https://www.coincenter.org/a-simple-legislative-fix-to-complicated-tax-rules-for-personal-cryptocurrency-transactions/

Existing rules for the taxation of cryptocurrency can make even the simplest of transactions a confusing ordeal to track, record, and report. A legislative fix is needed for everyday transactions, even the smallest of which trigger tax implications.

One of the simplest legislative solutions to support open blockchain networks would be to give cryptocurrencies the same exemption from taxation that government-issued currencies already have: an exemption from taxation for small, personal transactions. A potential bill could create an exemption from capital gains tax for low-value cryptocurrency transactions in day-to-day use when cryptocurrencies are used, just like the dollar, as actual currencies.

Here’s how government-issued currencies already enjoy this exemption: say you exchange $100 for euros because you are spending the week in France. Before you get to France, the exchange rate of the Euro rises so that your euros are actually now worth $105. When you buy coffee or a baguette with your euros, you experience a potentially taxable gain. However, the tax code has a de minimis exemption for personal foreign currency transactions, so you don’t have to report this gain on your taxes. As long as your gains per transaction are $200 or less, you’re good to go.

Cryptocurrencies do not enjoy this exemption because their transactions are treated as non-currency, property transactions. This means that every time you buy a cup of coffee or anything else with bitcoins (using cryptocurrency like an actual currency), it counts as a taxable event. If you have experienced a gain because the price of Bitcoin has appreciated between the time you acquired the bitcoin and the time you used it, you have to report it to the IRS at the end of the year, no matter how small the gain. This creates a lot of friction and discourages using Bitcoin or any cryptocurrency as an everyday payment method.

A targeted fix would be to simply create a de minimis exemption for cryptocurrency the way it already exists for foreign currency. The purpose would be to remove the friction and encourage the development of this innovative technology and its use in payments. Without such a de minimis exemption from capital gains taxation, a cryptocurrency user could trigger a taxable event every time she pays for a good or service rendering cryptocurrencies too complicated for daily use in payments — especially in novel micropayment applications where transactions can be just pennies.

We’ve advocated for just such a bill in the past: the Virtual Currency Tax Fairness Act. We’ve worked on a bipartisan basis for several years to support legislators that have introduced this legislation. We also recently highlighted this policy as a priority in our response to a request for feedback from Senate Finance Committee Chairman Ron Wyden and Finance Committee Ranking Member Mike Crapo. Since the bill has not yet been reintroduced this Congress, we wanted to take the time to fully explain why such an idea is necessary.

In addition to treating cryptocurrencies like other currencies when used for small, personal, everyday transactions, cryptocurrency networks also frequently involve tiny transactions that can be worth fractions of a penny. People executing transactions and computational operations on networks like Ethereum often incur small fees. For every small fee on every transaction recorded on the blockchain, users must track the price at which they acquired that minuscule amount and the price at which they disposed of it. Keeping track of each of these tiny dispositions is entirely impractical, however, under IRS guidelines every taxpayer must currently be recording and reporting their gain or loss on each of these small fees. While the IRS guidelines are impractical, they also cast a shadow over the technology, discouraging its use, while the potential revenue accruing to the government is likely to be minimal. This is just another reason why small, personal transactions should be excluded from capital gains taxation.

Giving cryptocurrencies the same exemption that government-issued currencies enjoy would help to foster the use of cryptocurrencies in retail transactions and new innovative methods of transacting that cryptocurrencies excel in, like micro-transactions. Making such a simple fix has been a completely bipartisan issue in the past, and we hope it will continue to be in the future.

The post A Simple Legislative Fix to Complicated Tax Rules for Personal Cryptocurrency Transactions appeared first on Coin Center.

https://www.coincenter.org/treasurys-proposed-broker-rules-expand-surveillance-well-beyond-a-third-party-doctrine-thats-already-stretched-thin/

Late last month the Treasury Department published a proposed regulation to define when a person in crypto qualifies as a “broker” under the tax code and therefore must collect personal information about the users of their crypto tools and report that information to the IRS for tax purposes. We are busy readying our comment letter, due by October, but here is a preview.

Treasury’s notice of proposed rulemaking is around 280 pages, but our comment will be pretty simple: As we detailed in a lengthy paper in 2019, the Fourth Amendment makes it unconstitutional for the government to force a private person (as in an individual or business that is not a state actor) to collect and report the personal information of another person if they (a) don’t already collect that information as part of their business, (b) have no reason to collect that information apart from the government demand, and (c) if the target of that information collection does not already voluntarily provide that information to them.

That’s the standard in Carpenter v. United States, a relatively recent Supreme Court case that overruled significant aspects of the “third-party doctrine,” an interpretation of the Fourth Amendment that, in older cases, allowed similar forms of deputized state surveillance by telephone companies and financial institutions. The Court today is even more poised to further narrow that standard given its current composition, including several justices aligned with Justice Gorsuch, who, in his dissent to the opinion in Carpenter wrote, “I do not agree with the Court’s decision today to keep [the third-party doctrine] on life support.”

Treasury’s proposed standard is broader than the standard articulated in the third-party doctrine cases from the 1970s up to the Carpenter case in 2018 (because it allows more people to be forced to collect more information about other people), and it is vastly broader than the new post-2018 standard. In other words, there’s no way it should survive constitutional scrutiny.

But what is that broad and unconstitutional standard? Treasury proposes that a person in the crypto ecosystem is obligated to collect user information when they are “in a position to know” their users. That standard is far broader than the constitutional limit set out above. If being in a position to know something was the constitutional standard for deputizing private actors to engage in state surveillance, well, then, it would be game over for the Fourth Amendment.

When I’m walking down the street I’m “in a position” to take notes about all the people I see, and I could report questionable characters to the cops. Perhaps I should be ordered to do so? When I’m at my doctor’s office I’m “in a position” to record and report her medical advice, including whether she will prescribe federally prohibited marijuana, or offer advice about family planning methods. Maybe I should be ordered to do so.

While we’re at it, let’s force John Deere to report to the Department of Agriculture which seeds farmers are planting with their internet-connected tractors, and whether they might be planting proprietary GMO seeds without paying for a license. Let’s force Apple to report a list of the apps I’m using on my iPhone and whether I’m installing anything that’s built to share views on the political fringe. Let’s have cell phone carriers record our calls, have teachers report anti-social kids, and kids rat-out their parents.

All of these absurdly intrusive hypotheticals would be perfectly acceptable if the standard for when the government can force someone to spy on other Americans was merely whenever they are in a position to know something juicy about their fellow Americans. Fortunately, that’s not the standard. Indeed the standard is narrow especially after the Carpenter case.

Our comment will be about that standard and how Treasury’s attempt to force participants in crypto to spy on users of their software violates it and is, therefore, unconstitutional. Ideally, the Treasury Department will significantly tailor their standard to something like the holding in Carpenter before the final rule is published.

Finally, those familiar with Fourth Amendment case law might argue we’re stretching the Carpenter holding too far, that the Court merely expressed a special solicitude with regard to the highly intrusive geographic data collected in that case and that such special limits on deputized surveillance shouldn’t be applied more broadly to other areas of data collection and, perhaps, especially not to things like money and crypto. To that critic we would say, read our full comment letter when it is published. For otherwise, as Justice Gorsuch warned in his Carpenter dissent,

What’s left of the Fourth Amendment? Today we use the Internet to do most everything. Smartphones make it easy to keep a calendar, correspond with friends, make calls, conduct banking, and even watch the game. Countless Internet companies maintain records about us and, increasingly, for us. Even our most private documents—those that, in other eras, we would have locked safely in a desk drawer or destroyed—now reside on third party servers.

And as Justice Brennan predicted in the 1970s,

For all practical purposes, the disclosure by individuals or business firms of their financial affairs to a bank is not entirely volitional, since it is impossible to participate in the economic life of contemporary society without maintaining a bank account. In the course of such dealings, a depositor reveals many aspects of his personal affairs, opinions, habits and associations. Indeed, the totality of bank records provides a virtual current biography. … Development of photocopying machines, electronic computers and other sophisticated instruments have accelerated the ability of government to intrude into areas which a person normally chooses to exclude from prying eyes and inquisitive minds. Consequently, judicial interpretations of the reach of the constitutional protection of individual privacy must keep pace with the perils created by these new devices.

Something that’s remarkable about crypto is that it is the one technology that began to reverse the death of privacy long heralded by Justice Brennan and others. With crypto you can transact online without any need to disclose anything personal to a financial intermediary. Treasury’s proposed rule would not only peel back the evolving constitutional protections for data held by third parties, it would artificially force people to become third parties, creating by law rather than technological necessity the very privacy vulnerabilities that an unscrupulous wielder of state-power would exploit to achieve the very privacy violations the Fourth Amendment was meant to guard against.

The post Treasury’s proposed ‘broker’ rules expand surveillance well beyond a ‘third party doctrine’ that’s already stretched thin appeared first on Coin Center.

https://www.coincenter.org/new-tornado-cash-indictments-seem-to-run-counter-to-fincen-guidance/

Roman Storm and Roman Semenov have been indicted for, among other charges, conspiracy to operate an unlicensed money transmitting business. We don’t have all the facts but at first blush we don’t see how the limited factual allegations offered by the indictment show any clear violations of the relevant law. We’ll likely have more to say about the other charges and this new case in general, but we thought it would be useful to look at the difference between what is money transmission and what is mere software development or communications services. That is a key question at stake in this case and it is also central to our rights as Americans to build and publish software.

The only thing the indictment claims regarding the defendants’ unlicensed money transmission is that they “engaged in the business of transferring funds on behalf of the public” and did so without registering with FinCEN. But does the indictment state any facts that actually show that the defendants engaged in any activities that qualify as money transmission under the relevant law?

The implementing regulations of the Bank Secrecy Act define “money transmission services” as “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.”

The 2019 FinCEN Virtual Currency Guidance offered detailed interpretations of those regulations, and, with respect to anonymizing software providers, said,

An anonymizing software provider is not a money transmitter. FinCEN regulations exempt from the definition of money transmitter those persons providing only’the delivery, communication, or network access services used by a money transmitter to support money transmission services.’ This is because suppliers of tools (communications, hardware, or software) that may be utilized in money transmission, like anonymizing software, are engaged in trade and not money transmission.

The indictment provides various factual allegations describing the activities the defendants performed, but all of those facts point to the defendants fitting squarely within FinCEN’s guidance on anonymizing software providers rather than them being money transmitters. Let’s look at each alleged activity.

The allegations include that the defendants: (a) paid for web hosting services for a user interface that allowed users to send transaction messages to the underlying smart contracts, (b) paid for a software repository (Github) where smart contract and user interface software and documentation was hosted, and (c) had (for a time before May 2020) “complete control” over the Tornado Cash smart contracts.

As for procuring web hosting and software repository services, these activities on their own definitely do not fit the regulatory definition of money transmission, which again is “acceptance of funds and transmission from one person to another.” These activities are merely the communication and publication of software and data. Such activities are clearly excluded from money transmission under the 2019 guidance.

While it is true that by performing these “delivery, communication, or network access services,” the defendants made it easier for individual users to access and use the Tornado Cash smart contracts in order to transmit money, that doesn’t somehow mean that they became transmitters merely because they provided tools that others used to transmit their own money. As FinCEN’s 2019 guidance says,

[A] person that utilizes the software to anonymize the person’s own transactions will be either a user or a money transmitter, depending on the purpose of each transaction. For example, a user would employ the software when paying for goods or services on its own behalf, while a money transmitter would use it to engage as a business in the acceptance and transmission of value as a transmittor’s or intermediary’s financial institution.

FinCEN’s guidance clearly allows for the possibility that someone might publish anonymizing software and that someone else might use that software to move their own funds. FinCEN’s guidance says that in such an example neither the software provider nor the user is a money transmitter who needs to register. To my knowledge this is exactly how Tornado Cash tools were provided and used.

As for “controlling” the smart contracts before May 2020, the analysis may be more complicated. The indictment merely says the defendants had “complete control” over the contracts. Ethereum smart contracts are variable and sometimes people have no control over their operation, some control, or total control. This is the key fact needed to determine whether one is performing money transmission.

If a person, for example, had the ability to move any and all funds locked by that contract then it may be true that said person accepted those funds and was transmitting them on behalf of whoever put those funds into that contract, i.e. said person was a money transmitter. However, if a person merely had the ability to update certain logic relevant to the contract but insufficient to gain control over the funds and transmit the funds at their discretion then said person would not have what FinCEN in the guidance calls “independent control” over the funds being transmitted and would not therefore be a money transmitter. The indictment does not clearly state the manner of the defendant’s control and therefore does not sufficiently allege unlicensed money transmission.

We’re still researching but to our knowledge the only control that the defendants ever had over the smart contracts was the ability to change aspects of cryptography related to Tornado Cash’s privacy features and never had any ability to actually access, move, or direct the user funds in the contract. If that technical analysis is accurate then it does not seem likely the defendants ever had the sort of “independent control” over the transmitted value that FinCEN describes in its guidance, and, accordingly it seems that this alleged activity would also not constitute unlicensed money transmission.

The government also alleges that the Defendants “advertised” the Tornado Cash tool, “profited” from a governance token that afforded some control over smart contracts, and “designed” several aspects of the tool. As with the other allegations, however, none of these activities are the “acceptance and transmission” of money. And if one is advertising or profiting from the creation of mere software, that fact alone doesn’t change the provision of software into the provision of regulated financial services.

We’ll be closely monitoring developments in this case and will have more to say as further facts emerge.

The post New Tornado Cash indictments seem to run counter to FinCEN guidance appeared first on Coin Center.

https://www.coincenter.org/coin-center-suggestions-to-address-uncertain-tax-treatment-of-digital-assets/

A direct download of this letter is available here.

Dear Chairman Wyden and Ranking Member Crapo,

Based in Washington, D.C., Coin Center is the leading non-profit research and advocacy center focused on the public policy issues facing cryptocurrency and decentralized computing technologies like Bitcoin and Ethereum. Rather than promote policies that would benefit any particular business building on top of cryptocurrency networks, we seek policies that maximize the freedom to innovate using free and open blockchain networks. The American economic success story of the internet did not come to pass because the federal and state governments subsidized or granted favors to major internet corporations; it happened because a deliberate effort was made to ensure that the underlying internet technology itself, another free and open network technology like cryptocurrencies, was regulated with a light touch. That effort culminated in the Clinton Administration’s Framework for Global Electronic Commerce.

We’re often asked what our ideal regulatory environment would be for Bitcoin and cryptocurrencies like it. We developed a list of six principles governments around the world should heed when considering blockchain regulation,¹ and one of those principles deals specifically with taxation.

First, governments should state clearly and in detail how cryptocurrency transactions will be taxed as this may not be intuitive given the novelty of cryptocurrencies as assets. If a country wishes to tax cryptocurrencies as property and collect capital gains taxes when cryptocurrencies are sold at a profit, then it should provide guidance on how to account for basis. There should also be a threshold in the amount gained below which no tax is due. Without such a de minimis exemption from capital gains taxation, a cryptocurrency user could trigger a taxable event every time she pays for a good or service rendering cryptocurrencies too complicated for daily use in payments–especially in novel micropayment applications where transactions can be just pennies.

Second, cryptocurrency block rewards from mining or staking on cryptocurrency networks should not be taxed as income when they are created. These rewards are best analogized to fruit that has ripened on the taxpayer’s land, crops grown in her fields, or a calf born to her cow. Applying a tax liability at the moment the new value is created generates extreme accounting difficulties and overtaxes the citizen. Instead, should a country wish to collect taxes related to mining or staking activities, it should tax them when they are sold by the miner or staker–just as are the sale of crops and cattle.

The following sections articulate Coin Center’s priorities related to the taxation of cryptocurrencies and provide some answers to your proposed questions.

Create a De Minimis Exemption for Personal Cryptocurrency Transactions

In its March 2014 guidance, the IRS announced that cryptocurrencies like Bitcoin are treated as property, which means gains from sale or exchange are taxed as capital gains rather than ordinary income.² This is sensible, but unlike traditional government-issued currencies, property does not enjoy a de minimis exemption. This is in contrast to how foreign currencies are treated, which do enjoy an exemption. Say you buy 100 euros for 100 dollars because you are spending the week in France. Before you get to France, the exchange rate of the Euro rises so that the €100 you bought are now worth $105. When you buy a baguette with your euros, you experience a gain, but the tax code has a de minimis exemption for personal foreign currency transactions, so you don’t have to report this gain on your taxes. As long as your gains per transaction are $200 or less, you’re good to go.

Such an exemption does not exist for non-currency property transactions. This means that every time you buy a cup of coffee or anything else with bitcoin, it counts as a taxable event. If you have experienced a gain because the price of Bitcoin has appreciated between the time you acquired the bitcoin and the time you used it, you have to report it to the IRS at the end of the year, no matter how small the gain. Obviously this creates a lot of friction and discourages the use of Bitcoin or any cryptocurrency as an everyday payment method.

A better option might be to simply create a de minimis exemption for cryptocurrency the way it exists for foreign currency. The purpose would be to remove the friction and encourage the development of this innovative technology and its use in payments—something any member of Congress should be able to get behind.

The Virtual Currency Tax Fairness Act has been introduced in the House in the last four congresses as well as in the Senate last Congress, and we urge the Finance Committee to consider its provisions.³ The bill would create a sensible de minimis exemption from capital gains tax for low-value cryptocurrency transactions in day-to-day use when cryptocurrencies are used, just like the dollar, as actual currencies.

Repeal the 26 USC § 6050I Second-party Reporting Requirements for Digital Assets

Tax rules that require second-party reporting (e.g. 26 USC § 6050I, wherein recipients of cash payments must report non-public information about the persons paying them) should not be extended to persons being paid in digital assets. Recipients of large digital asset payments should be obligated to self-report these assets as income on their annual returns, but they should not be obligated to obtain and regularly report otherwise non-public information from or about the persons who are paying them on penalty of a felony. That information may be incomplete or non-existent, as in the case of a payment from a smart contract or a payment to a miner as part of a block reward.⁴ That information, when available, is also highly private, because the ability to match a real identity with a blockchain address also allows one to obtain a complete transaction history for that real identity, revealing many intimate details about that person beyond the transaction being reported.

The 6050I provision, however, isn’t even aimed at collecting information from “third parties” like banks or exchanges; it demands that the persons directly participating in a transaction occurring without banks or other intermediaries report about themselves and the people they are paying or who are paying them. If there’s no third party to a transaction then there’s no third-party doctrine to obviate the need for warrants.⁵ If the government wants Americans to report directly about ourselves and the people with whom we transact, it should prove before a judge that it has reasonable suspicion warranting a search of our private papers.

Coin Center is currently litigating this issue.⁶ Our suit leads with two major claims: (1) forcing ordinary people to collect highly intrusive information about other ordinary people, and report it to the government without a warrant, is unconstitutional under the Fourth Amendment; and (2) demanding that politically active organizations create and report lists of their donors’ names and identifying information to the government is unconstitutional under the First Amendment. The first claim is about privacy and our Fourth Amendment right to be secure from unreasonable searches and seizures. The Fourth Amendment already has some huge carve-outs that leave people with precious little space for privacy. For example, under the “third-party doctrine,” once you hand private information over to a bank or social media company, you lose your right to prevent warrantless searches of that information.

The second claim is about our freedom of association. In the 1950s Alabama demanded that civil liberties organizations like the NAACP report lists of their members. In a critical victory for civil rights, the Supreme Court found that the government cannot force these organizations to keep and report such lists. The Court reasoned that people would be afraid to join these organizations, to contribute to them, and to speak out on the important issues for which they advocate, if their names were immediately reported to a potentially corrupt policing authority. These privacy harms have come to be known as a “chilling effect” on First Amendment rights, and laws that chill speech in this way are generally unconstitutional. The 6050I provision may require civil liberties groups, Coin Center included, to list and report this supporter information and would enable the government to monitor an even wider range of expressive activity. It would substantially chill political association and therefore is unconstitutional.

Coin Center previously published an extensive report on the constitutionality of the Bank Secrecy Act (BSA).⁷ The BSA and its mandated reporting from banks and other financial institutions is a warrantless surveillance regime that hoovers up the banking details of every American, irrespective of any suspicion of crime, and hands that deeply personal information to law enforcement and intelligence agencies without any check or balance from the judiciary. The only reason that kind of privacy invasion is tolerable under the Constitution is the fact that banks are a third-party to the transactions of their customers. Bank users willingly hand transaction information over to a bank as a condition of using banking services and banks retain that information for legitimate business purposes. This is the essence of the so-called “third-party” doctrine which obviates the otherwise applicable Fourth Amendment warrant requirement.

Why is that review of BSA constitutionality relevant to our discussion of § 6050I? Because §6050I reports are also deputized surveillance but there is no third party. One person to a two-person transaction is obligated to collect a load of sensitive information from her counterparty and hand that to government officials without any warrant or reasonable suspicion of wrongdoing (In the case of two persons exchanging two different cryptocurrencies, they each would have to report on the other). The law literally asks one American citizen to inform on another if the transactions in which the two are engaged are “business” and if they take place using cash (and cryptocurrencies too, under the recently passed Infrastructure Investment and Jobs Act). Section 6050I has seldom been challenged despite this seemingly obvious constitutional infirmity. A case in 1991 made it to the Second Circuit Court of Appeals (U.S. v. Goldberger Dubin, P.C.), but the judge in that case egregiously failed to explain how the third-party doctrine operates in this context. He simply cited the Bank Secrecy Act cases Miller and Shultz and said the Fourth Amendment concerns lacked merit.⁸ An obvious question remains: why does the third-party doctrine described in the BSA cases apply when there literally are only two parties involved? Why is it constitutional for the police to force one American to collect information from their fellow citizen when they could not collect that information themselves directly without a warrant?

Typically we do not object to equal treatment of cash and cryptocurrencies, but the § 6050I reporting provision is a draconian surveillance rule that should have been ruled unconstitutional long ago. Extending it to cryptocurrency transactions (as will happen at this year when new law becomes effective) would further erode the privacy of law-abiding Americans. Additionally, § 6050I would also be anachronistic and therefore difficult or impossible to obey in the context of cryptocurrency transactions.

Revise the 26 USC § 6045 Definition of “Broker”

Tax rules that require third-party reporting for brokers and other financial intermediaries (e.g. Form 1099-K reports in the U.S.) are properly extended to digital asset intermediaries who have actual control over customer digital assets (e.g. cryptocurrency exchanges). However, the Infrastructure Investment and Jobs Act expanded the definition of “broker” in the tax code in such a manner that it could be interpreted to encompass miners, lightning nodes, and other similarly situated persons. The bill also gives the Treasury Department the authority to require from all brokers who deal in digital assets reporting of personal information of counterparties not just on exchanges or trades, but on mere transfers. That would cover transfers to self-hosted wallets.

The rules for brokers and other financial intermediaries should not be extended to require third-party reporting from persons who are merely providing software or communications infrastructure for the users of digital assets (i.e. miners, stakers, and wallet software developers). Such non-custodial third parties are not in privity with the users of their software or the persons whose transactions they relay and place in blocks. They have no right or ability to obtain detailed information about those taxpayers and must not be obligated to surveil others to obtain said information. Indeed, in the U.S. at least, deputizing these parties to surveil and report such non-public information to tax authorities is a warrantless search and seizure of private information and likely unconstitutional under the Fourth Amendment.

Chairman Wyden was previously a cosponsor of an amendment to affirm that such non-custodial third parties would be responsible for these reporting requirements, and we continue to support that proposal as well as a bipartisan proposal by House Financial Services Chairman Patrick McHenry, the Keep Innovation in America Act, which would provide clarity to the broker definition, as well as eliminate the § 6050I second-party reporting requirements for cryptocurrencies.⁹¹⁰

Create Sensible Limitations to John Doe Summonses

A “John Doe Summons” requires a business to turn over information about any of its customers that match a specific criteria. Often used on off-shore banks, a John Doe summons is a powerful tool that the IRS uses to identify tax evaders when there is “a reasonable basis for believing that such person or group or class of persons may fail or may have failed to comply with any provision of the tax laws.”

It is understood and accepted that, if someone is investigated for tax evasion, a bank or brokerage may be required to turn over private financial records to the government. However, Americans would be shocked if the IRS asked a financial institution in good regulatory standing to turn over the names, addresses and shopping histories of millions of customers just because the IRS thought there might be some tax cheats among them. But that’s exactly what the IRS did in a 2016 court filing against the cryptocurrency exchange Coinbase. The IRS has previously asked a court to turn over information about all of a Coinbase’s customers over the course of multiple years, if those customers simply “conducted transactions in a convertible virtual currency[.]”¹¹ That is such a broad class that it could encompass millions of account holders. In its filing, the IRS cited a couple of instances in which virtual currency was used to evade taxes, as well as public perceptions about it, among other things, as its reasonable basis.

There is no obvious reason why the IRS could not freely substitute “convertible virtual currency” with any valuable item (e.g. cash, rare books, artwork, or baseball cards) in order to mount investigations seeking the “identity and correct federal income tax liability” for all U.S. persons trading or dealing in those items. If such a simple and sweeping statement of purpose is sufficient to qualify as a legitimate purpose, there would be no meaningful judicial check in place to stop the IRS from using the John Doe summons process to collect the personal records of every person who had bought or sold stocks on the New York Stock Exchange, art within a given time period from Sotheby’s, or rare books from City Lights Booksellers, or made cash deposits or withdrawals at Bank of America.

The Fourth Amendment to our Constitution protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures[.]” It aims to accomplish that, in part, by prohibiting general warrants that give government agents broad authority to search unspecified places or persons. While the courts have weakened Fourth Amendment protections when a third party like a bank or business keeps your information, the tide has begun to turn back. Courts have begun to recognize that there must be some limits as more and more of our private data is stored not in our homes, but in “the cloud.”¹² If the IRS can get a summons to search all users of bitcoin, it may only be a matter of time before it can get one targeting all video gamers or all eBay shoppers and sellers.

If we set a precedent that merely dealing in bitcoin could result in a firm’s customers easily losing their financial privacy, it would have severe consequences for bitcoin and the related blockchain ecosystem—cutting-edge technologies that promise to revolutionize business. By creating an environment in which developers and entrepreneurs think twice before using such technologies for fear of being labeled a potential tax evader, we risk driving that innovation into the arms of foreign competitors.

The authority to issue John Doe summonses should be examined by Congress, considering potential limitations to make sure Constitutional protections are upheld while still allowing the IRS to investigate tax evasion.

Ensure the IRS Provides (and Legislate) Sensible Guidance for Block Rewards, Airdrops, and Hard Forks of Cryptocurrencies

Novel technological aspects of digital assets that raise tax questions, such as block rewards, hard forks, and airdrops, will require new guidance to ensure clarity in tax policy.¹³¹⁴ Tax issues also may raise questions related to surveillance and privacy, and care should be taken to limit the extension of traditional tax reporting requirements to digital asset transactions when those requirements are nonsensical or violate the privacy rights of digital asset users.

Digital assets received in airdrops and as a result of hard forks should not be taxed as income at the moment of the fork or airdrop, but rather should be taxed when they are sold or otherwise disposed of by the taxpayer. Taxpayers may not be aware of a network fork or airdrop that results in them having the ability to transfer new assets using already-held private keys. Therefore a “constructive receipt” standard for taxation, wherein the taxpayer is liable the moment they have control irrespective of their knowledge of that control, is not appropriate in the context of digital assets. These gains are more like a stranger burying valuable property on someone’s land without telling them than they are like a stranger putting cash in someone’s mailbox. Forked or airdropped assets should, therefore, be taxed at the moment the recipient exercises actual dominion and control over the assets by selling or transferring them. Tax authorities should provide clear guidance on how to account for basis in these sales. Gains from sales of airdropped assets may be calculated with a zero basis assumption (truly a windfall) while gains from sales of forked assets may be calculated as a stock split (the basis for the new asset is some fraction of the value of the original asset) or with a zero basis.

Bitcoin and similar cryptocurrencies are, fundamentally, a network of peers running software that executes a protocol to maintain and update a distributed ledger of transactions. If some subset of the network participants (Group A) begins to run software that is not compatible with the software being run by the rest of the network (Group B)—i.e., if the protocol Group A now uses would consider some transactions valid that Group B would consider to be invalid—then the cryptocurrency network will “fork” into two separate networks with two different distributed ledgers. After a fork, there would be two cryptocurrency networks, and two underlying cryptocurrencies. Anyone who owned units of the original network’s cryptocurrency would now own an equivalent number of tokens on each of the resulting networks.¹⁵

A distinct but similar concept to a network fork is an “airdrop.” Suppose you are a developer with a great idea for a cryptocurrency network. The protocol you envision for your new cryptocurrency uses public-private key pairs, like Bitcoin, but is otherwise very different. You want to get your cryptocurrency into the hands of users to drive network effects. One way you could do this is to fork the Bitcoin blockchain—that way, everyone who had bitcoin at the moment of the fork would, after the fork, also have tokens on your new network. You could also try to sell the tokens, or you could give them away for free. One way to give away tokens for free is via an airdrop. In an airdrop, the developers of a (usually new) cryptocurrency network download a copy of the Bitcoin (or other cryptocurrency network) blockchain, add up how many bitcoin are currently held at each public address on the Bitcoin network, and then, for each such public address, allocate a commensurate amount of tokens to that address on the blockchain of the network they are developing. This allows the developers to widely distribute the tokens to people who they know are cryptocurrency users without forking any extant network. Some airdrops are opt-in, where there is a period of time during which persons wanting to receive airdropped tokens must affirm that fact, and then the airdrop is performed by distributing new tokens in proportion to the relative Bitcoin balances of those who have opted in. Other airdrops are done without any input, and often without any awareness, of the token recipients.

If the recipient does not exercise dominion over and dispose of the tokens, there should be no tax effect. If the recipient does take control of and disposes of the tokens, income should generally be recognized at the time of disposition. The type of gain realized should depend on the classification of the asset in the hands of the taxpayer, but would generally be a short-term capital gain. For tokens received as the result of a network fork, the taxpayer should be allowed to distribute their adjusted basis in the pre-fork token between the two resulting post-fork tokens. For purposes of calculating the holding period of the post-fork tokens to determine if a gain is short- or long-term, the taxpayer should include the time they held the pre-fork token. If a taxpayer holds their cryptocurrency with a custodial exchange, any actions that the exchange takes regarding airdropped or forked tokens should not affect the taxpayer unless such actions were undertaken at the direction of the taxpayer.

Congress should also create safe harbors for taxpayers attempting to report gains or losses in cryptocurrency until such time that the IRS provides appropriate guidance for these taxable events. For example, the Safe Harbor for Taxpayers with Forked Assets Act in the House would create a safe harbor from penalties for taxpayers who benefit from a cryptocurrency hard fork and make any good faith effort to comply with the presently uncertain tax policy surrounding these events.¹⁶ The bill is a reasonable way to insulate taxpayers from potential liabilities that are no fault of their own, stemming primarily from the present lack of clear guidance on forks from the IRS. Members of Congress have also issued a bipartisan letter to urge updating of this guidance.¹⁷

Cryptocurrency Donations Should not Require a Qualified Appraisal

Like other property, taxpayers that donate virtual currency to a charity are generally permitted to deduct the fair market value of the virtual currency or other property at the time of donation from their income that year.¹⁸ However, this deduction is generally capped at $500 unless the taxpayer satisfies certain documentation and substantiation requirements.¹⁹ Donations for which the taxpayer claims a deduction of more than $5,000 also require the documentation and submission of a qualified appraisal prepared by a qualified appraiser in accordance with generally accepted appraisal standards and other regulatory requirements.²⁰ The tax code provides an exception to this appraisal requirement for certain “readily valued property” such as cash, stocks, or other property held as inventory or primarily for sale to customers in the ordinary course of a trade or business, and securities for which market quotations are readily available on an established securities market.²¹

As the IRS’ own Notice 2014-21 recognizes, virtual currencies like Bitcoin are widely traded on a variety of exchanges from which pricing data is readily available.²² In this way, virtual currency is similar to the categories of “readily valued property” listed above. From a policy perspective, we should want a virtual currency donor to substantiate the fair market value of their donation using readily and widely available exchange data, which can be acquired at essentially no cost, rather than through a costly appraisal process.

However, most taxpayers are not engaged in a trade or business that entails, in its ordinary course, the sale of virtual currency to customers. A prudent taxpayer would probably not decide to risk their deduction of more than $5,000 being rejected by the IRS by attempting to use the appraisal exception afforded to “securities for which market quotations are readily available on an established securities market.”²³

We submit that the IRS should provide taxpayers with guidance explicitly allowing them to use readily available exchange data to value virtual currency donations in the same way taxpayers are expected to use such data to calculate the fair market value of their virtual currency every other time they transact with it.

Thank you for your ongoing commitment to thoughtful consideration of legislation and taxation policies related to cryptocurrency.

Notes

https://www.coincenter.org/when-does-a-sanction-become-a-seizure-lessons-from-the-kindhearts-case/

While researching case law for our Tornado Cash challenge I came across a very interesting holding, KindHearts v. Geithner, that deals with the intersection of the Office of Foreign Assets Control’s (OFAC) sanctions authority and the Fourth Amendment. There are several reasons why this case is not directly relevant to our current court challenge: it’s only a district court ruling (Northern District of Ohio), it’s in a different federal circuit (the Sixth and our lawsuit is in the Eleventh), and it concerns Fourth Amendment issues while our lawsuit focuses on statutory arguments. Nonetheless, there are some general ramifications from the KindHearts case that go beyond our Tornado Cash challenge that merit discussion, particularly that Americans may have firmer ground to challenge an OFAC blocked property order and possibly (as I’ll get to at the end) to challenge some other areas of overbearing financial regulation as well. And that includes persons with funds trapped in Tornado Cash smart contracts.

In brief, KindHearts was a U.S. based charity that was sending aid to Palestine. Allegedly, according to OFAC, that aid was being directed to terrorist cells. OFAC seized the KindHearts bank accounts and other assets while investigating that terrorism connection (note before any actual finding of criminality) and even prevented KindHearts from using frozen funds to pay attorney’s fees to defend themselves against these allegations. OFAC also didn’t provide any advance notice of the freeze to KindHearts nor made any specific allegations of wrongdoing. All of that makes it obviously very difficult for an innocent party (if they are innocent, and I certainly don’t know, but in our system that is the presumption) to defend themselves. For these reasons, and to unfreeze their assets, KindHearts sued OFAC.

So far, none of this is extraordinary. There are several such lawsuits. But the KindHearts case is interesting for a few reasons: (1) it’s a U.S. entity being sanctioned, (2) KindHearts argued that the block was a Fourth Amendment search and seizure violation rather than a Fifth Amendment taking without compensation, and (3) the judge largely sided with KindHearts, and in so doing stood up to the executive branch on a matter of national security and foreign policy (an area where the executive usually gets a lot of deference from the courts).

U.S. entities being sanctioned. There’s a somewhat obvious and depressing reason why there are very few cases testing the constitutionality of our sanctions regime: most would-be challengers are non-U.S. persons who do not get the protections of our Constitution. It’s a sad reality that much of the legality of our sanctions regime is predicated on the notion that it’s ok for the U.S. government to do things to foreign people that they would not be allowed to do to U.S. persons. Here, KindHearts was a legally incorporated U.S. charity, and, as such, should have the benefit of the protections of the U.S. Constitution.

Fourth Amendment and Sanctions. Most constitutional challenges to sanctions allege that the blocking of property is a taking without fair compensation under the Fifth Amendment (e.g. when the government uses eminent domain to take your land for a highway). The government counters these Fifth Amendment arguments by showing that there is no actual taking in the case of OFAC-blocked property because (a) the block is temporary, (b) there’s a process to obtain a license to reclaim the blocked property, and (c) takings jurisprudence generally allows such temporary or partial deprivations of property rights without the need to offer compensation. KindHearts, however, alleges that the block was a Fourth Amendment seizure (e.g. when the police take your property during a criminal investigation) rather than a Fifth Amendment taking. This Fourth Amendment claim is a big deal because if blocking property qualifies as a Fourth Amendment seizure, then such seizures would generally be unreasonable (and unconstitutional) unless the government first proves to a neutral magistrate that they have probable cause that justifies the issuance of a warrant that particularly describes the things to be seized. That’s a high bar.

Typically, OFAC does not get warrants before issuing sanctions, nor do they typically share their evidence of probable cause with a judge, nor do they typically describe the property to be blocked with the level of particularity judges expect in a warrant. People and entities become subject to sanctions during or after a classified investigation, and from that point on any and all property that benefits them is blocked by financial institutions. If OFAC had to get warrants for its blocks, the sanctions regime would need to be run very differently than it is today.

One of the most surprising things about the KindHearts case is that apparently this is the first time in the half-century history of sanctions that someone has made the argument that a block is a Fourth Amendment seizure. The government argued that this lack of a previous challenge was evidence that the Fourth Amendment doesn’t even apply in the context of sanctions, as Judge Carr wrote in his order:

The government argues that the Supreme Court historically has never applied the Fourth Amendment to imposition of economic sanctions under the [Trading with the Enemy Act] TWEA or the [International Emergency Economic Powers Act] IEEPA. Therefore, the government contends, I should not do so in this case. … For support, the government cites several cases in which the Supreme Court, in the government’s view, has consistently not subjected blocking actions to Fourth Amendment. … The government accurately depicts these cases and describes their results. What is missing, though, is acknowledgment that in those cases none of the government’s adversaries asserted a Fourth Amendment interest.

Maybe I’m biased because I like to make Fourth Amendment arguments all the time, but I can’t help but be a bit stunned that in the reasonably long history of OFAC blocks no lawyer until this case has ever stood up and said, “your Honor, blocking property is the same as seizing it and therefore requires a warrant and probable cause!” This could be because of my earlier point: most sanctions are applied to non-U.S. persons who don’t get the benefit of making these arguments in court. Ever since 9/11 and the PATRIOT Act, OFAC has been bolder in applying sanctions, including against U.S.-based organizations, so these constitutional issues are only now starting to be sorted out. For that at least maybe we can be grateful.

Standing up to the executive branch. Judge Carr ultimately finds that blocking property under a sanction is, indeed, a Fourth Amendment seizure of property. That means the reasonableness requirements of the Fourth Amendment are in play. The government goes on to argue that the seizure can nonetheless be warrantless and still reasonable given the long history of judge-made exceptions to the warrant requirement in other contexts. Judge Carr rightfully disagrees:

The intrusion in this case is far different in time and scope than those [warrantless searches] upheld as “reasonable” in the cases the government cites. For example, in upholding a police officer’s authority to order a driver out of his car at a traffic stop, the Supreme Court noted that the intrusion on the driver’s liberty “can only be described as de minimis” and as “at most a mere inconvenience.”

Similarly, in U.S. v. Conley the Sixth Circuit held that collection of DNA from a parolee did not violate the Fourth Amendment. The court in Conley relied on a parolee’s “sharply reduced expectation of privacy” and the “minimal intrusion required in taking a blood sample.”

The duration of the intrusion on private interests here is far more extensive than the ”mere inconvenience,” or the “minimal intrusion” in Conley. OFAC froze all of KindHearts’ assets in February, 2006, and they have remained frozen ever since. A block affects “all property” in the control of a target entity, presently, and in the future. A block can thus last indefinitely.

Unlike the probationer in Knights and the parolee in Conley, KindHearts’ expectation of privacy was not diminished. The intrusion here — seizing all of KindHearts assets for an indefinite period of time — is a far more substantial intrusion on private interests than those upheld as “reasonable” in those cases.

Judge Carr ultimately finds that the seizure was unreasonable without a warrant. That’s a big deal as we’ll discuss later on in this post. But let’s look first at how this case actually ended.

Judge Carr eventually does throw OFAC a bone in his order. KindHearts wanted an immediate end to the block, but, given the plenary constitutional authority of the executive branch to conduct foreign affairs, Judge Carr ends up holding that this otherwise unconstitutional warrantless seizure can be cured by an after-the-fact showing of probable cause by the government. Carr even allows the government to provide this showing in secret to the court and to KindHearts’ lawyer so that the allegations can be rebutted and judged without otherwise publicly revealing sensitive or classified information.

This is where the story of the case ends. It appears that OFAC was not interested in providing evidence in that probable cause hearing. OFAC chose, instead, to settle with KindHearts on terms favorable to the charity, thus ending the litigation. In 2012 OFAC removed KindHearts from the SDN list and paid its attorneys fees. Neither side admitted to any wrongdoing.

That’s too bad in a way. If, as Judge Carr held, OFAC blocking orders require a showing of probable cause and a warrant, sanctions law will need to change drastically and the very real civil liberties of Americans with blocked property could be vindicated. By settling the case OFAC precluded the possibility of an appeal, and, eventually, a possible ruling on this matter by the Supreme Court. Given the increasingly aggressive manner by which the Treasury Department and OFAC have been wielding their sanctions power, including wielding it against Americans who have no connection with any foreign or sanctioned person as in our Tornado Cash lawsuit, it seems likely that someone other than KindHearts will end up making these arguments before the Supreme Court. We’ll just have to wait.

Collateral Consequences of this Fourth Amendment Analysis of Sanctions Law

First and most importantly, any U.S. person who has funds frozen in Tornado Cash smart contracts because of OFAC’s sanctions should look at the KindHearts order. You may have Fourth Amendment standing to challenge the sanction as a warrantless seizure of your property.

Second and more academically, we’ve lately been watching various efforts by the Administration and by Congress to expand the use of the “Special Measures” provisions of the Bank Secrecy Act (BSA) against allegedly illicit transactions. These special measures are, generally speaking, a parallel sanctions regime run by FinCEN rather than by OFAC (each an independent division of Treasury) and under authority from the BSA rather than IEEPA. Special measures, like sanctions, can be used to freeze or block transactions at banks if they are related to certain persons or activities that are deemed a “primary money laundering concern.” Unlike sanctions, these designations typically require a public rulemaking to implement; that’s not quite typical due process or a warrant requirement, but it is at least some sort of public procedural safeguard against the abuse of these powerful tools to screen and block financial dealings. Recently, in the limited context of special measures related to Russian money laundering in the wake of the Ukrainian invasion, Congress saw fit to remove that notice and comment safeguard, effectively giving the Treasury an unchecked power to order financial institutions to block these transactions. Another bill in Congress would remove those safeguards for prohibitions of transactions involving fentanyl or “illicit opioid trafficking.”

I bring up the special measures provisions because they are yet another example of the creeping expansion of unchecked executive branch control over financial transactions, including potentially control over Americans’ transactions irrespective of any showing of probable cause or reasonable suspicion that they’ve been involved in a crime. If Judge Carr’s order is based on sound law (and I think it is), then the same approach could be used to challenge the unconstitutional usage of special measures. Like OFAC sanctions, special measures can and often are imposed without any showing of probable cause, without a warrant, and in secret accompanied by a gag-order for the financial institution made to implement a particular special measure prohibition. Just as in the KindHearts case, this unchecked investigative authority is simply irreconcilable with our Fourth Amendment rights.

The post When does a sanction become a seizure? Lessons from the KindHearts case. appeared first on Coin Center.

https://www.coincenter.org/the-cansee-act-is-a-messy-arbitrary/

Yesterday Senators Reed, Rounds, Warner, and Romney introduced the Crypto-Asset National Security Enhancement (CANSEE) Act in the Senate. This bill comes as a surprise as it was apparently developed without any input from stakeholders. While we appreciate the Senators’ desire to combat the abuse of crypto protocols by criminal and enemy actors, the bill unfortunately also would make the development of such protocols in the U.S. and by U.S. persons unfeasible. Worse, the bill would be unconstitutional legislation as it would clearly violate the First Amendment.

So what would the bill do? It would extend the penalties imposed on persons who violate sanctions to (1) anyone who “makes available an application designed to facilitate transactions using a digital asset protocol” and (2) persons who “control a digital asset protocol, as determined by the Secretary of the Treasury.” The bill would also extend all of the Bank Secrecy Act obligations that now apply to financial institutions like cryptocurrency exchanges to those same persons.

In the first instance, ‘making available an application’ is equivalent to publishing speech. If I publish a book with the code for a decentralized exchange protocol in it, I would be swept up by this legislation. Presumably the authors of this bill do not intend to cover persons publishing books, and hopefully neither persons merely publishing code to a blockchain. However, as the bill is presently drafted these and many other such persons would be covered, leaving them open to prosecution for merely publishing software and failing to register with FinCEN, for example.

In addition, who qualifies as someone who “controls” a crypto protocol, and thus also subject to the law, is completely up to the Secretary of the Treasury. The bill gives virtually unbounded discretion to the Secretary to decide what it would take to designate one as having “control” of a protocol. For example, the Secretary can say that one has “control” if one has the power to “indirectly” change the computer code of the protocol–that could cover open-source software contributors. Again, this is likely not what the authors of the bill have in mind, but it’s what the plain meaning of the bill they wrote would allow the Secretary to do. Indeed, the Senators’ deference to the executive branch is breathtaking, allowing the Secretary to define the scope of their power without any public process whatsoever.

The bill tries to avoid becoming a wholesale ban on the publication of protocols by giving the Secretary authority to grant exemptions to “controlled decentralized finance protocols” that comply with existing intermediary regulations. Again, we must first point out that these “exemptions” would be at the complete discretion of the Secretary, who would be free to never grant any at all. More importantly, this misses the entire rationale of DeFi protocols, which is to allow for peer-to-peer, non-intermediated transactions.

We can understand wanting to prosecute persons who facilitate money laundering and sanctions evasion by providing services that are decentralized in name only. Indeed, to the extent that a protocol is actually controlled by a person, it is not decentralized and would therefore already be subject to regulations that apply to financial institutions. However, to blanket ban the publication of open-source code for decentralized crypto protocols and then allow the Secretary–at their sole discretion–to give permits to centralized protocols that may as well be traditional financial institutions is to cede the field of innovation to the rest of the world. It would also be an overbroad, content-based, prior restraint on the publication of protected speech and roundly unconstitutional.

There is much more that is problematic about this bill and in the coming days we will share our further analysis. While we wish that we, other stakeholders, and the broader public would have had an opportunity to engage in a discussion about the legislation with its sponsors before it was introduced, we hope we will be able to engage in constructive discussion now. Know that we will do everything we can to make sure that the rights of software developers and users to write, publish, and run code are protected.

The post The CANSEE Act is a messy, arbitrary, and unconstitutional approach to DeFi appeared first on Coin Center.

https://www.coincenter.org/further-comments-to-the-securities-exchange-commission-on-amendments-regarding-the-definition-of-exchange-and-alternative-trading-systems/

A direct download of this comment is available here.

To whom it may concern:

Coin Center is an independent nonprofit research and advocacy center focused on the public policy issues facing cryptocurrency technologies such as Bitcoin. Our mission is to build a better understanding of these technologies and to promote a regulatory climate that preserves the freedom to innovate using open blockchain technologies. We do this by producing and publishing policy research from respected academics and experts, educating policymakers and the media about blockchain technology, and by engaging in advocacy for sound public policy.

In addition to our earlier comments, Coin Center submits for the record further arguments for why the proposed rule, as drafted, would not withstand constitutional scrutiny. Although there are many other likely legal defects with the proposed rule, including that it violates the First Amendment, exceeds statutory authority, and is arbitrary and capricious, this comment focuses on whether the proposed rule is insufficiently clear in its potential applicability as to render it unconstitutional under the Due Process Clause of the Fifth Amendment.

The Void-for-Vagueness and Overbreadth Doctrines

Under the void-for-vagueness doctrine, a criminal law or regulation that fails to give persons reasonable notice of what is prohibited violates the Due Process Clause.¹ This principle is applied strictly when First Amendment activity is involved.² Under the related overbreadth doctrine, vague and overbroad laws that affect speech can be challenged facially rather than as-applied.³

The Supreme Court has held that due process requires that a law must provide fair notice of the scope of its application such that a “person[] of ordinary intelligence [has] a reasonable opportunity to know what is prohibited, so that he may act accordingly.”⁴ The Court has also held that laws must provide “explicit standards” to regulators, law enforcement, judges, and juries so as to avoid “arbitrary and discriminatory application.”⁵ Finally the Court has held that vague statutes chill protected speech by causing speakers to “steer far wider of the unlawful zone . . . than if the boundaries of the forbidden areas were clearly marked.”⁶

As the Trigger for Criminal Liability, the Proposed Definition Must Comply with the Due Process Clause.

The SEC’s proposed redefinition of “Exchange” alters the category of behaviors that subject US persons to a requirement to register as a National Securities Exchange or ATS.⁷ Failure to register carries strict and severe federal criminal punishments.⁸ Accordingly, the Due Process clause of the Fifth Amendment demands that the conduct triggering these criminal punishments be clearly defined. Therefore, the SEC must clearly define what conduct constitutes operating an “exchange.” Throughout these rulemakings, it has failed to do so.

The Proposed Definition Fails to Provide Ordinary Persons with Adequate Notice

The SEC has proposed a standard for when certain conduct constitutes operating an exchange that a person of ordinary intelligence would not be able to understand. By its own admission, the SEC, arguably an organization of persons with extraordinary intelligence in their field, does not understand the scope of its own proposed standard. The SEC has revealed this lack of understanding by initially publishing an NPRM that did not mention any potential application of the standard to numerous activities performed using cryptocurrency technologies⁹ and then again by subsequently reopening the comment period after publishing “supplemental information” that does acknowledge such an application and adjusts the number of covered entities anticipated by doubling it.¹⁰

The SEC took this extraordinary step of publishing “supplemental information” without changing the rule only after numerous commenters to the original NPRM expressed confusion over the rule’s vague and potentially overbroad application to protected speech activities. In its “supplemental information” the SEC offered some new possible alternative terminology but it did not narrow or clarify the text of the proposed rule, and failed once again to offer a convincing interpretation of the reasonable bounds and limits of its proposed standard.¹¹ Indeed, by direct admission in its “supplemental information” release, the SEC admits that it still does not understand the scope of its proposed rule.¹²

An ordinary person who publishes open source software used by others to trade securities would have no ability to gauge whether their mere publication of open source software qualifies as “making available a communications protocol.” They may believe the SEC only intends to register persons who are deliberately and actively contracting with securities traders for specific software development, but the law as drafted has no such knowledge and intent requirement, nor does it have any requirement that the person “making available” the software be in any contractual relationship with the person using that software to make trades.

The SEC stated in the original NPRM that it intends to take a broad interpretation of the term communications protocol.¹³ And it stated that merely publishing a protocol could subject persons to criminal liability even if the publisher has no active role in securities exchanges made by others using that protocol.¹⁴ The SEC may argue that this standard is not vague; it’s just comprehensive. If so the SEC is admitting to the extraordinary overbreadth of the proposed rule. An overbroad rule triggers the same due process concerns as a vague rule because scarce enforcement resources inevitably mean sporadic and inconsistent enforcement leaving the ordinary person with no fair warning of when their conduct will in fact be subject to criminal penalties. Additionally, such arbitrary enforcement opens the door for rampant abuses of prosecutorial discretion, another factor in the Court’s vagueness analysis discussed in the next section.

At times the SEC suggests that the standard will not, in fact, be broad. In its original NPRM, it claims that the rule would not include “systems that only provide general connectivity for persons to communicate without protocols” and offers examples such as “web chat providers.”¹⁵ This clarification provides little comfort. Even a person of ordinary intelligence understands that the world wide web is a protocol for communications. Language itself is a series of rules (a protocol) for communications. We are unaware of any forms of meaningful communication that do not involve some shared knowledge of certain preset rules (i.e. protocols).

In the “supplemental information” the SEC floats the idea of renaming the category of “communications protocols” to “negotiation protocols” so as to avoid these uncertainties.¹⁶ It suggests a definition of the term: “a nondiscretionary method that sets requirements or limitations designed for multiple buyers and sellers of securities using trading interest to interact and negotiate terms of a trade.”¹⁷ While possibly less broad than “communications protocol,” this standard remains vague. A dictionary contains a protocol for appropriate use of the English language (a communications protocol), but a subset of terms in that dictionary can be used by buyers and sellers of securities to interact and negotiate the terms of a trade (a negotiation protocol). One might be able to publish a dictionary that includes only these terms and successfully hew narrowly to a definition of “making available a negotiation protocol” but one would have great difficulty publishing a useful English dictionary that contained every term except the terms that buyers and sellers might use to negotiate a trade. When, if ever, does the total scope of the protocol become sufficiently general that some subset of its terms and rules, even if they constitute a negotiation protocol on their own, do not make the publisher of the set as a whole liable for regulated usage of the subset? By way of example, is Twitter’s general communications protocol a negotiation protocol when users take advantage of the dollar sign to create a “cashtag” marking stock names and ticker symbols accompanied by a price quote or trading interest?

In another section of the revised NPRM, the SEC suggests replacing “makes available” with “establishes.”¹⁸ While this appears to narrow the application of the rule, it does nothing to alleviate the vagueness of the proposed standard. In the context of communications protocols, when is something established? Most rules for speech and negotiation are emergent. They percolate up from common usage and are, if popular, eventually codified in dictionaries, grammatical treatises, or (in the narrower case of legal and commercial terms) restatements of contract law and commercial best practices. If the SEC intended to limit “establishes” to some official designation of stock trading rules by some formal body regulating professional conduct ( e.g. FINRA), then that would be one thing, but the “supplemental information” release makes clear that this is not the intent of the standard. “Establishes” is modified by the parenthetical “whether by providing, directly or indirectly.” Just as with the earlier proposal (“makes available a protocol”) this alternate standard of “providing, directly or indirectly a protocol” is another tortured way of describing the general publication of a set of rules. A tortured way of describing speech. None of these refinements adds any clear limit to the scope of the standard and none are rules that a person of ordinary intelligence would be able to understand sufficiently in order to modify their behavior accordingly.

The Proposed Definition Fails to Constrain Regulatory Discretion

The vagueness and breadth of the proposed standard affords the SEC near unlimited discretion to pick and choose targets for enforcement in order to engage in politically motivated viewpoint discrimination. The proposed standard does not provide explicit standards for enforcement. Anyone who is making available communication protocols is, in theory, fair game for enforcement.

Thousands of persons are involved in the publication of open source software libraries that describe internet, encryption, communications, and other computing protocols. Hundreds of said libraries are used by other persons to facilitate computerized securities trading among countless other uses of computers. These libraries are often maintained by persons with strong political and ideological motivations for publishing code. Those motivations may concern advocacy for the preservation of fundamental rights such as privacy, speech, and association.

The SEC could easily use the proposed vague standard to target certain publishers of open source software who advocate for the use of that software for certain political ends. Arguably, the Commission has already displayed a pattern of behavior of using its flexible regulatory power for viewpoint discrimination against developers of cryptocurrencies and privacy protecting tools. The proposed rule would afford the SEC even more leeway to “pursue their personal predilections”¹⁹ under the guise of lawful investor protection.

The Proposed Definition Concerns First Amendment Freedoms Triggering Strict Application of the Vagueness Doctrine.

As discussed in our previous comment and in several comments from other participants in the initial comment period, the proposed definition directly describes the publication of speech as a necessary and sufficient condition for the registration requirement. Merely “making available” a “communications protocol” can, by the SEC’s own admission, trigger an obligation to register. A communications protocol is commonly understood as a set of rules. “Making available” a set of rules is an awkward linguistic construction that must, at the very least, include publishing and speaking, which are core First Amendment activities. The Supreme Court has explained that

[s]tandards of permissible statutory vagueness are strict in the area of free expression. . . . The objectionable quality of vagueness and overbreadth does not depend upon absence of fair notice to a criminally accused or upon unchanneled delegation of legislative powers, but upon the danger of tolerating, in the area of First Amendment freedoms, the existence of a penal statute susceptible of sweeping and improper application.²⁰

Therefore, even if the NPRM did create fair notice, its potential for abusive application renders it unconstitutional.

We therefore ask that the Commission abandon this rulemaking or at least strike from its proposed standard any language that would subject the mere publishers of software to an uncertain and unconstitutional licensing regime.

Notes

The post Further Comments to the Securities Exchange Commission on Amendments Regarding the Definition of ‘Exchange’ and Alternative Trading Systems appeared first on Coin Center.

https://www.coincenter.org/how-congress-should-and-should-not-approach-defi/

Given that Congress is now considering cryptocurrency market structure legislation, we felt it was important to reiterate the distinction between activities by market actors that may be appropriately regulated, and the mere publishing of software, which is protected as free speech and may not be subject to prior restraint. The difference is especially important given various understandings of what constitutes decentralized finance, or “DeFi,” and potential proposals surrounding its regulation.

As we noted when the U.S. Senate was considering related legislation last year:

A mandatory registration regime should not apply to persons who are merely writing or publishing software, relaying or validating transactions on a permissionless network, or using that network for personal purposes. Mandatory registration of these activities would not only crush the innovative nature of these technologies with unnecessarily burdensome requirements, it would also violate our constitutional rights to speech and privacy.

Decentralized exchange, appropriately understood, allows cryptocurrency holders to exchange with each other directly. It is best understood as an action or verb, not a noun. The verb is the use of published code that requires no further development and is not under the control of any person or entity. The noun, sometimes known as a “DEX,” isn’t really a thing, as we’ve also previously explained:

When I use free software and an open blockchain network to trade one token for another directly with another trader, then I am engaged in decentralized exchange — an action, just as I might engage in running or paying. We have this habit of saying that a DEX is a thing rather than an action because we are stuck in a centralized services frame of mind. Coinbase is a thing, a business, a corporation. But if the trade is actually happening peer-to-peer, then the “DEX” being “used” is just software and an internet connection. In that case, there isn’t a thing called a DEX. There are no DEXs; there is just decentralized exchange, the action, taking place using software tools, open blockchains, and the internet.

Calling those tools “a DEX” and referring to “DEXs” as a category of things that exist in the world (rather than actions) does the entire technology a disservice: it wrongly portrays software tools as persons or businesses with agency and legal obligations. Corporations and persons — legal or natural — definitely have agency and obligations; software tools do not. Corporations and persons can be held responsible for their actions, software tools cannot.

That doesn’t mean that people won’t be obligated to use or not use those tools in certain ways, and that does not mean that people or businesses will not be liable for facilitating illegal activities merely because they built those tools or broadcast tool-related messages over the internet. But it does mean that the tool itself can’t be treated as a target of regulation any more than we could place legal obligations on hammers instead of carpenters, or automobiles instead of drivers.

If a “decentralized exchange” isn’t made with free software and an open blockchain alone, and if there is also a critical middleman of some sort, then it’s not really a DEX at all.

Regulation is best applied to the activities and actions of persons or organizations. A requirement to register with any government arm before publishing software code that allows decentralized exchange is not only inappropriate, it’s unconstitutional. By the same token, just because a person or entity that takes control of another’s cryptocurrency refers to itself as “DeFi” does not make it so. As we previously noted in comments to the SEC:

If there is some entity that actively plays an institutional role in the trade, a person that clients know and trust with their trading orders, then the service is not properly referred to as a decentralized exchange. If it, nonetheless, refers to itself as “decentralized,” regulators should look at function rather than form, and the existing regulatory definition of exchange offers the Commission sufficient authority to demand that such a “decentralized in name only” (DINO) exchange register as a national securities exchange or ATS. The distinguishing feature between trading digital assets using a traditional centralized exchange and true decentralized exchanges is that the only parties to a decentralized exchange are the traders themselves. …

Open-source decentralized exchange software is a particular type of content that advocates a strongly held political viewpoint: that we should be able to engage in payments and transactions free of middlemen and censorship. In practice, strict scrutiny forbids the state from passing laws that create a “prior restraint” on speech, that is to say a ban on speech that is in place before the speech is actually made. In other words a punishment for saying something defamatory after the fact is not a prior restraint, but a law that says “no one shall be allowed to say anything untrue about the President’s character” is a prior restraint. Any law that attempts to ban the publication of decentralized exchange software or make publication illegal without a license or some other precondition would be a prior restraint. In practice, courts always find these forms of regulation to be unconstitutional.

Some have argued that speech is no longer protected when developers are seeking to profit from the publishing of code. That is not the case. Even in a Supreme Court case that dealt with the sale of information relating to the prescribing activities of doctors, the Court ruled that “if the acts of ‘disclosing’ and ‘publishing’ information do not constitute speech, it is hard to imagine what does fall within that category.”¹ This Supreme Court precedent is also backed up by a previous case in 1985 that dealt with the publication of a newsletter for profit. A concurrent opinion in the case noted:

“Where the personal nexus between professional and client does not exist, and a speaker does not purport to be exercising judgment on behalf of any particular individual with whose circumstances he is directly acquainted, government regulation ceases to function as legitimate regulation of professional practice with only incidental impact on speech; it becomes regulation of speaking or publishing as such, subject to the First Amendment’s command that Congress shall make no law . . . abridging the freedom of speech, or of the press.”²

Finally, it should be made clear that publishing open source code does not absolve one from regulatory obligations owing to other activities. If one engages in activities that are properly subject to regulation in addition to engaging in protected speech, then those other activities may well be regulated. Coin Center’s position is simply that the activity of publishing speech itself may never be subject to prior restraint, and thus registration, licensure, or similar limitations.

In the absence of an understood and commonly accepted definition of “DeFi,” it is critical that the publication of software code is not wrapped up in an unconstitutional regulatory regime. While entities that custody assets or are trusted to safeguard another’s cryptocurrency may refer to themselves as “DeFi,” they remain subject to existing regulatory requirements and may be appropriately addressed in further legislation related to the cryptocurrency market structure. But the publication of computer code on open blockchain networks that enable others to conduct personal, private transactions is speech protected by one of our most important civil liberties.

Notes

The post How Congress should (and should not) approach DeFi appeared first on Coin Center.

https://www.coincenter.org/treasurys-new-defi-risk-assessment-relies-on-ill-fitting-frameworks-and-makes-potentially-unconstitutional-recommendations/

Yesterday the Treasury Department released a “DeFi Illicit Finance Risk Assessment.” While the report does not announce any new or changed policy, and correctly acknowledges the much larger illicit finance threat posed by the traditional banking sector, it—nonetheless—engages at length in an unhelpful centralization-versus-decentralization analysis that is confusing and irrelevant to the actual legal questions at stake. Worryingly, the assessment appears to prejudge all DeFi applications as non-compliant with anti-money-laundering rules without ever explaining which actual activities performed by which DeFi-related actors do and do not trigger compliance obligations. The assessment assumes instead that AML rules always apply, or at the very least that they should always apply and that regulations should be expanded to the extent they don’t–even perhaps to cover the mere publication of software. Here’s the good, the bad, and the ugly of the Treasury Department’s DeFi risk assessment.

The Good

The assessment repeatedly indicates that obligations under the Bank Secrecy Act (BSA) are dependent on specific facts and circumstances, which has been well-known policy from the Treasury Department with regard to crypto going back to 2013. In other words, the assessment isn’t announcing a new standard that would cause all of DeFi to be regulated or anything like that. Troublingly, however, halfway through the assessment identifies a specific set of facts and circumstances that to date have been clearly outside the scope of BSA regulation as being inside scope, but we’ll come back to that later on in this analysis.

Also good is the fact that the assessment clearly states at the outset that it is not changing any laws or definitions, that it is merely a policy report, and that it is not new or updated guidance about whether someone is or is not a “financial institution” and therefore obligated to surveil their customers. This means that, at least for now, the 2019 FinCEN guidance (which we think is generally very good and appropriately constrained to custodial entities) is still the controlling law.

The assessment, while often pessimistic regarding the value of DeFi technologies, nonetheless acknowledges the small share of total crypto activity that DeFi represents (3%). This is good because it means that the Treasury Department is not blowing the issue out of proportion. Indeed at various points the assessment stresses that the larger realm of traditionally intermediated finance, as well as non-compliant international centralized crypto exchanges, pose a more significant money laundering threat. We agree.

Also heartening is the fact that the assessment explicitly says that it is not concerned with transfers between the holders of two “self-hosted” wallets. In other words, nothing in the assessment is about actual peer-to-peer usage of crypto, and the assessment is not calling for the application of the BSA’s surveillance regime to those personal activities, which would raise obvious and serious constitutional issues dealing with warrantless search and seizure.

However, this is where things start becoming complicated. The sentence dealing with “self-hosted wallets” and peer-to-peer transactions has a truck-sized carve out that must stem from ignorance or misunderstanding of the nature of DeFi. The assessment states that it is not concerned with peer-to-peer transactions if and only if those transactions “do not involve smart contracts.”

The negative implication of that claim is that the assessment is concerned with peer-to-peer transactions when those transactions do involve smart contracts. And that claim might be indicative of a mistaken belief that any and every transfer between “self-hosted wallets” that also involves a smart contract is no longer strictly a peer-to-peer transaction. The assessment doesn’t come out and say that, but a large portion of it is dedicated to outlining all the ways that smart contracts can and are often controlled by third parties, and it does not once affirm what is unambiguously true: that at least some smart contracts are merely software without any administrator or controller.

Indeed, the tone of the assessment is dismissive of the possibility that “self-custody” can be maintained while using DeFi. For example: “Some DeFi services purport to allow users to self-custody their virtual assets through their own digital wallets” and “[m]any DeFi services claim to be disintermediated by enabling automated P2P transactions without the need for an account or custodial relationship.” (Emphases added.) Every garden has weeds among the flowers, and throughout crypto there are plenty of disingenuous claims, claims made erroneously or by those who would happily lie to escape regulation. There are, however, also mathematical truths about the entirely non-custodial nature of many protocols and smart contracts that warrant at least some cursory mention in any report that is meant to be comprehensive and fair.

For example, the Tornado Cash contracts (the sanctioning of which we are challenging in our lawsuit against OFAC) are entirely non-custodial. No person, DAO, or entity, whether sanctioned, foreign or domestic, can in any way move money out of the Tornado Cash core contracts unless they can provide a valid note proving that they are the entity that deposited funds into that contract.

Indeed this weeds-only characterization belies a more significant misunderstanding about the nature of so-called “self-hosted wallets.” Crypto doesn’t exist within people’s wallets; it exists on a blockchain at any given address, and exists literally nowhere else. A wallet (self-hosted or otherwise) merely holds keys (not coins), and those keys control…. you guessed it, smart contracts. Smart contracts are simply rules encoded in software for how and when amounts of crypto can be transferred. The simplest smart contract is a rule that transactions moving crypto from the source address must be signed by the private key that corresponds to that address (and this is what Treasury is referring to when they say “self-hosted wallet”). That is to say, any and all cryptocurrency locked in an address for which the direct beneficiary and owner has full control must therefore reside within a form of smart contract. So the statement, “Funds transfers between the holders of two unhosted wallets that do not involve smart contracts fall outside the scope of DeFi services for the purpose of this report,” is incoherent because there’s no such thing as a transfer between the holders of two unhosted wallets that “does not involve smart contracts.”

Lest you think we’re being overly pedantic, it’s worth noting that the dominant mode of making a “self-hosted” multisig transaction on Ethereum is to use a type of smart contract called a Gnosis Safe. The authors of the technical specification for Gnosis Safe smart contracts have a website, and there is an incorporated foundation and a DAO-based governance mechanism for coordinating research and development of the technical standards upon which these contracts are ultimately built. None of that means that individual instances of these smart contracts are somehow controlled by any of these researchers or groups. That’s akin to arguing that Master Lock, Inc. controls every bike locked with its padlock, or that Schlage, Inc. controls every home whose door sports their deadbolt. Or, for that matter, that the W3C (the main international standards organization for the World Wide Web) controls this blog post and the Coin Center website.

We end up in this semantic hole because the assessment refuses to acknowledge that some smart contracts have no third party operator while simultaneously acknowledging that mere person-to-person transactions are outside of the discussion. And this may not be just incompleteness, it may be strategic from a constitutional law perspective.

The fact is, a peer-to-peer transaction likely cannot be subject to the relevant reporting and KYC requirements specified in the Bank Secrecy Act because those requirements only apply to “financial institutions” as defined in the Act and associated regulations. Defining an individual paying another individual as a financial institution is absurd, and also unconstitutional. Financial institutions are obliged to engage in warrantless data collection about their customers under the BSA and the only reason that such surveillance activities are constitutional is because the third-party doctrine excludes searches made by third parties from Fourth Amendment protections. A peer-to-peer transaction has, definitionally, no third party and therefore cannot be subject to a warrantless reporting regime. So if the assessment had admitted the mathematical truth that some DeFi smart contracts are truly peer-to-peer, it would also be stating a legal truth that those activities are outside of the constitutionally cabined authority of the government to surveil without a warrant.

This confusion over “self-hosted wallets” not being themselves smart contracts, sadly, is only the beginning of the troubling misunderstanding of the relevant factors of the technology evidenced by the assessment. Let’s move from the good to the bad.

The Bad

The assessment as a whole unhelpfully focuses on a rhetorical dichotomy between centralized vs. decentralized tools and protocols, rather than focusing rightly on the activities that trigger regulation, and specifically the relevant question for BSA application: are you performing an activity that qualifies as a regulated financial service? The crypto ecosystem may be partially to blame for that confusion given how often advocates who are not well-educated about the law erroneously claim that they can’t be regulated because they are “decentralized.” But the Treasury Department is not a crypto advocate ignorant of the law; it’s the Treasury Department. Therefore the choice to focus on centralization vs. decentralization rather than specific activities-based triggers for regulation is confusing at best.

Coin Center has long advocated for an activities-based framing of important questions like “Am I a money services business that needs to register and surveil my customers?” rather than any vague “decentralization”-based inquiry. Basically, If “activity X” has always been defined as a regulated activity and you do “activity X,” then you will be regulated even if you do activity X using crypto or through a “decentralized” organization. And similarly, if you don’t do “activity X” then you aren’t regulated regardless of whether you do it as part of a DAO or as a natural person. In practice this means that if you are (a) writing software that people use to move or secure their own money, then you are not regulated regardless of whether you write and publish that software yourself or alongside DAO members. However if you are (b) maintaining custody or control of someone’s funds, then you are regulated regardless of whether you do it yourself or alongside fellow DAO members.

To be fair, the assessment does end up saying this at page seven: “The nature of the activities in which a person engages is the key factor in determining whether and how that person must register” and “[t]he degree to which a service is decentralized has no bearing on these obligations so long as the service meets this definition.” And yet when it comes time to actually discuss the definition of a highly consequential activity upon which the application of regulation hinges (i.e. custody), the assessment spends a single paragraph arguing that most “purported” self-custody is bogus. Meanwhile many pages are inexplicably spent exploring the irrelevant question of centralization versus decentralization.

Before we move on from the bad to the ugly, it’s also worth pointing out another strange passage. Also at page seven the assessment suggests that “[i]ndustry claims there is insufficient regulatory clarity” regarding AML/CFT obligations. No support is given for this claim. For what it’s worth, Coin Center, at least, has often said the opposite: we have repeatedly applauded FinCEN and other regulators for taking a technology-neutral and activities-based approach to their interpretation of the BSA.

The Ugly

The assessment’s focus on decentralization rather than activities-based regulation is most problematic within the sections of the assessment intended to outline the division of BSA authority between the several regulators in this space. The Treasury Department, SEC, CFTC, and the several banking regulators all share and divide that authority for BSA supervision. The particular trigger for whether you are BSA regulated lies in whether you meet any of the particular (activities-based) definitions in the various federal statutes relevant to each agency, e.g. whether you are a Futures Commission Merchant (FCM) if you are doing commodities derivatives trading according to the Commodities Exchange Act, or whether you are a Money Services Business (MSB) if you are accepting and transmitting currency or currency substitutes according to the Bank Secrecy Act and the implementing regulations issued by FinCEN. If this seems complex, that’s because it is, which is all the more reason for a report on the topic to offer a clear picture of how that authority is divided and which definitions are the relevant triggers for regulation by each agency.

Though it is never clearly stated in the assessment, these activities have very different definitions and standards. Persons in the DeFi ecosystem might be doing some but not others, and some persons are doing none, but rather than discuss exactly what each standard describes and whether any particular type of DeFi actor fits into that category (something that FinCEN’s 2019 guidance did extremely well), the assessment prefers to generalize that all of these persons in DeFi are failing to do any BSA compliance (irrespective of whether they are actually obligated to do so under the activities-based definitions): “DeFi services at present often do not implement AML/CFT controls or other processes to identify customers, allowing layering of proceeds to take place instantaneously and pseudonymously.” The implication is that everyone is non-compliant, and perhaps criminally so, even though one can only be non-compliant if one is actually obligated to comply.

The only time the assessment offers specific examples of non-compliance is with regard to the Ookie Dao (née bZeroX) enforcement action by the CFTC. Rather than investigate or describe why the particular activities of those DAO members rise to the level of BSA obligations under the relevant definitions in the Commodities Exchange Act, the assessment focuses on whether it can be sued as an entity given its claimed decentralization. It can, but that is of little surprise (to us, at least), and that discussion ignores the more interesting and critical factual inquiry about what exactly those DAO members did that triggered (or didn’t trigger) BSA obligations. That inquiry would have been helpful to people building DeFi tools who want to know when they are legally obligated to comply, and it would also have been helpful for Coin Center to know if the regulations are being applied reasonably or in a way that contravenes our constitutional rights.

Even more troubling is the specific example of non-compliance in the MSB rather than FCM context. The report argues that: “For instance, one VASP announced in 2021 that it would transition from a traditional corporate structure into a DAO for the purpose of ceasing to collect customer information for AML/CFT compliance, although in practice this would not have impacted the service’s BSA obligations.” This is both a highly inflammatory allegation given that, so far as we know, no such VASP has been charged with any violation, and this is also an unsupported statement of law. We know that being a DAO rather than a company has no bearing on whether one is accepting and transmitting funds, but the critical question is whether the members of this alleged DAO, once the transition had occurred, actually engaged in the regulated activity of accepting and transmitting customer funds. That’s a factual inquiry. If DAO members do not have any actual control over customer funds and are, in fact, merely publishing software to the Ethereum blockchain that allows other people to transmit funds, then they are not an MSB because they are not “accepting and transmitting” anything. No discussion of those relevant facts is presented and misconduct on the part of DAO members is presented as if it is a given.

Finally, there is the section on “disintermediation.” In this section the assessment concedes that some activities performed by persons in DeFi may not qualify as within any of the activities-based categories that trigger BSA application. Note that it does not concede that this may be because those activities are truly non-custodial (the assessment demeans that notion repeatedly) or merely the publication of software. It leaves the reader to suspect that these persons have found some insidiously clever loophole rather than merely gone and exercised constitutional rights to publish innovative research and software.

We believe that many DeFi projects are truly non-custodial and we also believe that many persons involved are doing nothing but publishing software. Those persons would not be MSBs under the “accept and transmit” definition in the BSA’s implementing regulations. The report characterizes this as a “gap” that should be filled. To clearly state Coin Center’s position on such gap-filling: (1) it can’t be done by guidance, (2) it can but should not be done by rulemaking, (3) it is a major question best left to Congress, and (4) in most cases it would be unconstitutional to do at all. Let’s expand on these points:

1. It would not be legal for FinCEN to merely issue new guidance in order to fill these purported gaps in the MSB definition. The existing activity-based definition can’t be stretched through guidance to encompass non-custodial activities because the defined activity is all about custody itself (you either accept and transmit—e.g. have custody and control in between those actions—or you don’t).
2. If there’s a desire to include certain non-custodial activities in the definition of “financial institution” it would at least need to happen via new notice-and-comment rulemaking rather than through mere guidance. 31 U.S.C. §5312(a)(2)(Y) empowers the Secretary of Treasury to identify any “activity which is similar to, related to, or a substitute for any” activities defined in the statute as performed by a “financial institution,” and §5312(a)(2)(Y) conditions that power on making these identifications “by regulation,” a phrase that triggers administrative procedure requirements such as notice and comment rulemaking.
3. Even though the Treasury Department has this ostensible statutory authority under the BSA to redefine “financial institution” at will to include effectively any entity it wants, that authority is too broad to wield responsibly in all situations. A major question like whether thousands of software developers need to start registering with the Treasury Department in advance of publishing their software is, at the very least, a question best left for elected officials in Congress
4. More to the point, if when policymakers go to define the activity, they cannot avoid including “publishing software that others use to move their own money” or something similar, then they cannot fill that purported “gap” without violating the Constitution. Both First Amendment rights to publish software without prior restraint and Fourth Amendment rights against warrantless surveillance of private (peer-to-peer) affairs would be implicated.

Treasury’s 40-page assessment never gets to this level of specificity. It does not clearly identify whether there is in fact a gap, and it does not characterize precisely which activities might fall into that gap (we think they would be speech activities). Nor does the assessment identify the lawful processes by which those purported gaps could be filled or the administrative and constitutional limits on that gap-filling exercise. To summarize, our constitutional rights to speech and privacy are not a gap in the money laundering laws. They are the supreme law of the land.

The post Treasury’s new DeFi risk assessment relies on ill-fitting frameworks and makes potentially unconstitutional recommendations appeared first on Coin Center.