Keeping up to date with developments in the cryptospace can be difficult. Perhaps even more complicated is the ongoing attempt by regulators to adapt to a rapidly evolving playing field. Crypto Insider spoke with Preston Byrne to get some insights into the legal challenges facing cryptocurrency and blockchain technology moving forward.
Can you tell us a bit about your professional background?
I did my undergrad at the University of St. Andrews. After that, I moved down to London to do the whole paralegal thing, before becoming a trainee, and then a solicitor. But I was pretty bored. As a junior lawyer, you come out of uni doing one of the harder subjects, only to start back on the bottom rung in a highly technical environment. Most importantly, no one really cares about your opinion as you’re not senior enough. One way you can get around that is by specialising in a niche – so I picked Bitcoin and blockchain stuff, much to the displeasure of the partners at Norton Rose.
Around mid-2014, Ethereum centred around this particular Skype room. I met two guys – one of whom was Dr. Tyler Jackson, who went on to become one of the founders of Monax (formerly Eris), and we were sort of uncomfortable with this idea of selling tokens to people. It didn’t quite sit right with us. So we developed this modular smart contract that referred to other class definitions on a blockchain, you could add a lot more complexity to it. So rather than say ‘this is a loan’ and have all of the logic for said smart contract go into the particular loan, you could instead have a kernel, and point a transaction at the kernel to have it throw a new loan, instead of just reinstantiating a contract from scratch every single time – you’re effectively separating the data from the logic itself, and not having to repost smart contracts and waste tons of gas every time.
That would up being the basis of most smart contract design today, but in particular it became the basis of the ‘permissioned blockchain’, this idea that you could put into the genesis block a set of commands that users had to abide by. It was very elementary to begin with. You could assign permissions to ‘god’ users who could revoke or grant access to the genesis block commands, using distributed consensus as opposed to mining. I did that for a few years with Monax.
We parted ways last year. They decided to go down the ICO route. I looked at it and thought it was going to be complicated and quite difficult legally. It’s pretty stressful and the stakes are high when you’re dealing with real money. It’s for some people, but not for me
So I decided to go back to law school in the States, and I’ve just completed my Masters. I’ll be sitting the bar in a few weeks.
Would you describe yourself as a ‘blockchain not Bitcoin’ person?
I like them both. Obviously, there’s different risk profiles and costs/benefits of using each tech. If you’re looking at ICOland, there are numerous benefits to starting a company in that space, without a doubt. There’s a lot of exceedingly dumb money floating around that you can tap (by ‘dumb money’, I mean money that isn’t sophisticated and doesn’t carry out the necessary due diligence).
For small businesses, it’s certainly something to consider, since capital is one of those things that you need in ensuring sustainability – but it runs out. You have a clock that you need to keep an eye on. It’s like the heads-up display from Halo, except instead of the ‘health’ bar, you have one that keeps track of your money and tells you when it’s going to run out. It’s a concern, but when you’re doing ICOs, it’s one that goes away. You can go and get a whole lot of runway, very quickly. So it’s quite compelling.
The risks are somewhat longer-term. It’s not like users buying your software, where you may have a product liability (which you can disclaim fairly straightforwardly). You’re selling a token which looks a lot like a financial product, and so, at the moment, nobody’s quite sure how these things are going to be classified and regulated. Are you liable for representations that you make? Are you liable for representations other people make beyond your control? What are you allowed to say about distributed ledger technology that’s a legitimate statement of fact versus one of opinion?
There’s a whole bunch of rules around this which aren’t yet clear. If you go into that world, you have to decide what degree of risk you’re willing to take – it’s going to depend on where you’re incorporated, on where your people work, on where you direct your selling efforts, etc. So it’s complicated. There are upsides and drawbacks to it.
On that note, what do you make of the SEC’s recent statement that ether doesn’t constitute a security?
I think it is. It’s interesting. Jay Clayton has made a distinction between Bitcoin and Ethereum. He said that Bitcoin isn’t a security because there’s no main party or marketing apparatus behind it that could be found. I’d say that’s pretty right. Bitcoin’s growth has been fairly organic.
Ethereum, in the beginning, was not organic. I was there. It was very organised and very deliberate. Frankly, that’s why I didn’t get involved in it. I thought ‘this is a securities offering’. The SEC have left open the possibility that they still may find it as such. There are no victims from the transaction, because everyone who invested at that point made a ton of money, so there are no losses. However, there’s potential in a lot of these schemes for people to make a lot of money, and we need to ask ourselves whether we’re okay with that or not.
Let’s say you want to go and build a decentralised network. There’s nothing in the law that says you can’t do that. But we haven’t gotten to a stage where we need to decide one way or another whether we want people to profit from the networks they create by massively selling coins as an investment proposition in advance.
There’s a few ways to attempt to square that circle – one might choose to use the Ethereum model, by selling coins upfront in order to fund the operation. Down the middle, you have another option, like the ZCash model, where you don’t sell the coins, but you take a percentage from each block mined as a form of income. Another way is to simply take some coins at the beginning, then launch the network for others to mine, with your own coins locked up for a set period. Lastly, there’s the Ripple model, where you say ‘we’re going to control all of the coins in existence, and drip-feed them into the market’.
So there’s a variety of ways to issue coins. Each has different characteristics and a different profile from the perspective of the regulators. Each of them has a different profile from the perspective of the contracts, and the representations you’re making to the market. And they all have some elements that are drawbacks, and some that aren’t.
Holding onto a big amount of coins and agreeing not to sell them, you’re not entering into a contract with anybody – the only contract there is the software license at that point. But the thing is, you’re sitting on a huge amount. How do you liquidate? How do you get people to invest in your company if you do that? So different companies are experimenting with that. And the regulators are just so confused. You can’t get any concrete guidance – a lot of these schemes have a sort of ‘wink wink nudge nudge’ approach so that they can say ‘oh yeah, we complied’. It remains to be seen what happens. Suffice it to say, I think there’s a lot of exciting work to be done in that regard, so I’m quite looking forward to getting back into it.
In the same statement, a lot of bullet points were made that seemed to take aim at ICOs. What do you think of that?
Even there, they leaned on this concept of decentralisation a lot to encapsulate where their thinking was on the evolution of ether from a security to a non-security. And I don’t think that’s the smartest way to go about categorising it, because it doesn’t really have a clear definition legally or technically. If you say something is ‘decentralised’ technically, there are four or five different ways you could spin that. The definition I like to use is:
- A cryptocurrency scheme (taken at its plain and ordinary meaning)
- In relation to which neither an originator, nor a promoter has sold or distributed tokens for value to third parties (so all of the coins out on the market are mined)
- Which utilises a consensus algorithm that ensures the process of adding blocks or transactions to the shared transaction history is not controllable or censorable by one person or a reasonably foreseeable cartel. In a periodic fashion, we need to ask ‘is this thing gameable?’. It’s an objective criterion for determining decentralisation every ten seconds – so it’s more about checking on an ongoing basis to make the judgement.
The SEC zoomed out a bit further than that and said ‘well it kind of looks decentralised if you don’t have anyone marketing it’. But with Ethereum, you did at one point. Arguably, you still do. The SEC still haven’t explained how something that was an investment contract at one time somehow lost its status as such. As an investment scheme, it was very successful – that strikes me as something which is contrary to public policy and not what a federal judge would find if presented with the question.
So when we ask what is decentralised, I like my little objective definition because it’s something you can test constantly, and then ask what the legal consequences might be if it fails the test. The way the SEC is going right now, they’ve left it pretty open-ended. They haven’t told us what decentralisation is, they’ve just said it’s decentralised. No one can agree on a specific definition, so it depends on who you ask in regards to several factors. We need legal criteria, and maybe then the concept will be useful, but for now it just isn’t.
What do you think of the use of the Howey test in cryptocurrency?
The Howey test is old school – it’s how English law used to be. English law in this area has been primarily imported from the European Union, so it’s very prescriptive. There’s a list of things covered in their public offering rules – if a blockchain token issued in the genesis block doesn’t have any contractual rights attached to it, and it’s not on the list, it isn’t covered. They’re more focused on collective investment schemes. I think the Howey test gets to the meat of the issue more effectively than the English regime does. The English regime has Scylla on one side and Charybdis on the other – Scylla is your public offering rules and Charybdis is the collective investment scheme rules. You can kind of wiggle your way down the middle if you’re careful – it’s easier in the United Kingdom to answer the initial question of ‘am I offering a security?’ than it is in the United States.
That notwithstanding, there’s a huge regulatory hole where no one has any authority to step in and say ‘let’s regulate this conduct in the UK’. All of the schemes are going through, and where you’re going to pick them up is the next step. When you’re dealing with AML or fraud, it’s SOCA or the SFO’s ball (neither of which are known for being hugely active, by any stretch of the imagination, when compared to the Department of Justice). There’s more exposure to your average UK investor, just because there are no controls. The Financial Conduct Authority has said as much.
The Howey test can be applied to everything and nothing at the same time. There have been some people that have advised their clients that there are certain types of transactions (like private Reg D security offerings) that are sufficient to somehow magically wander away from public offerings rules – they’re what’s called a SAFT, where you swap them for tokens at a later date. The tokens aren’t securities, supposedly, because that’s the thing you were investing towards – they’re more like the oranges in Howey, which are the end product that you’re buying. And I don’t buy that.
There are some people that do – CoinCenter loves that argument. They say that the token is the product, and the contract to buy the token is the investment contract. My opinion is that the token is the investment contract.
Do you think GDPR will have any notable impact on enterprise blockchains?
Enterprise blockchains, no. Enterprise blockchains don’t usually hold PII (personally identifiable information), they’re more used to dealing with bank-to-bank or entity-to-entity corporate commercial transactions. I don’t think they have much to worry about insofar as GDPR, as long as they don’t have personal data on it. And generally speaking, they’re not exposing their data to the world.
In terms of the public blockchains, who do you sue? Who do you enforce against if someone puts personal data on the Bitcoin network? It’s not entirely clear if there’s anyone with the proper standing to enforce GDPR with regard to public blockchains. Or even if you could, in some limited capacity (like with EOS or something), it would still be really difficult to pin down all of the block producers liable for whatever happened on whatever date. It’s nightmarish to get this stuff enforced.
So with GDPR, I expect the impact to be minimal, because the consumer data isn’t personal data in a lot of these systems (it’s totally pseudonymous). The companies really aren't holding personal data – people are just putting it out there. It’s like carving your name into a rock: anyone who walks past the rock will be able to look at it, but it’s not like you can blame the company whose land the rock is on, because they just put it there.
Where do you stand on ‘code is law’?
Garbage. If you and I have a contract, and let’s say I’m going to sell you a crypto token for $10. I sell you the token, you give me the $10, but it turns out it’s not the right crypto token. You say ‘you sold me Marmotcoin, but I wanted Dogecoin. I’d like my money back, please.’ Marmotcoin is a fork of Dogecoin, in this example.
I’d say ‘sorry, but the code is right there. There’s the hash of the chain I was using in the contract. The code is there. You’ve implicitly agreed to the terms. So unfortunately, you’re stuck with this Marmotcoin now.’
If I do that to you, what can you do? You can’t make me undo my transactions. Code is law is this idea. The actual law says, however, that you have remedies – let’s say I’ve escaped to Tahiti. You can get a writ at the court that would let you seize my house and have me declared insolvent. All you need to do is rock down the street with bailiffs, take control of all my assets and sell them.
Code is law makes some sense. But ultimately, the legal system is backed by men with guns, who will tell us what we can and can’t do – if we don’t comply, we end up in jail, or worst case scenario, shot. Violence is what underpins the legal system. It’s very rarely used, except in the most extreme examples (at least for middle-class people like us). A cop comes to your door, telling you to turn down your music, and you do it. If you’re out drinking and a cop says ‘knock it off, you’re being rowdy’, you do it. A cop stops you, you don’t run away, you take the ticket.
We have norms and rules that we live with. Code is law runs on the premise that code runs outside of this system, which it does, but if you step too far out of bounds, you’re going to get arrested or sued. That’s what the concept ignores. There are things you can do to build in protections with these systems (escrows, insurance policies) to make them more certain from a commercial and transactional perspective. There’s a whole bunch of things you can do to make them more usable. Code is law tries to ignore all of that, when really it’s just good for automating certain functions.
What about governance protocols (like, say, EOS) where transactions can be reversed by a consortium?
EOS is a mess. It doesn’t make a lot of sense to do what they did. They have this constitution – ‘no lying’ is one of its articles. Cool, but what does it mean? What can’t I lie about? And where? What are the penalties? Who enforces them?
What it really is is what’s called the Tyranny of Structurelessness, a concept that actually derives from revolutionary feminism. It’s where even where you have groups that systematically reject hierarchies and positions of title, a hierarchy would nonetheless emerge, and that hierarchy would be even more tyrannical than the one earlier expressed, because you couldn’t tell people there was one – you couldn’t target it or point people to procedural rules that they were breaking.
EOS has a tyranny of block producers, who call the shots in the system, while everyone else sits with a constitution that doesn't mean anything – poor governance allows the block producers to run around and do whatever the hell they want, and no one can complain about it.
It’s a curious situation. I think blockchain governance in public chains should be about what code gets pushed to the chain – it’s controlling the behaviour of the application, versus controlling the behaviour of the application’s users. EOS has tried to create this bureaucratic regime that goes along with it, which just misses the point. It should just set out the rules for the application. If you screw around illegally, people should seek recourse with the legal system, instead of trying to say there’s some intermediate legal system which you’ve set up. It’s overreaching.
Onto the real stuff – if you had to give me three reasons as to why marmots are superior to beavers, what would they be?
To start, a marmot is not going to be able to take your arm off – at least, nothing under a Class 4 Battle Marmot will be able to do that kind of damage. A beaver, on the other hand, is actually quite a dangerous animal (they cut down trees). Marmots are much more manageable.
The second – marmots are more fun at parties. Beavers, they’re more solitary and hang out in swamps. Parties are not that fun in swamps. Marmots will hang out in your backyard. That’s always an advantage. My house is built on property that belongs to a marmot – they trim your plants and they keep you on your toes. Here’s a video of what looks like a marmot running around. What your seeing there isn’t a marmot, but actually the three-dimensional shadow of a marmot as it moves into hyperspace. It’s a very rare sight of a marmot approaching the jump to light speed, but I feel it’s something I should share.
Lastly, they’re my spirit animal. I identify with them, but I don’t identify with beavers. I guess it’s more of a personal preference rather than a definitive statement of facts as to why they’re superior. I’d definitely recommend them.
Picture from Pexels.
Never miss a thing and suscribe to our newsletter.
Law graduate and crypto journalist.