Treasury Seeks Comments On Digital Identity Verification For "DeFi"
Smart contracts could automatically check for a credential before executing a user's transaction, the Treasury says.
The Department of the Treasury has filed a request for public comments to provide input on the use of "innovative or novel methods to detect and mitigate illicit finance risks involving digital assets" in accordance with the GENIUS Act, as well as in accordance with Donald Trump's policy to support "the responsible growth and use of digital assets," as outlined in the President's Executive Order to strengthen US leadership in digital financial technology.
The GENIUS Act requires stablecoin issuers to be treated as financial institutions for purposes of the Bank Secrecy Act, and as such, “be subject to all federal laws applicable to financial institutions located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and due diligence.” But the Treasury's request for comment goes further than merely evaluating how the Bank Secrecy Act should be applied to stablecoins.
The Treasury's request for comments spans the use of APIs "to help enforce strict access controls, monitor transactions and activities, and bolster security and integrity of financial institutions providing digital asset services," the use of Artificial Intelligence to "make predictions, recommendations or decisions" to "effectively identify illicit finance patterns, risks, trends, and typologies," and blockchain monitoring to "evaluate high-risk counterparties and activities, analyze transactions across multiple blockchains, trace or monitor transaction activities, and identify patterns that indicate potential illicit transactions."
But the treasury is also seeking comments on the introduction of "portable digital identity credentials designed to support various elements of AML/CFT and sanctions compliance, maximize user privacy, and reduce compliance burden on financial institutions" to potentially be used "by decentralized finance (DeFi) services' smart contracts to automatically check for a credential before executing a user's transaction."
According to the request, the Treasury's considerations are proposed in alignment with FinCEN programs that give the US Government the ability to request information from financial institutions on transactions suspected of money laundering and grant financial institutions the power to voluntarily share information on transactions suspected of money laundering between each other in scope of the PATRIOT Act, as stated in the first White House Digital Assets Report.
L0la L33tz
Fast-Tracking Digital Identities with REAL ID
That the GENIUS Act would usher in a new era of scrutiny on digital assets should not be a surprise to anyone that has been following Congressional debates on the issue. The application of what the Treasury describes as "blockchain monitoring" has long been a best practice in compliance. Private contractors have increasingly been turning toward AI to analyze patterns in transactions, from Elliptic's pilot program that aims to "detect the shape of money laundering" to Chainalysis' AI powered "triage solution" Rapid.
The Trump administration has since fast tracked the implementation of REAL ID, a 9/11 era program meant to harmonize the issuance of identity documents across states, which is effectively a drivers license meant to be made available in digital form. According to the American Association of Motor Vehicle Administrators, "AAMVA anticipates the [mobile Drivers License] mDL will eventually be used as a singular identity credential" that can be updated in real time.
The implementation of digital identities to combat illicit finance has been discussed since digital assets have gained momentum in Government circles. As former Chairman of the Commodities Futures Trading Commission Timothy Massad told Bitcoin Magazine:
Combatting illicit finance in non-custodial services will probably involve "some combination of digital identity, in other words people have a credential that they can use online without revealing exactly who they are [...] and a smart contract wouldn't process a transaction unless you could provide that."
L0la L33tz
Bringing Digital Identities to "DeFi"
There are arguably two glaring issues with the Treasury's apparent considerations to implement digital identities to DeFi services. The first is that nobody really knows what DeFi actually is.
The White House Digital Assets Report describes DeFi as "smart contracts [that] make decentralized applications (dApps) possible as tools for trading, lending, earning rewards, and other activities. Some dApps serve as cross-chain bridges, which transfer assets or data across blockchain networks. Assets that exist on one chain and pass through a cross-chain bridge to be represented on another are referred to as wrapped, and the ecosystem that operates around dApps is broadly known as decentralized finance (DeFi)."
The report also states that "DeFi protocols [...] can include platforms, applications, and exchanges," and "are an emerging segment of the digital asset ecosystem that uses smart contracts to automate transactions and enforce transparently encoded rules. DeFi applications and platforms offer users the ability to interact with these protocols through web interfaces or mobile apps and access different services."
The only thing that appears to be clear is that DeFi is mostly understood to refer to non-custodial services.
L0la L33tz
ZeroKnowledge Does Not Equal Privacy
The second most obvious issue with implementing digital identities in non-custodial services is the fact that every ZeroKnowledge Proof has to have an issuer which facilitates the verification of a person's identity. A user may maintain their privacy while sharing said proof with third parties, but cannot have privacy against the issuing party.
The Venture Capital firm Andreessen Horowitz, led by Marc Andreessen, who serves as an advisory council member to the Department of Homeland Security, is one of many prominent advocates for the implementation of digital identities in digital assets. This week, a16z said the quiet part out loud in a blog post titled "6 myths about privacy on blockchains:"
"Modern cryptographic techniques can reconcile the privacy needs of users and the informational and national security needs of regulators and law enforcement. [...] Zero-knowledge proof systems may have the greatest potential to help strike the right balance. These methods may be applied in many ways to deter crime and enforce economic sanctions while also preventing the surveillance of American citizens or the use of the blockchain ecosystem to steal or launder funds," a16z writes.
"Current research suggests that there are a number of possible methods for privacy-enhancing products and services to mitigate risk, including: involuntary selective de-anonymization, which involves a private-key-sharing arrangement between a gatekeeper entity (like a non-profit or other trusted organization) and the government, where the gatekeeper entity evaluates requests from the government to use the private keys to de-anonymize wallet addresses."
Backdoored or not, the implementation of digital identities to non-custodial services would effectively turn a permissionless system into a permissioned one. The deadline for comments to the Treasury is October 17th.
Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co
