Coin Center | Coin Center

Coin Center Annual Dinner 2017

Hot Takes

Is your crypto-crowdsale a security?

The legal test for what is and is not considered a security is pretty flexible. Beyond the financial instruments that obviously fit the bill, things as weird as orange groves and country club memberships have been regulated as securities too.

DAOs are about as weird as it gets. Things can get muddy very quickly for regulators seeking to understand their purpose and how their work. Recently our director of research Peter Van Valkenburgh went on The Ether Review podcast to discuss the work we have done in educating securities regulators about the finer points of DAOs and other cryptotoken based crowdfunds.

The episode was recorded before theDAO was exploited but foresaw a number of pertinent issues. This makes it an even more interesting primer on the regulatory issues raised by these novel corporate structures.

Listen below:

Link / Tweet

What does Coin Center actually do day-to-day, anyway?

That’s a question we’re frequently asked, and the reason we’re asked this so often is because we rarely talk about what we actually do day-to-day. We don’t talk about it because a lot of it is meeting with policymakers to explain how cryptocurrencies work and to discuss how the law should treat them (i.e. generally leave them alone), and it’s not really polite to hold a private meeting and then send out a press release about it.

The problem, though, is that this approach isn’t very transparent, and folks end up having no idea what it is we do. So, we’ve thought about it and realized there’s quite a bit we can share either because it’s public or because we can generally say what we did. So we’re going to give you an update from time to time on what we’ve been up to. Here are some highlights of what we did this week:

  • We attended attended Consumer Research’s Bretton Woods conference, at which Peter moderated a panel with representatives from the FTC and NIST.
  • We gave a two-hour briefing to the World Bank’s digital currency working group, focusing on how permissionless blockchains work and reach consensus.
  • We gave a briefing to program officers and staff at the Center for International Private Enterprise.
  • We had catch-up meetings with several staff on the Hill.

So now you know what we do. 😉

Link / Tweet

Maybe the EU's proposed new AML rules are not so clear after all.

While I think it’s very heartening they seem to draw a distinction between custodial and non-custodial wallet services, Bitcoin Magazine reports that some in the Netherlands are unsure what would qualify as “custodial” and what wouldn’t. Bitonic CEO Jouke Hofman:

Under the current provision, it’s not that clear who or what the regulation applies to, exactly. It covers wallet providers that hold onto private keys of their users. But does it also include wallet providers that hold onto one key for a two-of-three multisig address? What if bitcoins are time-locked and wallet providers cannot spend the funds now, but perhaps in the future? And if the regulation applies to any key holder, where does the definition of a wallet provider begin? Could the regulation perhaps even apply to Lightning Network nodes?

This kind of uncertainty is exactly why we need absolutely clear language both in AML and consumer protection rules. Typically you want to avoid over-specifying when you draft a law, but in this case you want to be as clear and specific as possible to make sure you are exempting applications that should not be covered. For example, here’s the definition of “control” (i.e. custodial) that we helped the ULC develop for its draft Virtual Currency Business Act:

(3) “Control” means possession of sufficient virtual currency credentials or authority on a virtual currency network to execute unilaterally or prevent indefinitely virtual currency business transactions. The term does not include possession, for a reasonably time-limited period, of virtual currency credentials sufficient to prevent virtual currency transactions to provide a service such as an escrow, provided that the user is able to regain unilateral rights to execute transactions following the period in which the escrow was in effect.

We think such clear language would address all of Hoffman’s questions.

Link / Tweet

The UK's new blockchain welfare benefits trial has privacy advocates freaking out.

Representatives from the Open Data Initiative say:

Experimenting with putting highly personal data in immutable data stores is fraught with danger. To avoid undermining trust in government’s use of data, DWP should be much more open and transparent about the policy objective of these trials, the safeguards they are putting in place to limit the risks and the lessons being learnt through the trial.

And that's a reasonable concern. As tools, blockchains are better at provably revealing truthful information than they are at obscuring information; they are engines for trustworthy agreement not privacy. Even Bitcoin lacks robust privacy or anonymity for transactions (which is why the continued development of ZCash and Confidential Transactions is so important).

But it's not the supposed use of a "blockchain" that has me worried in this GovCoin case. I can't find the source code for this trial tech anywhere, and have to suspect that the software is proprietary. The public can only judge the privacy of a technology if the software can be openly audited. Bitcoin and other cryptocurrencies are powered by open source software, anyone can look at every detail of its technical specification. We should expect no less from a blockchain software stack employed by a government.

Link / Tweet

The OCC’s new banking risks report mentions “virtual currency” twice.

The first mention is:

Banks and other businesses continue to receive extortion demands to be paid in virtual currency in exchange for preventing or stopping distributed denial of service attacks or for the decrypting or return of proprietary information.

The report cites a McAfee study finding that ransomware samples are one the rise. As we have noted before, cryptocurrencies are not a but-for cause of these attacks. Rather, threats like ransomware depend on poor cybersecurity, which has nothing to do with digital currencies.

The second mention of “virtual currency” in the report reads in its entirety:

New platforms and technologies, such as virtual currencies, enable anonymity for cyber criminals, including terrorists and other groups seeking to transfer and launder money globally. These methods not only pose substantial challenges for compliance with the Bank Secrecy Act and Anti-Money Laundering (BSA/AML) laws and regulations, but also help cyber criminals raise funds to pay for physical and cyber attacks.

It’s interesting that “virtual currency” is used as an example of a broader set of “new platforms and technologies” about which the report is warning. To our knowledge, there is no evidence that cryptocurrency has been used by terrorist groups to ‘pay for physical attacks.’ Cryptocurrencies are also not as anonymous as many believe. A better example for this broader set of these enabling technologies might be prepaid cards.

Link / Tweet

A new NYSE-traded Bitcoin ETF is about to give the Winklevoss Bitcoin Trust a run for its money.

It’s called the SolidX Bitcoin Trust and its S–1 was filed with the SEC today. The most interesting contrast between the two proposed funds is what happens if their bitcoins are lost or stolen. In its S–1 filing, the Winklevoss explained that:

The Trust will not insure its bitcoin. … Therefore, Shareholders cannot be assured that the Custodian will maintain adequate insurance or any insurance with respect to the bitcoin held by the Custodian on behalf of the Trust. Furthermore, Shareholders’ recourse against the Trust, Custodian and Sponsor under [New York] law governing their custody operations is limited. … Consequently, a loss may be suffered with respect to the Trust’s bitcoin which is not covered by insurance and for which no person is liable in damages.

In a recent filing with the SEC, the fund’s Bats Exchange explained that:

The Custodian has evaluated different insurance policy options and determined not to obtain coverage at this time due to insurers’ lack of understanding and sophistication with respect to Digital Assets, which has led to a thin marketplace of policies that are (i) not priced in an actuarially-fair manner and (ii) don’t properly model relevant loss vectors. Unfortunately, an efficient and effective marketplace for bitcoin insurance has not yet developed.

Despite all that, in its S–1 filing today, SolidX reports that it has secured insurance for its bitcoin holdings:

The Trust will maintain crime, excess crime and excess vault risk insurance coverage underwritten by various insurance carriers. The purpose of the insurance is to protect shareholders against loss or theft of the Trust’s bitcoin. The insurance will cover loss of bitcoin by, among other things, theft, destruction, bitcoin in transit, computer fraud (i.e., hacking attack) and other loss of the private keys that are necessary to access the bitcoin held by the Trust.

That’s quite a stark contrast. Coin Center has previously worked with Lloyds of London to help it and its insurance market participants understand the challenges and risks of securing bitcoins. You can read our report for Lloyd’s here.

Link / Tweet

Coverage of the EU’s new digital currency AML rules missed the most interesting bit.

While there was plenty of reporting this week about the fact that the European Commission proposed new EU-wide rules with somewhat stricter requirements than have been applied to date, the fact that these rules would only be applicable to exchanges and custodial wallet providers went largely unremarked. From the propose amendment to the AML directive, the newly covered entities would be:

(g) providers engaged primarily and professionally in exchange services between virtual currencies and fiat currencies;

(h) wallet providers offering custodial services of credentials necessary to access virtual currencies.

This is very careful and wise drafting. It should mean that service providers who do not hold keys for customers (like software wallets) or services providers who do hold keys but not enough to access a balance (like multisig wallet services) would be exempt. As for exchanges and custodial wallet services, these new rules should not be too burdensome because they already comply with essentially the same obligations imposed by the individual countries in which they do business. This new proposal would only standardize existing requirements across the EU.

Link / Tweet

Hillary Clinton's new tech agenda mentions blockchains.

The extent of the mention in the factsheet on her "Tech & Innovation Agenda" is this:

We must position American innovators to lead the world in the next generation of technology revolutions –from autonomous vehicles to machine learning to public service blockchain applications –and we must defend universal access to the global, digital marketplace of ideas. 

Pretty unassailable stuff. It is interesting to note, though, that blockchains are mentioned only in the context of public service applications. Most public service applications I can think of, such as identity provision, require open permissionless blockchain networks to achieve universal interoperability and verifiability. We'll be reaching out to her campaign to offer our expertise.

Link / Tweet

Cryptocurrency: The Policy Challenges of a Decentralized Revolution.

Coin Center teamed up with the Cato Institute to put on a free daylong conference in Washington, DC, to examine the policy challenges of a decentralized revolution. Speakers include Representative Mick Mulvaney, Commissioner J. Christopher Giancarlo of the CFTC, Joseph Lubin of Consensys and the Ethereum Project, Zooko Wilcox-O’Hearn of Zcash, Overstock.com’s Patrick Byrne, and many more. The full agenda and session videos can be found at cato.org/cryptocurrency.

Link / Tweet