Transcript By: Bryan Bishop
Controversial thesis: the primary source of economic instability is unreasonable demands (from regulators, but really from the general public) for violating certain cryptocurrency tech design principles, like on sound money- privacy and confidentiality (like confidential transactions and confidential assets), monetary policy (like scarcity economics), identity vs anonymity, AML/KYC requirements, censorship, sanctions requirements and discrimination (e.g. denying money to certain parties), and issues of fungibility (like mixing and history-indistinguishability).
Financial stability goals- like avoiding global economic crashes- might be at odds with goals like producing sound money and privacy for everyone. What regulators need is something to show the general public that they are doing in response to economic crisis when the general public demands a response even if they are demanding irrational action.
In fact, what the general public should be most upset about is economic monetary policy stealing value away from their cash savings by way of inflation. Adding sanctions, removing fungibility, and requiring backdoors won’t necessarily prevent economic catastrophe. Monitoring for market manipulation and monitoring of cryptocurrency exchanges might be a more relevant topic. But on the other hand, monetary policy is a kind of market manipulation, and for some reason that’s allowed in some cases but not in others… Regulators should be requiring anti-frontrunning cryptography technology, if anything.
Source of technology stability issues- like mining, decentralization of mining, incentives for mining, fee market, fee market in a low-subsidy environment, and whether a fee market is able to keep the system operational.
How can we make the bitcoin protocol mature and more stable? Many developers don’t think the current bitcoin protocol is mature enough. This is the reason why we hold the annual conferences like Scaling Bitcoin. Are there any concerns about how the current technology is mature?
I am not sure how a regulator can evaluate the security of a blockchain. Perhaps some standard or criteria to check if this blockchain. Unfortunately a checklist can’t identify the stability or security of a protocol. There are some heuristics like how old are the technological components, and if there’s something new then maybe that should raise some eyebrows.
I don’t know how relevant the evaluation of the tech risk really is. Is it more important to measure decentralization? We evaluate activity and the securities laws. There’s a threshold issue, and then it gets down into what are the activities and where does it fall into the overall framework. From an investor protection perspective, say we’re talking about a security, then you can think about from an investor perspective or cap market perspective- is what we’re talking about actually sound? If I’m thinking about a specific protocol, one of the things I’m going to think about is, does it do what it purports to do? What are the risks above and beyond above what it purportedly does? I think of things like blockchain reorgs of being one of the interesting aspects. From the perspective of investor transaction protection lense… reorgs don’t look good. Do reorgs necessarily change order of transactions?
What would a developer do? Well, SEC has a whistleblower program. Then there’s the SEC FinHub where you can walk us through the concern. The SEC setup FinHub. We’re comprised of representatives from different offices in the SEC. We can dissemination information internally to people within the SEC. Financial Stability Oversight Council is a group comprised of OCC, CFTC, SEC, Treasury, FinCEN. We all get together and we talk about things to identify potential systemic risks so that we don’t have a repeat of 2008. Our group, that’s an example of where we interact with other regulators. There’s also an interface with the general public so they can figure out what we do. FinHub does have p2p “office hours” and we fly around to hold the office hours to various cities. There’s a webform where you can fill out your interest in a meeting, and attach some documents to make our lives easier, and then we can do a conference call, virtual meeting, or we can talk in DC or SF and then you sit down and talk with a regulator and explain whatever you want to talk about- typically people come and talk about their project and their tech. The value they derive from this is that we don’t provide legal advice, but what we do is ask a bunch of questions.
In 2018, the JFSA had to respond to a big hack at an exchange. After that, JFSA did an inspection of over 20-30 exchanges. They encountered difficulty analysing technologies. Between 2017 and 2018, billions of yens were hacked on these exchanges. We had an accomodating policy with exchanges, because we wanted innovation, but after the incident we had pressure from politicians and society and we therefore had to strengthen our regulation and then conduct strict inspections against every exchange. As a result, some of them are leaving the market, while others are staying. It might hinder some innovation. They have started to develop an understanding of security holes in exchanges. After that, maybe our criteria for the exchange, is slightly better than it used to be.
When they check at exchanges, what are they checking for during raids? We have two departments under the JFSA, like the SEC, yes. They have a checklist. It’s very well known to the community, but still in governance or mechanics. We need cross-industry communication. When the team goes in for an inspection, what kind of validation are they doing on a technological level? Is it simply a cyber security evaluation, are they testing code? What kind of evaluation are they conducting and how thorough is it? The team had security specialists. They go to the office, check their computers, track all records, and they do the inspection.
What about the timing between when you receive a trade? You need to process them in that order. But there might be glitches related to ordering. That’s a huge problem. Timing is a big focus on exchanges. Earlier this week, or last week, Binance made a press release where they have Binance Cloud where you login and you can private label your exchange. It’s a regulated… They are providing software and service, like https://cloud.binance.com/ – so you’re spinning up a copy of their code. It’s their cold storage. It’s fully hosted, everything is provided, you can login and get an exchange next week. Their whitelabeled exchange also has access to Binance’s liquidity. And then they can operate market makers on there. It’s either going to be extremely successful, or cause a lot of problems. If people are doing all sorts of activity, then who is liable? It boils down to where are the keys. If the keys are in Binance cold storage, then it’s Binance.
Cold storage vaults like Bitgo are offering services where you can get faster transactions, it’s in cold storage but everything is on-chain. This way, you can have arbitrage. But that’s no different from… it’s a market structure question that the SEC deals with all the time. But the making it into the digital asset space, that’s new, the custodians, the state charter trust companies that are facilitating it is a new thing, but it’s the same principle and same issues.
Tech stability in the context of the traditional financial system: tech risk, malware, and bank system interference by (cyber)warfare.