Bitcoin has a few problems. The recent RAND report; issues the concern of its misuse by terrorists. Apparently, even governments use it to pay spies and informants – this should be evidence enough to prove that it can be used to anonymise financial transactions.

Without going into too much detail, the reason this is causing such a stir is because bitcoin is, by design, a digital commodity – from a monetary perspective it is a bearer instrument. To illustrate, if I hand you a sack of wheat, ostensibly you become the new owner. When it comes to the movement of financial value, banks receive cash from you and then deposit that into your account, at that point – on the face of it – that cash is yours. Any transactions from your bank account are thereafter linked to your identity.

Whereas with bitcoin I just send a sack of wheat to the other person over the internet, without having to have someone confirm that I own the wheat  in the first place. What we need a way to place a stamp on the sack of wheat/rice that it belongs to me before I send it.

People make out that somehow bitcoin was designed to obfuscate ownership, as if Satoshi themselves built bitcoin to buy weed on the silk-road. This is humorous but naive. Bitcoin is young, it needs nurturing, it may need an ID protocol on-top, to make it compliant by default.

Right now a lot of cash is piling into private blockchains because the banks are excited about the ‘dragon’ bitcoin has unleashed – 10 patents just filed from Bank of America, so the land grab has officially started and bank’s sales departments sell the story internally “don’t worry it is not bitcoin it is blockchain”. But let’s be honest, no risk department in a bank is comfortable transacting in bitcoin if there is the chance that miners are run by ISIS in Inner Mongolia, a node is run from North Korea or if Bob signs up for an account with the bank and it is Alice that’s actually funding it. I can’t solve every problem but the last one we may have cracked; albeit with a cockeyed solution.

As a side note, did you know that bitcoin has its very own compliance industry now? The industry is building analytics tools that shows the blockchain in real-time with red flags each time a transaction passes through a Syrian IP address. Analytics is cool but probabilistic. I’d like a bit more certainty when time in jail should be considered before making a decision.

So, in the face of the fear of inadvertently doing something wrong, we give up control. If you want to be compliant in bitcoin then, it seems, you must give up your keys.

Hosted bitcoin wallets take the private keys from users – effectively taking away the decentralised control of a person’s bitcoin assets – and thereby attribute the funds to the user but, at the same time, it is banking all over again, but without lending your bitcoins out for mortgages. The alternative is co-signing. This is where you share the wallet with an independent third party, such as your auditor or lawyer, who validates that you own the bitcoin and keeps looking into your wallet now and again; well that’s pretty good.

My view is that we should be able to achieve 100% anti-money laundering (AML) and/or counter-terrorist financing (CTF) compliance while preserving the natural benefits of bitcoin: retaining ownership and control over your assets (an important thing to learn, especially if ‘bail-ins’ become commonplace, note case in Italy) and flexibility. Flexibility is key. I would like to transact with full AML and/or CTF compliance in bitcoin just as I would like to do the same with Ether or any other digital currency that I fancy at the time. Why should I only have the option of being compliant in bitcoin just because my compliance enabled intermediary only supports bitcoin?

So “what’s your solution?”, is probably what you are thinking. Here goes: cryptography and the use of public and private keys combined with verified identities is today’s solution – or at least the solution I am suggesting – to be compliant.

I’d like to thank my good friend Giannis from Coinomi for his technical contribution. Note – this is a conceptual solution and I look forward to your feedback on improving it or completely dismissing it.

–       You apply for an Estonian e-residency card (e-ID) – you should do so anyway because most likely there is no more secure way of electronically signing a document than using their system. It’s EUR50. The e-ID system is based on RSA encryption using public/private key pairs.
–       When you get your smart ID card and reader you then download a bitcoin wallet and open a separate text file.
­–       You then put the public address of your bitcoin wallet in the text file with your Estonian public key and sign it with your bitcoin private key and then sign the text document with your Estonian private key. Easy, right? Maybe not that easy if you have no clue about encryption but reach out if you get stuck and I’ll put you in touch. After you have signed the text file you can – if you need to – hash the document so no changes are subsequently made. This may not be necessary, but some ‘cryptonauts’ just love hashing documents these days, that includes me. This is your bitcoin ‘Certificate’.
–       When you buy bitcoin from someone you present your Certificate to say that your receiving bitcoin public address is yours. If they don’t believe you they will send an encrypted message to your Estonian public key and bitcoin public key to see if you can decrypt it.
–       That’s it. Happy bitcoining with full AML compliance.

What is more – and this goes out to the digital currency regulated intermediaries out there who spend sleepless nights wondering where the bitcoin being deposited on their exchange is coming from, and track a million IP addresses to identify asymmetric information provided by customers – just ask your customers if they have an e-ID, if they do then ask them to produce the Certificate, if they can produce it then you know for sure that they are depositing bitcoin with you – obviously from the public address disclosed in the Certificate – that they own.

I appreciate by the way that this solution is hardly “fingerprint and swipe your Apple Watch to pay”, but it is a stop-gap until someone builds a simple Certificate app based on the e-ID API. Happy programming.

Follow me on twitter to start the conversation @adam_diacle

Thomas Oliver Matthews