Daily Crypto Thought #8: The Problem with Regulating New Technologies
On the whole, financial regulations are a net positive for society. Laws and regulations protect consumers from frauds and ensure that institutions responsible for a lot of money put in safeguards to protect it.
However, problems occur when technology introduces new ways of doing things that were not contemplated at the time when laws were written. Regulators then need to interpret how existing laws might be applied to these new methods. They seek guidance from the industry and hold long meetings. Invariably, there is a lag between when the technology is introduced and when regulations are amended or added to address the technology. During this lag, despite the best of intentions from all parties, consumers may be worse off because the new technology providers may be barred from entering markets due to stale regulations.
Here’s an example…
What’s a qualified custodian?
For example, take the “qualified custodian” rule, which states that asset managers above $150 million in assets must utilize a third-party qualified custodian. While the rules don’t explicitly define the requirements of a qualified custodian, they state that an institution has custody if it (1) “has possession of client funds or securities,” (2) “has the authority to withdraw funds or securities from a client’s account,” OR (3) “has access to the client funds or securities.”
Cryptographic sharding
In crypto, two of the most commonly used custodial solutions in the market are BitGo and Xapo. Both companies utilize cryptographic techniques like Shamir’s Secret Sharing to split a private key into shards, some of which are held by their clients and others which are held by the company. To perform a transaction, there has to be a “multi-sig”: a quorum of the shards held by the company as well the shards held by the client must be activated. Both parties must agree before the funds are transferred.
How “normal” custodians operate
Normal custodians who have complete ownership of your funds work the same way when you want to withdraw funds. They need to verify your identity and ensure that it’s actually you before sending the funds out. Rather than key shards, they use signatures, ID verification, and facial recognition.
Note, however, that normal custodians are inherently less secure than cryptographic sharding. Since the custodian has complete control over your funds, they can also lose them if they are hacked or infiltrated by a malicious actor. In theory, they can transfer your funds without your agreement. In contrast, any transfer of the funds secured by cryptographic sharding must be explicitly authorized by both the custodian and the client.
Are cryptographic sharding vendors like BitGo and Xapo qualified custodians?
Honestly, I don’t know. While I would much rather use their approach than give 100% of my funds to a custodian, I’m not sure that cryptographic sharding fulfills the definition of a custodian.
Remember, a custodian (1) “has possession of client funds or securities,” (2) “has the authority to withdraw funds or securities from a client’s account,” OR (3) “has access to the client funds or securities.”
What if both the custodian and the client have to agree before enabling these three functions? The current regulations appear to not account for that.
As a crypto asset manager, that may mean that I am forced by regulations to trust traditional custodians who have complete control over my private keys, rather than companies like BitGo and Xapo that use cryptographic sharding.
