3 minute read
Can we have privacy and compliance at the same time?
ROBERT STONE
Celsius's digital asset lending platform has revealed nearly half a million depositors' names and transaction histories The blockchain's transparency and traceability pose a risk Most public blockchains use anonymous data as their privacy protocol, which can be easily exploited to track user activity and balances Because of this, leaks of names and wallet addresses can harm blockchain users' privacy because anyone with access to the internet can easily match on-chain activity and wallet addresses Because of this, wallet owners were exposed to theft and extortion when the filing disclosed their wallet transaction dates and amounts
Advertisement
In practice, such data leaks can also happen simply by transacting with someone you know� Consider using crypto for payroll, for example Their paychecks and the employer's balance would be visible to employees If you use crypto to pay, you could give your local coffee shop access to your income and where you bought groceries yesterday Digital asset holders employ several privacy- enhancing technologies to mitigate this risk In order to assess the identity of users on blockchains, current techniques rely on transparency and traceability to manage illicit finance risk. Government investigations into malicious activities can also be impeded by the same tools that protect legitimate privacy interests on public blockchains
Among the most widely used privacy protocols was
Tornado Cash, shut down or sanctioned this summer by the U S Treasury OFAC (Office of Foreign Assets Control) because it was used to facilitate illegal financial transactions totaling $7 billion Blockchain users are left with a difficult decision: either rely on pseudonymity, which may be compromised—or their funds could be linked to criminal activity, resulting in penalties, blocking their funds, or increasing their risk profile, limiting their ability to transact freely as they can with fiat money.
Financial intermediaries balance privacy with legitimate government interests in traditional finance. In the traditional financial system, citizens enjoy a high level of confidentiality, which makes minimizing illicit finance risks in virtual assets an important question As a result of the civil right to privacy and financial confidentiality in Europe and the U�S�, intermediaries have limited access to financial and other information for commercial or other purposes, with exceptions for law enforcement and regulators to share legally required information It's unacceptable in the context of blockchain technology and DeFi if financial intermediaries can't effectively protect sensitive personal information (as evidenced by the frequency of data breaches)
In essence, blockchains act as a digital "if-then" statement between parties interested in transacting, automatically enforcing rules as they are programmed into smart contracts In the early days of blockchains, the rules governing virtual assets were purely based on who owned them and when they moved–but now it's possible to add additional rules that address issues such as illicit finance and compliance. In the blockchain space, technologists are developing technology to address risks identified by authorities and policymakers, such as zero-knowledge proofs (methods that ensure that a statement is valid without conveying unnecessary information) As a result of these methodologies, which have been used in some existing blockchains since the beginning, a more reliable way of maintaining privacy and compliance is now feasible
It is possible to block unlawful transactions, automate government reporting, and selectively reveal confidential information while limiting access to authorized agents with the right to view information In contrast, transactions and wallet balances remain private and secure from unauthorized access
Regulators and legislators cannot remain silent To achieve more effective outcomes, they must adopt flexible regulatory approaches that allow and encourage these technological developments Compliance and financial privacy can become integral parts of the virtual asset ecosystem through the use of these technologies and with the support of regulators
DeFi and NFT Users Can Get KYC Help From Equifax-And Their Data Will Be Protected
The data privacy solution for Web3 projects will be developed by Equifax, best known for its historic data breaches DeFi protocols and NFT projects, for example, will benefit from an identity management and know-your-customer (KYC) product that privacyfocused cloud company Oasis Labs are developing Companies offering Web3 products and services - including some DeFi products and servicesare subject to regulatory compliance, such as KYC standards - regardless of whether users want their identities to remain private "It's really important to build privacy-first solutions because personal data privacy is a basic human right," says Dawn Song, a University of California Berkeley professor and founder of Oasis Labs� But, she says, "Responsible innovation is also important, so it's important to build solutions that comply with regulatory requirements as well."
To achieve this, Equifax and Oasis are developing a KYC solution where "privacy technology plays an important role throughout the entire stack," Song says, adding that Oasis plans to ensure privacy using anonymous credentials, zero-knowledge proofs, secure hardware, and decentralized identity management
Song points out that the company's capabilities beyond KYC, such as fraud detection and credit reporting, will help bridge Web2 and Web3 According to Song, the partnership represents the first step toward creating a "universal KYC" that can be used across different blockchains, companies, and communities
Despite the decentralization blockchain affords, Web3 products still require KYC and identity verification procedures Equifax and Oasis claim that the Web3 space does not currently have a KYC solution that offers strong privacy protection
To build a solution, the two companies will issue "anonymous KYC-ed credentials" to Web3 users Its proponents believe Web3 will be more decentralized, built upon blockchain networks, and use cryptocurrencies