We can finally reconcile privacy and compliance in crypto. Here are the new technologies that will protect user data and stop illegal transactions

A recent bankruptcy filing by digital asset lending platform Celsius has revealed the names and transaction history of nearly half a million depositors. It illustrates a risk arising from the blockchain’s transparency and traceability.

The privacy standard in most public blockchains is based on pseudonymity, which can be easily pierced to track user activity and balance. As a result, data leaks of names and wallet addresses can damage the privacy of blockchain users, since anyone with an internet connection can easily match the on-chain activity and wallet addresses of named Celsius users revealed in the archive of dates and amounts of every transaction on the wallet, and exposing wallet owners to the risk of theft or extortion.

As a practical matter, such data leaks can also occur by transacting with another party who knows your identity. For example, consider using crypto in your payroll. Employees will be able to see the employer’s account balance and the pay slip of the team members. If you use crypto to pay, your local coffee shop can access information about how much you earn and where you shopped yesterday.

To mitigate this risk, holders of digital assets are using additional privacy-enhancing technologies to protect the confidentiality of their financial information. The problem is that current techniques for managing illicit financial risk on blockchains rely on transparency and traceability to assess user identity. As a result, the same tools used to protect legitimate privacy interests on public blockchains can also frustrate government investigations of malicious activity.

One widely used privacy protocol was Tornado Cash, which was sanctioned this summer by the US Treasury Department’s Office of Foreign Assets Control (OFAC) on the grounds that it had been used in connection with more than $7 billion in illicit financial activity. This puts innocent blockchain users in a bind: rely on privacy through pseudonymity – which can be pierced – or have their funds associated with criminal activity, increasing the risk that they may be punished, have their funds blocked or their risk profile raised, potentially limiting their freedom of action.

In traditional finance, the balance between privacy and legitimate state interests is achieved through financial intermediaries. In Europe and the United States, a civil right to privacy and financial confidentiality limits the ability of intermediaries to use financial and other data for commercial or other purposes, while also providing exceptions to the sharing of legally mandated information with law enforcement and regulators.

Although the assumption that financial intermediaries can effectively protect sensitive personal information has proven problematic (witness the frequency of data breaches), it is untenable in the context of blockchain technology and decentralized finance. This raises an important question: Can illicit financial risk in virtual assets be reduced while preserving the basic confidentiality that citizens enjoy in the traditional financial system?

The only new thing blockchains can do is enforce rules automatically by programming them into smart contracts, effectively a digital “if-then” statement between transaction partners. Originally, blockchains implemented rules that only governed who owned virtual assets and when they moved around – but it is now possible to add additional rules that satisfy the need to address illicit finance and other compliance risks. Cryptographic technology, such as zero-knowledge proofs (methods that ensure the validity of a given statement without disclosing unnecessary information) can address risks identified by authorities and decision-makers and are currently being developed by technologists in the blockchain space. These technologies, which have been in academia for decades and are used in some existing blockchains, promise to reconcile the competing claims of privacy and compliance in a more robust way than is currently possible.

Such solutions can, for example, allow blocking of illegal transactions, automated reporting to government agencies, as well as selective visibility of sensitive information, with access limited to authorized agents who have rights to view information – while transactions and wallet balances remain private and protected from malicious actors.

Politicians and regulators cannot stand on the sidelines. They need to adopt flexible regulatory approaches that allow and encourage these technical developments that achieve more efficient results than are currently possible.

Through these technologies, and with the support of regulators, both compliance and financial privacy can become an integral part of the virtual asset ecosystem.

Shlomit Azgad-Tromer, PhD, is the co-founder and CEO of Sealance. Jai Ramaswamy is Chief Legal Officer for Andreessen Horowitz. Eran Tromer, PhD, is an associate research scientist in Columbia University’s Department of Computer Science and one of the founders of Sealance.

The opinions expressed in Fortune.com comments are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.

More must-read comments posted by Fortune:

This story was originally featured on Fortune.com

More from Fortune:

I proudly wake up at 08:59, one minute before I start my telecommuting job. There are thousands like me and we don’t care what you think

You may have Crohn’s disease, rheumatoid arthritis or lupus because your ancestor survived the Black Death

Housing’s astonishing fall in one chart: Prices have plunged in 51 of these 60 cities, and there’s much further to fall

Let’s not circle back on it: These 10 business words are the most hated in America

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *