Appropriate transparency vs privacy?
The recent news about the detention of Alexey Pertsev in the Netherlands for his role in the sanctioned Tornado Cash protocol raises many issues about privacy on public blockchains. The court hearing in ‘s-Hertogenbosch on 22nd November argued that he had more of a role than a software engineer who had simply written a smart contract and centered on arguments about token holdings and control along with evidence of design decisions taken from private messages.
U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, a token mixer that helped obfuscate the origin of funds. The central case was the accusation that Tornado had facilitated the proceeds of crime to be hidden using the technology, and the implication was that all funds sent to Tornado must therefore be suspicious.
There are many debates about the long reach of OFAC and the decision to sanction a smart contract which are good subjects for another blog.
A naïve viewpoint is that all mixers are bad and only there for criminals, and why stop at mixers there are also those who subscribe to the viewpoint that all tokens, crypto, and blockchains are only used by criminals.
We need some perspective here; you can argue for banning cash as it is used by criminals. There is a grain of truth in this, and measures have been taken to prevent large cash payments as the recent announcement by the Dutch government to limit cash transactions to €3000 and ban €500 notes. In 16 member states of the EU, there are limits ranging from €500 in Greece to €14,000 in Poland.
Governments are getting serious about stopping the proceeds of crime with more and more Anti Money Laundering (AML) legislation being bought in.
What is staggering is that it is estimated that 98.9% of the proceeds of crime are unrecovered in the EU. This is, of course, fuel to those who think that AML checks are ineffective and thus need abolishing.
In an earlier blog, I wrote about how blockchains could improve the processes of monitoring the proceeds of crime, allowing financial crime units to watch the activity on the chain as opposed to managing the flow of reports sent by intermediaries.
Financial crime is a serious issue that needs addressing and will need the participation of the wider community to address it. Simplistic sanctioning or banning things like mixers is a quick fix, but the phrase “don’t throw the baby out with the bathwater” comes to mind.
A more nuanced approach is in using verifiable credentials, which helps in establishing identity without disclosing personal information, and in the case of Tornado, had verifiable credentials been used, then it would have quickly stopped the flow of dodgy money.
Why am I advocating mixers? There is a bigger issue that needs exploring, namely over a person’s reasonable expectation of privacy versus transparency, and this naturally encompasses the discussion about combatting the proceeds of crime.
Transparency vs privacy on an open blockchain?
Fully privacy is problematic for combatting the flow of funds derived from the proceeds of crime as anonymity hides the Ultimate Beneficiary in the same way a blind trust does.
Full transparency is problematic as being able to see every payment I have made with an address as potentially discloses more information than I want to give. For example, when I buy a magazine with a token, the shop keeper knows who I am and now knows my address. She can look up my full transaction history from the beginning of time armed with information I may not want to make available to her.
There is a spectrum between these two points. On the transparency side of the spectrum, we have models such as the Nordic countries where salary information is made public, and the benefits are shown to reduce gender pay gaps; it increases overall job satisfaction knowing you are paid the same as your peers, and there is less corruption in these countries. Perhaps we can be transparent about how we receive income, such as disclosing salary information and how much we made through investing or through side hustles, but do we really need to share how we spend our money or whether we save lots?
We need an open discussion on what is acceptable to share and what data needs protecting.
Adoption of verifiable credentials go a long way in not disclosing information on a blockchain and ensuring key data is protected, but that leaves the transaction information connected to an address. Since we do not know who owns an address, all is well until you use it in connection with a transaction where you can be identified, and your whole transaction history is on show.
One solution to the problem is the use of a “burner” address in combination with a mixer. The mixer hides the origin of funds, and you get to spend while keeping your transaction history private. The issue with mixers, as I started with the blog, is that they also need to ensure the proceeds of crime cannot flow through them. We could have a mixer that required verifiable credentials to participate, which would curtail the criminal activity. The solution is also a bit clumsy and mimics a pre-paid credit card with some advantages but also a lack of flexibility.
This is where I get tangled in knots about where privacy should go. The real issue is making a payment in person where you can be identified, can this be obfuscated on the client side so that the recipient knows that the transaction has been done but does not find out your address? A savvy operator would know the time of the transaction and be able to look at the block explorer to figure out the transaction details and, thus, your address. Could the transaction be done in a smart contract so you would only see an interaction with a smart contract and the payee side done in an encrypted way?
There need to be discussions around concrete measures of how we balance transparency, privacy, and integrity (by stopping the flow of the proceeds of crime). There is a niggle that this could be like the old technology saying, “Faster, cheaper, better. Pick two,” where we have to choose two from transparency, privacy, and integrity?