The Back of the Envelope (a blog)

A short note on the absurd Stoner Cats settlement

This blog post is a follow-up to my blog post Substance Over Form: A Short Note on the SEC’s First NFT Settlement regarding the Impact Theory project. I assume you have read that before you read this.

Impact Theory was an obvious example of an entrepreneur instantiating a security as an NFT. Stoner Cats is a borderline case, and below we’re going to briefly explain why.

Stoner Cats is a cartoon, starring Ashton Kutcher and Mila Kunis, about a bunch of house cats who like to smoke marijuana. They go on zany adventures and toke doobies. It is intended to be watched while high on ganja. Since nobody has executed on this vision well in the 10 years since Aqua Teen Hunger Force, the greatest television show ever made, went off the air, it is understandably something a lot of people got excited about.

This is exactly the sort of project which deserves its own NFT.

The SEC claims:

The purpose of the Stoner Cats NFT offering was to fund the production of an animated web series called Stoner Cats. SC2 told investors it would develop the Stoner Cats web series based upon the managerial and entrepreneurial efforts of SC2 and its agents. SC2 promised investors in the Stoner Cats NFTs exclusive access to the web series and an online community, as well as access to unspecified, future entertainment content.

To be clear, people were buying digital collectibles and, per the SEC’s view, they were buying them so they could get access to future content and access to the finished content.

SC2 offered and sold the Stoner Cats NFTs as an investment into SC2’s efforts to create this content. SC2’s public communications tied the success of the show to the value of the NFTs and thus led investors reasonably to expect to profit from the managerial and entrepreneurial efforts of SC2.

Stoner Cats did this by selling merch from the series in NFT form:

Each Stoner Cats NFT was associated with a unique still image of one of the characters in the Stoner Cats web series, with different expressions, apparel, accessories, and backgrounds, resulting in a multitude of NFTs. Purchasers could not choose their NFT in the offering, but instead received a random allocation. Over 62% of the purchasers in the offering bought more than one Stoner Cats NFT. In addition, at least 20% of the Stoner Cats NFTs purchased in the offering were resold in the secondary market before the first episode of the Stoner Cats series aired, two days after the offering, and the majority of the NFTs purchased in the offering were resold in the secondary market before the release of the second episode on November 15, 2021.

They also promised to develop content in the future, as one would expect artists to do in a friggin television series.

On its website, SC2 promised that if 100% of the NFTs were sold (which happened), it would facilitate the creation of a decentralized autonomous organization (“DAO”) comprised of Stoner Cats NFT holders and that it would commit to working with the DAO to “develop at least one new animation project a year for the next three years.” The website promised that NFT holders would have access to this additional content.

Apparently SC2 also gave itself – not the buyer – a 2.5% secondary sale royalty fee. In the usual analysis this wouldn’t, either by itself or in combination with other factors, make the NFT a security in the hands of anyone. Royalties are regularly payable on secondary art sales to the author of the art. Selling the royalty stream might create a security, but the existence of the royalty stream should not.

So here’s what gets me about this. Buying film stills from a movie is a thing that happens. Below is a montage together with three cells from a theater which played the movie Pink Floyd: The Wall. The SEC appears to be saying that if you sell these stills before you produce a web series – say, by selling stills from the pilot – you’re now selling securities.

Buying merch and collectible stuff from existing TV series is also a thing. See e.g. Netflix selling NFTs for its Love, Death + Robots series. The regulator doesn’t seem to have a problem with that, either, at least not yet.

The SEC points out that “the show was largely incomplete at the time of the offering… [t]he final episode was not released for another fifteen months[.] SC2 sought to persuade investors that the show and the NFTs would be successful as a result of SC2’s entrepreneurial and managerial efforts.” Ok. Let’s accept this logic for a second and ask some further questions of the SEC.

If you sell the NFTs after you’re done making the series, as evidenced by the huge market for film stills which the SEC has never once intervened in, I suppose according to the SEC you’re not selling securities? But what if you’re Netflix selling them in the middle of a popular series, apparently they’re not selling securities either? But if you’re a startup selling them after the pilot, you are selling securities?

When is a show “complete” and NFT sales of stills are therefore permitted? After the pilot? After the first season? Second season? First run? Spinoff? Sequel? When, exactly, is an artist allowed to sell an NFT representing a good which is already routinely sold as a collectible all over the Internet without it becoming a security?

It’s all very confusing. The short answer, the logical answer, the answer most consistent with economic reality, is that this was a bad call by the SEC and they picked a weak startup to make an example of. Impact Theory was an obvious example of an entrepreneur trying to dress up an investment contract as an NFT. Stoner Cats appears to be an example of the SEC trying to dress up a collectible as an investment contract.

That said, this is truly a borderline case. The SEC’s logic follows that in a California law case, Silver Hills Country Club v. Sobieski, 55 Cal 2d 811 (1961), in which presold memberships to a country club were deemed investment contracts by that state’s regulator using a test known as the “risk capital test.” But it bears mentioning that the SEC is a federal agency and the risk capital test is not a test which is applicable anywhere outside of the State of California, so it should not be influencing their enforcement decisions. Even if it were, the fact that the NFTs correspond directly to a real-world collectible for which there are real world markets makes the statement of facts in the SEC’s settlement – which the SEC was free to write by itself without any input from anyone else – not a slam dunk.

Is the addition of minor fringe benefits like access to a website and a promise to draw more comics really enough to take a garden-variety collectible and turn it into a full blown investment contract of the type which Congress intended to restrain with the 1933 Act? The SEC seems to think so.

Against whom and when to enforce is of course a regulator’s prerogative, and maybe the facts and circumstances of Stoner Cats really made this a project worth enforcing against, but I don’t see it. The only certain outcome from this enforcement action is that NFT projects will have to do extensive and expensive legal analyses and pre-publication reviews to try to avoid Stoner Cats’ fate in marketing these collectibles, and because the SEC overreached here they’ll never be able to get absolute certainty from their lawyers that they’re on the right side of the line. This will stifle creative business and prevent creators from using crypto collectibles instead of more traditional types of merch. Given what we know about the policy objectives of Democrats in Congress, maybe that’s the point.

For our policymakers in Washington, though, who oversee that agency, I ask you this. In the last 12 months has the SEC really had nothing better to do – for example, rulemaking to bring our crypto regs into the 21st century, or pursuing obvious frauds – than pick on a bunch of cartoonists selling trading cards of stoned cats?

Substance over form: a quick note on the SEC’s first NFT Settlement

From ZachXBT this morning:

I cannot recall something which was labeled as an NFT being treated as a security by American regulators previously. According to the SEC, this case is the first. With that in mind, it’s important to revisit first principles on selling crypto-critters in the United States. One thing which I see a lot of, all the time, is when developers start out with something which is unregulated and gradually mission-creep their way into something regulated.

Given how powerful cryptocurrency tech is, these mistakes are shockingly easy to make. This is because cryptocurrency, particularly the smart contract variety, is capable of “captur[ing] unlimited richness in flows of actions and events; computer scientists might prefer to recognise this as a state machine with money.”

A state machine with money, of course, is capable of performing virtually any function normally performed by the financial technology stack because it automates and secures the “money” portion of it programmatically in a manner which in TradFi needs to be secured by a human authenticator. Ian Grigg’s essay Financial Cryptography in 7 Layers – which predates crypto-as-we-know-it by nine years and Ethereum-style smart contracts by fifteen – neatly disaggregates the wet-code concepts which are factored by a human authenticator which most crypto developers, frequently unknowingly, attempt to program into their smart contract applications, compressed into a single layer as they try to implement a particular specification.

“Legal,” of course, pervades all of these layers, and we get a chance to see projects as they evolve. To paraphrase Rousseau, “most crypto projects are born free, yet everywhere they are in chains.” Designing a basic protocol application and the act of hashing a proof-of-work genesis block is not, generally speaking, a regulated activity anywhere in the world. It is the stuff protocol engineers do afterwards in relation to that genesis event, such incentives that they create to bring in new users – items 5-7 on the 7 layer framework – which, generally speaking, creates the liabilities.

So last week, for example, we saw the Tornado Cash indictment come down. There were howls of dissent from much of the crypto community over this due to the perception that the U.S. government was seeking to censor code and suppress open-source developers. Without prejudice to the constitutional presumption of innocence to which all criminal defendants are rightly entitled, having read the indictment, it seems that there was rather a lot of post-instantiation management of the Tornado Cash platform which, had I been a developer, the devs might have chosen to think better of and avoid. Leaving protocols published on GitHub without choosing to then embark on associated altcoin launches or management of the protocol as a going concern might be a recipe for protocol failure and obsolescence. It’s also a way to hew much more closely to the First Amendment and cases like Bernstein v. United States.

Similarly, one thing I see often enough, and increasingly in the wake of the Gensler SEC’s crackdown on more “traditional” ICO products, is the recharacterization of certain crypto-asset securities as “non fungible tokens” or NFTs. Impact Theory basically issued “NFTs” in three tranches:

In relation to which the SEC assessed as follows:

In advance of the offering, Impact Theory publicly stated that it would deliver “tremendous value” to KeyNFT purchasers. Impact Theory also stated that it would use the offering proceeds for “development,” “bringing on more team,” and “creating more projects.” Consistent with the foregoing, Impact Theory collected the proceeds from the KeyNFT sales in a single crypto asset wallet and used a portion of those proceeds to pay certain vendors providing services related to Impact Theory’s business.

It bears reminding that the Howey test “embodies a flexible, rather than static, principle” which is designed to look towards the substance of the transaction and not how it is labeled when determining whether something is or isn’t a security. The NFT space, which is relatively new, is no different – if a non-fungible token is sold in exchange for an investment of money in a common enterprise, with an expectation of profit arising from the efforts of a promoter or a third party, it is just as liable to be a security as a fungible token which sold in the same manner and with the same expectations.

Mind you, Impact Theory seems, at least from the settlement, to have been very far on the wrong side of the line, a dissent from Commissioners Pierce and Uyeda notwithstanding – “It’s like investing 10k with a 300k upside, for a small risk,” went one statement from the Discord; “Everyone here is an early adopter! Buying a founders [sic] key is Like [sic] investing in Disney, Call of Duty, and YouTube all at once,” went another; “you are investing in [the Impact Theory] team and regarding this is an opportunity that has never been there its [sic] like handing $20 to Mark Zuckerberg in his dorm room,” went another – such that if the sellers were selling a literal rock attached to those promises, to say nothing of an NFT, I could make out the case that they were selling securities. But there is no reason why this same regulatory mistake is also one which could be fairly easily, and entirely honestly, committed by inexperienced founders or otherwise legitimate projects who are stacking on additional functionality to please their users.

Just as an unstoppable blockchain app ignores the law, the unstoppable law ignores the blockchain. Labels and choice of data structures are part of the regulatory puzzle but are not dispositive. Substance is.

Infinitely expressive “state machines with money” tempt developers to build things that people will want to buy, and make it trivially easy to do so. But writing the code for the machine is one thing which happens fairly low down on the conceptual 7-layer stack; operating the machine as a going concern is quite another and lives at the top of the stack, where the laws are most active too. Understanding that different regulatory regimes apply to different layers is a basic prerequisite to providing good legal advice in this area. Just as a token labelled a “utility token” has been assessed as problematic by American regulators, so too can a token labelled a “non-fungible token,” even if the data structure utilized by that token does in fact make it non-fungible. Proceed accordingly.

Section 301: Crypto’s Section 230?

Section 230(c)(1) of the Communications Decency Act is very short – 26 words in length in total. It states that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  

These words are deceptively simple but they form the backbone of the social Internet as we understand it today, because the words render platforms like Reddit, Facebook, and Twitter more or less absolutely immune for the content their users post. This allowed them to grow; speech otherwise comes with a lot of liability (infringement, defamation) and Section 230 and other provisions like the (much-reviled) immunity, notice and takedown regime under the DMCA for copyright infringement have resulted in an Internet which can develop unhindered by lawsuits and local rules in the fifty states which, otherwise, would have tied it down.  

For this reason, Jeff Kosseff called Section 230 “the twenty six words that created the Internet,” also the title of the book he wrote on the subject. The story behind Section 230 is convoluted and strange but suffice it to say, without the rule or something like it, the user-generated web would not be what it is today.  

We may now be approaching something like this with crypto – a necessary but overdue legal innovation capable of blowing adoption off the charts – with today’s release of the draft text of the Financial Innovation and Technology for the 21st Century Act (hereinafter the FIT Act, “FIT for the 21st Century… see what they did there?) which proposes to amend the much-hated provisions of the Securities Act of 1933 and the Exchange Act of 1934 to regularize crypto business.

The FIT Act is huge and there’s a lot to consider, so this post confines itself to Section 301 and Section 301 alone. Let’s dive in.

1. Section 301 basically Nukes Howey for a lot of possible cryptoasset products

Everyone knows what the Howey test is. “Investment contracts” are securities as defined in Section 2(a)(1) of the Securities Act. Howey defines what an “investment contract” is. The FIT Act removes crypto – properly, “digital commodities” (more on that later – from the definition of an investment contract.

  Section 2(a)(1) of the Securities Act of 1933 currently reads:  

(1)The term “security” means any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security”, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.  

Section 301 of the Bill amends this to read:  

The term “security” means any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security”, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing. The term does not include a digital commodity or a permitted payment stablecoin.

This change, if enacted, would be absolutely titanic. At the moment, the language “investment contract” covers virtually anything anyone can invest in. The Act proposes to remove “digital commodities” (more on that later) or “permitted payment stablecoins” (which I’m going to mostly skip in this post for word count’s sake), and provides a pathway to determine with legal certainty whether an asset should be so categorized.

What I will say is that for the moment, informed legal opinion on stablecoins is that they may very well constitute securities – not qua investment contracts but qua evidence of indebtedness. Although we haven’t seen a ton of non-fraud enforcement in this area (keeping in mind one of the first stablecoins, 2014’s Paycoin, was dinged by the SEC and DOJ on fraud charges), regularizing stablecoins should be an industry priority.

2) Section 301 also neuters the Exchange Act vis a vis digital asset exchanges

  Section 3(a)(1) of the Securities Exchange Act of 1934 reads:  

(1)The term “exchange” means any organization, association, or group of persons, whether incorporated or unincorporated, which constitutes, maintains, or provides a market place or facilities for bringing together purchasers and sellers of securities or for otherwise performing with respect to securities the functions commonly performed by a stock exchange as that term is generally understood, and includes the market place and the market facilities maintained by such exchange.  

The significance of this definition is that if you want to running an exchange that trades securities you need to be registered as a national securities exchange or operate something called an Alternative Trading System or ATS, neither of which is particularly easy to do (nor cheap) and both of which are really not fit for purpose for assets like Bitcoin which have no issuer and in relation to which users all self-custody.

The amendment proposes:  

The term “exchange” means any organization, association, or group of persons, whether incorporated or unincorporated, which constitutes, maintains, or provides a market place or facilities for bringing together purchasers and sellers of securities or for otherwise performing with respect to securities the functions commonly performed by a stock exchange as that term is generally understood, and includes the market place and the market facilities maintained by such exchange. The term ‘exchange’ does not include a digital asset trading system, blockchain protocol, or any person or group of persons solely because of their development of a blockchain protocol.

…followed by a number of consequential amendments to subsequent provisions of the Exchange Act which would honestly be a bit too long to reproduce in full here. The upshot of it is that if an asset is a digital commodity, venues that trade those assets will be outside of the Exchange Act regime. The Exchange Act has long been considered an inappropriate regime for the trading of cryptoassets. This bill takes “digital commodity” cryptoassets out of it.

3) Definitions introduced elsewhere in the bill provide Section 301 with a very precise way of defining a Digital Commodity

 Broadly speaking, the assets that are sought to be carved out of the regime are so-called “digital commodities.” What are those? Well, there’s a definition! And unlike previous, shoot-from-the-hip attempts from e.g. Bill Hinman to provide a shortform test for whether an asset

The FIT Act proposes the following:

‘Digital commodity’ means…  

(i) any unit of a digital asset held by a person, other than a digital asset issuer, a related person, or an affiliated person, before the first date on which each blockchain system to which the digital asset relates is a functional network and certified to be a decentralized network under section 44 of the Securities Exchange Act of 1934, that was—  (I) issued to the person through an end user distribution described under section 42(d)(1) of the Securities Exchange Act of 1934; or  (II) acquired by such person in a transaction that was executed on a digital commodity exchange; or  

(ii) any unit of a digital asset held by a person, other than a digital asset issuer, a related person, or an affiliated person, after the first date on which each blockchain system to which the digital asset relates is a functional network and certified to be a decentralized network under section 44 of the Securities Exchange Act of 1934; and  

(iii) any unit of a digital asset held by a related person or an affiliated person during any period when any blockchain system to which the digital asset relates is a functional network and certified to be a decentralized network under section 44 of the Securities Exchange Act of 1934.   

So the network has to be functional and certified. How to we certify? Well a new Section 44 of the Securities Act of 1933 exists for that! And it basically says that you publicly file a bunch of disclosure documents with the Commission and self-certify that your coin is “decentralized,” there’s a rebuttable presumption that you’re right, and if the Commission disagrees they can attempt to rebut that presumption within thirty days of filing.

SEC. 44. CERTIFICATION OF CERTAIN DIGITAL ASSETS.

‘‘(a) CERTIFICATION.—Any person may certify to the Securities and Exchange Commission that the blockchain system to which a digital asset relates is a decentralized network.   

‘‘(b) FILING REQUIREMENTS.—A certification described under subsection (a) shall be filed with the Commission, and include—    ‘‘(1) information regarding the person making the certification;  ‘(2) a description of the blockchain system and the digital asset which relates to such blockchain system, including— ‘‘(A) the operation of the blockchain system; ‘‘(B) the functionality of the related digital asset;  ‘‘(C) any decentralized governance system which relates to the blockchain system; and  ‘‘(D) the process to develop consensus or agreement within such decentralized governance system;   (3) a description of the development of the blockchain system and the digital asset which relates to the blockchain system, including –  ‘‘(A) a history of the development of the blockchain system and the digital asset which relates to such blockchain system; ‘‘(B) a description of the issuance process for the digital asset which relates to the blockchain system; ‘ (C) information identifying the digital asset issuer of the digital asset which relates to the blockchain system; and  ‘‘(D) a list of any affiliated person related to the digital asset issuer;  ‘‘(4) an analysis of the factors on which such person based the certification that the blockchain system is a decentralized network, including –   ‘‘(A) an explanation of the protections and prohibitions available during the previous 12 months against any one person being able to ‘‘(i) control or materially alter the blockchain system;  ‘‘(ii) exclude any other person from using or participating on the blockchain system; and  ‘‘(iii) exclude any other person from participating in a decentralized governance system;    ‘‘(B) information regarding the beneficial ownership of the digital asset which relates to such blockchain system and any the distribution of voting power in any decentralized governance system during the previous months;  ‘‘(C) information regarding the history of upgrades to the source code for such blockchain system during the previous 3 months, including ‘‘(i) a description of any consensus or agreement process utilized to process or approve changes to the source code;  ‘‘(ii) a list of any material changes to the source code, the purpose and effect of the changes, and the contributor of the changes, if known; and  ‘‘(iii) any changes to the source code made by the digital asset issuer, a related person, or an affiliated person;  ‘‘(D) information regarding any activities conducted to market the digital asset which relates to the blockchain system during the previous 3 months by the digital asset issuer or an affiliated person of the digital asset issuer; and ‘‘(E) information regarding any issuance of a unit of the digital asset which relates to such blockchain system during the previous 12 months;    ‘‘(5) with respect to a blockchain system for which a certification has previously been rebutted or withdrawn under this section, specific information relating to the analysis provided in subsection (f)(2) or (g)(3), as applicable, in connection with such rebuttal or withdrawal.  

‘‘(c) REBUTTABLE PRESUMPTION.—The Commission may rebut a certification described under subsection (a)  with respect to a blockchain system if the Commission, within 30 days of receiving such certification, determines that the blockchain system is not a decentralized network.   

OK, so what’s a “decentralized network” then? Right up on Page 6 of the bill, some new amendments to the 1933 Act are proposed:  

The term ‘decentralized network’ means the following conditions are met:   

‘(A) During the previous 12-month period, no person  ‘‘(i) had the unilateral authority, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, to control or materially alter the functionality or operation of the blockchain system; or  (ii) had the unilateral authority to restrict or prohibit any person who is not a digital asset issuer, related person, or an affiliated person from   ‘(I) using, earning, or transmitting the digital asset;  (II) deploying software that uses or integrates with the blockchain system;  (III) participating in a decentralized governance system with respect to the blockchain system; or  (IV) operating a node, validator, or other form of computational infrastructure with respect to the blockchain system.   

(B) During the previous 12-month period  (i) no digital asset issuer or affiliated person beneficially owned, in the aggregate, 20 percent or more of the total amount of units of such digital asset that (I) can be created, issued, or distributed in such blockchain system; and  (II) were freely transferrable or otherwise used or available to be used for the purposes of such blockchain network;   (ii) no digital asset issuer or affilated person had the unilateral authority to direct the voting, in the aggregate, of 20 percent or more of the outstanding voting power of such digital asset or related decentralized governance system; or (iii) the digital asset did not include voting power.  

(C) During the previous 3-month period,  the digital asset issuer, any affiliated person, or any related person has not implemented or contributed any intellectual property to the source code of the blockchain system that materially alters the functionality or operation of the blockchain system, unless such implementation or contribution to the source code (i) addressed vulnerabilities, errors, regular maintenance, cybersecurity risks, or other technical improvements to the blockchain system; or  (ii) were adopted through the consensus or agreement of a decentralized governance system.   

(D) During the previous 3-month period, neither any digital asset issuer nor any affiliated person described under paragraph (20)(A) has marketed to the public the digital assets as an investment.   

(E) During the previous 12-month period, all issuances of units of such digital asset were end user distributions made through the programmatic functioning of the blockchain system.     

So basically what is currently understood as a “fair launch where all coins in circulation are mined” would be “decentralized,” would be “digital commodities” and therefore would not be “securities” and thus not subject to the Securities Act or Exchange Act securities regimes. This here is extreme shorthand and I’m still chomping on the (212 page long) bill, so more to come on this front on this blog.

Conclusions: not perfect, but a lot better than what we have

Is this legislation perfect? No. It’s also enormous so there’s much more to digest in the bill which might temper my initial opinion of Section 301. There is some dissent over the current version carving out a lot of DeFi contracts and DAO stuff from the digital asset exclusions.

Would it, if passed, open the floodgates to legal and regulated cryptocurrency innovation in the United States within certain well-defined boundaries, both in terms of increasing the number of the cryptocurrencies available and the DeFi venues on which they can be traded, while having some restrictions in place that restrict possibilities for insiders to get unfairly enriched? Yes.

If Congress is looking to clear up the confusion created by the recent Ripple Labs litigation looking forward, this is certainly a good place to start.

Ripple Labs Ruling Throws U.S. Crypto-Token Regulation into Disarray  

An earlier version of this post appeared on Zero Hedge.

What, legally speaking, is a cryptocurrency token sold to the public?

Following Thursday’s bombshell split decision by judge Analisa Torres of the Southern District of New York in SEC v. Ripple Labs et al., the answer appears to be that XRP is both an unlawfully sold investment contract when sold to VCs or institutional buyers, but a perfectly lawful, “something else” when sold anonymously via cryptocurrency exchanges, or distributed to employees or by insiders.

The only thing this ruling guarantees for cryptocurrency issuers, then, is continued uncertainty in the cryptocurrency markets – uncertainty which Congress, and only Congress, can step in to correct.   

At issue in this case is whether a decade’s worth of token distributions by Ripple Labs are sales of securities by dint of the transactions being “investment contracts” as such term is defined by the “Howey Test” in SEC v W.J. Howey Co., 328 U.S. 293 (1946), as clarified by subsequent precedentsThat test says, in brief, that a contract, transaction or scheme involving (1) the investment of money (2) in a common enterprise with (3) a reasonable expectation of profits arising from the entrepreneurial or managerial efforts of others is a juridical critter known as an “investment contract” and is, per the federal Securities Act of 1933, to be regulated in exactly the same manner as a security.   

For the purposes of conducting the Howey analysis, the court in Ripple Labs divided Ripple’s sales of tokens into three categories: (1) institutional sales to hedge funds, VCs and the like; (2) programmatic sales to retail directly on digital asset exchanges; and (3) “as a form of payment for services,” such as in restricted token purchase agreements or option contracts, to employees and other service providers.  

Ripple loses on “Institutional Sales” of XRP…  

On the first category of sales, institutional sales, Ripple lost, and lost big. $700 million + in disgorgement plus interest and penalties if Ripple doesn’t appeal (which it will).

There are few if any informed legal commentators who I have seen arguing that any court should have found otherwise.  

…but wins on “Programmatic Sales”… 

On the second category of sales, programmatic sales, the Court found in Ripple’s favor, arguing that the third, “expectation of profits” prong of Howey was not met despite finding that the prong was met for institutional sales. The reasoning for this was odd and appears to be based on the choice of venue through which XRP were sold: “Ripple’s Programmatic Sales were blind bid/ask transactions,” the Court wrote, “and Programmatic Buyers could not have known if their payments of money went to Ripple, or any other seller of XRP” and as such “a Programmatic Buyer stood in the same shoes as a secondary market purchaser who did not know to whom or what it was paying its money.” As a result, the Court opined, “Programmatic Buyers purchased XRP with an expectation of profit, but they did not derive that expectation from Ripple’s efforts (as opposed to other factors, such as general cryptocurrency market trends)—particularly because none of the Programmatic Buyers were aware that they were buying XRP from Ripple.”  

The Court here clearly erred, for one simple reason: the expectation of profit prong doesn’t require an expectation of profit as a result of the efforts of the seller, but rather the efforts of another; per Howey, “the efforts of the promoter or a third party.” As will be obvious to anyone active in the industry, XRP’s principal promoter is and always has been Ripple Labs, whether a purchaser was aware they were purchasing tokens from Ripple Labs or not.   

For an example of the SDNY applying this principle correctly, look no further than a 2020 decision granting the SEC’s motion for a preliminary injunction in a massive win against the Telegram messenger app and its blockchain development subsidiary. There, Judge Kevin P. Castel (more recently famous due to his smackdown of a couple of lawyers who wrote pleadings that included ChatGPT hallucinations) linked purchasers’ expectation of profits “upon the essential entrepreneurial and managerial efforts of Telegram[,]”not the entrepreneurial and managerial efforts of intermediaries who were selling Telegram SAFT contracts to all and sundry at the time.

It was “Telegram’s commitment to develop the project,” not the intermediary sellers’ resale efforts, which the Court held constituted the “essential efforts of another” for the purposes of this Howey prong. Because of this, I expect Ripple’s win on this point to be lost on appeal. 

…and bizarrely also wins on “Other Distributions” of XRP  

Finally, and most bizarrely, Ripple won on the basis that “Other Distributions” to e.g. employees did not satisfy the first prong of Howey, the “investment of money” prong. This one is a real head-scratcher because it is abundantly clear from the precedents that an “investment of money” for Howey purposes need not actually include the transfer of funds – what it requires is only that the purchaser “gave up some tangible and definable consideration in return for an interest that had substantially the characteristics of the security.”   

Yet, after stating that Ripple’s “Other Distributions” “include distributions to employees as compensation and… to develop new applications for XRP,” relationships which in practically any commercial setting are regarded as possessing the requisite bi-directional movement of contractual consideration necessary to satisfy this prong (employee provides services; employer provides tokens), the Court concluded that the necessary contractual consideration was nonetheless absent and no “tangible or definable consideration” was paid to Ripple. Employees providing services and third parties developing applications for use on a protocol strike me as profoundly tangible and measurable things in relation to which great sums of money and cryptotokens are routinely paid.   

That the consideration for this prong can be minor, or even nominal, is not a point which has been seriously disputed for some time, even among the crypto bar. Peter Van Valkenburgh at Coin Center wrote in 2017 that even “free” distributions of tokens via an airdrop which required a user to provide only an e-mail address was sufficient consideration flowing from the investor to the issuer, and going the other way issuers benefited through the receipt of “value by spawning a fledgling public market for their shares, increasing their business, creating publicity, increasing traffic to their websites, and, in two cases, generating possible interest in projected public offerings.” For this reason, this finding strikes me as probably erroneous and vulnerable to challenge on appeal.   

Schrodinger’s Shitcoin  

The legal status of XRP, then, seems to possess a kind of quantized duality, Schrodinger’s Shitcoin – it’s a security when sold to an institutional investor in a primary sale, but not a security when sold behind the anonymity of a cryptocurrency exchange, or when sold in exchange for services to insiders.  This position strikes me as deeply unsatisfactory from the standpoint of regulatory consistency – no other security magically transmogrifies from a security to a non-security depending on to whom it is sold, or after it is sold more than once – as well as being a manifestly incorrect application of the line of precedents relating to the first and third Howey prongs when one considers the entirety of the reasons why an XRP purchaser buys XRP tokens.   

Much has also been made of the judge’s opinion that “XRP, as a digital token, is not in and of itself a ‘contract, transaction or scheme’ that embodies the Howey requirements of an investment contract.” Ok, fine. But the term “contract, transaction, or scheme” in Howey is very deliberately open-ended, and there’s nothing in the caselaw which would prevent XRP itself from being designated as embodying the investment contract, much in the same fashion as a bearer security. When the SEC appeals this finding or raises it in other litigation in other federal courts, as is virtually certain to occur, the SEC is going to have plenty of precedent on its side (see e.g. pyramid scheme cases such as 1973’s SEC v. Glenn Turner, where the product constituting an “investment contract” was a bunch of motivational tapes and rights to sell motivational tapes to new investors). A cryptocurrency token which can only do one thing – be re-sold to new investors – seems to fit those half-century-old precedents, if the SEC decides that reclassifying tokens in this way is an issue it needs to discuss.

There are other issues in this case relating to Ripple executives Chris Larsen and Brad Garlinghouse. I leave those issues undiscussed here to focus on the legal problems faced by cryptocurrency issuers and keep under my word count. As for issuers, the U.S. market is thus presented with two broad pathways for further development, much as it had in 2018 after the SEC’s Bill Hinman unwisely invented the “sufficiently decentralized” test for token issuance which launched a thousand ICOs, and was subsequently benchslapped by district courts across the United States.   

The first path is that our unfit-for-purpose regulations will not change and a new wave of token issuers will seek to avail themselves of this narrow and in my view likely incorrect ruling to launch new programmatic token schemes – “Programmatic ICOs” or PICOs – aping the Ripple structure, and the SEC will find itself bringing enforcement actions against these schemes in two to three years, to the detriment of the American economy, investors, and innovation more broadly. Startups following this first path should exercise extreme caution – as my colleague Palley puts it, “that order in the Ripple case is a partial summary judgment from a single district court judge. While persuasive, it’s not binding precedent on other courts and will likely be appealed and could be reversed. Don’t yolo into anything based on that decision.”  

The second path is that the U.S. Congress realizes that it makes no sense for a thing to be a security in one transaction but not another, and passes laws – as the UK is now doing – to normalize cryptocurrency investment by conferring a well-defined legal status on all token transactions, requiring an aggressive disclosure regime and doing away with the Securities Act of 1933’s requirement that we regulate tokens which are paired with no contractual promises in the same manner as we regulate contractual instruments, as the UK has done.   

Conclusions 

Ripple’s business of selling tokens should be legal in the United States, within regulatory guardrails. Currently, in my personal opinion, it isn’t. In my view Judge Torres’ ruling that it is, will likely be reversed on appeal.

In the meantime, it is probable that this ruling has changed the risk calculus of crypto developers and investors in the United States, for which the final outcome of an eventual appeal is largely irrelevant, because the business risk of investing in crypto has likely decreased.

Whilst the crypto markets are global and the U.S. has a mere 5% of the world’s population (and thus the effects of any American regulatory scheme will, ultimately, be limited), U.S. investors and entrepreneurs, whether we like it or not, tend to have more money and execution capacity than those elsewhere. Hence regulatory developments in the U.S. tend to have limited but relatively larger effects on the global markets than regulatory developments elsewhere.

Where the mood post-FTX was dark and was only getting progressively darker as the Gensler SEC’s regulation-by-enforcement drive hit a fever pitch with lawsuits against major global exchanges in June, this seems to have turned on a dime now that a federal judge has given a glimmer of hope that the SEC is wrong and those exchanges and issuers are right. This also piles pressure on the SEC and its anti-crypto Democratic handlers in the Congress who, for the first time I can think of, have experienced a defeat in a crypto case and thus have renewed incentive to avoid that outcome from happening again by implementing a statutory scheme for cryptocurrency which regularizes the product and cannot be defeated in court. For these reasons, while the appeals are pending, I expect crypto new product development and marketing to resume and indeed increase.

My hope is that Congress will get its act together and decide that it’s time for cryptocurrency tokens and cryptocurrency exchanges to receive their own purpose-built disclosure and supervisory frameworks which will take cryptocurrency regulation out of the slow and contradictory hands of our courts and the politically motivated hands of the SEC, and dispense with the anachronistic regime of broker-dealers, custodians, and transfer agents with which the SEC presently seeks to hamstring the industry, to allow U.S. crypto business to proceed, with regulatory certainty, in a more laissez-faire manner, such as is permitted in jurisdictions like the United Kingdom.

My expectations of Congress are, however, quite low. I hope to be proven wrong.  

Image licensed under the Pixabay license.

“Disinformation” is not a crime

In the case of Missouri et al. v. Joseph R. Biden et al., the State of Missouri and others have alleged that the U.S. government’s cooperation with social media websites, paired with implied and express threats of regulation if the social media companies refused to comply, to censor Americans expressing otherwise lawful opinions should be prohibited under the First Amendment.

Further to this, in the middle of last month, Missouri and the other plaintiffs filed a motion for a preliminary injunction against Joseph R. Biden, the President of the United States, in his official capacity, and various other individuals in their various official capacities as heads of government agencies, such as Tony Fauci and Xavier Becerra, and anyone acting in concert with them, seeking to prevent them from doing the following:

from taking any steps to demand, urge, encourage, pressure, or otherwise induce any social-media company or platform for online speech, or any employee, officer, or agent of any such company or platform, to censor, suppress, remove, de-platform, suspend, shadow-ban, de-boost, restrict access to content, or take any other adverse action against any speaker, content, or viewpoint expressed on social media[.]

Today, July 4th, 2023, a federal district court largely granted that motion, and prohibited the Biden Administration from taking any action to remove content which constitutes protected free speech. Exceptions were made where the contact with the social media company was made with a view to notifying the firms about various categories of crime, national security threats, and the removal of posts that “are not protected free speech”.

Put another way, it was a monumental victory for freedom of speech, and made it clear that the government can’t achieve by threats and political pressure on third parties what it is prohibited by law from doing on its own.

Pravda The New York Times complained that the ruling “could curtail efforts to combat false and misleading narratives about the coronavirus pandemic and other issues.”

The Washington Post, meanwhile, was similarly disappointed, whining that “[t]he Donald Trump-appointed judge’s move could undo years of efforts to enhance coordination between the government and social media companies.”

But will it actually?

Talking to the government as a web company: a lawyer’s perspective

There’s a reason lawyers say “don’t talk to the police.” I would extend that principle and say “don’t talk to the government.” We don’t say this because you shouldn’t cooperate with the government, or that the government is somehow inherently bad. It’s because talking to the government involves potentially huge amounts of personal liability if you happen to put a foot wrong by making a materially false statement, for example. You can limit this liability substantially by keeping your communications few and always making those communications with the assistance of a legal team.

As such, it is extremely unusual for businesses to have frequent, casual, unsupervised contacts between senior staff and federal agents, and why most folks who are in the “helping-u-deal-with-the-government” business had our collective jaws hit the floor when we learned that Homeland Security was openly deputizing private actors to help them insinuate government propaganda policy in corporate boardrooms.

Putting politics (including free speech issues) to one side for a moment, allowing senior corporate officers to have that level of close, even chummy contact with DHS and the FBI is insane. Normally, when contact is inbound from a federal agency, it is done as a result of and pursuant to some official process, usually authorized by a court or a grand jury, in writing, where the government has a legally binding demand and the company has a legally binding obligation to respond.

With a web company like Twitter or Facebook, those sorts of communications – the legally binding kinds – likely fall into the following categories, at least from American government agencies:

  • The overwhelming majority of the legal process likely consists of grand jury and other administrative subpoenas, where a grand jury has been empaneled and is investigating some crime for which records are sought. Generally when served on an internet communications company these subpoenas can only obtain non-content subscriber logs. For content you’ll need a…
  • Search warrant signed by a judge, issued upon probable cause that the records held by the social media company contain evidence that will assist in the commission of a crime.
  • 2703(d) Orders, which are sort of a halfway point between a subpoena and a search warrant in terms of the kind of information which is available, in that it can get detailed logs about with whom an internet user communicated but not the content of that communication (which requires a warrant).
  • National Security Letters, which can demand non-content data but are authorized by senior officials at the FBI rather than a grand jury.

Mind you, in the event of a genuine emergency, which to me means “an actual, even if unlikely, threat to life or property,” law enforcement may request, and social media companies may volunteer, this information if they wish. Otherwise, the obtaining this information from a web company requires U.S. law enforcement to follow a statutory pathway set out in the USA PATRIOT Act and the Stored Communications Act in order to get it.

Judge Dougherty’s order does not do a thing to prevent these kinds of communications from being made between law enforcement and social media companies. This is good and correct.

What these pathways share in common is that they relate to criminal proceedings or regulatory violations. If you aren’t breaking any laws, there’s no reason for the government to empanel a grand jury or obtain a search warrant. Moreover, these orders do not, repeat not, require social media companies to take any action against the content in question once the orders are given.

American laws on content do not empower the government to deputize social media companies as political speech enforcers

This is not the case in the rest of the world. Take for example the Christchurch Shooting in 2019. In that shooting, a deranged individual named Brenton Tarrant posted a manifesto online before live-streaming what can only be described as an absolutely horrific crime on Facebook Live.

As it happens, the Christchurch Shooting happened in New Zealand, not America, and New Zealand has a censorship law which it more or less immediately invoked against that content, like many other countries around the world also do. The country subsequently embarked on a global crusade, the Christchurch Call, to wipe the video off the web. Social media companies, including Zoom, Dailymotion, Youtube, Google/Alphabet, Facebook, and even Twitter enthusiastically signed on to this initiative.

In the United States, there would be no legal requirement on Facebook to remove his account after receiving a search warrant from the FBI. There is not, as far as I am aware, any rule of law in any jurisdiction of the United States, state or federal, which would empower the government to order that content removed. Indeed, there’s a rule – 47 U.S. Code Section 230(c)(1) – which says that Facebook not only has no obligation to remove that content, but Facebook is presumptively immune from liability even if it made a conscious, affirmative editorial decision to leave it up.

“Disinformation” is not a crime, and getting the government out of the “disinformation” business won’t harm public safety

This is the key distinction between the American and European (the latter of which includes Canadian, NZ, Australian) approaches to speech regulation of the Internet, and why the relationship of a social media company to the U.S. government necessarily has to be different than its relationship with a foreign one.

In Europe/Canada/NZ/Australia, expressing a controversial point of view, without more, can be a speech crime. In America, it is not. We see, however, that there remain many avenues for law enforcement to make requests of social media companies and for social media companies to respond to those inquiries. All that is required first, in the usual way, is the evidence of a commission of a crime and judicial supervision, or some valid investigatory process like the empaneling of a grand jury. (Indeed, notifying social media companies of the presence of illegal activity is broadly carved out from the scope of the injunction, so law enforcement still has the ability to contact socials about bad actors who are suspected of breaking the law.)

What is not permitted by the injunction is coordinating to suppress lawful speech and conduct. The question we should be asking ourselves about Missouri v. Biden is whether we want the government using informal pressure to police speech which the people, with the legal bargain enshrined in the First Amendment, have not authorized the government to police.

The government’s track record is not strong on this point. Official state mouthpieces have, in the last three years, labeled statements criticizing the official position on vaccine efficacy, laptop computers allegedly belonging to a certain presidential candidate’s son, and the origins of a certain coronavirus “disinformation.” As it turns out, all of those government pronouncements on aforementioned matters of considerable public importance were false, and the so-called “disinformation” was true.

If the state thinks a crime has been committed, there are a great many avenues for it to let this be known to social media companies. What the New York Times is complaining about is speech which is sub-criminal and merely unpopular. The Times laments that a federal court had the temerity to tell the Executive Branch to stay out of regulating speech that, in America, an oversensitive person might complain about to a college administrator or an HR department – not the police.

Post-COVID, the “just trust us, these opinions are bad” dog won’t hunt. For now, the government has their Twitter accounts and gray checkmarks. I can only suggest that they use them. The result of Missouri v. Biden will not be a catastrophic reduction in state capacity to enforce the laws or police bad behavior on the web. Really, all it will mean, going forward, assuming the result from this preliminary injunction holds, is that the government will simply have to win the argument by embracing transparency and presenting evidence in public – just like everyone else, and just as they should have been doing from the start.