Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships

[Justus Ranvier <justus.ranvier@monetas.net>]

[-- Attachment #1: Type: text/plain, Size: 2619 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/20/2015 03:46 PM, Peter Todd wrote:
> But ultimately we're not going to know until court cases start 
> happening. In the meantime probably the best advice - other than
> getting out of the wallet business! - is to do everything you can
> to prevent losses through malicious auto-updates. Create systems
> where as many people as possible have to sign off and review an
> update before it has the opportunity to spend user funds. Not
> having auto-updates at all is a (legally) safe way to achieve that
> goal; if you do have them make sure the process by which an update
> happens is controlled by more than one person and there are
> mechanisms in place to create good audit logs of how exactly an
> update happened.
> 
> Finally keep in mind that one of the consequences of a custodial 
> relationship is that some legal authority might try to *force* you
> to seize user funds. StrongCoin made it 100% clear to authorities
> that they and sites like them are able to seize funds at will - I
> won't be surprised if authorities use that power in the future. The
> more automatic and less transparent an update is, the higher the
> chance some authority will lean on you to seize funds. So don't
> make it easy for yourself to meet those demands.

One suggestion you didn't mention was jurisdictional arbitrage - don't
be located in the same country as the majority of your users.

Or, from the other perspective, users should be strongly encouraged to
get their wallet software from companies/organizations not located in
the same country as them.


- -- 
Justus Ranvier                   | Monetas <http://monetas.net/>
<mailto:justus@monetas.net>      | Public key ID : C3F7BB2638450DB5
                                 | BM-2cTepVtZ6AyJAs2Y8LpcvZB8KbdaWLwKqc
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJUvpSqAAoJECpf2nDq2eYj0oQQAI62vLPzFrkLZoRw3bIw5GWt
6L8dpLUviRS7ZaQlNB49TT4L4Ky+MJ1PxaHwb4YPxrVcCWDLiJb51CtODduF/9rR
8N4xoQuf/6DhsBHWJE8NDwP+9JUOlY23xdSe/BlLz9N1Ql/EV0HTCu28A9xbhK1L
QHgwX3p5/ZCJo7PCARF3o+EZOif5MsA4MdQ11HhyFWN/fgww9AVOIg/0m+tIqkjR
yoOzFww4AejC7nxi+Q+elljpvp2Q/Nv8cVOVlp9l4+f9P7sg0em9YUCE+iAxoZTT
7b9soUXFUjWlxFITR5RnjlDUnmra9QhBIhogBQbLelt/vdoRInz+kXxroR2x3uKh
EJoet2czRB1oiRKHE4iSAv+1pnavQJDVo5/mUMzeM15zCnQ16Mfu9aOpqvijK0cw
u67E4IAPJ2PmUy4sPPJ/4H4FPLmJrSUkLxxzq/4prmLLmeZZvPwjavnULHir4jyG
aaxFqMkbeJSeK3hLk7hnlrwpQRAEq7om+EpQ7fAx1lmEoA3eOHaeclh7/XzDwIB4
AK/jX+1ylhGvfuKNzwTQVX8dEzaHRwLAfLfHUNnP80WhBzH5ODicwcOwwOanL6/A
qgqwDSSB/Q5aj3VsThQ+PR81u/wA5t/Av9+Wn/g+AEMyzCnJcnHxDe41ZEn4UzYY
+RAX1P8yzF/M2ZQUeMLh
=G0GE
-----END PGP SIGNATURE-----

[-- Attachment #2: 0xEAD9E623.asc --]
[-- Type: application/pgp-keys, Size: 17528 bytes --]