The Back of the Envelope (a blog)

A version of this article was republished on CoinDesk.

Earlier this month, the UK’s financial conduct regulator, the Financial Conduct Authority or FCA, announced new, near-final proposed rules, following recently-enacted secondary legislation, on financial promotion of crypto-assets within the country. Taken together with the passage of the UK Financial Services and Markets Act 2023 (the “2023 Act”) earlier this week, which brings crypto-assets under the UK’s broader financial regulatory regime contained in the UK Financial Services and Markets Act 2000 (“FSMA”), including FSMA’s rules on financial promotions, it is now all but inevitable that the FCA’s new rules – or ones very close to them – will be entering into force on schedule on or about October 8^th. 

This is the culmination of a yearslong effort in the UK government to create new rules to govern cryptocurrency business within its borders. As such it represents something of a departure for the UK from its usual approach to cryptoasset regulation. Historically, the United Kingdom’s financial regulators have not had the power to regulate – and thus have avoided regulating – crypto-assets such as Bitcoin, Ethereum, Cardano, or Cosmos in their capacity as investments, at least in the same manner that they regulated TradFi instruments such as securities. This differs significantly from the regulatory landscape in the United States where, infamously, the U.S. Securities and Exchange Commission asserts more or less plenary authority over the cryptocurrency sector by utilizing 90-year-old securities legislation, and in relation to which it has been prosecuting a regulation-by-enforcement campaign in the federal courts.

Among many other things the 2023 Act does, it folds certain types of regulated activities, like arranging deals in or managing investments when crypto is the underlying product, into the FCA’s regulatory scheme. It also grants additional, and as far as I can tell open-ended, powers under a new “Designated Activities Regime” to impose crypto-specific, as-yet-undetermined rules and restrictions on the industry, which in the government’s opinion include powers to go so far as banning of particular types of crypto business or asset. 

The most immediately relevant provisions from the Act for cryptocurrency developers, though, are aforementioned changes which bring cryptocurrency marketing fully under the existing financial promotions regime. Generally speaking, in the UK one is not allowed to “communicate an invitation or inducement to engage in investment activity” in the course of business to a prospective customer unless conducted or approved via a regulated entity, or an exemption applies. Regulated entities under the new regime for crypto include FCA authorized firms, registered cryptoasset firms, or authorized firms which have passed through regulatory gateway legislation (which is currently with Parliament). How these communications may be made and what they must contain is governed by complex rules, too; given that penalties for noncompliance include fines and potential imprisonment, strict adherence to the rules is a must. 

Current state of play

What does this mean? Unlike in the U.S., and news stories saying “crypto is now a regulated activity,” cryptocurrency itself has not been redesignated as a regulated product. As far as this writer can tell, the act of hashing a genesis block, mining coins, and distributing them otherwise than in the course of business still isn’t regulated, whereas in America there are those who would argue that it is. 

Engaging in certain types of “regulated activities” which are already regulated vis a vis other kinds of investments in relation to crypto, however, will be regulated going forward. For service providers undertaking what would otherwise be regulated activities, it means compliance and licensure. Developers and issuers, on the other hand, should still consider the UK open for business, although they will need to approach doing business in the UK and with UK consumers with considerably more care than before. Unlike in the U.S. where the regulator is asserting that crypto-assets are securities, cryptoassets qua cryptoassets are more or less treated the same as they were a year ago. Extremely stringent rules around marketing cryptocurrency to consumers are proceeding ahead with dispatch, and it is in this marketing where the heaviest compliance burden for devs will arise.

The types of marketing covered by the financial promotion regime could include not only marketing in a formal sense like a television advertisement or an investment memorandum, but also less formal communications where cryptocurrency companies usually market their protocols such as podcasts, hackathons, conference events, and meetups, or online banner ads and Tweets. The new regime also includes communications to high-net-worth and sophisticated investors.

Moreover, at least based on my reading, the new rules make no distinction between ICO-based cryptoassets like Polkadot or Cosmos and cryptocurrencies which are generally regarded as “decentralized” and not subject to much regulation even in the United States, such as Bitcoin or Ethereum. This means that something as seemingly harmless as a cryptocurrency ATM might need to have any marketing copy it displays on its user interface (“Buy crypto here!”) reviewed by an FCA-authorized firm and brought into compliance with the new rules.

The bargain that appears to be emerging in the UK is that the price of freedom to develop and trade crypto is tight regulation on how it is marketed to consumers. If things get too out of hand, more rules may follow. But they haven’t followed yet. This is a novel approach which, unlike the draconian regulatory crackdown underway in America, strikes what feels like a fairer balance between free markets and consumer protection. This approach gives the crypto markets latitude to evolve on their own while also incentivizing higher levels of disclosure from those who seek to make money selling to those markets. 

The tantalizing possibility here is that the UK Treasury exercises restraint with its new powers and that existing, regulated market participants with large UK presences – companies like BnkToTheFuture and eToro immediately come to mind – might fill the gap and develop businesses which evaluate and prepare the volumes of marketing disclosures that will be needed to promote the sale of cryptocurrencies available for sale on their platforms, while the government remains hands-off of developers and software startups operating within its borders. 

If the regulators can exercise a bit of self-control and sit on their hands, there’s a good possibility Britain could eat America’s lunch. Whether they can resist that temptation remains to be seen.

I developed something of a reputation for being a skeptic about the legal propriety of selling cryptocurrency tokens in the United States. I used to write about this extensively, particularly in 2017-18 when I was studying for my LL.M. to get dual-qualified in America and, accordingly, had more free time and latitude to say what I wanted than I do now as a partner in an American law firm.

Moreover, I held this position when it was unpopular and non-obvious, unlike the recent crop of crypto critics like former government lawyer John Reed Stark who seems to take endless glee in kicking the industry while it’s down. See, e.g., on July 9th, 2014, when my friend Tim Swanson and I were quoted in a CoinTelegraph article, “Mitigating the Legal Risks of Issuing Securities on a Cryptoledger,” when I said that “[Virtually] nobody has done this correctly. To date I have not seen a single crypto-security that has been properly structured.”

People thought I was crazy at the time. Others probably thought I was just a jerk. The truth is probably somewhere between the two. Keep in mind, of course, that in 2014 the idea of an “Initial Coin Offering” didn’t really exist; entrepreneurs like Joel Dietz marketed his “Swarm” crowdfunding token as “crypto-equity,” a term which fell into disfavor by more sophisticated projects like Ethereum which, only a month after I was quoted in the CT article, launched its ICO. But even that wasn’t called an ICO. That, presumably per whatever advice was given to Joe Lubin by his lawyers, was a “sale of crypto fuel for the Ethereum network.”

Ethereum subsequently exploded in 2017 and with it came a thousand imitators and other variations just like it. U.S. regulators were slow to respond. SEC Director Bill Hinman added fuel to the ICO fire when made his famous “Hinman Speech” which set out the (now-discredited) “sufficiently decentralized” exception to the Howey test. (Keeping in mind that Hinman was based out of San Francisco, the general assumption among those of us who were not in the cool SF VC crowd was that they had successfully convinced that office that Ethereum – a popular investment out there – was the next Internet and the best thing for the government to do would be to get out of the way and let Ethereum prove it.)

I think it is safe to say, five years later, that Ethereum has not cracked a lot of the scaling issues it would have needed to crack in order to become the next Internet. With those broken promises on one side, perhaps it is not surprising that the government has decided to adopt a more traditional approach as well, with the NYAG’s office alleging that Ethereum is a security in her recent lawsuit against KuCoin for violating New York’s Martin Act. (For reference, I have been arguing Ethereum should have been regulated as a security for several years – see my 2018-era blog posts Whether Ether is a Security and Ether is not a Security?)

What followed the Hinman Speech can only be described as confusing. Up till the Hinman speech, the SEC really had only gotten involved in the crypto business in cases of obvious and notorious fraud. The first such case that I can recall was the case of SEC vs. Trendon Shavers and Bitcoin Savings and Trust (a Ponzi scheme) and SEC v. GAW Miners, Joshua Homero Garza et al. (another Ponzi scheme involving the sale of “mining contracts” and a $20 stable coin called “paycoin”).

In terms of non-fraud enforcement, the SEC started to bring its first set of enforcement actions, announced by way of settlements, with a number of coin-related projects in late 2018, only months after the Hinman Speech was published. The first such settlement, with a founder of early decentralized exchange, or “DEX,” EtherDelta, was announced on Nov. 8th, 2018; the SEC claimed that the DEX operator was operating an unregistered exchange, which necessarily implied that the SEC took the view that some of the assets on EtherDelta – being Ether and ERC-20s – were securities. Ten days later, the SEC announced its first settlements with two otherwise completely unmemorable ICO issues, Airfox and Paragon; both respondents agreed to register their tokens as securities (which does not appear to have happened as far as I can tell).

What followed over the next year was a range of weird settlements which failed to serve as a deterrent to further ICO issuance being conducted at the same time as a bunch of weird transactions (such as the Filecoin Reg D pre-sale of functional storage tokens which the SEC now alleges, in the Coinbase lawsuit, are securities) which tried to pretzel their way into compliance with the non-guidance guidance issued by Bill Hinman. EOS, for example, which advertised its product on a giant Times Square billboard during Consensus 2017 and raised north of $4 billion in crypto (as valued at the time), was somehow allowed to skate by paying a $24 million fine – and not even a requirement to register! Other projects were not so lucky. Kik Interactive, Telegram, and Ripple Labs (which I said was a security before it was cool) each launched absolutely gargantuan ICOs; both Kik and Telegram lost badly in federal court, and I do not rate Ripple’s chances. Similarly the much-smaller LBRY project, based in New Hampshire and which pre-dated EOS by some years, was not, as far as I am aware, offered a settlement deal with the SEC which would have permitted their business to continue operating; the only logical reason I have been able to deduce for this is that the SEC’s Boston office wanted a scalp and the only place you’ll find a crypto startup in New England is in New Hampshire.

This brings us to the Coinbase complaint. Nothing about this lawsuit against Coinbase will come as a surprise to any attorney who has been practicing in the U.S. after 2018.

The charges alleged are numerous. The SEC accuses Coinbase of violating the registration requirement of the Securities Act of 1933 in relation to its custodial staking offering.

It also charges Coinbase with violating the Exchange Act’s registration requirements, which require anyone effecting transactions in securities to register and be supervised by the Commission. Furthermore, Coinbase is charged as operating as an unregistered broker-dealer and with operating as an unregistered clearing agency, being “any person who acts as an intermediary in making payments or deliveries or both in connection with transactions in securities or… provides facilities for comparison of data respecting the terms of settlement of securities transactions.”

I am not going to spend this entire blog post quoting chapter and verse on broker-dealer registration requirements because that would be boring. I also won’t go into a detailed Howey analysis on many of the coins mentioned in the complaint – including Solana, ADA, Matic, Filecoin, SAND, AXS, CHZ, FLOW, ICP, NEAR, VGX, DASH, and NEXO. The important thing here is that the SEC is seeking, as a remedy, a permanent injunction against Coinbase from operating an unlicensed exchange. If they can get one of the tokens to stick and win at trial, they may be able to shut down Coinbase’s core business completely.

What did surprise me is that it took this long. Back in 2017, I hypothesized that one day there would come an event – one I referred to as the law enforcement would launch something akin to “simultaneous dawn raids at the major exchanges and the homes and offices of the major ICO promoters, with a variety of agencies in a variety of countries co-ordinating their activities.” It’s hard to tell whether we’re at the beginning of a process that extensive, but if the SEC is going after Coinbase, no one in Coinbase’s business is safe. I called that event “The Zombie Marmot Apocalypse,” said it was massively bearish for crypto and I think it is safe to say that it is now upon us.

Our discussion thus turns to what comes next.

Is that all you got? pic.twitter.com/5sAsxvEA46

— nic 🌠 carter (@nic__carter) June 6, 2023

Crypto isn’t going anywhere, so I think the answer is “new exchanges that aren’t carrying all this regulatory baggage.” In terms of how that might look, here’s my current thinking:

1. Paradoxically, there is probably no better time – other than 2012 – to start a crypto exchange than today. For the first time since perhaps the start of Bitcoin itself, compliance will cost less than non-compliance. Existing industry giants have a lot of legal-technical debt they need to work through which will distract them and cost enormous amounts of money.
   
2. The United States have 4.25% (and shrinking) of the world’s population. Crypto is not going to die. In places where it is growing most quickly, particularly Latin America and Africa, there is neither the political will nor the harmonized enforcement capacity to shut it down.
   
3. Making companies like Coinbase treat crypto tokens as old-fashioned securities is like trying to regulate Starlink like we regulate road traffic. Equally, expecting the U.S. government to simply just let crypto happen was not realistic. Increased lobbying efforts and an openness to compromise by U.S. crypto giants will result in a middle path in the U.S. which will regularize crypto business within the next five years if not sooner. This will ideally include a separate regulatory path for cryptotokens which are currently regulated as securities but really shouldn’t be.
   
4. The companies that will succeed will have a growth strategy which doesn’t include the United States, and will then need to be ready to move to the United States on hair-trigger alert once regulations are favorable – or, in the alternative, they’ll need to develop a subsidiary that operates like INX and gets the appropriate regulatory approvals. I suspect that regulations will eventually loosen up so that companies like INX can operate more like companies like Coinbase and Gemini do today. To achieve scale, startups will need to build a toehold in countries with substantial populations of English-speaking crypto users which don’t ban ICOs and permit exchanges to trade spot crypto without regulating them as broker-dealers or clearing agencies.
   
5. The only G20 country I can think of which satisfies these criteria is the United Kingdom. (EDIT: the Australians apparently are G20 and are in my DMs chirping that they meet these criteria, too – excuse the omission!) The UK should be used as a launchpoint to access English-speaking Africa and India while the U.S. gets its act together and (likely) has a change in Presidential administrations to one that doesn’t want to completely eliminate avenues of escape from the dollar.

So. Crypto’s not dead, it’s just in need of a little legal tune-up. May the best and most compliant startup win.

It is increasingly clear to me that running a globally compliant Internet business will soon be, if it is not already, impossible in several important domains. In two specific spheres, crypto and publishing, the problem is most acute. As the post-war international order fractures, so too does the Internet. The result is that soon Internet businesses in crypto or publishing will have no choice but to violate the law somewhere if they want to continue to exist.

In the case of crypto, there are generally three regimes: (A) the United States and OECD; (B) BRICS; (C) Rest of World (“ROW“).

Although there is substantial variation within the U.S./OECD crowd (for example, the United Kingdom and Australia do not generally regulate ICO coins as transferable securities whereas the U.S. and Canada do), the general understanding is that the government has a substantial interest in regulating practically every touchpoint or intermediary which facilitates access to blockchain protocols and even, in the case of recent U.S. Securities and Exchange Commission noises around exchanges and/or U.S. treatment of the Tornado Cash smart contract, even access to protocols without access to intermediaries, even if overseas operators cannot be accessed directly from the U.S. but need to be accessed via VPN.

The result is that crypto businesses fundamentally cannot do in the United States what they are permitted to do in many other places, meaning crypto cannot be used in the United States in the manner it is used in other places. The U.S. requirement to treat every token like a full blown security, and all of the intermediary re-insertion to the process that entails (transfer agents, broker-dealers, custodians, ATSs, etc.) defeats the entire point of using the technology in the first place. As a result, a lot of crypto companies carrying on certain regulated activities will wind up having two different crypto businesses – an American-only offering and a ROW offering – because the irrationally harsh approach American regulators are taking to the space will make it impossible to market the ROW product to Americans on an economically viable basis, if at all.

BRICS countries (Brazil, Russia, India, China, South Africa) on the other hand, do regulate crypto but pair that regulation with slightly weaker and/or willfully blind and/or corrupt enforcement capacity. India is the most OECD-like of this group. Brazil is a very close second although to the observer trained in Anglo-American jurisprudence, the “Calvinball Constructionism” utilized by the Brazilian Supreme Court – which seemingly makes up new law from thin air every time it encounters a state of affairs it doesn’t like, without any requirement for there to have been a case pending before it first – appears very strange, and such volatility is likely to scare American business away.

Russia and China on the other hand appear willing to look the other way to permit activity within their borders that keeps them “in the game” while also possibly frustrating the geopolitical aims and global reach of their main rivals, the United States.

So we see headlines about countries like China banning crypto and Bitcoin mining, but failing to enforce it – the mining continues on.

Or we see entrepreneurs like Alexander Vinnik of BTC-E operate freely in Russia, get picked up in Greece for violating all of the laws in the United States, and now years later we learn Russia is reportedly considering pulling him back home as part of a prisoner exchange. If such an exchange came to pass, it would tell me that Vinnik’s failure to obey the U.S. Bank Secrecy Act – and Russia’s attitude towards compliance within its own borders generally – has less to do with the actual content of the laws on their books and more to do with whether the activity serves Russia’s interest in undermining America’s control of the global financial system.

In the case of publishing, similarly, each country is charting its own course regarding Internet censorship and state control of published materials on the Net. Generally speaking, there are two regimes: (A) the United States and (b) ROW. In this matrix, however, the United States is the freest jurisdiction in the world, with strong First Amendment protections for sites wishing to host user generated content and for the content users choose to post, as well as the affirmative defense for platforms which host that content from civil actions in the form of 47 U.S.C. § 230(c) (commonly known as “Section 230”).

No power on Earth can force an American company running an application on American metal to censor even a single bit of user generated content which is lawful in the United States.

The ROW, on the other hand, has a variety of different regimes with different rules, but one thing in common: most of the ROW confers the right on the state to order platforms to take down political content which would be lawful in the United States. This is the case with Germany’s NetzDG, with the E.U. Digital Services Act, with the Brazilian Paim Law or recent nation-wide ban of the Telegram app, and, if enacted, with the United Kingdom’s Online Safety Bill.

At the moment, companies such as Twitter generally comply with these laws by removing content or blocking it in the subject jurisdictions but allowing it to remain accessible from elsewhere, such as in the United States. As the world splinters, however, I expect that countries’ censorship regimes will become more demanding and that erasure, not obscuration, will be required. Much like the U.S. SEC/CFTC/DOJ/WTF/BBQ have problems with VPNs when it comes to digital money, so too will the Europeans when it comes to speech. Companies will have no choice but to fold to every petty takedown demand or fall out of compliance.

Combine with this with conflicting data privacy regimes, or laws in places like Poland which bar companies from censoring social media users, or a desire to simply not engage in political censorship and… well, you get the idea. You can’t comply with conflicting requirements at the same time, and you can’t run a business that has American values in a European country.

The third major category which the world might fumble on technological progress, but where it’s still way too early for there to have been anything approaching a coherent regulatory proposal emanating from our idiot leaders, is the field of Artificial Intelligence. I suspect that from a regulatory perspective A.I. will likely fall into the “publication” category in the United States. Thus, barring some political disaster like a Butlerian Jihad, the First Amendment and Section 230 will do their thing and America will have another chance to lead the world there.

I am of course speaking in generalizations here. Any one of the statutes mentioned in this post could merit an entire book’s worth of writing by itself, so read the above not as specific conclusions following rigidly structured analysis but rather as hunches based on how these laws feel, to me, as I have been getting my hands dirty with them.

Speaking and transacting combined represent the overwhelming majority of human activity. It occurs to me that America is making the gravest of strategic mistakes by choosing to be the world’s leader when it comes to decentralized, digital publication of words and the expression of ideas, but not the world leader – or even a major player – when it comes to the adoption of decentralized, digital money.

In case it is not clear to our politicians by now, let me be frank: technological prowess is the only issue that matters. The brightest possible future belongs to the country which decides to become the most technologically advanced, and the country that does that is the one that embraces total freedom for its people. Not in one category of technology or another, but in all of them at the same time.

This – with an assist from Alan Greenspan – is what lit the fires of the American economy in the megaboom years of the 1990s and 2000s, and could do it again today. America could own the 21st Century. Instead we’re printing to infinity and blowing our lead. What a shame.

An edited version of this post was published on CoinDesk on Tuesday, December 6th.

The story of the Initial Coin Offering in American law is a play in four acts: Kik Interactive, Telegram, LBRY, and Ripple Labs. With three of the four cases decided, and Ripple Labs and the U.S. Securities and Exchange Commission exchanging dueling replies to motions for summary judgment on Friday, Dec. 2^nd, we now enter the dénouement of a ten-year-long story that began with long-forgotten projects like Mastercoin and Counterparty, blasted into public consciousness with projects like Ethereum, and now slowly dies as American crypto developers shun the mother country for greener pastures abroad.

If Ripple should lose, as I expect it will sooner or later, its defeat would be highly symbolic. The company and its associated protocol are among the most longstanding and significant cryptocurrency projects in the world. Back when it got its start in 2012, the term “Initial Coin Offering” didn’t even exist. Neither did enforcement against the then-miniscule crypto industry – the U.S. Securities and Exchange Commission (“SEC”) wouldn’t announce its first settlement for non-registration until November of 2018 with the Airfox and Paragon ICOs. For context, Ripple’s network went into production on January 1^st, 2013 – nearly six years earlier.

Apart from the fact that Ripple has sat in the top ten coins by market cap for nearly a decade, the project also represented a unique approach to consensus at a time when approaches to blockchain consensus of any kind were only a few years old, and both cryptocurrency users and institutional blockchain users were engaged in substantial experimentation to get the lay of the land.

Generally speaking, blockchains in the 2013-15 period worked in one of four ways: (1) proof-of-work, (2) proof-of-stake, (3) permissioned, and (4) that weird thing Ripple does.

Ripple utilized a novel consensus mechanism where a list of nodes, the so-called “UNL” or “Unique Node List,” conduct round-robin voting until 80% of them arrive at an agreement as to which transactions should be appended to the end of a chain in a given round, similar to a model more commonly known today as delegated proof-of-stake (except, without the stake). Similar approaches with PBFT round robin voting processes, without the UNL and markedly more decentralized, can be found today with many protocols like Tendermint or Cosmos. The advantages of this approach, it was claimed by Ripple’s proponents, are that the network can process many more transactions at far lower cost. The disadvantages, it is claimed by its detractors, are that it requires a higher degree of trust and is not truly decentralized.

Ripple’s legal troubles are not about the protocol, though – they’re about the tokens. On genesis, Ripple Labs or its predecessor OpenCoin entity minted 100 billion tokens, which were subsequently distributed to the company and early officers and then sold into the wider crypto markets to fund Ripple Labs’ operations.

At the time, there was much spirited debate about whether tokens sold in such a manner constituted securities. On one side were crypto entrepreneurs who claimed that token sales could serve as a lightly regulated governance mechanism and crowdfunding tool. On the other were many lawyers, myself included, who thought that the SEC would eventually get wise and crack down on the practice.

As we now know, the skeptics were right.

The first ICO to go down in a big way was Kik Interactive. Kik was, or rather still is, a lightly-used messaging app which pivoted into crypto at the height of the first great ICO boom in 2017. Kik sold tokens directly to the public without a registration statement in effect. The SEC sued and, sixteen months later, Kik lost on a motion for summary judgement. 

Telegram was the Commission’s next scalp. Telegram, as is widely known, is a popular, allegedly encrypted messaging app founded by Russian VK billionaire Pavel Durov. Famously, despite being one of the most popular messaging apps on the planet, Telegram generates no revenue. To remedy this, Telegram issued and sold a staggering $1.7 billion in cryptocurrency tokens in various private fundraising transactions via private placement over the course of 2018.

Telegram differed from Kik Interactive mainly in that Telegram sold tokens first via private placement to high net worth and offshore investors, who would presumably later unload those tokens onto U.S. markets and thus to U.S. retail purchasers. Mere days before the tokens were to be issued, the SEC sued Telegram and obtained an emergency restraining order halting the token conversion. Here, too, the SEC would quickly win on a motion for preliminary injunction. The Telegram token project died immediately.

LBRY (pronounced “Library”) was the next project on the chopping block. LBRY is a reimagining of YouTube with decentralized monetization tools, designed to solve the problem of politically-motivated censorship at companies like Google and Facebook. The token performed a real function in a real application. In my estimation the project was one of the most honest and straight-shooting, if not the most honest, ICO ever conducted in the United States. The sale of that token, however, was deemed to be an offering of investment contracts. As in Kik Interactive and Telegram, LBRY too lost a motion for summary judgment, this time in the District of New Hampshire. LBRY has said that “LBRY Inc. will likely be dead in the near future.”

Since any information given privately to the SEC ends up leaking, we'd like to be upfront about the fact that LBRY Inc. will likely be dead in the near future.

We expect the LBRY mission to continue on, but the company itself has been killed by legal and SEC debts.

— LBRY 🚀 (@LBRYcom) November 29, 2022

This brings us to the present day. On December 2^nd the SEC and Ripple exchanged duelling motions in what should be the last shots fired, or at least among the last shots fired, between them, before a judge in the Southern District of New York will rule, once again, on the legality of a token project.

Boiling down Ripple’s argument in this case to a single line on Twitter, company counsel Stuart Alderoty resorted to something akin to denial, arguing, among other things, that there is no investment contract because there is no formal contract between Ripple and XRP purchasers, and that the tokens were sold for consumptive use.

The SEC, for its part, refers to “economic reality” not less than 15 times, asking the court to look “beyond boilerplate disclaimers to the economic reality” of the sales and that this economic reality “forecloses any argument that Ripple offered and sold XRP primarily for consumptive use.”

Reviewing the precedents, it’s pretty clear which argument has been more successful in federal courts. In Kik, Judge Hellerstein wrote that “form should be disregarded for substance and the emphasis should be on economic reality” (citing Tcherepenin v. Knight, 389 U.S. 332, 336 (1967)). In Telegram, Judge Castel pointed out “Congress intended the application of [the securities laws] to turn on the economic realities underlying a transaction, and not on the name appended thereto” (citing Glen-Arden v. Constantino, 493 F.2d 1027, 1034 (2d Cir. 1974)). In LBRY, Judge Barbadoro wrote that “the focus of the inquiry is on the objective economic realities of the transaction rather than the form the transaction takes” (citing United Housing Foundation v. Forman, 421 U.S. 837, 848 (1975)).

The SEC concludes its reply brief by stating “the registration regime established by the federal securities laws does not regulate ‘industries.’ It regulates conduct… for the benefit of investors.”

But does it really?

Reconsidering “economic reality”

At this point, the crypto industry has more or less resigned itself to the fact that a garden-variety ICO likely satisfies all of the limbs of the Howey test. I expect the outcome of the Ripple litigation will only confirm that.  But unlike 2016, when most of these investigations presumably started, there is another economic reality that needs to be considered: today, it is abundantly clear that crypto is never going away.

For all the case precedent discussing “economic reality,” the more material economic reality for America, as a society, is that there are hundreds of millions of crypto users around the globe, and that number is growing exponentially.

It’s pretty clear that a huge class of investors doesn’t want what the SEC’s selling. In fact, they want its opposite. Millions of digital natives use trustless smart contracts daily for loans and other financial beasties, or grant and purchase assets like fractional royalty cashflows. They do so in an instant, from anywhere in the world, with anyone in the world, on handheld supercomputers smaller than a chocolate bar. Very soon they will do so with the assistance of AI. Such investors will literally have superhuman abilities at their fingertips.

Telling next-generation crypto projects that the only path to compliance is to “come in and register” or drop dead is like trying to take a Model T into space. Crypto’s basic mode of operation is by self-custody and directly peer to peer over the Internet, not via paper forms signed with wet ink and mailed to a transfer agent or broker-dealer. There are no national securities exchanges which support cryptoasset trading. The SEC won’t even approve an ETF. The list goes on.

For the last six years, crypto has accepted the economic realities of a Depression-era regulatory scheme. The only question for America, at this juncture, is whether we want to back off from that regime just a little bit so we can nurture and supervise these new crypto companies right here at home – or persist, and drive them offshore.

The old ways are finished, whether Congress likes it or not.

This isn’t so much a blog post as it is a long tweet. None of this is legal advice.

It occurred to me recently that I’ve had the same thought pop into my head probably half a dozen times in the last two weeks. That thought is this:

Crypto has perhaps half a billion wallets, but I would struggle to say it has more than 50 million users.

By this, I mean that while I know plenty of people at this point – crypto and normie alike – who hold cryptocurrency, it is exceedingly unlikely that we should find an excuse to transact with each other with it. To start, it is not often that friends exchange cash with one another. If we do, for example if we buy something for someone else, there are applications like Venmo, CashApp, or Zelle which we can use to send each other money. I am a pretty diehard crypto person and even I struggle to accept or spend crypto. Most of my clients still pay in fiat.

I then had a related thought.

The reason crypto has half a billion wallets but not half a billion users is because existing applications are, by and large, purely transactional.

If I have a Wells Fargo account I don’t have a relationship with other Wells Fargo users; I have a relationship with Wells Fargo, as do they. Wells Fargo does not connect us, it services us. We need to connect in another way. Some apps, like a Venmo, have a somewhat social component to it. These apps are not, for most people, woven into the fabric of everyday life. One exception to this is WeChat, which is likely an anomaly due to the surveillance and censorship function it performs at the behest of the Chinese communist state.

PayPal didn’t make the Internet blow up. MySpace, and later Facebook and Twitter, did. The essential function of social is to provide people the means to communicate with other people on their own terms largely free from censorship, as the consumer Internet largely was prior to GamerGate in 2015. The absence of this kind of platform-agnostic facility in a crypto-native format, which also allows people to trade transactional information (bids, offers, complex transactions, wallet addresses) in tandem with a social network function is glaring.

So why isn’t Coinbase going to be the center of the crypto-internet? Well, because

Purely transactional systems do not solve the identity problem which needs to be solved in order for most of the world to trust cryptocurrency systems with their communications or be incentivized to use them for anything other than speculation.

Centralized transactional systems will never be able to fulfill the full promise of decentralized cryptosystems. Centralized social network systems are necessary to fully exploit decentralized cryptosystems.

To understand this point you first need to understand what “decentralization” actually means.

Many projects claim to be “decentralized.” By reference to practically any definition, most of them aren’t. I concede that the term “decentralization” does not have a concrete definition in the industry. What I mean by this is that virtually any project has some degree of central control. This does not stop virtually all projects with some components which are “decentralized” claiming the title for themselves, rightly or wrongly.

I have a thought exercise called the “Nuclear Bomb Test” (or the “Space Marmot Test”) which I use to assess whether a cryptocurrency system is decentralized. The results of the test dictate where I should start the analysis in determining whether a given cryptocurrency system is vulnerable to regulatory attack. It goes a little something like this: suppose that the Marmot Star Empire’s battle fleet parks itself in high Earth orbit and, Star Trek IV-style, decides to wipe out the human species so that they can steal all our vegetables.

The marmots, in their infinite wisdom, identify you, the founder, and your startup as the linchpin of humanity’s planetary defenses. Never mind what your startup actually does. All you need to know is that you are the Space Marmots’ target.

The crafty little marmots wait until you are in the room where your company’s servers are and launch a surprise attack with a 1-megaton (marmoton?) nuclear weapon, utterly and permanently annihilating you, your servers, your entire dev team, and everything to do with your business.

Postscript: I can't wait until AI art gets good enough to illustrate this. Close but not quite pic.twitter.com/l3FHupeo4l

— Preston Byrne (@prestonjbyrne) October 19, 2022

If the result of this attack from marmots from outer space is that your system ceases to work, then your system is not decentralized, or at least important parts of it are not decentralized. If your system continues to work, then it is decentralized, and is so in such a way that is likely to be highly resistant to regulatory attack if you launch it Satoshi-style and then disappear.

There are of course qualifications to this, for example, if you layer on lots of governance functionality and you hold large quantities of tokens, etc. Remember, though, you got vaporized by the Marmot Star Empire. The system has to do 100% of the work 100% of the time without a steersman to pass the Nuclear Bomb Test/Space Marmot Test. (Cognizant that, if we change our assumptions / environmental variables enough, even a system like Bitcoin will break. Assume arguendo for the hypothetical system we’re talking about here that the Internet is functioning as it normally does and that system adequately incentivizes transaction validators.)

While a system that is nuclear-survivable will be decentralized, because it is decentralized, it can be difficult to find. Decentralized systems, to be widely used, need to be discovered and their users need to be easy to find (if they want to be found).

Discovery of content is easy with a centralized service. Upload your contacts, type in information in this search bar. However, when you’re running a FinTech app, centralization usually also implies a requirement for licensure. But what if we could separate the concerns, where the component which would be regulated if centralized remains decentralized, and we centralize only the component which is unregulated if centralized?

This is where the social networking comes in. In the United States, financial services are highly regulated. Social networks, on the other hand, are virtually unregulated.

If Alice wants to send Dogecoin to Bob, there are two ways she can do so. The first would be to log in to Coinbase, have Bob log in to Coinbase, swap QR codes and complete the transaction on Coinbase’s ledger. Coinbase is undertaking a regulated activity, chiefly, money transmission. As such it needs a money transmission license.

The second way to do so would be for Alice and Bob to trade that information peer to peer, e.g. via e-mail, text message, or noncustodial wallet applications. E-mail is not regulated. Nor is Twitter, nor SMS, nor Facebook. If I write to my friend Henry via Gmail to agree to a Dogecoin transaction, Gmail does not itself become money transmitter.

Another example: I’m allowed to lend my friend $20 without being licensed as a lending platform. I’m allowed to negotiate that deal over Gmail without Gmail becoming a lending platform. If I do it with Zopa, however, Zopa is a centralized intermediary and their movement of bits is different from Gmail’s in that Zopa’s movement of bits requires a license. Cryptocurrency makes Zopa unnecessary. A social network which tracks a DeFi loan I’ve made to my friend entirely off-platform but does not actually arrange the loan or custody the funds – Yelp for crypto lending – should not require a license, either.

What is missing from crypto is the way to allow noncustodial peer to peer information exchange plus identity attestation to occur at scale. The difference between a Wells Fargo and a Facebook is the social network and the implied level of trust that happens from communicating – and eventually, transacting – within that network. I have never used Wells Fargo to talk to my friend Henry, for example. I talk to him using Facebook all the time. I know that Henry’s Facebook account is run by Henry because he and I have communicated on it for years, and I can see the message history. There’s a level of trust there that doesn’t really require a digital signature, although a digital signature always helps.

If we want crypto to be mass market, truly mass market, trying to weave it into my relationship with Wells isn’t the way to go. Trying to weave it into my friendship with Henry, is.

It should be possible to layer cryptocurrency signals and messaging on top of a social app so that users of a social app can reach out to onchain applications, verify their credentials via the social network, and settle the transactions off of the social network.

Social applications, being largely unregulated, are likely the vehicles through which cryptocurrency mass adoption will take place.

Put differently: a solid social network with a high degree of awareness of P2P protocols, and awareness of how its users interact with P2P protocols, but which does not actually facilitate transactions on those protocols, is likely the way that DeFi applications can expand the most rapidly and be adopted by the most people in the shortest amount of time with a minimum of regulation.

In the United States, the relationship between the government and social applications is governed principally by the First Amendment, 47 U.S.C. § 230, and IP law. The upshot of 1A plus Section 230 is that users can say largely whatever they want and the platforms will not be treated as the publishers or speakers of their users’ speech, subject to certain statutory limitations where social platforms have an affirmative obligation to remove unlawful or infringing content.

Peer to peer transactions which are private and not operated as a commercial enterprise, similarly, do not attract much regulatory attention if they are regulated at all. (Usual “your mileage may vary” caveat, particularly with reference to conduct amounting to the operation of an unlicensed money services business). Online social platforms are well placed to act as a central hub for identity which can then be spread out among various peer to peer applications.

In this way we could achieve all of the functionality of DeFi without the weaknesses of DeFi, i.e. the centralized user interfaces or the governance tokens which need to be sold in order to fund those interfaces. There is nothing regulated, as far as I can tell, about providing an information exchange with no functional transactional machinery (although the SEC takes a somewhat different view – see its consultation over proposed changes to Exchange Act Rule 3b-16).

Social has been tried in crypto before. So far it has failed. I think the reason why, so far, is that crypto-social has been “social incentivized by tokens” rather than “social which empowers crypto users to communicate about tokens.” People have been trying to monetize the transactions when they should be trying to monetize the traffic.

The traffic is more lucrative.

The social component is unlikely to be a Bitclout-style system and is unlikely to live on-chain. It is highly likely to provide ample tooling for users to confirm public key addresses for individual transactions, verify that other keys belong to other users, and be aware of onchain information between its users without facilitating onchain transactions.

The first wave of crypto-social services are likely to be centralized to a significant degree, although decentralized solutions are being worked on in various places. These solutions will take crypto off of institutional balance sheets and investment accounts and into web applications where they will be woven into the fabric of our lives.

This wave of crypto adoption will utterly dwarf all prior waves.

Fin.

Here is a picture of a marmot, licensed under the Pixabay license.