Learn more about the 2025 Coin Center Annual Dinner

Digital Identity is broken. The tech to fix it is ready. Here’s how the government can help.

We need open privacy-protecting standards and safe harbors for those who dream of fixing Digital ID

by 

Blog Financial Surveillance Innovation Policy Privacy & Autonomy Congress Treasury

For decades, America has relied on an identity verification system that is costly, intrusive, and ineffective. It fails to stop serious crime, while burdening ordinary people with endless paperwork and exposing them to surveillance and data breaches.

Today Coin Center is publishing a new report co-authored with Ian Miers, cryptographer at the University of Maryland. As we argue, it’s time to replace the walled garden of easily evaded, siloed identity collection with an open, decentralized, and privacy-preserving alternative.

Today’s identity verification practices, particularly as implemented under our anti-money laundering (AML) and know-your-customer (KYC) regime, are not only invasive and burdensome—they are also ineffective at achieving their stated goals. The status quo imposes enormous compliance costs, subjects individuals to constant surveillance, and exposes sensitive personal data to breach or abuse. Meanwhile, bad actors slip easily through the cracks.

Our report outlines the problem, identifies solutions, and proposes a path forward. We show why the current AML/KYC regime fails to catch criminals while putting ordinary people at risk. We then describe three shifts that can make compliance both more effective and more respectful of privacy: moving from siloed documentation to passportable credentials, from identity verification to attribute verification, and from static risk scoring to dynamic proofs.

As we develop and standardize technologies to achieve these shifts, we must anchor them in seven principles—no backdoor, no phone home, no chokepoint, no honeypot, no leaks, no dead zones, and no lockout—so that digital identity reflects American commitments to liberty and autonomy. This work is not without risk; an inefficient and easily evaded AML/KYC regime may be less of a threat to American values than reliable digital ID controls affording too much power and visibility to governments and corporations. We at Coin Center nonetheless believe that these systems have become inevitabilities and—accepting that—wish to see standards developed that would maximize privacy and liberty. If we don’t do that work, simpler, more intrusive, and inevitably repressive tools will become the default.

A system that doesn’t work

The numbers tell the story.

The United Nations estimates that only 0.2% of criminal funds flowing through the financial system are successfully seized or frozen under current AML practices… these policies were found to have a ‘near-zero impact on crime.’

Despite this, compliance spending has ballooned into the hundreds of billions. Meanwhile, ordinary people bear the risk. Every time you open a bank account or send a wire, you hand over personal information that can—and often does—end up in the wrong hands. And advances in AI are making these problems worse, trivializing the costs to evade controls.

But the problems go beyond inefficiency. They go to the heart of democratic values and personal privacy rights as we have seen with the Chinese government’s surveillance of its Uygur population, The Canadian government’s freezing of funds during the peaceful trucker convoy demonstrations, and in many other cases around the world.

There is another way

It doesn’t have to be this way. New technologies make it possible to prove what matters—without surrendering everything else.

Imagine if identity worked like your wallet, not like a call center.

Right now, proving who you are in a digital context means calling back to some original issuer—logging into a government site, waiting on a bank to verify you, uploading the same driver’s license for the hundredth time. It’s clunky, insecure, and worst of all, out of your hands.

Digital Identity should work like a physical license or membership card; you hold digital credentials issued by trusted parties and present them when needed, without oversharing or losing control of your information. Without a global database cataloging your every move, a walled garden that becomes a prison yard.

The report frames a potential shift in AML/KYC practice around three changes:

  1. From Siloed Documentation → Passportable ID
  2. From Identity Verification → Attribute Verification
  3. From Static Risk Scoring → Dynamic Risk Assessment

And it demands that along with these changes, we must fight for seven principles in digital identity architecture: no backdoor, no phone home, no chokepoint, no honeypot, no leaks, no dead zones, no lockout.

The role of government

The technology exists, and the private sector is already building. What’s missing is coordination.

This is not a call for government’to run a new centralized ID program. A state-run walled garden is no better than a private one.

Instead, the task is to encourage open standards, create safe harbors for institutions using and relying on privacy preserving identity tooling, and to protect the builders of those tools. That’s how the internet itself succeeded: government resisted premature monopolization, supported open protocols, and let innovators do the rest. The full report presents a five step framework for Federal policy to get us there.

The John Hancock Project

To give this effort a focal point, the report proposes the John Hancock Project: a voluntary, private-sector initiative to develop open standards for maximally privacy-preserving digital identity.

John Hancock signed the Declaration of Independence so boldly that his name became a shorthand for every American’s signature. In the 21st century, faced with ubiquitous surveillance and the renewed specter of state control over our lives—our bank accounts, our speech, our very identities online—we call for new, bottom-up, open-source identity and privacy technologies. Tools anyone can use, and no one can control. These are the technologies that can secure our constitutional values for another 250 years.

The John Hancock Project would bring together privacy-focused developers, academics, and civil liberties advocates to draft technical standards that regulators could safely recognize and implement in alternative KYC pilot programs at financial institutions.

America must lead

The future of digital identity is being written now. If the United States fails to lead, others will: either dominant tech platforms building closed systems, or foreign governments embedding authoritarian values into global infrastructure.

The alternative is clear. Open standards, privacy-preserving credentials, and limited but constructive government support can give Americans identity systems that serve individuals rather than control them.

That’s not just a technical project—it’s a civic one. It’s about making sure the infrastructure of the digital age reflects the values of a free society.