Oct. 28, 2023
Dear Securities and Exchange Commission, I am writing to express my concerns regarding the proposed rule "Safeguarding Advisory Client Assets" and the potential impact it may have on privacy and security concerns associated with the custody of digital assets. While I understand the need for investor protection, it is crucial to consider the potential risks and vulnerabilities that these regulations may create. One of my primary concerns is the potential increase in identity theft. The proposed regulations will require many participants in decentralized finance (DeFi) to collect user information. This collection of sensitive information, such as taxpayer information, without adequate safeguards in place, creates a significant risk of data breaches and unauthorized access. It is essential to prioritize and protect the privacy and security of investors' assets, particularly in the digital realm where vulnerabilities continue to evolve. By forcing the collection and storage of user information, the proposed regulations may unintentionally create "honey pots" for identity thieves. Without proper measures in place to ensure the privacy and security of this data, investors' information could become a target for malicious actors. We should not create a situation where increased regulation leads to increased opportunities for identity theft under the disguise of tax reporting processes. Given the fast-paced development of the digital asset space, it is important to strike a balance between investor protection and the safekeeping of sensitive information. As we move towards a more decentralized financial landscape, there is a need to evolve our regulatory frameworks to address the unique challenges and opportunities presented by digital assets without compromising privacy and security. To adequately address these concerns, I recommend incorporating strong privacy and security provisions into the proposed rule. This should include requirements for investment advisers and custodians to implement robust data protection measures, such as encryption protocols, multi-factor authentication, and regular security audits. Additionally, there should be clear guidelines and standards on the storage and handling of sensitive user information to mitigate the risk of data breaches and identity theft. As we consider the economic and regulatory implications of the proposed rule, we must not overlook the potential harm that weak privacy and security safeguards may inflict on investors. It is crucial to strike a balance between investor protection and the privacy and security concerns associated with the custody of digital assets. By taking these concerns seriously and incorporating appropriate safeguards into the proposed rule, we can work towards a regulatory framework that not only protects investors but also ensures the privacy and security of their assets. In conclusion, I urge the Securities and Exchange Commission to thoroughly consider the privacy and security concerns associated with the custody of digital assets. By addressing these concerns and implementing strong privacy and security provisions, we can create a regulatory framework that facilitates investor protection while also safeguarding sensitive information from the increasing threat of identity theft. Thank you for considering my comments. I look forward to the opportunity to engage in further dialogue on this important matter. Sincerely Michael Smith