Compliance: Impossible

It is increasingly clear to me that running a globally compliant Internet business will soon be, if it is not already, impossible in several important domains. In two specific spheres, crypto and publishing, the problem is most acute. As the post-war international order fractures, so too does the Internet. The result is that soon Internet businesses in crypto or publishing will have no choice but to violate the law somewhere if they want to continue to exist.

In the case of crypto, there are generally three regimes: (A) the United States and OECD; (B) BRICS; (C) Rest of World (“ROW“).

Although there is substantial variation within the U.S./OECD crowd (for example, the United Kingdom and Australia do not generally regulate ICO coins as transferable securities whereas the U.S. and Canada do), the general understanding is that the government has a substantial interest in regulating practically every touchpoint or intermediary which facilitates access to blockchain protocols and even, in the case of recent U.S. Securities and Exchange Commission noises around exchanges and/or U.S. treatment of the Tornado Cash smart contract, even access to protocols without access to intermediaries, even if overseas operators cannot be accessed directly from the U.S. but need to be accessed via VPN.

The result is that crypto businesses fundamentally cannot do in the United States what they are permitted to do in many other places, meaning crypto cannot be used in the United States in the manner it is used in other places. The U.S. requirement to treat every token like a full blown security, and all of the intermediary re-insertion to the process that entails (transfer agents, broker-dealers, custodians, ATSs, etc.) defeats the entire point of using the technology in the first place. As a result, a lot of crypto companies carrying on certain regulated activities will wind up having two different crypto businesses – an American-only offering and a ROW offering – because the irrationally harsh approach American regulators are taking to the space will make it impossible to market the ROW product to Americans on an economically viable basis, if at all.

BRICS countries (Brazil, Russia, India, China, South Africa) on the other hand, do regulate crypto but pair that regulation with slightly weaker and/or willfully blind and/or corrupt enforcement capacity. India is the most OECD-like of this group. Brazil is a very close second although to the observer trained in Anglo-American jurisprudence, the “Calvinball Constructionism” utilized by the Brazilian Supreme Court – which seemingly makes up new law from thin air every time it encounters a state of affairs it doesn’t like, without any requirement for there to have been a case pending before it first – appears very strange, and such volatility is likely to scare American business away.

Russia and China on the other hand appear willing to look the other way to permit activity within their borders that keeps them “in the game” while also possibly frustrating the geopolitical aims and global reach of their main rivals, the United States.

So we see headlines about countries like China banning crypto and Bitcoin mining, but failing to enforce it – the mining continues on.

Or we see entrepreneurs like Alexander Vinnik of BTC-E operate freely in Russia, get picked up in Greece for violating all of the laws in the United States, and now years later we learn Russia is reportedly considering pulling him back home as part of a prisoner exchange. If such an exchange came to pass, it would tell me that Vinnik’s failure to obey the U.S. Bank Secrecy Act – and Russia’s attitude towards compliance within its own borders generally – has less to do with the actual content of the laws on their books and more to do with whether the activity serves Russia’s interest in undermining America’s control of the global financial system.

In the case of publishing, similarly, each country is charting its own course regarding Internet censorship and state control of published materials on the Net. Generally speaking, there are two regimes: (A) the United States and (b) ROW. In this matrix, however, the United States is the freest jurisdiction in the world, with strong First Amendment protections for sites wishing to host user generated content and for the content users choose to post, as well as the affirmative defense for platforms which host that content from civil actions in the form of 47 U.S.C. § 230(c) (commonly known as “Section 230”).

No power on Earth can force an American company running an application on American metal to censor even a single bit of user generated content which is lawful in the United States.

The ROW, on the other hand, has a variety of different regimes with different rules, but one thing in common: most of the ROW confers the right on the state to order platforms to take down political content which would be lawful in the United States. This is the case with Germany’s NetzDG, with the E.U. Digital Services Act, with the Brazilian Paim Law or recent nation-wide ban of the Telegram app, and, if enacted, with the United Kingdom’s Online Safety Bill.

At the moment, companies such as Twitter generally comply with these laws by removing content or blocking it in the subject jurisdictions but allowing it to remain accessible from elsewhere, such as in the United States. As the world splinters, however, I expect that countries’ censorship regimes will become more demanding and that erasure, not obscuration, will be required. Much like the U.S. SEC/CFTC/DOJ/WTF/BBQ have problems with VPNs when it comes to digital money, so too will the Europeans when it comes to speech. Companies will have no choice but to fold to every petty takedown demand or fall out of compliance.

Combine with this with conflicting data privacy regimes, or laws in places like Poland which bar companies from censoring social media users, or a desire to simply not engage in political censorship and… well, you get the idea. You can’t comply with conflicting requirements at the same time, and you can’t run a business that has American values in a European country.

The third major category which the world might fumble on technological progress, but where it’s still way too early for there to have been anything approaching a coherent regulatory proposal emanating from our idiot leaders, is the field of Artificial Intelligence. I suspect that from a regulatory perspective A.I. will likely fall into the “publication” category in the United States. Thus, barring some political disaster like a Butlerian Jihad, the First Amendment and Section 230 will do their thing and America will have another chance to lead the world there.

I am of course speaking in generalizations here. Any one of the statutes mentioned in this post could merit an entire book’s worth of writing by itself, so read the above not as specific conclusions following rigidly structured analysis but rather as hunches based on how these laws feel, to me, as I have been getting my hands dirty with them.

Speaking and transacting combined represent the overwhelming majority of human activity. It occurs to me that America is making the gravest of strategic mistakes by choosing to be the world’s leader when it comes to decentralized, digital publication of words and the expression of ideas, but not the world leader – or even a major player – when it comes to the adoption of decentralized, digital money.

In case it is not clear to our politicians by now, let me be frank: technological prowess is the only issue that matters. The brightest possible future belongs to the country which decides to become the most technologically advanced, and the country that does that is the one that embraces total freedom for its people. Not in one category of technology or another, but in all of them at the same time.

This – with an assist from Alan Greenspan – is what lit the fires of the American economy in the megaboom years of the 1990s and 2000s, and could do it again today. America could own the 21st Century. Instead we’re printing to infinity and blowing our lead. What a shame.

Economic unreality: a retrospective on a decade of ICO litigation

An edited version of this post was published on CoinDesk on Tuesday, December 6th.

The story of the Initial Coin Offering in American law is a play in four acts: Kik Interactive, Telegram, LBRY, and Ripple Labs. With three of the four cases decided, and Ripple Labs and the U.S. Securities and Exchange Commission exchanging dueling replies to motions for summary judgment on Friday, Dec. 2nd, we now enter the dénouement of a ten-year-long story that began with long-forgotten projects like Mastercoin and Counterparty, blasted into public consciousness with projects like Ethereum, and now slowly dies as American crypto developers shun the mother country for greener pastures abroad.

If Ripple should lose, as I expect it will sooner or later, its defeat would be highly symbolic. The company and its associated protocol are among the most longstanding and significant cryptocurrency projects in the world. Back when it got its start in 2012, the term “Initial Coin Offering” didn’t even exist. Neither did enforcement against the then-miniscule crypto industry – the U.S. Securities and Exchange Commission (“SEC”) wouldn’t announce its first settlement for non-registration until November of 2018 with the Airfox and Paragon ICOs. For context, Ripple’s network went into production on January 1st, 2013 – nearly six years earlier.

Apart from the fact that Ripple has sat in the top ten coins by market cap for nearly a decade, the project also represented a unique approach to consensus at a time when approaches to blockchain consensus of any kind were only a few years old, and both cryptocurrency users and institutional blockchain users were engaged in substantial experimentation to get the lay of the land.

Generally speaking, blockchains in the 2013-15 period worked in one of four ways: (1) proof-of-work, (2) proof-of-stake, (3) permissioned, and (4) that weird thing Ripple does.

Ripple utilized a novel consensus mechanism where a list of nodes, the so-called “UNL” or “Unique Node List,” conduct round-robin voting until 80% of them arrive at an agreement as to which transactions should be appended to the end of a chain in a given round, similar to a model more commonly known today as delegated proof-of-stake (except, without the stake). Similar approaches with PBFT round robin voting processes, without the UNL and markedly more decentralized, can be found today with many protocols like Tendermint or Cosmos. The advantages of this approach, it was claimed by Ripple’s proponents, are that the network can process many more transactions at far lower cost. The disadvantages, it is claimed by its detractors, are that it requires a higher degree of trust and is not truly decentralized.

Ripple’s legal troubles are not about the protocol, though – they’re about the tokens. On genesis, Ripple Labs or its predecessor OpenCoin entity minted 100 billion tokens, which were subsequently distributed to the company and early officers and then sold into the wider crypto markets to fund Ripple Labs’ operations.

At the time, there was much spirited debate about whether tokens sold in such a manner constituted securities. On one side were crypto entrepreneurs who claimed that token sales could serve as a lightly regulated governance mechanism and crowdfunding tool. On the other were many lawyers, myself included, who thought that the SEC would eventually get wise and crack down on the practice.

As we now know, the skeptics were right.

The first ICO to go down in a big way was Kik Interactive. Kik was, or rather still is, a lightly-used messaging app which pivoted into crypto at the height of the first great ICO boom in 2017. Kik sold tokens directly to the public without a registration statement in effect. The SEC sued and, sixteen months later, Kik lost on a motion for summary judgement. 

Telegram was the Commission’s next scalp. Telegram, as is widely known, is a popular, allegedly encrypted messaging app founded by Russian VK billionaire Pavel Durov. Famously, despite being one of the most popular messaging apps on the planet, Telegram generates no revenue. To remedy this, Telegram issued and sold a staggering $1.7 billion in cryptocurrency tokens in various private fundraising transactions via private placement over the course of 2018.

Telegram differed from Kik Interactive mainly in that Telegram sold tokens first via private placement to high net worth and offshore investors, who would presumably later unload those tokens onto U.S. markets and thus to U.S. retail purchasers. Mere days before the tokens were to be issued, the SEC sued Telegram and obtained an emergency restraining order halting the token conversion. Here, too, the SEC would quickly win on a motion for preliminary injunction. The Telegram token project died immediately.

LBRY (pronounced “Library”) was the next project on the chopping block. LBRY is a reimagining of YouTube with decentralized monetization tools, designed to solve the problem of politically-motivated censorship at companies like Google and Facebook. The token performed a real function in a real application. In my estimation the project was one of the most honest and straight-shooting, if not the most honest, ICO ever conducted in the United States. The sale of that token, however, was deemed to be an offering of investment contracts. As in Kik Interactive and Telegram, LBRY too lost a motion for summary judgment, this time in the District of New Hampshire. LBRY has said that “LBRY Inc. will likely be dead in the near future.”

This brings us to the present day. On December 2nd the SEC and Ripple exchanged duelling motions in what should be the last shots fired, or at least among the last shots fired, between them, before a judge in the Southern District of New York will rule, once again, on the legality of a token project.

Boiling down Ripple’s argument in this case to a single line on Twitter, company counsel Stuart Alderoty resorted to something akin to denial, arguing, among other things, that there is no investment contract because there is no formal contract between Ripple and XRP purchasers, and that the tokens were sold for consumptive use.

The SEC, for its part, refers to “economic reality” not less than 15 times, asking the court to look “beyond boilerplate disclaimers to the economic reality” of the sales and that this economic reality “forecloses any argument that Ripple offered and sold XRP primarily for consumptive use.”

Reviewing the precedents, it’s pretty clear which argument has been more successful in federal courts. In Kik, Judge Hellerstein wrote that “form should be disregarded for substance and the emphasis should be on economic reality” (citing Tcherepenin v. Knight, 389 U.S. 332, 336 (1967)). In Telegram, Judge Castel pointed out “Congress intended the application of [the securities laws] to turn on the economic realities underlying a transaction, and not on the name appended thereto” (citing Glen-Arden v. Constantino, 493 F.2d 1027, 1034 (2d Cir. 1974)). In LBRY, Judge Barbadoro wrote that “the focus of the inquiry is on the objective economic realities of the transaction rather than the form the transaction takes” (citing United Housing Foundation v. Forman, 421 U.S. 837, 848 (1975)).

The SEC concludes its reply brief by stating “the registration regime established by the federal securities laws does not regulate ‘industries.’ It regulates conduct… for the benefit of investors.”

But does it really?

Reconsidering “economic reality”

At this point, the crypto industry has more or less resigned itself to the fact that a garden-variety ICO likely satisfies all of the limbs of the Howey test. I expect the outcome of the Ripple litigation will only confirm that.  But unlike 2016, when most of these investigations presumably started, there is another economic reality that needs to be considered: today, it is abundantly clear that crypto is never going away.

For all the case precedent discussing “economic reality,” the more material economic reality for America, as a society, is that there are hundreds of millions of crypto users around the globe, and that number is growing exponentially.

It’s pretty clear that a huge class of investors doesn’t want what the SEC’s selling. In fact, they want its opposite. Millions of digital natives use trustless smart contracts daily for loans and other financial beasties, or grant and purchase assets like fractional royalty cashflows. They do so in an instant, from anywhere in the world, with anyone in the world, on handheld supercomputers smaller than a chocolate bar. Very soon they will do so with the assistance of AI. Such investors will literally have superhuman abilities at their fingertips.

Telling next-generation crypto projects that the only path to compliance is to “come in and register” or drop dead is like trying to take a Model T into space. Crypto’s basic mode of operation is by self-custody and directly peer to peer over the Internet, not via paper forms signed with wet ink and mailed to a transfer agent or broker-dealer. There are no national securities exchanges which support cryptoasset trading. The SEC won’t even approve an ETF. The list goes on.

For the last six years, crypto has accepted the economic realities of a Depression-era regulatory scheme. The only question for America, at this juncture, is whether we want to back off from that regime just a little bit so we can nurture and supervise these new crypto companies right here at home – or persist, and drive them offshore.

The old ways are finished, whether Congress likes it or not.

The next wave of crypto is social

This isn’t so much a blog post as it is a long tweet. None of this is legal advice.

It occurred to me recently that I’ve had the same thought pop into my head probably half a dozen times in the last two weeks. That thought is this:

Crypto has perhaps half a billion wallets, but I would struggle to say it has more than 50 million users.

By this, I mean that while I know plenty of people at this point – crypto and normie alike – who hold cryptocurrency, it is exceedingly unlikely that we should find an excuse to transact with each other with it. To start, it is not often that friends exchange cash with one another. If we do, for example if we buy something for someone else, there are applications like Venmo, CashApp, or Zelle which we can use to send each other money. I am a pretty diehard crypto person and even I struggle to accept or spend crypto. Most of my clients still pay in fiat.

I then had a related thought.

The reason crypto has half a billion wallets but not half a billion users is because existing applications are, by and large, purely transactional.

If I have a Wells Fargo account I don’t have a relationship with other Wells Fargo users; I have a relationship with Wells Fargo, as do they. Wells Fargo does not connect us, it services us. We need to connect in another way. Some apps, like a Venmo, have a somewhat social component to it. These apps are not, for most people, woven into the fabric of everyday life. One exception to this is WeChat, which is likely an anomaly due to the surveillance and censorship function it performs at the behest of the Chinese communist state.

PayPal didn’t make the Internet blow up. MySpace, and later Facebook and Twitter, did. The essential function of social is to provide people the means to communicate with other people on their own terms largely free from censorship, as the consumer Internet largely was prior to GamerGate in 2015. The absence of this kind of platform-agnostic facility in a crypto-native format, which also allows people to trade transactional information (bids, offers, complex transactions, wallet addresses) in tandem with a social network function is glaring.

So why isn’t Coinbase going to be the center of the crypto-internet? Well, because

Purely transactional systems do not solve the identity problem which needs to be solved in order for most of the world to trust cryptocurrency systems with their communications or be incentivized to use them for anything other than speculation.

Centralized transactional systems will never be able to fulfill the full promise of decentralized cryptosystems. Centralized social network systems are necessary to fully exploit decentralized cryptosystems.

To understand this point you first need to understand what “decentralization” actually means.

Many projects claim to be “decentralized.” By reference to practically any definition, most of them aren’t. I concede that the term “decentralization” does not have a concrete definition in the industry. What I mean by this is that virtually any project has some degree of central control. This does not stop virtually all projects with some components which are “decentralized” claiming the title for themselves, rightly or wrongly.

I have a thought exercise called the “Nuclear Bomb Test” (or the “Space Marmot Test”) which I use to assess whether a cryptocurrency system is decentralized. The results of the test dictate where I should start the analysis in determining whether a given cryptocurrency system is vulnerable to regulatory attack. It goes a little something like this: suppose that the Marmot Star Empire’s battle fleet parks itself in high Earth orbit and, Star Trek IV-style, decides to wipe out the human species so that they can steal all our vegetables.

The marmots, in their infinite wisdom, identify you, the founder, and your startup as the linchpin of humanity’s planetary defenses. Never mind what your startup actually does. All you need to know is that you are the Space Marmots’ target.

The crafty little marmots wait until you are in the room where your company’s servers are and launch a surprise attack with a 1-megaton (marmoton?) nuclear weapon, utterly and permanently annihilating you, your servers, your entire dev team, and everything to do with your business.

If the result of this attack from marmots from outer space is that your system ceases to work, then your system is not decentralized, or at least important parts of it are not decentralized. If your system continues to work, then it is decentralized, and is so in such a way that is likely to be highly resistant to regulatory attack if you launch it Satoshi-style and then disappear.

There are of course qualifications to this, for example, if you layer on lots of governance functionality and you hold large quantities of tokens, etc. Remember, though, you got vaporized by the Marmot Star Empire. The system has to do 100% of the work 100% of the time without a steersman to pass the Nuclear Bomb Test/Space Marmot Test. (Cognizant that, if we change our assumptions / environmental variables enough, even a system like Bitcoin will break. Assume arguendo for the hypothetical system we’re talking about here that the Internet is functioning as it normally does and that system adequately incentivizes transaction validators.)

While a system that is nuclear-survivable will be decentralized, because it is decentralized, it can be difficult to find. Decentralized systems, to be widely used, need to be discovered and their users need to be easy to find (if they want to be found).

Discovery of content is easy with a centralized service. Upload your contacts, type in information in this search bar. However, when you’re running a FinTech app, centralization usually also implies a requirement for licensure. But what if we could separate the concerns, where the component which would be regulated if centralized remains decentralized, and we centralize only the component which is unregulated if centralized?

This is where the social networking comes in. In the United States, financial services are highly regulated. Social networks, on the other hand, are virtually unregulated.

If Alice wants to send Dogecoin to Bob, there are two ways she can do so. The first would be to log in to Coinbase, have Bob log in to Coinbase, swap QR codes and complete the transaction on Coinbase’s ledger. Coinbase is undertaking a regulated activity, chiefly, money transmission. As such it needs a money transmission license.

The second way to do so would be for Alice and Bob to trade that information peer to peer, e.g. via e-mail, text message, or noncustodial wallet applications. E-mail is not regulated. Nor is Twitter, nor SMS, nor Facebook. If I write to my friend Henry via Gmail to agree to a Dogecoin transaction, Gmail does not itself become money transmitter.

Another example: I’m allowed to lend my friend $20 without being licensed as a lending platform. I’m allowed to negotiate that deal over Gmail without Gmail becoming a lending platform. If I do it with Zopa, however, Zopa is a centralized intermediary and their movement of bits is different from Gmail’s in that Zopa’s movement of bits requires a license. Cryptocurrency makes Zopa unnecessary. A social network which tracks a DeFi loan I’ve made to my friend entirely off-platform but does not actually arrange the loan or custody the funds – Yelp for crypto lending – should not require a license, either.

What is missing from crypto is the way to allow noncustodial peer to peer information exchange plus identity attestation to occur at scale. The difference between a Wells Fargo and a Facebook is the social network and the implied level of trust that happens from communicating – and eventually, transacting – within that network. I have never used Wells Fargo to talk to my friend Henry, for example. I talk to him using Facebook all the time. I know that Henry’s Facebook account is run by Henry because he and I have communicated on it for years, and I can see the message history. There’s a level of trust there that doesn’t really require a digital signature, although a digital signature always helps.

If we want crypto to be mass market, truly mass market, trying to weave it into my relationship with Wells isn’t the way to go. Trying to weave it into my friendship with Henry, is.

It should be possible to layer cryptocurrency signals and messaging on top of a social app so that users of a social app can reach out to onchain applications, verify their credentials via the social network, and settle the transactions off of the social network.

Social applications, being largely unregulated, are likely the vehicles through which cryptocurrency mass adoption will take place.

Put differently: a solid social network with a high degree of awareness of P2P protocols, and awareness of how its users interact with P2P protocols, but which does not actually facilitate transactions on those protocols, is likely the way that DeFi applications can expand the most rapidly and be adopted by the most people in the shortest amount of time with a minimum of regulation.

In the United States, the relationship between the government and social applications is governed principally by the First Amendment, 47 U.S.C. § 230, and IP law. The upshot of 1A plus Section 230 is that users can say largely whatever they want and the platforms will not be treated as the publishers or speakers of their users’ speech, subject to certain statutory limitations where social platforms have an affirmative obligation to remove unlawful or infringing content.

Peer to peer transactions which are private and not operated as a commercial enterprise, similarly, do not attract much regulatory attention if they are regulated at all. (Usual “your mileage may vary” caveat, particularly with reference to conduct amounting to the operation of an unlicensed money services business). Online social platforms are well placed to act as a central hub for identity which can then be spread out among various peer to peer applications.

In this way we could achieve all of the functionality of DeFi without the weaknesses of DeFi, i.e. the centralized user interfaces or the governance tokens which need to be sold in order to fund those interfaces. There is nothing regulated, as far as I can tell, about providing an information exchange with no functional transactional machinery (although the SEC takes a somewhat different view – see its consultation over proposed changes to Exchange Act Rule 3b-16).

Social has been tried in crypto before. So far it has failed. I think the reason why, so far, is that crypto-social has been “social incentivized by tokens” rather than “social which empowers crypto users to communicate about tokens.” People have been trying to monetize the transactions when they should be trying to monetize the traffic.

The traffic is more lucrative.

The social component is unlikely to be a Bitclout-style system and is unlikely to live on-chain. It is highly likely to provide ample tooling for users to confirm public key addresses for individual transactions, verify that other keys belong to other users, and be aware of onchain information between its users without facilitating onchain transactions.

The first wave of crypto-social services are likely to be centralized to a significant degree, although decentralized solutions are being worked on in various places. These solutions will take crypto off of institutional balance sheets and investment accounts and into web applications where they will be woven into the fabric of our lives.

This wave of crypto adoption will utterly dwarf all prior waves.


Here is a picture of a marmot, licensed under the Pixabay license.

Craig Wright’s Pyrrhic victory proves that English libel law needs to be reformed, right now

Craig Wright, an Australian, claims to be Satoshi Nakamoto. Much of the world disagrees with this view.

Peter McCormack, Englishman, cryptotwitter and podcast rockstar, disagreed with it too, and, back in 2019, he said so in fairly coarse terms on Twitter. Wright sued Peter for defamation, in England.

By now, most of Bitcoinland has learned that Craig Wright prevailed in his lawsuit against Peter. Craig won £1 – that’s not one million pounds, or one thousand pounds, just plain old one pound, not enough to buy a bottle of soda in central London – in damages:

At issue in the case were Peter’s statements from Twitter in 2019 which said, in relevant part:

“Let’s go to court and prove once and for all that he is a liar and a fraud. Craig Wright is not Satoshi [Nakamoto.]

I can’t explain how much I want this to go to court. Craig Wright will lose as we have a mountain of evidence that he is a fraud and is not Satoshi.

Unfortunately, Peter (not being a lawyer) got the test wrong. We now know Craig Wright didn’t lose the case; he won. So the question turns to how, and why? Does this mean that Mr. Justice Chamberlain and the High Court of England and Wales have stamped their imprimatur on Wright’s claim to have created Bitcoin?

Wright boosters like Calvin Ayre immediately pounced on the ruling, saying that it vindicated Wright’s claim to be Bitcoin’s pseudonymous creator:

And in a press release from Wright’s lawyers, the man himself is quoted as having said:

“As anticipated, bit by bit the independent courts across various jurisdictions, including those with juries with the benefit of an examination of all the evidence, are concluding I am who I have admitted I am, since I was outed as Satoshi by media in 2015. However too little regard is paid to the impact my Aspergers has in my communications. I intend to appeal the adverse findings of the judgment in which my evidence was clearly misunderstood.

Or this, which claims that Peter’s statements about Wright are only defamatory if Wright is, in fact, Satoshi Nakamoto:

This is incorrect. The High Court did not in fact conclude that Wright was Satoshi Nakamoto. It concluded that Peter said nasty things about Wright and that those things were seriously injurious to Wright’s reputation, nothing more.

In England, a false statement of fact which injures the reputation of another which causes serious harm to that person’s reputation, is defamatory. 

It is a defense to a defamation claim to show that the alleged defamatory statement is substantially true. The issue with raising the defense of truth is that it is what we in the legal profession refer to as an affirmative defense. It must be raised and proved by the defendant, rather than the plaintiff. 

Peter McCormack said that he didn’t raise this defense because of the expense involved. Whilst I don’t represent Peter and don’t have a view as to what his counsel thinks, I should imagine that the problem he faced in raising the defense is that Wright didn’t need to prove that he was Satoshi Nakamoto in this litigation, and he didn’t try – all he needed to do was allege that McCormack made defamatory statements which were seriously injurious to his reputation.

To wholly evade liability here Peter, on the other hand, was tasked with proving the unprovable, proving a negative for which there is no physical or electronic evidence, which would have required huge amounts of disclosure and investigation costing millions of dollars against a claimant whose regard for the truth was called into question by the Court in the very judgment finding in Wright’s favor. Mr. Justice Chamberlain accused Wright of providing “deliberately false evidence” to attempt to win this case – see judgment at paragraph 149 – and under those circumstances one has to question the value of engaging in protracted evidentiary disclosure (for you Americans: “discovery”).

This hearkens back to the case of Kleiman v Wright in Florida in which Judge Bruce Reinhart of the Southern District opined, in a 2019 motion to compel:

To this day, Dr. Wright has not complied with the Court’s orders compelling discovery on May 14 and June 14. Rather, as described above, the evidence establishes that he has engaged in a willful and bad faith pattern of obstructive behavior, including submitting incomplete or deceptive pleadings, filing a false declaration, knowingly producing a fraudulent trust document, and giving perjurious testimony at the evidentiary hearing. Dr. Wright’s conduct has prevented Plaintiffs from obtaining evidence that the Court found relevant to Plaintiffs’ claim that Dr. Wright and David Kleiman formed a partnership to develop Bitcoin technology and to mine bitcoin.

Whilst this is not the sort of thing one can enter into evidence in an unrelated trial, it’s something Peter’s lawyers will doubtless have been aware of and attempted to plan around, given the budget available to them.

Disclosure in England and Wales is not like in America – it relies on all parties putting all of their cards on the table, including evidence which helps and harms their cases. If Wright were not in fact Satoshi Nakamoto, as is believed by many and presumably at one point was the theory of Peter’s case, and in discovery Wright failed to disclose this fact or to disclose convincing and irrefutable evidence to the contrary, e.g. a transaction signed with Satoshi’s private key, Peter could have spent mountains of cash trying to dispute every ounce of disclosure as irrelevant or deceptive. Or, he could try to resolve the case more quickly and efficiently.

This is the reason, I think, that Peter didn’t try to raise truth as a defense and instead tried to knock out an essential limb of the test for defamation, arguing that Wright’s reputation was not seriously harmed. Given the evidentiary issues the Mr. Justice Chamberlain alluded to in his ruling I can see why Peter’s counsel might have wanted, as a strategic consideration, to stanch the bleeding and resolve the case on a question which could be assessed more objectively, rather than embarking on continued evidentiary discovery.

If the £1 damages award is anything to go by, this strategy succeeded.

If the fact that a man accused of being a fraud can allegedly give false evidence in a related defamation case, fail to disprove his accuser’s essential claim and still win that lawsuit sounds insane to you, particularly as an American, it is – but it’s actually pretty consistent with how English law on speech protects those with political power and money, a hangover from hundreds of years’ worth of English law which has imposed liability for statements of facts which are certainly damaging to feelings and reputation, and oftentimes were also true.

Historically those rules include the crime of seditious libel – essentially “diet treason” for speech which damaged the Crown which attracted a lighter sentence than death – and the misdemeanor and tort of scandalum magnatum, whence modern English defamation law originates, a fake news tort concerning the spreading of false rumors about great men of the Realm.

True statements of fact can also be penalized today under a number of criminal statutes in England, including but not limited to numerous types of banned rhetoric under e.g. the Terrorism Acts, Section 1 of the Malicious Communications Act, Section 127 of the Communications Act 2003, and Section 5 of the Public Order Act.

Now, as throughout history, English law is stacked in favor of the state and public figures with power or money, and not in favor of their impertinent critics. England doesn’t have a lot of respect for freedom of speech, and it never has.

America, of course, has considerably greater protections for speech. Prior to the founding of the United States, the crime of seditious libel was nullified by a New York jury which found that statements defaming the Crown would attract no sanction provided that the statements were true in the famous trial of John Peter Zenger. The Founders later enacted the First Amendment to the U.S. Constitution – that’s the one about freedom of speech for any jurisprudential philistines out there – to forever abolish seditious libel and scandalum magnatum in the United States.

The law of defamation has charted a similar course, starting with the burden of proof in defamation cases. In the U.S., to succeed in an action for defamation, a plaintiff must prove that the statement was false, and where a public figure such as Wright is concerned, must also that the statement was recklessly or intentionally false, a standard known as “actual malice.” Put another way, Wright would have needed to prove he was Satoshi and that McCormack should have known he was Satoshi before winning even a penny of damages. Given that Wright’s claim to be Satoshi is, for the time being, factually unproven, the case he put forward against Peter would not have succeeded in American courts.

The English requirement, being the exact opposite – for the defendant to prove that the defamatory statement was true – presents considerable difficulty when faced with a plaintiff claiming to be an anonymous, possibly already dead, man with excellent opsec. If Wright is not Satoshi, the only person who can prove him wrong, under circumstances where Wright is not required to prove himself right, is either unwilling or unable to speak for him or herself. Given the structure of English defamation law this places Wright at a major tactical advantage in English courts. For this reason, it is my belief that Wright is suing English people in English courts not because that is where justice is best served, but because it is the only place he can win.

The judgment in Wright v. McCormack shows that you can claim to be an anonymous, possibly dead man, offer no proof, and still win an English defamation case against someone who claims you aren’t that anonymous man, if your budget is large enough.

Proving one is Satoshi Nakamoto – or at least proving one has access to his keys, which raises significantly the probability that one is the man himself – isn’t hard. As has been discussed extensively in the court of public opinion, there are myriad ways for Wright to do this. Only a trivial effort is required to, say, move a single sat worth of Satoshi’s coins. This is not a heavy lift, seeing as people move billions and billions of dollars of bitcoins every single day. So far Wright has been unwilling or unable to use any of the proposed cryptographically verifiable methods. Instead he has spent millions of pounds to win just £1 and stands accused by a second judge of conduct amounting to perjury. In the eyes of the public he seeks to convince, this result is unlikely to do his credibility any favors.

England has long been known for the practice of so-called “libel tourism” where well-heeled litigants from abroad use lax English standards to do an end-run around free speech protections in other places.

The High Court is limited by the law. In this instance, the law compelled the judge to reach the conclusion that Wright had been defamed because the truth of Wright’s claim was more or less presumed by the law the court was forced to apply. The fact that Wright’s very thin gruel – proof of harm but no proof of Satoshi – can still prevail, in this day and age, in an English court tells me that law reform in England, to bring the country in line with the rest of the civilized world, is long overdue.

The judgment in Wright v. McCormack is a profoundly unjust result. There is only one body, Parliament, capable of fixing it. It should do so immediately.

How to Build Decentralized Twitter

Elon Musk’s (apparently successful) bid to acquire Twitter has resurrected longstanding discussions in the cryptoverse regarding, at least to date, a largely theoretical product category: “decentralized social media.”

Just as Bitcoin is censorship-resistant money, the theory goes, so too can we use Bitcoin-like infrastructure to run censorship-resistant social media applications! Technically, a proof of concept at least is certainly possible. I should know; back in 2014, Casey Kuhlman, Tyler Jackson and I proposed a DAO called “Eris” that was basically a distributed version of Reddit that could run on a blockchain back-end (Ethereum POC 3, to be precise).

We built this in May of 2014 – 8 years ago. Notice the “my DAO” button in the upper right hand corner? At the time people thought we were completely insane.

Whilst that prototype went nowhere as this all happened in 2014, a time when the market couldn’t tell the difference between a smart contract and a pop tart and “DAO” was mainly something discussed among adherents of Confucianism, today a number of new entrants are having a crack at this same problem. Given my longevity in the Bitcoin/Blockchain arena I confess it is tempting to slap together a pitch deck and raise $20 million pre-seed pre-product to build the damn thing, given how much venture money is currently sloshing around. Fortunately for everyone, after my last startup I swore an oath to never attempt to develop or sell software again, so I will remain in my law office where I belong.

Designing a prototype, as we did, is admittedly a lot easier than designing something people actually want to use. Even on easier “web 2” tech, there are thousands of social media apps, yet only a handful are consequential. Creating a social media app is trivially easy, but running a successful social media business is extraordinarily hard.

Prior attempts at “decentralization” have fared poorly. The most successful attempt so far, Mastodon, is a federated service, albeit an imperfect one where individual instances do not scale well (as Donald Trump’s company, Truth Social, discovered when they forked Mastodon to try to shortcut their way to social media stardom, only to find Mastodon’s back-end couldn’t handle their traffic).

By the same token (pun intended), dumping every communication onto a blockchain and storing everything in the clear, as Bitclout does, is easy, but completely non-scalable. Facebook does not require agreement on global state and allows people to delete their data; furthermore, Facebook generates over 4 petabytes of data per day. Any system that tried to ape Bitcoin (like Bitclout) would quickly be relegated to a handful of nodes running in data centers, like Ethereum is.

There are legal problems as well. Social media companies, as it turns out, are subject to a bevy of regulations. With the exception of data privacy, these regulations are generally uniform across the United States and otherwise vary country-by-country. The rules govern the destruction and reporting of illegal content, copyright issues, data protection, and mandatory disclosure of subscriber records, among other things, in the United States. All these factors need to be accounted for in any “decentralized” social media application’s design.

Unlawful content.

The problem of unlawful material has long been identified by lawyers looking at decentralized storage solutions as a major obstacle to adoption of these services.

In the United States and across the world, the most uniformly illegal content in existence is child sexual abuse material, or CSAM, as it is referred to by law enforcement. Despite the fact that the penalties for knowingly hosting this material are extreme, ranging from heavy fines to lengthy terms of imprisonment, the crypto industry’s response to this very longstanding Internet problem has more or less been to completely ignore it.

Web2 applications which host user-generated content, such as Reddit, Twitter or Facebook, take a very proactive approach to this type of illegal material. Federal law requires “providers” – a term which means “an electronic communication service provider,” which likely would be understood by a court to describe both blockchain node operators as well as traditional, centralized service providers – to remove CSAM on discovery, securely preserve it for 90 days pending receipt of legal process, and then securely destroy it. Facebook and others use a wide range of software, including Microsoft’s PhotoDNA, to detect, remove, and report CSAM automatically.

Overseas, where there is no such thing as the First Amendment, even broader categories of “unlawful content” exist. See e.g. the German Netzwerkdurchsetzungsgesetz, or “NetzDG”, which requires operators of social media services to register with the government and, after reaching a certain scale, to abide by takedown requests; the French Law no. 2020-766 against hate-content on the Internet, which imposes fines for failing to remove unlawful content, including “terrorist” content, within one hour of posting; or Section 5 of the Defamation Act 2013 in the United Kingdom, which has a notice-and-takedown procedure for alleged defamation similar to the U.S. DMCA.

Where services like Reddit and Facebook are very responsive to all the above requests and requirements, many blockchain-based services, like StorJ or Sia, to my knowledge, have no such controls (or only very limited controls).** They permit the storage of encrypted data without the creation of a subscriber record or the means for the service provider – in this case, the node operator – being able to ascertain what data is being stored or assess the legality of storing it.

It is probable, and I would suggest even likely, that decentralized data storage services are currently being used to host unlawful content, likely without the knowledge of the node operator hosting it. This level of willful blindness would be a complete non-starter for a “decentralized” social media app, which must be designed in such a way that an otherwise law abiding user can participate in the network while being secure in the knowledge he or she is not violating local law. So far, no blockchain solution with a storage component even attempts to address this issue. It must be addressed in any design that hopes to be successful. Nobody will run a node for a decentralized service if doing so risks imprisonment.

Intellectual property.

Similarly, our intellectual property regime is not well suited to use in decentralized fashion.

Social media node operators – being entities “offering the transmission, routing or providing of connections for digital online communications… of material of the user’s choosing, without modification to the content of the material as sent or received,” are “service providers” for the purposes of the Digital Millennium Copyright Act, publishers within the meaning of the Copyright Act, and therefore will need to consider both (a) defensively, the necessity to register with the Copyright Office to avail themselves of the safe harbor protections of the DMCA and (b) consider their own exposure for hosting material which might give rise to a copyright infringement claim.

At minimum, addressing this issue might require a decentralized implementation of the DMCA’s notice-and-takedown procedure for any third party content hosted on a node (which will involve node operators needing to dox themselves with the Copyright Office if they want to benefit from this protection). Worse, we could see copyright trolls, newly emboldened by the enormous increase in possible unsophisticated defendants, ravaging node operators in repeated bad-faith attempts to extort small dollar settlements. In the alternative, the application could be designed so that users don’t host images or video – being the types of copyrightable subject matter which is most often used by vexatious copyright enforcement law firms – at all.

It is difficult to speculate what kind of infringements and enforcement one might encounter in a communications medium which does not yet exist. Judging from what we see in Web 2, however, the presence of copyright trolls in Web3 is a virtual certainty as soon as it becomes profitable for them to be there.

Data protection and disclosure.

A further issue arises when we consider that a person participating in a decentralized network may, in the course of operating his or her node, acquire large quantities of subscriber data.

Let us suppose, for sake of argument, a decentralized social media system is built where the network will allow a user to download the user profiles and posts of everyone who is two degrees remote from them. So let’s say I follow @A16Z and @marmotrecovery follows me, @A16Z would then be permitted to download and store my information and posts, as well as those of everyone who follows me, including @marmotrecovery. Judging from the sheer number of users @A16Z follows (half a million), it is safe to say that if A16Z ran a node on this hypothetical network it could be a “service provider” under the California Consumer Privacy Act or other local law and likely required to implement a compliance program.

By the same token, node operators may also become “providers of an electronic communication service” for the purposes of the Stored Communications Act (18 U.S.C. § 2701 et seq.) and therefore may be required to hand over records on their computers to the government without the government needing to obtain a warrant first – at least, to the extent that those records pertain to third parties which are within a node operator’s possession and control. Users are unlikely to want to run a network that invites this degree of intrusion into their personal lives. Applications will need to be designed so that they hold as little third-party data as possible on their nodes.

Some rough conclusions on the design of a future decentralized social media network

All of the issues identified above share one factor in common: social media does not require agreement on permanent and immutable global state. To the contrary, social media requires a degree of censorship and deletion. Decentralized tech like Bitcoin is designed in such a way as to render deletion impossible or prohibitively expensive. A decentralized Twitter will not, therefore, look anything like Bitcoin.

The need for content removal and moderation – whether due to criminal liability, civil liability, or simple usability – will be the single most important factor in the design of any decentralized social media system. The irony of the fact that perceived unfairness in content moderation in Web 2.0 is what is  driving calls for decentralized social media for Web3 does not escape me. At minimum, the centrality of content moderation to the social media user experience means that simply dumping everything on the blockchain, as Bitclout does, and then replicating it across every single node of the network, as Sam Bankman-Fried appeared to suggest, with onchain pointers to IPFS for everything else, is simply not going to work.

My hunch is that the first truly successful “decentralized” social media system will not try to be an all-singing all-dancing world computer but rather will have the participants replicate the absolute bare minimum viable information required for the network to function. In my mind, when using a social network, the only opinion I ask the social network to render is whether particular content was published by a particular person. I have no interest in practically any other opinion the social network has about the world. The “blockchain” piece, if any, should be relegated to providing a register of usernames and associated public keys, and very little else.

The first successful decentralized social media service is also likely to limit the kind of data users host to plaintext, for the most part.

First, hosting only text that you and perhaps a select group of followers wrote is a low-liability proposition from the perspective of criminal, copyright, and data protection law. It is also much lighter on bandwidth and will be easier to transmit peer to peer.

Second, video and image hosting, simply due to the sheer quantity of data involved if for no other reason, will likely be outsourced anyway, much as it is now. There are plenty of third party platforms (Bitchute, Cozy, Odysee, Gab TV) which have lax, but not non-existent, content moderation policies for video content. These could address the gap in the market currently served by establishment outfits like YouTube, as well as removing responsibility from node operators to police that content – something which will be especially useful if copyright trolls are to be kept off of users’ backs. All the decentralized system would need to do to serve that content is not block links to those services (link blocking being a practice that both Facebook and Twitter engage in), or allow users to control what content they see by operating their own whitelist/blacklist of third party content providers (libs could block all the right-leaning sites, and the cons could block all of the lib media, for example). The decentralized system would then become just another source of referral traffic to these websites.

I could be wrong, of course. Some wunderkind somewhere could, as we speak, be writing a 6,000-word-long blog post on a “Zk-Dork proof of shark sharding” social media proposal to be built on some all-singing, all-dancing, Ethereum-like Rube Goldberg machine which promises to solve all scaling problems by ConsenSys simply running the entire thing on AWS magic. My hunch, however, is that for this problem, simpler answers are more likely to be the right ones. “Decentralized social media” is likely to be more like RSS than Ethereum.

Whilst this sketch describes an imperfect solution to the censorship debate, an imperfect solution might nonetheless be a sufficient one. Most of the politically motivated “censorship” which occurs on Twitter and Facebook is not of images and videos, but of links to third party websites, the plain-text expression of wrongthink, and of digital identities themselves (see e.g. the unpersoning of Alex Jones).

An effective “decentralized” solution to the social media censorship problem likely needs to ensure only that text, links, and identity are uncensorable – the text and links by being self-hosted, and the identity by being ineradicable. If we frame the problem to address that limited set of issues I think a usable version of decentralized Twitter with a half-decent UX is achievable in the very near future.


* A lawyer friend asks: “Wouldn’t someone who wants something like deTwitter have the design goal of undermining censorship laws by making the network keep running despite the fact that it stores illegal content?”

It depends on what you’re trying to design for. A network that allows all lawful speech will have the exact same design characteristics, in terms of censorship-resistance against third parties, as one which allows all unlawful speech. A user should not be able to shut down any other user.

However, censorship resistance against third parties does not require censorship resistance against yourself. This is where a decentralized social media solution will differ most sharply from systems like Eth and Bitcoin, where censorship-resistance against the world includes censorship-resistance against yourself (you cannot erase your own transactions). Users will need to be more or less absolute dictators over their own hardware and their own speech, consistent with the First Amendment and the legal obligations of anyone who hooks a server up to the public Internet. If a user chooses to host illegal content, law enforcement should be able to take down that user without taking down the network as a whole. This will allow high-value speech constituting protected speech to flourish network-wide by being hosted from places like the United States while allowing, for example, threats of violence and other zero-value speech to be responded to by law enforcement.

While governments can hold people accountable for their speech in such a system, they will not, however, be able to “unperson” someone from it, either through the use of legal process or by applying unofficial pressure on private businesses – the type of pressure, I suspect, which was behind blanket bans of right-wing figures like Alex Jones or Milo Yiannopoulos from practically every mainstream tech offering which, for those of us who remember, were implemented practically internet-wide in the space of 24-48 hours across dozens of firms. This is why the only real ineradicable component of the system will be decentralized identity – as far as I can tell, there is nothing illegal about having a copy of an address book, even if some of the addresses belong to bad actors.

** After publishing this post a reader pointed out that decentralized blockchain service Sia has, in fact, begun introducing such controls, although it appears to be in a limited fashion. The controls do not attempt to tame the entire decentralized protocol but rather split the protocol into two parts – a paid service (SiaPro) and an unregulated, free service (SiaSky) utilizing separate domains, with the paid service playing by the rules and the unregulated service remaining, well, unregulated. See this post from David Vorick on Sia’s approach.