The Back of the Envelope (a blog)

NIRP is going to ruin everything

Sam Altman, from the Valley, posted this question, which I know a lot of people have been asking:

Here’s what I replied:

I am a child of the global financial crisis (GFC).

I’m not an economist, but I spent the first half of my professional life working out the consequences of the last debt crisis, the existence of which most economists missed until it was far, far too late to stop. Any securitization lawyer who still had a job in the wake of the GFC – between New York and London there were probably a few hundred of us – will know exactly what broke in these transactions, what modifications needed to be made to fix them, and who needed to take a haircut as these fixes were implemented.

If you don’t know what securitizations are, those are the structured debt transactions which nearly brought down the economies of the Western world in 2008, an event that was stopped only by massive government and central bank intervention.

As a paralegal in a big city law firm’s securitization team in 2007, I remember reading about the gradual ticking up of default rates in the outer boroughs of New York City and asset writedowns by big banks. I was living in the City of London when Lehman went down. I remember the images of bankers clearing out their desks. I remember the long faces worn by all of the other bankers who remained employed, that week. I remember Bear Stearns going down earlier that year, and friends from university losing their first jobs. I remember the conference room on the top floor of the shipping company’s headquarters across the street from my shoebox-sized (25m square) apartment on Charterhouse Square in which I lived in my final year of law school, ablaze with light at midnight as its officers tried to position the company for the coming storm.

I remember it being overcast, drab, and gray, just like the boring, too-small suits British professionals tend to wear. I remember reading about how the overnight lending markets froze up – completely. I remember, months later, hearing how the United Kingdom was less than twelve hours away from ATM machines being switched off.

It was the end of the world. I will never forget any of this as long as I live.

I started by first job as a junior lawyer in 2009, at the same firm where I had worked as a paralegal. I spent the next five years of my career being principally concerned with securitizations. Specifically, I worked on teams that took these transactions apart, and personally spent most of my billable hours drafting documents or doing diligence for transactions that restructured or unwound deals that had gone, or were on their way to going, south. The bonds in these deals failed because they were backed by cheap debt, which itself was backed by worthless assets, the prices of which had been vastly inflated by the availability of cheap debt. What many of them shared is that the cheap debt never had any chance of being repaid on schedule, if at all.

This cheap debt therefore had no business ever being originated. Yet it was.

NIRP and the potential for an associated out of control “NIRP Bubble” gives me the willies because it is the ultimate creator of cheap debt. It creates systemically cheap debt. Cheap debt looks like a great deal at the time for happy borrowers. NIRP reduces the price of money itself – it makes low rates systemic across virtually every category of borrowing (unlike, say, mortgage securitizations, which confined the cheapest debt to secured loans – although the attendant boom also loosened credit conditions generally). It turns every man, woman, and child in the Western world into happy borrowers whenever we borrow. But, as with the subprime crisis, debt cannot stay cheap forever. Cheap debt eventually becomes expensive debt. And when that happens, if the debt load is too high, you get a debt crisis.

NIRP is very possibly laying the groundwork for a massive debt crisis which will be as obvious to our children, in hindsight, as the subprime bubble seems to us. “Well of COURSE people shouldn’t have overstated their income and taken out ARMs they couldn’t afford.” Well of course we shouldn’t have funded state entitlement programs with trillions in low-interest debt and ensured our governments and, by extension, our societies were addicted to low interest rate revolving credit facilities writ large.

Central bank rate setting is basically an adjustable rate mortgage for states and their entire economic systems.

Subprime borrowers?

The problem is that here the central banks, though nominally independent, are in fact subject to the whims of the political apparatus, and NIRP/cheap debt solves a lot of short term political problems. Not only does it juice the economy (longest bull run in history!) but it prevents governments from needing to make what Habermas identified in Legitimation Crisis as their most fundamental choice in resource allocation – between the demand for welfare by the populace and a low tax burden by enterprise – and putting that risk off for the future in the form of debt, which accumulates as and is quantified by the annual budget deficit and accumulated debt balance.

Habermas understood that this is a very dangerous game. States are, when they do this, creating expectations of satisfaction of what he termed “programmatic demands.” i.e. “stuff the population expects will get done, otherwise they’ll revolt.” The title of the book, Legitimation Crisis, refers to Habermas’ description of what happens when a state is ‘no longer able to satisfy the programmatic demands it has set for itself.’ The risk breaks out into the open, leading to the untethering of institutions and political expectations, upheaval, and revolutionary change. Accumulating debt is the process of deferring making hard choices between certain programmatic demands. When a state does this it reduces political risk in the present by increasing political risk in the future.

NIRP is the ultimate expression of state-sponsored entities kicking the can down the road.

We see this happening in places like Venezuela or Zimbabwe, but we think that it cannot possibly happen in the United States. We’re smarter than that. We’re bigger than that. We’re better than that, we think.

But the thing is, we’re really not.

The subprime crisis got its start when hitherto-illiquid markets for real estate got access to global capital markets and cheap debt. Cheap debt appeals to the eternal human proclivity towards high time preferences. So when we flood the world in it, this financing is going to be taken up and used. With gusto.

Increasing central bank balance sheets and budget deficits across the Western world indicate this is exactly what’s happening. Yet central bank governors don’t see the monster they’re creating.

NIRP is fairly new, so I’m not saying that some debt disaster is going to happen now, or next year, or even the year after that. What I am saying is that where deficit hawks might have been wrong in the past, a stopped clock is right twice a day – and NIRP might be a critical element, a missing piece, the unforeseen development, that finally makes that narrative, which while logical has consistently been wrong, relevant.

There are a couple of critiques I’ve seen of this view, that NIRP will create a debt crisis.

“So they’ll never raise rates again. Easy.”

Then they’ll have inflation. Which is equivalent to default, is already here in asset prices, and is starting to bleed over into the rest of the economy. Some say the fact that Taco Bell managers are getting paid $100,000 a year is due to “tight labor conditions.” One could argue that the tight labor conditions are the result of a glut of cheap money. Time will tell.

“The Fed can always keep rates low by buying new notes.”

This is insane.

Debt hawks like Ron Paul are widely disbelieved these days, I think, because central bankers got away with QE without hyperinflation. As a result, they think they can get away with anything.

This critique works now. It does not work when there’s a crisis. As with all crises, the next one cannot be foreseen with absolute certainty, so folks usually assume that things will continue as they are and venerable institutions like the Federal Reserve will always have clever enough boffins with effective enough tooling to allow business as usual to continue.

It is not a stretch to assume that in a future crisis those tools will have long since run out of potency. This is widely acknowledged across the banking industry.

BI quotes the CEO of Deutsche in September of last year:

The likes of the European Central Bank and the U.S. Federal Reserve have “no conventional measures left to effectively cushion” the blow of a “real economic crisis,” Christian Sewing said at the Sibos banking conference in London.

Or Larry Summers in 2015:

Central bankers bravely assert that they can always use unconventional tools. But there may be less in the cupboard than they suppose. The efficacy of further quantitative easing in an environment of well-functioning markets and already very low medium-term rates is highly questionable. There are severe limits on how negative rates can become. A central bank forced back to the zero lower bound is not likely to have great credibility if it engages in forward guidance.

NIRP can’t work forever. Eventually rates will go up or something will break. That may take the form of inflation or hyperinflation. I query how long the Fed will be able to keep rates low while people use wheelbarrows of cash to buy bread, which is where helicopter money eventually ends. If Venezuela is an indication a central bank can engage in insane behavior for a very long long time, but I suspect the non-unitary nature of the American state and the sophistication of federal constitutional arrangements would prevent a bonkers monetary policy from holding sway for very long.

Also, this isn’t a U.S. problem but a global one. Saudi Arabia, for example, has a $12 billion dollar-denominated note out there. If it were to redenominate to Riyals, print the Riyals and use that to satisfy investor claims, that would be a default. The privileges attendant with being the backbone of the global financial system accrue to one country only, the United States, and at the moment we seem to be doing everything in our power to lose that position.

“How do you default on a negative rate note?”

You don’t necessarily have to default on that note to suffer the consequences of a default. You can effectively default by triggering runaway inflation and printing money. You can also default on some other obligation you can’t pay because you have an enormous debt load and can no longer issue new notes because the market won’t lend to you affordably or at all. That’s still a default and will affect your ability to tap capital markets.

The first things to freeze up during the global financial crisis were revolvers like ABCP and short term loans like the overnight market. The government debt sector is basically a huge RCF. Modern Western governments will cease to function if they can’t issue more debt. Freezing them out of the capital markets, even for a short amount of time, would be enough to cause an immediate political crisis.

So when will all this happen?

Who knows? This is not even a theory, more a hunch, a feeling that we’ve been here before and our leaders have failed to learn from their mistakes. This post is an introductory argument based on that hunch. I leave it to folks with advanced degrees in mathematics to model and quantify this hunch. 50-year lows in unemployment and all-time highs in the stock market don’t tell me that I should sit back and enjoy the ride. These things tell me something all-time extraordinary is happening.

I could be wrong, another debt crisis may never happen, and NIRP may herald the beginning of a glorious new era where debt is infinitely cheap and growth continues forever. My instincts tell me that forever growth will not be the end result of NIRP. I think the end result is that large debts will get accumulated, lenders will begin to lose confidence that these loans will ever be paid back, rates will go up, and debts accumulated will either no longer be capable of being serviced or revolving facilities will no longer have buyers.

Crises generally break out when there’s a shock.

I think the shock required to shake the world will need to be of global proportions. Who knows what it’ll be. A big war? An invasion of space groundhogs dropping out of warp in low Earth orbit, sent here by the Marmot Star Empire?

Maybe. But I think it’ll be something that initially looks small and contained, but which scares the hell out of investors due to its macro implications, which will set off the next big crash. And we’re not talking about a correction (which we’re overdue for anyway) but a really, really big crash that could be years off.

If Ghawar Field runs dry before our species cracks fusion, say, in the next decade, that might do it. Everyone’s growth projections would be revised down and it might become apparent that countries with huge debt loads can’t grow enough to repay them.

To conclude, all I know are two facts. First, that rates today are lower today than at any time in recorded history; second, that for all our technology and sophistication, we are nonetheless subject to the same laws of economics and thermodynamics as our ancestors.


Help! The government’s at the door and they’re asking me for data… what do I do?

I preface this blog post – part of my Not Legal Advice series – by stating that it is absolutely not legal advice and I am not your attorney. See disclaimer. If you have an engagement letter that is signed by both of us and you have put a retainer on account, then and only then am I your attorney and then and only then am I giving you legal advice.

The below is provided for general informational purposes only.

Earlier today, Kraken published its annual transparency summary:

Screen Shot 2020-01-06 at 11.21.31 PM.png
Credit: Payward, Inc (d/b/a Kraken).

They received 710 requests impacting roughly 1,222 accounts. That’s just a hair under two requests per day, or, as Kraken CEO Jesse Powell put it on Twitter, “3 if you don’t count weekends!”

ShapeShift CEO Erik Voorhees took a rather dim view of Kraken’s situation:

That’s a lot of requests, but not a crushing amount; I would imagine Google and Microsoft get more. EDIT: Although I had thought one full-time paralegal should be enough to handle that kind of workflow, at least in terms of triaging the requests and initiating exports of user data, Kraken CEO Jesse Powell chimed in to indicate that the costs of servicing these requests was considerably higher:

Clearly, government inbound creates significant overheads – although practically every major company (Google, Microsoft, Facebook, Uber) each has a team dedicated to precisely that task, in many cases headed up by a former law enforcement officer or prosecutor. The greater the volume of requests, the more expensive that business function becomes.

Before I go further, I should add: I’m a libertarian. That means that, in my heart of hearts, I don’t like government overreach or state surveillance, or state power for that matter. But I’m also an attorney (in the US) and a solicitor (in England), which means that I have to live in the real world where government has these powers and businesses large and small are obliged to respect them.

If you run a small to medium-size enterprise in crypto that deals with the public, you will get hit with a subpoena or a search warrant at some point. It’s inevitable. For folks who haven’t been served with one of these before, it can be unnerving to leaf through a court order that says YOU ARE COMMANDED TO APPEAR and IT IS HEREBY ORDERED in bold font.

So what do you do?

1) Don’t panic. It’s (probably) not about you.

Yes, it’s entirely possible that you’re the target of this legal process. But if you’ve never been served with government process before, chances are good that if the subpoena is asking for disclosure about one of your users, customers, or subscribers rather than your business operations, it’s not about you. Your lawyer will tell you what the score is.

If it is about you, you will need to respond. However, for businesses that do a lot of transactions (data or financial) with the public, it’s much more likely that preservation letters, subpoenas, warrants, or other forms of request for information aren’t about the recipient but rather are about a user of the recipient’s service, e.g., someone who sets up an account to buy Bitcoin on a Bitcoin exchange.

2) Even though it’s (probably) not about you, don’t talk to the government without the assistance of counsel.

Your lawyers should be doing the talking if any talking is to happen at all. If you really feel the need to talk with the government about the data request, go talk to your lawyers, and we will talk with the government. We deal with this stuff for a living. You don’t.

Also in the don’t-talk-to-the-government column is that when you do communicate with the government you should be exceedingly polite. Do not do something like this or its written equivalent:

When you’re served with a data disclosure request by law enforcement your job is not to make a point, even if you’re a libertarian. Your job is, at minimum, to respond to the document request as completely as you can while also protecting your interests and the interests of your business. If you’re feeling particularly civic-minded, you could also say that by being responsive to law enforcement you’re helping to keep your fellow citizens safe.

It is possible to do this without acting like a jerk. If you get an e-mail containing legal process, you don’t have to respond right away (although generally it’s courteous to let the other side know it has been received, you can let your lawyer do that – more on that below). If a federal agent calls you on the phone, get his name, phone number, and e-mail address, thank him for calling, and let him know your lawyer will call him back.

3) Preserve all documents and data.

Don’t destroy or delete anything the request could have conceivably asked for. Back it up immediately.

4) Things to be aware of before you call your attorney

4A) There (probably) isn’t a rush to respond.

There (probably) isn’t a rush to respond; look on the face of the subpoena and it should have a deadline for production on it, and that date is likely to be several weeks or even a month from the date on which the subpoena has been served.

The primary exception to this is where the government is asking for disclosure of user/customer data on an emergency basis, due to the existence of a life threatening emergency, which the government can ask for under the federal Stored Communications Act.

America is a free country, so you aren’t required to comply with any information request that is unaccompanied by legal process; however, refusing such a request when the police have advised you that there’s a life-threatening emergency (a) isn’t a good look, (b) is going to really piss the government off and (c) means the government is likely to come back later with a subpoena or search warrant compelling the disclosure anyway, and they’re not going to be particularly friendly when they do.

If you run a large business, you already have a legal department that deals with these things. If you run a small business, you don’t, so make sure you have an attorney or member of in-house staff who is responsive. By this I mean when it’s 10:30 PM on a Saturday night and you get an e-mail from the FBI’s National Threat Operations Center requesting emergency disclosure of subscriber data, your attorney or staffer is willing to drop whatever he is doing to make himself available to field that request.

The law doesn’t sleep and neither can your compliance function.

4B) You (probably) don’t have to appear anywhere.

If you’re dealing with a grand jury subpoena, I know the document says in bold and all caps “YOU ARE COMMANDED to appear at the Marmot J. Squirrelstein Federal Courthouse on [date] blah blah.” There’s also (probably) another line, which is not in all caps, further down which says “In lieu of appearance you can provide documents” and that’s (probably) what the government wants. But you will want to confirm that with your lawyer.

4C) Don’t tell any third parties about the information request. In-house, ensure knowledge of government requests is kept on a need-to-know basis.

Document preservation requests, subpoenas and search warrants are often paired with non-disclosure orders that prohibit the recipient from discussing it with anyone except need-to-know staff and the company’s lawyers. Unless you have successfully challenged those orders, you must obey them.

Which brings us to the next step:

5) Call your attorney immediately after you’ve been served.

If you want to fight the order or object to the scope of disclosure, you can, but it’s not going to be cheap. If you’re a startup in the US without a sophisticated legal department with a big budget challenging a domestic US order will not be easy.

I know plenty of seasoned litigators who are experienced in this area and will be happy to refer you to them. In the alternative, call up the ACLU or the EFF, as Signal recently did to get a gag order lifted.

If you’ve never received a request for information, document preservation letter, national security letter, grand jury subpoena, administrative subpoena, search warrant, or emergency disclosure request before, call your attorney and he or she will help understand what kind of document you’ve received and what that document requires you to do – not all government data requests are the same, and not all are mandatory. Different agencies have different powers to ask for different kinds of information (and to prevent you from talking about the matter). Depending on what type of business you run, different statutory powers will authorize these requests and govern what your obligations are in relation to them.

If you’re based in the U.S., and the request comes from outside the U.S., you may have the option of refusing the request. Or you might not, if the request was validly made under a Mutual Legal Assistance Treaty, or “MLAT”, agreement. Your lawyer will help you parse your options.

If you have received a data request before, you should already have a protocol in place for dealing with them. Which brings me to my next point…

6) Plan ahead.

With any online business it’s possible to almost fully automate data production. You will need to balance the ease of automation with the requirement for data security. Err on the side of security.

The bulk of the U.S-source requests you will get will be subpoenas. Subpoenas issued under a particular statutory authority tend to request the same type of information as every other subpoena issued under that authority, and businesses tend to focus on particular types of commercial activity, so you should have a pretty good idea ahead of time what sort of information you’re going to be asked to provide.

Make sure you have a system in place where a small number of highly trusted staff have the ability to securely pull the requested data and provide it to law enforcement on short notice.

7) Your company can have a productive dialogue with law enforcement, but you have to let your lawyers do the talking.

In my experience, law enforcement officers and state prosecutors are courteous, highly professional people. However, they have a job to do. The mission comes first.

There’s no reason why you and your business can’t be on good terms with law enforcement or even helpful to law enforcement. However, your first concern should be to ensure that, in all your dealings with law enforcement, your interests are protected. The best way to do that is to run communications with law enforcement through your attorney and in writing.

For example. Suppose that one day, a few weeks after your lawyer provided a response to a subpoena, a friendly FBI agent calls you up and asks to have a casual sit-down over coffee to trade notes. She’s a nice person with a friendly demeanor, is just passing through town and is interested in Bitcoin and all things crypto.

You will think having that sit-down is a good idea, because you want to be helpful, don’t want to be rude and hey, it’s always nice to meet new people operating in your space.

Always decline these requests. At the very least, let your lawyers know that you’ve been contacted. If you want to be of assistance to law enforcement, be of assistance – through your attorneys. Ethereum dev Virgil Griffith had several such sit-downs and he has had to hire the best criminal defense lawyer in Bitcoinland, Brian Klein, to clean up the mess. Even if you are completely innocent of any offense, as most people are, let your lawyers do the talking.

Law enforcement will understand completely if you refer them to your counsel. They won’t think of you as rude. If they were in the same position, it’s what they would do.

And that’s it!

In conclusion

Summing up, if you run a business in crypto, and that business has users from the general public, it’s a virtual certainty that, at some point, the government is going to ask you to provide information in connection with an investigation.

Generally, these requests pertain to the commission of serious crime. Generally these requests are neither capricious nor unreasonable.

Dealing with these requests, and dealing with law enforcement generally, can be easy or hard. Regardless of one’s politics, keeping your business on good terms with the state is, generally speaking, the better business decision, if for no other reason than the fact that the U.S. government is bigger than you and has unlimited money and time.

Lawyers, Guns and Bitcoin

I was on the Guns & Bitcoin podcast with Ragnar Lifthrasir this week talking about financial censorship, mob-driven extrajudicial denial of service attacks (MEDOS, like DDoS) and how to legally circumvent it.

Listen at any of the following links (links to slide deck in show notes):

With apologies to Warren Zevon.



Not Legal Advice, 1 December 2019 – Stablecoins, North Korea, and Guns

Welcome back to Not Legal AdviceIt’s been two weeks since the last update, so there’s no point wasting time with a long preamble – let’s get right down to it. This week:

  1. FinCEN issues stark warning to stablecoin administrators.
  2. Ethereum Foundation Head of Special Projects, former Enterprise Ethereum Alliance Mainnet Working Group Chair accused of assisting North Korea to evade sanctions
  3. Supreme Court denies cert in a Section 230 Communications Decency Act case,  Daniel v. Armslist, No. 2017AP344 (Wis. Ct. App. Apr. 19, 2018)

1) FinCEN issues stark warning to Stablecoin administrators

Not much to say here except that FinCEN has fired a shot across the bow of MakerDAO or similar schemes which hold themselves out as decentralized protocols, but also carry out money transmission-like functions. From FinCEN Chairman Kenneth Blanco:

“Because we are technology-neutral, we can say with complete clarity that for AML/CFT purposes, it should be understood that transactions in stablecoins, like any other value that substitutes for currency, are covered by our definition of ‘money transmission services’,” Blanco said.

“This means that accepting and transmitting activity denominated in stablecoins makes you a money transmitter under the [Bank Secrecy Act]. It does not matter if the stablecoin is backed by a currency, a commodity, or even an algorithm – the rules are the same. To that point, administrators of stablecoins have to register as [money services business] with FinCEN.”

Pretty stark. However, seeing as no regulatory action has been brought against a stablecoin to date (apart, perhaps/unconfirmed, from Basis, which shuttered its doors rather than launch) whether any particular unlicensed stablecoin is determined to be money transmission, and on whom the liability for operating it will fall, remains to be seen. Although FinCEN will have a lot of options if they choose to wade into the paddling pool. As I put it on Twitter:

2) Ethereum Foundation Head of Special Projects, former Enterprise Ethereum Alliance Mainnet Working Group Chair accused of assisting North Korea to evade sanctions

From the DOJ:

[Virgil Griffith is accused of violating the] International Emergency Economic Powers Act (“IEEPA”) by traveling to the Democratic People’s Republic of Korea (“DPRK” or “North Korea”) in order deliver a presentation and technical advice on using cryptocurrency and blockchain technology to evade sanctions. GRIFFITH was arrested at Los Angeles International Airport yesterday and will be presented in federal court in Los Angeles later today…

…As alleged, Virgil Griffith provided highly technical information to North Korea, knowing that this information could be used to help North Korea launder money and evade sanctions. In allegedly doing so, Griffith jeopardized the sanctions that both Congress and the president have enacted to place maximum pressure on North Korea’s dangerous regime.

…Despite receiving warnings not to go, Griffith allegedly traveled to one of the United States’ foremost adversaries, North Korea, where he taught his audience how to use blockchain technology to evade sanctions. By this complaint, we begin the process of seeking justice for such conduct.

Whilst Griffith is innocent until proven guilty, the complaint doesn’t look great. Griffith apparently posted about his visa application process and intent to travel to North Korea publicly on his Twitter account. Other members of the Ethereum community failed to challenge and, in some cases, encouraged Griffith to make the trip. Griffith voluntarily consented to not one, but two interviews with the FBI, presumably without the assistance of counsel, in which he, among other things, admitted the conduct, admitted he intended the conduct and admitted he wanted to renounce his U.S. citizenship.

A photograph of brave U.S. Marines fighting to save democracy in Korea, in case Ethereum people need a reminder of which side they’re supposed to be on.

There are really only three things I have to add to this.

First: anyone who made a lot of money in Ether should understand that just because you made one good investment back in 2014, and haven’t had to do any real work since, doesn’t mean you are a polymath. More likely (but certainly not in all cases), you’re a dumbass and you got lucky. Somewhere, out there, your doppelgänger mortgaged his house twice to invest in Algorand shortly after it listed on Binance. He was ruined. You were not.

This is not to begrudge your legal if not moral entitlement to your wealth, which you won with a roll of the dice, fair and square. It is simply to say that however clever you may think you are, you are not clever enough to go toe-to-toe with the FBI without the assistance of counsel. No one is.

Second, this is an appalling governance failure by the Ethereum Foundation and the Enterprise Ethereum Alliance, two organizations principally concerned with promoting the adoption of the Ethereum cryptocurrency, and in which Griffith apparently held senior positions.

From what I can glean from the indictment, the purpose of the trip was principally to market Ethereum to the North Koreans as a sanctions-evading tool. Yes, North Korea using your coin will drive up demand for that coin. But it’s North Korea. Someone should have prevented Griffith from making this trip. Someone should have told him his position would be untenable if he went. The Ethereum community, its organizational bodies, and its leadership should have, when faced with the choice between the United States and North Korea, unapologetically and emphatically chosen the United States.

That’s not what happened.

There are things more important in this world than getting your favorite coin to the moon. Crypto is a high risk business as it is and private companies, consortia and nonprofit foundations alike need to be mindful of increased exposure arising due to the actions of rogue senior employees who wander off the reservation.  If someone in your organization is going to do something like this, no matter how much crypto he might hold, no matter how much of an OG he might be, tell him “no.” If for whatever reason he insists on continuing, fire him.

Third and finally, all that remains, as with other federal criminal proceedings against early Ethereum participants such as Stephen Nerayoff, is to watch this play out.

3) Supreme Court denies cert in a Section 230 Communications Decency Act case, Daniel v. Armslist, No. 2017AP344 (Wis. Ct. App. Apr. 19, 2018)

Armslist was a big Section 230 case in which a gun marketplace website which is basically “Craigslist for Guns,”,  was sued by the survivors of a victim of a shooting that involved the use of a gun purchased through the site.

Plaintiff Daniels lost at first instance, won on appeal, and lost again at the Wisconsin Supreme Court. Last week SCOTUS denied cert, ending the case.

As told by the plaintiff’s cert petition, the plaintiff alleged that:

after years of threats and violent abuse, Zina Daniel Haughton (“Zina”) obtained a domestic abuse restraining order against her estranged husband, Radcliffe Haughton (“Haughton”). The order, issued by the Milwaukee County Circuit Court to protect Zina, prohibited Haughton from possessing a gun, and made him a “prohibited” firearms purchaser under federal and state criminal laws. But Haughton knew how to easily circumvent the law and the order. He went on the Internet and visited is an online gun marketplace specifically designed to facilitate the illegal purchase of firearms by people like Haughton, who the law forbids from buying guns.

Note: the contention that Armslist is intentionally designed to facilitate unlawful firearms transfers is both material and disputed. Assume for the moment what the Wisconsin Supreme Court found, which is that Armslist is intended to be used for lawful commerce in arms, even if site users are able use it for unlawful purposes.

But I digress. The plaintiff continues:

As intended by’s negligent and intentional design features, Haughton found a person willing to sell him a gun, Devin Linn (“Linn”), and quickly and easily obtained a handgun and three high-capacity magazines in an all cash deal consummated in a McDonald’s parking lot three days after the restraining order was issued. The next day, Haughton used the gun he purchased via to murder Zina and two of her coworkers and wound four others before killing himself.

For this, the plaintiff sued Armslist, alleging numerous tort claims “including, inter alia, negligence, negligence per se – based on the violation of firearms laws – negligent infliction of emotional distress, civil conspiracy, aiding and abetting tortious conduct, public nuisance and wrongful death.”

Background: the law relating to buying a gun

There’s a lot to unpack here, particularly for my overseas readers, so let’s provide a bit of background before we continue. I preface this with the warning that this column is called Not Legal Advice for a reason, so the following is definitely, 100% not legal advice, as indeed nothing on this site is legal advice. I charge for that, and if I haven’t charged you, it’s not advice.

America is well known for being one of the few countries in the world which has very strong legal protections for civil rights as envisioned in the Enlightenment, including free speech, the right to be free from unreasonable searches and seizures, and the right to civilian firearms ownership.

The primary legal rule which protects firearms ownership in the United States is the Second Amendment to the U.S. Constitution, ratified in December 1791, which states that “a well-regulated militia, being necessary for the security of a free state, the right of the people to keep and bear arms shall not be infringed.” Much ink, digital and otherwise, has been spilled over the centuries about this legal provision; the law, as stated in District of Columbia v. Heller 554 U.S. 570 (2008), is that this provision generally protects an individual right to own firearms in common use. The “militia” language which many a commentator foreign and domestic get hung up on has been ruled prefatory, not operative, and does not operate to restrict what the Court has deemed to be an individual, and not a collective, right.

This does not, however, mean that firearms ownership in the U.S. is a legal free-for-all where any man can own any weapon and use it in any manner he pleases. In fact, firearms ownership and use are very tightly regulated, although regulations can be more or less stringent depending on what state (and in some exceptional cases, such as New York or San Francisco, what city) one finds oneself in.

Generally speaking there are two layers of regulation, mirroring America’s two layers of sovereignty: federal, which primarily concerns itself with interstate transactions in firearms, and state-level, which must apply the federal rules for transactions in interstate commerce, but are free to adopt less stringent regulations for transactions which occur entirely within their own borders.

The principal federal rule on firearms transfers that one encounters in daily life is found at 18 U.S. Code § 922(a)(1), which states in relevant part that

“It shall be unlawful— (1)for any person— (A) except a licensed importer, licensed manufacturer, or licensed dealer, to engage in the business of importing, manufacturing, or dealing in firearms, or in the course of such business to ship, transport, or receive any firearm in interstate or foreign commerce”.

The short version of 922(a)(1) is this:

  • if you sell a gun across a state line, you do so as a regular business or trade, and you don’t have a federal firearms license (an “FFL”, which acronym is used to refer to both the license and licensees interchangeably) you’re going to jail.

Then there’s 922(a)(5), which states it is a crime:

(5) for any person (other than a licensed importer, licensed manufacturer, licensed dealer, or licensed collector) to transfer, sell, trade, give, transport, or deliver any firearm to any person (other than a licensed importer, licensed manufacturer, licensed dealer, or licensed collector) who the transferor knows or has reasonable cause to believe does not reside in (or if the person is a corporation or other business entity, does not maintain a place of business in) the State in which the transferor resides; except that this paragraph shall not apply to (A) the transfer, transportation, or delivery of a firearm made to carry out a bequest of a firearm to, or an acquisition by intestate succession of a firearm by, a person who is permitted to acquire or possess a firearm under the laws of the State of his residence, and (B) the loan or rental of a firearm to any person for temporary use for lawful sporting purposes;

Short version:

  • If you’re a private seller you can’t transfer a gun to someone who isn’t a resident of your state, unless it’s part of a decedent’s estate and the transfer is being effectuated pursuant to a will or intestate succession.

Then there’s also 922(b)(3), which states

(b)It shall be unlawful for any licensed importer, licensed manufacturer, licensed dealer, or licensed collector to sell or deliver—
(1)any firearm or ammunition to any individual who the licensee knows or has reasonable cause to believe is less than eighteen years of age, and, if the firearm, or ammunition is other than a shotgun or rifle, or ammunition for a shotgun or rifle, to any individual who the licensee knows or has reasonable cause to believe is less than twenty-one years of age;
(2)any firearm to any person in any State where the purchase or possession by such person of such firearm would be in violation of any State law or any published ordinance applicable at the place of sale, delivery or other disposition, unless the licensee knows or has reasonable cause to believe that the purchase or possession would not be in violation of such State law or such published ordinance;
(3)any firearm to any person who the licensee knows or has reasonable cause to believe does not reside in (or if the person is a corporation or other business entity, does not maintain a place of business in) the State in which the licensee’s place of business is located, except that this paragraph (A) shall not apply to the sale or delivery of any rifle or shotgun to a resident of a State other than a State in which the licensee’s place of business is located if the transferee meets in person with the transferor to accomplish the transfer, and the sale, delivery, and receipt fully comply with the legal conditions of sale in both such States.

Short version:

  • An FFL can’t sell a handgun to anyone under 21 or a rifle to anyone under 18.
  • An FFL can’t sell someone a firearm to a resident of another state if they’re not allowed to have it pursuant to the laws of that state, i.e. a resident of Connecticut cannot drive to New Hampshire and buy an AR-15 from an FFL.
  • An FFL can’t sell a handgun to someone who doesn’t reside in their state, although they can sell a rifle or shotgun if (a) the buyer meets with the FFL in person and (b) the sale would be kosher in both states.

All these rules mean the process of selling guns across state lines can be a little clunky. By way of worked example, Alice Atlanta is a hobbyist collector of firearms. If Alice Atlanta wants to sell a handgun – let’s say a Glock 19, arguendo – to Bob Birmingham, Alice would need to

  • transfer the firearm to an FFL in Georgia,
  • the Georgia FFL would need to ship the firearm to an FFL in Alabama, and
  • Bob would need to acquire the firearm directly from the Alabama FFL.

Ordering from an online store similarly requires the online store to transfer to an in-state FFL of the recipient, rather than shipping direct to the recipient, and the in-state FFL will then customarily charge a handling fee to the ultimate purchaser on top of the purchase price.  If Alice transferred the firearm to Bob on the sly in a parking lot in Gadsden, Alice would be breaking the law. If Alice were actually running a business out of the back of her car, and not just a mere hobbyist, she’d be breaking two laws.

Another federal rule involves background checks. Specifically, 18 U.S. Code § 922(t), which states in relevant part that 

a licensed importer, licensed manufacturer, or licensed dealer shall not transfer a firearm to any other person who is not licensed under this chapter, unless— (A)before the completion of the transfer, the licensee contacts the national instant criminal background check system [note: known as “NICS”] established under section 103 of that Act; (B) (i) the system provides the licensee with a unique identification number; or (ii) 3 business days (meaning a day on which State offices are open) have elapsed since the licensee contacted the system, and the system has not notified the licensee that the receipt of a firearm by such other person would violate subsection (g) or (n) of this section; and (C)the transferor has verified the identity of the transferee by examining a valid identification document (as defined in section 1028(d) of this title) of the transferee containing a photograph of the transferee.

Short version:

  • if you are the recipient of a transfer of a firearm from an FFL you need to present photo ID and you either need to (a) pass an instant background check through NICS, the national criminal database, or (b) NICS needs to fail to come back with an answer within three business days of asking NICS whether you’re legally allowed to own a gun, before you can take possession of that gun.

Acting in concert, what these provisions do is require any interstate transfer to go through an FFL and pass a background check.

When a gun doesn’t cross a state line, however, this is not currently the province of the federal government, but rather it is a matter for the states. Even if the federal government could constitutionally assert jurisdiction over intrastate transactions (which, given the historically overbroad application of the Commerce Clause, it probably could) there simply hasn’t been the political will to do it for over 50 years. As a consequence, states have different and highly varied rules around firearms transactions that occur within their own borders.

I am not a Wisconsin lawyer, but Wisconsin’s rules, according to the Giffords Law Center, allow private sellers to transfer firearms between one another without performing a background check, which is completely legal federally as long as a state line isn’t crossed.

Armslist is, for the purposes of these transactions, like Craigslist, a classifieds site, which doesn’t perform diligence on the postings made on it. It matches the buyers and sellers, but does not perform any diligence or enforce specific compliance rules for each transaction. It is conceivable that all of the transactions on Armslist are legal; it is up to the users to actually put in the work to comply with local and federal laws, which they often do not, with attendant state and federal consequences.

Back to Daniels’ (failed) attempt to disapply Section 230 in Armslist

But Armslist is being sued here, not its users. Daniel argued that Armslist should be held liable for users’ misdeeds as it was providing its services in bad faith, in that

Armslist designed the site to easily facilitate firearms sales for otherwise prohibited possessors, like Zina’s husband. For example, she alleged that Armslist allows a prospective purchaser to filter sellers to find “private sellers” that are not required to perform background checks before selling firearms. Nor does the website require users to create accounts but instead allows them to operate anonymously. She also alleged that Armslist does not take action to delete illegal or unlawful posts.

Based on all these features and omissions, Daniel’s complaint alleges that Armslist knew or should have known that its website would put firearms in the hands of dangerous, prohibited purchasers, and that Armslist specifically designed its website to facilitate illegal transactions.

Armslist invoked Section 230 of the Communications Decency Act (“Section 230”) in its defense.

I have written about Section 230 before. Section 230 is a provision of federal law that says, broadly, two things:

  • In Section 230(c)(1), platforms and users of those platforms are not liable for content created by other users (known in the statute as “Information Content Providers”).
  • In Section 230(c)(2), platforms are immune from liability for making good-faith moderation calls that result in material being removed from the platform.

Armslist is principally a Section 230(c)(1) action.

Those of you new to Section 230 should note that the immunity is very specific. It does not confer legal immunity upon a website simply because they are websites, as politicians like Sen. Josh Hawley falsely claim to push ill-conceived laws through Congress. Rather, it confers civil immunity and immunity from state laws for user-generated speech that  is posted on their platforms but which the website did not itself make. So, by way of example:  

  • Let us stipulate that rap megastar Dr Dre was born to human parents in Compton, Los Angeles County, USA, on 18 February, 1965.
  • Dre protégé and fellow rap superstar Snopp Dogg, also born and raised in L.A. County, maliciously accuses Dr Dre of being a Martian – i.e., an alien from the planet Mars – in a Facebook post, despite knowing that Dre was born in L.A. County. Dr Dre sues Snoop Dogg and Facebook for defamation. Facebook would be immune from Dre’s suit, thanks to Section 230.
  • Snoop Dogg accuses Dr Dre of being a Martian in a post on Facebook. Facebook issued a press release saying that it believed Dr Dre is in fact from the planet Mars, which is untrue, as Dr Dre is from Compton. Dre sues Snoop Dogg and Facebook for defamation. Facebook would not be immune from Dre’s defamation suit for the press release.

Those are extreme/clear cut examples. But what happens, for example, when:

  • Snoop Dogg takes out an ad on Facebook saying “Dr Dre is a Martian.” and Facebook  Ads representatives respond that referring to someone as a Martian is hate speech and suggest using the term “extraterrestrial” instead. Dre sues Snoop Dogg and Facebook for defamation.


  • Snoop Dogg takes out an ad on Facebook saying “Dr Dre is…” and Facebook has a pre-populated group of personal characteristics including “tall,” “a good rapper,” “a regular reader of the Financial Times” and “a Martian.” Snoop selects the “Martian” option and Facebook runs the ad. Dre sues Snoop Dogg and Facebook for defamation.

Tricky, right? In each case Snoop Dogg initiated the ad buy, Dre was defamed, and Facebook contributed to the content, even though it did so at the behest of the user and the user was responsible for the final sign-off of the published messaging. Under the right circumstances, this might be enough for Facebook to become an “information content provider” with respect to the statement – “information content provider” being defined as, per Section 230(f)(3),

any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service. (emphasis added)

…and if Facebook is an information content provider, the Section 230 shield falls away. See e.g. FTC v. LeadClick Media, LLC, 838 F. 3d 158 (2016). In Leadclick an affiliate-marketing business which displayed deceptive advertisements was found liable for statements made in those fake advertisements because they provided feedback on the content of the advertisements. For example, “[making] a false advertisement [for a dietary supplement] appear ‘more realistic’ by lowering the amount of falsely claimed weight loss.” Even if a site isn’t the principal author, affirmatively developing user generated content created by someone else can be enough to make the Section 230 immunity fall away.

This principle extends to a website’s UI, even if the website isn’t affirmatively “saying” anything in the way that one might commonly understand the term. See Fair Housing Council of San Fernando Valley v., LLC, 521 F.3d 1157 (9th Cir. 2008). is a website which advertises room rentals. At one time, Roommates required users to “disclose their sex, race, sexual orientation, and whether they will bring children to the household in order to use the site” in drop down menus. Roommates also provided an “additional comments” box where providers of housing could specify their preferences for renters (e.g. “black males only,” “no children”).

Racial discrimination in housing is, of course, hugely illegal. When the Fair Housing Council sued Roommates, the case worked its way up through the courts until the 9th Circuit, sitting en banc, definitively disapplied the Section 230(c)(1) immunity for one aspect of the UI but upheld it for another. The court held that while Roommates was not liable for the (entirely user-generated) comments in the “additional comments” box, they were liable for the display of the protected characteristics of prospective renters from the mandatory drop-down menus and the discrimination that this information enabled. Put another way, when the website pre-populated the choices users could complete in the drop-down menus, the website, not the user, was doing the talking. And if that speech had legal consequences, Roommates could be sued for it. As Judge Kozinski put it in his majority opinion:

Roommate created the questions and choice of answers, and designed its website registration process around them. Therefore, Roommate is undoubtedly the ‘information content provider’ as to the questions and can claim no immunity for posting them on its website, or for forcing subscribers to answer them as a condition of using its services.

Armslist qua speaker: a business that walks right up to the line, but stays on the right side of it

There are two problems with going after Armslist, then. First is that nothing about what Armslist qua Gun Craigslist does is illegal under federal law. It is also entirely feasible that every single one of its users could use the site to engage in lawful transactions. As the Wisconsin Supreme Court put it,’s provision of an advertising forum and the related search functions are all “neutral tools” that can be used for lawful purposes. Sales of firearms by private sellers are lawful in Wisconsin. Further, private sellers in Wisconsin are not required to conduct background checks, and private sales are not subject to any mandatory waiting period. Accordingly, the option to search for offers from private sellers is a tool that may be used for lawful purposes…

Second and furthermore, Armslist didn’t “develop” the content users posted on the site, legal, illegal, or otherwise.

Despite the plaintiff’s assertions that Armslist was “specifically designed to facilitate” illegal arms transfers, the Communications Decency Act is specific: per the Wisconsin Supreme Court, “an interactive computer service provider will not be liable for providing neutral tools ‘even if a service provider knows that third parties are using such tools to create illegal content.'” Intent or knowledge are irrelevant since Armslist isn’t itself an information content provider, said the Wisconsin Supreme Court. The question when inquiring about Section 230(c)(1) is limited to “whether Armslist materially contributed to the unlawfulness of the third party content” such that Armslist itself became the information content provider.

The downfall of websites from Backpage to LeadClick is that site operators, keen to ensure that goods and services marketed on them appeal to users no matter how illegal those services might be, have been lured into messing with user-generated content in order to “improve” the user experience. In doing so they lower their Section 230 shield and expose themselves to civil and criminal penalties.

Armslist appears to have successfully resisted this temptation. If it hadn’t, Daniels might have been able to penetrate the Section 230 shield. But Armslist didn’t get involved with the post in question. Armslist was not an information content provider and could not therefore be civilly liable for the torts of the user, per the Wisconsin Supreme Court. Last week SCOTUS declined to overturn that decision.

A denial of cert doesn’t necessarily mean that SCOTUS agrees or disagrees with the Wisconsin court’s ruling. But it might suggest that the high court is aware of the strength of Section 230 to protect websites from litigation initiated by persons unhappy with the conduct of the sites’ users, and is in no mood – or finds no grounds – to overturn it. Entrepreneurs running their own websites should be aware, however, that Section 230 has limits and Armslist – a business that operates in an exceedingly high risk area – only escaped by not exceeding those limits.

How might have Armslist have gotten itself into trouble? Well if, like Roommates, its user interface made specific provision for illegal content, that might have been enough. For example: “Search for sellers willing to sell to prohibited possessors.” (For avoidance of doubt, Armslist has no such search function.) Or, like LeadClick, Armslist might have suggested changes to the wording of advertisements. Or Armslist might have developed an in-house seller ranking system that was not purely user-generated.

Long story short, if you’re running an interactive computer services business and some of your users are breaking the law, (a) discourage lawbreaking as much as you can, (b) cooperate with law enforcement, (c) make sure you don’t violate federal law and (d) let your users do the talking – resist the temptation to tweak user-generated content to make it look pretty. You’re a platform provider, not a seller. And, once again, this is not legal advice. If you need advice of this nature, you need to discuss your specific facts and circumstances with a licensed attorney in your jurisdiction.

Not Legal Advice, 18/11/2019 – The federal government needs to stop using the word “decentralization”

Welcome back to another edition of Not Legal Advice

One of the issues with a weekly blog series is that it is easy to get out of the habit of writing it if you miss one or two. Last week I was slammed traveling all over the East Coast so I didn’t have a ton of time to read or write – although running a solo practice is great, arguably the biggest downside is that you can’t delegate – meaning that clawing back time to write can be a challenge.

But dammit, I’m going to do this every week. This week, I have only one thing to talk about. And that’s the fact that the federal government can’t make up its mind about how to deal with Ethereum.

For those of you just joining the conversation, Ethereum is a cryptocurrency that was created following a $20 million initial coin offering, or ICO, in 2014, in which approximately 70% of the outstanding supply of the coin was sold.

Despite the fact that Ethereum was run in exactly the same way as every ICO the SEC has enforced against, in 2018 the SEC punted on regulating Ethereum following an intense lobbying campaign by Coin Center and other industry participants.

This year, the new Chairman of the CFTC Heath Tarbert has said the Ethereum-where-70%-of-the-tokens-were-sold-in-an-ICO-scheme is also not a security but a commodity falling under his jurisdiction. This was only last month.

Now, we are told, the planned migration of the scheme from proof of work to proof of stake will render the scheme, potentially, a security. CFTC Chief Heath Tarbert:

“Mining is, by its very nature, more decentralized as compared to a stake which reduces energy costs by giving it just one validator or a line of validators,” Tarbert said in response to a question whether ether 2.0 will be classified as securities.

This led to the somewhat unsatisfactory position that, in the eyes of the SEC and CFTC, something could start life as a security, transmogrify into a non-security, and then transmogrify back again after a code fork.

Where is the government coming up with this? Probably from the decentralization bros with a lot of money to spend on lobbying, such as Coin Center.

Ethereum bros of course, not to be outdone, swiftly retorted that mining was in fact the more centralized scheme because it costs money to… buy mining equipment?

“In ethereum’s PoS, the capital that you need to acquire to participate is much more readily available. … Converting capital into an asset that allows you to stake in the protocol is much cleaner.”

*silent screaming*

Where to begin with this. To start, there is no agreed-upon definition of “decentralization” anywhere. Anyone who says that there is such a definition has an agenda to push. And to the extent that the term means anything it’s a relative definition rather than a description of an irreversible, apotheotic end-state.

Mining may be accurately described as decentralized, if there are a wide range of validators distributed geographically widely, and there’s something to compare it against. So, e.g., we might say “the Bitcoin network’s mining is more decentralized than the Ripple Network’s validator nodes.” But Ripple might retort by arguing that “more than 50% of the Bitcoin network’s hashppower is controlled by 3 mining pools, whereas our UNL is more widely distributed.” I wouldn’t buy that argument, but it’s one that could be made. Which argument is correct or not depends on what your assumptions are.

Similarly, a network where stake is widely distributed and which requires a 7-out-of-10 vote to append a new block, such as a Tendermint node, might well be more decentralized than either if enough small validators band together to run the network on their own. What if we start out with four thousand stakers and gradually a handful, say one hundred, buy up most of the outstanding stake? Well then it might have fewer validators than Bitcoin and more than Ripple, but more “pools” than Bitcoin and fewer independent operators than Ripple.

All of these statements are correct in their own way. They’re all contradictory in their own way, too. Which indicates, at least to me, that using “decentralization” as a metric to determine whether something is or is not an investment contract – as the much-vaunted Hinman Test seeks to do – really is not a good idea, because nobody knows what the word means. Yet our regulators keep using this word, and coin bros keep encouraging them to, because asking whether a system is truly decentralized or not is like asking how many angels can fit on the head of a pin. Decentralization is a relative measurement, not a platonic ideal.

Now perhaps – and bear with me here – a better measure of determining whether a scheme is or isn’t an investment contract is to look at how the scheme began and, where there’s a premine which is pre-sold, a view is taken as to the nature of the instrument arising therefrom. Schemes like Bitcoin which arise from work and boot-strapping fall outside of the regulatory perimeter and schemes that do otherwise do not.

Such an approach would be consistent with most of the enforcement which has occurred to date. It would not be consistent with the treatment of Ethereum, for indeed nothing is consistent where Ethereum is concerned, and that confuses the hell out of everyone.

The “decentralization” test confuses the market and is not fit for purpose. Nobody knows what “decentralization” means. Even if we did, as I mentioned, decentralization is a relative rather than absolute measure.

Absolute measures create certainty in the marketplace. And although Howey is not absolute, I can think of one absolute measure which would be entirely consistent with the SEC’s enforcement and coin schemes’ compliance attempts to date – entirely consistent, that is, if Ethereum had been brought into the regulatory perimeter instead of being treated as some kind of outlier. Treat presales of coins (not coupons) as dispositive and abandon the idea that something can start life as a security, transmute into a non-security and then, as a consequence of a code fork, revert back again – which is the current view of the regulators.

As I always say when this issue comes up, I know of no precedent for this anywhere in American law and have yet to have anyone point one out to me in six years of asking this question.

And here is a picture of a marmot.