Is Your Country Building Its Future Digital Economy on Sand or Solid Foundations?

For all the talk of supporting innovation within the UK, there’s little movement in creating an environment for this to actually happen. We continue to be stuck in our 1980s model of the digital age. It is a world which basically scales our old ways into ways that use digital methods … it is ‘Fake Digital’. The risks of the past are thus often just amplified, and the opportunities for crime escalate with them.

My home country — Scotland — has little in the way of supporting a future tokenized economy. The UK, too, also has little provision for it to, and where it we have barely managed to get past the ‘White paper’ discussion. But other countries of the world are moving fast [here] with Luxembourg just passing a tokenization act:

And in Switzerland, too, there is a move to lay down a legal framework for cryptocurrencies and blockchain [here]:

In most countries, though, there is currently very little in the way of anything that would provide legal certainty around the digital signing of transactions and in the transaction of assets through tokens. The countries, thus, who move fastest in this area, and provide legal mechanisms for supporting a digital economy built on cryptography, blockchain and tokenization, will be the ones to win in the future. Those countries with ‘old’ and ‘slow’ legal systems could thus fail in this new world and where wet signatures are basically just a pen being applied onto a piece of paper and forming a squiggle.

Well, you can lead a horse to water, but you can’t make it drink. Many large countries around the world still see blockchain as a new type of technology, and so no need to rush to create legal frameworks. But some countries are now defining the required legal infrastructure around blockchain, and finding ways to integrate into their existing legal frameworks, and also provided increased trust in the new economy — the token economy. This world sees tokens being trading in the same way that we would pass financial transactions, but the need for banks to handle financial transactions will be much reduced.

The implementation of the regulations of blockchain and cryptocurrencies must thus aim to preserve the core of existing regulations within financial markets including for money laundering, terrorist financing, and cyber-enabled crime, but also not suppress innovation. The key requirement is for national regulation infrastructure and which builds on a total anonymous distributed ledger infrastructure, as well as mapping trusted identities into a regulation infrastructure.

In a traditional finance infrastructure, Bob trusts his bank (Bank A) and Alice trusts her bank (Bank B). A transfer of funds involves Bob finding out the identifier of Alice’s bank (such as the sort code) and her account identifier. The transfer of funds then involves him informing his bank that he wants to transfer the funds to Alice (Figure 1). Bob’s bank then checks the transaction, and if it is valid, his account will be debited by the defined amount. His bank will then forward the transaction to Bank B, and where Alice’s bank will credit her account. In this way, both Bank A and Bank B have a ledger which can be checked for the transaction. This method works well in investigating crime, as each bank must report on Bob and Alice’s transactions, especially if they see any unusual transactions.

Figure 1

The cyberpunks of the 1990s started to question the need for banks to provide the intermediate exchanged, especially in their demands to make profits from transactions. Their approach was to use the methods defined by public key encryption to sign a peer-to-peer transaction onto a publicly available ledger — the blockchain. The first running infrastructure was the Bitcoin infrastructure, and where Bob and Alice each generate a private key and then derive an associated public key. This public key is then used to create a public address for transactions (Figure 2).

Figure 2

When Bob now wants to send Alice some funds, he determines her public address, and then creates a transaction for bitcoins. This is then signed with his private key and then picked up by miners who will gather together all the other recent transactions. The miners then create a consensus for current transactions and then added to a new block on the blockchain.

Before this can happen, the transaction needs to be checked to see if Bob has enough bitcoins in his account to pay Alice. This checking is the reason that the transactions need to be public, as miners should not process the transaction if Bob does not have enough funds to pay Alice. At the time of the creation of the Bitcoin network, there were no feasible methods which could hide the fact that Bob was the payer and Alice was the payee. This results in a pseudo-anonymised identification of the transaction. While difficult, law enforcement can, at least, trace known addresses for their transactions.

A worry with this model, though, is that the funds will never hit a bank account unless there is a cash-out of funds into a fiat currency. This type of approach worries both tax raising authorities and also law enforcement agencies. Many governments around the world are thus now looking to regulate for cryptocurrencies, and provide an opportunity to audit their flows.

Liechtenstein’s Government is the first in the world to aim to enact a Blockchain Act. This will support a legal infrastructure for blockchain technology, and to also support a token economy. Within tokens, we define applications which trade only with tokens. These tokens can then define costs of effort, and eventually could be “cashed-out” into fiat currency. Economic activity could then be enacted with tokens rather than currency — the creation of the token economy [details]:

Recently I visited Jersey, and they, too, see the benefits of a token economy. A legal definition is thus key to define the legal infrastructure for the trading tokens and smart contract, and to thus protect clients. It should also guard against reputations risks for countries which have a high reputation within the finance industry.

The consultation document [here] defines a trusted technology transaction systems (VT systems). For the first time, we see blockchain methods being translated into legal speak, with a token being defined as:

enable the transformation of the ‘real’ world to blockchain systems while ensuring legal certainty, thereby opening up the full application potential of the token economy.

The Act also defines methods which aim to protect client interests from scam agents, and these are at the core of cleaning up the cryptocurrency market place. It defines “legal certainty” for blockchain implementation and projects a world where our existing assets are added onto blockchain, and then traded there. Our centralised economic trading models may thus disappear, and a fully distributed and more trusted model replaces old fashioned practices.

The tokens that are likely to be defined are:

  • Payment tokens (currency coins). This includes cryptocurrency coins.
  • Utility tokens. This allows for a spend against a service.
  • Security tokens (equity and assets). These could define the ownership of an asset.

Overall the Act aims to properly define the key legal consequences of the ownership, possession and transfer of tokens:

The Act defines:

  • Subject and purpose (Art. 1 VE-VTG): This defines that the main focus is around the protection of users, and to thus build confidence in tokens.
  • Trusted technologies (Art. 3 VE-VTG): This defines the technology that is required to build a VT.
  • Definitions (Art. 5 VE-VTG): This defines a token as something that defines claims of a person to the rights to goods.
  • Rights of disposal (Art. 6 ff. VE-VTG): This defines the rights to transfer tokens, and is normally defined by the owner of a private key signing the transaction. A disposition is defined as the transfer of the disposition authorization on the token. Within the Act, it is defined that a buyer has the rights to dispose of a token, even if the seller was not authorized to dispose of the same token.
  • Requirements for VT service providers (Art. 13 ff. VE-VTG): This defines the entities who will perform services within the VT. These entities must provide an organisational structure, control mechanisms and a minimum amount of capital.
  • Basic information on the issuance of tokens (Art. 28 ff. VE-VTG): This defines the assurance in the issuing of tokens and their legal requirements. They must provide a minimum amount of information, such as the technology used, the purpose of the token, and any risks. There should be at least 10 years of issuance, and to also prevent token cloning, along with prevention of a token not being released with the same rights.
  • Obligation to register (Art. 36 ff. VE-VTG): This defines that service providers must register into the Financial Market Authority (FMA) before starting their commercial operation.
  • Supervision (Art. 42 ff. VE-VTG): This defines that the FMA implements the Act.
  • Penal provisions (Art. 49 ff. VE-VTG)

A token protector is defined as someone who holds the token in their own name, and on behalf of the owner. Custodians are then defined as a person who can provide custodial services for the private keys of a third party. Overall the custodian should be able to operate without disruption. They should also provide strong controls against the loss or misuse of private keys, and provide separation between business assets and the private keys of their customer.

In order to clean-up on those to operation within the token economy, the Act requires the following entities to registered with the FMA: Token issuers; token service protectors; token service custodians; token service exchange platforms; physical validators; and token service identity service providers.

The Act then defines that tokens held by a company will not be part of their estate in the case of bankruptcy, and must be held separately from the companies other assets. A fine for beaches of the Blockchain Act will range from CHF20,000 (around 20K) to CHF30,000 (around $30K).

And in the future, smart contracts could enact contracts. The following defines the provision of care services:

Liechtenstein’s consultation on the Act ended on 16 November 2018. Malta and Luxembourg have also moved quickly, but our lumbering legal system is still geared to an old world.

For the sake of innovation, building a proper digital economy, and for the protection of our citizens, I say to Scotland and UK, “Hurry up, and get on with it”, and prove a legal infrastructure for regulation of a token economy, and one which recognises a new world.

The reasons we have so much cybercrime, is that we can trust very little in our current digital world, and we now need to build systems which are trustworthy and which have the same legal standing as our old world methods.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles…

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store