Libra’s Legal Challenges

By Misha Guttentag and JP Schnapper-Casteras

Today’s announcement of Facebook’s much-anticipated cryptocurrency, Libra, has already spurred a flurry of commentary about technology and ramifications for the fintech space. But as Facebook publicly unveils its plans for Libra, a new question emerges: is Facebook prepared for the legal challenges to come?

On the face of things, Facebook’s announcement hews close to legal compliance. Their subsidiary is already registered with FinCEN, and their announcement carefully avoids any impression that purchasing Libra will earn users a profit. So, legally speaking, nothing to see here — right? Nope, not so fast. Here are some big, unanswered legal questions on Facebook’s horizon:

First, who will regulate this potentially ground-breaking new “global currency”? In today’s current legal environment, the short answer is just about everyone. In the U.S. alone, the Treasury, SEC, CFTC, IRS and state financial regulators are all already involved in cryptocurrency regulation. Facebook already earned the ire of antitrust groups through its data collection alone; its foray into central banking could be the kicker that finally sets off the Department of Justice’s Antitrust Division to begin more formally exploring the possibility of breaking Facebook up. On the Hill, representatives across the political spectrum have been asking hard questions about Facebook and its currency plans, including a recent bipartisan inquiry from the Senate. The two top lawmakers on the House Financial Services Committee have urged Facebook to testify before Congress about its plans for Libra; Maxine Waters, the ranking Democrat, even called for a moratorium on further Libra development. Other legal questions linger, including about tax implications of Libra-denominated spending, and Facebook’s commitment to enforcing the U.S.’s strict Anti-Money Laundering requirements placed on financial institutions like banks.

Globally, Libra faces an international regulatory landscape that is even more complex. Within hours of Facebook’s announcement, France’s Finance Minister, Bruno La Maire, proclaimed that Libra becoming a sovereign currency should be “out of the question,” that it “can’t and must not happen,” and that it only “increases our determination to regulate the Internet giants.” Jurisdictionally, Facebook headquartered the Libra Association in Geneva, but that hardly settles the question of which countries will try to exert control. In Asia, India’s legislature is considering a bill that would criminalize the purchase and sale of cryptocurrencies, presumably including Libra. China has repeatedly vacillated on digital currencies, banning and unbanning their production and sale. Perhaps Facebook has a grand strategy to employ a phalanx of local counsel to persuade regulators overseas or challenge clampdowns in court where needed. But it is hard to see smooth seas ahead.

Beyond finessing global regulations, Libra will have to contend with United States securities laws, especially surrounding its plans to “stabilize” its currency value. Facebook’s announcement suggests the company plans to “back” Libra with a mix of financial assets in order to stabilize its price. The legal status of so-called “stablecoins” — designed to retain a steady value, as compared to a currency like bitcoin or the Japanese Yen, whose purchasing power appreciates and depreciates — is unclear. The regulatory uncertainty surrounding “stablecoins” played a major part in the dissolution of one of the biggest projects, Basis, which shuttered and refunded approximately $100 million to investors.

More fundamentally, if Facebook succeeds in creating a currency that maintains value — as opposed to the 2% annual decline in purchasing power (inflation target) favored by the world’s central banks, Libra could even represent a source of competition for national currencies. As the Nobel-Prize winning mathematician John Nash mused, monetary policies “are typically of great importance to citizens who have alternative options for where to place their savings.” If Facebook can beat 2% inflation, then some currencies could struggle to compete.

Libra.org, “Vision” (June 2019)

Thus, questions remain: will central bankers (and other political leaders) view Libra as a threat to their monetary sovereignty? Will regulators see stablecoins as a benign mechanism to avoid speculative investment or crashes? Will they view it as a basket of commodities and securities like an ETF? Or will they ask whether stablecoins could constitute a form of market manipulation whereby Libra’s members, who each paid $10 million to participate in the network, intervene to prop up (or deflate) the price whenever they so choose?

Finally, the elephant in the room is not Libra, but Facebook itself. Libra comes out in a difficult and sensitive moment for Facebook, both in terms of politics and popular backlash.  More broadly, there is serious skepticism from progressives and conservatives alike about the expanding size and role of “Big Technology.”  At the consumer level, there appears to be a groundswell of concern about how companies like Facebook are monetizing and handling years’ worth of private data. Whether Facebook can earn back user trust, at the same time it launches a currency that will invariably require some degree of trust, remains to be seen. Indeed, the “In God We Trust” phrase printed on the U.S. Dollar is more than a motto — nearly one century after the Federal Reserve ended citizens’ abilities to redeem dollars for gold, the phrase symbolizes how trust in the currency’s value is crucial to the money’s acceptance and success. A currency without trust backing its value can quickly become worth no more than the paper (or a cotton-linen blend) on which it is printed.  

The big risk for the world’s regulators is not that Libra fails, but that it succeeds. Or, perhaps even more consequential, that Libra succeeds in familiarizing a broad swath of users to digital currencies, who ultimately opt to use an even more permissionless global currency like bitcoin. In the future, regulators considering a clampdown on the cryptocurrency phenomena may find themselves also facing a bitcoin network with no affinity for authority — and longing for simpler or centralized policy landscape that has since been overtaken by events. For now the bottom line is this: between today’s announcement and Libra’s launch in 2020, Facebook’s legal team — and perhaps monetary and financial regulators too — have plenty of work to do.

What the Bank of Canada Still Misunderstands about Bitcoin

The Bank of Canada recently published a study on “cryptoassets” that contains a subtle but significant error. In this post I explain what went wrong and why the Bank, which has previously released high-quality scholarship on this topic, should prioritize a more nuanced understanding of the roles that digital money like bitcoin can play in the banking system.

Appendix: Electricity calculations for a blockchain payment system.

The authors pose the question, “How much electricity would be needed to have all Canadian payments settled on a proof-of-work blockchain?” In the appendix, they calculate that settling every Canadian retail transaction on a bitcoin-like blockchain would entail astronomical energy costs, and conclude: “changes to the bitcoin technology and usage need to be substantial before it could be used as a retail payment method.”

This approach is based on a faulty premise about bitcoin and its blockchain that is emblematic of a broader misconception.

The problem:

At its essence, the appendix conflates payment with settlement, and then determines that every retail transaction would be settled on the bitcoin blockchain, despite no such requirement at a technological or conceptual level.

Even putting aside the appendix’s use of widelydebunked energy estimates or its dismissal of bitcoin-integrated payment technologies, central banks should be conceptualizing of bitcoin as a money and the bitcoin blockchain as a high-security form of settlement. The bitcoin blockchain is not and was not designed to be a method of payment for every retail transaction in the world.

To analogize this distinction, imagine a payment between parties on an app like Venmo. If Alice keeps $100 in her Venmo account and sends $30 to Bob, the payment is merely numbers moved internally on Venmo servers. Only when either party decides to “cash out” — withdrawing funds from Venmo to their bank account, for dollars — might the transaction be considered settled:

Settlement vs. Payments ($)

Like Canadian Dollars or Euros or USD, bitcoin-based payments can be made available via Venmo/Cash App, credit cards, checks, ACH, Paypal, and other layered payment systems. In other words, retail payments could retain existing payment infrastructure and still be denominated in bitcoin, and not necessitate settlement to a bitcoin-like blockchain.

Settlement vs. Payments (₿)

We do not even need to address major recent developments in bitcoin payments technology, such as the Lightning Network and other “Layer 2” development,” to understand that no changes to bitcoin’s technology need to take place before it can be used in Canada’s payment landscape. Bitcoin is not VISA or Venmo — it’s closer to money those companies move around.

To be charitable, perhaps the authors intended only to demonstrate what we discuss here: the futility of broadcasting all retail payments on bitcoin’s energy-intensive blockchain. If so, on this we agree. We do not mean to advocate that all Canadian retail payments should be conducted with or denominated in bitcoin. For many reasons, including familiarity, security, and price stability, Canadian customers and retailers may prefer to transact in CAD. Still, the conclusion that “changes to the bitcoin technology” are required is simply not true.

Moreover, the bitcoin blockchain’s proof-of-work electricity consumption is not an accidental byproduct: it is the means by which transactions are made all-but-irreversible a short time after they are added to the ledger and repeatedly confirmed by network consensus. In other words, the electricity and consensus confirmations offer a level of final settlement better-suited for high-value transfers (e.g., between banks) than for retail payments. If the intent here was to highlight the absurdity of using the bitcoin blockchain for retail payments, without acknowledging the utility of its blockchain for high-value settlement between institutions like central banks, then the authors should make that clear. As Hal Finney, the first person to ever receive a bitcoin transaction, predicted in 2010:

I believe this will be the ultimate fate of Bitcoin, to be the ‘high-powered money’ that serves as a reserve currency for banks that issue their own digital cash. Most Bitcoin transactions will occur between banks, to settle net transfers.”

The Takeaway:

Bitcoin has a variety of pros and cons, uses and misuses. What it does not have is a centralized research department to create these sorts of reports, nor a communications department to publicize and distill its applications and policy implications for lawmakers and central bankers. Such are the consequences of decentralization.

Still, it would be a shame if policymakers do not realize that the questions here go beyond retail payments, and carry global, potentially historic implications. For example: when nations with their own currencies trade with each other, which money should they use for settlement? Former Federal Reserve Chairman Paul Volcker recently lamented the lack of a “common numeraire” in our international trade system. A numeraire, he describes, would act as the monetary unit in international settlement, and free central banks from reliance on the unpredictable supply of a third nation’s currency, most recently the U.S. dollar.

The Adjusted Monetary Base is the sum of currency (including coin) in circulation outside Federal Reserve Banks and the U.S. Treasury, plus deposits held by depository institutions at Federal Reserve Banks.

It is worth considering whether a digital money like bitcoin — with predictable and verifiable supply, as well as Internet-native design tailor-fit for digital banking — could fulfill the role of “numeraire” and establish a “metric unit” for international exchange. If that possibility seems outlandish, fair enough. So too at one point was the possibility of agreement on the mass of the kilogram or the length of the meter, but the measurements enabled trust and coordination, and rapidly became integral for global advancement in science and trade.

The Bank of Canada’s study shows that it is still all too easy to misunderstand what bitcoin is. This is especially true when communications from bankers and bitcoiners alike present strawman caricatures of each other. But this also means that if we are to get serious about the complex and overlapping realms of central banking, retail payments, and digital money, we all ought to be a bit more rigorous and critical. Especially when we read third party research, like this study here, that narrow and misconstrue the discussion of what bitcoin is, and could be.

When are Developers Responsible for their Users?

By Misha Guttentag and JP Schnapper-Casteras

One of Satoshi Nakamoto’s last known public posts, in 2010, was a warning: “Wikileaks has kicked the hornet’s nest, and the swarm is headed towards us.” At the time, PC World had just published an article describing how bitcoin (then trading for a whopping $0.20) could be used for permissionless donations to Wikileaks, despite any bans by local authorities or payment processors. It is impossible to know Nakamoto’s exact concern, but one thing was clear: how people chose to use the bitcoin protocol he released — including how they would spend the bitcoin “currency” it issued — was out of his hands, even if it meant others could use it to potentially break social norms, business monopolies, and local laws. And if bitcoin payments to Wikileaks (or poker sites) were forbidden, could Nakamoto or bitcoin’s other developers be held personally liable for enabling unlawful activity?

Open-source programming often means letting go.

Today, nearly a decade after Nakamoto’s warning, regulators continue to wrestle with waves of permissionless innovation emerging from open-source projects like bitcoin, and to a greater extent, from the Internet itself. A fundamental question remains: should programmers of open-source software — where anyone can build upon, re-release and re-deploy the code — be held responsible if users take the code and violate their local laws or regulations, and if so, where should we draw those lines?

Developer Intent

One possible answer comes from a Commissioner of the Commodity Futures Trading Commission (CFTC), Brian Quintenz, who recently published his thoughts on when, in his estimation, the CFTC should (and should not) bring action against open-source developers whose code is used to violate CFTC regulations. As Quintenz put it, “Absent proof that developers intended that the code facilitate conduct that is illegal, the CFTC should not bring a case against them.” He proceeded to list several relevant questions to consider in determining a “developer’s intent,” including whether the developers were promoting, profiting from, or modifying code in order to enhance unlawful activity.

If the code is a contribution to a bigger system, what role will it play?

For developers who, like Nakamoto, are designing, building, and launching code, these questions of liability are not merely musings: they affect the likelihood of attracting investment, users, and developer talent. Absent more specific statutes or binding authority from regulators, sometimes public speeches and statements are the best sources of legal guidance available.

With Commissioner Quintenz’s commentary in mind, we wanted to highlight a question we expect to surface in the near future: to what extent should open-source developers of bots or algorithms expect to have some legal responsibility for actions that bots take on behalf of their users? Take, for example, a “trading bot” that enabled a user to plug into a trading platform and buy or sell products or digital tokens based on user-provided parameters (e.g., if it rises to XX, sell it — if it falls to YY, buy it). Could a trading bot developer be held liable if a user in a Treasury-sanctioned country downloaded open-source trading software and, via a VPN, surreptitiously deployed on a US-based exchange to sell bitcoin, violating U.S. sanctions? The short answer is likely no, and here’s why:

Guidelines for Code Design

In his speech, Commissioner Quintenz weighed a related question about software that is “specifically programmed” to violate laws, in this case, “to purposely distort the final settlement price” of a futures contract. His approach is worth highlighting here: “The more a code is narrowly tailored to achieve a particular end, the more it appears as if it was intentionally designed to achieve that end.” In other words, if the bot were knowingly designed and intended to manipulate a futures contract (also known as “banging the close”), it would “look a lot like aiding and abetting” of a legal violation — but if it merely allowed a user to make trades at whatever time they wanted, and it is only the user who deploys the software to manipulate a price during a particular interval, the developer should not expect to be held liable.

Additional questions emerge for developers of software that users could operate in ways that transgress Securities and Exchange Commission (SEC) rules, but for those developers, similar principles should apply. For example, if a a developer releases software knowingly and purposefully to enable users in the United States to manipulate trading markets, then the developer might be held liable for contributing to the forbidden action. Recent charges against a software developer involved in designing custom software that enabled sophisticated spoofing of futures markets confirms as much. If, on the other hand, the developer merely releases an open-source trading software — essentially exchange-agnostic, asset-agnostic, leaving the decision entirely up to the user as to which assets to trade, consistent with the laws of the users’ own jurisdiction — then the developer has a compelling case that they should not be held responsible for actions taken (or modifications made) by end-users of their own volition.

Users, Use Care

For users themselves, similar guidelines should apply. On the one hand, if users deploy software to knowingly engage in unlawful activity, they should expect to be held responsible. On the other hand, the risk associated with other types of software use is less clear. For example, imagine a group of card-game enthusiasts who utilize an algorithm to help them trade Magic: The Gathering cards online, an activity that (as far as they know) is legal within their jurisdictions. If their regulators in the future clarify that online trading of Magic cards is somehow outlawed, the group members might expect that any future trades of these cards will incur legal risk, but are less likely to be held liable for previous trades of these cards, since they did not then knowingly engage in impermissible activity. As a best practice, users should take care to check the requirements of their local jurisdiction and adjust their activities accordingly, regardless of the actual functionality of the open-source software before them. As a matter of policy, the onus here should fall on the users, not on open-source developers, since developers would be hard-pressed to monitor, limit, and/or tailor access to their code to meet the evolving jurisdiction-specific needs of each user.

For the time being, Quintenz’s recent focus on a software developer’s intent is a sensible rule of thumb for open source projects of all stripes, including in the context of bots and digital assets. Put differently, developers of OpenOffice should not be held liable if someone uses it to draft a ransom note; on the other hand, a developer clearly designing for illicit use, like releasing a tool called “OpenPassportForger,” would have a comparatively harder time arguing he or she did not intend it to be used to break the law. Even with these broad principles in mind, other market- and jurisdiction-specific rules can still apply in certain circumstances. For example, SEC regulations regarding algorithmic trading strategies conceivably apply to algorithms that trade securities (like stock in eBay and Amazon), while not applying to algorithms that help sellers arbitrage prices between eBay and Amazon platforms, since the products are not securities subject to SEC jurisdiction.

And until the day comes that bots are sentient enough to consult their own lawyers, developers and users of sophisticated automated software should — when in doubt — consult attorneys* of their own.

[*] Disclaimer: Consistent with the terms and conditions of this site and blog, this post is not and should not be treated as legal advice.