The mandatory KYC for combating terrorism may be one of the greatest cases of iatrogenesis in our society.
Note: while exploring Bitcointalk, I found this incredible post
“Why is KYC extremely dangerous - and useless”. Motivated by the reflections raised by @1miau, I have compiled the ideas and extrapolated the reflection from new facts, a sociological perspective on the issue, and the KYC hypothesis as a case of iatrogeny. The text is a kind of thanks to the author for having opened my eyes to an obvious
logical inference that had remained hidden. I hope I can do the same for you.
Note 2: English is not my language, so I apologize for possible errors.
Cryptocurrency exchanges worldwide are being forced to add and tighten Know Your Client (KYC) protocols to collaborate with Anti-Money Laundering (AML) laws, increase user security, and prevent terrorist financing. But at the same time that this siege closes, another one opens: the number of hackers and personal data trading on the dark web only increases.
But, if KYC data is constantly stolen, can't it end up being more used to create fraud than to prevent it? The assumptions about this procedure need to be revised because perhaps we are facing one of the greatest cases of iatrogenesis of our time.
To analyze those issues whose common sense is very strong at their unanimity, cautious steps are necessary. In this article, I analyze the status of deaths caused by terrorists in the world and the justifications for implementing KYC laws in order to understand the associated risks of improper exposures of personal data and its possible mitigations.
Status of violence in the world: sugar is (much) more dangerous than terrorismHumans have always lived among violence and wars in its several aspects: be them self-directed (suicide), family (against children/women/elderly), local/community (acquaintances/strangers) or collective (social/political/economic) and, who knows, soon planetary (Elon Musk vs World).
Our Paleolithic ancestors and every nomad who walked this Earth had to worry about invasions, conflicts, and acts of terrorism - a systematic use of violence to create
terroris with a particular political objective. But despite the seemingly widespread status of violence in the 21st century, only
1% of global mortality is linked to human violence and the number of conflict-related deaths has continued to fall sharply in recent decades.
In 2018,
70% of the
US$ 475 billion spent on violence in the world was used in wars and conflicts. But these deaths represent a very small percentage of global deaths. In
2017, 26 million people died as a result of terrorist attacks, 129 thousand on conflicts, 793 thousand committed suicide and 34 million died from diabetes. Sugar is a potential enemy far more dangerous than a terrorist bomb. But it is not suicide or sugar that mobilizes resources. The terrorists are the ones painted as great dangers and combating them is the justification used for the persecution of populations, invasion of countries, and the institution of KYC / AML laws.
Logic bombs & CyberwarsThe sharp decline in war-related deaths since 1985 coincides with the development of the bit society. In informational capitalism, knowledge is a much more important economic resource. Currently, the profitability of war is restricted to a few regions, such as large oil holders. What armies earned in an entire year of war, informational entrepreneurs earn in a day of trade.
In a globalized scenario, political stability is an extremely important fact for the development and planning of mega-enterprises. But, with humanity having that destructive creativity sharpened in itself, unprecedented forms of war & violence are under development, with emphasis on the new cybernetics-wars. In 2020, more than
⅓ of the world's companies experienced six or more successful hacker attacks. These are just a few hacks, the tip of an iceberg in a sea of unreported events and cyberwars between countries.
Know Your Client (KYC) The issues here converge. After the September 11 attack in 2001, numerous measures were taken to mitigate the terrorist risk (which already accounted for less than 1% of the world's deaths). And increasing the rigidity of Know Your Client (KYC) processes was one of the measures used to reinforce Anti-Money Laundering (AML) laws and prevent the financing of terrorism.
KYC relates to a series of authentication procedures that companies need to require their customers to comply with regulators and legally offer their services. KYC involves sending personal data and documents to a company or organization to prove that you are who you say you are.
In recent years, US regulators have adopted strict policies to control the offer of exchange services to US residents and numerous companies are being accused of violating the Commodity Exchange Act. Binance, the world's largest crypto exchange, has been banned from offering services in at least ten U.S. states. In October, the founder of BitMEX was arrested and the company was formally accused of failing to implement KYC / AML policies and making no effort to prevent American users from voluntarily registering on its platform.
The problem is that there is simply no guarantee that our data will be safe with third parties. Large companies with high-security standards are succulent targets because of the profits associated with hacking large companies. As soon as personal information is sent to third parties for KYC purposes, I can basically just wait for an email notifying me that the data has been leaked, my identity exposed, my funds stolen and also my life has been exposed.
The risks of KYCThoughts such as 'exposing personal data is less dangerous than a bomb', can arise.
In the past week, two close friends have had digital scams. One of the scams - a frustrated one - involved “sextortion” malware and had the potential to destroy her life in countless ways (remember, suicides represent ⅓ of the violent deaths). The other scam, which involved identity fraud, was successful, and made a PhD unfeasible and will probably abruptly slow her professional career.
When a KYC exchange compliance is hacked, attackers can gain access to the background, names, home address/email/bitcoin, passports, photos, biometric data, wealth source, and bank accounts. The negative consequences of selling this data are immeasurable. When accessing KYC data, criminals can, for example:
Impersonate an identity: open accounts in your name to carry out illegal activities or make loans that are impossible to repay.
Accessing other services: the data can be useful for accessing other accounts of the person, compromising privacy (leaking photos/videos), and other types of funds.
Going from digital / KYC to physical/unthinkable: by obtaining information about physical addresses and wealth, physical enterprises can be profitable enough to encourage theft/kidnapping and physical extortion. Or at least be even more valuable to scammers specializing in other crimes. With biometric data, the door to the house is literally open to the unthinkable.
The KYC Scam: voluntarily sell your data to the dark web
In addition to the theft of data by third parties and everything that can be done with it, companies are able to use KYC's justification to appropriate their users' funds in an improper way and with a legal excuse. After receiving a considerable number of deposits without KYC, the site announces that it needs to comply with regulations to continue operating and blocks funds until users submit their documents.
The user can 1) refuse KYC and never see his funds again or 2) can voluntarily offer his data to the dark web. By instituting a KYC policy from scratch, attackers can even select which data would be most valuable to boost their packages, better serving the demand of the moment/niche. And here, I stopped at what is already real. Technological sophistication in this area have created scenarios worthy of Gibson, Sterling & Stephenson.
As KYC becomes widespread, the greater is the number of crimes related to cyber-attacks and identity fraud. Hackers use the data to defraud systems on their terms. At this stage of making data available on the illegal market, KYC actually does not prove anything else and most likely does not change the dynamics of terrorism. It encourages fraud & selling identities.
When the Government is the EnemyThe control of language always implies the control of thought. If we think of words as governments want, we think as they want. Here, history can broaden our perspective. The word terrorism was born during the Kingdom of Terror (1793-1794) by Maximilien de Robespierre as a reference to the actions of the party.
Last Friday, a
trader was executed in North Korea for dealing with foreign currency in the country . Under the direction of Kim Jong-un, the country has tightened its policy of restricting the international market as a strategy for valuing $WON. Fear as an incentive is a common government tactic to reinforce certain behaviour.
A mega-computerized state with an objective code capable of telling how each individual must behave in order to ensure general well-being. From simple security cameras to social scores and fictional (no-more) systems in which BBB-State decides which profession each citizen should have, we walk together into a data-driven terrorism society.
Gunpowder versus gunpowder, cipher against cipher“
I don't trade with a gun pointed at my head.”' - Ayn Rand
Currently, KYC narratives are created by antagonistic forces. On the one hand, those who defend the value of privacy against KYC / AML policies are branded as potential criminals or at best - paranoid - as if the right & desire for privacy does not. It was trivial because it was so natural.
On the other hand, regulators create regulations and tools capable of monitoring transactions, under the justification of preventing money laundering, providing security to investors, and preventing unconditional anonymity from resulting in chaos. Along these lines, David Birch, the fintech guru and author of “The Currency Cold War”, distinguishes the right to privacy from the right to anonymity. For Birch, privacy is a citizen's right. Transactions must be private, but only until such time as legal action is needed. As anonymity does not have this limit, it should not be encouraged. In my view, Birch falls into a praxiological error: if all systems are potentially hackable, how can any privacy exists without anonymity?
At the end of the day, KYC encourages - on a global scale - what should prevent and restrict voluntary exchange between the parties. We are destroying the room to get rid of a fly. But after the irritation caused by the fly is over, the damage may already be too big.
But, as there are still good stoics among us, while hackers compromise systems and governments to tighten up their policies to encourage fraud, there are initiatives/technologies capable of mitigating KYC iatrogeny. No government can execute you for an illegal foreign exchange transaction if your identity is not linked to the trading. Please note:
Self-defence: learning about digital security is as necessary as literacy.
Altcoin Bounties & Airdrops are hardly worth the risk, control your momentum.
Do not provide your data for exchanges and start-up & fantastic projects, they will use you to get rich and not the other way around.
Consider
decentralized and non-custodial services, p2p trading/exchanges without KYC, and offering anonymous digital crypto exchange services. Despite the 'tightening KYC siege for exchanges', a recent study by CipherTrace showed that more than 50% of exchanges (CEX, DEX, AMME) have no KYC and 70% of them have little membership.
Try
implementations focused on privacy, such as Samourai & Wasabi wallets, DEX protocols, VPNs, etc.
Pay attention to BIPs like Taproot / Schnorr signatures (BIP340) & Dandelion (BIP 156) and other implementations that seek to increase the anonymity of transactions. It is clear that each field of action will have specific services being developed.
Conclusion: Prohibitions & Illegal EmpiresIn History, it is not uncommon for cases in which prohibitionist policies result in the construction of illegal empires - again, iatrogeny. Just as banning alcoholic beverages increases the risks associated with alcohol, banning cryptocurrency transactions and demanding KYC is not the solution to society's problems, but a risk to it. Personal information is a valuable commodity and KYC is a honey pot awaiting the onslaught of hungry bears who surf the darknet. Privacy is a right and if the only way to guarantee it is anonymity, there should be no shame on using it.