Why you shouldn’t leave a key under your crypto doormat
Thu 06 June 2019
David Williams

Just because you live in a safe neighborhood, do you leave your house unlocked? Do you leave the key under the doormat? Does that sound safe?

Then why would you leave your digital assets in a vulnerable account where a company could just walk in and take them? The ERC-1400 standard and its variants, touted as a step toward regulatory-compliant security tokens, intentionally leaves the key under your crypto doormat.

The fact that users don’t have to trust a third-party is one of the core principles of blockchain technology. Yet, the introduction of ERC-1400 shows that many people in the crypto community seem to have forgotten this fundamental concept.

On the blockchain, where distributed networks of computer nodes all over the world mine data and update ledgers, record-keeping by consensus makes centralized control unnecessary. When it comes to demonstrating ownership of securities (like stocks, bonds, etc.), blockchain ledgers can provide a secure solution that doesn’t require the user to trust any broker or exchange. The blockchain itself is the ledger of securities ownership that can transparently be queried by anyone.

With security tokens in the spotlight of regulatory bodies worldwide (including the SEC), their widespread acceptance and adoption will require some degree of standardization. Unfortunately, our rush to adoption has led to an explosion of blockchain protocols instead of standardization. We have looked the other way while features are offered and standards are proposed that compromise the core values underpinning public blockchains.

Traditionally, banks and brokers serve as central authorities for our financial transactions, with ultimate control over the assets they are entrusted with—a power that is rooted in the days when ledgers were still kept on paper. In contrast, blockchain technology was built to unchain us from central authorities, to promote a bold new concept we refer to as trustlessness. However, antiquated ideas have started to infiltrate blockchain’s newly established trustless system: the ERC-1400 standard for security tokens aims to bring back centralized control.

An extension of the widely used ERC-20 standard on Ethereum, ERC-1400 sets out to provide standard interfaces for security token transactions and token asset management. The process of tackling this noble goal, however, has led to at least one troubling feature. Explicitly published under ERC-1400, a chosen authority “MUST be able to perform forced transfer for legal action or fund recovery.”

In layman’s terms, this means ERC-1400 must leave the key under the doormat, leaving open a backdoor for the chosen authority that has unlimited power over any user’s tokenholdings. Proponents of this specification argue that it’s the only way to for token platforms to offer features, such as a way to recover digital assets in case of a lost private key. However, this convenience comes at an enormous cost. By mandating the “forced transfer” feature, blockchain users are no longer in sole control of their ERC-1400-compliant assets.

In the blockchain community, a community that generally demonizes backdoors and tries to steer clear of centralized authorities, ERC-1400 is being heralded by proponents as an exciting step forward. In truth, it facilitates the polar opposite of trustlessness and defies the core characteristics of the blockchain ethos.

Maybe this all seems harmless. And maybe we trust the token platform we are choosing to use. But didn’t we start using blockchain because it doesn’t require us to trust any intermediaries? Because on the blockchain, aren’t we supposed to be safe from interference from third parties?

When done right, public distributed blockchains can usher in a new age of financial services in which users are allowed to retain full, direct control of their property. But this can only happen if we stay true to the core tenets of blockchain technology. As companies strive to balance security and convenience, blockchain adoption has brought us to a crossroads.

As architects of the blockchain revolution, it is our job to push back on double standards like ERC-1400. We need to push security and decentralization back to the top of the priority list and refuse to put a spare key under the mat.

This article was originally published by Crowdfund Insider.