Presumption of Good Faith: A New Standard for Blockchain Privacy

Katherine Kirkpatrick Bos, General Counsel at StarkWare, challenged the regulatory status quo with a simple yet powerful question: “Why must someone prove they are compliant upfront?” In her view, the default assumption should be that users of privacy-enhancing technologies are acting in legitimate activities until evidence suggests otherwise. This shift in perspective, she argued, is essential to avoid casting a shadow of suspicion over an entire industry.

Bos pointed to real-world parallels: we don’t assume everyone carrying cash is a money launderer, nor do we treat every encrypted email as evidence of criminal conspiracy. Similarly, privacy on blockchain networks serves numerous lawful purposes—from protecting trade secrets to safeguarding personal financial information from data breaches. The narrative that privacy equals guilt, she emphasized, not only misrepresents reality but could stifle innovation in one of finance’s most promising sectors.

“Privacy is not a crime—it’s a right. The challenge is designing systems that respect that right while still providing accountability where truly needed.” — Katherine Kirkpatrick Bos

The Human Element: Why People Seek Financial Privacy

Contrary to popular assumption, most users don’t seek blockchain anonymity to evade the law. Consider these legitimate use cases:

• Business confidentiality: Companies use private transactions to shield strategic moves from competitors.
• Personal security: Individuals in unstable regions use privacy features to protect themselves from extortion or theft.
• Data minimization: Many users simply prefer not to leave permanent, public records of their financial behavior.

These motivations align with long-established privacy norms in traditional finance. The difference is that blockchain makes privacy features more accessible and transparent—not more dangerous.

AML and KYC in the Age of Cryptographic Verification

The roundtable dug deep into how anti-money laundering (AML) and Know Your Customer (KYC) rules should adapt to cryptographic systems. Bos raised a critical point: current identity verification methods are both intrusive and ineffective. “Photo IDs can be faked in seconds,” she noted, “while cryptographic proofs can verify identity without exposing unnecessary personal information.”

This isn’t theoretical. Projects like Sam Altman’s Worldcoin are already testing zero-knowledge proofs and other cryptographic tools that allow platforms to confirm a user’s humanity or eligibility without collecting sensitive data like home addresses or birth dates. These systems could revolutionize compliance by making it more secure and less invasive.

The Stablecoin Privacy Factor

Wayne Chang, CEO of SpruceID, highlighted another dimension: the growing demand for privacy among stablecoin users. Industry reports suggest that millions of dollars in stablecoin transactions would migrate on-chain if robust privacy features were available. “Some percentage of users will always want to keep transactions private,” Chang observed. “Ignoring that demand means leaving adoption opportunities on the table.”

This isn’t about hiding activity from regulators—it’s about giving users control over their financial footprint. Even Chair Atkins acknowledged that privacy tools have legitimate uses, such as allowing firms to execute large trades without prematurely alerting competitors.

Regulatory Balancing Act: Safety vs. Liberty

SEC Commissioner Hester Peirce, who leads the agency’s crypto task force, emphasized that the goal isn’t to eliminate privacy but to align it with investor protection. The roundtable explored middle-ground solutions, such as:

1. Privacy by design: Building compliance into protocols from the start.
2. Selective disclosure: Allowing users to reveal information only when necessary.
3. Auditability without surveillance: Creating systems that can be verified without continuous monitoring.

These approaches recognize that privacy and transparency aren’t mutually exclusive—they can coexist with careful design and smart regulation.

The Global Context

This debate isn’t happening in a vacuum. The European Union’s Markets in Crypto-Assets (MiCA) regulation, set to fully apply in 2024, includes provisions for privacy tokens and anonymous transactions. Meanwhile, jurisdictions like Switzerland and Singapore have embraced more nuanced approaches that distinguish between privacy and secrecy. The US’s stance will inevitably shape—and be shaped by—these international developments.

Conclusion: Toward a Mature Approach to Blockchain Privacy

Monday’s roundtable didn’t produce immediate policy changes, but it highlighted a growing recognition: privacy is a feature, not a bug, in the architecture of financial innovation. The path forward requires moving beyond simplistic assumptions and crafting rules that address real risks without undermining the very benefits that make blockchain technology transformative.

As the dialogue continues, one thing is clear: the future of finance will be built on total surveillance nor on complete anonymity, but on systems that balance accountability with autonomy—protecting both public safety and personal freedom.

Frequently Asked Questions

Why is blockchain privacy such a contentious issue?
Privacy features raise concerns because they can be misused for illicit activities. However, most users seek privacy for legitimate reasons like personal security or business confidentiality. The challenge is preventing abuse without discouraging lawful use.

How can regulators tell the difference between criminal and legitimate privacy?
New cryptographic tools allow for identity verification without exposing personal data. Zero-knowledge proofs, for example, can confirm someone is eligible to transact without revealing who they are or what they’re doing—unless there’s a specific legal reason to investigate.

Are there real-world examples of privacy tools being used responsibly?
Yes. Businesses use private transactions to protect trade secrets, journalists use them to safeguard sources, and individuals in high-risk countries use them to avoid targeting. These cases demonstrate that privacy serves vital social and economic functions.

What’s the timeline for new regulations?
The SEC and other agencies are still gathering input. Formal proposals could emerge in 2024, but the process will depend on further research, technological developments, and ongoing dialogues like this roundtable.