Hardliners Stymie Online Identity Innovation

Lack of middle ground between blind crypto idealists and blinkered monetary regulators hampers self-sovereign, privacy-enhanced identity solutions.

AccessTimeIconOct 21, 2022 at 5:04 p.m. UTC
Updated Oct 21, 2022 at 7:08 p.m. UTC
AccessTimeIconOct 21, 2022 at 5:04 p.m. UTCUpdated Oct 21, 2022 at 7:08 p.m. UTCLayer 2
AccessTimeIconOct 21, 2022 at 5:04 p.m. UTCUpdated Oct 21, 2022 at 7:08 p.m. UTCLayer 2

I fear I’m going to upset a few people with this column.

That’s because I’m going after both sides in the divisive debate over identity in crypto and finance: blinkered monetary regulators on the one hand and blind crypto idealists on the other. In their own way, each is obstructing progress on sensible cryptographic identity systems, the kind that would give us solid online privacy while also enabling the secure, sustainable expansion of digital innovation in the public interest.

The type of regulator I’m targeting is unable to think outside the business-as-usual box of bureaucracy. This person resorts to knee-jerk demands that everyone – be they person, company or software platform – submit to invasive demands to report identity and transactions at every step of their financial lives. They don’t seem to care that this effectively restricts financial participation for many – for the poor, especially, but also for leaders of vaguely undesirable but entirely legal businesses such as cryptocurrency service providers. Nor do they worry they are facilitating the unholy bargain between the state and banks that we discussed last week.

The crypto idealists are trapped by a mix of narrow self interest, utopianism and bone-headed intransigence. They treat any workable, consumer-friendly self-sovereign identity system as a slippery slope to a totalitarian hellhole. In stirring up outrage among their followers, they make it hard for practical-minded developers to deploy such tools in real-world settings and confirm the regulatory community’s ill-informed biases that crypto is dominated by anarchists and criminals. The result: the perpetuation of a stupid incumbent system and a cohort of policymakers encouraged to build ever more invasive surveillance systems into the digital money systems of the future.

I was led to this conclusion by three conversations on the sidelines of CoinDesk’s I.D.E.A.S. summit in New York this week.

You’re reading Money Reimagined, a weekly look at the technological, economic and social events and trends that are redefining our relationship with money and transforming the global financial system. Subscribe to get the full newsletter here.

‘Zelle on turds’

The first conversation was one Sheila Warren and I had for our “Money Reimagined” podcast with Greg Kidd, a director at GlobaliD and the CEO of investment firm Hard Yaka. A former Federal Reserve analyst, Kidd laid out how far self-sovereign credential management has come under the World Wide Web Consortium’s (WC3) decentralized identifier (DID) standard, with Zero-Knowledge proofs and other cryptographic tools allowing people to limit and control access to their personal data and to use it to sign into different applications.

Kidd discussed some unique crypto applications in the finance sector, all of which will remain beholden, at least for now, to regulators’ requirements for know-your-customer (KYC) and anti-money laundering (AML) identity compliance.

One idea: A regulated financial institution could confirm with mathematical proof that the holder of an address sending or receiving cryptocurrency had at some point been verified by a trusted source for KYC purposes without needing to know the address holder’s name or other identifying information. The proof would be required only at the on- and off-ramps between on-chain crypto world and the financial system – i.e., when a cryptocurrency is being exchanged for fiat currency – to keep on-chain crypto transactions frictionless. Meanwhile, we could have system-wide, on-chain data analyses to meet AML needs, identifying nodes engaged in patterns of illicit activity, all without invasive identity requirements.

It was an enlightening look at what’s possible to avoid centralized entities building up vulnerable “honeypots” of personal data.

Yet, there’s currently little traction for such ideas among people in a position to mandate this new compliance model. Kidd said that “not even 1%” of banks are exploring such applications. And many officials working on central bank digital currencies seem insistent on a KYC approach that would allow them to narrowly restrict CBDCs to citizens of their countries – a vision for the future of money that he described as “Zelle on turds.”

Emotionally charged overreactions

Then I heard about the crypto community’s obstructionist role.

This came in a meeting with David Sneider of Lit Protocol, who presented at I.D.E.A.S. and was featured in a CoinDesk profile by Sage Young.

After CoinDesk tweeted a quote from Sneider’s presentation about how people will soon be able to use the WC3’s new WebAuthn standard to enable on-device facial recognition technology as a multifactor authentication system in recovering a private crypto key – replacing the current seed phrase norm – the replies from many in Crypto Twitter were brutal.

“What a [crappy] idea. You should be embarrassed,” wrote @BTCSteve.

“Literally a terrible idea. Your money should be as anonymous as possible, not accessible with a deepfake,” wrote former baseball pitcher-turned-crypto enthusiast C.J. Wilson.

These knee-jerk reactions were no doubt founded on understandable concerns about surveillance and hacking risks associated with centralized databases of biometric information. But in this case they seemed to totally miss the point.

As Sneider explained, the mechanism behind WebAuthn simply extends the widely accepted and highly secure facial recognition model found in most new smartphones, which relies on unique cryptographic tokens embedded into the device to which no third party can gain access. The method will allow you to authorize the similarly localized controls in other devices you own to activate access to a third device – such as replacement for a lost phone or hard wallet. This way you can activate a crypto key that’s founded on highly secure, decentralized multiparty computation. There is no centralized control of biometrics involved at all.

The overreaction exposed how emotionally charged the conversation around identity is on crypto social media. This makes it difficult for developers to advance powerful ideas that could bring secure, self-custody crypto capabilities to a mass user base.

Ulterior motive?

In the Lit Protocol case, the Twitter reaction seemed based on a misunderstanding. But an institutional investor who has followed crypto for a long time offered a more cynical explanation for why some in the community try to shut down discussion around innovative identity solutions. “It’s because they don’t want their wash trades exposed,” said this I.D.E.A.S. attendee, who asked not to be named.

Wash trading refers to the practice of exchanging an asset between two accounts controlled by the same person to elevate the price for that asset. Anonymity has made this especially problematic in crypto markets. My source’s suggestion was that anything that either identifies traders, or simply shows that two addresses are controlled by the same investor, would make the practice harder to carry out and remove a source of false support for prices. So powerful players with a stake in keeping prices high will push back on all and any identity solutions.

There’s no way of verifying this thesis. But given the widespread price pumping and the self-interested practices that enriched certain players during last year’s crypto bubble, it feels believable. Certainly, it’s a more valid explanation for the community’s resistance to identity technology than the debunked myth that cryptocurrencies are mostly used by criminals for money laundering.

The bottom line

The crypto community must understand there is no path to mass adoption without self-sovereign identity, just as the regulator community needs to learn how cryptography can solve security risks without breaching privacy. Let’s find some common ground.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Michael J. Casey

Michael J. Casey is CoinDesk's Chief Content Officer.