Buried at the tail end of a long interview with Andreas Antonopoulos are a number of sharp observations about the relationship between the digital currency revolution and civil rights on the Internet. Mr. Antonopoulos’ comments on privacy and mass surveillance are especially interesting in light of the upcoming keynote address to be given on 5 August 2015 by Hans de Zwart, director of the preeminent Dutch foundation for digital rights, Bits of Freedom.
In the interview Mr. Antonopoulos comes out clearly against mandated mass data collection by financial institutions as ineffective and damaging practices. What he doesn’t specifically mention is the tremendous monopolistic power and wealth exercised by corporations and governments when they accumulate information at this scale.
Although the conversation with Mr. Antonopoulos on 27 July, 2015 was interrupted by audio problems, we were able to obtain a clean transcript of the relevant — and most interesting — section, which we publish below.
I was wondering around KYC, do you think any more privacy-friendly solutions are possible, as you explained with the so-called permissions ledgers that could be more efficient for banks and could bring down costs for banks? Do you think similar technologies like distributed networks and distributed databases could maybe also enable more privacy-friendly KYC procedures?
I think the concept of privacy-friendly KYC is an oxymoron. I think that KYC as a concept doesn’t scale.
It works on a limited basis in a system that you control end to end, but the fundamental concept applying financial totalitarian surveillance on masses and masses of innocent people while exposing them to the risk of identity theft just in case you can catch a narrow segment of criminals is antithetical to the very principles of the Renaissance and enlightenment in democratic institutions.
The idea that you will surveil and punish the innocent in order to catch one guilty person is the antithesis of democratic ideals. In fact the famous concept by Lord Black who was a senior judge in England was that it is better to let a hundred guilty people free than to punish one innocent person. That idea has been the basis since the Magna Carta of the judicial systems in Western societies. And now suddenly in the last decade and a half we’ve come up with this new concept that we surveil the innocent financially and totally in the hope of catching one guilty person and in the process we destroy the financial privacy, the freedom of association, freedom of expression and…
[Interrupted by one of the interviewers.]
Andreas, a lot of people even without KYC laws are willing to submit all their personal data to Facebook, like a lot of people apparently don’t seem to care much about this issue. So even without KYC laws they would surrender themselves to big corporates or whatever just because it’s easier for them because they want to share pictures or their name or whatever, so that’s just a voluntary thing, right? How would you avoid that then?
Well I think there’s a big difference between voluntarily giving information of a non-financial nature to a private corporation even if that private corporation is leaking or being surveilled itself and accepting the idea that complete and total financial surveillance by all of our governments is an acceptable societal arrangement.
And in the end the point with Bitcoin that really changes all of this is that it’s like having a stadium with a 100 doors and you cover two of them but leave the other ninety eight open so that anyone can come and go. What are you achieving really?
What you’re achieving is the guarantee that the two doors that you are covering will only be traversed by the innocents or the idiots who didn’t know that the other 98% of the doors were an easier way to get in. And when you’re doing surveillance of exchanges and the endpoints on Bitcoin what you’re doing is you’re accepting that the means justify the end even if they don’t work, that KYC is a good principle even if it doesn’t work, and that it is worth exposing the innocent to privacy risk and identity theft even though you know you’re not going to catch many criminals because the criminals are mostly going to use any one of the many options available to bypass these controls.
That is fundamentally fascist in nature, and it is abhorrent to free societies. We live in an era where fear has overcome reason and that usually doesn’t last very long in society. Eventually reason recurs, and then we stop trying to implement these extreme measures that ultimately are completely ineffective. So I think KYC and identity-based controls are an artifact of closed financial networks, are irrelevant and will disappear over time because they don’t scale.
I see your point and I agree for, I think, ninety-nine percent… What I wanted to say or what I meant to say is that hypothetically we could have some sort of consumer protection without either processing or sending the personally identifiable information so for example on a peer-to-peer network where people can do this voluntarily, exchange information with people they like maybe even in a way that you don’t actually have to process any kind of sensitive information. Do you think that could be helpful because the idea apart from anti-money laundering behind KYC is that it’s also a consumer protection thing?
I think that’s a ludicrous idea because KYC doesn’t work as consumer protection and has never protected consumers. In fact the people who violate KYC and AML laws are usually those with a banking license, and they usually get away with it. So the idea that somehow this is consumer protection…
You know, the worst abuses in society are always sold to the population as protection from some kind of external evil. Let the government keep you safe because you can’t yourself. That’s bullshit. The bottom line is that consumer protection as a programmable feature of the network is effective. It is achievable today and does not require any personally identifiable information.
Personally identifiable information does not equal consumer protection. It’s a weak proxy and not the most efficient way to achieve that goal. We now have better methods that achieve consumer protection programmatically that are effective and do not expose people to the risk of identity theft, which arguably is the biggest risk in the consumer space.
No one cares about that on financial networks. No consumer ever said I’m going to bank with Barclays because they have a better AML program and because I think they’re going to do KYC much better. But certainly consumers are very reluctant to conduct transactions that reveal their personally identifiable information because many of them have been subject to identity theft.
So the bottom line is this: Privacy will not be sold as a feature. Privacy will be a side effect of using a highly usable system like Bitcoin where just the convenience of not having to put in all of your personally identifiable information and the convenience and utility of the currency and the payments network, and the platform for building applications and the innovation that comes with that, that’s going to make it happen, and then you’re going to get privacy as a side effect.
That means we need to strengthen privacy so it’s always on by default in every transaction, every wallet, and not something that a consumer must choose but something that happens even without the consumer knowing
they’re getting that benefit. I think that’s the way forward. We’re going to see a lot more of that.
Consumer protection is something we can easily program. We don’t need personally identifiable information. That was a very bad approach to start with, it has led to very low consumer protection and an enormous consumer damage with identity theft, and it’s about time we stopped it.
Mr. Antonopoulos concludes the interview by repeating his preference for “programmatic control of security and trust that actually prevents negative behavior by making it impossible“. He specifically refers to features of the Bitcoin protocol such as “programmatic refunds and multi-signature control structures” as “real consumer protection regardless of identity and regardless of reputation“. Those solutions “don’t scale to a new global economy where you can’t possibly know or evaluate the reputation of everyone you are dealing with“.
For coverage of similar issues, see “Evil Hackers and Bitcoin Anonymity” published on 26 July 2015. Or watch Mr. Antonopoulos’ keynote address on 1 April 2015 where he directly responds to questions asked by the Dutch government about cryptocurrency.
If you’re interested in the thoughts of Andreas Antonopoulos on privacy and data collection, you can attend a live presentation of these ideas at the Bitcoin Wednesday conference held in Amsterdam on 5 August 2015. It features Bits of Freedom’s director, Hans de Zwart.
The interview with Andreas Antonopoulos was conducted for the program DeBitcoin, and the interviewers quoted above are Tim Pastoor and Paul Buitink.