What is the FATF? This is the Financial Action Task Force that is tasked with setting global standards for anti-money-laundering.
The FATF idea is to require all VASPs (Virtual Asset Service Providers) to transfer personal information about virtual asset users to each other. This is the beginning of a privacy disaster. I think everyone involved in this poor decision should be required to hand over a copy of their passport, and tax id every time they buy something with cash. It wouldn’t be long before their personal information is used against them and they experience their mistake in a visceral way.
So, what’s the solution?
First, we have to define the problem the FATF thinks they’re solving. The FATF is ostensibly trying to prevent money-laundering and prevent terrorism financing. By tying every transaction to a known individual they can follow the chain of transactions forward or backward and identify and catch the bad guys. Most crypto-currencies are transparent and every transaction is public. This is only ok when you don’t know who owns the address. The FATF is breaking this model so that every transaction is public and every VASP knows every person.
Ignoring, for the moment, that this is just excessive tracking of everyone, is there a way to solve the problem without copying everyone's data around?
Yes, there’s a better solution!
Before I provide this solution, let me state unequivocally that I think the amount of surveillance of everyone’s spending should stop. Benjamin Franklin once said: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
The solution is Tags. What are Tags? Tagging is a feature that is currently on Ravencoin testnet, but could be implemented generically for any cryptocurrency. The Tag feature, as implemented in Ravencoin, lets a Qualifier attach tags to a crypto address. The Qualifier would be a regulated entity that can check KYC/AML before assigning a tag. KYC is Know Your Customer — which is banker speak for collecting your personal data. AML is anti-money laundering which is banker speak for running your personal data through a bunch of government-run databases to check if you are allowed to use money. In this solution, the named tag given to your crypto-address proves (cryptographically) that KYC/AML information has been collected and stored. This could be easily audited at any time, and tags could be removed by the qualifier if there were ever a need.
Let’s say an organization exists, which we’ll call IdentityCo. IdentityCo is set up to collect information for KYC and check the anti-money laundering and anti-terrorist databases. If everything checks out, then IdentityCo issues attaches the tag #IDCO to a crypto addresss. Only IdentityCo can do this because they have the private keys to do the tagging with the #IDCO tag. If a regulator wants to check that all the #IDCO tags have proper data stored by IdentityCo, then they can do so with a quick audit. The important part is that personal data doesn’t “travel” and isn’t copied. It should be sufficient to have it stored once provided law enforcement can track the crypto address back to the personal data through IdentityCo.
Now the VASPs can rely on the #IDCO tag and send crypto-currencies, or security tokens to properly tagged addresses. This scenario is for off-chain compliance (custodial accounts) where VASPs honor the Tags before a deposit or withdrawal is allowed. This solves the problem of being able to track an individual’s transactions, and without copying personal data to hundreds or thousands of companies that may have mediocre security.
Ravencoin already has this built-in for on-chain compliance with Restricted Assets. It is on Ravencoin’s testnet now if you’d like to try it out. [Update: Live on mainnet as of Feb 7 at 6:15pm EST]
The tagging concept could be constructed outside of Ravencoin for use with other blockchains, or Ravencoin tags could be used to validate addresses for other chains. How? Use Ravencoin tags, but validate the tagged address for other blockchains by first decoding the base58-encoded address and removing the first byte that makes the address specific to Ravencoin.
If you’re reading this and you know folks at the FATF, let them know that a better solution exists. I’d be happy to do a presentation for them before this data copying (“travel rule”) idea gets out of control.
If you find all this tracking horrifying, I’m with ya, but you should know that it is already happening for all of your non-cash financial transactions and most larger cash transactions. This proposed Ravencoin tagging solution is a way to solve the same problem and also minimize the future damage that will result from copying personal data to and from every VASP.