Great question. I have some ideas, but admittedly I think there’s still a lot to explore to get to a more satisfying answer.
Short answer:
-
have third parties do the law enforcers’ homework of confirming contextual legitimacy for them
One thing i’ve learned in sales and business development is that if you want a deal to happen, you have a much better chance if you do all the homework for your counterpart - all the slides, financial analyses, even scripts for talking to their bosses. -
support their ongoing initiatives e.g. the Travel Rule
Fit your story into theirs, don’t ask them to read your story. -
take the middle ground
-
talk to all stakeholders (including the regulators/law enforcers) and come up with better ideas than the ones above…
============================================
Long winded answer, for those with patience:
The FATF provided an opening for “CONTEXT” being an acceptable way to deal with what they perceive as a risk of privacy coin transactions.
If people who perform z transactions can prove, in a way that is satisfying to law enforcers, that there is there a plausible, not-illegitimate reason for the funds to move (the “context” fits), that “blesses” the transaction.
For example, consider this scenario: I run a website selling online Toastmaster courses; students use a mix of crypto and fiat to pay me from all over the world; I tell the VASP exchange during their due diligence on me that I expect US$2000-10,000 per week in crypto revenues; every week I convert the crypto i receive into ZEC on a VASP exchange; finally I send all the ZEC to my own private z address. Transactions that fit this model of flows should not raise any red flags.
But law enforcers don’t yet have a solid system for knowing if VASPs are doing their job of monitoring flows to ensure they match legitimate use cases (i.e. known contexts). What if i suddenly convert $100,000 into ZEC and move it to a z address, how do they know the VASP is monitoring and reporting this? So the easier thing for them to do is to frown on all transactions involving z transactions. If something illicit pops up on their radar later, they lose the trail once it hits this z transaction.
Building such a “solid system” can mean a few things.
(Note that these are just ideas that may work and should be tested. They do not reflect where I think the line for privacy should be drawn; for example some people may believe that they should not have to explain/justify their financial transactions to anyone. I don’t think our only position should be to acquiesce to the prevailing sentiment/pressures, but nonetheless these are some ways to integrate z transactions into the wider ecosystem.)
1) Third party solutions.
These solutions could verify the pattern and sources/destinations of funds are as described to VASPs when a user went through KYC or due diligence. Like a Chainalysis or Elliptic but focused on privacy coins.
Having a third party creates a layer for law enforcers that “checks” VASPs’ compliance with their own policies.
These solutions may need to hold viewing keys. They should be designed by people who are experts in privacy and security, since it would defeat the purpose if z transactions users see them holding viewing keys as a potential risk.
2) Accelerate the development of solutions and standards that support the Travel Rule.
The better the Travel Rule is implemented across VASPs, the less nervous law enforcers need to be. Such solutions/standards could be Netki’s TransactID service, and the Travel Rule Information Sharing Architecture. Shawn’s excellent Perkins Coie document explains this (see page 36).
3) Schrodinger’s viewing keys?
Create addresses where law enforcers could look up z transactions that have opted in to some level of scrutiny, but the owners of the addresses will know when their transactions are viewed. This is different than the current viewing keys, which need to be provided specifically to the viewer, and viewing does not result in detection.
I hate this idea because then the people that don’t opt in might appear more suspicious / “guilty,”, but there is something to be said for finding a balance between complete privacy and at least being notified when your privacy may have been compromised and being able to take necessary action if you want to.
Perhaps this would be tolerable for people who want some privacy from the public/bad actors but can settle for some amount of permissioned access.
4) Even better than my ideas above would be to have people come up with more and better ideas!
They’d collaborate with or interview regulators, law enforcers, exchanges, auditors, even the FATF, and everyone who would be involved in ensuring the integrity of our financial system.
^^ my two cents. Digging around in my pockets to see if there are more cents to add…