V God personally wrote an article explaining the US Treasury’s Encrypted Assets Supervision Act

On May 9, FinCEN, the exclusive agency of the US Treasury Department, issued a guidance document that divided the legal regulatory frameworks for different types of blockchain services.

This document refers to the division of the nature of the multi-tick wallet service: if a multi-sign wallet restricts the developer's own role, it is unmanaged, and requires the user's private key to participate in order to confirm the completion of a transaction, then this multi-sign The wallet's service provider is not a money transmitter and is not subject to too much financial supervision; but if the user does not interact directly with the asset, the multi-sign wallet is just an entry, and the developer has full control over the value of the asset. The service provider is a money transmitter and needs to be regulated accordingly.

Subsequently, Eitafang founder Vitalik Buterin published a review article entitled “Control as Liability” on his personal blog, discussing the regulatory issues mentioned in the above guidance document. Privacy and regulation are the development issues that the encryption economy can't avoid. Given the huge influence of V God in the industry, Encrypted Valley has compiled this article, which may be instructive to readers.

• Twitter Featured: Facebook Encryption Project Launched This Month; Wu Jihan will launch a new company Matrix by the end of July
• What is the recent popular Staking, is it worth investing?
• Listed company tracking | Zhongan Online: Pushing insurance products to pass

The legal regulatory environment surrounding Internet services and applications has changed dramatically over the past decade. When large-scale social networking platforms became popular in the early 2000s, the general attitude toward large-scale data collection was basically “Why not?” This is Zuckerberg’s assertion that the era of privacy has ended “the darkest moment”. In this regard, Eric Schmidt, chairman of the operations of former Google parent company Alphabet Inc., said: "If you don't want to let others know, you should not do it in the first place."

From a personal point of view, it is reasonable for them to make such arguments: every point of data you can get about others is a potential machine learning advantage for you; every limitation is a weakness, even if it is “legal There is a problem with the data obtained, and the collector pays a small price. Compared with the income, it is almost negligible. However, ten years later, the situation has changed dramatically.

Here are some trends that deserve to be focused on:

• privacy protection. A number of privacy laws have been passed in the past decade, and some European countries are the most radical, especially the latest GDPR (General Data Protection Regulation). GDPR covers many parts, but the most prominent ones are:

1. A request for explicit consent;

2. The data must be processed on a legal basis;

3. The user has the right to download all of his data;

4. The user has the right to request to delete all of his data;

After the introduction of GDPR, other jurisdictions began to explore similar rules.

• Data localization rules. In India, Russia and many other jurisdictions, a growing number of countries have developed or are studying the relevant rules, namely “data localization”, which explicitly requires the storage of data from domestic users in the country. On the other hand, even if there is no clear legal policy yet, more and more people are beginning to worry that their data will be transferred to countries that cannot fully protect their data rights.

• Sharing economic regulation. Shared economic companies such as Uber are struggling to argue with the courts that, given their control over applications and the management of driver activities, they should not be classified as traditional “employer” companies.

• Digital asset regulation. A recent publication by the US Department of the Treasury's FINCEN (Financial Crimes Enforcement Network) attempts to clarify what types of activities related to digital assets in the United States, and which categories are not subject to regulatory approval requirements. limit. Do you manage a wallet? Supervised. Do you have a wallet for users to control their own funds? Unregulated. Do anonymous hybrid services? If it is operated by you, it is regulated. But if you just write the code, it is not regulated.

As Emin Gun Sirer, associate professor of computer science at Cornell University and co-director of IC3, pointed out,

“The FINCEN Digital Assets Guide is not without rules. Instead, it attempts to separate developers’ active control of funds from developers’ lack of control over funds.”

The guide carefully distinguishes between the multi-signature wallet (that is, the private key held by both the operator and the user) under what circumstances is regulated and when it is not regulated:

"If a multi-signature wallet provider restricts its role to creating an unmanaged wallet, then a second authorization key needs to be added to the wallet owner's private key in order to pass the verification and complete the transaction. The supplier of the signed wallet is not a currency Because it does not accept and transmit value. On the other hand, if the value is treated as an entry in the supplier's account, the owner does not interact directly with the payment system, or the provider maintains completely independent control over the value, the supplier Will also be eligible to be a currency sender."

Although these events occur in different contexts and industries, I think there is a common trend in which the control of user data, digital property and activities has changed from the past “assets” to “giants”. Liabilities." Previously, every control you had was good because it increased the flexibility of the platform's revenue; now, the control you have becomes a burden because you may be regulated. If you show control over your users' digital assets, then you are a money transmitter. If you have full decision on the fare, including when the driver chooses not to take the order, you can ask the driver for cancellation; or, in order to prevent the driver from picking up the guest, temporarily or permanently disable the driver account, then you are one Name "employer". If you control the user's data, you need to make sure that you can justify it, set up a "compliance officer" architecture in the enterprise, and allow your users the right to download or delete data.

If you're an app developer who's lazy and afraid of a lawsuit, there's an easy way to make sure you don't violate the above rules: Don't build a centralized control application. If you build a wallet and the user holds their own private key, then you are actually just a "software service provider." If you plan to build a "distributed Uber", the envisioned product is just an APP or other type of client that incorporates a friendly UI, payment system, credit rating system and search engine, and you don't need to control these components. You will not encounter similar legal issues. If you build a website that doesn't collect any user data (static pages? But this is not possible!), you don't even have to consider GDPR.

Of course, this method does not apply to everyone. Many times, developers and users will pay a huge price if they don't have centralized control. In addition, sometimes, some business models must adopt a centralized approach to achieve economies of scale. For example, running code on a centralized server will effectively protect non-paying users from certain rights to use the software, thereby protecting the rights of paying users. In short, we still have a long way to go before we can truly explore the convenience of a more distributed approach.

When a person wants to prevent certain events from happening through surgery, it sometimes hinders the scope of the entire activity. This is the unintended consequence of the legal system (Editor's note: "economics" called "externality") . Generally speaking, this is not a good thing. However, I believe that the developer's mindset will therefore be forced to change from "I want to control more, just in case" to "I want to control less things, just in case." This is not a positive result. Of course, for large companies that are accustomed to profiting from user data, it is not easy for them to voluntarily give up control and take the initiative to deprive themselves of their ability to do evil. (Editor's Note: This is similar to the “game mechanism” in economics. "). Although ideologically driven distributed projects already exist, there is no doubt that such a centralized service model will dominate the industry for a long time.

This regulatory trend has greatly contributed to applications that are willing to reduce centralization and maximize user sovereignty.

Therefore, although these regulatory changes are not directed at freedom itself, they are at least concerned with the freedom of developers. Turning the Internet into a political focus will inevitably lead to many negative chain reactions. "Control becomes a burden" will become the trend of the times, and even more support for password punk than the policy of maximizing the freedom of application developers. Although the current regulatory environment is far from optimal in terms of behavioral preference, it inadvertently reduces the probability of unnecessary centralization and plays a role in helping users control their assets and data rights.

Vitalik Buterin

DUANNI YI Translation

Sonny Sun Editor

Source: Encrypted Valley

The content is for reference only, not as an investment recommendation.

Copyright is strictly prohibited without permission

We will continue to update Blocking; if you have any questions or suggestions, please contact us!