A STAY out of Jail Guide to Bitcoin

getoutofjailfreeBitcoin has a few problems. Read the recent RAND report; the concern is misuse by terrorists. Apparently, even governments use it (or intend to use it) to pay spies/informants so that should be enough evidence that it can be used to anonymise financial transactions.

Without going into detail, the reason this is causing such a stir is because bitcoin is by design a (digital) commodity. From a monetary perspective, it is a bearer instrument. If I hand you a sack of wheat/rice, ostensibly you own it. When it comes to the movement of financial value, banks receive cash from you and then deposit that into your account. At that point (on the face of it), that cash is yours. Any transactions from your bank account are thereafter linked to your identity.

Whereas with bitcoin, I just send a sack of wheat/rice to the other person over the internet without having to have someone confirm that I own the wheat/rice in the first place. What we need is a way to place a stamp on the sack of wheat/rice that it belongs to me before I send it.

People make out that somehow bitcoin was designed to obfuscate ownership, like as if Satoshi him/herself built bitcoin to buy weed on Silk Road. Humorous but naive. Bitcoin is young, it needs nurturing, it may need an ID protocol on-top to make it compliant by default.

Now, a lot of cash is piling into private blockchains because the banks are excited about the ‘dragon’ bitcoin has unleashed. Ten patents were just filed from Bank of America so the land grab has officially started and bank’s sales departments sell the story internally “don’t worry it is not bitcoin. it is blockchain”). But let’s be honest. No risk department in a bank is comfortable transacting in bitcoin if there is the chance that miners are being run by ISIS in Inner Mongolia, a node is being run from North Korea or if Bob signs up for an account with the bank and it is Alice that funds it. I can’t solve every problem but the last one we may have cracked, albeit with a cockeyed solution.

As a side note, did you know that bitcoin has its very own compliance industry now? The industry is building analytics tools that shows the blockchain in real-time with red flags every time a transaction passes through a Syrian IP address. Analytics is cool but probabilistic. I’d like a bit more certainty when jailtime is a consideration before making a decision.

So, in the face of the fear of inadvertently doing something wrong, we give up control. If you want to be compliant in bitcoin then, it seems you have to give up your keys.

Hosted bitcoin wallets take the private keys from users, effectively taking away the decentralised control of a person’s bitcoin assets, and thereby attribute the funds to the user. At the same time, it is banking all over again but without lending your bitcoins out for mortgages. The alternative is co-signing. This is where you share the wallet with an independent third party, such as your auditor or lawyer, who validates that you own the bitcoin and keeps looking into your wallet now and again. Well that’s pretty good.

My view is that we should be able to achieve 100% AML/CTF compliance whilst preserving the natural benefits of bitcoin, retaining ownership and control over your assets (an important thing to learn, especially if ‘bail-ins’ become commonplace, note case in Italy) and flexibility. Flexibility is key. I want to transact with full AML/CTF compliance in bitcoin just as I want to do the same with Ether or any other digital currency that I fancy at the time. Why should I only have the option of being compliant in bitcoin because my compliance enabled intermediary only supports bitcoin?

So “what’s your solution?” is probably what you are thinking. Here goes! Cryptography and the use of public and private keys combined with verified identities is today’s solution (or at least the solution I am suggesting) to be compliant.

Here are the steps and I’d like to thank my good friend Giannis from Coinomi for his technical contribution. (Note: this is a conceptual ‘back of a cigarette pack’ solution and I look forward to your feedback on improving it or completely dismissing it):

  • You apply for an Estonian e-residency card (e-ID) (you should do so anyway because most likely there is no more secure way of electronically signing a document than using their system). It’s EUR50. The e-ID system is based on RSA encryption using public/private key pairs.
  • When you get your smart ID card and reader you then download a bitcoin wallet and open a separate text file.
  • You then put the public address of your bitcoin wallet in the text file with your Estonian public key and sign it with your bitcoin private key and then sign the text document with your Estonian private key. Easy right? Maybe not that easy if you have no clue about encryption but reach out if you get stuck and I’ll put you in touch. After you have signed the text file you can (if you need to) hash the document so no changes are subsequently made (not necessary, but some ‘cryptonauts’ just love hashing documents these days, that includes me). This is your bitcoin certificate (Certificate).
  • When you buy bitcoin from someone you present your Certificate to say that your receiving bitcoin public address is yours. If they don’t believe you they will send an encrypted message to your Estonian public key and bitcoin public key to see if you can decrypt it.
  • That’s it. Happy bitcoining with full AML compliance.

Moreover, the following goes out to the digital currency regulated intermediaries out there who spend sleepless nights wondering where the bitcoin being deposited on their exchange is coming from and track a million IP addresses to identify asymmetric information provided by customers. Just ask your customers if they have an e-ID. If they do then, ask them to produce the Certificate. If they can produce it, then you know for sure that they are depositing bitcoin with you (obviously from the public address disclosed in the Certificate) that they own.

I appreciate by the way that this solution is hardly “fingerprint and swipe your Apple Watch to pay”, but it is a stop-gap until someone builds a simple Certificate app based on the e-ID API. Happy programming.

Follow me on twitter to start the conversation @adam_diacle