Ben's Page

Short Version

KYC-Lite shouldn’t exist. None of the KYC name check platforms should; the U.S. government should offer this as a free service. Until they do, however, I’ve built KYC-Lite to address an issue which deeply bothers me: A firm or individual shouldn’t have to wonder if they are doing business with someone in a ‘high risk’ category (e.g. sanctions list, barred by FINRA, etc.). ‘Knowing Your Client’ should be free and easy.

Still reading..? Here is a more in-depth perspective on why KYC-Lite is so important to me:

I joined the U.S. military in the summer of 2001. I was 18 then. As such, more than 50% of my lifespan has been impacted - at times utterly consumed - by the ‘Global War on Terrorism.’ Over the last 20+ years, I’ve come to appreciate the extraordinary resources the United States government has at its disposal to combat terrorist and/or criminal organizations. I’ve simultaneously grown frustrated over the lack of distribution of those resources, specifically data.

Consider, for instance, the infamous ‘No Fly List.’ This secretive list is maintained by the FBI. The process through which individuals are added is a complete black box, and access to the database is closed to the public. After 20 years of ‘War on Terrorism,’ I ask: how is this possible? Why wouldn’t this information be made available to the vast networks of American businesses, some of whom likely (unwittingly) transact with individuals on this list? Isn’t this counter to the very purpose of the ‘War on Terrorism?’ Worse yet, the no fly list is so poorly administered that airlines are now considering creating their own. That, to me, is outright failure. 20+ years of war, targeting, surveillance... and one of the key results from this effort - the ‘no fly list’- isn’t available to the public, causing airlines to duplicate the data on their own... How shameful?

As much as it bothers me, the ‘No Fly List’ is a bigger issue than anything I can influence... The immediate issue I’m focused on presently is the siloed nature of the useful KYC data that is already in the public domain. There are easily over 25 sanctions, actions, and negative press release databases disconnected and scattered across public domains. One would think that the U.S. government, having already invested so much into this effort, would take the lead on coalescing this data and making it easily accessible. After all, making information on ‘high risk’ individuals accessible to businesses decreases the freedom those individuals have to transact in the U.S. economy. Searching all these useful data sources at once should therefore be free and simple. I hope KYC-Lite solves this problem.

In developing this project, I've worked with a friend who works in KYC professionally, and who alerted me to the severe nature of this problem in the first place. On the dev side of things, I’ve drawn inspiration from three sources: Richard Barosky’s judyrecords, Troy Hunt’s haveibeenpwned, and Alexandra Elbakyan’s Sci-Hub. A bit more about these projects and why I respect them.

judyrecords

Like KYC-relevant information, legal cases strike me as something that should be completely free and accessible to the American public. The fact that Americans have to pay for access to public court records is, to me, unconscionable. We operate on a precedent law basis in America. I’m not a lawyer, but it strikes me as analogous to a version control system for software. Want to know if something is legal? Find the most current version of a similar case and its verdict. Yet to find that verdict you have to rely on PACER -- a shitty website -- which charges by the search, even if the search returns no results. Unbelievable! Richard Barosky’s judyrecords addresses this problem. The site is free, easy to use, and includes over 600M records. Bravo!

haveibeenpwned

It seems to me that the NSA, U.S. Cybersecurity and Infrastructure Security Agency, and U.S. Cyber Command are all way too focused on offense. I spend a fair amount of time working on apps, databases, and things of this nature, and I have yet to see a single useful security library or service come from one of these agencies. This is astonishing. One would think these agencies would take the lead on publishing and distributing security resources domestically. But as it stands, Americans are essentially in an ‘everyone for themselves’ cyberdefense posture.

Worse yet, legislation is now being introduced to fine companies who pay ransoms to resolve ransomware attacks... as if that will solve the problem. To extend that logic to other forms of crime would be to say the solution to armed robbery is to impose a fine on anyone who gives money to their assailant. This logic is pure absurdity. Why aren’t quality security packages, services, and resources being made freely available to the American public? Why aren’t there physical, local, resource centers where Americans can bring their devices to learn and receive support?

Troy Hunt’s haveibeenpwned helps this cause by allowing anyone to do a quick check of their email address to determine if it has been exposed in a data breach. The site is simple and free, although donations are accepted (I strongly recommend making a donation). Kudos!

sci-hub

Sci-Hub is a website that provides free access to millions of research papers and books, without regard to copyright, by bypassing publishers' paywalls in various ways. The site is somewhat controversial, but I’m in the pro Sci-Hub camp. Here is why:

I believe our generation has an opportunity, a responsibility, to eliminate scarcity for the vital resources upon which society collectively relies. Energy is the top-of-mind resource for most people when it comes to scarcity, and I agree; our generation should absolutely pursue the development and dissemination of harmless, scalable, renewable energy sources. But I also argue that quality academic material is a key component of social growth.

Today, much of the (American publicly funded) scientific research is being locked up behind paywalls by skeezy publishers. With few exceptions, this is a bad thing for society. The only persons who benefit from restricting access to this information are the publishing companies. Frankly, I don’t know how these people live with themselves. They are essentially choosing to protect their profits at the expense of quality of life for developing nations who cannot access important academic resources due to these arbitrary restrictions. It's despicable.

This is why I’m proud of Alexandra Elbakyan and the work she’s accomplished. I’m sure there are numerous students and universities throughout the world that have access to academic material they otherwise wouldn’t if it weren't for her. Well done!

Closing Thoughts

I hope KYC-Lite is able to have an impact similar to one of these sites. I feel the ability to search all reasonably available KYC data in a single place is a public good.

Later in the year, I’ll probably make a short post showing some of the growth statistics and highlights from the page. Hopefully the site catches on!