All Posts By


Regulators and Industry Groups Continue Blockchain Efforts

By | Blog | No Comments

Guest post: Matthew Comstock, Shareholder, Murphy & McGonigle, P.C.

Regulators and industry groups continue their efforts to understand blockchain technology and its implications for the securities, futures and related financial sectors. Importantly, regulators and industry groups have not yet advocated for or against any particular type of blockchain technology. Rather, efforts have largely centered on defining what, in the view of those regulators and industry groups, blockchain technology is, how it may be used in the financial services industry, and what the regulatory implications are for its use.

The various financial industry regulators and industry groups have not coalesced around a single definition of blockchain technology. Their definitions, however, typically describe blockchain as a technology that involves a type of distributed-ledger technology that includes a decentralized, public or private peer-to-peer network that records transactions that occur through the network in shared digital ledger.   

The U.S. Securities and Exchange Commission (SEC), the primary federal regulator for the securities industry, appears to have begun formal work on blockchain-related matters with the establishment of the Digital Currency Working Group, which started around 2013. Since that time, the SEC has been asked to clarify whether digital currencies are securities; approved a registration statement to become effective that permitted a company to sell digital securities to the public; and held a FinTech Forum in the fall of 2016, which included a panel on blockchain technology (panelists included members of Hyperledger). In March of this year, the SEC issued two separate controversial blockchain-related orders. It disapproved proposed changes to the rules of two securities exchanges that would have permitted the Winklevoss Bitcoin Trust to trade on one exchange, and the Solid X Bitcoin Trust to trade on another. Each trust would have traded as an exchange traded product, with bitcoin as its the underlying asset. In disapproving the proposed rule changes, the SEC essentially took the position that lack of regulation surrounding bitcoin markets made bitcoin, and thus the trusts, susceptible to fraud and manipulation.

The Financial Industry Regulatory Authority, Inc. (FINRA), which oversees securities brokerage firms (subject to the ultimate supervision of the SEC), recently issued a report (the “FINRA Report”) on blockchain technology. The FINRA Report (1) described blockchain technology; (2) discussed potential applications of blockchain technology to the securities industry (e.g., issuing and trading public company stock on a blockchain-based platform, and centralizing customer identity management functions); (3) identified potential impacts on the securities industry, such as increased transparency (e.g., by maintaining a database containing the complete histories of securities transactions, and altering or eliminating the roles of financial intermediaries); and (4) addressed implementation considerations, such as governance (e.g., “trustless” network open to the public with no single party responsible for the proper operation of the system, versus a private network with parties known and trusted, and transaction validation (consensus-based versus single-node verifier).

Finally, the FINRA Report discussed certain regulatory implications arising out of securities brokerage firms’ use of blockchain technology, particularly with respect to financial responsibility requirements. For example, FINRA raised an issue as to how brokerage firms could meet their regulatory obligations to take custody of “cryptosecurities” held on a blockchain network on behalf of customers. Moreover, FINRA asked whether cryptosecurities held by a brokerage firm would have a “ready market,” i.e., a liquid market, so that firms’ holdings of such securities would be allowable (liquid) regulatory capital. The FINRA Report also noted the brokerage firm records that are maintained electronically must be kept in a non-rewriteable, non-erasable format (also referred to as “write once, read many” or “WORM”). Although blockchain is arguably a superior recordkeeping technology, FINRA nevertheless asked whether a brokerage firm records maintained on a blockchain network would meet the SEC’s WORM requirement.

An organization that primarily represents brokerage firms and asset managers, the Securities Industry Financial Markets Association (typically called “SIFMA”), is in the process of drafting a comprehensive response to the FINRA Report. SIFMA members have indicated that SIFMA’s response will advocate that any guidance regulators provide, or principles that regulators formulate with respect to blockchain, be technologically neutral.   

The International Organization of Securities Commissions (“IOSCO”) recently issued the “IOSCO Research Report on Financial Technologies (Fintech)” that included a discussion of distributed ledger technology.  IOSCO noted that blockchain is one subset of distributed ledger technology, distinguished between permissioned and permissionless systems, described proof-of-work and proof-of-stake consensus algorithms, and emphasized the role tokenization and smart contracts are likely to play in applying distributed ledger technology to the financial services industry. The IOSCO report also identified potential application of distributed ledger technology to the financial services industry in areas such corporate recordkeeping; trading and settling transactions in certain types of financial instruments; ensuring that certain regulatory requirements are met (e.g., compliance with anti-money laundering rules); creating individual IDs to be used in financial transactions; and improving the speed, efficiency and security of financial transactions, among other things.  

The U.S. Commodity Futures Trading Commission (CFTC), the federal agency tasked with overseeing futures intermediaries, among other things, recently proposed to modernize the CFTC’s recordkeeping rules for such intermediaries.  The proposed rules are intended to be technology neutral, and would take a principles-based approach to recordkeeping. Among other things, futures intermediaries would be required to maintain security, signature, chain of custody elements and data as necessary to ensure the authenticity of the information contained in regulatory records.

The efforts described above built upon, among other things, earlier white papers from The Depository Trust & Clearing Corporation and the Board of Governors of the Federal Reserve System.  Expect regulators and industry groups to continue their efforts around blockchain technology.

[VIDEO] Hyperledger Interviews Hanna Zubko, IntellectEU

By | Blog | No Comments

We recently sat down with Hanna Zubko, Co-founder and VP of business development at IntellectEU. IntellectEU is a general member of Hyperledger.

IntellectEU plans to continue to build out several blockchain proof of concepts in 2017 but they are also looking to expand their footprint into other various industry verticals. Hanna explains that it is important to their stakeholders to be able to build a solution using blockchain technology that is enterprise ready and scalable.

Hanna believes a key benefit of joining Hyperledger is the community. She encourages any institution that is experimenting or interested in building blockchain solutions to join. With Hyperledger, IntellectEU can harness the benefits of this new technology and is at the bleeding edge of blockchain.
Watch the full video below!

Meet Hyperledger’s New Security Maven!

By | Blog | No Comments

We’re thrilled to announce that the Hyperledger team is growing! We’ve recently added David Huseby as the Security Maven.

David brings more than 20 years of experience working with and on open source projects in industries including aerospace, video games, and web, both server and client side. For the last decade he has focused on privacy enhancing technology, user anonymity and anti-surveillance. Most recently he was a senior platform security engineer at Mozilla where he focused on web privacy and led the project to merge Tor Browser hardening into Firefox.

Now let’s get into some questions to better understand David’s role, what he will be working on and his own aspirations for Hyperledger.

What got you interested in working on Hyperledger and blockchain?

I am a long-time Bitcoin user and enthusiastI mined my first Bitcoins when they were worth just $4.00 USD. The blockchain technology in Bitcoin has always fascinated me and like everybody else I immediately saw its potential for solving persistent problems in a variety of other industries. Working on blockchain technology has been on my to-do list for years. I was attracted to the Hyperledger project because of its solid community leadership and the integrity of The Linux Foundation. When I was given the opportunity to work on all-things-security and all-things-blockchain at The Linux Foundation, I could not refuse. I am very excited to be joining the team.

David Huseby, Hyperledger’s Security Maven

What are your main goals now that you’re part of the Hyperledger team?

I’d like to work with the community to maintain and grow the trust in our projects. Taking inspiration from other successful open source projects, I’d like us to document a set of software development and deployment best practices that all of the Hyperledger projects follow consistently. Projects like the Linux kernel, the Bitcoin core, and the Tor project have pioneered great standards for managing change and integrity during software development and deploymentwe would do well to emulate them.

I also want to partner with our project teams to build a security vulnerability reporting system that minimizes the friction of reporting security vulnerabilities responsibly.  In addition to the reporting system, I would like to organize and coach a security triage team for driving issues from reporting all the way through resolution and disclosure.

It is also important that we get out ahead of any security related regulatory issues in markets like finance and healthcare.  I’d like to work with our member partners to plan for and minimize the roadblocks for Hyperledger projects moving into regulated industries (i.e. being prepared for audits and code escrow, etc).

In addition to the above projects, I am taking a special focus on the identity problem. I plan to learn all I can about any future projects that fall under Hyperledger regarding personal identity and personal data management with blockchains. Having a good answer to the identity problem is one key element to the success of many of the Hyperledger projects.

What do you think is most important in terms of security for Hyperledger to focus on in the next year?

Blockchain technology is being applied to systems where lapses in security can result in serious consequences. I think our greatest challenge is to nurture and grow the great software engineering culture that already exists in all of the Hyperledger projects.  Security is ultimately a human problem and having good engineering culture naturally leads to consistent application of best practices. In the next year I hope to partner with the community to bring best practices such as signed commits, merges, and releases, dependency tracking, sign off accountability, and responsible disclosure of vulnerabilities to all of the Hyperledger projects. That is how we will maintain the trust of our partners and the broader community that relies on the technology we create.

What’s the one issue or problem you hope blockchain can solve?

I hope that we can solve the identity problem in such a way as to maximize the privacy and sovereignty of everyday people. So much of the computerized world is dedicated to tracking people and monetizing that information. I hope blockchains give me back control over my private self while also lowering the friction of proving that “I am me” to the myriad of balkanized systems. The last time I checked, my password manager had account credentials for over 200 different separate services that I use. Why can’t there be just one cryptographic proof for “this is me”?  And why can’t I be asked to approve what data gets shared? I truly hope we solve this problem, or at least find a good enough solution for most people.

Where do you hope to see Hyperledger and/or blockchain in five years?

In five years I hope Hyperledger is universally respected for having nurtured cooperation and leveraged technical and industry expertise to bring blockchains to market and to make tangible improvements in many different industries. I half-joke that if Apache helped make the Web, maybe Hyperledger can help make the Web easy.  Having a universal identity solution, cryptographically secure ways to share data, and auditable access to digital records would go a long way in making the Web easier for everybody. Hyperledger and The Linux Foundation is the natural place for that level of Internet-wide cooperation and in five years, I hope we will have succeeded.

What’s one thing you wish people understood about security?

I wish people understood that security is mostly a people problem. We’ve all heard stories of bad passwords being the weak link in an otherwise secure system. Having good security is like having good hygiene. It takes diligence and constant attention and strong passwords.

What is the best piece of advice you’ve ever received?

I always live by these two pieces of advice:

  1. If something is worth doing, it is worth doing right. (Thanks D). To me, this means that I should be picky in what I commit to so that when I commit, I am all in.
  2. Always have your passport. (Thanks A). Living by the first piece of advice is intense and this second piece of advice means I never miss a chance to stop and have fun. Sometimes the right answer is to get on the next plane to somewhere, anywhere, and go have fun.

What do you like to do in your spare time?

I live in Las Vegas so what don’t I do in my spare time?  Seriously though, I enjoy spending time with my friends at the Synshop Hackerspace. I am an occasional guest on the Greynoise podcast that is recorded at the Synshop every Friday evening. I also enjoy exploring the south western states, going on hikes, camping, and getting outside in general.  A few months ago I decided to start corresponding with friends through handwritten letters and because if something is worth doing, it is worth doing right, I started teaching myself Spencerian calligraphy to up my power level. I think my favorite thing to do is make new friends, so please, if you see me at a conference or a meetup somewhere, don’t hesitate to come say “hi”; we might become pen pals.