The year is 1766 and Sweden has just passed the world’s first law enabling the public to access information related to the government. Since then, transparency has been instilled in Swedish culture. Today in the EU, the Swedish commissioner Cecilia Malmström is the only Commissioner that publishes her external correspondence in a publicly accessible register. Bold acts of transparency undoubtedly help democracy and protect society. However, private companies have competitive pressures and, in general, need to be coerced through regulation.
As tech companies bring the worlds of offline and online ever closer together, we are challenged to find ways of writing physical legislation to manage this new arrangement. Attempts to fit technology companies that match individuals to perform services, like Uber and AirBnB, have all but failed. As the stakes behind these attempts further increase as these companies scale, we need case studies to learn how we are going to mitigate risk for society.
The Bitcoin industry has been navigating the regulatory maze for almost 5 years. The complexity of financial regulation in the United States has left many wondering around what sometimes feels like the Nevada desert. While the decentralised model of Bitcoin and the data that is produced through using the system have still not been fully appreciated. As always with Bitcoin, perhaps it is asking bigger questions than its current incarnation may first allow us to imagine.
Is Bitcoin’s transparency so clear we barely see it?
A Bitcoin company’s business activities have a level of transparency by default. Companies like ours are able to identify the levels and nature of this activity due to the public nature of the blockchain and specific attributes of Bitcoin transactions. This does not mean we get information on the identities of the customers of these companies, but for example, we have a good estimate of transaction volumes, the source and destination of their funds. This is particularly helpful for the company themselves as this provides both business intelligence and the ability to detect potentially suspicious activity.
However, this information is not only useful to the company itself but to other stakeholders in the ecosystem. Consider the bank that offers banking services to the Bitcoin company. They are now able to receive reports on the levels and nature of blockchain activity for their on-boarded clients. Money Service Businesses are typically on-boarded using a reliance model. Reliance is about establishing trust. Trust is expensive for small firms or even unattainable. The Bank must get very comfortable that the compliance standards kept by the company meet their expectations given that they have potentially little information to monitor its on-going activity. This has led to the worrying collapse of this model as the regulators have pressured banks through large fines to close many of the bank accounts of these money service businesses. The irony of all of this is the raison d’être of these businesses is the shortcomings of the banks to serve targeted segments of the population.
Enough about the current state of the world. For those interested you can read about the shortcomings of the current AML agenda here.
The main question is: In places where levels of identity proofing are low, or possibly non-existent, should financial transactions be completely open? Or reversed, for certain financial transactions should the need for high levels of assurance be necessary?
In the Bitcoin space, the level of identity proofing behind a Bitcoin addresses is non-existent. That is its appeal. In some other parts of the payment ecosystem the level of identity proofing is as good as non-existent and there are no technical solutions to mitigate risks such as fraud or money laundering. In Bitcoin, digital traces are left alongside every transaction opening the possibility of risk management. As people consider the possibilities of blockchain technology should we also consider this transparency a possible benefit?
Putting a chain on things: Self-reported vs Self-enforcing
The process of audit and self-reporting requirements necessitate the the old way of regulation which requires permissions to be granted up front. Nick Grossman wrote an excellent white paper on adapting our regulatory paradigm for the internet age. Essentially the argument is that we can produce a lot more data today in real time than ever possible in the past. This production of information can mitigate some concerns, which in the past has been met with onerous reporting requirements. I would like to extend this idea to include the prospect of being able to have self-enforcement rather than just data sharing.
Consider Bitcoin once more. When companies choose to do business on the Bitcoin blockchain, they are binding themselves to a degree of transparency that regulators and the public can use. If more companies use these types of protocols then we can enforce the promise of greater information sharing without getting into complex data sharing arrangements.
The transparency of Bitcoin does not mean that crime has been eliminated, far from it. However, it can be used as a case study of where the amount of real time data sharing can be appreciated by regulators and a framework of lower barriers to entry considered. Society, in general will not agree on the maximum number of days an apartment can be rented out for short term rentals, or what mileage someone can drive passengers in a leased car, or what levels of reporting is needed from a business that conducts transactions in the public domain but at least we have examples that we can already start to use.
Fear and Loathing of transparency
When I point to examples of where Chainalysis is able to identify nefarious activity in the Bitcoin blockchain, people present the full array of emotions from Fear and Loathing in Las Vegas, from ecstasy to torment. Generally the fear does not arise from privacy concerns but rather a concern that someone else can see what they see. A transaction that slips from view could be picked up by a regulator or a law enforcement agency and draconian fines likely issued. In today’s paradigm this is scary but in the new world of regulation, this would be seen a great intervention.
The analogy that I would draw would be in a zero-day vulnerability. If a friendly someone outside your company reports a vulnerability to you, you are over the moon and probably send them money and gifts. You do not complain that they should not have been snooping around your system. This creates much more secure systems and are in everyone’s interest. Likewise, we could help internet businesses police themselves better if they gave us incentives and data to help monitor their services.
People loath transparency for their love of privacy. This is a delicate issue and one that our business navigates on a daily basis. The ideal outcome is one of translucency. An ability to judge the implications for society without compromising the civil liberties of individuals. Leaning on Bitcoin once more, the exchanges and hosted wallets actually ensure a level of privacy for the individual user. Chainalysis can navigate through transactions but the exchanges are the custodians of individual identities. When it comes to rides or stays in people’s homes this is going to be more difficult but there are many smart minds working on this (Watch these guys Cognitive Logic among others)
The shift towards this regulatory paradigm seems inevitable but may take a long time. We may find ourselves lost at times stumbling around what seems to be the Nevada desert but as Hunter S. Thompson wrote: “When the going gets weird, the weird turn professional.”