Learn more about the 2025 Coin Center Annual Dinner

Comments to the Consumer Financial Protection Bureau on “Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications”

A direct download of this comment is available here.

To whom it may concern:

Coin Center is an independent nonprofit research and advocacy center focused on the public policy issues facing cryptocurrency technologies such as Bitcoin. Our mission is to build a better understanding of these technologies and to promote a regulatory climate that preserves the freedom to innovate using open blockchain technologies. We do this by producing and publishing policy research from respected academics and experts, educating policymakers and the media about blockchain technology, and by engaging in advocacy for sound public policy.

We welcome this opportunity to comment on the Consumer Financial Protection Bureau (CFPB)’s proposed rule to define “Larger Participants” in the “Market for General-Use Digital Consumer Payment Applications.”1 In brief, Coin Center does not object to the inclusion of certain cryptocurrency businesses within the definition of larger participants for general-use payments, but we believe that an explicit exclusion from that definition must be crafted to ensure that mere developers and publishers of cryptocurrency software are not inappropriately swept into a supervisory regime. Mere software publishers engage in a constitutionally protected activity, expressive speech, and applying a supervisory regime to said persons would unconstitutionally burden that protected speech.

The CFPB plays a role in protecting consumers from risks inherent in financial products and services. Supervising certain larger participants in the digital payments space fits within that role when those participants have a contractual, agency, or fiduciary relationship with the users of their services and products. However, risks to consumers are reduced when a person merely publishes software code and offers no associated service contract and has no other fiduciary, agency, or trust-based relationship with the user of the software. Software may have bugs and, indeed, may even be malicious; however, these risks are best addressed in an ex-post regime that finds liability for developers of unfair, deceptive, or abusive tools,2 rather than an ongoing supervisory regime that burdens speech activities even in the absence of any alleged wrongdoing or negligence. Only an ex-post enforcement-based regime can pass constitutional muster, as it avoids placing a prior restraint on speech activities, punishing speakers for the harmful consequences of their speech rather than policing the speech activity itself.

As we will discuss in some detail, regulating the conduct of persons engaged in an ongoing contractual, fiduciary, or agency-like relationship with customers poses fewer First Amendment challenges because such regulation can be focused on the conduct of the regulated participant rather than their expressive activities. Coin Center would therefore not object to the supervision of major participants who engage in said conduct. By contrast, it would be unconstitutional to subject a mere publisher of software, data, or websites to a burdensome supervisory regime because, in that alternative, the regulation is aimed at the speech itself rather than conduct. Accordingly, we ask that the CFPB explicitly exclude from the definition of major participant any person who merely publishes software for digital consumer payments absent an ongoing legal relationship with the user of that code.

We appreciate that the current proposed definition of major participant excludes persons who fit an extant definition of small business. Many developers of cryptocurrency software are independent open source software contributors and, in that sense, are likely small businesses (or even not businesses at all) under the relevant definitions. However, this small business exclusion is insufficient to protect the constitutional speech rights of U.S. persons generally. Even larger businesses receive robust First Amendment protections, and discriminating between speakers based on the size of their business would be speaker- and viewpoint-based discrimination triggering the strictest scrutiny review under long-established Supreme Court jurisprudence. For these reasons, in addition to the speaker-based small business exclusion, we ask that the CFPB include a clear activities-based exclusion from the larger participant definition: any persons who are merely publishing software, data, or websites should be excluded from the definition. The remainder of this comment will outline case law that would be relevant to supporting the constitutionality of professional conduct regulation and to finding regulation of mere software publication unconstitutional.

Professional conduct regulation cases support the constitutionality of supervising major participants only when those participants are engaged in some form of conduct beyond mere speech.

CFPB supervision of major participants in the payments market, including some persons providing digital payments software, may well be found constitutional as a reasonable regulation of professional conduct that incidentally burdens some speech activities of the persons engaged in that regulated conduct. In that interpretation, the conduct being regulated is that of entering into a contractual, fiduciary, or agency relationship with a customer. While a written contract is speech, the assumption of a legal relationship that it embodies is doubtlessly conduct and can be the subject of regulation.

As the Court held in United States v. O’Brien, laws affecting speech that are aimed at the regulation of non-expressive conduct are still analyzed under First Amendment jurisprudence, but face a lower level of constitutional scrutiny than laws aimed directly at the regulation of expressive conduct or at speech activities themselves: “a sufficiently important governmental interest in regulating the nonspeech element [of the regulated conduct] can justify incidental limitations on First Amendment freedoms.”3 Supervision of a major participant’s non-expressive conduct, e.g. ongoing promises to secure assets or data on behalf of a consumer, may rightly be framed as an “incidental” limitation on that person’s otherwise unabridged First Amendment rights.

The O’Brien standard, however, is only applicable if the rule is targeted at regulating non-expressive conduct. Things become more complicated when the rule is targeted at regulating expressive conduct or at speech itself. There is a long though underappreciated line of cases stemming from O’Brien that points toward a reasonably straightforward series of tests for when regulation of professional conduct that burdens speech activities is constitutional. That line has been best illuminated by attorney Robert Kry in his article, “The ‘Watchman for Truth’: Professional Licensing and the First Amendment.”4 Kry, summarizing and synthesizing many cases, finds that

The first question in any professional speech case should be whether the government law or regulation at issue aims at the expressive or nonexpressive component of the alleged professional’s activity. Where the government action targets the nonexpressive component, actual conduct is at issue and the regulation is normally constitutional under traditional O’Brien principles.5

In the case of a major participant who is, in fact, in a contractual or agency relationship with her customers, CFPB supervision is plausibly aimed at the non-expressive component of the participant’s activity: binding promises made to the customer, or reasonable reliance on the part of the customer within the context of an ongoing relationship. However, a mere publisher or maintainer of software, websites, or smart contracts is not in a legal relationship with any customer, nor is she selling anything to any customer apart from, potentially, a license to use her tools or a fee charged for relaying or publishing the user’s data on a communications network or blockchain.

Indeed, even when such person is relaying actual cryptocurrency transaction messages that, once recorded in the blockchain, will effect a sale of some cryptocurrency, these entities typically have no actual ability to act on behalf of the user and no actual or apparent authority under contract or agency law to act on their behalf. At most, they can choose whether or not to relay the signed transaction message (but so too can an internet service provider); they cannot alter the contents of that message such that the terms of the sale would change.

These persons may be involved in conduct in other ways, such as paying for web hosting services, paying fees on cryptocurrency networks to record software or data in the blockchain, taking fees from users to relay their messages, or simply paying rent or otherwise maintaining facilities wherein they or their employees do the work of developing software or maintaining communications tools, but all of those activities are aimed at engaging in speech, the publication of software and data, and none of those activities give rise to the type of fiduciary or agency-like financial relationship, i.e. conduct, that justifies ongoing supervisory regulation.

Moreover, these persons have deliberately designed their software, websites, and smart contract tooling such that it can be useful to a user without the need for any agency relationship or for any legal or trust-based relationship with the publisher or any other party whatsoever. The user can and does do it all themselves. That is the point of cryptocurrency and “decentralized finance.” We can debate the merit of such a design goal,6 but what is not debatable is that this is how these tools are presently designed.7 Subjecting the developers of these tools to a burdensome supervisory regime would not be regulating conduct, it would be a burden directly on protected speech activity itself.

The Supreme Court has dealt with several regulatory schemes aimed at expressive professional conduct, such as a lawyer giving legal advice to a client. Throughout these cases the Court has developed a robust series of standards for constitutionality that are focused primarily on “which kinds of advice are licensable based on how closely they resemble forms of communication associated with fiduciary relationships.”8 This leads us to the second question in Kry’s analysis of the First Amendment limits to regulating professional conduct, what he calls the “value neutral test” because it applies irrespective of whether the speech affected is a matter of public concern and irrespective of the motives of the speaker:

If the regulation aims at the expressive component of the activity, a court should analyze it under the value-neutral test. Two questions need to be addressed: (1) Is the speech characteristic-dependent, in that the substance of the advisor’s message depends on the recipient’s circumstances? (2) Is the speech delivered in the context of a person- to-person relationship, one in which the professional is communicating to a single person with whom he is directly acquainted? Unless both of these questions can be answered in the affirmative, the government licensing scheme is impermissible.9

Given the in-person and client-specific nature of legal services, there should be no surprise that under these cases the professional regulation of attorneys, including licensing, limits on solicitation and advertising, and—as in this rulemaking—compelled disclosures, typically withstands constitutional scrutiny. In the context of developers of cryptocurrency systems, however, the answer to Kry’s twin questions of characteristic-dependence and person-to-person context is an unqualified “no.” It is taken as written that software, websites, and smart contracts in the cryptocurrency space are built such that they are generic, serving the needs of whoever wants to use them irrespective of the characteristics of that user. It is also a given that these tools are shared widely over the internet and used freely by whoever happens to download them or (in some cases) whoever pays to license the software or pays to have their transactions relayed by the software. As such, they are never “delivered in the context of a person- to-person relationship.”10 Accordingly, regulation of the speech activities of these developers, including any compulsion of major participants to develop and maintain expressive software in a certain manner according to yet-to-be developed CFPB standards, would face strict scrutiny by the Court and be found unconstitutional.

While these standards are general principles that are equally applicable to any kind of expressive conduct regulation, it is nonetheless worth noting that several of the cases that first articulated these standards dealt explicitly with speech, including software, that advised and facilitated sales of valuable assets. As such, the speech in question in these cases was very similar factually to the speech that would be burdened under an overbroad application of the proposed major participant definition. The value-neutral test was developed in Lowe v. SEC, a case involving the unconstitutional application of the Investment Advisers Act to a person merely publishing a public newsletter,11 and it was further reinforced in Taucher v. Born12 and two similar cases13 dealing with the unconstitutional application of the Commodities Exchange Act to the developers of commodities trading software.14

The Court’s recent cases offer even stricter First Amendment protections for data brokers and web developers

Kry’s 2000 article was ahead of its time and in the intervening years the Court has trended even further toward protecting speech activities in the context of professional conduct regulation. In IMS Health v. Sorrell, the Supreme Court found that a ban on the sale of prescriber identifying information by-and-to marketing professionals and data brokers was an unconstitutional speaker- and content-based burden on protected expression.15 The Court found that it was unnecessary to determine whether the data being bought and sold was protected speech or merely a valuable commodity, it was enough that the law burdened the expressive activities of marketers and data brokers. The Court reasoned that the law in question:

[C]ould be compared with a law prohibiting trade magazines from purchasing or using ink. Cf. Minneapolis Star. Like that hypothetical law, [the law in question] imposes a speaker- and content-based burden on protected expression, and that circumstance is sufficient to justify application of heightened scrutiny. As a consequence, this case can be resolved even assuming, as the State argues, that prescriber-identifying information is a mere commodity.16

Indeed, if the major participant definition contemplated in this rulemaking was finalized with only a small business exemption it would present a clear case of viewpoint based discrimination (small businesses’ speech rights are protected but larger businesses face a burdensome supervisory regime). Under the clear standards set in Sorrell, the rule would face heightened scrutiny and be found unconstitutional.

The Court has also recently held that these highly speech-protective standards apply at least as strongly in the context of publishing and maintaining software and websites online as they do in the more traditional context of offline professions. Indeed, in 303 Creative LLC v. Elenis, the Court articulated a much more protective standard for web developer speech.

The Court held that it would be unconstitutional “to forc[e a web developer] to create custom websites.”17 Indeed, rather than analyzing the compelled speech in that case under the professional conduct standards discussed above, the Court found that the act of publishing websites containing “images, words, symbols, and other modes of expression” was protected as “pure speech” and not as expressive conduct.18 The Court explicitly rejected the premise, argued by the government, that the regulation was focused merely on selling web development services (i.e. on regulatable conduct). The Court did not care whether the speech in question was characteristic-dependent or delivered in-person (and it probably was both of those things). Indeed, without any discussion of the reasonable limits of professional regulation of web developers, the Court held that obligating a web developer to design websites celebrating marriages that she does not wish to celebrate simply and unconstitutionally compelled her to speak viewpoints with which she disagreed.

The CFPB’s proposed definition of major participant could be used to subject mere software or web publishers to supervision, and should the associated rules be used to force those publishers to design websites in a manner that the publisher does not, for deeply held political and ideological reasons, wish to do, then the regulatory regime would be unconstitutional as a compelled speech regime.

Conclusion

A regulatory framework that inadvertently tramples on speech rights will not only fail to serve its intended purpose but may also undermine the United States’ position as a leader in technological advancement. We should proceed with policies that support our core values while fostering an environment where innovation can thrive within the bounds of law and respect for individual rights.

It is in the best interest of all stakeholders to ensure that regulatory actions are both legally grounded and practically enforceable, aligning with the CFPB’s mission to protect consumers through fair, transparent, and competitive markets. Therefore, a reconsideration of this rule and the inclusion of a clear exemption for mere publication of software, data, websites and other speech is not only advisable but necessary to uphold the Constitution and the principles upon which our regulatory framework is built.

Notes


  1. Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications, 88 Fed. Reg. 80197, (Nov. 17, 2023) (to be codified at 12 CFR 1090) available at: https://www.consumerfinance.gov/rules-policy/rules-under-development/defining-larger-participants-of-a-market-for-general-use-digital-consumer-payment-applications/. 
  2. Indeed the CFPB already has the authority to regulate such persons with its unfair, deceptive, or abusive acts and practices (UDAAP) authority under the Dodd Frank Act. See Dodd-Frank Act, Sec. 1036(a)(1)(B), 12 U.S.C. § 5536(a)(1)(B).  
  3. United States v. O’Brien, 391 U.S. 367 (1968). 
  4. Id
  5. Robert Kry, “The ‘Watchman for Truth’: Professional Licensing and the First Amendment,” 23 SEATTLE U. L. REV. 885 (2000). 
  6. A reasonable concern with that goal is that the disintermediation of financial services results in the loss of centralized chokepoints that have been economically efficient targets for engaging in financial crime surveillance or otherwise achieving public policy goals such as investor and consumer protection. The mere fact that many in government may have these concerns, however, does not somehow make speech that embodies these, to-some, questionable goals less protected as speech. See: 303 Creative LLC v. Elenis, 600 U.S. ___ (2023) (“The First Amendment protects an individual’s right to speak his mind regardless of whether the government considers his speech sensible and well intentioned or deeply misguided, and likely to cause anguish or incalculable grief.”). 
  7. Jerry Brito, “The Case for Electronic Cash,” Coin Center Report, February 2019, https://www.coincenter.org/the-case-for-electronic-cash/; Peter Van Valkenburgh, “Electronic Cash, Decentralized Exchange, and the Constitution,” Coin Center Report, March 2019, https://www.coincenter.org/electronic-cash-decentralized-exchange-and-the-constitution/ (in pgs. 55-69; Appendix: Building Electronic Cash and Decentralized Exchange Software); See also: “MetaMask Documentation: Architecture,” accessed November 1, 2023, https://docs.metamask.io/wallet/concepts/architecture/. 
  8. Robert Kry, “The ‘Watchman for Truth’: Professional Licensing and the First Amendment,” 23 SEATTLE U. L. REV. 885 (2000). 
  9. 303 Creative LLC v. Elenis, 600 U.S. ___ (2023). 
  10. Robert Kry, “The ‘Watchman for Truth’: Professional Licensing and the First Amendment,” 23 SEATTLE U. L. REV. 885 (2000)
  11. Lowe v. SEC, 472 U.S. 181, 185 (1985)
  12. Taucher v. Born, 53 F. Supp. 2d 464, 476-78 (D.D.C. 1999);  
  13. Accountant’s Soc’y of Va. v. Bowman, 860 F.2d 602, 603-05 (4th Cir. 1988); Commodity Trend Serv., Inc. v. Commodity Futures Trading Comm’n, 149 F.3d 679 (7th Cir. 1998). 
  14. Ibid
  15. Sorrell v. IMS Health Inc., 564 U.S. 552, 583 (2011). 
  16. Id., at 2. 
  17. 303 Creative LLC v. Elenis, 600 U.S. ___ (2023)
  18. Id., at 9.