Third Key Solutions: Exclusive Interview with Andreas M. Antonopoulos and Pamela Morgan
Third Key Solutions, a new company that offers consulting and cryptographic key management solutions for companies using digital currencies, has just launched. The Third Key Solutions team consists of CEO Pamela Morgan, CTO Andreas M. Antonopoulos, and Adviser Richard Kagan. Third Key Solutions seeks to establish customized solutions for companies dealing with Cryptocurrency and to develop best practices for safely and securely managing and storing funds. Multisignature wallets aren’t enough, companies need to establish operational practices which are secure and well planned, Third Key Solutions specializes in this. Andreas M. Antonopoulos, a very well known man in the world of Bitcoin, and a security expert, partnered with Pamela Morgan to develop operational security practices which became the basis for the launch of the company. Richard Kagan, a Silicon Valley entrepreneur, has partnered as a business adviser. The company officially launched on March 31st, 2015.
I had the pleasure of speaking with Andreas and Pamela over a Skype call to learn more about the company, what Third Key Solutions provides, as well as the future plans of the company.
Where did you get the inspiration for Third Key Solutions?
Pamela: My background is in law I’ve been advising startups for quite a while now. I’ve been working in entrepreneurship education. And when I made the move to Bitcoin I recognized that there are a lot of similarities between companies inside and outside of the space, namely in that most people are bored with corporate governance or don’t want to focus on it so as I started to get hired by companies in the space, I started realizing that this was a need within all of these organizations. I’m a little bit unorthodox, so I started talking to them about things they didn’t have, like corporate governance and recovery processes. That was basically the inspiration, working with companies inside the space and recognizing the parallels between those outside the space and inside the space.
How long did it take to design best practices that exceed the Cryptocurrency Security Standard Level Three requirements?
Andreas: That can be answered in two ways. We started designing the operational practices and security practices for this about ten months ago when we started serving clients in the space. Now at the time, CCSS didn’t exist so I’d like to differentiate between security best practices and a security certification standard for those. We were implementing security best practices when CCSS came along we basically looked at the standard to see how we fared against that, made a few minor adjustments, and mostly confirmed that in fact we were exceeding CCSS level three in all of our operational practices and now we are working towards certification of that. So the answer is that we were doing security best practices ten months ago, and we started looking at CCSS three months ago to confirm that we were exceeding those standards. I’m also a member of the steering committee for CCSS so I had a role in reviewing the standards and in most cases strengthening them with other participants in the committee.
Pamela: The only thing that I can add to that is that security and best practices are ongoing, so we’re always interested in what’s happening in the space, who is doing what, and how we can make our processes better.
In your opinion, how important will the CCSS best practices be for the future of the cryptocurrency industry?
Andreas: I think that it is really important that we have common industry practices that are robust and transparent and involve or require external audit and certification because what that does is it provides a baseline. I think that people should not consider these standards as the pinnacle of security, but simply the first rung on the ladder. These are things that companies should be doing anyways. What the standard provides is an industry-neutral technology neutral checklist that is based on what companies that are doing things well in security are already doing and essentially says that this is the lowest rung on the ladder and you should be above this. What it does is provides us with a way of measuring compliance with best practices and a way that companies that are investing in these practices can essentially show that investment by achieving certification.
What kinds of companies will benefit from working with Third Key Solutions?
Pamela: We’re focused on what we need to be, we’re not consumer facing, we’re focused on securing wallets and exchanges and all sorts of other companies like that. Really any company that is operating with Bitcoin or another cryptocurrency at its core. If you’re paying people in Bitcoin, if you’re using Bitcoin in operations, you should talk with us, that’s my opinion.
Andreas: I’d like to add to that. All of the companies in the space should be using the very best technology features to implement security, that means that Multisignature is not optional it’s table stakes.You need to be doing these things. Multisignature has now been available for more than a year and a half; it’s widely deployed it’s inexcusable for companies to not be using multisignature in this day and age. So the technology is there; the problem is that technology is not enough. More than 80% of security is about operational process, and so you can have multisignature but some important questions arise. How do you generate the keys securely? How do you store them? Who has the keys? What’s the signing plan? What happens if you lose a key? What happens if someone drops their laptop in a swimming pool? What happens if someone gets hit by a bus? These are questions that you want to ask before you put this plan into play. Now to figure out how to protect these keys from natural disaster, theft, embezzlement, fraud, fire, flood, EMP, whatever it may be. These are tough things to figure out because one of the big challenges is that security and backup are often contradictory goals. So the best way to make something resilient is to make lots of copies of it and put them everywhere while the best way to make something secure is to lock it down and use encryption and things like that and if you do one then you can’t really do the other, it’s hard to find the right balance.
Now, the bottom line is this: Most companies in this space are too busy running their business to have the time to do this or to focus on this. So while they can expend the resources to do this, most companies don’t have the time or the focus to do this right, and that’s where we come in, we’re doing just this, completely focused on solving these problems.
What future plans do you have for Third Key Solutions?
Andreas: I’d like to start with some of the technology components and some of the partner components. If you look at the announcement, one of the things we’ve announced is a number of technology partners. We’re a technology-neutral company. What we’re going to do is to continue to innovate. Bitcoin moves very fast, that means that we’re going to be applying new technologies all the time to stay ahead of the game, whether that’s threshold signatures or hierarchical deterministic multisig or whatever else may come down the road, we’re going to be looking to deliver the very best to our clients. That means working with a lot of partners. We remain technology neutral, so we’re going to be relying on all of our partners to source all of the technology and skills in that space. We’re going to continue to innovate on operational security which is the core of our business. Part of this is decentralizing the solutions. It’s great to have one company hold part of a key for recovery. It’s better to have two companies or three companies, or four companies in multiple jurisdictions holding shares of this key so that you diffuse the risk across multiple companies and jurisdictions. The key recovery network that we announced as part of this launch is a very big part of our vision. Key recovery shouldn’t be centralized either. While Third Key Solutions never holds enough keys to sign transactions. We always have less than m-of-n, we always have a minority of the keys, we do not control funds or take custody of funds, ever. At the same time, even that can be decentralized even further. We’re working with other companies in the space, key recovery and storage companies to decentralize the solutions and help their clients spread their risk even more.
Pamela: I think our primary interest is protecting our clients and protecting their customers, in that we believe that if we can help dilute the risk then it becomes a safer ecosystem for everyone. We don’t want to hold a whole key if we can help it, we think that ideally with a key recovery network, we’ll be able to, as Andreas said, distribute the risk among jurisdictions, thereby making the entire ecosystem safer.
Andreas: And to clarify what we mean by that from a technical perspective is even if you’re doing multisig, it’s better if you have multiple companies holding keys or parts of the keys.
Third Key Solutions is very well positioned to make a major impact on the cryptocurrency industry as a whole. By developing best practices and helping companies develop custom solutions for the proper management of funds, the risk companies face can be significantly reduced. The team, along with the services offered by Third Key Solutions are incredibly solid and will likely improve cryptocurrency security and promote further technological innovation within Bitcoin. You find out more about the Cryptocurrency Security Standard and Third Key Solutions here.
What do you think of Third Key Solutions? Comment below!
Image Source: Third Key Solutions, Pixabay