Mutual Funds - Timestamping

Ian Grigg iang at
Thu May 20 12:56:50 EDT 2004

-------- Original Message --------


In a rare arisal of a useful use of cryptography in real life, the
mutual funds industry is looking to digital timestamping to save its
bacon [1].  Timestamping is one of those oh-so-simple applications of
cryptography that most observers dismiss for its triviality.

Timestamping is simply where an institution offers to construct a hash
or message digest over your document and the current time.  By this,
evidence is created that your document was seen at that time.  There
are a few details as to how to show that the time in ones receipt is
the right one, but this is trivial  (meaning we know how to do it, not
that it is cheap to code up..) by interlinking a timestamp with the
preceeding and following ones.	So without even relying on the
integrity of the institution, we can make strong statements such as
"after this other one and before this next one."

The SEC is proposing rule changes to make the 4pm deadline more serious
and proposes USPS timestamping as one way to manage this [2].  There
are several things wrong with the USPS and SEC going into this venture.
  But there are several things right with timestamping in general, to
balance this.  On the whole, given the complicated panopoly of
strategic issues outlined earlier, timestamping could be a useful
addition to the mutual funds situation [3].

First what's wrong:  timestamping doesn't need to be regulated or
charged for, as it could easily be offered as a loss leader by any
institution.  A server can run a timestamping service and do 100,000
documents a day without noticing.  If there is any feeling that a
service might not be reliable, use two!  And, handing this commercial
service over to the USPS makes no regulatory sense in a competitive
market, especially when there are many others out there already [4].

Further, timestamping is just a small technical solution.  It shouldn't
need to be regulated at all, as it should be treated in any forum as
evidence.  Either the mutual fund accepts orders with timestamps, or it
doesn't.  If it doesn't, then it is taking a risk of being gamed, and
not having anything to cover it.  An action will now be possible
against it.  If it does only accept timestamped orders, then it's
covered.  Timestamping is better seen as "best practices" not as
Regulation XXX.

Especially, there are better ways of doing it.	A proper RTGS
transactional system has better protections built in of its nature than
timestamping can ever provide, and in fact a regulation requiring
timestamping will interfere with the implementation of proper solutions
(see for example the NSCC solution in [1]).  It will become just
another useless reg that has to be complied with, at cost to all and no
benefit to anyone.

Further, it should be appreciated that timestamping does not "solve the
problem" (but neither does the NSCC option).  What it allows for is
evidence that orders were received by a certain time.  As explained
elsewhere, putting a late order in is simply one way of gaming the fund
[5].  There are plenty of other ways.

Coming back to where we are now, though, timestamping will allow the
many small pension traders to identify when they got their order in.
One existing gaping loophole is that small operators are manual
processors and can take a long time about what they do.  Hence 4pm was
something that could occur the next day, as agreed by the SEC!	With
timestamping, 4pm could still be permitted to occur tomorrow, as long
as the pension trader has timestamped some key piece of info that
signals the intent.

For this reason, timestamping helps, and it won't hinder if chosen.
The SEC is to be applauded for pushing this forward with a white paper.
  Just as long as they hold short of regulation, and encourage mutual
funds to adopt this on an open, flexible basis as we really don't want
to slow down the real solutions, later on.

Powered by Movable Type
Version 2.64

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list