distributed internet – Techdirt (original) (raw)

from the pay-attention dept

Let’s get this out of the way up top: yes, many cryptocurrencies and “Initial Coin Offerings” (ICO’s) were complete scams, designed to dupe people out of billions of dollars. It’s entirely reasonable to call those out, and to argue that there should be some significant regulatory oversight of such scams. However, it is also possible to believe that an overreaction to such scams could kill off a nascent attempt to rebuild a truly open and distributed internet. For years now, I’ve been talking about why we could better fulfill the dream of an open, distributed internet if we were to move to a world of protocols, not platforms, and in a more recent post, I’ve discussed some policy proposals to help the world move in that direction — with the final one concerning the SEC, and getting it to stop looking at cryptocurrencies solely as a financial instrument nearly identical to a security. This is not to avoid all scrutiny of cryptocurrencies. But having a working cryptocurrency system in which the success of a protocol can be driven by its actual usage and development, rather than ads or “surveillance capitalism”, would benefit massively from more freedom to experiment.

While it does not appear that, by itself, it will be that successful, a few years back the social network/messaging app Kik started an experiment in this space, raising $100 million with an ICO and designing it so that its “Kin” tokens could be used to reward developers who build services. The company has put some effort into encouraging developers to build within its ecosystem, and for others to use the Kin tokens as currency.

However, mostly behind the scenes, Kik and the SEC have been having a bit of a fight over whether or not the ICO was an unregistered securities sale. Back in January, the company revealed that it had been negotiating with the SEC over the whole thing.

The SEC isn?t accusing Kik of fraud, Mr. Livingston said. Rather, its enforcement division believes Kik failed to register the sale with the SEC and thus didn?t give investors the proper information. The agency?s enforcement action must be authorized by the SEC?s commissioners, and it?s unknown whether they have voted to authorize the litigation.

[….]

The SEC says most digital tokens are covered by a 73-year-old Supreme Court decision that defined which investments are considered securities. Many tokens meet the court?s test because they can be traded for profit, and their value is tied to the performance of the startup that sold them, regulators say.

In a 39-page rebuttal on Dec. 10 to the SEC, Kik argued the sale terms, in fact, don?t constitute an investment contract, and investors weren?t led to expect to profit on their purchase of kin.

?Bringing the proposed enforcement action against Kik and the foundation would amount to doubling down on a deeply flawed regulatory and enforcement approach,? the company?s lawyers wrote, according to copy of the rebuttal reviewed by the Journal.

Since that time, the two sides have continued to negotiate, with Kik basically now admitting it wants a judge to weigh in because it can’t get the SEC to see things its way. It has announced that it has set aside $5 million to go to court with the SEC over this matter (and is asking for further donations).

Despite the fact that last month over 300,000 people earned and spent Kin as a currency, the SEC is still saying that it might be a security. After months of trying to find a reasonable solution, Kin has been unable to reach a settlement that wouldn?t severely impact the Kin project and everyone in the space. So Kin is going to take on the SEC in court to make sure there is a foundation for innovation going forward.

As the company notes, the current ambiguity is acting as a real “innovation tax” in the space. Many companies are refusing to experiment with these kinds of offerings, or even to work with existing tokens, out of fear of how an SEC might completely upend the space with a decision one way or the other. Indeed, in a recent talk by SEC Commissioner Hester Peirce (who is supportive of more experimentation with crypto), she very clearly worries about how ambiguities in the way the SEC has acted over the last couple of years will stifle innovation. The speech notes that the SEC has mostly avoided heavy handed regulation in the space, but that it has not done much to help actually clarify the rules.

The SEC staff recently issued a framework to assist issuers with conducting a Howey analysis of potential token offerings. The document is a thorough 14 pages. It points to features of an offering and actions by an issuer that could signal that the offering is likely a securities offering. If this framework helps issuers understand what the different Howey factors might look like in an ICO context, it may be valuable. I am concerned, however, that it could raise more questions and concerns than it answers.

While Howey has four factors to consider, the framework lists 38 separate considerations, many of which include several sub-points. A seasoned securities lawyer might be able to infer which of these considerations will likely be controlling and might therefore be able to provide the appropriate weight to each. Whether the framework gives anything new to the seasoned securities lawyer used to operating in the facts and circumstances world of Howey is an open question. I worry that non-lawyers and lawyers not steeped in securities law and its attendant lore will not know what to make of the guidance. Pages worth of factors, many of which seemingly apply to all decentralized networks, might contribute to the feeling that navigating the securities laws in this area is perilous business. Rather than sorting through the factors or hiring an expensive lawyer to do so, a wary company may reasonably decide to forgo certain opportunities or to pursue them in a more crypto-friendly jurisdiction overseas.

On the same day the Corporation Finance staff issued the Framework, the staff also issued the first token no-action letter in response to an inquiry from TurnKey Jet, a charter jet company. The company intended to effectively tokenize gift cards. Customer members could purchase tokens that would be redeemable, dollar for dollar, for charter jet services. The tokens could be sold only to other members. This transaction is so clearly not an offer of securities that I worry the staff?s issuance of a digital token no-action letter?the first and so far only such letter?may in fact have the effect of broadening the perceived reach of our securities laws. If these tokens were securities, it would be hard to distinguish them from any medium of stored value. Is a Starbucks card a security? If we are going that far, I can only imagine what name the barista will write on my coffee cup.

And yet, the staff?s letter did not stop at merely stating that the token offering would not qualify as a securities offering, but highlighted specific but non-dispositive factors. In other words, the letter effectively imposed conditions on a non-security. For example, the staff?s response prohibits the company from repurchasing the tokens unless it does so at a discount. Further, as I mentioned earlier, the incoming letter precluded a secondary market that includes non-members. Does that mean that a company that chooses to offer to repurchase gift cards at a premium or that allows gift card purchasers to sell or give them to third parties needs to call its securities lawyer to start the registration process?

As Peirce notes, there are still so many hugely open questions, and the potential liability for getting any of these wrong is clearly holding back many possible innovations that could be quite important to a more distributed, more open, internet. After listing out a bunch of unanswered questions, she notes:

On these points, the SEC has been nearly silent. This silence may ultimately be deadly. An issuer can conduct a private securities offering with no SEC involvement. The rules that distinguish a private from a public offering focus on the offerees and investors. The form that the security is in?whether shares of common stock or interests in orange groves?has no bearing on how the rules operate. The rules that govern broker-dealers, investment advisers, auditors, and trading platforms are different. They govern the ownership, storage, and exchange of securities?exactly the aspects of digital assets that the crypto industry seeks to transform. A broker or adviser cannot custody an asset if it does not know how to show it has possession and control of the asset. An auditor must be able to review and verify the actual transactions.

Additionally, while issuers that rely on the private offering exemption do not need SEC permission to issue securities, a platform cannot trade securities unless it is registered with the SEC as an exchange or an alternative trading system. A broker-dealer generally must register with the SEC and FINRA.

The SEC has yet to provide guidance to the public or FINRA on any of the core questions. The result is that many would-be brokers and trading platforms are stuck in a frustrating waiting mode; they are unable to get clear answers to questions about how they may proceed in this market.

This is why Kik/Kin going to court to force the SEC to make some decisions is so important here. Venture capitalist Fred Wilson put up a blog post explaining why:

Sadly, the SEC looks at crypto tokens and sees securities that they want to regulate as such. They cannot seem to understand that not all of these assets are securities, they cannot seem to understand that most are commodities, currencies, or utilities like frequent flyer miles. They cannot understand that crypto tokens are unlike any assets that have come before them and that crypto tokens need new regulatory structures. They cannot understand that their unwillingness to come up with new rules paired with their ?regulate by enforcement? strategy is hurting the crypto sector, pushing it offshore, and is causing most of the new projects to raise capital outside of the US and/or put together legal structures that look like Frankenstein monsters.

None of this is an attempt to argue that there shouldn’t be any oversight over cryptocurrencies. Clearly, and obviously, there have been many that are little more than ponzi schemes and get rich quick cons. The entire space will benefit from some clear rules that enable greater experimentation with things like helping to fund protocols via such tokenization — but the SEC’s overall approach to date has been one where it seems on the one hand to be afraid to do anything at all other than make scary noises and threats, and on the other to be hinting that any new cryptocurrency offering should have to go through an FDA-like approval process before it might hit the market. This is an untenable position.

I have my doubts as to whether the Kik/Kin approach to cryptocurrency will itself work. But its legal fight is an important one, if you’d like to see a better decentralized internet. Dealing with scams is one thing, but if every new platform startup needs to go through the regulatory rigmarole as if it were a company preparing to go public, that would be a massive chill on innovation and experimentation. There needs to be a better, more permissionless manner of exploring these ideas, so what happens with Kik’s legal challenge here will ultimately be extremely important for the future of a world of protocols over platforms.

Filed Under: cryptocurrency, distributed internet, kin, protocols, regulations, sec
Companies: kik, kin

Two Important Speeches: The Threats To The Future Of The Internet… And How To Protect An Open Internet

from the pay-attention dept

Last week, I came across two separate speeches that were given recently about the future of the internet — both with very different takes and points, but both that really struck a chord with me. And the two seem to fit together nicely, so I’m combining both of them into one post. The first speech is Jennifer Granick’s recent keynote at the Black Hat conference in Las Vegas. You can see the video here or read a modified version of the speech entitled, “The End of the Internet Dream.”

It goes through a lot of important history — some of which is already probably familiar to many of you. But, it’s also important to remember how we got to where we are today in order to understand the risks and threats to the future of the internet. The key point that Granick makes is that for too long, we’ve been prioritizing a less open internet, in favor of a more centralized internet. And that’s a real risk:

For better or for worse, we?ve prioritized things like security, online civility, user interface, and intellectual property interests above freedom and openness. The Internet is less open and more centralized. It?s more regulated. And increasingly it?s less global, and more divided. These trends: centralization, regulation, and globalization are accelerating. And they will define the future of our communications network, unless something dramatic changes.

Twenty years from now,

* You won?t necessarily know anything about the decisions that affect your rights, like whether you get a loan, a job, or if a car runs over you. Things will get decided by data-crunching computer algorithms and no human will really be able to understand why. * The Internet will become a lot more like TV and a lot less like the global conversation we envisioned 20 years ago. * Rather than being overturned, existing power structures will be reinforced and replicated, and this will be particularly true for security. * Internet technology design increasingly facilitates rather than defeats censorship and control.

Later in the speech, she digs deeper into those key trends of centralization, regulation and globalization:

* Centralization means a cheap and easy point for control and surveillance. * Regulation means exercise of government power in favor of domestic, national interests and private entities with economic influence over lawmakers. * Globalization means more governments are getting into the Internet regulation mix. They want to both protect and to regulate their citizens. And remember, the next billion Internet users are going to come from countries without a First Amendment, without a Bill of Rights, maybe even without due process or the rule of law. So these limitations won?t necessarily be informed by what we in the U.S. consider basic civil liberties.

This centralization is often done in the name of convenience — because centralized systems currently offer up plenty of cool things:

Remember blogs? Who here still keeps a blog regularly? I had a blog, but now I post updates on Facebook. A lot of people here at Black Hat host their own email servers, but almost everyone else I know uses gmail. We like the spam filtering and the malware detection. When I had an iPhone, I didn?t jailbreak it. I trusted the security of the vetted apps in the Apple store. When I download apps, I click yes on the permissions. I love it when my phone knows I?m at the store and reminds me to buy milk.

This is happening in no small part because we want lots of cool products ?in the cloud.? But the cloud isn?t an amorphous collection of billions of water droplets. The cloud is actually a finite and knowable number of large companies with access to or control over large pieces of the Internet. It?s Level 3 for fiber optic cables, Amazon for servers, Akamai for CDN, Facebook for their ad network, Google for Android and the search engine. It?s more of an oligopoly than a cloud. And, intentionally or otherwise, these products are now choke points for control, surveillance and regulation.

So as things keep going in this direction, what does it mean for privacy, security and freedom of expression? What will be left of the Dream of Internet Freedom?

She goes on to note how this centralization comes with a very real cost: mainly in that it’s now one-stop shopping for government surveillance.

Globalization gives the U.S. a way to spy on Americans?by spying on foreigners we talk to. Our government uses the fact that the network is global against us. The NSA conducts massive spying overseas, and Americans? data gets caught in the net. And, by insisting that foreigners have no Fourth Amendment privacy rights, it?s easy to reach the conclusion that you don?t have such rights either, as least when you?re talking to or even about foreigners.

Surveillance couldn?t get much worse, but in the next 20 years, it actually will. Now we have networked devices, the so-called Internet of Things, that will keep track of our home heating, and how much food we take out of our refrigerator, and our exercise, sleep, heartbeat, and more. These things are taking our off-line physical lives and making them digital and networked, in other words, surveillable.

At the end of her speech, Granick talks about the need to “build in decentralization where possible,” to increase strong end-to-end encryption, to push back on government attempts to censor and spy.

And that’s where the second speech comes in. It’s by the Internet Archive’s Brewster Kahle. And while he actually gave versions (one longer one and one shorter one) earlier this year, he just recently wrote a blog post about why we need to “lock the internet open” by building a much more distributed web — which would counteract many of Granick’s quite accurate fears about our growing reliance on centralized systems.

Kahle also notes how wonderful new services are online and how much fun the web is — but worries about the survivability of a centralized system and the privacy implications. He notes how the original vision of the internet was about it being a truly distributed system, and it’s the web (which is a subsegment of the internet for those of you who think they’re the same), seems to be moving away from that vision.

Contrast the current Web to the Internet?the network of pipes on top of which the World Wide Web sits. The Internet was designed so that if any one piece goes out, it will still function. If some of the routers that sort and transmit packets are knocked out, then the system is designed to automatically reroute the packets through the working parts of the system. While it is possible to knock out so much that you create a chokepoint in the Internet fabric, for most circumstances it is designed to survive hardware faults and slowdowns. Therefore, the Internet can be described as a ?distributed system? because it routes around problems and automatically rebalances loads.

The Web is not distributed in this way. While different websites are located all over the world, in most cases, any particular website has only one physical location. Therefore, if the hardware in that particular location is down then no one can see that website. In this way, the Web is centralized: if someone controls the hardware of a website or the communication line to a website, then they control all the uses of that website.

In this way, the Internet is a truly distributed system, while the Web is not.

And, thus, he wants to build a more distributed web, built on peer-to-peer technology that has better privacy, distributed authentication systems (without centralized usernames and passwords), a built-in versioning/memory system and easy payment mechanisms. As he notes, many of the pieces for this are already in existence, including tools like BitTorrent and the blockchain/Bitcoin. There’s a lot more in there as well, and you should read the whole thing.

Our new Web would be reliable because it would be hosted in many places, and multiple versions. Also, people could even make money, so there could be extra incentive to publish in the Distributed Web.

It would be more private because it would be more difficult to monitor who is reading a particular website. Using cryptography for the identity system makes it less related to personal identity, so there is an ability to walk away without being personally targeted.

And it could be as fun as it is malleable and extendable. With no central entities to regulate the evolution of the Distributed Web, the possibilities are much broader.

Fortunately, the needed technologies are now available in JavaScript, Bitcoin, IPFS/Bittorrent, Namecoin, and others. We do not need to wait for Apple, Microsoft or Google to allow us to build this.

What we need to do now is bring together technologists, visionaries, and philanthropists to build such a system that has no central points of control. Building this as a truly open project could in itself be done in a distributed way, allowing many people and many projects to participate toward a shared goal of a Distributed Web.

Of course, Kahle is hardly the first to suggest this. Nearly five years ago we were writing about some attempts at a more distributed web, and how we were starting to see elements of it showing up in places the old guard wouldn’t realize. Post-Snowden, the idea of a more distributed web got a big boost, with a bunch of other people jumping in as well.

It’s not there yet (by any stretch of the imagination), but a lot of people have been working on different pieces of it, and some of them are going to start to catch on. It may take some time, but the power of a more decentralized system is only going to become more and more apparent over time.

Filed Under: black hat, brewster kahle, centralized, decentralized, distributed internet, jennifer granick, open internet