After the STABLE Act, Coin Center’s blockchain node safe harbor is worth revisiting

Yesterday, Congresswoman and “Squad” member Rashida Tlaib sent cryptotwitter into a tizzy with the following proposal:

The bill’s academic/think tank proponents followed up with posts such as this:

There’s a lot to unpack here and a lot of crossed wires, mostly due to (I suspect) the fact that the proponents of the bill are MMT theorists and not engineers. Whilst they may have fairly elaborate theories about what function cryptocurrency serves (and in particular how it has the potential to undermine their macro strategy of money printer go brr) they may have a somewhat looser grip on how cryptocurrency actually works.

1. What the bill does

I preface this essay by saying that stablecoin issuers should be licensed. What sort of licence is anybody’s guess. Currently I should think a money transmitter licence would be the thing but there’s no reason in principle why an issuer shouldn’t go get a bank licence as well. 

The STABLE Act does way more than that, and appears to require any blockchain that runs stablecoin code to be licensed, among other things. For example:

  • The bill outlaws the issuance of a stablecoin otherwise than by “an insured depository instiution that is a member of the Federal Reserve System,” i.e. a bank.
  • The bill bans the issuance of stablecoins, provision of “stablecoin-related” services, or “otherwise engaging in any stablecoin-related commercial activity, including activity involving stablecoins issued by other persons, without obtaining written approval in advance… from the appropriate Federal banking agency.
  • The bill creates a requirement for preapproval, among other things, for “otherwise engaging in any stablecoin-related commercial activity.”

It’s a swing and a miss:

  • First, the largest stablecoins available in the marketplace – which shall remain nameless for the purposes of this blog post – have lists of compliance issues a mile long already. Adding another requirement doesn’t answer the question of how we get non-compliant stablecoins to adhere to the rules that currently exist.
  • Second, one of the stated purposes of this bill is to protect underserved communities from being discriminated against by stablecoin issuers. To this I would reply that any stablecoin issuer worth doing business with will operate in New York State and need to comply with the provisions of the NY Human Rights Law which prohibits discrimination. (For the disabled, I note also that the Second Circuit thinks that under Title III of the ADA there is no requirement for a “public accommodation” to have a physical location, so that aspect of equal access might also be covered by New York-based stablecoin providers.) Additonally, given the regulatory problems with some existing stablecoins and in particular their role as dollar liquidity providers for offshore exchanges with lax KYC that can’t get banking access, it is likely that those who would access stablecoin markets don’t need to be protected from denial of access to stablecoins, but rather they need to be protected from most of the stablecoins they are likely to encounter in the wild.
Gratuitous bitcoin-motherboard clip art. Licensed under the Pixabay licence
  • Third, the plain text of the bill presents the bizarre possibility, one which is apparently intended by the drafters, that node operation on any unlicensed chain which supported any stablecoin would be unlawful and, pursuant to 12 U.S. Code § 1833a, subject to fines of up to $1,000,000. Criminal penalties might also be possible. The rest of this post deals with this point.

2. Introducing the Ethereum Rule of Statutory Construction

Lawyers have these little critters called “canons of statutory construction” we use to interpret laws. For example, in England they have something called “the golden rule,” which basically means that when trying to understand what a law calls for, you give the statute its plain and ordinary meaning unless doing so would render the statute absurd. In the alternative there is an approach called the “purposive approach,” which is generally used to interpret indirectly-effective EU law, where interpretation of the rule is driven by the purpose for which the statute is drafted.

In America, by contrast, you may have heard of “textualism,” “originalism” or the “living Constitution” approach in recent Supreme Court hearings. It’s the same game, choosing which rules we use to understand language.

I propose one for cryptocurrency. I call it the Ethereum Rule, and it holds that “A law is to be given its plain and ordinary meaning unless it would require Ethereum (as it exists in 2020) to do [X] in the manner a corporation would, including but not limiting to applying for a licence, in which case the law is absurd.”

This bill appears to require just that. Although the definition of “stablecoin” in the Act seems to exclude cryptocurrencies like Ethereum, the issue isn’t that the definition is overbroad but that the bill seeks to force anyone engaging with stablecoins to do so under the aegis of the Federal Reserve System. Just read the plain language:

“it shall be unlawful for any person to… otherwise engage in any stablecoin-related commercial activity, including activity involving stablecoins issued by other persons, without obtaining written approval in advance… from the appropriate Federal banking agency”

This doesn’t leave a lot of wiggle room: “any” means “any,” and “any stablecoin-related commercial activity” is a broad brush when we consider that any user of any smart contract blockchain will be verifying stablecoin transactions to some extent.

Lest we think that we’re misreading the proposal, its own proponents publicly agree with this interpretation:

To this I respond with the Ethereum Rule of Statutory Construction. Ethereum has no central owners, forks regularly and is currently regulated as a commodity. If your law requires that kind of a system to get a bank charter, not only will the law fail to effectively control the blockchain, but the regulators tasked with enforcing it will have difficulty finding someone with standing to sign the application.

The STABLE Act says that blockchain users will be permitted to transact, if only they would first achieve the impossible. This is an absurd state of affairs, and a strong indication that, as-written, the STABLE Act would not make good law.

3. Would the STABLE Act actually make running a node illegal?

Of course, there is zero chance that the STABLE Act is going to become law during this Congress. However, coin people – and Ethereum people in particular – have been asking the question: what if it did?

The answer is not straightforward. Peter van Valkenburgh over at Coin Center says that the prohibition on “stablecoin-related commercial activity” hands-down applies to node operators or anyone running the Ethereum client:

The logical consequence of the bill is that if any person is running software that validates Dai or other stablecoin smart contracts they will, themselves, be violating the law unless they are a chartered bank.

Though a reasonable conclusion, and on balance likely the correct one, it is not a forgone one, since the current language of the STABLE Act – being both overbroad and imprecise – leaves plenty of scope to poke holes in it. For example, it is not clear whether operating a node gratis (as many full nodes do) counts as “stablecoin-related commercial activity” if done on a non-commercial basis. Seeing as nodes are not ordinarily compensated it is certainly conceivable that there will be situations where node operation is sub-commercial if not non-commercial. Research would be required to find the answer here.

Additionally, it is not immediately apparent to me that running a full node is “stablecoin-related commercial activity” given that many if not most cryptocurrency transactions don’t have a stablecoin component. The statute’s lack of specificity narrows its application. If it said “any commercial activity related to, or any communication which may facilitate, any stablecoin transaction” that would be one thing. But that’s not what the language says. Properly understood, Ethereum is a rail, and just as we don’t refer to the act of driving a car as being “jogging related” just because cars and joggers use the same roads, we shouldn’t refer to the act of running a node as “stablecoin related” just because stablecoin transactions are broadcast alongside all other transactions via devp2p. Again, more research would be needed to see whether a court would agree with that interpretation.

There is another matter, in that in my view the operator of a cryptocurrency node is capable of being a provider of an interactive computer service under a legislative provision known as Section 230 of the Communications Decency Act (47 U.S. Code 230(c)(1)). This law states in relevant part that providers of interactive computer services, properly “information content providers,” are not treated as the publisher or speaker of, and therefore have no liability for, content which third parties submit to their servers, subject to certain limited exceptions.

Coin Center has called, in the past, for a node operation safe harbor similar to Section 230. Since the blockchain is really little more than a published, cryptographically verifiable feed of transactions that have been authorized by the Bitcoin network (and other blockchains, the same for their corresponding native assets), I tend to think that it’s more likely than not that a blockchain application falls within the confines of Section 230. But I freely admit that whether a node operator qualifies for the exemption is an open question. The law defines an “information content provider” as a “system… provider that provides or enables computer access by multiple users to a computer server.” I’d have to do a little research to see if there are any precedents dealing with the question of what a “server” constitutes for this purpose, but at least at first glance there is an argument to be made that operating a full node on a blockchain, which in its essence is a distributed timestamp server, could qualify, at least insofar as it pertains to third party financial communications that are being relayed by that node.

Section 230, however, only confers immunity from state criminal law and civil actions. It has no effect on federal criminal law, and there are criminal sanctions in the FDI Act (see e.g. 12 U.S. Code § 1818(g)). To figure out whether a full node could be captured within the STABLE Act the first thing to do is read the statute and try to determine whether providing peer to peer network access services counts as “stablecoin-related commercial activity.” If not, then node operation is not captured by the statute and the analysis ends. If so, the next questions would be (a) whether node operators were covered by Section 230(c)(1) and (b) whether the STABLE Act impliedly narrowed or repealed Section 230’s application to node operators insofar as the nodes processed transactions related to stablecoins. After answering those questions the picture would be clearer.

In terms of the current federal picture, we know that providing network access services is not equivalent to money transmission, that FinCEN doesn’t consider node operation to be money transmission, and that for most federal crimes accessory liability requires heightened knowledge and participation of the kind we don’t usually ascribe to node operators. This is perhaps why, to the best of my knowledge, there have been no prosecutions for running a Bitcoin full node to date. 

Nor should there be, now or ever, and if American leadership in the crypto arena is to continue it might be worthwhile, given how wrongheaded the STABLE Act is – not on stablecoin licensure, as I think stablecoins are properly the subject of regulation, but on blockchain node licensure – to revisit Coin Center’s proposal for a blockchain node safe harbor that clearly and unambiguously accords blockchain nodes the status enjoyed by other online publishers.

Section 230’s most learned interpreter, Jeff Kosseff, titled his book on the provision “the twenty-six words that created the Internet.” I note for the record that none of Facebook, Google, Twitter or YouTube were founded in Europe. If America is to lead the decentralized Internet we would do well to look to Section 230 as an example of how to do Internet regulation the right way.

Summon the Libertarians!

In the wake of the Portland rioting and subsequent deployment of federal law enforcement officers in that city to protect federal property and enforce federal law, there has been something of a trend on that dystopian hellscape of a microblogging site – Twitter – where the sort of people who normally oppose libertarianism and/or don’t understand it suddenly had the nerve to criticize libertarians’ bona fides and ask for our help.

Such as this senator from Hawaii:

To which I retorted (in the only acceptable form of retort, a quote-tweet):

This verified reply guy added:

Or see, for example, this “gun violence” activist, who seems to be… calling for gun violence? Very strange.

This response from Rep. Thomas Massie more or less sums up why most libertarians look at something like the situation in Portland and shrug:

Libertarian “ideology”

Libertarian ideology is much-misunderstood by its detractors and, often enough, also misunderstood by those who claim to be its adherents. Unlike, say, Marxism or Critical Theory, libertarian doctrine is not complex; though there are analytical frameworks, there are no overly formal dialectics or theories, there are few leaders, there is no scripture.

There is little officialdom. Which perhaps is to be expected given that libertarianism is a belief system that focuses on individual liberty above all else. It should be accessible to anyone, not just navel-gazing philosophy graduate students. The truth of the theory is not taught, but experienced: each libertarian knows that the improvement of his or her lot is determined not by a faraway ruler or an abstract political party but by concrete actions he or she deliberately takes in their everyday life.

“I am the master of my fate, I am the captain of my soul.” The ideology seeks to maximize individual freedom to allow us the greatest amount of latitude to pursue our individual ends in the limited time we have on Earth.

The closest thing to an agreed upon maxim for modern American libertarianism – the idea I find is most widely held – is something known as the “non-aggression principle” or NAP. Put simply, the NAP states that “initiating aggression is wrong,” or more simply, “aggression is wrong.”

It seeks to understand the world in bilateral terms (Alice and Bob are the only people in existence; Alice points a gun to Bob’s head and orders him to do something in circumstances where Bob has done nothing wrong to Alice – indeed he has no relationship to Alice prior to this moment. Is Alice in the right to do this, if she feels her cause is sufficiently meritorious?) and then scales those analogies up to society at large.

At what point does a coercive action which would be reprehensible and criminal if done by one person to another person become acceptable if it is done by many people to one person? Two to one? Three to one? Fifty to one? A million to one? There is, of course, no answer to this question; libertarians say that this is because the use of coercive force is wrong no matter how many people require its use against how few.

Of course, we have to live in a society and the hypothetical Hobbesian war of all against all is not a reality on the ground (except perhaps in places like the Seattle CHAZ), so the essential task of those of us who call ourselves libertarians is on how to devise a system that maximizes freedom – of speech, to keep and bear arms, from invasion of privacy, etc. – and opportunity while providing the necessary coercive levers, but no more than that, to ensure that personal and property crime do not go unpunished and individuals are free to choose the courses of their own lives.

The “ideal” situation here, too, is unknown; different libertarians will have different opinions about what rules are needed to bring this freedom-maximizing, coercion-minimizing state about. For my part, I generally think that the English common law circa 1777 (the last year before the imposition of the first income tax in the English-speaking world) is a good guidepost, with consequential updates to account for financial regulation and the like; many of my friends give me a hard time for this, arguing that finance should be totally deregulated and remedies for e.g. sketchy initial coin offerings should be private rather than at the direction of enforcement agencies of the state. Antitrust law and enforcement is another common point of contention.

Traditionally libertarian policy positions

With this as our background, we arrive at the current discussion, of camouflaged, militarized federal police conducting arrests for violations of federal law on the streets of Portland.

By @owenbroadcast

Libertarians have been complaining about all of this for years. Libertarians complained when, after 9/11, strip searches were introduced in airports and warrantless wiretaps were conducted on American citizens. Libertarians complained about going to war in Iraq and Afghanistan. Libertarians continue to complain about the militarization of our police. Libertarians complained when the military started bringing home military hardware like MRAPs and Humvees and sold them to our police. Libertarians complained when gun control laws were passed that meant that police could possess M4s and AR-15s and citizens could not. Libertarians complained about drug legalization and mass incarceration. And so on.

And now, to quote a famous internet meme, that the world is on fire and the barbarians are at the gate you have the audacity to come to the libertarians for help?

Libertarians want to be left alone. Trying to draft libertarians into a cause misunderstands the sort of people libertarians are, particularly when the cause in question is on behalf of not peaceful protestors, but rather people who are willing to set federal buildings on fire and assault federal agents when they don’t get their way in federal politics. Libertarians realize that these are the sort of people that the Constitution was designed to contain.

When this weird historical moment passes and sanity is restored, I’m sure many libertarians would be happy to explain to you – those who now seek our input on your pet cause – of the ideology’s extreme discomfort with the fact that the government accounts for greater than 50% of GDP and its views on the imperfect implementation of the First, Second, Fourth, Fifth, Sixth, and Tenth Amendments, among other things. Libertarians will also be happy to explain how they think long term structural change in the United States that will benefit all can come about by leaving Americans alone to make individual choices.

But you weren’t listening to the libertarians before. The libertarians likely suspect you won’t be listening to them later if your “side” wins on November 3rd.

What of the protests, then?

What the “liberty” position on violent riots (where both peaceful protestors and the use of excessive force by police may also each be present) should be

Rioting is bad (and illegal). The use of excessive force or carrying out an unlawful arrest is also bad (and illegal). Peaceful protest is good (and legal). Legitimate use of police power to protect public property from destruction – property belonging to the judiciary, no less – is also good (and legal). Peaceful protestors may have violent elements hidden within their ranks. A line of good cops may have a few who step over the line. Portland is a bad, high tension situation where good people might accidentally or intentionally do bad things and bad people might accidentally or intentionally do bad things, with or without the approval – express or tacit – of other people on their “side.” All of this is capable of being true at the same time.

“If you’re not on the side of the protestors, you adopt the actions of every policeman whether justified or not” is a binary argument – and a false choice – being rolled out with increasing frequency in an election year by people who should know better, such as WaPo journalist and militarized policing writer Radley Balko:

Attorney Hutz to the rescue

The Non-Aggression Principle means you don’t start fights. It also means that you don’t take the same side as people who start fights. If two groups are engaged in a cycle of escalating violence the NAP says it’s OK – even moral – to not get involved.

I think if you ask your “average” libertarian what they think, they’d say that they support free speech, but that “setting buildings on fire and throwing things at people who aren’t throwing things at you is wrong” is something most of us learned when we were four years old. No volume of class-based revolutionary theory changes the analysis. Accordingly, the “average” libertarian is likely to think setting federal courthouses on fire or throwing projectiles at federal workers is also wrong and, quite apart from that, an incredibly stupid thing to do. In any event, the rioters’ conduct is way over the line for constitutionally-protected advocacy of violence set down by Brandenburg v. Ohio, and is indeed so far over that line that anyone engaged in that activity, regardless of motivations, should expect to meet the full force of the law.

As to how those consequences are handed down, the “average” libertarian might say something along the lines of “we hope and expect that due process will be afforded to anyone accused of a crime, that anyone accused will be presumed innocent until proven guilty, and that the U.S. Attorney will conduct its investigation into federal law enforcement activity impartially.”

Beyond that, whilst libertarian pamphlets generally read more like Andy Griffith than Jacques Derrida, and we may be plain-speaking, we aren’t stupid. I suspect that many of the officials and think-tankers presently complaining about the administrative state’s boots-on-the-ground in Portland should be all-too-happy to wield it as political appointees if the Blue Tribe wins the election on November 3rd, much as the Red Tribe wields it now. Indeed, the administrative state about which they presently complain was created on their watch.

All of which is to say, peaceful protest is great, lawbreaking yahoos should be prosecuted, the police should not be militarized, excessive force should not be used, and libertarians who don’t live in Portland – and, indeed, even those who do – didn’t start this fight, don’t have a dog in it, and are 100% justified in sitting this one out.

The best time to discuss police militarization was years ago. The next best time is after the election when libertarian positions won’t be co-opted to support illiberal agendas. Anyone trying to draft the libertarians into taking a partisan position with regard to the Portland protests/riots/whatever isn’t on the libertarians’ side. And the libertarians know it.

You really shouldn’t record Clubhouse calls

Somewhat distressingly, this is the second blog post I’ve written on a legal topic following a call for same from the inimitable Balaji Srinivasan.

It’s not legal advice. See disclaimer.

My last post was on the topic of how to introduce anti-cancellation language into an employment agreement. This blog post will be on the subject of privacy, prompted by this tweet from Balaji:

“The Lives of Others” is a film about an agent of the East German secret police, the Ministerium für Staatsicherheit or the Stasi, which employed hundreds of thousands of East German citizens to spy on their fellow-citizens. As a result, one could never be sure whether one was speaking privately or not.

If you can’t speak privately, you can’t share thoughts.

If you can’t think, you can’t organize.

If you can’t organize, you can’t resist.

If you can’t resist, you’ll remain oppressed.

Per Wikipedia, an unreliable but nonetheless convenient source,

The Stasi had 90,000 full-time employees who were assisted by 170,000 full-time unofficial collaborators (Inoffizielle Mitarbeiter); together these made up 1 in 63 (nearly 2%) of the entire East German population. Together with these, a much larger number of occasional informers brought up the total to 1 per 6.5 persons.

For context, the U.S. FBI – a vast and powerful law enforcement agency with a far larger country, and indeed world, to patrol – has a mere 35,000 employees. That should give you some idea of how insidious and pervasive the East German apparatus was.

In the United States, things are different. Companies like Clubhouse or Facebook not only do not act as data firehoses for the government, they are legally prohibited from doing so.

To understand why nobody should ever record Clubhouse calls, and to contextualize it among a wider internet privacy picture, we first need an electronic privacy crash course.

Our story begins in 1791.

The Constitution: your rights vs the government

The U.S. has among some of the strongest procedural protections for criminal defendants in the entire world. These protections start with the Fourth Amendment to the U.S. Constitution, ratified shortly after the Constitution itself, which guarantees something like a right to privacy. It reads:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

There’s a lot going on here, so let’s break it down.

“The right of the people” is an individual right rather than a collective one.

“…to be secure in their persons, houses, papers and effects” is also specific. The threshold of the home, in particular, is where the Fourth Amendment’s power is at its apex; see e.g. Payton v. New York, 445 U.S. 573 (1980).

Few people know that you don’t actually have a Fourth Amendment right to prevent a police officer from searching the field outside of your house. Nor does the right prevent a search of your boat by the Coast Guard exercising “plenary authority… to stop and board vessels” (although ideally the Coast Guard is expected to show up to save you from the proverbial boating accident, not to search your vessel before you have it). Nor do you have many rights when crossing the border per the border search exception.

“…against unreasonable searches and seizures, shall not be violated” is also interesting language. The fact is that not all searches are unreasonable. The Fourth Amendment’s perimeter extends around anywhere that a “reasonable expectation of privacy” exists, and no further. Katz et seq. This means that while one may have a reasonable expectation of privacy on, say, a phone call in a two-party consent state, or in one’s own home, one does not have a reasonable expectation of privacy in, say, third party records held by your ISP, or in an open channel on a service like Clubhouse (with a notable exception of cell phone location records ever since Carpenter v. United States was decided in 2018).

You also don’t have a reasonable expectation of privacy on the blockchain. As I told Decrypt this morning, you have as reasonable an expectation of privacy regarding information you put on the Bitcoin blockchain as you would with information you spray paint on a wall of a downtown building,

“…and no Warrants shall issue, but upon probable cause, supported by Oath or Affirmation, and particularly describing the place to be searched, and the persons or things to be seized” is what we lawyers know as the warrant requirement. This was created as a response to the (English colonial) practice of issuing what were known as “general warrants” which authorized a sheriff or other Crown officer to basically do whatever the hell they wanted. “Seize that man,” “search that house.” No reason was required.

The Americans weren’t particularly fond of that practice. So in the Constitution we find a requirement that (a) there must be probable cause to issue the warrant and (b) that probable cause must be supported by oath or affirmation. This is why police officers set out statements of facts and swear it to a magistrate before arrest or search warrants are issued. Because back in the day, 300 years ago, this was not a requirement. Furthermore, warrants must describe with particularity “the place to be searched, and the persons or things to be seized.” If the warrant says “search the car,” it’s unreasonable to search the house. If the warrant says “search the house for a sixty-inch television and seize it,” it’s unreasonable to rifle through the sock drawers during the search. Et cetera.

This of course is the briefest summary of the Fourth Amendment. If you would like to learn more, head down to your local law school and enroll in criminal procedure.

Right to privacy on the Interweb

On the Internet you don’t have much if any Fourth Amendment rights because, let’s face it, we’re all doing this on someone else’s computer. The Fourth Amendment protects “persons, houses, papers and effects.” If Alice is the user of a service and Bob is the service operator, Alice’s files on Bob’s computer aren’t Alice’s records. They are Bob’s. Accordingly the Fourth Amendment privilege over those records is Bob’s, not Alice’s, to assert.

Recognizing this, the U.S. Congress actually did something productive and passed the Electronic Communications Privacy Act in 1986. Among the provisions is something known as the Stored Communications Act, 18 U.S. C. § 2701 – 2713.

Again speaking in very general terms, the Stored Communications Act sets out the conditions on which an electronic service provider e.g. Twitter is able to render voluntary disclosure of communications and customer records to third parties, and when it is not.

One of the principal prohibitions is against providing data to law enforcement without a warrant or other legal process. 2702(b)(6)-(7) and 8 set out when communications can be voluntarily disclosed to a law enforcement agency, including where there’s inadvertent discovery of a crime and discovery or existence of an emergency that poses danger of death or serious bodily injury that requires immediate disclosure. (Mind you, it’s possible for a law enforcement officer to say something is an emergency when it isn’t, and not really the place of an information content provider to inquire further with a request for operational information. In my experience U.S. law enforcement doesn’t make emergency requests for trivial matters.) Similar provisions exist for customer records e.g. IP addresses, user account information, login history, whatever.

Under any other circumstance, voluntary provision of this data to law enforcement is not allowed. Law enforcement must obtain a subpoena, 2703(d) order, or search warrant to obtain the relevant records (with subpoenas being limited to customer records only and not the content of communications). This requirement is not created by the Fourth Amendment; it is created by statute, and was created out of recognition that, without it, law enforcement may be able to obtain Americans’ records by applying inappropriate informal pressure on electronic service providers to disclose these third party records over which American citizens had no standing to assert a Fourth Amendment right (as it’s not Alice’s record – it’s Bob’s).

Right to privacy from intrusions by other people

We also have a right to be secure from other people snooping on us. Not in the Constitution, but in statute and common law.

This right includes a range of privacy torts (defamation, intrusion upon seclusion, false light, invasion of privacy).

It also involves federal and state wiretap laws. 18 U.S. C. § 2511 et seq., known as the Wiretap Act, criminalizes a range of eavesdropping behavior including e.g. anyone who “intentionally intercepts, endeavors to intercept,” where “intercept” means “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device,” or “procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication”.

This rule does not, however, apply where “one of the parties to the communication has given prior consent to such interception.” Assuming that Balaji’s Clubhouse hypothetical above involved a registered user of the app conducting the recording, I shouldn’t think there’s a federal issue here (subject to the discussion on how new apps and methods will interact with existing one-party consent rules, provided near the end of the post). There might also be a CFAA issue if the Clubhouse participant was not authorized to log in to the app; so e.g. Balaji and Felicia are talking, Alice logs in to listen, but it is not Alice but in fact Carol using Alice’s login credentials. Whether this is the case will depend on the outcome in Van Buren v. United States, which was argued before SCOTUS in April.

The question then turns to states. Those who would record a conversation need to be very careful when they do so as the question of whether the recording is lawful will depend on where all the participants are standing. State laws vary considerably on whether surreptitious recording of conversations is allowed.

In Connecticut, for example, my home state and the center of the known universe, the rule reads as follows:

(a) No person shall use any instrument, device or equipment to record an oral private telephonic communication unless the use of such instrument, device or equipment (1) is preceded by consent of all parties to the communication and such prior consent either is obtained in writing or is part of, and obtained at the start of, the recording, or (2) is preceded by verbal notification which is recorded at the beginning and is part of the communication by the recording party, or (3) is accompanied by an automatic tone warning device which automatically produces a distinct signal that is repeated at intervals of approximately fifteen seconds during the communication while such instrument, device or equipment is in use.

Conn. Gen. Stat. § 52-570d (2018)

Breaking this down, in contrast to the federal rule, this rule states that if there is an “oral private telephonic communication,” unless

  • prior consent of all parties in writing or obtained at the start of the recording; or
  • it is preceded by a verbal notification (“This call may be monitored and recorded for quality and training purposes.”); or
  • it is accompanied by loud BEEP every fifteen seconds,

recording the conversation is a civil wrong, subject to a long list of specific exceptions. The aggrieved can sue for damages, costs and attorney’s fees.

But there’s more! Since we know

(a) A person is guilty of eavesdropping when he unlawfully engages in wiretapping or mechanical overhearing of a conversation.

(b) Eavesdropping is a class D felony.

C.G.S. § 53a-189 (2018)

…we know there’s a crime involved with eavesdropping, too. To understand how the crime is committed we need some definitions. And two sections above Section 189, we find them. “Wiretap” means

 the intentional overhearing or recording of a telephonic or telegraphic communication or a communication made by cellular radio telephone by a person other than a sender or receiver thereof, without the consent of either the sender or receiver, by means of any instrument, device or equipment.

C.G.S. § 53a-187 (2018)

And also

“Mechanical overhearing of a conversation” means the intentional overhearing or recording of a conversation or discussion, without the consent of at least one party thereto, by a person not present thereat, by means of any instrument, device or equipment

Id.

and

“Unlawfully” means not specifically authorized by law.

Id.

So if we break that apart:

A person who

  • unlawfully (i.e. not specifically authorized by law, in particular by invoking any of the exceptions such as prior written consent etc. under C.G.S. § 52-570d)
  • wiretaps (i.e. overhears OR records communications without the consent of either the sender or the receiver in the conversation)
  • or mechanically overhears (in the case where someone is not a party to the conversation, without the consent of any party)

commits a felony in the State of Connecticut.

Where does this leave us? Well, you are operating in a federal union of 50 states, a federal district and a number of territories, each of which are governed by different rules. Violating the wiretap laws in any of them is a very bad idea. You don’t know where particular Clubhouse participants are and you don’t have a means of procuring their consent (I’m assuming this as I don’t know how the app works… with an invite I could of course be more specific. *doe eyes*).

California law (which presumably would have been applicable to many of the participants on that call) appears to have a requirement that the communications be “confidential” in order to charge for illegal wiretapping, raising the question of whether, when a new invitee to the room wiretaps the communication, absent any agreement with that invitee that the communication should remain confidential, the communication remains confidential (perhaps not, but speak to a California lawyer – which I am not – if you need advice). This may be able to be resolved with a quick update to the service’s terms and conditions.

In Connecticut’s case, whether you’re invited to the room or not is irrelevant for the civil cause of action. All that matters is that you didn’t avail the safe harbors (consent, verbal notification, or loud beeping noise) or have some other lawful excuse. If a Clubhouse user were spied on in Connecticut without their consent they could sue for damages, attorney’s fees and costs. If you don’t know who did it, file a John Doe lawsuit, hit Clubhouse with a third party subpoena, get the dox of everyone in the room and then work your way through them one by one.

As for the crime, it depends on whether someone who is in the Clubhouse room is considered a “receiver” or “party to the conversation.”

When I first wrote this blog post, which took 90 minutes, it didn’t appear to me that a third party was a “receiver,” but now I’m not so sure. Let’s suppose that Balaji and Felicia are talking to each other on a cell phone, and as such are “sender and receiver” in a particular conversation. If someone who is not participating in the conversation records it, does the eavesdropper fall foul of the rule? In the old world, yes, they do; they are not a sender of information or a recipient of information, and the consent of either sender or receiver is required (one-party) to stay on the right side of the law.

But this is not the old world. So we need to ask whether, simply by dint of being on the app, the third party itself becomes a “receiver” or a participant. If indeed it is found that Felicia and Balaji were having a bilateral conversation and the third party eavesdropper is not a “receiver” or “party” we could be looking at felony charges. In the alternative we could see the third party argue that their mere use of the app meant that they were a “receiver,” simply acting within the scope of their permissions within the app, and therefore capable of granting the required consent to recording. The idea of a telephone call which is open for the world to join is a fairly new one. A review of Connecticut case law (which I don’t propose to conduct at this juncture) would likely let us know which position was the more likely one for a court to take.

There’s also the issue of “mechanical overhearing”, which is distinct from wiretapping but also capable of forming the actus reus of the eavesdropping offense. This could be committed, e.g., if Balaji and Felicia are talking, Alice is a party to the conversation, Alice gets up to go make a pot of coffee, and Carol then surreptitiously turns on a tape recorder in the background. Whether Alice is in fact a party by being a passive listener in the app is, once again, a matter for case law that I don’t propose to dig into at this juncture.

We don’t know enough about how the Vice Clubhouse recording was made to really come down concretely on any of these points. What we know for certain is that a surreptitious recorder has 50 states – and their conflicts of law rules – to worry about. Accordingly someone conducting a surreptitious recording, even from a perch in a one-party consent state, runs the risk of falling foul of some other two party consent state’s rules where the conduct is unambiguously banned no matter what technology is involved. See e.g. the law codes applicable to a Clubhouse user physically present in that commonwealth of the barbarian tribes of the far northern wasteland, Massachusetts:

Except as otherwise specifically provided in this section any person who— willfully commits an interception, attempts to commit an interception, or procures any other person to commit an interception or to attempt to commit an interception of any wire or oral communication shall be fined not more than ten thousand dollars, or imprisoned in the state prison for not more than five years, or imprisoned in a jail or house of correction for not more than two and one half years, or both so fined and given one such imprisonment.

The term ”interception” means to secretly hear, secretly record, or aid another to secretly hear or secretly record the contents of any wire or oral communication through the use of any intercepting device by any person other than a person given prior authority by all parties to such communication; provided that it shall not constitute an interception for an investigative or law enforcement officer, as defined in this section, to record or transmit a wire or oral communication if the officer is a party to such communication or has been given prior authorization to record or transmit the communication by such a party and if recorded or transmitted in the course of an investigation of a designated offense as defined herein.

Mass. Gen. Laws ch. 272 § 99

These are all matters I wouldn’t want to have to answer for in front of a judge. Doubly so when we’re talking about a judge in Suffolk County.

These laws exist to promote free thought. They punish those who seek to pry into our most private spaces and turn America into a place like East Germany.

So. Don’t record Clubhouse calls unless you have everyone’s prior consent. Preferably in writing.

Or unless Clubhouse creates a “record” feature which makes it blindingly obvious that a conversation is in fact being recorded. Which if they were smart, they won’t do, because it will be a compliance pain in the ass.

Also if anyone has a spare Clubhouse invite lying around there is a contact form on the front page of my website. Holla.

Another type of wiretap. Image licensed under the Pixabay license.

Anti-Cancellation Clauses: corporate timeouts for the digital age

Right now, a lot of people are getting fired because of Internet mobs.

This is a draft for discussion and is not legal advice. The text below is offered for discussion purposes only. You must speak to a lawyer in your jurisdiction and any other relevant jurisdictions before negotiating any employment agreement of any type. You are on notice of this disclaimer.

From Balaji “consistently several years ahead of everyone else” Srinivasan:

Or this from @stillgray:

So, in the United States employment terms are usually “at-will.” That is to say, anyone can fire anyone else for any reason at any time as long as they’re not discriminating against the person being fired when they do so. A typical employment-at-will clause might look something like this:

Your employment with the Company will be “at-will.” You may terminate your employment with the Company at any time and for any reason or no reason by notifying the Company. Likewise, the Company may terminate your employment at any time, for any reason or no reason, consistent with all applicable state and federal law, and without advance notice.  Your employment at-will status can only be modified in a written agreement signed by you and by an authorized officer of the Company.

– Standard form offer letter on my hard drive

In order for a clause like this to change to become cancellation-proof you’d really need two things to happen. First, you’d need to get a number of large companies to agree to adopt new standard language – or large numbers of workers would need to insist on it, such as workers in unions – in order that this would become an expected term everywhere, so workers had leverage to negotiate it. If Facebook and Google offer a term and Microsoft doesn’t, presented with materially identical offers, an employee might take Facebook and Google’s offering and ding Microsoft’s.

Second, companies would need to get their PR playbooks straight and adopt a pro-worker protection ethos and run a very standard form game to wait for the mobs to wash over them and move on to their next target.

Incentives don’t line up in favor of anti-cancellation clauses. It serves employers’ interests for employment to be at-will. Many employee handbooks have policies that require employees to not embarrass the company with their personal conduct. Seeing how the digital mobs are moving from target to target, though, query for how much longer companies will want this to be the case (who wants to be held hostage by Twitter mobs all the time?)

Any clause that achieves widespread adoption would need to accomplish the following:

  • Employment remains at will
  • Digital mob “Cancellation Event” is strictly defined
  • Cancellation Events always or almost always lead to Cancellation Leave of Absence/Cool-Down Periods before termination, and do not prejudice at-will employment rights of the employer after that period ends.

Here’s a first stab which isn’t legal advice, it’s just food for thought that I bashed out in 40 minutes. If you’re not paying me, I’m not your lawyer. Lawyers, feel free to critique on Twitter, or by e-mailing me at my work address (easily findable on Anderson Kill’s website).

The draft clause:

“(a) Your employment with the Company will be “at-will.” You may terminate your employment with the Company at any time and for any reason or no reason by notifying the Company. Likewise, the Company

i. may terminate your employment at any time, [and] [or];

ii. [save that,] on the occurrence of a Cancellation Event, Company [shall only] [may, in its sole and absolute discretion and in accordance with the provisions of sub-section (b) below, decide to] terminate your employment upon the expiration of any applicable Cool-Down Period,

in each case, for no reason or any reason, consistent with all applicable state and federal law, and without advance notice.  Your employment at-will status can only be modified in a written agreement signed by you and by an authorized officer of the Company.

“(b) Upon the occurrence of a Cancellation Event, [you and the Company agree that, in the Company’s sole and absolute discretion, the Company may require you to take] OR [you and the Company agree that you shall take] a 90-day leave of absence (“Cool-Down Period”) [in lieu of immediate termination,] [, with or without pay,] while the Company conducts an investigation, subject to such conditions and restrictions as the Company may in its sole and absolute discretion require. During such time you agree that you shall comply with any and all of the Company’s reasonable directions to protect the Company’s reputation including but not limited to deactivation of all social media accounts and making no statements about the Cancellation Event or any fact or circumstance arising out of or in relation to the Cancellation Event to any person except to the Company, to medical and mental health personnel, and attorneys, accountants or other professional services providers for the purpose of seeking professional advice.

“(c) “Cancellation Event” means an event where ten or more persons who are not employees, directors, shareholders, suppliers, customers, or other business relations of the Company or of Affiliates of the Company [“Affiliate” to be defined] contact the Company in a seven-day period with disparaging information about you, or call upon the Company to release you from your employment, in each case relating to your or a third party’s personal conduct outside of the scope of your employment which is legal in the United States.”

What the draft clause does:

This is not a pro-employer clause by any stretch of the imagination. Employers aren’t going to like this unless they’re really very anti-digital mob and are willing to put up with the heat of keeping someone controversial on staff for 90 days. A friend has suggested that if the 90 day period were expressed to be mandatory that a substantial severance be available for an employee who were “cancelled” as sometimes employers just need to get someone toxic out the door immediately. I might suggest that if the conduct were that bad there would probably be tangible reasons to effectuate a dismissal under normal circumstances anyway (creating a hostile work environment, etc.)

I freedrafted this but it’s kind of a mishmash of a suspension, a confidentiality agreement and a termination procedure. Key aspects:

  • Relentlessly pro-employee language.
  • Promotes the First Amendment space outside of the office, where it belongs, not inside it, where companies like Google have had to crack down on internal politics. This language encourages people to engage in politics in their free time and not on office time.
  • Strictly defines “Cancellation event.” Ten people. Seven-day period. Not related to the company. Personal conduct.
  • Protects out of office conduct which is outside of the scope of employment only. If you mess around within the scope of your employment you’re not getting cancelled, you’re getting fired.
  • Requires ten or more people who are not involved in the company to contact the company for aforementioned conduct. Employees can complain without triggering a Cancellation Event, so if someone gets wasted and behaves like a jerk at an office party you can move straight to termination with a straight face.
  • Allows third party conduct to trigger a cool-down period (so employees don’t get fired for the conduct of their wives, like the L.A. Galaxy’s Aleksandar Katai).
  • Protects employee conduct which is legal. Does not protect conduct which is illegal.
  • Allows the Company the ability to fire the employee OR go for a Cool-Down Period, relying on reputation risk to keep themselves honest (“this Employer rarely fires before a cool-down is done”). Obviously if the employee is particularly outspoken or represented by a union, he or she could negotiate a mandatory cool-down period in the event of a Cancellation Event. I’d think this would be an excellent clause for unions to insist on in employment contracts.
  • Allows the Company wide discretion to immediately remove the employee from active duty while it conducts an investigation.
  • Allows the company to prevent the employee from making a bad problem worse on social media and putting his or her foot in it with the press.
  • Gives the company air cover to say it is contractually bound to honor the process as it’s a term of employment that the Cancellation Event gives rise to a termination sequence which is contractually binding.
  • Allows people with a legitimate interest in the company’s business, such as employees, directors, shareholders, and suppliers, to complain about employee conduct while not counting towards the “Cancellation Event” ten-count or triggering a “Cancellation Event.”

Questions? Hit me up on Twitter or Gab. Or send a good comment and if I like it I’ll let it through moderation.

Section 230 explained with stick figures

Another day, another terrible take on Section 230 from politicians with law degrees who should know better.

Section 230 of the Communications Decency Act – 47 U.S.C. § 230 – is a law that, arguably, is the reason that the modern Internet exists.

Politicians keep misrepresenting what the statute is for and how it works.

Wrong. Fact: under Section 230 there is no “platform” vs “publisher” distinction. The immunity under Section 230 is granted to users of interactive computer systems and providers of interactive computer services. Those “providers” may be traditional publishers like the New York Times or mainly online republishers like Twitter; the immunity applies equally to both with regard to user-generated content, even though one of these businesses relies more heavily on user-generated content than the other.

Section 230 has two main operative provisions.

The first, Section 230(c)(1), says that providers or users of interactive computer services aren’t liable for what other people say on those services. So, if

  • Alice and Bob use Twitter, and
  • Bob threatens and says nasty and untrue things about Carol on Twitter,
  • and Carol sues Alice, Bob, and Twitter for harassment and defamation, then
  • Carol will prevail against Bob but lose (likely in pretrial motions) against Alice and Twitter.
High tech legal graphics software was used to make this image

The second, Section 230(c)(2), says that if a provider of an interactive computer service moves to block objectionable content in good faith, the provider of that service will not be liable for that good faith content moderation.

So, returning to our example of Alice, Bob, and Carol,

  • Alice and Bob use Twitter, and
  • Bob threatens and says nasty and untrue things about Carol on Twitter, and
  • irrespective of whether Carol sues Bob, Twitter decides Bob is anathema and moderates Bob’s content off the platform or bans him, then
  • Bob cannot sue Twitter for moderating that content. (Properly, he can sue Twitter, but he will lose.)
  • Note that Alice now has a blue check mark and has joined the ranks of the technomenklatura.
Quantum blockchain AI was used to render this image

Josh Hawley’s proposal screws all this up. The proposal says that neither (1) nor (2) shall apply to an online communications platform unless the Federal Trade Commission gives a company a certification that the company does not moderate information in a “manner that is biased against a political party, political candidate, or political viewpoint.” It says this rule will only apply to large companies with more than 30 million U.S. users, more than 300 million international users, or more than $500,000,000 in global annual revenue.

Meaning, if such a company exhibits the slightest bit of bias which draws the ire of the bureaucrats at the FTC, and its immunities are lost, the lawsuit matrix over a “Bob says bad things about Carol” situation turns into this:

Bob & Carol & Ted (Cruz) & Alice
  • Alice and Bob use Twitter, and
  • Bob threatens and says nasty and untrue things about Carol on Twitter,
  • Carol sues Alice, Bob, and Twitter for harassment and defamation;
  • some other Carol nobody has heard of before decides to get in on the fun and sues Bob and Twitter; and
  • Bob sues Twitter and Alice;
  • all because Bob said something about Carol and Twitter moderated the content off of the platform.

Mind you, poor Alice didn’t do anything wrong here. She simply had a blue check mark and enjoyed the privileges that come with it of greater engagement, prestige and invitations to better parties. But being innocent – and having a blue check mark – does not immunize Alice from being on the receiving end of a lawsuit.

The reason I have Alice getting sued is because the bill says “Paragraphs (1) and (2) shall not apply in the case of a covered company which…” and the said “Paragraph 1” (being 230(c)(1)) is an exemption for both “providers and users” of online publishing platforms. Meaning that if this became law as-written a clever lawyer might argue that when a platform loses the immunity, all of its users (retweeters, etc) do, too. Instead of Alice invoking Section 230 immunity as an affirmative defense, telling all comers to get lost and, if required, moving for summary dismissal, now Alice has to try to get the (now, not facially invalid) claims dismissed on the basis not that the claims are legally invalid as they would be if the Section 230 immunity applied, but that Alice is not a necessary or even proper party to the suit. Which involves more legal work, and more expense, for Alice.

The real victims of Section 230 reform proposals – those who stand to lose the most – are American tech companies large and small. Senator Hawley’s bill – which has the support of other conservative senators and, latterly, the Trump Administration – is a stupid piece of legislation. It would wreck the Internet. Maybe the Internet deserves to get wrecked in the age of social media moral panics, and maybe not, but we should be aware that that’s what passing this law will do.

In practice, there are millions of yahoos all over the planet – running states, municipalities, and companies, but also on their own account – who view social media companies as cash-rich targets for litigation. Section 230 doesn’t prevent these people from getting their day in court – if someone says something stupid about you on the Internet and they’re an anonymous troll, go file a John Doe lawsuit and serve a third party subpoena on the Internet company. After a couple of subpoenas you’ll get your guy and then you can ruin him.

The problems with this proposal are legion. Chief among them is that it would create the ultimate heckler’s veto; any company that doesn’t toe the FTC line will have to treat every petty complaint by anyone with an e-mail address with the seriousness of the DMCA notice and takedown procedure (not fun). Helpfully the proposal is presumptively unconstitutional on its face (it requires platforms to get the FTC to sign off that they are politically neutral in order to benefit from a state privilege, a content-based restriction on speech which is presumptively unconstitutional and is unlikely to survive the strict scrutiny review that applies to any infringement of the core the First Amendment right). Put simply, we have a First Amendment right to be biased, the government cannot tell us not to exhibit bias in public, and the government can’t discriminate against us based on those biases.

Speaking of “bias,” there’s also a very good argument to be made that this is a subjective term which renders Hawley’s proposed law unconstitutionally vague; virtually any statement other than reporting of the weather will contain the author’s bias, so it’s likely that categorical content bans in Twitter, Facebook, etc. terms of service on, for example, so-called “hate speech” would likely offend the proposed law, if not intentionally then in effect. Note, however, that Hawley’s proposed rule doesn’t appear to care whether bias is intentional or not – bias in effect, even if accidental, if found by the FTC, would be enough for a tech provider to lose its immunity.

It would be a mistake to enact this bill. It would be a mistake to touch Section 230 at all. It would put the government in control of the Internet, flagrantly violate Americans’ free speech rights and open up tech platforms and users to lawsuits from petty litigants which would have the effect of suppressing freedom of expression even more.

All of which is to say, if conservatives would stop complaining about platforms that clearly hate them and their politics, stop proposing stupid, unconstitutional laws, and start using free-speech-supporting rival platforms like Gab, Minds, Bitchute, or LBRY, none of this would be a problem and no lawmaking would be required, because these sites all respect the First Amendment, are worthy of your business, and are the best hope to supplant Big Tech.

Thank you for your time.