From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YDcqw-0001il-G8 for bitcoin-development@lists.sourceforge.net; Tue, 20 Jan 2015 17:44:34 +0000 X-ACL-Warn: Received: from resqmta-ch2-10v.sys.comcast.net ([69.252.207.42]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.76) id 1YDcqv-0007wF-Ic for bitcoin-development@lists.sourceforge.net; Tue, 20 Jan 2015 17:44:34 +0000 Received: from resomta-ch2-07v.sys.comcast.net ([69.252.207.103]) by resqmta-ch2-10v.sys.comcast.net with comcast id iHk31p0032EPM3101HkSJ8; Tue, 20 Jan 2015 17:44:26 +0000 Received: from crushinator.localnet ([IPv6:2601:6:4800:47f:1e4e:1f4d:332c:3bf6]) by resomta-ch2-07v.sys.comcast.net with comcast id iHkR1p00F2JF60R01HkRPL; Tue, 20 Jan 2015 17:44:26 +0000 From: Matt Whitlock To: Peter Todd Date: Tue, 20 Jan 2015 12:44:25 -0500 Message-ID: <1621602.tsoQEXJ6OT@crushinator> User-Agent: KMail/4.14.3 (Linux/3.16.5-gentoo; KDE/4.14.3; x86_64; ; ) In-Reply-To: <20150120174004.GB29353@muck> References: <20150120154641.GA32556@muck> <2236907.ZtrNgikFVR@crushinator> <20150120174004.GB29353@muck> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [69.252.207.42 listed in list.dnswl.org] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YDcqv-0007wF-Ic Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2015 17:44:34 -0000 On Tuesday, 20 January 2015, at 12:40 pm, Peter Todd wrote: > On Tue, Jan 20, 2015 at 12:23:14PM -0500, Matt Whitlock wrote: > > If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key. > > Posessing a private key certainly does not give you an automatic legal > right to anything. As an example I could sign an agreement with you that > promised I would manage some BTC on your behalf. That agreement without > any doubt takes away any legal right I had to your BTC, enough though I > may have have the technical ability to spend them. This is the very > reason why the law has the notion of a custodial relationship in the > first place. I never signed any kind of agreement with Andreas Schildbach. I keep my bitcoins in his wallet with the full knowledge that an auto-update could clean me out. (I only hold "walking around" amounts of money in my mobile wallet for exactly this reason.) I would love it if Andreas offered me an agreement not to spend my bitcoins without my consent, but I doubt he'd legally be allowed to offer such an agreement, as that would indeed set up a custodial relationship, which would put him into all sorts of regulatory headache.