Not Legal Advice, 9/22/19 – self-proclaimed architect of the “Zug Defence” arrested, ICOBox sued, Section 230 limited by the 9th Circuit

Welcome back to this week’s edition of Not Legal Advice! Because legal advice costs money, and this blog is free.

Between delivering the keynote at blockchain day of Stamford Innovation Week and getting ready for a speaking gig at Crypto Springs, I’ve been pretty busy, so this week’s newsletter is going to be on the short side (a mere 1,800 words). This week:

  1. Self-proclaimed architect of the “Zug Defence” (or “Defense” for Americans) arrested
  2. ICOBox sued for selling unregistered securities, fraud, and operating as an unregistered broker-dealer; Paragoncoin resurfacts
  3.  Enigma v. Malwarebytes: 9th Circuit says Section 230 doesn’t apply to deliberately anticompetitive conduct

1. Self-proclaimed architect of the “Zug Defence” arrested

Last week brought us the news that Steven Nerayoff – early Ethereum advisor, sometimes Ethereum co-founder, and current one-of-those-guys-who-is-on-twelve-different-token-boards, was arrested and charged in the Eastern District of New York with extortion.

Although of course Nerayoff and his alleged co-conspirator, a fellow named Michael Hlady who previously was convicted of defrauding a group of nuns in Worcester, Mass (no, really), are innocent until proven guilty, it suffices to say that the allegations contained in the indictment do not portray either defendant in an especially flattering light.

Of wider significance here from the observer’s viewpoint is the fact that Nerayoff claims to have been the architect of – and is therefore someone with intimate knowledge of – the Ethereum Foundation’s early legal strategy. In particular, Nerayoff is likely to be aware of the contents of a legal opinion which, according to CoinDesk, is said to have cost $200,000, payment of which Nerayoff reportedly guaranteed with his own money. This person is now in federal custody.

The issuance of this legal opinion is worth re-examination, at the very least for historical purposes if nothing else. Apart from the obvious fact that $200,000 is rather a lot of money to pay for a legal opinion, the issuance of that opinion – which I presume authorized the sale, otherwise why pay $200k for it – arguably set off the ICO boom as we know it. The fact that Ethereum proceeded with legal air cover and was such a wild, runaway success encouraged other law firms, large and small, to then take a view on subsequent offerings in order to gain market share and marquee clients.

Ethereum was the first of many coin issuers to set up shop in Zug, Switzerland, known now as “crypto valley,” presumably under the theory that Swiss residence and legal structures would immunize them from U.S. law. This tactic, referred to in jest by cryptolawyer OGs as the “Zug Defence,” is rumored to involve establishing a Swiss Stiftung, or foundation, obtaining tax opinions from a Swiss law firm that the token-product is to be treated as a software product for tax purposes, and, in Ethereum’s case, obtaining a second, supplemental opinion which presumably set out the U.S. legal position (if the rumors are true). Although I have not read it, to the extent that opinion authorized the Ethereum pre-sale to occur in the U.S. without requiring the Ethereum Foundation to register the tokens or avail itself of an exemption, it would have been, in my professional opinion, legally incorrect. This conclusion is based on the SEC’s 2018 Paragon and AirFox settlements, which we may presume form the template for all enforcement actions which will follow, and in relation to which the Ethereum pre-sale, in hindsight, does not appear to have been materially different.

Generally speaking, a practitioner who possesses even one whit of conservatism in their bones will tell you that the so-called “Zug Defence” is not much of a defence at all, to the extent that the transaction or scheme touches the U.S.  or captures the U.S.’ attention. Although the statute of limitations for the Ethereum Foundation qua token issuer under the Securities Act of 1933 has run, their operations continue. When a supposed non-profit in Switzerland magically creates $20+ billion out of thin air, you can be sure this does not go unnoticed.

This is accordingly a story to watch.

marmot_2.jpg
This marmot is on Mt. Rainier, not in Switzerland. This marmot follows U.S. securities laws.

2. SEC sues ICOBox for selling unregistered securities, fraud, and operating as an unregistered broker-dealer; Paragoncoin resurfaces

In other federal-agencies-on-the-warpath news, the U.S. Securities and Exchange Commission sued ICOBox and its founder last week for allegedly conducting an unregistered coin offering, engaging in fraud in relation to that coin offering, and operating as an unregistered broker-dealer in relation to other coin offerings launched using its platform.

Attorneys can spot plausibly deniable sarcasm from 1,000 yards, and the complaint does not disappoint:

ICOBox proclaims to be a “Blockchain Growth Promoter and Business Facilitator for companies seeking to sell their products via ICO crowdsales” —in other words, an incubator for digital asset startups. A self-described blockchain expert, Evdokimov, has acted as the company’s co-founder, CEO, and “vision director,” among other titles.

The facts of the coin offering and the alleged fraud do not bear repeating here. More interesting from my perspective is how the SEC has built up its claim that ICOBox was acting as an unregistered broker-dealer:

The token sale conducted by at least one of these clients, Paragon Coin, Inc. (“Paragon”), constituted a securities offering under Howey… By actively soliciting and attracting investors to ICOBox’s clients’securities offerings in exchange for transaction-based compensation without registering as or associating with a registered broker-dealer, Defendants engaged in unregistered broker activities that violated the federal securities laws.

SEC v. Paragon Coin, we may remember, was the first major settlement announced between the SEC and an ICO issuer, back in November 2018. Around the same time, the SEC announced settlements with AirFox (unregistered securities offering) and the founder of EtherDelta (for operating an unregistered securities exchange). About 30 days prior to that, the SEC announced its settlement with ICO Superstore, a similar business to ICOBox, for operating as an unregistered broker-dealer.

So we should not be surprised that the SEC is going after ICOBox, nor should we be surprised if the SEC decides to go after other token mills in the future. Interestingly, the SEC appears to have used the cooperation and disclosure obtained in the Paragon exercise to build the case against ICOBox:

ICOBox’s team members highlighted on social media during the offering that ICOBOX had started to work with certain clients including Paragon (referring to it as ICOBox’s “child”), but did not disclose that no ICOBox clients had yet completed any ICOs using its services.

Tl;dr? The SEC is good at a lot of things, but they’re particularly good at playing follow-the-money, and their inquiries will not end with token issuers. They will use what they learn at issuer level to move up the chain to promoters and service providers. It will be interesting to learn what is revealed as they undergo that process.

3. Enigma v. Malwarebytes: 9th Circuit says Section 230 doesn’t apply to deliberately anticompetitive conduct

If you don’t know what Section 230 of the Communications Decency Act is, start here. If you do, recall that Section 230 has two main operative provisions:

  • Section 230(c)(1), which says that publishing platforms and users of publishing platforms are not liable for content created by someone else; and
  • Section 230(c)(2), which basically says that companies can’t be sued for good-faith moderation calls, so if e.g. you’re Milo Yiannopoulos and one of your posts is moderated off of Facebook, if you sue Facebook for it, you will lose.

With regard to each of those provisions, however, these above shorthand definitions are just that, shorthand, and what they gain in comprehension for the layman they lose in terms of the stripping away of the actual, technical language they use. Section 230(c)(2) reads as follows:

No provider or user of an interactive computer service shall be held liable on account of (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [sub-]paragraph ([A]).

The facts of Enigma v Malwarebytes are as follows.

Enigma Software Group USA, LLC, and Malwarebytes, Inc., were providers of software that helped internet users to filter unwanted content from their computers. Enigma alleged that Malwarebytes configured its software to block users from accessing Enigma’s software in order to divert Enigma’s customers.

Malwarebytes and Enigma have been direct competitors since 2008, the year of Malwarebytes’s inception. In their first eight years as competitors, neither Enigma nor Malwarebytes flagged the other’s software as threatening or unwanted. In late 2016, however, Malwarebytes revised its PUP-detection criteria to include any program that, according to Malwarebytes, users did not seem to like.

After the revision, Malwarebytes’s software immediately began flagging Enigma’s most popular programs— RegHunter and SpyHunter— as PUPs. Thereafter, anytime a user with Malwarebytes’s software tried to download those Enigma programs, the user was alerted of a security risk and, according to Enigma’s complaint, the download was prohibited[.]

As a former startup guy, don’t I know that startup competition in the software industry is a fight to the death.

Fortunately, commerce is not a free for all and there are rules and certain standards of fair dealing that companies are expected to follow as they compete. Enigma brought a number of claims under state and federal law, ranging from unfair and deceptive trade practices to a Lanham Act violation of making a “false or misleading representation of fact” regarding another person’s goods. Malwarebytes argued it was immune from the action due to the effect of Section 230(c)(2).

Malwarebytes won at first instance. The 9th Circuit reversed:

The legal question before us is whether § 230(c)(2) immunizes blocking and filtering decisions that are driven by anticompetitive animus.

In relation to which the court found:

Enigma points to Judge Fisher’s concurrence in Zango warning against an overly expansive interpretation of the provision that could lead to anticompetitive results. We heed that warning and reverse the district court’s decision that read Zango to require such an interpretation. We hold that the phrase “otherwise objectionable” does not include software that the provider finds objectionable for anticompetitive reasons…
…if a provider’s basis for objecting to and seeking to block materials is because those materials benefit a competitor, the objection would not fall within any category listed in the statute and the immunity would not apply.

Pretty clear cut ratio there.

Eric Goldman’s treatment of the subject is much more detailed than my own. I recommend it to anyone looking to read further in this case; suffice it to say that I agree with the 9th Circuit, and disagree with Goldman, in that anti-competitive conduct by large tech companies is a growing problem, it cannot have been the intention of Congress to enable unlawful anticompetitive conduct with Section 230 and, at least as far as I am concerned, the natural meaning of “otherwise objectionable,” while extremely broad, does have limits, and, much as one would have a difficult time finding a motorcycle or a plant objectionable, it is conceivable that anti-malware software that is not itself malware might fall outside of those limits.

The opening that is created here is narrow and appears to be strictly limited to anti-competitive conduct, although there is a risk this ruling could be distinguished by new categories of litigants whose user-generated content is excluded without apparent justification from online platforms. I struggle to think whence these claims might arise, given that users of online platforms customarily contract away most of their rights and acquiesce to the platform’s discretion to filter content as it pleases in accordance with their policies (as opposed to the situation in Enigma, where Enigma’s rights vis-a-vis Malwarebytes originated in statute which Enigma did not waive). This of course naturally invites the question of whether states themselves will also try to create new statutory protections for constitutionally protected opinions which, of course, is exactly the thing that Section 230 of the the Communications Decency Act was enacted to prevent. Between Enigma and the EFF’s First Amendment challenge to FOSTA/SESTA, Section 230 jurisprudence over the next few years looks to be anything but boring.

See you next week!