Why technology assurances are a must for crafting EU crypto regulation

Published at: Sept. 16, 2020

When Malta set out to provide a regulatory framework for the cryptocurrency sector, policymakers and advisers recognized how blockchain, distributed ledger technology and smart contracts, as well as related technologies, imposed new challenges to providing consumer protection and to fitting within existing legal structures.

Immutability of data — and subsequently code, or rather smart contracts — is a desirable feature to provide guarantees to users that data (and smart contracts) cannot be tampered with. However, this also poses a critical challenge: Often, it is impossible, or infeasible, to change code once it has been written to such a distributed ledger. This potentially means that code can be deployed that ends up managing millions to billions of dollars worth of funds, and if a bug is found, it may be impossible to update the code to get rid of it.

Cryptocurrencies, tokens, initial coin offerings, security token offerings, etc., are built on this type of technology. In order to provide consumer protection, regulators around the world have focused on implementing a regulatory regime that ensures due diligence is undertaken regarding the individuals behind such operations, and regarding the financial and legal aspects of the operations, which is great.

Yet, minimal effort has gone into ensuring that there are adequate levels of due diligence regarding the technology. In traditional financial systems, this is not much of a problem, as when something goes wrong, authorities and other centralized stakeholders can reverse actions and/or data as required. However, when it comes to decentralized systems, this is not an option. Neither the crypto operator, users, regulators, enforcement entities nor even the courts can do anything to revert the decentralized transactions. If a bug causes losses of billions in crypto, the tokens are lost forever.

Some argue that such responsibility and risks should be borne by users. Being a computer scientist and programmer myself, I would be in a better position to accept this over many others. However, should we really expect users out there to bear the risks of potential bugs within code?

If the sector wants to achieve mass adoption and not just entice the technology-inclined to use such technology, should we really expect such non-tech-savvy users to understand code — and the intricate types of bugs that often exist within?

Regulators see the benefits in checking financial and business models surrounding operations to ensure consumer protection, as many investors out there may not be experts when it comes to such models. Yet at the same time, should we expect investors to understand code? And this is often code that, when deployed, is not readable by humans but is in an encoding that only computers can understand.

Many would argue that the financial and business models can be more easily comprehended by investors out there than the code — well, at least for most users out there. While it would be great if everyone could understand code, it is not the case.

Personally, even as a coder myself, I would prefer to invest in operations that have undergone technical due diligence over ones that have undergone operational due diligence. It would take much less time to understand underpinning business and financial models than it would be to undertake a functional correctness assessment on my own. Perhaps that is because I am aware of the complexities of the technology.

However, my gut feeling is that most users out there would also prefer that assurances have been undertaken with the code rather than on the business and financial side. That being said, both should be undertaken.

Losses in the industry

Instances of bugs within the sector that have resulted in large losses are plenty. A (nonexhaustive) list of such reported instances is huge. In 2018, exchange Coincheck was hacked; small South Korean exchange Coinrail and crypto exchange Bithumb were hacked; decentralized crypto platform Bancor was hacked; and 27 hacks of decentralized applications on the EOS blockchain occurred during five months. The following year, in 2019, an Ethereum-based synthetic issuance platform and an EOS game of chance, EOSPlay, were impacted. This year has been no exception, as well: Decentralized lending protocol bZx saw two hacks in February; decentralized finance protocol Balancer and the Statera (STA) team were affected in June; an issuance vulnerability in Ravencoin’s (RVN) supply was found in July; and a bug was found in SushiSwap in September, among many others.

Related: Most significant hacks of 2019 — New record of twelve in one year

One can see that such situations are not hypothetical. Now, one school of thought is that regulatory frameworks and licensed activities can help bring about mass adoption, especially for those who do not understand the technology.

However, if such frameworks do not provide assurances with respect to the technology being used, and bugs that result in large losses do happen, will it only be a matter of time until a licensed activity suffers this fate? This would undoubtedly be detrimental to the licensed activity, the jurisdiction and the sector, and it would induce doubt among investors and stakeholders, ultimately creating more hurdles in the way of mass adoption.

We have developed a regulatory framework as part of the Malta Digital Innovation Authority’s remit. Further details are presented in the paper “Regulating Blockchain, DLT and Smart Contracts: a technology regulator’s perspective.”

I feel that such technology assurances have been overlooked by most crypto regulators, and therefore, I have written an open letter highlighting these issues and inviting regulators to discuss them in the aim of creating a regulatory framework that has the adequate levels of technology assurances and provides the required levels of consumer protection that the industry needs to bring about mass adoption.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Joshua Ellul is the inaugural chairperson of the Malta Digital Innovation Authority. The MDIA provides a regulatory framework for instilling higher levels of technology assurances into innovative technology arrangements including blockchain, DLT and smart contracts. Ellul is also director of the Centre for Distributed Ledger Technologies at the University of Malta, which runs a multidisciplinary master’s program in blockchain and DLT.
Tags
Technology
Blockchain
Regulation
Cryptocurrencies
Government
Hacks
Malta
European Union
Related Posts
How smart regulation can improve the future of blockchain
With extreme positions on both sides, some would have us believe that decentralized technology and regulation are mutually exclusive. As pervasive as that narrative has become, a more evolved view is that both decentralization and regulation are inevitable, so the best results will flow with regulators and innovators coming together. But what will that cooperation look like? At the Stellar Development Foundation, our view is that regulators and innovators will (and should) influence each other, and that means both sides should be prepared to compromise. Let’s start with some honest self-reflection: There is no inherent quality of blockchain or cryptocurrency …
Technology / June 20, 2021
Europe awaits implementation of regulatory framework for crypto assets
The global landscape of crypto-asset regulations is diverse and, even though it is getting more complex, many regulators are still choosing to wait and see how this space develops and what others will do. Right now, all eyes are on the European Union and its bespoke approach to regulating crypto assets. As part of an expansive digital finance package announced in September 2020, the European Commission, or EC, issued a regulatory proposal titled Markets in Crypto-Assets, or MiCA. The proposal is now making its way through the legislative process and is subject to intense debates. This important regulatory step has …
Technology / May 1, 2021
Monaco Passes New Security Token Laws, but Acting on Them Is Not Easy
Monaco is one of the most exceptional countries on the planet. Its unique mix of scenery and history creates a blend that attracts tourists from all over the world. Anyone who has ever visited falls swiftly in love with its charm. Alongside its reputation for class, architecture and an outstanding grand prix circuit, Monaco has always seen itself as a “niche” financial-sector pioneer. Many people don’t realize that Monaco prides itself on its willingness to think “outside of the box” with respect to financial laws. This thinking shows a commitment to keep the country competitive on the international financial stage, …
Technology / July 7, 2020
The Great Estonian Exodus — Crypto Firms Are Leaving Estonia
Back in 2017, the Estonian government rocked the legislative side of the crypto world when they introduced a raft of new laws designed to support crypto projects. These licenses split into two different categories: those looking to operate a crypto exchange and those looking to undertake an initial coin offering. Both company types stood to benefit from the first “real” cryptocurrency licenses anywhere on the planet. As a result of these licenses, entrepreneurs digitally flocked to the small but great Baltic nation. The Estonian government was ahead in a number of ways. Not only was the country a trailblazer with …
Technology / June 27, 2020
3 Common Compliance and Regulatory Pitfalls to Watch for in 2020
Regulations are not going anywhere. On the contrary, financial service providers face more regulatory challenges and higher costs than ever before. During the early days of cryptocurrencies, a “Wild West” culture emerged when regulators, uncertain on how to tackle this thing called blockchain, paid little attention to the thefts, scams and hacks plaguing the virtual-asset market. Today, this is no longer the case. No matter their roots, every virtual asset project from Telegram to Shapeshift to Libra is ramping up compliance while regulators continue to issue guidance, enforce regulations and pay closer attention to digital securities platforms, crypto exchanges and …
Technology / May 30, 2020