 |
February 26, 2014, 01:12:57 AM |
|
Suggestions for Self-Regulation and Improved Security for the Bitcoin Community
Bitcoin has come a long way in the last few years. But watching the Mt. Gox and Pony bot stories the last few days, I’m struck by how much improvement remains to be done for Bitcoin (and other altcoins) to take their place on the world financial stage. There is some low-hanging fruit out there when it comes to improvements, so let’s get picking.
Bitcoin has suffered badly the past few weeks for problems that are quite preventable and without governmental regulation. We need to resist the cries for burdensome regulation (how would that even work for a decentralized, international currency like Bitcoin?), and instead focus on strengthening the relationship between Bitcoin businesses and customers/users.
Here are some suggestions – feel free to critique them, add your own, etc. I’m sure I’m not the first to propose them, but we need to keep raising our voices until these things are implemented.
1. Auditing. Audits are perfectly standard in the general business community, quite apart from government regulation. We customers/users should be demanding that bitcoin businesses be audited and able to prove it. This alone could have prevented the Mt. Gox debacle, IMHO. Shame on Mt. Gox, but shame on the rest of us for not demanding proof of good accounting from them.
2. Cryptocurrency specialization for audits. The financial auditing community needs to develop the tools to conduct specialized audits with businesses dealing in cryptocurrency. (My own experience is with TS16949/QS9000 auditing so I’m in the dark here, but it makes sense to me that there should be a certification for cryptocurrency-competent auditors, and that audits should spell out that cryptocurrency was included in the scope of the audit of a business entity.)
3. Encryption needs to be STANDARD for wallet software, not something you do as an afterthought after installing the wallet. Many “average joe” users don’t understand this and neglect to do so. The wallet creators bear some responsibility here for attacks like the Pony bot hack. It’s like a realtor selling a house and not mentioning/emphasizing that there is no lock on the front door.
Here’s what I suggest for wallet encryption: During the software installation/set-up process, the user should be taken through a couple screens that provide education/training on good wallet security. It should then ask the user to provide a passphrase. And for crying out loud, don’t say “And store it in a safe place.” That’s not adequate. Instead it should warn users to store the passphrase “In two or more secure locations” at a minimum, and clearly warn people “If you lose the passphrase, NO ONE WILL BE ABLE TO RECOVER IT FOR YOU.” (Perhaps in the future some trusted cryptocurrency company could provide secured wallets that they can recover with due process, but I’ll leave that alone for now.)
The setup screen should further remind people that the wallets should be backed up (and link to explain how, in detail). Finally, the setup screen/training should emphasize that you should have the wallet and passphrase secured such that at least one other person will know how to retrieve them if something should happen to you (bad accident/brain damage, death, etc.) For example, my wife knows how to retrieve our secured information if something happens to me, but I also have an encrypted file for my parents to hold, for which my brother holds the password, just in case something happens to both of us.
Thoughts? Comments? I’d like to think this will happen “naturally,” but we need improvements like this ASAP to stem the negative press about Bitcoin lately. In our personal dealings with bitcoin businesses let’s make a point of asking about how they are audited and refuse to do business with those who can’t answer that question well. And let’s keep asking non-bitcoin businesses, “So, when are you going to start accepting bitcoin, anyway?” (Don’t ask if, ask when – make it inevitable in their minds.)
My 2 satoshis,
ebliever
|
