Self-Custody or Bust

Written by Sam Stuewe - MIT DCI Software Engineer

Financial infrastructure has long centered on assets in which the spender does not actually hold custody. But self-custody isn’t an aberration ready to be disposed of; it’s a world of potential enhancement to human self-determination! Despite the dominance of intermediated, custodied, payment platforms and shrinking cash use, the rumors of self-custody's death are (hopefully) greatly exaggerated.

Why Custody Matters

It turns out that people prefer different custodial relationships based on their concerns. For some people, prior breaches of trust reduce confidence in their custodians’ ability to reliably provide access to their funds when needed. For others, practices like exploitative fees or high-to-low payment ordering have cast the relationship with their custodian in a much more adversarial light. But, on the other hand, some find a sense of security with custodians, feeling much less worry over asset compromise or theft. Moreover, some financial regulations can both give people confidence in their custodian and make self-custody less practical.

Many will have different levels of trust in their potential custodians, or worries about potential failure modes. Given different levels of trust, risk profiles, or contexts, people may make wildly different choices about their custodial arrangements. As a demonstrative example, consider the most common archetype of “self-custody” (where only the spender holds custody): cash. Ayaka, a typical cash user, is both empowered to spend any of her cash without permission or involvement of anyone but her counterparty; and, she is also wholly responsible for the security and availability of her wallet and funds.

Much closer to the opposite extreme on the custody spectrum are things like prepaid debit cards. Benji's ability to spend down his card’s balance at his local grocery store is subject to many more constraints. The card operator may experience downtime, impose extensive contractual limitations including fees or expiry, or even subjectively refuse to honor his balance. As a trade-off, he can expend far less effort to secure those funds, as they are wholly maintained and secured by the card operator itself; even though such payment mechanisms typically operate on bearer authorization, funds associated with lost cards can be recovered. If Benji were to lose his card, as long as he wrote down the card’s details (typically, an account number, and CVV), he would often still be able to make some transactions (particularly true for online purchases).

In determining one's ideal custodial arrangements, risk-aversion, availability requirements, and usage-friction will all play a role in combination with trust. Put more plainly, the issue of custody revolves around people's preferences and needs!

“You keep using that word…”

SEC's amended rule 206(4)-2(c)(1) defines that an adviser has custody of client assets when it holds, "directly or indirectly, client funds or securities or [has] any authority to obtain possession of them.” This is one of the clearest and most direct definitions of custody I have found, but I still find it quite vague, especially in the context of innovations from the digital currency space. What does “holding funds” actually entail for digital assets? Just storing (a copy of) some metadata required for spending? Exclusively controlling keys necessary for asset transfer? How about “obtaining possession?” In multisig arrangements (where all parties must sign), does each signatory have partial custody? What about for threshold signature schemes (where only a subset of the parties must sign)? Custody has become far more complex and requires deeper exploration and a more nuanced understanding.

A more inclusive framework might instead define that all actors, whose participation is required for an asset to be transferred or leveraged, hold some degree of custody. Most custodial relationships will lie between the two extremes of total self-custody, and total intermediary-custody.

Why So Extreme?

Given the variety of options and preferences mentioned, why should anyone focus on self-custody specifically? Good question, me! Custodians tend to offer some service or benefit to their clients, segmenting their served markets according to which services or benefits are most lucrative for their business. This arrangement should be mutually beneficial, but most often heavily favors the custodian: beyond any fees for the account itself, or any opportunity to leverage custodied assets for their own profits, custodians typically offer services, not goods. As a result, to continue to receive the benefits offered, consumers must maintain a relationship with the custodian. Creating a new bank account can be onerous, and might involve credit checks which affect credit-worthiness calculations. Moreover, unlike migrating a telephone number, migrating from one bank to another almost always requires a lot of manual action on the part of the consumer. This enables custodians to rely on vendor lock-in to maintain their market share, and guarantees more opportunities to shape consumer preferences. In short, the custodian has strong incentives to keep its clients within a walled garden and to reduce or avoid the threat of competition.

Supporting the ability to off-ramp to self-custody effectively hedges against the stickiness and monopolistic tendencies of custodial financial services. Moreover, the range of services which could be offered for self-custodied digital assets is understudied and underexplored. Perhaps most immediately relevant, enabling widely accessible, practical, self-custody for digital assets requires solving fundamental issues which would have outsized, generalized benefits.

Data Sovereignty is Self-Determination

The logistical consideration of having custody of a physical asset is mostly a question of practicality and risk profile for the holder; how much cash can you conveniently and safely carry? Digital assets, however, require more considerations such as key storage, authenticated access, or support for interactive cryptographic operations. In the case of custodial digital assets, the custodian's availability in the form of uptime also becomes a factor. Even if a digital asset technically supports self-custody, users will need a guaranteed right to leverage that option. Otherwise, for example, being paid on an exchange which does not allow users to withdraw to self-custodied addresses effectively prevents those funds from ever escaping custody.  At a minimum, some version of a right to data access and portability is necessary (similar to that outlined by the European Union’s General Data Protection Regulation, or GDPR). To be clear, I do not mean the GDPR is relevant to “self-custody of data,” rather I mean the GDPR generally offers a good schematic for what rights are necessary over one’s own data to enable a reasonable level of privacy. A similar framework for custody would be beneficial (and potentially required) for someone to have true control over their assets. As a starting point, consider the following potential rights guarantees:

• Right to Self-sufficiency
  If people are to have a reliable alternative to custodial assets, they must have the guaranteed right to minimize their dependency on third parties to transact, having at least one accessible payment option that depends solely on the payer's and payee's cooperation and agreement.

• Right to Off-Ramp
  As with the portability of cell phone numbers, there is no sound justification for financial service companies to avoid providing migration paths to competitors beyond simple profit motive. People must be able to quickly and easily migrate their assets to other custodians, and be free to move to self-custody at their discretion.

• Right to Minimize Exposure
  Newer technologies, like zero-knowledge proofs, offer consumers the ability to demonstrate their compliance with complex regulations (which previously might have required a trusted intermediary with strong identity guarantees) while revealing the absolute minimum amount of sensitive information possible. Not only should people be empowered to leverage such tools to minimize their information leakage, but the tools to do so must be freely provided, secure, hard-to-misuse, and openly supported.

• Right to Transparent and Reliable Terms
  The centralization (and resultant stratification) of wealth has significant negative societal impacts (like regulatory capture enabling bypass of safety regulations, and anticompetitive acquisitions or collusion paving the way for cartel pricing). For established platforms, this can lead to a cycle of worsening the deal with their users to extract ever higher profit margins. To curtail and control the potential harm people experience when their financial stability is put at risk, custodial services should be required to provide human-readable terms which are not allowed to change on short notice. This stipulation must also be extended to “smart contracts;” but, importantly, it must go beyond the ability to read the code governing digital assets (“source availability”). The code, processes and practices, associated risks, and safeguards must be reliable, clearly documented, and openly communicated.

When designing digital currencies, especially for general use, so many aspects related to how they function are important to evaluate. Custody and custody models are an important part of that, which heavily interests us at the DCI. Please, share your ideas about custody-related topics that DCI should research by reaching out at DCI@media.mit.edu.