.
“I believe that we are going to see increasing controls put on cryptocurrency networks over time,” Newton said. “This is a natural evolution as the value of networks grow, as the more value there is moving through the network, the more risk it poses from a regulator’s perspective and the more controls that need to be put in place.”