The US Securities and Exchange Commission (SEC) is now making the claim that all ETH transactions fall under U.S. jurisdiction due to the network’s high concentration of nodes within the country.
If this claim is found to be accurate, we will very soon see a mandate for all businesses on Ethereum’s blockchain, and all individuals who intend to stake ETH, to comply with KYC/AML requirements.
Phillip Shoemaker has commented on how businesses and individuals can adhere to these requirements while also retaining the decentralized ethos that values anonymity and privacy.
Phillip Shoemaker claims to be an expert who is reportedly tackling it head-on with his pseudonymous KYC/AML solution, Identity.com. As the former head of Apple’s App Store and Executive Director of Identity, Phillip says he understands the importance of security, accountability, and anonymity amidst the evolving regulations surrounding mainstream crypto adoption.
Our conversation with Phillip Shoemaker, which includes insights concerning the importance of striking a balance between KYC/AML requirements and ensuring secure verification and storage of personal identity information, is shared below.
Crowdfund Insider: The SEC has recently made the claim that all ETH transactions fall under U.S. jurisdiction. Do you agree with this assessment?
Phillip Shoemaker: While I understand that the SEC wants to classify all ETH transactions as U.S. transactions, thus U.S. jurisdiction, it just doesn’t make any sense. While some of the majority of the staking is done by U.S.-based companies (Coinbase and Kraken), there are many others outside of the U.S. (Lido.finance and Finance), meaning all transactions are not U.S.-based.
If you look at validator nodes on an analytics platform like Etherscan, you can see that only 45.85% – less than half – of Ethereum nodes operate in the U.S. While that might be the biggest amount associated with one country, it is by no means an overwhelming majority.
None of this implies that all transactions are taking place in the U.S. If anything, it’s a testament to Ethereum’s widespread presence in the global market.
Crowdfund Insider: While we know that not all nodes are U.S.-based, they certainly have the largest percentage of the nodes and staking.
Shouldn’t this be taken into account with regards to the U.S. jurisdiction?
Phillip Shoemaker: Another way to look at this is as technology. Ethereum, while a product in and of itself, is mostly a platform or a set of technologies that enable interactions between individuals and companies. Take a look at the worldwide usage of Amazon Web Services (AWS). Since Amazon is a U.S.-based company, does that imply that any company, wherever it exists in the world, is under U.S. purview due to the fact that their underlying technology is created by a U.S. company?
Imagine if every company that leverages the AWS technology had to comply with U.S. law simply because the underlying tech stack was owned by a U.S. company. This is what might be required of the Ethereum blockchain, the dApps running on it, and its stakers.Ethereum is global, and only transactions from the U.S. soil (IP or Geo tracked) or by U.S. citizens should be under U.S. purview.
Crowdfund Insider: If the U.S. ultimately mandates that everyone using Blockchain needs to comply with U.S. laws, what would this mean?
Phillip Shoemaker: If the U.S. ultimately goes through with this mandate, it could mean that all developers of dApps would have to take a closer look at their business and what platform they are developing on. Would I want to make a significant investment on a platform where the jurisdiction is subject to change based on the percentage of validators and stake? What if the percentage of validators goes below 20? Would it be a different jurisdiction then? This kind of mandate could call the long-term viability of Ethereum and other blockchains into question.
If the SEC gets its way and requires the appropriate U.S. jurisdictional laws, I would have to think that KYC and AML would be the first requirements. These types of requirements are easy to solve for centralized organizations, as we have seen in the past. A centralized company like Facebook or Coinbase could easily spin up a KYC division, start requiring their customers to go through a complete identification program, and store the data in a self-hosted centralized database.
But we are not talking about a centralized company. In fact, we’re not necessarily talking about a company at all. Ethereum itself is not a company, but a decentralized entity being developed and maintained by supporters. Many of the entities working with Ethereum are decentralized entities with no formal structure or hierarchy. Are we expecting them to jump through all of the hoops necessary for handling personally identifiable information (PII)? I wouldn’t trust my data to be handled securely by unknown entities such as these.
Additionally, where would this data be hosted and secured? Will these entities store my data in plaintext on foreign soil? The possibilities are endless and frightening. Echoing the sentiments of Balaji Srinivasan, I believe that the government shouldn’t require you to store data without guaranteeing it will be kept secure.
For some real-world context to this, California voters passed Proposition 64 in 2016, which legalized the adult use of cannabis by adults 21 and older. And following this law, cannabis dispensaries popped up all over the state and began collecting identifying documents from their customers. California laws required that each dispensary collect the IDs of each customer, storing them in on-premise, centralized honeypots. This frightens me and frankly it should frighten you too. While dispensaries may be experts in growing and selling cannabis, are they well-versed in the systems they’ll need to safely store and protect my PII?
The same would be true of these unknown entities on the Ethereum blockchain. The way we’ve done things in the past needs to change. We need to move to a future where identities are owned and controlled by the users. We need decentralized identities to solve what I like to call the “KYC trilemma” of security, anonymity, and accountability.
Crowdfund Insider: Can you describe decentralized identities?
Phillip Shoemaker: A decentralized identifier (DID) enables users to have complete control of their identity, storing it locally on their phones rather than storing it in a bunch of honeypots on the internet. Instead of sharing your PII with a business or entity and allowing them to store your information on their database – like the dispensary example above – you and you alone store your information and decide when, and with whom, you want to share it.
Contrary to popular belief, these DIDs do not store your PII on a blockchain; they’re encrypted and stored off-chain and can be made available on-chain as users need. Decentralized identities are self-owned and independent, enabling a trusted data exchange that is solely controlled by the identity’s owner.
Crowdfund Insider: How would these work in the Ethereum example above?
Phillip Shoemaker: In a world where the SEC forces Ethereum under U.S. jurisdiction, the only way that KYC/AML verification could work is through the use of decentralized identifiers.
By utilizing DIDs, no third party would get access to a user’s data. Rather, they would be able to validate that the user has gone through KYC/AML and would be issued a unique identifier for the user that can be referenced when working with regulatory agencies. This way there are no honeypots of PII, but instead the data exists in an encrypted fashion on the device of the user’s choosing, and, potentially, on a decentralized storage mechanism for regulatory oversight.