Two recent cases in the US reveal a lot about how regulatory clarity is going to work for a while. Further, the most important – and to many people likely most surprising – information is mentioned almost in passing. One is an SEC case about disclosure problems and the other is a CFTC settlement that involves all manner of bad activity. These are settled cases not allegations.
tl;dr: fundamental, widely held beliefs about decentralized autonomous organizations (DAOs) and the meaning of decentralization are at odds with positions accepted by US courts in settlement agreements.
Now these situations are not terribly interesting in and of themselves. One guy did not properly disclose compensation received to shill tokens and one DAO offered illegal margin trading and did not perform adequate KYC. Nobody watching the space is going to be shocked by this.
Rather the arguments these regulators made reveal how they think. And quite a bit of the reasoning is wildly inconsistent with widely held beliefs in the web3 community. When the government asserts something that is 100% inconsistent with your beliefs, you’d best pay attention. When those arguments are accepted without a fight, maybe you need to reconsider your beliefs.
What Lies Beneath
These two cases include, almost in passing, fascinating paragraphs about DAOs and what decentralization means in practice for blockchain node* operators. On DAOs, the CFTC writes:
A key bZeroX objective in transferring control of the bZx Protocol … to the bZx DAO .. was to attempt to render the bZx DAO … enforcement-proof. … the bZx Founders believed they had identified a way to violate the Act and Regulations, as well as other laws, without consequence…The bZx Founders were wrong, however. DAOs are not immune from enforcement and may not violate the law with impunity.
Now you may be asking yourself “how does the government know what their objectives were if it’s just code?” Well, it’s not the code so much as the call transcripts that matter:
So many people across the industry right now are getting legal notices and lawmakers are trying to decide whether they want DeFi companies to register as virtual asset service providers or not – and really what we’re going to do is take all the steps possible to make sure that when regulators ask us to comply, that we have nothing we can really doFrom a DAO community call.
That’s pretty clear. But why are these folks responsible for the actions of a DAO?
The Ooki DAO meets the federal definition of an unincorporated association. It is a “voluntary group of persons” … “without a charter” … “formed by mutual consent for the purpose of promoting a common objective.”
So the regulations could handle DAOs already you say? But that still does not tell us why anyone is individually being held to account right?
As members of the for-profit Ooki DAO unincorporated association … Bean and Kistner are personally liable for the Ooki DAO’s debts. Accordingly, they are personally liable for the Ooki DAO’s violations of the Act and Regulations
So it turns out the regulations covered this all along? Hmm.
“Decentralized” in a Jurisdiction
That was about how DAOs are already anticipated, or at least covered, by existing regulations. In the improper compensation disclosure case we find the government asserting an interesting position with respect to jurisdiction over decentralized blockchains:
contributions were validated by a network of nodes on the Ethereum blockchain, which are clustered more densely in the United States than in any other country. As a result, those transactions took place in the United States.
Now it is clear the US government has jurisdiction over activities which occur physically within its borders. To the extent you execute transactions with a computer in the US that is very obviously subject to US law. Maybe we can have an argument about confirming, checking or otherwise passively contributing to a network and how that is not the same as actively proposing and executing transactions.
But the argument the SEC is making here is both stronger than that and, strategically, more clever. They are asserting that because the US is home to a plurality of ETH nodes, the whole network is under US jurisdiction. That may prove wrong – this one isn’t settled yet – but it makes plain both their position and what possible defenses exist.
Note that the argument does not depend on decentralization in any way; it is instead based on claims about the physical world.
Pick Your Poison
How exactly does someone respond to the allegation that Ethereum is fully under US jurisdiction? The first and most obvious defense is simply to say “I am only responsible for transactions I executed.” And that is fair enough as far as it goes.
But the next step is, again very obviously, to go after specific miners regarding specific transactions they mined. That both opens up node operators to endless legal cases and would horrifically fracture the network.
The only reasonable alternative defense is to plead that, as nobody controls a majority of the network, then nobody can be held accountable. Now go back and read the earlier case we discussed. See the problem? If you argue you cannot be held responsible for transactions that were simply flowing through then, at best, they’re just going to get a cease-and-desist order to stop your supervision-immune activities. You’re gonna have to comply with it and the network fractures again.
If this is your defense, the bad outcome is far worse: the government asserts that because you participated in validation you are part of a DAO and therefore personally liable for everything. Whether or not that holds up is unclear..but it’s already been asserted and accepted in a settlement. So this is a wee bit risky.
When viewed together these two cases corner node operators. These alternatives boil down to either a) fracturing the network by refusing to accept state updates derived from other nodes or b) accepting joint-and-several responsibility for everyone’s state updates. Neither of those is appealing.
Beyond those strategies lies madness. Say you try arguing that, somehow, the court has no power over you. How is that going to go exactly? A US company, in the US, running computer hardware in the US, powered by the US electric grid is asserting the US legal system cannot tell it what to do? Right. This plan boils down to telling a judge they have no power over you while you are standing in their courtroom. The US has pretty strong freedom of speech protections and all but nobody should be saying that.
You could simply pack up and leave the US. Then, yeah, the court may not have any authority over you anymore. But think that one through. If the Ethereum community relocates their operations out of the US to avoid legal scrutiny, exactly how long do you think it will be before “offshore Coinbase” is blocked from the banking system? There is no reason to expect the financial system to process funds linked to a network that fled the country like some kind of fugitive.
And that’s going to be backward-looking too. Getting default judgements against a recently-fled fugitive is probably not difficult (am not a lawyer but possess basic critical thinking skills). There is no way this is a tenable strategy.
Also, surprise surprise, it looks like the regulations anticipated this one too. In the famous case of US vs Alcoa in 1945 judge Learned Hand wrote:
We should not impute to Congress an intent to punish all whom its courts can catch, for conduct which has no consequences within the United States…. On the other hand,… any state may impose liabilities, even upon persons not within its allegiance, for conduct outside its borders that has consequences within its borders which the state reprehends.
This is now known as the “effects doctrine” and plainly covers Ethereum. Maybe you think 1945 is “old” and no longer relevant. Here is the recently retired and still-very-influential judge Posner discussing whether Hand is “the third-greatest judge in the history of the United States.” And here is a list of judges who’ve received the “Learned Hand Medal.” Maybe you can try waving your not-so-learned-hands and saying “it’s decentralized” from the center of one of their witness boxes?
It’s looking clearer by the day.
*By “node” we are referring to those parts of the system that propose, select, execute or otherwise play an active role in getting transactions done. Roughly this means processes that meaningfully contribute to proof-of-work or proof-of-stake consensus schemes, build blocks or effect the movement of tokens. We do not intend to include parties that merely store or re-transmit unmodified data.