1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1YDcmn-0001P3-47
for bitcoin-development@lists.sourceforge.net;
Tue, 20 Jan 2015 17:40:17 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.161 as permitted sender)
client-ip=62.13.148.161; envelope-from=pete@petertodd.org;
helo=outmail148161.authsmtp.com;
Received: from outmail148161.authsmtp.com ([62.13.148.161])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1YDcml-0003Rj-Ul for bitcoin-development@lists.sourceforge.net;
Tue, 20 Jan 2015 17:40:17 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t0KHeA3T015144;
Tue, 20 Jan 2015 17:40:10 GMT
Received: from muck (VELOCITY-IN.edge8.SanJose1.Level3.net [4.30.150.186])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t0KHe5Kr016759
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Tue, 20 Jan 2015 17:40:08 GMT
Date: Tue, 20 Jan 2015 12:40:05 -0500
From: Peter Todd <pete@petertodd.org>
To: Matt Whitlock <bip@mattwhitlock.name>
Message-ID: <20150120174004.GB29353@muck>
References: <20150120154641.GA32556@muck>
<2236907.ZtrNgikFVR@crushinator>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="tsOsTdHNUZQcU9Ye"
Content-Disposition: inline
In-Reply-To: <2236907.ZtrNgikFVR@crushinator>
X-Server-Quench: 60d1284f-a0cb-11e4-b396-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aAdMdAIUElQaAgsB AmMbWlNeVF17WWo7 bxRSbRtcZ0pQXg1s
T01BRU1TWkFoemRU A2VcUhh0cABPNn9w Z0VkEHZbCEV4fUIr
Xx9URj8bZGY1bH1N U0leagNUcgZDfk5E bwQuUz1vNG8XDQg5
AwQ0PjZ0MThBJSBS WgQAK04nCXoLE3Y4 Sh8LGX01HFYGXG00
IVQvN0IbWVsJPkwu MF0uEU0RNxsfFm8W BEZDHDBQPVRSDyE2
Fh9dUU8XFHVHTCNV HhwvJARIAyRJMgAA
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 4.30.150.186/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1YDcml-0003Rj-Ul
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] The legal risks of auto-updating wallet
software; custodial relationships
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 20 Jan 2015 17:40:17 -0000
--tsOsTdHNUZQcU9Ye
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 20, 2015 at 12:23:14PM -0500, Matt Whitlock wrote:
> On Tuesday, 20 January 2015, at 10:46 am, Peter Todd wrote:
> > I was talking to a lawyer with a background in finance law the other day
> > and we came to a somewhat worrying conclusion: authors of Bitcoin wallet
> > software probably have a custodial relationship with their users,
> > especially if they use auto-update mechanisms. Unfortunately this has
> > potential legal implications as custodial relationships tend to be
> > pretty highly regulated.
> >=20
> > Why is this? Well, in most jurisdictions financial laws a custodial
> > relationship is defined as having the ability, but not the right, to
> > dispose of an asset. If you have the private keys for your users'
> > bitcoins - e.g. an exchange or "online" wallet - you clearly have the
> > ability to spend those bitcoins, thus you have a custodial relationship.
>=20
> If you have the private keys for your users' bitcoins, then you are every=
bit as much the owner of those bitcoins as your users are. There is no cus=
todial relationship, as you have both the ability and the right to spend th=
ose bitcoins. Possession of a private key is equivalent to ownership of the=
bitcoins controlled by that private key.
Posessing a private key certainly does not give you an automatic legal
right to anything. As an example I could sign an agreement with you that
promised I would manage some BTC on your behalf. That agreement without
any doubt takes away any legal right I had to your BTC, enough though I
may have have the technical ability to spend them. This is the very
reason why the law has the notion of a custodial relationship in the
first place.
Don't assume the logic you'd use with tech has anything to do with the
logic courts use.
--=20
'peter'[:-1]@petertodd.org
00000000000000001a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c
--tsOsTdHNUZQcU9Ye
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
iQGrBAEBCACVBQJUvpLvXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAxYTVlMWRjNzViMjhlODQ0NWM2ZThhNWMzNWM3NjYzN2Uz
M2EzZTk2ZDQ4N2I3NGMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkftFLQf/ekCvRlLZvHW9sh8X+0am3owd
aR11ZMeVsGO1iSOgp072vPtqSjgXr530NyGXjTG181KkRfbrt8fkii1VuvTnrFIG
e2ou7fDASmkNp2OldgfbXDMFyoaAQ08FgbAn7JWAsYnAQVAWHy6DFXVE9oEjRorw
XVFD2N5uKhUN55vxrHW7oDo+xWhDkqmRw1bYm1qHRcgAlqXe9xS0fdWLZg4VTM9W
PKckneqamCSz6mPj5AZ/ccdJAHDbG05jvN92qAy2QZ32vznXHYRqa+4TFtdUcmPT
uH+TmLnyHRN0WfcbZ0t01gOYnjQAN1lFE4Mt2pTQMAEdxSWHVhWvXNRsyVYATw==
=iXih
-----END PGP SIGNATURE-----
--tsOsTdHNUZQcU9Ye--
|