Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YDcmn-0001P3-47 for bitcoin-development@lists.sourceforge.net; Tue, 20 Jan 2015 17:40:17 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.161 as permitted sender) client-ip=62.13.148.161; envelope-from=pete@petertodd.org; helo=outmail148161.authsmtp.com; Received: from outmail148161.authsmtp.com ([62.13.148.161]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1YDcml-0003Rj-Ul for bitcoin-development@lists.sourceforge.net; Tue, 20 Jan 2015 17:40:17 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t0KHeA3T015144; Tue, 20 Jan 2015 17:40:10 GMT Received: from muck (VELOCITY-IN.edge8.SanJose1.Level3.net [4.30.150.186]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t0KHe5Kr016759 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 20 Jan 2015 17:40:08 GMT Date: Tue, 20 Jan 2015 12:40:05 -0500 From: Peter Todd To: Matt Whitlock Message-ID: <20150120174004.GB29353@muck> References: <20150120154641.GA32556@muck> <2236907.ZtrNgikFVR@crushinator> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tsOsTdHNUZQcU9Ye" Content-Disposition: inline In-Reply-To: <2236907.ZtrNgikFVR@crushinator> X-Server-Quench: 60d1284f-a0cb-11e4-b396-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdAIUElQaAgsB AmMbWlNeVF17WWo7 bxRSbRtcZ0pQXg1s T01BRU1TWkFoemRU A2VcUhh0cABPNn9w Z0VkEHZbCEV4fUIr Xx9URj8bZGY1bH1N U0leagNUcgZDfk5E bwQuUz1vNG8XDQg5 AwQ0PjZ0MThBJSBS WgQAK04nCXoLE3Y4 Sh8LGX01HFYGXG00 IVQvN0IbWVsJPkwu MF0uEU0RNxsfFm8W BEZDHDBQPVRSDyE2 Fh9dUU8XFHVHTCNV HhwvJARIAyRJMgAA X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 4.30.150.186/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1YDcml-0003Rj-Ul Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2015 17:40:17 -0000 --tsOsTdHNUZQcU9Ye Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 20, 2015 at 12:23:14PM -0500, Matt Whitlock wrote: > On Tuesday, 20 January 2015, at 10:46 am, Peter Todd wrote: > > I was talking to a lawyer with a background in finance law the other day > > and we came to a somewhat worrying conclusion: authors of Bitcoin wallet > > software probably have a custodial relationship with their users, > > especially if they use auto-update mechanisms. Unfortunately this has > > potential legal implications as custodial relationships tend to be > > pretty highly regulated. > >=20 > > Why is this? Well, in most jurisdictions financial laws a custodial > > relationship is defined as having the ability, but not the right, to > > dispose of an asset. If you have the private keys for your users' > > bitcoins - e.g. an exchange or "online" wallet - you clearly have the > > ability to spend those bitcoins, thus you have a custodial relationship. >=20 > If you have the private keys for your users' bitcoins, then you are every= bit as much the owner of those bitcoins as your users are. There is no cus= todial relationship, as you have both the ability and the right to spend th= ose bitcoins. Possession of a private key is equivalent to ownership of the= bitcoins controlled by that private key. Posessing a private key certainly does not give you an automatic legal right to anything. As an example I could sign an agreement with you that promised I would manage some BTC on your behalf. That agreement without any doubt takes away any legal right I had to your BTC, enough though I may have have the technical ability to spend them. This is the very reason why the law has the notion of a custodial relationship in the first place. Don't assume the logic you'd use with tech has anything to do with the logic courts use. --=20 'peter'[:-1]@petertodd.org 00000000000000001a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c --tsOsTdHNUZQcU9Ye Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJUvpLvXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAxYTVlMWRjNzViMjhlODQ0NWM2ZThhNWMzNWM3NjYzN2Uz M2EzZTk2ZDQ4N2I3NGMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkftFLQf/ekCvRlLZvHW9sh8X+0am3owd aR11ZMeVsGO1iSOgp072vPtqSjgXr530NyGXjTG181KkRfbrt8fkii1VuvTnrFIG e2ou7fDASmkNp2OldgfbXDMFyoaAQ08FgbAn7JWAsYnAQVAWHy6DFXVE9oEjRorw XVFD2N5uKhUN55vxrHW7oDo+xWhDkqmRw1bYm1qHRcgAlqXe9xS0fdWLZg4VTM9W PKckneqamCSz6mPj5AZ/ccdJAHDbG05jvN92qAy2QZ32vznXHYRqa+4TFtdUcmPT uH+TmLnyHRN0WfcbZ0t01gOYnjQAN1lFE4Mt2pTQMAEdxSWHVhWvXNRsyVYATw== =iXih -----END PGP SIGNATURE----- --tsOsTdHNUZQcU9Ye--