Tag: Crypto

Not Legal Advice, 10/13/19 – Ethereum has a good week; Facebook has a bad week; Bitfinex has a worse week; Telegram has a terrible, horrible, no good, very bad week

prestonbyrne

Welcome back to Not Legal Advice, my weekly crypto and crypto-adjacent technology law newsletter-blog-series-thing! Subscribe via e-mail, WordPress, or RSS at the bottom of my homepage.

This week:

  1. SEC, CFTC and FinCEN remind everyone that money laundering is bad.
  2. Ethereum has a good week.
  3. Facebook has a bad week (Libra on the ropes, with withdrawals by Mastercard, Visa, eBay and Stripe adding to last week’s departure of PayPal).
  4. Bitfinex has a worse week (getting sued for $1.2 Trillion (with a T)).
  5. Telegram has a terrible, horrible, no good, very bad week (gets sued by the SEC in federal court).

1) SEC, CFTC and FinCEN remind everyone that money laundering with cryptocurrency is bad

Read their joint statement here.

I doubt that Jay Clayton, Heath Tarbert and Kenneth Blanco (head honchos of the SEC, CFTC, and FinCEN, respectively) would issue a statement just because they were hanging out drinking beer one afternoon and said, “hey, you know what would be cool? An announcement. That’s nearly as fun as interagency softball.”

What seems more likely is that this statement is framing a narrative that will be relevant for future enforcement. Keep your eyes open for what comes next.

2) Ethereum has a good week

The CFTC’s comments that Ethereum is to be treated as a commodity seemingly confirm that, despite robust securities enforcement by the SEC against Telegram, Eos, Sia, Paragon, and dozens of other projects, Ethereum is getting a free pass.

Read my write up where I argue that if Ethereum were launched today, it would be a security.

3) Facebook has a bad week (Libra on the ropes, with withdrawals by Mastercard, Visa, eBay and Stripe adding to last week’s departure of PayPal)

This was inevitable. As I wrote back when Libra broke cover in July:

If Facebook raised an army, this would be only slightly more hostile to the people of the United States than what is currently proposed. Big Tech doesn’t share American values and doesn’t care about American users. It doesn’t care about the unbanked. It cares about money. It cares about building defensive moats, i.e., monopolies. And Libra – the tech industry monopolization of global finance – is a phenomenal way to get both free money (the token represents, after all, an interest-free loan from Libra’s users) and a very deep, wide moat, not just for Facebook, but also for every other major category leader/tech monopolist on the planet.

After tumultuous Congressional hearings, regulatory pressure from the Europeans, the straw that appears to have broken the camel’s back was a letter from two U.S. Senators, Sherrod Brown (D-OH) and Brian Schatz (D-HI), to a number of payments infrastructure companies advising them that teaming up with Facebook would not be in their interests.

Sen. Brown of course has been a vocal opponent of Facebook’s forays into crypto from the start:

Here’s an excerpt from the 1.25-page letter the two senators sent to the CEOs of Mastercard, Visa, and Stripe. Salient passages include:

Facebook is currently struggling to tackle massive issues, such as privacy violations, disinformation, election interference, discrimination and fraud, and it has not demonstrated an ability to bring those failures under control. You should be concerned that any weaknesses in Facebook’s risk management systems will become weaknesses in your systems…

Your companies should be extremely cautious about moving ahead with a project that will foreseeably fuel the growth in global criminal activity.

Yikes. In other words, “Facebook is sailing into some rough seas. You sure you want to get into bed with that?”

The letter then concluded:

Facebook appears to want the benefits of engaging in financial activities without the responsibility of being regulated as a financial services company. Facebook is attempting to accomplish that objective by shifting the risks and the need to design new compliance regimes on to regulated members of the Libra Association like your companies. If you take this on, you can expect a high level of scrutiny from regulators not only on Libra-related payment activities, but on all payment activities.

This is government-ese for “check yourself before you wreck yourself.”

Visa, Mastercard, and Stripe promptly withdrew from the consortium on the 10th of October, as did eBay, joining PayPal, which withdrew the previous week.

Although as your correspondent put it on October 4th:

4) Bitfinex has a worse week (gets sued for more than $1 Trillion).

Bitfinex has been sued for $1.2 trillion (that’s “trillion” with a T) dollars in a lawsuit that alleges the company engineered the multibillion dollar 2017-18 cryptocurrency bubble and crash by printing fake Tether dollars. Read my write up.

5) Telegram has a terrible, horrible, no good, very bad week (gets sued by the SEC in federal court).

(With apologies to Judith Viorst.)

Telegram is a popular encrypted messaging app, not just among crypto-nerds, but among people everywhere. It is used by well north of 300 million DAUs (daily active users) who

  • are looking to encrypt their communications and think they’re too cool for WhatsApp, but
  • don’t know that they should be using Signal or Keybase.

In late 2017/early 2018, as Telegram blew past the 200 million DAU mark, the company decided to raise money in an ICO, or initial coin offering. The offering raised an astounding $1.7 billion (with a B) for a pre-product, pre-revenue blockchain system known as the “Telegram Open Network,” to have the ticker symbol “TON,” with tokens known as “Grams.”

Silicon Valley’s most storied investment firms practically fell over themselves to participate.

lol.png
LOL, rekt. From the Financial Times

The hiccup: in the TON investment documents, Telegram promised to launch the network by 31 October 2019 or, failing which, Telegram investors would have the option to recoup their investment, less expenses.

Telegram was, understandably, in a hurry to get the network live and the tokens issued before the end of this month (as it is, as of this writing, the 12th of October). Unfortunately for Telegram, on October 11th, the Securities and Exchange Commission filed an emergency action and obtained a temporary restraining order against Telegram preventing them from doing so, all but assuring that the company will fail to meet the deadline – and ensuring protracted litigation will interfere with the launch of the network for some time to come.

The structure of the offering was that (a) Telegram would pre-sell $1.7 billion of Grams to investors under Regulation D and S exemptions to registration (b) Telegram would retain $billions of dollars worth of Grams for itself and (c) after launching the network, those investors and Telegram itself would flood the U.S. markets with tokens.

The issue with this is that (a) apparently Telegram didn’t adhere to the strict requirements of Regulation D during the sale, (b) the SEC considered that not only the investment agreements to purchase Grams but also the Gram tokens themselves would constitute investment contracts, and (c) that Telegram was making efforts to sell, and planned to sell, these tokens direct into the U.S. markets through U.S. platforms e.g. Coinbase Pro et al.

And apparently Telegram then refused to accept service of a subpoena the SEC served on it overseas.

So the SEC sued Telegram and slapped it with a temporary restraining order ordering Telegram to appear in the New York federal district court on October 24th to explain itself.

Points to note? Despite what the SEC paints as a pretty open-and-shut case, Telegram’s counsel is Skadden, Arps, which is a little strange seeing as – to the extent Skadden advised on the original deal, as reported in the New York Times – one would think a firm as expensive as Skadden might have seen this coming or, at the very least, wouldn’t have advised Telegram to evade service of a subpoena. It’s of course impossible to know what was said behind closed doors, but now that I and others are starting to look at the Telegram sale more closely that’s one of the first questions that crossed my mind.

Equally, Skadden may be expected to mount a robust defense now that its client has been sued.

Furthermore, this paints the US as a thoroughly hostile environment for ICOs, despite the SEC’s repeated insistence on not enforcing against Ethereum in the past or the recent 60 basis point slap on the wrist given to the $4 billion Eos ICO. The overwhelming theme of the recent SEC enforcement, including Telegram, means that the best move for an ICO issuer not using the Regulation A+ issuance pathway trailblazed by Blockstack may be to avoid the United States entirely.

Obviously your mileage may vary and this column is called Not Legal Advice for a reason, but if there’s a takeaway point from this it’s to expect ICO activity in the U.S. to diminish going forward rather than increase.

This also calls into question the exchanges’ listing decisions to date, noting that the so-called Crypto Ratings Council classified both Eos and Grams as not being securities. Meaning that their ratings of anything that isn’t Bitcoin or Ethereum are, so far, 0-2.

And expect more enforcement.

And with that out of the way, time for your weekly Moment of Marmot:

groundhog-4289456_1280.jpg
Land shark

Will the UK-US data sharing agreement *really* not result in forced decryption of American communications?

prestonbyrne

Adapted from this tweet thread.

I will start this blog post by stating that, to be perfectly clear, there is nothing in the CLOUD Act that mandates forced decryption or could be construed to allow it. 

However, people who say that forced decryption of U.S. communications disclosed under the Cloud Act is impossible may be wrong. If you bear with me, I’ll explain why. 

Tim Cushing, writing for the inimitable online paper of record Techdirt, reports in this article, titled “No, The New Agreement To Share Data Between US And UK Law Enforcement Does Not Require Encryption Backdoors,” that

The reporting here is borderline atrocious. The article insinuates that this agreement will force Facebook and WhatsApp to turn over decrypted communications or install a backdoor. It won’t. The platforms may be compelled to turn over encrypted messages but all UK law enforcement will get is encrypted messages. The reporting here makes it appear as though social media platforms are being compelled to provide plaintext. They aren’t.

Correct. Not in the CLOUD Act, they’re not. TechDirt concludes:

What the UK government has in the works now won’t mandate backdoors, but it appears to be a way to get its foot in the (back)door with the assistance of the US government.

If we’re only looking at the CLOUD Act and any data sharing agreement entered into pursuant to the CLOUD Act, this view is absolutely, 100% correct. The CLOUD Act indeed prohibits the inclusion of provisions regarding forced decryption in any data sharing agreement. 

The issue is that America is not the only country in the world, the CLOUD Act is not the only law in the world and any US-UK data sharing agreement entered into pursuant to the CLOUD Act, currently in draft, will not be the only law in that applies to data disclosures in the UK. 

The UK already has plenty of its own laws – passed in 2000, 2016, and 2018 – that will fall outside of the four corners of any data sharing agreement and which currently allow the UK to either secretly force companies to backdoor their encryption, or force individuals or companies to disclose their private keys (so-called rubber-hose cryptanalysis).

These laws are, primarily, the Regulation of Investigatory Powers Act 2000, Section 49; the Investigatory Powers Act 2016, Section 253; and Schedule 1 to the Investigatory Powers (Technical Capability) Regulations 2018.

This pre-existing legislation  plus the CLOUD Act, working in tandem, could result in the US companies being compelled to provide US-based data in readable form to the UK without the UK obtaining a US warrant, even if the CLOUD Act itself is silent on decryption.

Allow me to explain.

If the US-UK data sharing agreement becomes law, UK police can ask US firms to provide the content of communications data and the US firms will be able to provide it without worrying that they’re violating 18 U.S.C 2702(a)(1).

The consequence of this will be twofold. If the current reporting is wrong (as I suspect), US companies with no UK presence will be able to more or less tell the UK to pound sand when the UK asks for the content of communications on their servers, as I expand on in considerable detail here.

US companies with a UK nexus, however (practically all major web companies and SaaS providers) will have a choice: either leave the UK or obey the UK court orders they will get served with under the CLOUD Act data agreement.

Again, these are disclosure rather than forced decryption orders.

A problem arises, however, when we consider how the CLOUD Act disclosure rules might interact with pre-existing forced decryption laws in the United Kingdom.  Namely, once your telecommunications service is under the UK’s jurisdiction, the UK government has a domestic power under Section 253 of the Investigatory Powers Act 2016 to promulgate regulations that would allow the UK government to, among other things, order firms to remove “electronic protection” from communications and maintain the ability to do so.

Screen Shot 2019-10-01 at 12.06.52 PM.png

Oh, and once they serve a company with one of these notices, the company is subject to a nondisclosure obligation, so nobody will know the notice has been given. See Section 255(8) of the Investigatory Powers Act.

Screen Shot 2019-10-01 at 1.03.30 PM.png

And sure enough, in 2018, the UK eventually adopted a statutory instrument that gave the UK government the power to impose these conditions on telecommunications providers operating or controlling all or part of their operations from within the United Kingdom:

Screen Shot 2019-10-01 at 12.11.13 PM.png

Conclusions

In all probability, what the CLOUD Act data sharing agreement will do is make it nearly impossible for global tech firms that store data in the United States to refuse UK warrants on Stored Communications Act grounds if they wish to continue doing business in the UK. 

The data sharing agreement to be entered into with the UK under the CLOUD Act

  • will not, in all probability,  allow UK police to forcibly pry open encrypted communications in the US; and
  • will not, in all probability, tell us anything about how the rumored data sharing agreement will interface, if at all, with existing UK forcible decryption laws or key disclosure laws which pre-date both the CLOUD Act and the data sharing agreement.

All that the meat of the CLOUD Act in 18 USC 2523  says on the subject of forced decryption is 

the terms of the agreement shall not create any obligation that providers be capable of decrypting data or limitation that prevents providers from decrypting data[.]

This doesn’t disqualify the UK’s existing forced decryption or key disclosure regimes or prevent the UK from enacting new ones. All it says is that forced decryption can’t be part of the terms of the data sharing agreement. There is nothing in the CLOUD Act that prevents the UK from serving a technical capability notice (i.e., forced decryption) on a US firm that provides encrypted data to the UK under a CLOUD Act order. I am guessing there will be nothing in the data sharing agreement either. Which means that the UK will probably remain free to serve technical capability notices on companies upon which it also serves CLOUD Act orders. 

Much, of course, will depend on the final agreement. What it will say is anybody’s guess, but I am not hopeful that it will be a particularly libertarian document, and my hunch is that the US won’t be keen to draw attention to the UK’s forced decryption laws by mentioning them in the data sharing agreement.

Which is course is the point. To the extent the data sharing agreement is silent on forced decryption, that, my friends, is your back door. Even if the CLOUD Act agreement doesn’t mandate the forced decryption of data, there are plenty of existing UK statutes that do. This means that the CLOUD Act could still result in forced decryption of data obtained from (and possibly about) US citizens and US companies on US servers by UK police, in secret, without anyone in America knowing about it or having any constitutional recourse.

Forced decryption that could probably not happen – or if it did, it would happen far less frequently – if the U.S. declined to enter into this executive agreement and (ideally) repealed the CLOUD Act.

Thoughts welcome on Twitter or in the comments.

wyoming-yellow-bellied-marmot-4058316_960_720.jpg
A marmot.

Not Legal Advice, 9/22/19 – self-proclaimed architect of the “Zug Defence” arrested, ICOBox sued, Section 230 limited by the 9th Circuit

prestonbyrne

Welcome back to this week’s edition of Not Legal Advice! Because legal advice costs money, and this blog is free.

Between delivering the keynote at blockchain day of Stamford Innovation Week and getting ready for a speaking gig at Crypto Springs, I’ve been pretty busy, so this week’s newsletter is going to be on the short side (a mere 1,800 words). This week:

  1. Self-proclaimed architect of the “Zug Defence” (or “Defense” for Americans) arrested
  2. ICOBox sued for selling unregistered securities, fraud, and operating as an unregistered broker-dealer; Paragoncoin resurfacts
  3.  Enigma v. Malwarebytes: 9th Circuit says Section 230 doesn’t apply to deliberately anticompetitive conduct

1. Self-proclaimed architect of the “Zug Defence” arrested

Last week brought us the news that Steven Nerayoff – early Ethereum advisor, sometimes Ethereum co-founder, and current one-of-those-guys-who-is-on-twelve-different-token-boards, was arrested and charged in the Eastern District of New York with extortion.

Although of course Nerayoff and his alleged co-conspirator, a fellow named Michael Hlady who previously was convicted of defrauding a group of nuns in Worcester, Mass (no, really), are innocent until proven guilty, it suffices to say that the allegations contained in the indictment do not portray either defendant in an especially flattering light.

Of wider significance here from the observer’s viewpoint is the fact that Nerayoff claims to have been the architect of – and is therefore someone with intimate knowledge of – the Ethereum Foundation’s early legal strategy. In particular, Nerayoff is likely to be aware of the contents of a legal opinion which, according to CoinDesk, is said to have cost $200,000, payment of which Nerayoff reportedly guaranteed with his own money. This person is now in federal custody.

The issuance of this legal opinion is worth re-examination, at the very least for historical purposes if nothing else. Apart from the obvious fact that $200,000 is rather a lot of money to pay for a legal opinion, the issuance of that opinion – which I presume authorized the sale, otherwise why pay $200k for it – arguably set off the ICO boom as we know it. The fact that Ethereum proceeded with legal air cover and was such a wild, runaway success encouraged other law firms, large and small, to then take a view on subsequent offerings in order to gain market share and marquee clients.

Ethereum was the first of many coin issuers to set up shop in Zug, Switzerland, known now as “crypto valley,” presumably under the theory that Swiss residence and legal structures would immunize them from U.S. law. This tactic, referred to in jest by cryptolawyer OGs as the “Zug Defence,” is rumored to involve establishing a Swiss Stiftung, or foundation, obtaining tax opinions from a Swiss law firm that the token-product is to be treated as a software product for tax purposes, and, in Ethereum’s case, obtaining a second, supplemental opinion which presumably set out the U.S. legal position (if the rumors are true). Although I have not read it, to the extent that opinion authorized the Ethereum pre-sale to occur in the U.S. without requiring the Ethereum Foundation to register the tokens or avail itself of an exemption, it would have been, in my professional opinion, legally incorrect. This conclusion is based on the SEC’s 2018 Paragon and AirFox settlements, which we may presume form the template for all enforcement actions which will follow, and in relation to which the Ethereum pre-sale, in hindsight, does not appear to have been materially different.

Generally speaking, a practitioner who possesses even one whit of conservatism in their bones will tell you that the so-called “Zug Defence” is not much of a defence at all, to the extent that the transaction or scheme touches the U.S.  or captures the U.S.’ attention. Although the statute of limitations for the Ethereum Foundation qua token issuer under the Securities Act of 1933 has run, their operations continue. When a supposed non-profit in Switzerland magically creates $20+ billion out of thin air, you can be sure this does not go unnoticed.

This is accordingly a story to watch.

marmot_2.jpg
This marmot is on Mt. Rainier, not in Switzerland. This marmot follows U.S. securities laws.

2. SEC sues ICOBox for selling unregistered securities, fraud, and operating as an unregistered broker-dealer; Paragoncoin resurfaces

In other federal-agencies-on-the-warpath news, the U.S. Securities and Exchange Commission sued ICOBox and its founder last week for allegedly conducting an unregistered coin offering, engaging in fraud in relation to that coin offering, and operating as an unregistered broker-dealer in relation to other coin offerings launched using its platform.

Attorneys can spot plausibly deniable sarcasm from 1,000 yards, and the complaint does not disappoint:

ICOBox proclaims to be a “Blockchain Growth Promoter and Business Facilitator for companies seeking to sell their products via ICO crowdsales” —in other words, an incubator for digital asset startups. A self-described blockchain expert, Evdokimov, has acted as the company’s co-founder, CEO, and “vision director,” among other titles.

The facts of the coin offering and the alleged fraud do not bear repeating here. More interesting from my perspective is how the SEC has built up its claim that ICOBox was acting as an unregistered broker-dealer:

The token sale conducted by at least one of these clients, Paragon Coin, Inc. (“Paragon”), constituted a securities offering under Howey… By actively soliciting and attracting investors to ICOBox’s clients’securities offerings in exchange for transaction-based compensation without registering as or associating with a registered broker-dealer, Defendants engaged in unregistered broker activities that violated the federal securities laws.

SEC v. Paragon Coin, we may remember, was the first major settlement announced between the SEC and an ICO issuer, back in November 2018. Around the same time, the SEC announced settlements with AirFox (unregistered securities offering) and the founder of EtherDelta (for operating an unregistered securities exchange). About 30 days prior to that, the SEC announced its settlement with ICO Superstore, a similar business to ICOBox, for operating as an unregistered broker-dealer.

So we should not be surprised that the SEC is going after ICOBox, nor should we be surprised if the SEC decides to go after other token mills in the future. Interestingly, the SEC appears to have used the cooperation and disclosure obtained in the Paragon exercise to build the case against ICOBox:

ICOBox’s team members highlighted on social media during the offering that ICOBOX had started to work with certain clients including Paragon (referring to it as ICOBox’s “child”), but did not disclose that no ICOBox clients had yet completed any ICOs using its services.

Tl;dr? The SEC is good at a lot of things, but they’re particularly good at playing follow-the-money, and their inquiries will not end with token issuers. They will use what they learn at issuer level to move up the chain to promoters and service providers. It will be interesting to learn what is revealed as they undergo that process.

3. Enigma v. Malwarebytes: 9th Circuit says Section 230 doesn’t apply to deliberately anticompetitive conduct

If you don’t know what Section 230 of the Communications Decency Act is, start here. If you do, recall that Section 230 has two main operative provisions:

  • Section 230(c)(1), which says that publishing platforms and users of publishing platforms are not liable for content created by someone else; and
  • Section 230(c)(2), which basically says that companies can’t be sued for good-faith moderation calls, so if e.g. you’re Milo Yiannopoulos and one of your posts is moderated off of Facebook, if you sue Facebook for it, you will lose.

With regard to each of those provisions, however, these above shorthand definitions are just that, shorthand, and what they gain in comprehension for the layman they lose in terms of the stripping away of the actual, technical language they use. Section 230(c)(2) reads as follows:

No provider or user of an interactive computer service shall be held liable on account of (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [sub-]paragraph ([A]).

The facts of Enigma v Malwarebytes are as follows.

Enigma Software Group USA, LLC, and Malwarebytes, Inc., were providers of software that helped internet users to filter unwanted content from their computers. Enigma alleged that Malwarebytes configured its software to block users from accessing Enigma’s software in order to divert Enigma’s customers.

Malwarebytes and Enigma have been direct competitors since 2008, the year of Malwarebytes’s inception. In their first eight years as competitors, neither Enigma nor Malwarebytes flagged the other’s software as threatening or unwanted. In late 2016, however, Malwarebytes revised its PUP-detection criteria to include any program that, according to Malwarebytes, users did not seem to like.

After the revision, Malwarebytes’s software immediately began flagging Enigma’s most popular programs— RegHunter and SpyHunter— as PUPs. Thereafter, anytime a user with Malwarebytes’s software tried to download those Enigma programs, the user was alerted of a security risk and, according to Enigma’s complaint, the download was prohibited[.]

As a former startup guy, don’t I know that startup competition in the software industry is a fight to the death.

Fortunately, commerce is not a free for all and there are rules and certain standards of fair dealing that companies are expected to follow as they compete. Enigma brought a number of claims under state and federal law, ranging from unfair and deceptive trade practices to a Lanham Act violation of making a “false or misleading representation of fact” regarding another person’s goods. Malwarebytes argued it was immune from the action due to the effect of Section 230(c)(2).

Malwarebytes won at first instance. The 9th Circuit reversed:

The legal question before us is whether § 230(c)(2) immunizes blocking and filtering decisions that are driven by anticompetitive animus.

In relation to which the court found:

Enigma points to Judge Fisher’s concurrence in Zango warning against an overly expansive interpretation of the provision that could lead to anticompetitive results. We heed that warning and reverse the district court’s decision that read Zango to require such an interpretation. We hold that the phrase “otherwise objectionable” does not include software that the provider finds objectionable for anticompetitive reasons…
…if a provider’s basis for objecting to and seeking to block materials is because those materials benefit a competitor, the objection would not fall within any category listed in the statute and the immunity would not apply.

Pretty clear cut ratio there.

Eric Goldman’s treatment of the subject is much more detailed than my own. I recommend it to anyone looking to read further in this case; suffice it to say that I agree with the 9th Circuit, and disagree with Goldman, in that anti-competitive conduct by large tech companies is a growing problem, it cannot have been the intention of Congress to enable unlawful anticompetitive conduct with Section 230 and, at least as far as I am concerned, the natural meaning of “otherwise objectionable,” while extremely broad, does have limits, and, much as one would have a difficult time finding a motorcycle or a plant objectionable, it is conceivable that anti-malware software that is not itself malware might fall outside of those limits.

The opening that is created here is narrow and appears to be strictly limited to anti-competitive conduct, although there is a risk this ruling could be distinguished by new categories of litigants whose user-generated content is excluded without apparent justification from online platforms. I struggle to think whence these claims might arise, given that users of online platforms customarily contract away most of their rights and acquiesce to the platform’s discretion to filter content as it pleases in accordance with their policies (as opposed to the situation in Enigma, where Enigma’s rights vis-a-vis Malwarebytes originated in statute which Enigma did not waive). This of course naturally invites the question of whether states themselves will also try to create new statutory protections for constitutionally protected opinions which, of course, is exactly the thing that Section 230 of the the Communications Decency Act was enacted to prevent. Between Enigma and the EFF’s First Amendment challenge to FOSTA/SESTA, Section 230 jurisprudence over the next few years looks to be anything but boring.

See you next week!