From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YDcPT-0001n2-IC for bitcoin-development@lists.sourceforge.net; Tue, 20 Jan 2015 17:16:11 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.110 as permitted sender) client-ip=62.13.148.110; envelope-from=pete@petertodd.org; helo=outmail148110.authsmtp.com; Received: from outmail148110.authsmtp.com ([62.13.148.110]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1YDcPS-00020t-6Z for bitcoin-development@lists.sourceforge.net; Tue, 20 Jan 2015 17:16:11 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id t0KHG3DN050318; Tue, 20 Jan 2015 17:16:03 GMT Received: from muck (VELOCITY-IN.edge8.SanJose1.Level3.net [4.30.150.186]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t0KHFwC7039196 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 20 Jan 2015 17:16:01 GMT Date: Tue, 20 Jan 2015 12:15:57 -0500 From: Peter Todd To: Daniel Stadulis , bitcoin-development@lists.sourceforge.net Message-ID: <20150120171557.GA29353@muck> References: <20150120154641.GA32556@muck> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF" Content-Disposition: inline In-Reply-To: X-Server-Quench: 024dffab-a0c8-11e4-9f74-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdAIUElQaAgsB AmMbWlNeUVt7WWE7 bxRSbRtcZ0pQXg1s T01BRU1TWkFoemR3 QW0ZUhp7dgxANndw bE8sXnJfCBIsJBRg E04HHXAHZDJkdWlJ V0RFdwNWdQpKLx5G bwR8GhFYa3VsFCMk FAgyOXU9MCtSLCNN RwwLMWdafUYGVjox SBkGVS8uBk4eDyI9 ZxU7NllZAV4dO1kz N1RpRlscNxIOaEVF GE9RHyZDKgpJTDcw EQRWXEcaWCdQRS5A AxouOR9JGic6 X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 4.30.150.186/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1YDcPS-00020t-6Z Subject: Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2015 17:16:11 -0000 --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 20, 2015 at 08:43:57AM -0800, Daniel Stadulis wrote: > Hey Peter, >=20 > What would you say to the argument: given developers have auto update > capabilities they only have the ability to *give themselves* *the ability= * to > have custodial rights? Heh, well, courts tend not to have the narrow-minded pedantic logic that programmers do; quite likely that they'd see having the ability to give themselves the ability as equivalent to simply having the ability. What matters more is intent: the authors of an operating system had no intent to have a custodial relationship over anyones' BTC, so they'd be off the hook. The authors of a Bitcoin wallet on the other hand, depends on how you go about it. For instance Lighthouse has something called UpdateFX, which allows for multi-signature updates. It also supports deterministic builds, and allows users to chose whether or not they'll follow new updates automatically, or only update on demand. In a court that could be all brought up as examples of intent *not* to have a custodial relationship, which may be enough to sway judge/jury, and certainly will help avoid ending up in court in the first place by virtue of the fact that all those protections help avoid theft, and increase the # of people that an authority need to involve to seize funds via an update. --=20 'peter'[:-1]@petertodd.org 00000000000000001a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJUvo1HXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAxYTVlMWRjNzViMjhlODQ0NWM2ZThhNWMzNWM3NjYzN2Uz M2EzZTk2ZDQ4N2I3NGMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfvx1QgAjWjt/ctZEOjdygmuxWAMNlvy NpRDaBpKHo9mewPdoD8xdD4l5HnF5q+STYtLrmKlvuqDZvpcuMEClPBsBzVovZ2L ShbMtMCs/zFRdsya40lUuvZlGh6syvTHbDflWiEAX+JSFHic665mPk8d9eTWYDvp mrkWyyP50dfTF1eMdo1g8D613HYztp51OEgTLLMUxGNwCVK6J/7aa2HQLObVKuzF ocfyt9z5pRUfKK4hKru8T+SlvSdt0RywnVf7b5IBYHpMFZj+cRH3kj7GR5ov6HQk +eXRcou88bZ195h21sKSVRetbLb00B0BKlDQ9vI0SoJIGrLzflpYkfYuT/LK5w== =nRuq -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF--