Anger is palpable in Tezos open spaces after the Tezos Foundation suddenly announced all are required to submit identifying information nearly a year after investors gave them 65,630 bitcoins and 361,122 eth, worth at the time $232,166,280, in an ICO held during July 2017. They say:
“The Foundation values and respects the privacy of its contributors, and along with countless others around the world, it opposes the unnecessary collection of personal information that has become pervasive on the Internet.
However, it is important to comply with a rapidly evolving regulatory landscape. To that end, performing KYC/AML checks – as has become the norm for blockchain projects – is the best way forward.
To facilitate this process, the Tezos Foundation has partnered with a third-party vendor to conduct all KYC/AML checks.”
Will US investors be excluded? – cry the people. Will non-accredited investors get their Tezos – ask some others. Where’s my refund? – metaphorically shout some more.
Just fork it, say the chattering masses. Apparently there are already forking projects underway with some discussing whether the requirement can be removed through Tezos’ in-built governance model after it launches.
Even Vitalik Buterin, ethereum’s inventor, has weighed in to some metaphorical applause by the Tezos investors. He said in reply to the AML/KYC requirements:
“This seems backwards. Why can’t third parties just run a script to scan the BTC/ETH blockchains, see how much everyone contributed, calculate how much XTZ everyone should get, and generate the genesis block without Tezos Co involvement? That’s how the Ethereum launch worked.
In fact, you can do even better. A script to calculate the genesis block is released *at time of sale*, and it’s agreed that an ethereum block hash with a height that’s a multiple of 500000 is needed as a nonce. The developer just writes software, community launches when ready.
Here’s the script. Doesn’t work anymore because many block explorers have shut down, but you get the idea. Also ensures full transparency of the distribution; no way to hide secret premines.”
Someone joked Buterin is angry because he has invested and does not want it to be revealed, and we repeat that joke because while it may or may not be true, there is a very serious point to make here about privacy where niceties, such as name and fame, are very much secondary considerations to potentially life and death. A Tezos investor says:
“In total I have over 200,000 Tezos. Some people may consider that ‘whale’ status. But I’m sure there are holdings much larger than mine.
Does the Tezos foundation understand the position the AML/CTF verification puts large hodlers in. If I reveal my identity it makes me a home invasion target. It puts members of my family at risk of kidnapping or violence. In my country people get kidnapped tortured and killed for much much less than what I hold. Even 10% of what I hold would be too much of a risk if the criminal gangs knew about it.
Had I known Tezos would be this stupid, I would have structured my contributions differently, and contributed much less.
Now I need to find a solution, by either moving country or finding a poor person to be my nominee during the AML process.”
There are many questions here, far too many. Who exactly is this third party AML/KYC handler? They might not want to reveal it so that they’re not a target, but someone knows, perhaps all those working at the foundation know. Who is to believe they will keep it to themselves?
What is the consideration here when they get hacked? We say when rather than if because we think it is pretty much a certainty. Even banks get hacked. SWIFT got hacked.
There would probably be plenty looking to hack them because all those pictures would be very valuable to criminals. Millions of dollars worth perhaps or more.
That’s as while you might hack the bank and get all those ID scans, all you’d probably find out is that x has a bank account with x with it unlikely to reveal just how much x has in the bank account.
With this Tezos AML/KYC, however, it will reveal to hackers and criminals just how much tezos any one individual has. It will also further tell them where they live.
Making this retroactive AML/KYC completely preposterous as the process seems to tie the tezos public key to the ID and proof of address, with this all than handled by some unknown party in a centralized manner where the admin might well be tempted to sell it all on darknets.
If there is to be an AML/KYC process, it should be designed in such a way that no one knows how much one has invested, only that they can invest, unless the investment is capped at $2,000 or some small amount for crowdfunding rules in which case it wouldn’t really matter.
In an uncapped ICO, however, like the one Tezos had, tying up IDs and residences to public keys after the fact appears reckless.
That would publicly reveal to anyone, and we say publicly because the chances these get hacked or “leaked” are probably 99%, not just how much tezos they have invested, but also how much bitcoin or eth they have and where they’ve spent it, what they’ve done with it.
It’s basically putting online for all to see the unredacted bank statements of every investor while telling everyone where they live.
They explain not why suddenly they have this requirement, except for stating everyone else is doing it. Which is not true. Not one ICO has announced retroactive AML/KYC except for Tezos.
Now they might say SEC this, SEC that, but SEC had not made their position clear when the Tezos ICO was held so you’d think there would have been a clear defence of something like: the law was unconstitutionally vague at that point so it did not apply, now it has become clearer, but our ICO was well finished by the time it was clear.
If anything does happen here, however, considering there is one report of at least one investor stating they may fear for their life, Tezos would have primary blame but SEC would have almost as much share of the blame.
Because they’re trying to protect grandmas by forcing them to put all their information online, even though no grandma would go through these many steps to get some tezos:
“Fundraiser contributors who successfully complete KYC/AML will receive an activation code corresponding to a given public key hash.
This code, along with the associated public key hash, seed phrase, and email and password chosen by the contributor during the donation period, will allow contributors to access and manage their recommended allocations.”
So we need an activation code, a public key, a seed phrase, an email and we have to remember a password. That’s on top of smiling for the camera with your passport and letting everyone know where you live.
All this because of the off chance some criminal might think going through the above process is easier than just corrupting some bank worker to launder his money to the tune of billions daily according to constant reports of their complicity.
Or buying some art-work, or buying some house, or using countless of other ways to launder money and then if not well connected politically get caught because old fashioned detective work happens to work perfectly well.
It is however sad to see this project continue its descent into a mess because its in-built governance model held some promise as it seemed interesting and was sufficiently differentiated from other blockchain.
But that goes to show that even where a project appears fine, implementation matters considerably as 95% of businesses do fail. That 5%, however, can be incredibly rewarding.
Making diversification very much a necessity as it won’t be SEC that protects you, but simple math calculations whereby a very small amount, say 10% or 20% of all your savings, is allocated to highly risky investments. With the rest kept into safer waters.