How can web3 technology help protect privacy?
The US Department of the Treasury's Office of Foreign Assets Control last month sanctioned a technology called Tornado Cash, on the grounds that it "has been used to launder more than $7 billion (over 253 billion baht) worth of virtual currency since its creation in 2019". Such enforcement measures are nothing new. But what makes this case unique is that Tornado Cash is a piece of open-source software.
Essentially an automated tool, Tornado Cash mixes digital assets and redistributes them to preserve privacy. While we don't know everything about Tornado Cash or why it was created, we do know that large sums of digital assets linked to illicit activity have moved through the protocol since it was launched, including millions stolen by North Korean hackers. Any American who uses the service now faces up to 20 years in prison.
Some believe that such sanctions are necessary to prevent money laundering, while others see them as a sign of government overreach. But whatever one's perspective, it's worth asking why there was a need for a protocol like Tornado Cash in the first place. The short answer is that our financial system is failing to balance privacy and security. Fortunately, this is a challenge that web3 (blockchain) technologies could help to resolve.
As a senior adviser to two US secretaries of state, I spent time in dozens of countries examining how different systems affect individual rights and democracy, and helping to design technologies and applications to strengthen open societies. In the course of this work, I have seen today's finance systems failing by virtually every measure. More than a billion people worldwide lack access to basic financial services. Many cannot pay their bills or send money to family because they don't have a bank account or identification, and others simply don't trust financial institutions.
These suspicions are often legitimate. Carrying out transactions of any size requires us to share sensitive information like birth dates, addresses, and Social Security numbers. Regardless of whether you're renting an apartment or a car, that information is routinely abused and compromised. Identity thieves have reportedly been hijacking accounts at Experian simply by signing up for new profiles using the victims' personal information. Another credit bureau, Equifax, exposed the data of 150 million people in 2017.
The current system works just fine for criminals. A 2011 report by the United Nations found that 99.8% of money laundering worldwide goes unpunished.
In most of the world, digital privacy is effectively nonexistent. Either you live in a country like China, where the government knows everything about you, or you live in a place like the US, where Big Tech manipulates your behaviour for commercial purposes. But web3 could provide a third way, by allowing us more control of our digital identities and information, while adding a layer of accountability to help stop bad actors.
To be sure, most web3 protocols have operated at either extreme of the privacy continuum. Cryptocurrencies like Bitcoin and Ethereum provide full transparency into transactions through public records, while protocols like Tornado Cash attempt to achieve total anonymity by mixing assets from legitimate users alongside those belonging to criminals and rogue regimes.
Fortunately, developers are now gravitating towards a middle ground that protects privacy and upholds basic democratic principles. But designing these systems is too important to leave to government, the private sector, or civil society alone. The right solutions require a team effort focused on a few key issues.
First, we need clear objectives. At a minimum, these should include giving people more control over their information; ensuring greater accountability concerning how that information is used; and expanding access to financial services generally.
Second, we need technical standards that make it easier and less expensive to establish and secure our digital identities. American and Canadian banks currently spend over $30 billion per year on identity verification but still usually fail to prevent money laundering. Open standards for validating digital IDs can ensure healthy competition, reducing costs for consumers and encouraging a race to the top for handling data.
Finally, we need financial regulations that can micro-target bad actors while still enabling the secure movement of money to dissidents and others in closed societies. Having spent time with survivors of North Korean slave labour camps, I would never argue that my right to private transactions is more important than their right to freedom. But the two are not mutually exclusive. With creative policies and well-designed web3 tools, we can promote civil liberties and prevent abuse. ©2022 Project Syndicate
Tomicah Tillemann, a former senior adviser to Secretaries of State Hillary Clinton and John Kerry, is Chief Policy Officer of Haun Ventures.