SpruceID (we're hiring)

KYC is ineffective, expensive, and burdensome. It's time for an upgrade. We see just such a proposal in an exciting comment letter submitted to @SecScottBessent and his @USTreasury crypto team on implementation of GENIUS. It was submitted by the team at @SpruceID (see it here regulations.gov/comment/TREAS-…). The letter argues that the BSA/AML framework (built for a paper/intermediary era) should be modernized for digital assets by recognizing high-assurance digital identity + privacy-preserving cryptography + standardized APIs as first-class compliance evidence—so institutions can detect illicit activity more effectively while collecting less sensitive personal data. It argues we should adopt an Identity Trust model. Taking this approach, regulated entities (e.g., banks/trust companies/supervised providers): - verify users once -issue encrypted/pseudonymous credentials -support unlinkable transaction identifiers, and - enable lawful access via a threshold-key process (court + Identity Trust, conceptually). The model’s four stages—Identifying, Transacting, Investigating, Monitoring—are positioned as a privacy-preserving way to achieve BSA identification where required. The rundown of Spruce's proposals are: 1) Treat verifiable digital credentials (VDCs) as valid Customer Identification Program (CIP)/Customer Due Diligence (CDD) evidence, including as “documentary” methods where appropriate, with assurance baselines like NIST IAL2+ and issuers such as government authorities / approved institutions / identity trusts. 2) Enable/recognize privacy-preserving “attribute verification” (data minimization) so compliance can be satisfied by proofs like “not on OFAC list” without routinely collecting full PII. 3) Create or approve a financial-sector trust registry of approved credential issuers (e.g., DMVs, regulated FIs, certified identity providers), aligned with interoperability standards (the letter references NCCoE). 4) [THE BIG ONE] Use existing exemptions/relief authority to allow early adopters to treat validated credentials as acceptable documentary evidence for CIP (the letter explicitly points to using exemptions authority). 5) Modernize the Travel Rule to allow VDC-based transmission (i.e., transmitting verifiable proofs instead of plaintext PII), with conditions like trusted issuance, IAL2+, binding to required data, real-time validity checks, and lawful access on legal request. 6) Standardize “verifiable real-time APIs” and technical profiles and clarify what evidence (logs/signatures/receipts) satisfies BSA obligations. ***** If we are going to improve consumers' lives by fixing KYC, we need the full engagement of the Treasury and other agencies like @SECGov, where I have to imagine @SECPaulSAtkins and @HesterPeirce would be in favor of an upgrade. Pursuing a sandbox or other MVP in-the-wild trial of such a system could change things for the better.

✨𝐓𝐡𝐞 𝐏𝐫𝐢𝐯𝐚𝐜𝐲 𝐒𝐚𝐥𝐨𝐧 speaker lineup at 𝐄𝐓𝐇𝐃𝐞𝐧𝐯𝐞𝐫✨ Wayne Chang, founder and CEO of @SpruceID, is a digital identity expert and privacy advocate.

We’re excited to welcome @SpruceID as one of our new Diplomat members to TDC. Founded in 2020, SpruceID builds self-custodial digital identity infrastructure used by governments to issue and verify trusted credentials, like mobile driver's licenses and digital permits. Their work centers on verifiable credentials, user-controlled wallets, privacy-preserving design, and open standards.

7/8 Project Glitch Fireside Chat: “Digital ID in 2026” — Wayne Chang, @wycdd, Founder & CEO of Spruce ID @SpruceID & Mike Orcutt @mike_orcutt, Founding Editor of @projectglitch_ Highlights: • Wayne and Mike discussed digital credentials as a foundation for modernizing KYC/AML and reducing both friction and unnecessary data collection—especially as AI-driven forgery makes “upload an ID image” controls less reliable. • A key policy point: architecture choices matter. They contrasted “server retrieval” vs “device retrieval” models for mobile driver’s licenses (mDLs), and why those choices can determine whether a digital ID system is privacy-preserving or surveillance-prone. • They pointed to Utah’s Senate Bill 260 as an example of articulating guardrails (e.g., no tracking/over‑collection, preserving physical alternatives), and they argued for clearer government guidance that confirms modern privacy-preserving tools (including zero‑knowledge proofs, pseudonymous identifiers, and multi‑party computation) can support compliance outcomes.

SpruceID CEO pitches US health records group on verifiable digital credentials Wayne Chang urges adoption of VDCs for vital records modernization #digitalID @SpruceID biometricupdate.com/202512/sprucei…

Here is what you can look forward to at tomorrow's PGP* (Pretty Good Policy) for Crypto meeting... ​​Lightning talks: ​​* Policy Update: @BlockchainAssn ​* Paul Brody @pbrody, Principal & Global Blockchain Leader, Ernst & Young ​* Tony Douglas Jr. @dao_officer & Kyle Bligen @KyleBligen, The Decentralization Research Center @TheDRC_ * ​Remi Gai @remi_gai, Founder of Inco @inconetwork ​* Ying Tong @therealyingtong, Applied Independent Cryptographer ​​Project Glitch Fireside Chat: Digital ID in 2026 — A pivotal year ahead for innovation in both policy and technology ​​* Wayne Chang @wycdd, Founder & CEO of Spruce ID @SpruceID ​* Mike Orcutt @mike_orcutt , Founding Editor of @projectglitch_ ​​All are welcome to attend virtually (here on X)—or register (see below) to join us in person. ​🎟️ Register to join in-person: luma.com/pgpforcrypto20… 🔗 Alternate link with NFT claim: app.unlock-protocol.com/event/pgp-for-… ​​​​​​​​​ Thank you to our sponsors: @ZcashCommGrants, @hedera Hashgraph, Ernst & Young, The Digital Securities Initiative, USC VanEck Digital Assets Initiative @USC_VEDA, and @ElectricCoinCo are proud sponsors of the PGP* for Crypto Briefing and Roundtable Series. We are also thankful for the support of the DeFi Education Fund @fund and the Blockchain Association @BlockchainAssn. Live here on X tomorrow at 10 a.m. ET: x.com/i/broadcasts/1…

Digital IDs promise the ultimate convenience. But many are concerned about safety and data privacy, especially in the face of fast-evolving AI fraud tools. 🎧 youtu.be/4XT5M6p0elM 🎙️ Wayne Chang (@wycdd), founder and CEO of SpruceID (@SpruceID)

We're looking forward to supporting CCI's work advancing responsible crypto policy and user empowerment through secure, user-controlled digital identity 🤝

We're honored to be a part of this important conversation on Dec. 15 at the SEC Roundtable. Excited to contribute our perspective (and share a cool demo!) on how privacy-preserving digital identity can strengthen trust, security, and usability across the crypto ecosystem. 🫡

Wayne Chang (@wycdd), Founder & CEO of @spruceid, is joining #TBW2025! At SpruceID, he’s helping build a web where platforms sign into your data—empowering users with control over their digital identity. 📍Songshan Cultural and Creative Park | Sep 4–6th, 2025 🎟️ bit.ly/tbw2025

📄Read our full blog post here to learn more: blog.spruceid.com/updates-to-spr…

🧵We’ve made major updates to SpruceID’s developer documentation, making it easier to integrate verifiable digital credentials (VDCs) into mobile apps. Here’s what’s new ⬇️

📢Dive into our updated documentation at sprucekit.dev and connect with us on Discord & GitHub. We welcome your feedback and look forward to seeing what you build.

📱SpruceKit Showcase App: A fully open-source wallet and verifier reference app. Use it to test, QA, or as a foundation for your own application. Explore it here: github.com/spruceid/spruc…

✅Expanded capabilities: Accept and present W3C credentials, verify mDLs offline, support OID4VCI/OID4VP, and verify JWTs. Our SDKs abstract the complexities of these standards for seamless integration.

📚New Android & iOS SDKs: We consolidated our libraries into dedicated SDKs, simplifying credential-holding and verification implementation for mobile apps.

Great discussions on crypto policy & philanthropy on Capitol Hill with @standwithcrypto today. We're grateful to collaborate with industry leaders and advocate for crypto innovation and its real-world impact. #standwithcrypto #blockchain #web3

Exciting news! SpruceID CEO @wycdd will be speaking at the DC Blockchain Summit 2025 on March 26! Join us for key conversations on how blockchain, verifiable credentials, privacy-first authentication, and open standards are shaping the next wave of innovation: dcblockchainsummit.com

Wayne Chang, co-founder and CEO of @SpruceID and former co-chair of W3C CCG, presented on "Provably Forgotten Signatures". #Linkability can happen when traceable digital signatures or identifiers are used repeatedly, such as in verifier-verifier collusion and issuer-verifier collusion cases. Zero-knowledge proofs like BBS signatures can be used to prevent such linkability, but there are still production challenges to their adoption today. Wayne proposed a more pragmatic approach that leverages the hardware’s Trusted Execution Environments, so issuers don’t need to retain signatures and won’t be able to link them later. You can watch the recording of the presentation and discussion here (start at 10-min mark): meet.w3c-ccg.org/archives/w3c-c…

Wayne Chang @wycdd, founder and CEO of @SpruceID, discusses their mission to let users control their data across the web using cryptography. Highlighting the significance of 'Sign-In with Ethereum' and digital public infrastructure, he illustrates the application of blockchain in creating privacy-preserving identities and digital credentials. Wayne emphasizes the importance of industry expertise in cryptography for the public sector, advocating for policies that support user-controlled digital identities. Their work with state agencies, including the California DMV and the Department of Homeland Security, demonstrates the potential of digital wallets and blockchain technology in improving public services.