"But I Thought You Were About Privacy?": KYC x Privacy
One comment I’ve noticed come up on posts is about our approach to privacy and KYC, with the feedback essentially being how can we be for this both?
In this post, let’s look at Dusk’s approach to privacy and KYC and why we think they can (and should, and do, and will!) go hand-in-hand.
What is “KYC”?
To start with, what exactly is KYC?
KYC stands for “Know-Your-Customer” and is a set of requirements placed on institutions to verify the identity of their customers. There are other requirements including AML (Anti-Money Laundering) and CFT (Countering the Financing of Terrorism) checks too.
Any “official” accounts you have, like bank accounts, will have a KYC process where you will have had to prove your identity, likely through government documents and bills.
Performing KYC on every customer, and then storing and protecting their data is incredibly costly for institutions, and acts as a high barrier to entry for smaller institutions who simply can’t afford the cost of making sure their customers aren’t doing anything illegal.
You can read more about the costs and requirements of compliance here.
What is privacy?
Next up, what is privacy?
This is obviously a favorite topic of ours and one that we’ve spoken about a lot. We believe that privacy is not only a requirement but a right.
For us, privacy is not a feature in and of itself, but rather a means to an end, with the end being to tokenize regulated assets and to bring them to everybody’s wallet. That privacy is not the goal in and of itself and that we want to interact with regulated assets greatly influences our approach to both privacy and regulation.
When speaking about privacy we have to consider two things: what and who.
| WHO is public | WHO is private | |
| WHAT is public | Public | Anonymous |
| WHAT is private | Confidential | Secret |
What we find in the crypto space is pseudonymity, with all transactions being public but the addresses that made those transactions being a pseudonym, typically a 0x address or a name someone has given to their wallet. The what is public, the who is an address or pseudonym (unless that wallet gets doxxed!).
Private, but from whom?
The second consideration with regard to privacy is “from whom”? From whom is something being kept private?
Your banking transactions, for example, are kept private from the public at large, cannot be accessed by “just anyone” at your bank, but are available to be viewed by people with permission at your bank.
Does this mean they are not private because some people could access them?
Maybe. Maybe not.
A cost, not a feature
Many blockchains and protocols speak about privacy as a feature or service (wen Privacy-as-a-Service narrative?), with their goal being to make on-chain private.
From “tumbling” funds and obscuring the address they’re sent to all the way to zero-knowledge proof cryptography, there are many ways to achieve a version of privacy.
For us, privacy is not the service, tokenizing real-world, regulated assets is the service, and this naturally influences the way we approach things like KYC. If we had no interest in regulated assets, we’d have no need for KYC, but because we do it has been necessary to meet the requirements of regulators so that we can start to interact with regulated assets in the same way as we interact with digital ones.
As it currently stands there is not a KYC service provider that meets our standards or requirements. All current approaches are off-chain, centralized, slow, clunky, and not fit for purpose. That is why we had to create our own KYC protocol, to perform KYC in a way that was compatible with blockchain, privacy, and regulations.
Privacy in the real world
Regulated, real-world assets are subject to real-world regulations, whether they are traded on-chain or off-chain. This includes KYC/AML requirements, and as such we have had to create the protocol in a way that supports this.
Our goal is to bring regulated assets to everyone’s wallets. This means complying with regulations and building our own KYC tool solution that can support this. You can read more about Citadel, our KYC tool, here.
So, that is why we are for privacy and KYC, and why both are important to our overall goals.
