If you don’t control the keys, do you actually own the crypto assets?
That’s a question before securities regulators in Canada right now. In the wreckage of the QuadrigaCX fiasco — where the keys to the former exchange’s fortunes were taken to the grave with its late founder Gerald Cotten — regulators are trying to create a taxonomy around crypto custody and ownership to figure out when securities laws apply. As courts and accountants sort through what happened, regulators are trying to make sure it doesn’t happen again: “Not your keys, not your coins” may mean that you have a derivative on your hands.
So if you want to prove ownership of a crypto asset beyond a reasonable doubt, you must have total control over the keys — that’s the spirit of the rules being drafted by regulators. Using a software wallet isn’t going to necessarily cut it, because the keys are still stored in the cloud — in the ether and out of your control.
See related article: Telecom Giants Collaborate On Blockchain Settlements Platform
A blockchain or cryptography solution?
Ownership of data is the problem that new mobile technology like what’s found in the HTC Exodus, a blockchain-focused phone, is trying to solve.
“The fundamental difference between owning and not owning your keys is if it’s cloud-based, or stored on the hardware,” says Phil Chen, HTC’s Decentralized Chief Officer.
Chen might be better known as the father of HTC’s virtual reality efforts, and he now splits his time between the company and as a general partner at Proof of Capital, a blockchain venture capital fund. The Taiwanese phone maker tapped him to lead its blockchain phone efforts, as he’s familiar with both the blockchain world and the manufacturing process of handsets.
One needs to remember that blockchain phones are almost entirely unrelated to how telecom companies plan to implement blockchain. While telecom companies use the technology to find efficiencies in billing and load balancing, handset vendors like HTC are effectively building a mobile crypto wallet with added security features.
With the HTC Exodus, the crypto keys are stored directly on the phone — but not in a place that’s easily accessible.
HTC isn’t divulging sales numbers, and the shipment volumes are too small to be on the radar of the usual market research firms that track handset market shares. However, the phone manufacturer — once a giant in the Android space — has been struggling to ship its handsets, and targeting ultra niche and high-margin market segments may help bring in cash flow.
What makes the HTC Exodus unique is that it allows users to store their keys within part of the phone’s CPU known as the “TrustZone.” Developed by CPU designer ARM (which licenses its designs to a plethora of manufacturers, from Apple to Samsung) and for the Exodus manufactured by Qualcomm, TrustZone is a walled-off part of the CPU that can only run using a pre-approved secure code. Any software that isn’t pre-approved and considered secure is blocked from accessing this side of the CPU. Only approved software and supporting system resources like drivers have access to it when it’s absolutely necessary.
TrustZone isn’t unique to the HTC Exodus phone. It’s actually widely used for things like storing digital rights management keys that allows applications like Netflix to play back encrypted content. Apple, for instance, uses it to protect the biometric data — images of your fingerprint and face — for unlocking the iPhone.
Samsung is offering similar features in its Galaxy series of smartphones. At the recent unveiling of the Galaxy S20, the company highlighted that, via its KNOX technology, users can store their private keys in a secure part of the phone’s processor. However, this feature isn’t available on all of Samsung’s models and the range of support for crypto assets is limited.
HTC’s “secret sauce” here is the development of a software layer that allows for this access while preserving security.
“What’s new here is that access to the TrustZone is being given to the consumer,” says Chen.
Right now, the Exodus’s most obvious use case — and needed given the regulatory environment of crypto custody — is the storage of keys for crypto assets. However, the reality is that any sensitive data that the user might want to store the keys for on the cloud can be stored locally on the Exodus.
“It’s more about cryptography,” says Chen, explaining that the phone should be thought of as a phone that emphasized encryption while using open source software as opposed to just a “blockchain phone.”
Data and privacy concerns
With data ownership becoming a more pressing issue, as people become more aware of how companies monetize their personal information, the need to be aware of how your keys — which control access to this data — are being stored will be on the minds of many. For instance, many chat apps that provide the means for secure chat store their keys on the cloud, meaning that those controlling the cloud — whether an interloper or a government snoop — could have access to the chat records. Storing keys locally, on the phone, prevents this from happening.
See related article: AI giants are exploiting your data. A new system can help you take back control
However, things are only as secure as the phone its stored on. If the phone is lost or stolen, so are the keys. If a crook forces the user to unlock their phone, it’s vulnerable. However, physical theft is comparatively less likely a risk than hacks. According to Selfkey, in 2019 alone, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges.
So while the HTC Exodus has the name blockchain attached to it, the proprietary nature of how its hardware and software intersects, which allows the user to store data within the secure “TrustZone,” means it should be thought of as more than just a phone for those interested in blockchain and cryptocurrency — although the ability to store your keys with certainty and security meets a regulatory pain point that’s emerging.
Blockchain — perhaps the sexiest technology to emerge in recent years — is a great branding tool for selling any product, including phones. The technological branding has no doubt helped HTC — which has floundered in the handset market after being a dominant force in the early part of the past decade — build more public interest in its products, no matter how tenuous its actual connection to blockchain. But as we’ll explore in the next article in our three-part series on blockchain in telecom, HTC’s Exodus is actually one of the more legitimate entries in this niche market. Stay tuned.