Not Legal Advice, 9/22/19 – self-proclaimed architect of the “Zug Defence” arrested, ICOBox sued, Section 230 limited by the 9th Circuit

Welcome back to this week’s edition of Not Legal Advice!

Between delivering the keynote at blockchain day of Stamford Innovation Week and getting ready for Crypto Springs, I’ve been pretty busy, so this week’s newsletter is going to be on the short side (a mere 1,800 words). This week:

  1. Self-proclaimed architect of the “Zug Defence” (or “Defense” for Americans) arrested
  2. ICOBox sued for selling unregistered securities, fraud, and operating as an unregistered broker-dealer; Paragoncoin resurfacts
  3.  Enigma v. Malwarebytes: 9th Circuit says Section 230 doesn’t apply to deliberately anticompetitive conduct

1. Self-proclaimed architect of the “Zug Defence” arrested

Last week brought us the news that Steven Nerayoff – early Ethereum advisor, sometimes Ethereum co-founder, and current one-of-those-guys-who-is-on-twelve-different-token-boards, was arrested and charged in the Eastern District of New York with extortion.

Although of course Nerayoff and his alleged co-conspirator, a fellow named Michael Hlady who previously was convicted of defrauding a group of nuns in Worcester, Mass (no, really), are innocent until proven guilty, it suffices to say that the allegations contained in the indictment do not portray either defendant in an especially flattering light.

Of wider significance here from the observer’s viewpoint is the fact that someone with intimate knowledge of the Ethereum Foundation’s early legal strategy and, in particular, the contents of a legal opinion which, according to CoinDesk, is said to have cost $200,000, payment of which Nerayoff reportedly guaranteed with his own money, is now in federal custody.

The issuance of this legal opinion is worth re-examination, at the very least for historical purposes if nothing else. Apart from the obvious fact that $200,000 is rather a lot of money to pay for a legal opinion, the issuance of that opinion – which I presume authorized the sale, otherwise why pay $200k for it – arguably set off the ICO boom as we know it. The fact that Ethereum proceeded with legal air cover and was such a wild, runaway success encouraged other law firms, large and small, to then take a view on subsequent offerings in order to gain market share and marquee clients.

Ethereum was the first of many coin issuers to set up shop in Zug, Switzerland, known now as “crypto valley,” presumably under the theory that Swiss residence and legal structures would immunize them from U.S. law. This tactic, referred to in jest by cryptolawyer OGs as the “Zug Defence,” is rumored to involve establishing a Swiss Stiftung, or foundation, obtaining tax opinions from a Swiss law firm that the token-product is to be treated as a software product for tax purposes, and, in Ethereum’s case, obtaining a second, supplemental opinion which presumably set out the U.S. legal position (if the rumors are true). Although I have not read it, to the extent that opinion authorized the Ethereum pre-sale to occur in the U.S. without requiring the Ethereum Foundation to register the tokens or avail itself of an exemption, it would have been, in my professional opinion, legally incorrect. This conclusion is based on the SEC’s 2018 Paragon and AirFox settlements, which we may presume form the template for all enforcement actions which will follow, and in relation to which the Ethereum pre-sale, in hindsight, does not appear to have been materially different.

Generally speaking, a practitioner who possesses even one whit of conservatism in their bones will tell you that the so-called “Zug Defence” is not much of a defence at all, to the extent that the transaction or scheme touches the U.S.  or captures the U.S.’ attention. Although the statute of limitations for the Ethereum Foundation qua token issuer under the Securities Act of 1933 has run, their operations continue. When a supposed non-profit in Switzerland magically creates $20+ billion out of thin air, you can be sure this does not go unnoticed.

This is accordingly a story to watch.

marmot_2.jpg
This marmot is on Mt. Rainier, not in Switzerland. This marmot follows U.S. securities laws.

2. SEC sues ICOBox for selling unregistered securities, fraud, and operating as an unregistered broker-dealer; Paragoncoin resurfaces

In other federal-agencies-on-the-warpath news, the U.S. Securities and Exchange Commission sued ICOBox and its founder last week for allegedly conducting an unregistered coin offering, engaging in fraud in relation to that coin offering, and operating as an unregistered broker-dealer in relation to other coin offerings launched using its platform.

Attorneys can spot plausibly deniable sarcasm from 1,000 yards, and the complaint does not disappoint:

ICOBox proclaims to be a “Blockchain Growth Promoter and Business Facilitator for companies seeking to sell their products via ICO crowdsales” —in other words, an incubator for digital asset startups. A self-described blockchain expert, Evdokimov, has acted as the company’s co-founder, CEO, and “vision director,” among other titles.

The facts of the coin offering and the alleged fraud do not bear repeating here. More interesting from my perspective is how the SEC has built up its claim that ICOBox was acting as an unregistered broker-dealer:

The token sale conducted by at least one of these clients, Paragon Coin, Inc. (“Paragon”), constituted a securities offering under Howey… By actively soliciting and attracting investors to ICOBox’s clients’securities offerings in exchange for transaction-based compensation without registering as or associating with a registered broker-dealer, Defendants engaged in unregistered broker activities that violated the federal securities laws.

SEC v. Paragon Coin, we may remember, was the first major settlement announced between the SEC and an ICO issuer, back in November 2018. Around the same time, the SEC announced settlements with AirFox (unregistered securities offering) and the founder of EtherDelta (for operating an unregistered securities exchange). About 30 days prior to that, the SEC announced its settlement with ICO Superstore, a similar business to ICOBox, for operating as an unregistered broker-dealer.

So we should not be surprised that the SEC is going after ICOBox, nor should we be surprised if the SEC decides to go after other token mills in the future. Interestingly, the SEC appears to have used the cooperation and disclosure obtained in the Paragon exercise to build the case against ICOBox:

ICOBox’s team members highlighted on social media during the offering that ICOBOX had started to work with certain clients including Paragon (referring to it as ICOBox’s “child”), but did not disclose that no ICOBox clients had yet completed any ICOs using its services.

Tl;dr? The SEC is good at a lot of things, but they’re particularly good at playing follow-the-money, and their inquiries will not end with token issuers. They will use what they learn at issuer level to move up the chain to promoters and service providers. It will be interesting to learn what is revealed as they undergo that process.

3. Enigma v. Malwarebytes: 9th Circuit says Section 230 doesn’t apply to deliberately anticompetitive conduct

If you don’t know what Section 230 of the Communications Decency Act is, start here. If you do, recall that Section 230 has two main operative provisions:

  • Section 230(c)(1), which says that publishing platforms and users of publishing platforms are not liable for content created by someone else; and
  • Section 230(c)(2), which basically says that companies can’t be sued for good-faith moderation calls, so if e.g. you’re Milo Yiannopoulos and one of your posts is moderated off of Facebook, if you sue Facebook for it, you will lose.

With regard to each of those provisions, however, these above shorthand definitions are just that, shorthand, and what they gain in comprehension for the layman they lose in terms of the stripping away of the actual, technical language they use. Section 230(c)(2) reads as follows:

No provider or user of an interactive computer service shall be held liable on account of (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [sub-]paragraph ([A]).

The facts of Enigma v Malwarebytes are as follows.

Enigma Software Group USA, LLC, and Malwarebytes, Inc., were providers of software that helped internet users to filter unwanted content from their computers. Enigma alleged that Malwarebytes configured its software to block users from accessing Enigma’s software in order to divert Enigma’s customers.

Malwarebytes and Enigma have been direct competitors since 2008, the year of Malwarebytes’s inception. In their first eight years as competitors, neither Enigma nor Malwarebytes flagged the other’s software as threatening or unwanted. In late 2016, however, Malwarebytes revised its PUP-detection criteria to include any program that, according to Malwarebytes, users did not seem to like.

After the revision, Malwarebytes’s software immediately began flagging Enigma’s most popular programs— RegHunter and SpyHunter— as PUPs. Thereafter, anytime a user with Malwarebytes’s software tried to download those Enigma programs, the user was alerted of a security risk and, according to Enigma’s complaint, the download was prohibited[.]

As a former startup guy, don’t I know that startup competition in the software industry is a fight to the death.

Fortunately, commerce is not a free for all and there are rules and certain standards of fair dealing that companies are expected to follow as they compete. Enigma brought a number of claims under state and federal law, ranging from unfair and deceptive trade practices to a Lanham Act violation of making a “false or misleading representation of fact” regarding another person’s goods. Malwarebytes argued it was immune from the action due to the effect of Section 230(c)(2).

Malwarebytes won at first instance. The 9th Circuit reversed:

The legal question before us is whether § 230(c)(2) immunizes blocking and filtering decisions that are driven by anticompetitive animus.

In relation to which the court found:

Enigma points to Judge Fisher’s concurrence in Zango warning against an overly expansive interpretation of the provision that could lead to anticompetitive results. We heed that warning and reverse the district court’s decision that read Zango to require such an interpretation. We hold that the phrase “otherwise objectionable” does not include software that the provider finds objectionable for anticompetitive reasons…
…if a provider’s basis for objecting to and seeking to block materials is because those materials benefit a competitor, the objection would not fall within any category listed in the statute and the immunity would not apply.

Pretty clear cut ratio there.

Eric Goldman’s treatment of the subject is much more detailed than my own. I recommend it to anyone looking to read further in this case; suffice it to say that I agree with the 9th Circuit, and disagree with Goldman, in that anti-competitive conduct by large tech companies is a growing problem, it cannot have been the intention of Congress to enable unlawful anticompetitive conduct with Section 230 and, at least as far as I am concerned, the natural meaning of “otherwise objectionable,” while extremely broad, does have limits, and, much as one would have a difficult time finding a motorcycle or a plant objectionable, it is conceivable that anti-malware software that is not itself malware might fall outside of those limits.

The opening that is created here is narrow and appears to be strictly limited to anti-competitive conduct, although there is a risk this ruling could be distinguished by new categories of litigants whose user-generated content is excluded without apparent justification from online platforms. I struggle to think whence these claims might arise, given that users of online platforms customarily contract away most of their rights and acquiesce to the platform’s discretion to filter content as it pleases in accordance with their policies (as opposed to the situation in Enigma, where Enigma’s rights vis-a-vis Malwarebytes originated in statute which Enigma did not waive). This of course naturally invites the question of whether states themselves will also try to create new statutory protections for constitutionally protected opinions which, of course, is exactly the thing that Section 230 of the the Communications Decency Act was enacted to prevent. Between Enigma and the EFF’s First Amendment challenge to FOSTA/SESTA, Section 230 jurisprudence over the next few years looks to be anything but boring.

See you next week!

Not Legal Advice, 9/16/19: Crypto taxes, systemic risk in DeFi, and Section 230

Welcome back to the second installment of Not Legal Advice, my new newsletter-thing I publish every week where I discuss three (3) items of interest from the prior week in crypto or crypto-adjacent technology law.

Because it’s happened twice, now, it’s a tradition. Traditions are warm and fuzzy and wholesome. So gather ’round the fireside, little marmot friends, and let’s have a conversation about what happened last week, and why it’s relevant going forward:

  1. France won’t tax shitcoin trades (also they are going to ban Libra from Europe)
  2. A company called “Staked” creates the “Robo Advisor for Yield,” or as I like to call it, the “Risk Mega Enhancer”
  3. The Second Circuit Court of Appeals finds that Section 230 of the Communications Decency Act is, indeed, as broad as its detractors claim

1) France won’t tax shitcoin trades (also they’re going to ban Libra)

According to official pronouncements from the French economic ministry:

  • Cryptocurrency transactions aren’t going to be subject to VAT.
  • Cryptocurrency trading activity won’t give rise to a tax charge until the crypto is traded out into fiat.

Three things limit what I can say about the French rules.

First, my French is not very good.

Second, I’m not a French avocat, which in French means both “male lawyer” and “avocado.”

Third, even in the two countries (America and England) where I am an avocado, I am not a tax avocado.

It suffices to say that France’s treatment of cryptocurrency trading income and gains differs from the tax treatment in England and the U.S. The English guidance makes it clear that trading gains are either income or capital gains, depending on whether the so-called badges of trade are present. In practice, HMRC guidance tells us that it is likely that capital gains tax would apply:

Only in exceptional circumstances would HMRC expect individuals to buy and sell cryptoassets with such frequency, level of organisation and sophistication that the activity amounts to a financial trade in itself. If it is considered to be trading then Income Tax will take priority over Capital Gains Tax and will apply to profits (or losses) as it would be considered as a business.

and what constitutes a chargeable asset for Capital Gains Tax purposes?

Cryptoassets are digital and therefore intangible, but count as a ‘chargeable asset’ for Capital Gains Tax if they’re both… capable of being owned… [and] have a value that can be realised.

And what events give rise to the charge?

Individuals need to calculate their gain or loss when they dispose of their cryptoassets to find out whether they need to pay Capital Gains Tax. A ‘disposal’ is a broad concept and includes… selling cryptoassets for money[;] exchanging cryptoassets for a different type of cryptoasset[;] using cryptoassets to pay for goods or services [; and] giving away cryptoassets to another person[.]”

What about in the U.S.?

The sale or other exchange of virtual currencies, or the use of virtual currencies to pay for goods or services, or holding virtual currencies as an investment, generally has tax consequences that could result in tax liability…

…For federal tax purposes, virtual currency is treated as property. General tax principles applicable to property transactions apply to transactions using virtual currency.

It’s obviously more complicated than that, but you get the general gist. Speak to a tax avocado if you have further questions.

Oh, and Americans, one of the great things about being American is that the warm, loving embrace of the United States is always with you wherever you may be on this or any other world – as all the dual-nationals I know joke, “we keep the U.S. passport as it means we have a seat on the last helicopter out.” Yes, that’s how much Americans with EU passports trust European voters.

The price you pay for that privilege is that America always taxes you on your worldwide income wheresoever you may be. So don’t think that you can move to France, offload all that premined Ether you’ve been sitting on for years into BTC and avoid the tax hit. Speak to a skeptical and conservative American tax avocado first.

Also, good on France for saying it won’t permit Libra to operate in Europe, as currently proposed.

2) Robo Adviser For Risk

The only thing I like less than DeFi is a DeFi bro.

Lately a number of offerings have sprung up offering staggering, double-digit rates of interest for cryptocurrency holders who are willing to commit their savings to crypto-first lending institutions who then claim they have profitable lending businesses on the other end of the transaction. In a low- to negative-interest-rate environment, everyone everywhere is trying to figure out where they can find yield and, accordingly, where they can make money.

The hope, the dream, is that crypto has magically solved this, has found its killer app, in the form of high yield interest-bearing accounts. From Balaji:

No offense, but I don’t buy it.

First, a number of these businesses – and there are more than one – will turn out to be Ponzi schemes. We don’t know which ones, but they’re out there.

Second, there is no such thing as a free lunch:

Third, there are those who argue that risk is not the driver of high rates and that some other black magic is at work. Let us examine this argument from the perspective of a borrower, who for present purposes we shall call Bob.

The ballad of Bob the Borrower

Sally Saver deposits 100 ETH with Lily Lender, who promises Sally Saver a 5% rate of interest on her deposit. Lily Lender now needs to get that 5%, plus enough to cover her expenses, from somewhere.

Ordinarily, that means that Lily Lender needs to make a loan to Borrower Bob at a rate of interest greater than 5%. You can’t run a lending business at a loss forever to gain marketshare and adoption unless you’re burning through venture funds to do so, as some of these businesses appear to be doing. BlockFi, e.g., has made it abundantly clear that it is taking a tech-company approach to developing a lending business:

We are OK with losing money for a while. If it was purely formulaic we probably wouldn’t have enough control to make sure it’s attractive enough to a large amount of people to hit our customer acquisition targets.

I don’t have an issue with that strategy, as long as the ledger balances out and BlockFi has enough spare VC firepower to satisfy its obligations. But we should not mistake this development, which is likely being mirrored by BlockFi’s competitors, for a fundamental change in the nature of risk. The risk hasn’t disappeared, it has simply been transferred onto the companies themselves, and they are paying for it in the form of a subsidy.

Subsidies, of course, have this pesky little problem that they eventually run out. When this happens, the risk that has been buried by them rears its head and begins to manifest itself in pricing. The likely result will be that the rates offered to savers will go down, and cost of funds will go up, and there will be a liquidity crunch among those who relied on them.

Speaking of which, who does rely on these liquidity facilities? Nobody really knows; it is this writer’s observation that crypto lending companies are extremely opaque about their lending operations, no doubt to gain an edge.

With interest rates at historic lows, however, we can probably guess that the people who are willing to pay north of 10% to borrow DAI are doing so either (a) because they have an interest in seeing Dai or related financial products succeed and are willing to absorb enormous losses to create the appearance of a thriving market, (b)  cannot obtain financing from literally any other source, or (c) in the case of over-collateralized loan protocol products like Dai, are seeking to obscure the source of their cryptocurrency wealth and are willing to absorb enormous losses to do so (by defaulting on the loan).

However, the fact remains: for every crypto loan product in existence, Bob the Borrower’s payments must be equal to or greater than Sally Saver’s returns in order for the product to be viable in the long term. 

Back to our regularly scheduled programming…

“Staked Automates the Best DeFi Returns With Launch of Robo Advisor,” trumpets CoinDesk. Staked has built a product…

Staked’s new Robo Advisor for Yield (RAY) service, which launches today, automates the process of finding high-yielding opportunities. Normally, investors have had to watch constantly and reallocate quickly to catch an enhanced DeFi return. Now they can set a smart contract to do the monitoring and allocating for them.

“This product is targeted to people who hold eth or dai and want to earn yield on it,” CEO Tim Ogilvie told CoinDesk in an interview. “If you hold ETH, you can earn more ETH. If you hold DAI, you can earn more DAI.”…

With RAY, investors can put their assets (ETH, USDC or DAI) into an asset-specific pool and the smart contract will automatically invest all or part of that pool into contracts with the best yield at any given time. For now, it will invest only on the money market Compound and with the derivatives protocols DYDX and BZX. But Staked is vetting additional smart contracts for safety and reliability.

“We’re not necessarily saying we are going to beat the market. We’re just saying you’ll get the best of what a savvy watcher would get in the market,” Ogilvie said.

“The vision we are building toward is the same level of sophistication the fixed income markets have in traditional finance,” he added.

I’m not going to lie, this is pretty cool, and offerings like it remind me of, e.g., crowdsourced or robo-offerings from companies like Betterment or eToro that have done very well.

But the reason I don’t like DeFi bros claiming they reinvented structured finance, as alluded to in my tweet above, is because I am a child of the Global Financial Crisis… and indeed I spent the first half of my career, in the throes of that crisis, working in structured finance. The great lesson of the crisis was that you cannot engineer risk out of transactions, you can only obscure it: this is the first law of conservation of risk, or as my friend Palley put it years ago, “The First Law of Lawmodynamics.”

The first law of thermodynamics says energy “cannot be created or destroyed. It can, however, be transferred from one location to another and converted to and from other forms of energy.” Maybe the same is so of liability and damages. You can’t destroy or avoid either by building a better mousetrap. You can only move it, or (arguably) move the consequences of that liability elsewhere.

There’s risk somewhere in crypto, waiting to get out. A combination of regulatory intervention and Ethereum going the way of MySpace are possible avenues. As the subprime crisis showed, even the most professional, Ivy League-educated, well-dressed “Savvy Watchers” won’t see it until it’s too late and everyone is running for the exits.

Don’t make the mistake of thinking that Staked – or any other DeFi company – is providing you with guaranteed risk-adjusted returns. They’re not, and anyone who thinks they are, had better steel themselves for a very unpleasant surprise.

rodent-3703660_1280.jpg
A marmot picture: to break up the monotony of a wall of text and get a marmot thumbnail on shared links. Distributed under the Pixabay Licence.

3) The Second Circuit Court of Appeals finds that Section 230 of the Communications Decency Act is, indeed, as broad as its detractors claim

This is more of a law nerd thing, so if you’re just here for the crypto, switch off.

Politicians hate Section 230 of the Communications Decency Act, 47 U.S. Code § 230, particularly Missouri Senator Josh Hawley. Who writes:

“With Section 230, tech companies get a sweetheart deal that no other industry enjoys: complete exemption from traditional publisher liability in exchange for providing a forum free of political censorship,” said Senator Hawley. “Unfortunately, and unsurprisingly, big tech has failed to hold up its end of the bargain.

That statement is half right. Section 230 grants a broad immunity from publisher liability for online platforms that engage in traditional publisher-like activities with regard to user-generated content. They do not have any obligation to provide that forum free from censorship; indeed, Section 230 expressly permits tech companies to engage in censorship more or less free from consequences.

Section 230 gives us two rules that are largely responsible for America’s success in building a thriving Internet economy. I explore Section 230 in detail here, but for present purposes it suffices to note that it essentially promulgates two legal rules: 

  • Platforms and users are not liable for content on their platforms that has been created by someone else (Section 230(c)(1)).
  • If a web app moderates any content off of their platform, i.e. it deletes it, and anyone sues them for doing so, the person suing the web app is going to lose (the Section 230(c)(2)).

The case is Force v. Facebook. Force brought

an action for damages against Facebook pursuant to the Antiterrorism Act (“ATA”) and related claims for having knowingly provided material support and resources to HAMAS, a notorious terrorist organization that has engaged in and continues to commit terror attacks, including the terrorist attacks that killed 29-year-old Taylor Force, 16-year-old Yaakov Naftali Fraenkel, three-month-old Chaya Zissel Braun, and 76-year-old Richard Lakin, and injured Menachem Mendel Rivkin, and the families of these terror victims.

The plaintiffs alleged:

HAMAS has recognized the tremendous utility and value of Facebook as a tool to facilitate this terrorist group’s ability to communicate, recruit members, plan and carry out attacks, and strike fear in its enemies. For years, HAMAS, its leaders, spokesmen, and members have openly maintained and used official Facebook accounts with little or no interference. Despite receiving numerous complaints and widespread media and other attention for providing its online social media platform and communications services to HAMAS, Facebook has continued to provide these resources and services to HAMAS and its affiliates.

Facebook has knowingly provided material support and resources to HAMAS in the form of Facebook’s online social network platform and communication services.

The plaintiffs provided numerous examples of anti-semitic Hamas propaganda on Facebook over a period of years in their extensive, 61-page complaint, which I will not republish here. Each plaintiff sought not less than $1 billion in damages plus attorneys’ fees.

The problem the plaintiffs faced in bringing this action is that Section 230 of the Communications Decency Act was standing in their way. Recalling the literal text of Section 230:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

the burden was on the plaintiffs to demonstrate why Facebook should be treated as the publisher or speaker of Hamas’ content. The parties stipulated to the fact that Facebook was a “provider… of an interactive computer service.” The plaintiffs thus disputed:

  1. whether Facebook were “acting as the protected publisher of information” under Section 230(c)(1), i.e., it was providing some other infrastructure function that was not intended to be captured by Section 230(c)(1); and/or
  2. “whether the challenged information is provided by Hamas, or by Facebook itself,” because if Facebook is an information content provider, even in some small part (see Section 230(f)(3)), the Section 230 immunity falls away.

Facebook as protected publisher of information

At minimum, the Section 230(1) immunity is thought to apply to standard categories of speech torts such as harassment or defamation. It provides American Internet companies with a near-total defense from those claims. This is in contradistinction to the European jurisdictions such as, e.g., England, and Section 5(3) of that country’s Defamation Act 2013.

How does this work in practice? Well, let’s go back to our friend Bob Borrower from Item 2 and introduce a new character, Dan Defamer, Speech Villain Extraordinaire. Let’s also assume, arguendo, that everything that comes out of the mouth of Dan Defamer, Speech Villain Extraordinaire, isn’t protected speech according to the First Amendment.

If Dan Defamer says of Bob the Borrower, in a newspaper article, “Bob Borrower is a no-good scalliwag who does not pay his debts,” Bob the Borrower may sue Dan Defamer and the newspaper for publishing the lie (whether he will win is another matter). If, however, Dan Defamer logs on to Twitter and repeats the lie there, in the plain and ordinary meaning of the term “publisher” Twitter is a publisher as much as the newspaper is. However, it is generally understood that Twitter is not, under U.S. law, treated as the publisher of the statement and therefore is not liable for its content. Twitter is not even under a legal obligation to remove it. Dan Defamer is the speaker and it is he who is liable for the consequences of the speech.

The question presented in Force is a slightly different one, though. Rather than challenging Section 230 for speech which is itself tortious, it attempts to attack Section 230 collaterally by alleging that Facebook’s provision of an online platform, which Hamas the terrorist group then accessed, meant that Facebook itself played a role in facilitating terrorism and, accordingly, was liable to pay damages to the plaintiffs under a specific federal law which provides that victims of terrorism can seek compensation from companies that commit, or aid, abet or conspire to commit, international terrorism:

By providing its online social network platform and communications services to HAMAS, Facebook violated federal prohibitions on providing material support or resources for acts of international terrorism (18 U.S.C. § 2339A), providing material support or resources for designated foreign terrorist organizations (18 U.S.C. § 2339B), and financing acts of international terrorism (18 U.S.C. § 2339C), and committed acts of international terrorism as defined by 18 U.S.C. § 2331. Accordingly, Facebook is liable pursuant to 18 U.S.C. § 2333 and other claims to the Plaintiffs, who were injured by reason of an act of international terrorism. (Emphasis mine.)

…By participating in the commission of violations of 18 U.S.C. § 2339A that have caused the Plaintiffs to be injured in his or her person, business or property, Facebook is liable pursuant to 18 U.S.C. § 2333 for any and all damages that Plaintiffs have sustained as a result of such injuries

The relevant statute, 18 U.S.C. § 2333, reads:

Any national of the United States injured in his or her person property, or business by reason of an act of international terrorism, or his or her estate, survivors, or heirs, may sue therefor in any appropriate district court of the United States and shall recover threefold the damages he or she sustains and the cost of the suit, including attorney’s fees.

In an action under subsection (a)… for an injury arising from an act of international terrorism committed, planned, or authorized by a [designated foreign terrorist organization, i.e. Hamas]… liability may be asserted as to any person who aids and abets, by knowingly providing substantial assistance, or who conspires with the person who committed such an act of international terrorism.

But the Court rejected the plaintiffs’ reasoning, stating that:

…it is well established that Section 230(c)(1) applies not only to defamation claims, where publication is an explicit element, but also to claims where “the duty that the plaintiff alleges the defendant violated derives from the defendant’s status or conduct as a publisher or speaker.”  LeadClick, 838 F.3d at 175 (quoting Barnes v. Yahoo!, Inc., 570 F.3d 1096, 1102 (9th Cir. 2009))

Put another way, even though there is a statute which prohibits providing material support to terrorism, Facebook’s status as a publisher of user-generated content means that it benefits from Section 230’s immunity from being treated as the publisher or speaker of content provided by another information content provider. Facebook wasn’t helping Hamas produce content. Accordingly Facebook could not be found liable for hosting it.

Facebook as information content provider

If Section 230’s immunity applies to liability purportedly arising under 18 U.S.C. § 2333, the next logical step for the plaintiffs – and the argument they raised – was to try to disapply the immunity by arguing that Facebook actually helped to produce Hamas’ content.

This is sort of like a situation we’ve often seen in the Star Trek movies (in particular Star Trek II: The Wrath of Khan and Star Trek: Generations). You don’t have to blast your way through the shields if you can trick the enemy into dropping them.

In Section 230 terms, “dropping the shields” means Facebook would be doing the talking or making other affirmative and material acts that “develop” the content in issue. The plaintiffs contended:

Facebook provided “to HAMAS use of Facebook’s data centers, computer servers, storage and communication equipment, as well as a highly-developed and sophisticated algorithm that facilitates HAMAS’s ability to reach and engage an audience it could not otherwise reach as effectively,”

Which the court understood to mean:

Plaintiffs contend that Facebook’s algorithms “develop” Hamas’s content by directing such content to users who are most interested in Hamas and its terrorist activities… we have recognized that a defendant will not be considered to have developed third‐party content unless the defendant directly and “materially” contributed to what made the content itself “unlawful.”

But the court was not convinced that this was the case.

Pointing to the Ninth Circuit’s decision in Kimzey v Yelp! Inc., the court points out that the “‘material contribution test… ‘draws the line at the crucial distinction between, on the one hand, taking actions… to… display… actionable content and, on the other hand, responsibility for what makes the displayed content [itself] illegal or actionable.”

Accordingly, the court held that Facebook, in this instance, was not materially contributing to Hamas’ content; “arranging and distributing third‐party information,” the majority opined, “inherently forms ‘connections’ and ‘matches’ among speakers, content, and viewers of content, whether in interactive internet forums or in more traditional media.  That is an essential result of publishing.” i.e., Facebook was staying in its lane as an interactive computer service provider.

The court concluded:

Accepting plaintiffs’ argument would eviscerate Section 230(c)(1); a defendant interactive computer service would be ineligible for Section 230(c)(1) immunity by virtue of simply organizing and displaying content exclusively provided by third parties,”

and further that

Plaintiffs’ “matchmaking” argument would also deny immunity for the editorial decisions regarding third‐party content that interactive computer services have made since the early days of the Internet [under Section 230(c)(2)].

tl;dr?

Litigants have made many attempts, through many different means, to try to hold interactive computer service providers engaged in the publishing of third-party content but not creating that content liable as if they were a publisher.

Section 230 means what it says. The court points out that courts have properly “invoked the prophylaxis of section 230(c)(1) in connection with a wide variety of causes of action, including housing discrimination, negligence, and securities fraud and cyberstalking.” And now, the Second Circuit has affirmed that this includes liability under terrorism statutes as well.

Moment of zen

Glad to know ConsenSys reads this blog. Will have to feature them more often! 

The LAO, demystified

Today a new form of organisational governance is announced by OpenLaw, a subsidiary of the Brooklyn-based Ethereum fan club and sometimes software development company known as ConsenSys.

OpenLaw calls this allegedly new and improved beastie a “Limited Liability Autonomous Organization,” or “LAO.” 

They tell us:

One of the first substantive experiments with the use of smart contracts to manage and coordinate economic activity was The Decentralized Autonomous Organization (known as The DAO).

In early May 2016, The DAO was launched on Ethereum, animating the thoughts and imagination of developers and technologists around the globe. The DAO aimed to operate as a venture capital fund for the crypto and decentralized space. The lack of a centralized authority reduced costs and in theory provided more control and access to the investors…

…There is a strong argument that if The DAO didn’t collapse for technical or legal reasons the boom of the ICO market would have been tempered if not entirely unnecessary.

That’s not quite right.

The first time this was done was in 2014, where Casey, Tyler and I proposed linking a DAO – properly, just some software that automated organizational governance using a permissioned Ethereum template – to a private organization, specifically a 501(c)(6) non-profit trade association. ConsenSys now re-packages this as if it were their idea.

The 2016 DAO was not, as ConsenSys claims, some noble decentralized experiment on Ethereum that had the potential to save the world and forestall the ICO boom. The absence of any punishment for anyone involved in the DAO fiasco likely encouraged the ICO boom.

For those of you who are new around here, the 2016 DAO was a commercially illiterate trash fire that collapsed and took hundreds of millions of dollars with it. Anyone with half a brain figured out it was doomed before it even launched. I have absolutely nothing good to say about it and neither should anyone else. It seems to me that the only folks who were surprised it collapsed were the Ethereum “luminaries” on its own advisory board.

Moving on.

1. Structure of the LAO

After a lot of rambling about Coase’s Nature of the Firm and how reduction of transaction costs is next to godliness, OpenLaw tells us the following:

Using the tooling provided by OpenLaw, the LAO will be set up as a limited liability entity, organized in Delaware, using curated Smart Contracts to handle mechanics related to voting, funding, and allocation of collected funds. This entity will presumably limit the liability of LAO members and help clarify their relationship to avoid knotty questions related as to whether partnership law applies.

tl;dr – OpenLaw has discovered a Delaware corporation’s back office can be run with software. Carta does this today.

We will leave to one side, for the moment, what this structure’s effect will be on liability.

They continue:

This structure will also provide members of the LAO with tax flow-through treatment by the Internal Revenue Service, such that tax is not paid by both the entity and a person holding a beneficial interest in the LAO.

Hold the phone, they’ve discovered an LLC.

The proposal goes on:

Members will be able to purchase interests in the LAO and the proceeds from the purchase will be pooled and allocated by members to startups and other projects in need of financing, using a voting mechanism and tools similar to Moloch DAO… In order to comply with United States law, membership interests of the LAO will be limited and only available to parties that meet the definition of an accredited investor — although there are arguments that LAO membership interests may not be securities.

Those arguments are, of course, wrong. Although I suspect ConsenSys folks should prefer if the situation were otherwise. In a late-2018 interview in now-shuttered ConsenSys-owned online magazine BreakerMag, ConsenSys founder Joe Lubin spoke of his affinity for token launches:

The token launches, if they’re for our own companies, end up bringing capital into those companies, and if they’re consumer utility tokens, you could consider that revenue. There are a bunch of those that have brought in many tens of millions of dollars. And we also help third parties do token launches.

The U.S. Securities & Exchange Commission has since taken a very dim view of the idea of the “utility token,” as we have seen from a number of enforcement actions that first were made public in 2018 and continue to be made public at a fairly brisk pace.

So where we are, or at least where any reasonable person should be, is that the “LAO” will be selling membership interests, that these membership interests will be regulated, at least in the United States, as securities, and accordingly that the registration requirements under the Securities Act of 1933 will apply to their sale unless an exemption applies. Unsurprisingly the LAO proposal elects to adopt this approach.

The proposal continues:

 OpenLaw will help on an ongoing basis with any ongoing legal requirements and improve any tooling that may be necessary to maintain or enhance the LAO. However, OpenLaw will exercise no control over the LAO unless directed by the members.

This is a weird proposal. What OpenLaw is basically saying is that everyone in the transaction is going to be passive and OpenLaw will act as a corporate services provider.

This is similar to what one might see in a securitization, for example. In a securitization, a special-purpose entity/vehicle or SPV – usually a corporation rather than an LLC – is incorporated to be the legal owner of whatever the subject matter assets of the transaction might be. Two entities assume primary responsibility for the SPV’s continued existence: the corporate services provider, who shuffles paper and signs documents on its behalf, e.g., and the trustee, who is effectively God in that it decides how to enforce the terms of the transaction in relation to which the SPV has been created (but equally, and also like God, is extremely reluctant to interfere in corporeal affairs, except in the most serious of circumstances, and only then with express authorization from the beneficiaries whose interests the trustee represents).

LLCs are a slightly different ball game, so I am not sure that “exercising no control” over the LAO will actually work. LLCs are operated by managers – and if that manager is a co-owner, we refer to the manager as a “managing member” – who has authority to act on behalf of the LLC and also is liable for discharging certain duties, both to the LLC members and third parties with which it deals on their behalf. Manager-members owe all manner of fiduciary duties of fair dealing and disclosure to other members of the LLC.

Accordingly, this proposal can really only work if there is one LLC manager – OpenLaw or a delegate – or if all the LLC members are managing members, because I can’t see an LLC member who wants to be passive and keep their liability minimal stepping forward to assume these responsibilities on behalf of the rest of the crew. The buck has to stop with someone, at the end of the day, who assumes primary responsibility for the organization’s affairs (signing corporate filings, acting as the signatory on bank accounts, instructing counsel, replying to writs and subpoenas).

And then there’s this.

We also will be exploring on-chain verification of accredited status for the LAO using third-party oracle services (such as ChainLink) to streamline the onboarding process.

No. This is not how accredited investor verification works.

2. Ethernomics

Much like the original Moloch design, members of the LAO will be able to ragequit and immediately retrieve back their fair share of unallocated funds based on their economic contribution (regardless of voting weight). With this safety mechanism in place, LAO members will always have the option to opt-out of the LAO should they disagree with aspects of the LAO membership, investment portfolio or need to rapidly receive back their assets.

What does this mean, exactly? From Simon de la Rouviere:

Moloch DAO always leaves a door open. Every time there is a vote, one can decide to exit (“ragequit”), turning non-transferable voting shares into transferable “loot tokens”. If you destroy your loot tokens, you can exit with your proportional amount of the organization’s resources (“treasury”).

I’m not sure this makes sense in a corporate setting. Let us suppose the LAO has ten members, Alice, Bob, Carol, Darren, Errol, Frankie, Gerard, Harry, Iphraim and Jimmy that each invest 10 ETH into a LAO.

The LAO takes its first vote and unanimously agrees to invest 90 ETH into a hot new Ethereum startup, CryptoMarmots. On its second vote, the LAO wants to invest 10 Eth into another hot Ethereum Startup, ScamTrainCoin, but Jimmy decides this is a bad investment and quits.

Under this proposal, Jimmy would take 9 ETH worth of CryptoMarmots’ rewards/equity/whatever and 1 Eth, meaning the LAO would only control 81 ETH worth of CryptoMarmot rewards/equity/whatever and have 9 ETH in cleared funds to invest in ScamTrainCoin.

So: the LAO now has 81 CryptoMarmot and 9 Eth and 9 members, Alice, Bob, Carol, Darren, Errol, Frankie, Gerard, Harry, and Iphraim. A new member, Kendrick, joins with 10 Eth. What happens when the LAO decides to invest the 19 ETH it now has available to spend? Does Kendrick’s new contribution entitle him to 10% of the existing pool of assets and 10% of the voting power? If so, this strikes me a raw deal; why wouldn’t he just start his own LAO where he has 100% of the voting power? Equally, why should he be entitled to dilute the CryptoMarmot “reward token” holdings earned by the other members and held in the common treasury when he quits?

How is this more than layering an unnecessary corporate intermediary between a project that is selling tokens and the (presumably accredited) investors who wish to buy them, with potentially adverse tax consequences when compared to simply buying them outright? Seeing as the management magic of Tim Draper/Marc Andreessen/Naval Ravikant isn’t here, what’s the point of tying it up in a corporate that has no management talent whatsoever?

And most importantly, even without the investment talent, how is this not regulated as if the talent were there and this constituted an investment company requiring registration under the Investment Company Act of 1940?

Many questions.

Extending emerging Moloch designs further, LAO members can also continuously claim their fair share of profits provided by tokens received from projects that receive investment from the LAO, further incentivizing collective LAO diligence, voting participation, and membership stability.

Again, this also doesn’t make sense. Seeing as the LAO has chosen to operate itself as an LLC rather than a fund, it is likely that LAO members would insist on “continuously claiming their fair share of profits,” as the pass-through nature of an LLC means that each member’s proportion of profits will be taxed and reportable on the members’ own personal or corporate returns each and every year and possibly even quarterly. Seeing as tokens can fluctuate wildly in value, how are profits to the LLC to be calculated?

To accept funding, projects will submit an application and be required to create a Delaware legal entity and OpenLaw will provide a set of standardized documents to streamline the process. If the project is later stage, OpenLaw will work with the project to ensure that the LAO can provide funding, given the project or entity’s then-current legal structure.

Is OpenLaw planning on becoming a law firm as well?

Through this approach, a project can conceivably submit a request for funding and receive funding from the LAO in days. Below is a quick preview of how fast funding can be received.

Although it’s easy to make fun of investors, the fact is that the better ones are extremely skeptical and perform a ton of due diligence before deciding to pull the trigger on an investment. The slowness of funding from a VC firm is not a function of paper-based legacy systems causing delays. It is a human problem where people simply don’t want to give their money away unless you’ve generated sufficient FOMO/investor tingles.

Moving on:

The LAO and similar structures could lead to increased development of secondary trading for LAO interests either through private markets or potentially even on public exchanges, potentially leading to a future of publicly traded venture capital funds.

Maybe. But I’ll bet it won’t. There’s a reason VCs stay private, e.g. they don’t like or want the scrutiny that being public involves.

LAO in a nutshell: boiling down OpenLaw’s 3,000-word manifesto down to one sentence

We’re not looking at anything more complex than a Delaware LLC, with some weird corporate governance arrangements that probably don’t work, and funky tax consequences, that requires OpenLaw’s constant involvement/SaaS offering in order to function.

The marketing strikes me as typical Ethereum complexity theatre, lots of bespoke jargon and an absence of straight talk. I can discern no way that the LAO would be necessary for, let alone desirable for, the facilitation of venture investments from the perspective of an investor. Without active, third-party management, the LAO simply adds another layer of complexity (and risk!) where a normal equity crowdfunding platform would just let the investor buy the product directly, hold it directly, exercise his rights directly, and pay taxes on his own investment returns only rather than dealing with the calculation of a proportional share of the profits and losses of an LLC in which he has a minority stake.

It does have a set of pre-written investment documents written for it. It appears to be unapologetically marketed at the Ethereum community so it’ll probably attract some investment. It is unlikely to have any impact beyond that limited audience.

Cargo Cult Finance

On an entirely unrelated point, I am often asked what my opinion is about DeFi. I include all types of DAOs in this umbrella. Including, for example, MakerDAO’s DAI stablecoin.

My initial response is always the same, and it’s always exactly five words long:

DeFi is cargo cult finance.

What does this mean?

As put by Richard Feynman:

In the South Seas there is a cargo cult of people. During the war they saw airplanes land with lots of good materials, and they want the same thing to happen now. So they’ve arranged to imitate things like runways, to put fires along the sides of the runways, to make a wooden hut for a man to sit in, with two wooden pieces on his head like headphones and bars of bamboo sticking out like antennas—he’s the controller—and they wait for the airplanes to land.

They’re doing everything right. The form is perfect. It looks exactly the way it looked before. But it doesn’t work. No airplanes land. So I call these things cargo cult science, because they follow all the apparent precepts and forms of scientific investigation, but they’re missing something essential, because the planes don’t land.

And this is how that looks:

cargo_1053.jpg

With that, dear reader, I bid you good evening.

For the last time, Ripple Labs created XRP

There has been a meme propagated in recent months by the folks over at Ripple Labs. That meme is that the cryptocurrency token known as “Ripple” or “XRP” has absolutely nothing to do with Ripple Labs the company, that XRP pre-existed Ripple Labs the company and was gifted to it, and that the protocol that runs XRP is totally decentralized, à la Bitcoin.

See, e.g., this blog post:

Screen Shot 2018-09-23 at 8.54.47 PM.png

Or, in the alternative, Ripple’s testimony to Parliament (pay particularly close attention to the text in red):

“XRP is open source and it was not created by our company, so that existed as an open source technology. We created a company that was interested in modernizing payments and then began using that open-source tech to do so … We didn’t create XRP… What we do have is we do own a significant amount of XRP, it was gifted to us by some of the open-source developers that created it. But there’s not a direct connection between Ripple the company and XRP.”

– Ryan Zagone, Ripple Director of Regulatory Relations

I disagree.

Why Ripple Labs has elected to push this line of reasoning, I cannot say. If I had to venture a guess, I should think that running a company that does not manage or issue a cryptocurrency is far less of a pain in the ass than running one that does. Bolting on a token to one’s commercial offering means introducing into one’s life a panoply of the worst and best elements of the crypto world: community management, troll bot armies on Twitter, Telegram groups, Subreddits, and the like. It also promises the possibility of undertaking some of cryptoland’s most sublime pleasures, including sending some love letters to any or all of the Securities and Exchange Commission, FinCEN and the Commodity Futures Trading Commission.

Now, I don’t mean to throw shade at Ripple Labs here. More power to them. Like the famous firsts of Neil Armstrong landing on the Moon, or Charles Lindbergh flying across the Atlantic in a single-engine propeller-driven aircraft, I can think of few acts of such singular daring as voluntarily wading into an ocean of complications, licences (note: British spelling) and litigants… as a cryptocurrency issuer.

In exchange for forging ahead through these many annoyances and dangers, the possibility of vast wealth awaits the Ripplenauts on the other side, a decentralized latter-day El Dorado, with vast mountains of fidget spinner-branded treasure gleaming just beyond the shore. Equally there lies the possibility of total, abject ruin. As Kazantzakis put it in The Last Temptation of Christ, “the doors to heaven and hell are adjacent and identical.” Nowhere is this more true than in cryptocurrency issuance and investment.

With this as our background, long have I been willing to extend Ripple the courtesy of not writing about them on this blog. No longer. Unfortunately, like my friend Bitfinexed I too am a “shill for truth,” so when I see Bloomberg reporting that XRP and Ripple are totally independent of one another – specifically,

XRP, which is an independent digital asset

…which is then repeated on Twitter by folks like this charming fellow,

…I am compelled to respond. This is wrong. I was there in 2013; I remember the days when Ripple owned the fact that it had built the Ripple… excuse me, XRP… protocol. Now, when the mainstream media, like Bloomberg, start to categorize XRP as an “independent digital asset,” like Bitcoin, we should, as a community, push back.

It’s crucial to ensure the market has accurate information about how XRP was created, how consensus is achieved on the XRP ledger, and therefore how XRP should be treated by an investor running a risk analysis and making an investment decision on whether and how to buy the token. Or as my friend Colin puts it:

I set the record straight below with a helpful timeline.

1) Did Ripple Labs create XRP?

Ripple Labs’ own documents speak for themselves. In my opinion the answer is “yes, Ripple created XRP, they own most of it and it was issued after company formation.” Open-and-shut determination.

a) 17-19 September 2012: Ripple Labs is incorporated

Ripple Labs was incorporated as “Newcoin, Inc.” in the State of California on 17 September, 2012, at which point a de facto corporation came into being. On the 19th of September the company’s articles of association were stamped by the CA Secretary of State, at which point “Newcoin, Inc.” formally came into being.

Screen Shot 2018-09-20 at 6.30.03 PM

Contrary to what many of Ripple’s defenders on Twitter and the forums claim, “Newcoin, Inc.” is, for all intents and purposes, the same company as present-day “Ripple Labs.” Newcoin, Inc. was renamed to “Opencoin, Inc.” in October, 2012. OpenCoin Inc. was later re-named to “Ripple Labs, Inc.” in 2013.

California-incorporated Ripple Labs, Inc. was then merged into a wholly-owned subsidiary, a Delaware corporation also called “Ripple Labs, Inc.,” in 2014. This is the Ripple Labs we all know and love today.

Delaware_ripple.png

Anything done by Newcoin/Opencoin/Ripple Labs (CA) was done by a direct predecessor of the current Ripple entity that runs the business. All those names refer to the same company. For the sake of this analysis, therefore, each of the four names should be treated as if they refer to the same enterprise.

b) 17 September 2012: The Founders’ Agreement is signed

On the same date and presumably at or about the same time, the Ripple founders Arthur Britto, Jed McCaleb and Chris Larsen signed the following short-form agreement:founders-agreement-2

Now, I’m an English lawyer rather than a California lawyer (because the Countenance Divine shines forth upon England’s clouded hills, whereas California is just awful). But if this agreement were governed by English law, it would achieve three things. I’ll work through them in reverse order, because it makes more sense that way.

In the third paragraph, we have what appears to be either a very slapdash IP assignment or a reference to an IP assignment which is taking place in some agreement that’s outside of the four corners of this letter.

Crucially, the assignment shows that the intellectual property in Ripple the software was to be transferred to Ripple Labs (technically Newcoin Inc., renamed to Opencoin Inc. 30 days later, and eventually renamed to Ripple Labs, Inc.) and would thereafter be owned by Ripple Labs and not by Arthur Britto. There was, furthermore, an agreement, either here (if so, poorly drafted) or referenced here and agreed somewhere else more fully, that any further contributions by Britto or anyone of the other Founders to the Ripple software would be open-source. In exchange for that assignment, Ripple granted a lifetime licence to Britto to build apps with the coin (no word on whether that licence is assignable or not).

IMV Ripple got the better end of that deal. But I digress.

Moving up to the second paragraph, here we have the three Founders making agreements about how credits will later exist on an “Official Ledger” which “it is anticipated” (a) will have 100 billion credits and (b) if it has more credits than that, will permit Britto to acquire (again, per a fairly loosely-drafted anti-dilution provision) a number of credits, at no charge, that will bring his total holdings of credits to 2% of the total number of credits in issue.

Finally, we have the first paragraph. We know from the third paragraph that, per this agreement, Ripple Labs owns the Ripple software. We know from the second paragraph that, per this agreement, there’s going to be an Official Ledger built with the software Ripple Labs owns and, based on the construction of that paragraph, it is likely that the Official Ledger does not yet exist as it is referred to in the future tense. Therefore “Ripple Credits,” later re-branded XRP, also do not yet exist. 

Now, we are told that on that Official Ledger, 80% of the Ripple Credits “shall be allocated to the Company, as determined by the percentage share of all existing Credits set forth in the ledger created, approved and adopted by the majority of Founders as the Official Ledger.” So we know that of the software Ripple owns, that does not yet exist, in relation to which an official ledger is to be created, Ripple is to be allocated 80% of the tokens thereon for its own purposes.

So when were the tokens actually created?

c) 1 January 2013

The first Ripple transaction in existence was made on 1 January 2013, when the network was publicly launched. We can assume that this is the “Official Ledger” as, presumably, no launch would have occurred without the requisite majority of the Founders providing their consent (and at least Chris Larsen and Jed McCaleb would have consented to this version of the ledger, based on the historical record). Ripple Labs, Inc. also will have owned all the IP in the Official Ledger if it had executed anything like market standard agreements with its founders and employees. More on IP ownership in the “conclusions” section below.

Here’s what the transaction explorer says about all of the transactions on the Ripple ledger from 17 August 2012 (a month before Ripple Labs was incorporated) through 31 December 2012:

Screen Shot 2018-09-20 at 6.59.17 PM

Zero. Zilch. Donut.

So are there any transactions on 1 January? Why yes. Yes there are. 18 of them to be precise:

Screen Shot 2018-09-20 at 6.59.43 PM

d) So is XRP an “independent digital asset?”

The terms “independent” and “digital asset” are not defined when used by Ripple, so rather than go back and forth about semantics all day, I suggest we simply ask a different question.

The question that really should be asked is “Is calling XRP an ‘independent digital asset’ potentially misleading given the factual matrix surrounding its creation and issuance?” This is a question I cannot answer; you, dear reader, will have to do that for yourself. Our information, available from public documents and block explorers, tells us:

  • The “Official Ledger” did not exist on 17 September 2012.
  • I assume the “Official Ledger” is the XRP everyone uses today. Indeed, it can have no other meaning. In that case, transaction data on the Official Ledger shows that it did not exist until 1 January 2013.
  • On 1 January 2013, Ripple Labs very likely owned all right, title and interest in the software on which the Official Ledger was being run that had been generated by its founding team. If they covered their bases Ripple Labs will also have owned all the IP contributed by any other team members, e.g. David Schwartz.
  • On the launch date, Ripple Labs owned 80% of the tokens on the network, being 80 billion tokens.
  • The tokens were called “Ripple Credits.” As in Ripple Labs, the company.
  • To the extent any Ripple Credits tokens owned at one point by Ripple Labs are now being traded by third parties, it is because those tokens were first sold into the public markets by Ripple Labs or otherwise found their way there by some volitional act of Ripple Labs.
  • To the extent any Ripple Credits tokens are being traded at all, these will have at one point been part of contractual arrangements to which Ripple Labs was a party.
  • Any Ripple Credit token on the network was created pursuant to a pre-incorporation agreement, which Ripple Labs appears to have adopted, in relation to which Ripple Labs appears to have been an intended beneficiary and which assigned Ripple Labs the rights in the software with which that Official Ledger was, and any Ripple Credits in it were, to be instantiated.

To really drive the point home about who calls the shots about XRP, look at the branding of the product itself. When I go to Ripple’s website, on the upper right, there’s a heading that says “XRP”…

 Screen Shot 2018-09-20 at 9.40.44 PM.png

…which, if I click through, leads me to a big honking logo reading “XRP…”

Screen Shot 2018-09-20 at 7.13.56 PM

…a brand name owned by none other than… you guessed it!… Ripple Labs. 

Screen Shot 2018-09-20 at 9.14.44 PM

If, in Ryan Zagone’s words,

XRP is open source and… was not created by our company,

…what business, exactly, did Ripple Labs have registering that trademark with the USPTO, thereby representing that Ripple Labs owned that IP, on 17 May 2013 – nearly six months after the network launched on 1 January 2013?

My conclusions

The Ripple vs. XRP situation appears pretty straightforward to me. All of the above makes no sense if Ripple did not create XRP, and makes perfect sense if Ripple Labs did in fact create XRP. This rather suggests that it may be less than accurate to characterize XRP as being fully independent from Ripple Labs. Certainly it is absolutely not accurate to say that XRP’s existence has always been separate from Ripple Labs.

The fact is, Ripple Labs is all over XRP. The XRP brand name is owned by Ripple Labs. The fact that Ripple Labs filed a trademark application over the word mark “XRP” six months after launch, and 8 months after Jed McCaleb’s GitHub commit on 4 November 2012 that first changed the ticker symbol from “XNS” to “XRP,” shows that (a) XRP did not exist before that date, which in any case is two months after Ripple Labs was incorporated and (b) the company regarded the “XRP” IP as its own.

From the date of incorporation onwards, the software which runs XRP appears to have been owned by Ripple Labs. The copyright notice over the software specifies that Ripple Labs began asserting copyright over the software as early as 2012, consistent with our interpretation of the “Founders’ Agreement” that appears to show the company was concerned with getting the IP in the product away from the developers and into the Ripple Labs, Inc. vehicle.

Furthermore, the software was not open-source when XRP were created, as the company claims. Rather, Rippled as a whole was closed source and proprietary until 26 September 2013. (And here’s the GitHub commit proving same), although some FOSS code was incorporated into it. Although the “Rippled” software is currently open-source, according to the License.md file currently found in in Ripple Labs’ GitHub repository, Ripple Labs continues to own and assert copyright over the protocol to this day.

Screen Shot 2018-09-21 at 3.02.10 PM
In software-land, this is what ownership looks like

Then there’s the matter of the tokens which Ripple claims it received as a “gift.” A very large number of the tokens were, are, and will likely continue to be owned by Ripple Labs. XRP tokens were not “gifted” to Ripple Labs but rather were granted to Ripple Labs by Ripple Labs itself in consideration of and in accordance with certain mutual obligations contained in a commercial contract to which the original Ripple Labs, Inc. was bound. (See, e.g., the language: “[Ripple] Credit Grant.”) This commercial understanding, when signed, was not yet implemented on an “Official Ledger” that was to be created by engineers who either founded Ripple Labs or were otherwise employed by Ripple Labs, meaning that it is exceedingly likely that Ripple Labs owned the resulting work product outright.

The “Official Ledger” was that work product. No “Official Ledger” containing XRP or any transactions on the ledger which is today used as “XRP” existed before Ripple Labs, Inc. (initially named Newcoin Inc.) was incorporated on 19 September 2012. What we call XRP came into being at Ripple Labs, Inc.’s behest and with its very close involvement on 1 January 2013 when Ripple Labs launched what was referred to in the Founders’ Agreement of 17 September 2012 as the “Official Ledger.”

The “Official Ledger” was later called the “Ripple Network” or “Ripple.” Today the “Official Ledger” is called “XRP.”  It’s the same thing.

Until recently, this view was shared by Ripple Labs, who wrote in 2013 that “Ripple was created by Opencoin, Inc.” (h/t Michael del Castillo for the image.)

Screen Shot 2018-09-25 at 6.36.30 PM.png

It doesn’t really get much clearer than that. XRP is a Ripple Labs project.

End of discussion.

And that’s fine. Many companies are embarking on token projects and I wish them all the very best of luck. However, only one company is, for whatever reason, trying to convince us that none of this ever happened. That company is Ripple Labs. And that I cannot abide.

2) Is XRP decentralized?

I’ll be staying out of that debate save to say that there is disagreement, and I am happy to point you to it.

Ayes to the right:

Noes to the left:

And in the opinion of BIS:

And with that, my friends, I bid you good evening.

Against Tokens: Part II

This is adapted from a Reddit thread (shout out to my homeboys in /r/ethereum). It is a follow-on from an earlier piece, Against Tokens.

Warning: this blog post is long.

Today brings us a paper, written by Coin Center and Debevoise & Plimpton, and sponsored by Coinbase, USV, Coin Center and ConsenSys, which explores the question of whether tokens sold on a blockchain are or are not securities under the test of Howey v SEC.   

Given what we know of the paper’s sponsors, the paper’s unsurprising conclusion is:

An appropriately designed Blockchain Token that consists of rights and does not include any investment interests should not be deemed to be a security, subject to the specific facts, circumstances and characteristics of the Blockchain Token itself…. given our analysis in the above, it should be characterized as a simple contract, akin to a franchise or license agreement.

Oh! So tokens are acceptable now, all is forgiven and this is now a valid business model?

Wrong.

So I’m going to spend the next 3,000 words taking Coin Center’s proposition apart. The paper arrives at this conclusion because it asks the wrong question. Of course it’s possible to do virtually anything on a blockchain in a legally compliant way, including representing an interest of some kind as a security or not, as any type of data entry you want, whether that be a “token” or otherwise. As one comment on Reddit put it, aptly,

you can make a tree branch into a security if you wrap it in the utterances and ceremonies which make it a tally stick.

stick-of-truth
How it might look

This view, mind you, is what informed the innovation known as a private blockchain. With private blockchains, no cryptocurrency is involved and the rights and obligations of all the participants are set out neatly in writing somewhere – with the blockchain used as a distributed reconciliation engine for the participants.

But private blockchains aren’t what we’re talking about here. The instant case concerns the idea, per USV’s Fat Protocols post, that users of a “public” or “unpermissioned” cryptocurrency/blockchain protocol should

become stakeholders in the protocol itself and [be] financially invested in its success. Then some of these early adopters, perhaps financed in part by the profits of getting in at the start, build products and services around the protocol, recognizing that its success would further increase the value of their tokens.

This process/business model follows a simple four-step plan:

  1. Developers have idea for a coin.
  2. Developers write an application, instantiate their new blockchain and sell tokens on that blockchain to fund development of the half-baked protocol they’ve already released (because, you know, they already sold the tokens). 
  3. Developers and early adopters sell those blockchain tokens on public crypto-exchanges for profit;
  4. Bro down.

PcjfYa-south-park-on-twitter-start-up-V6KQ.jpeg
How it actually looks

The question the paper does not directly answer, and the question everyone would like to see answered, is whether the method for conducting a token sale as they are actually done on a daily basis – the “Bro Down Model™” – is legally compliant.

Given what we are dealing with (selling unregistered investments to unsophisticated investors over the Internet) it is pretty easy for the answer to that question to be “no.” And to reach that conclusion, it doesn’t really matter whether we’re dealing with a security or not.

Let me break it down for you:

1A) Scenario A: Tokens = Securities

Let’s say, for sake of argument, that the tokens issued per the Bro Down Model do turn out to be securities or investment contracts, which is the only way that the “fat protocol” thesis currently being bandied about in the Valley and elsewhere makes any sense.

If something is sold with the expectation or intention that it’s an investment, irrespective of what function that thing performs, it’s going to be deemed an investment contract by the regulator. Investment contracts, as a matter of law, which are offered to the public may only be so offered through the filing of the appropriate documentation/registration statements, the publication of a prospectus and the sale by broker-dealers or equivalent, licensed service providers.

This would need to be done every single time an ICO/protocol offering takes place.

This process is standardised, straightforward, and legally certain. In the real world the process is absolutely mandatory for every offering of investments to the public. However, ICO promoters to date have all chosen not to follow this remarkably simple, standardized process. 

Which is odd – since if these transactions were all above-board, legally kosher investments, as they have been marketed, I can’t see any reason why someone wouldn’t try to make them stand up to the scrutiny of the regulators. Surely an opportunity to legally access public capital markets with a simple coin is an opportunity too good to pass up.

But I digress.

1B) Please note: the argument that tokens are “not an investment” is nonsense

When cryptogeeks talk securities law, Dunning and Kruger are never very far away. A first-year trainee lawyer in a banking seat has the requisite training to see that blockchain token-sale transactions would not pass muster with the regulators. And by “not pass muster,” I mean not even close.

The entire “fat protocol” thesis re: blockchain tokens only makes sense if the tokens are in fact purchased for the purpose of investment and asset price appreciation. Which all ICO promoters, deep down in their hearts, know. But refuse to admit.

Let’s revisit the “fat protocol” blogpost quoted above, only this time, let’s put some text in bold:

become stakeholders in the protocol itself and [be] financially invested in its success. Then some of these early adopters, perhaps financed in part by the profits of getting in at the start, build products and services around the protocol, recognizing that its success would further increase the value of their tokens. (emp

That these tokens are envisioned to have value in market exchange is more or less admitted by Coin Center where the paper issues this recommendation:

(Scheme promoters should decide on) the percentage of the total token supply that represents a fair reward for the work of the development team and advisors.

yet the USV-sponsored Coin Center paper goes on to contradict itself by saying:

Marketing a token as a speculative investment, or drawing comparisons to existing investment processes, may mislead or confuse potential buyers. It may also increase the likelihood that the token is a security.

These ideas are, from a securities law perspective, not reconcilable. One cannot say something one sells to third parties is not an investment if (a) the value of that thing is tied to the performance of the project and (b) you plan to provide that thing to developers in consideration of their work on that project, with the expectation that they can cash out.

1C) Scenario B: Tokens ! Securities. Are we in the clear now?

No. 

Coin Center’s 27 pages’ worth of legal gymnastics earlier today struggled desperately to explain why ICO transactions are not necessarily securities or investment contracts and are in fact some other kind of legal critter. So let’s be charitable and give Coin Center & friends the benefit of the doubt – and suppose they’re right.

This is still not a green-light where we can with confidence say

“OK, so the Bro Down Model is just like selling knitted jumpers from a local store.  Let’s sell tokens willy-nilly. WORD UP.” *fist bump*

To the contrary: we have to explain what, exactly, these non-investment investment tokens actually are.

Even if token sales aren’t investment contracts, there’s unquestionably a contract somewhere in here to sell them. Where promoters plead “decentralization” to try to disclaim that any contract exists, there are still unquestionably inducements and representations made by promoters – marketing – to buy into these schemes, otherwise we would not know they exist.

Misbehaving  in any way in relation to the promotion of a token scheme can still attract extremely serious criminal penalties of various kinds, depending on:

  • what the promoter said to third party investors in order to induce people to buy the tokens,
  • whether any of the promoter’s statements were untrue and misleading, or whether the promoter failed to disclose material information; 
  • whether the sale is considered an unfair trade practice under applicable local statutes (as these things often are);
  • whether the promotion activity requires a licence;
  • how much money these buyers subsequently lose, 
  • whether the regulator, and which regulator, takes notice of the activity.

A range of potential civil and criminal sanctions are therefore available depending on the fact pattern. They range from the relatively benign such as

  • innocent misrepresentation entitling the buyer/investor to rescind;

to the more serious such as

  • undertaking a regulated activity without authorisation (or equivalent in whatever jurisdiction you’re operating in);

to show-stoppingly, life-endingly, extremely serious e.g.

  • theft or fraud by false representation, or
  • a finding that the promoter engaged in unfair trade practices.

This is to say nothing of the tax consequences of operating such a scheme, liability for which (absent a legal entity) would arise personally against each of the scheme’s promoters, likely through the lens of a Partnership Act 1890 general partnership or local equivalent. 

When enforcement comes, false or exaggerated statements are what is most likely to get scheme promoters into trouble. In terms of what statements we typically see made out in the field, cryptocoin promoters are not known for sober restraint and are usually not *that* careful with the representations they make. 

Screen Shot 2016-12-09 at 18.00.07.png
Exhibit A

2) If the tokens are designed to have intrinsic value, like Bitcoin, you’re doing it wrong

Assuming that “rights” exist at all – as the Coin Center paper does –  presupposes the existence of a licensor/franchisor, i.e. someone against whom the “right” can be enforced. Tokens that follow the mold of Bitcoin or the “fat protocols” idea espoused by USV, on the other hand, are designed to have standalone value which is intrinsic to the token and does not depend on a third party to redeem or honour it.

These two approaches are mutually exclusive.

As anyone who knows how a crypto-token ICO works, “public blockchain” systems with exchange-listed tokens follow the latter approach (coins, intrinsic value, not redeemable). Where there’s no licensor/franchisor, there is only

  • the “fat” protocol,
  • its tokens, and
  • what those tokens are worth.

Because of this, it’s impossible for there to be legally binding licences or franchise agreements, because contracts require counterparties. The suggestion from Debevoise that we could characterise blockchain tokens created through a token sale as being licenses or franchises is therefore not accepted. Legally, what we’re dealing with is

  • an automatic, distributed software system, that
  • a promoter set up with money from unsophisticated “investors,”
  • which confers those unsophisticated “investors” no legal rights, and
  • which uses game theory to hold itself together – game theory backed by the money of new investors combined with the promise of astronomical returns made by the original promoters.

Here, as with many ICOs, there are no rights and obligations conferred – just tokens which serve no practical function and which value depends on whether people will buy them, and little else.

It is not therefore something I could recommend as a prudent structure for a transaction. 

3) What if I don’t sell any tokens and just hold back a pre-mine?

Different set of issues, but still real potential for a crap sandwich.  Including AML/KYC issues and money transmission issues. World of pain, etc. 

4) Shenanigans 

Trying to get around public offering rules strikes me as a bit of a minefield and not worth the risk.

The law wasn’t born yesterday. Saying a token is “purely functional” or a “software product”, so therefore “not an investment” is language we’ve seen before – the Federal Trade Commission observes that fraudulent investment schemes (of the non-cryptocurrency variety) often promise “consumers or investors large profits based primarily on recruiting others to join their program, not based on profits from any real investment or real sale of goods to the public. Some schemes may purport to sell a product, but they often simply use the product to hide their pyramid structure.”

For this reason, legitimate investments don’t try to walk the line – they try to be two miles away from the line, and on the right side of it.

It would be easier to just do things correctly, constitute your token as a security on a private chain and publish an offering circular. As Patrick Byrne’s T0 is planning to do.

But saying we should listen to Sherriff McLawdog all the time stifles innovation! I hear you cry.

Poppycock. If you want to get investment from someone, there are ready categories – VC, equity crowdfunding, bank debt, convertible debt – which a young blockchain entrepreneur can and should avail him/herself of in order to obtain working capital for his or her business. These legal classifications involve the entrepreneur obtaining that capital, usually from a sophisticated investor, after setting out a detailed business case and setting out in writing, the legal rights which his or her investor will obtain in the business in exchange for their money. 

When someone is selling a coin, on the other hand, this means that someone is trying to get money very quickly from unfussy, unsophisticated investors who are grateful for the chance to get in on the ground floor of the “next big thing.”

Because they’re unsophisticated, in consideration they do not insist upon, and therefore do not receive,  any rights in the business which those funds build in return (e.g. equity, interest, or a share in the profits).

I repeat: someone selling you a coin is bootstrapping their business with your money, and may very well be giving you jack squat – no stake – in their business in return. 

Experience shows that unsophisticated investors are not particularly aware of how badly they’re treated by promoters of these ICOs or similar schemes.

5) Ignoring the law doesn’t mean it doesn’t exist

This, of course, is questionable from a legal perspective. Its questionableness would be more obvious if the coin-sellers were to promise a security and give you nothing in return; you could take your fake share certificate or fake secured loan to a lawyer, who could undertake some inquiries, and tell you whether the document were genuine/enforceable or not.

Turn a fake “share” into a “coin,” however, and suddenly all bets are off? I don’t think so – and I don’t think regulators such as the UK FCA or the Securities and Exchange Commission think so either although, for reasons known only to God, they have so far failed to drop the flaming hammer of justice on these schemes.

So, when we see a project not choosing a legal framework up front and saying “the software rules all,” it means, more often than not, that someone promoting a ICO has a compelling interest in not following the formalities because they’re out to screw you.

Doing things on a purely P2P basis has been shown to frustrate enforcement enough that, at least in the short term, scheme promoters are able to get away with it. But ignoring the law doesn’t mean it doesn’t exist. 

Blockchains and cryptocurrencies are not a new paradigm in personal property or the law of obligations. When enforcement occurs – as it surely will – courts will look at the arrangements and take the initiative in classifying them themselves. That’s generally not a good thing – making an affirmative choice to be this thing or that (e.g. a LLC or a Limited Company) comes with significant tax, liability, or ease-of-doing-business benefits which you will very likely lose if you let a court make that decision for you (and, say, calls your blockchain critter a general partnership or a mere misrepresentation).

6) Conclusion: don’t buy it

The question then turns to why this subject is coming up again today, given how much the tech has moved on since the altcoins’ heyday (and collapse) three years ago.

I have no idea why any honest new business would want to run an ICO unless they were supremely poorly advised. Entrepreneurs owe their users better treatment, it’s commercial suicide from a VC or new business development standpoint, and creates a huge contingent risk of future enforcement action.

One theory I have is that some companies in the “blockchain” space got into Bitcoin or some other coin – hard – and possess such an intractably deep-seated loss aversion bias that they’re held in thrall to the Almighty Coins, unable to cast off their original thesis, and incapable of seeing what the space has become. Chiefly:

  • Bitcoin and internet funny money tokens are on the way out, and
  • good old-fashioned applied cryptography, business process/workflow automation and enterprise networking are on the way back in.

Because the only other plausible explanation for so many people thinking that crypto-tokens are appropriate investment products is that they’re all on drugs.

I’m going to give them the benefit of the doubt and assume they’re talking their own books.

The 2017 interpretation of the tech is not just legally correct, but it’s morally correct as well – and in keeping with the ethos of open-source software development. There’s nothing “free and open” about a FOSS protocol that costs money to use and causes a direct pecuniary benefit to accrue to early adopters – that’s called a rent, and imposing it runs contrary to the idea that the “free” in “FOSS” should mean both free as in beer and free as in speech.

A point which, over the course of 2017, I shall enjoy pointing out whenever it is prudent to do so.

.