Lawyer Asks Whether KYC Is Worth Exposing Users to Hacking and ID Theft
In the aftermath of the recent BitMEX data leak, lawyer and general counsel at decentralized finance startup Compound Finance Jake Chervinsky raised the question of whether exposing the public to data risks that Know Your Client (KYC) requirements entail is worth it.
It is about time we reconsider KYC
In a tweet posted on Nov. 1, Chervinsky calls KYC requirements “are a double-edged sword.” He explained that KYC helps law enforcement to track illegal transactions but also exposes the public to hacking, phishing and identity theft. In the end, Chervinsky raised the question:
“It's about time we reconsider if the trade-off is worth it.”
Excessive data in single points of failure
Chervinsky also admitted that he does not know the identification procedures employed by BitMEX in detail, but claimed that “using an account-based model is a form of KYC in and of itself.” He explained that storing large amounts of Personally Identifiable Information (PII) on centralized servers has serious implications:
“I say we should consider if the benefit of collecting mass amounts of PII into single points of failure justifies the cost.”
Crypto derivatives exchange BitMEX acknowledged yesterday that it accidentally leaked user emails by forgetting to use blind copy on a mass email. Furthermore, as Cointelegraph reported in August, Binance saw the KYC documents and face photos of its client processed by a third party vendor be leaked to the public in an event that showed the dangers of identity verification.