Don’t Let the SEC Privacy Roundtable Miss the Point

Washington is finally paying attention to the full spectrum of crypto issues; earlier this week, it was the Bitcoin reserve, and soon it’s privacy.

On October 17, the United States Securities and Exchange Commission (SEC) will hold a public roundtable on financial surveillance and privacy. This is a rare chance to change how privacy is treated in economic regulation.

When people use blockchains today, they expose drastically more than they realize. Link a social identity to a wallet, and an economic life becomes a public feed.

This level of data exposure can’t be overlooked in the upcoming public roundtable.. Zero-knowledge proofs (ZKPs) offer a different default option that patches this leak and meets compliance requirements without revealing personal data.

The SEC’s October roundtable suggests the agency is open to discussion on smarter attestations. The SEC is reviewing a filing that would let tokenized securities trade on a national exchange; proof that market methods can modernize without ditching surveillance for real risks.

Though ZKPs were born to preserve privacy, most real-world deployments, including that which I’ve focused on — such as launching Zcash — chase scalability. But the privacy potential is mindboggling, and the ability to prove facts without revealing data is the best path to restoring confidentiality. This opportunity in October gives everyone a chance to stop treating privacy as a synonym for secrecy and finally start designing regulated privacy.

Privacy is not secrecy

Radical transparency, a term seen throughout Web3, reads great in a white paper but turns daily life into an open book in practice. A wallet tied to a person’s real-life ID becomes overexposed, making their donations, purchases, and economic patterns of behavior public — forever.

The problem is a no-brainer. People don’t want their financial lives made public. Privacy isn’t about hiding malicious behavior; it’s primarily about protecting personal data shared with the rest of the world.

Compliance is an essential prerequisite for blending blockchain, traditional finance (TradFi), and security, but unnecessary data is being shared. ZKPs overcome this issue and help reframe the surveillance debate, assuring regulators that they don’t need raw user data to manage risks.

Let venues publish proofs that their capital is sufficient, concentration limits are enforced, and their obligations to users and regulators alike are met. Custodians and brokers can follow suit, proving inventory and segregation through ZKPs and ensuring customer data stays private.

This incorporation of ZKPs can improve regulatory processes, ensure citizens retain their rights, and deliver real-time guarantees needed to proceed securely.

Privacy needs to be kept simple

ZKPs have existed for years, helping to keep live environments safer and more private — something I’ve seen firsthand while helping integrate them into public blockchain protocols. The problem is that shielded transactions are clunky, and few wallets support them; hardware wallets often don’t. Worse, even on and off-ramps can see them as high-risk.

For decentralized finance (DeFi), privacy breaks down even faster since smart contracts automatically leak global state, such as automated market makers (AMMs) like Uniswap.

Today’s designs aren’t built to hide that, which means they sacrifice user data security with each trade. The conundrum here is that users can’t be expected to just opt into privacy if it’s more complex, slower, or incompatible with the rest of the ecosystem.

It’s possible to move forward still, through semi-private architectures that provide strong privacy for users without losing transparency or compliance.

Semi-privacy involves using Layer-3 (L3) or application-specific domains to generate ZKPs, thereby shielding data from the public Layer-2 (L2). Operators can see user activity but must provide cryptographic proofs of correctness, solvency, and more to the public chain (or regulators).

This enables regulated confidentiality, allowing users to maintain privacy away from the public eye, but not from designated verifiers. In the case where operators misbehave, such as censor or frontrun, users have cryptographic exits to other domains. This effectively incentivizes good behaviour.

Locking in regulated privacy

The SEC’s roundtable will need to be more than a discussion about data and surveillance. It’s a moment to discuss the outdated tradeoffs still in place in a society where privacy should be built in as the default in a way that works with regulations — not against them.

Regulated privacy that protects users while giving regulators the visibility they actually need (and no more than that) can create confidence for consumers and providers. ZKPs do just that, instilling the confidence regulators need with the assurance that rules are being followed without compromising user privacy.

The SEC should use their roundtable to discuss moving policy into alignment with what is already technologically possible, creating clear guidance for privacy preservation, and recognizing proofs as valid forms of regulatory compliance.

ZKPs have already had a huge positive impact on blockchain structures and everyday user lives, so why not now move that into the realm of regulatory vision and oversight? With the proper proofs in place, viewed as valid by regulators, regulatory privacy becomes a reality.

Should regulators treat ZKPs as essential for creating this future? This roundtable is the moment they get to say yes.

Eli Ben-Sasson is the CEO and co-founder of StarkWare.