Although I'm new to the forums here, I've been lurking for some time.
Allow me to introduce myself. My name is Steve and I'm an IT Consultant, Systems Analyst and Software Developer with over 15 years experience, located in Utah in the USA.
I first started getting heavy into Bitcoin when a client asked me to look into how they could integrate Bitcoin acceptance into their Point of Sale software.
This particular software Point of Sale is used by major retailers around the world.
The result of that inquiry will be the topic of another thread, for now I wanted to propose a fairly simple idea.
In the "real world" aka meat space, people generally don't have to worry about what would happen if someone stepped into their bank and robbed it.
This is because most banks and many financial institutions offer deposit insurance against theft and/or financial collapse of the bank.
I believe that implementing a version of that is a good idea and one that might help speed a wider acceptance of Bitcoin into everyday transactions.
What I'm not saying here is "Hey let's all go bail out every fly by night that gets their wallet file hacked."
What I am proposing is that members of the community who operate services such as eWallets, public mining pools, exchanges and banks really ought to consider offering deposit insurance to their clients.
One thing I've noticed about the recent closures of significant bitcoin entities, is that seemingly obvious security measures are not being taken by operators of these services and because of this the services end up compromised and quickly pushed out of business.
I say this because in order to qualify for the deposit insurance system I'm proposing, an entity would have to first meet certain minimum requirements.
- Undergo an independent source code review/audit
- Complete a full enterprise-wide security audit (all systems).
- Demonstrate full compliance with record keeping rules and any applicable rules on data retention.
- Have a well thought out, up to date disaster and business interruption plan
- Demonstrate regular adherence to a full system backup schedule (including restoring from backup)
- No fat online hot wallets, only enough in the wallet to handle an average day's volume.
- No hosting "in the cloud".
- Access to coinservers should be physical access ONLY whenever possible.
- SSH access to coinserver machines ONLY with a proper private key.
- Multi-factor authentication on all systems etc
There are quite a few more I could list, but you get the idea.
The point is that compliance with the rules set down by the proposed "deposit insurance" cooperative would allow any operating entity that chose to become compliant, to petition for acceptance into the cooperative. After they are accepted, then all deposits into said organization would be mutually re-insured by all the other members at a rate proportional to their total deposit size.
To fund this all members would be charged a small premium for insured deposits, that premium would be directed to an entirely offline wallet and used to offset losses in the event there was a breach resulting in a claim.
If something like this were implemented then break ins wouldn't matter so much because they would never interrupt business, things could keep chugging along like normal.
Now obviously centralization in Bitcoin is a bad thing and even worse would be having something like this run by a single company.
This is why I mention a cooperative institution, because each member would have an equal voice.
The day to day executive functions would be handled much like any other business i.e a President, Vice President, Secretary, Treasurer etc.
The executive branch would be appointed by and serve at the pleasure of, a board of directors which would be comprised of long term well known members of the Bitcoin community.
The nominating and appointing of board members would be handled by a vote of the leadership of the member organizations.
There are a whole lot of other parts to this idea such as how to certify independent auditors and the like, but I'll leave it here for now as I gather feedback.
My long term plan is to invest significant resources into the Bitcoin eco-system and this is but one of many ideas. If you like it let me know and I'll post more.