Compliance, Centralization, and the Travel Rule – Jeff Garzik
As the cryptocurrency ecosystem looks for solutions to address the tightening regulations around the Travel Rule, we start to encounter another potential barrier to a decentralized financial system — centralized compliance solutions.
Let’s start with the philosophical underpinnings of crypto. Fundamental to the idea of a digital asset is its peer-to-peer nature — the notion that transacting between individuals shouldn’t need to go through an intermediary. Some Travel Rule solutions, however, are proposing some sort of central resource that would require cryptocurrency exchanges or VASPs (“virtual asset service providers”) to register as accredited crypto businesses. As a result, every transaction would be routed through this central resource to verify the VASP’s identity to ensure its validity, creating the kind of intermediaries that the crypto movement identified as problematic from the very beginning. Suddenly, there is an intermediary for every transaction, monitoring and approving them.
This resource has the potential to become a chokepoint, slowing or even halting all transactions. It could happen in a number of ways:
- There could be technical failure at this resource. Even redundant systems can’t be always available.
- Hackers could identify this single-point-of-failure and compromise the system. I’ll cover this in greater detail below, but suffice to say a hack could be devastating in a centralized resource scenario.
- There could be a malicious actor within the centralized resource. Someone with access to the system could wreak all sorts of havoc — embezzling, restricting transactions by or between certain parties he/she finds displeasing/politically unpalatable or against whom they have a personal vendetta. It’s ripe for abuse.
Specifically as to the issue of hackers: Some Travel Rule solutions not only propose a centralized resource to validate identity, they also are recommending that it also be the repository for all of this data. As a refresher, the Travel Rule requires that the transaction data — IDs of the parties, transaction amounts, dates, and so on — be stored and sent to the transacting parties. Now imagine storing all of that data in one place — a pretty irresistible honeypot.
Further, consider that a centralized resource essentially creates a monopoly. With just one resource sitting in the middle, there’s no competition. It creates world-class vendor lock-in. No incentive to improve, innovate, update or monitor performance. But from the standpoint of the cryptocurrency ecosystem, it sounds like a nightmare — technology that everyone depends on that has no incentive to improve.
In truth, it seems strange that any of the VASPs would be considering centralized solutions for an ecosystem built on the principle of decentralization. Bitcoin was based on the idea of transacting without having to pass through a financial institution, requiring trust. By introducing centralized elements to Travel Rule solutions, we undermine one of the basic principles of the cryptocurrency movement, and simply replace today’s financial institutions with something very similar. Let’s make sure we don’t repeat history.
Published at Mon, 09 Dec 2019 23:31:00 +0000
{flickr|100|campaign}
