Attention lawmakers: these are most important features of digital currencies

Not all digital currencies are alike. In fact, some are so feature rich that calling them “currencies” misses the point. Ethereum, for example, can execute distributed applications and can spawn a wide variety of assets or tokens that stand for ownership in everything from companies to cars. To call Ethereum and others like it “currencies” is a bit like calling the internet as a whole “email.”

Bitcoin has company. 75 digital currencies and tokens have market caps of over $100MM. Image credit: Vladislav Sergeev

The point, here, is not that the moniker “digital currency” is sometimes inapt, but rather that it is a mistake to try to even put the Bitcoins, Ethereums, Ripples and IOTAs of the world the in the same bucket. Some — like IOTA — don’t even use a blockchain. We might call digital currencies “digital assets” instead, but, while accurate, that term is too broad to be very useful. For now, I will use the term digital currency to include the full range of digital assets that trade as, and are sometimes thought of as “currencies.”

If regulators (and that term is used loosely here, to include the legislators who create the laws that lay the groundwork for day-to-day regulation) want to tailor rules that aren’t unduly restrictive, and also want to make those rules based on an accurate understanding of digital currencies’ capabilities, they cannot stop at studying Bitcoin. And they can’t stop at studying Bitcoin and a few other heavy hitters, like Ethereum and Dash. They must undertake a serious study of the whole range of digital currencies, and remain attuned to the rapidly changing landscape.

Here, I propose several features of digital currencies that regulators should consider when studying any given one.


Anonymity

Perhaps because of its early association with the dark web and marketplaces like the Silk Road, Bitcoin is sometimes believed to be anonymous. It is not. In fact, because Bitcoin fundamentally is a public ledger of all transactions, it is ultimately far more traceable than cash or instruments like prepaid gift cards. The facts haven’t stopped some lawmakers from lumping Bitcoin together with prepaid stored value cards, and seeking to snuff out presumed money laundering.

Bitcoin can be called pseudonymous, because accounts are, on their face, associated with strings of numbers and letters (i.e., “addresses,” like 1FEen3A3xofeDoSqBh4WDZE42hXZHPpYj8) rather than legal names. Transactions in the ledger look something like this:

A typical Bitcoin transaction. One address sends some number of Bitcoins to another.

Without further investigation, the parties involved in this transaction are not identified. It only takes a bit of legwork (perhaps a subpoena to an exchange where those coins were last traded, requesting information like IP addresses, email addresses, or legal names associated with related Bitcoin addresses) for authorities to connect Bitcoin addresses to their owners, however. (While third party services like coin mixers can provide stronger anonymity for Bitcoin users, they are independent from Bitcoin itself. If regulators are concerned by anonymity, they should target the entities providing those services rather than targeting Bitcoin itself.)

The vast majority of digital currencies are not anonymous; like Bitcoin, they are pseudonymous. But there are a few digital currencies that allow transactions and participants to remain fully anonymous. Zcoin, for example, uses zero-knowledge cryptography to shield the sending address and receiving address. The similarly named Zcash shields the addresses and the amount transacted.

Anonymous digital currencies are more likely to be used to launder money than are pseudonymous digital currencies. Monero, for example, is another digital currency that provides anonymity — or, at least, aspires to. Recently, the criminals behind the WannaCry ransomware attack exchanged the Bitcoin they received from victims into Monero, (presumably) to anonymously trade into fiat currency.

Because digital currencies that provide anonymity are more ripe for money laundering and other criminal activity (such as the sale of drugs and other contraband), regulators should understand the level of anonymity provided by particular digital currencies. [[[e.g., as related to taxation]]]

Central Authority

Bitcoin is largely decentralized. There is no central governing body with authority to impose changes. There are parties that wield power; for example, developers can craft changes to the underlying code that runs the network, and miners (who deploy computing resources to secure the network) can elect to adopt changes to the code base (or not). But developers cannot directly impose changes — if their modifications to the code are to be used, they must be adopted by a critical mass of miners. Changes are slow and sometimes contentious. Witness the long-simmering disagreement over certain changes to the protocol, and ensuing “fork” that left the world with two versions of Bitcoin (i.e., Bitcoin and Bitcoin Cash).

While many have financial and other (e.g., philosophical or political) stakes in the success and direction of Bitcoin (e.g., miners who have made large investments in infrastructure and profit from mining rewards and network transaction fees), Bitcoin is not an entity, nor is it run at the direction of any person or entity. This is not the case for all digital currencies. Ripple, for example, which can facilitate international money transfers for entities like banks, is the product of a for profit company and is backed by Google Ventures and Accenture.

While a digital currency’s governance structure (or relative lack thereof) is not directly related to that currency’s features (which should be the primary focus of regulators, since features dictate use), a strong central authority creates more potential for platform-wide abuse, such as fraud or theft. This danger is, to date, only theoretical. Take, for example, the digital currency Tether. It is the product of a private entity, and that entity claims to back every unit of Tether with one U.S. Dollar. It publishes a statement of its reserves, and it claims that its reserves are “fully audited.” Ultimately, however, individual users cannot verify these claims. I have no reason to doubt Tether’s honesty; the point is only that the potential for abuse exists.

Even when a digital currency doesn’t make claims about reserves, there remains danger in centralized authority, particular if not all elements of the currency are open source. Even partially closed source means that users, again, must trust the central authority to not grant itself latent powers. And any point in a digital currency’s system that requires faith can be abused. Regulators should be aware of this potential.

Finally, concentrated authority means that the fundamental nature of a digital currency can change overnight, without any input from or assent of its holders. Because it’s code, rather than legal contracts, that defines the features of any digital currency, the potential exists for those with power to make changes that harm the interests of others.

Smart Contracts

While some digital currencies allow only simple “send” functions, that transfer units from one address to another, others, like Ethereum, natively support more complex transactions. Byteball, for example, allows users to agree to conditional transfers (which can look a lot like bets). Byteball users might agree that a certain amount of the currency will be deposited by one party and held in escrow until the outcome of a sporting event is known. The currency in escrow will be transferred to one party or another depending on the outcome. Byteball users can similarly create flight delay insurance contracts with one another; an insured is paid if her flight arrives late.

Ethereum allows users to create and become party to smart contracts that do far more than a simple conditional transfer. A smart contract can instantiate a “decentralized autonomous organization” (“DAO”). A DAO can be created for any purpose; the idea is that members of the organization make decisions based on the rules of the contract that created the organization in the first place. The smart contract that creates a DAO is like a company’s registration documents, structure chart, bylaws and workflow procedures all wrapped into one. Members of the DAO may have voting rights; if they do, it’s possible to create a “collective” that will rigidly adhere to its own rules and that (because all decision-making takes the form of user interactions with the smart contract, and those user interactions themselves are transactions on the blockchain) keeps a permanent record of all votes and transactions.

A DAO can quite easily function as a decentralized investment collective, for example. People or entities deposit Ether (or whatever digital currency is used to pay transaction fees to the network on which the smart contract is built) into the DAO’s smart contract, and in return become members of the DAO. Members can vote on the collective’s subsequent investment decisions. The DAO’s smart contract has rules governing (and therefore automating) payment of dividends, and allows members to withdraw their share of funds under certain circumstances. There is one particularly famous example; that DAO (“The DAO”) constituted a venture capital fund that raised $50MM from over 18,000 stakeholders. It ultimately had one-third of its capital drained by hackers who discovered a security hole in the smart contract’s code.

Development teams are hard at work coding smart contracts for myriad purposes. Splyt promises decentralized fractional ownership of real-world assets. You might, one day, be able to buy a share of a bicycle, car or house via a smart contract that lives on the Ethereum blockchain. SmartRE plans to allow homeowners to sell fractional ownership in their property; buyers will be able to use iOS and Android apps to search for and purchase stakes. Other possibilities include prediction markets, notary services, and Ponzi schemes.

If a digital currency allows smart contracts, it means that the currency can be the home of wide-ranging activity beyond the simple transfer of value from one party to another. That potential means more for regulators to investigate, learn and ultimately, maybe, regulate. It might not be surprising that in July 2017 the SEC released a statement concluding that The DAO participants violated federal securities laws with their unregistered offers and sales of shares in the organization.

In the SEC’s statement regarding The DAO and other virtual organizations, Steven Peikin, the Enforcement Division Co-Director, commented, “As the evolution of technology continues to influence how businesses operate and raise capital, market participants must remain cognizant of the application of the federal securities laws.” Similarly, regulators must remain cognizant of the potential applications of smart contracts. The more flexible a digital currency, the more varied its uses will be.

Update, Sept. 1, 2017: China’s Internet Finance Association has weighed in on Initial Coin Offerings. It noted that ICOs have “grown rapidly in the country, disrupting the socioeconomic order” (English translation via Google). It warned ICO participants to be aware of fraud and deceit in the ICO market, to be aware of the risk related to the lack of disclosure, and to steer clear of illegal behavior. And China’s Office of Legislative Affairs of the State Council recently published draft rules calling for investigations of suspected illegal fundraising involving digital currencies.
Update, Sept 4, 2017: ICOs are now banned in China, at least for the time being. A committee headed by China’s central bank has asked local regulatory bodies to investigate and report on 60 digital currency exchanges.

Tokenization

Perusing the front page of coinmarketcap.com, one could easily think that all of the listed items are digital currencies. They say as much in the title, which is “CryptoCurrency Market Capitalizations.” In reality, many of the entries are “digital tokens,” rather than digital currencies. Digital tokens are products of digital currencies, not currencies themselves.

For example, on the Ethereum network, users can instantiate tokens to their heart’s desire. (So long as one is willing to pay the transaction fee required to create them.) Those tokens can be traded within the Ethereum network, and the Ethereum blockchain keeps track of ownership. The tokens trade on exchanges under their own symbols, and ownership sometimes permits holders to perform certain functions in systems outside the network on which they were created. The Golem Network Token, for example, was created on the Ethereum network, and allows users to spend the tokens in exchange for computing power. The Basic Attention Token is used in an economy composed of advertisers, publishers, and consumers. Consumers are paid in the tokens for viewing ads and advertisers pay publishers tokens to display their ads. In the GNOSIS prediction market, bets are made and paid out in the market’s own native coin, the GNOSIS Token.

Regulators should notice that these tokens are not simply currency denominations. They can be the keys to interface with a limitless variety of external systems. (For example, the Eros project, which raised money on the promise of being the “bitcoin of the escort market.” Tokens, the project website promised, would be the native currency in its eBay for sex. While there is suspicion that the entire project was a scam, the project did garner substantial interest and was technologically feasible.) Further, they are not primarily meant to be stores of value like Bitcoin or Decred. This categorical difference means, for example, that if Bitcoin ever makes the leap from regulation as a commodity to regulation as a currency, the same should not be true for the tokens.

Securitization

Tokens go beyond the simple “coin of the realm” model, too. Many buy a slice of the profits of the organization they represent. For example, BitDice, an online casino that takes bets in digital currency, is currently conducting an ICO (Initial Coin Offering). The casino will distribute 70% of its profits to token holders, in proportion with the number of tokens they own.

If the BitDice token sounds a bit like a security to you, you aren’t alone. Prompted by the rise of ICO activity, the SEC recently hinted that some virtual tokens may soon be regulated as securities. Under the Howey test, a security is “an investment of money in a common enterprise with profits to come solely from efforts of others.” See SEC v. Howey, 328 U.S. 293, 301 (1946). BitDice tokens are sold for money and its casino is a common enterprise. So when token holders aren’t project insiders, the tokens constitute securities.

BitDice has good company. Others that have recently sold or soon will sell ownership shares via token include Iconomi (investment platform), Patientory (healthcare information management), and Ambrosus (food and medicine supply-chain tracking). The busy ICO calendar reflects how quick, easy, and inexpensive the process of creating a token supply is. At the moment, a 500,000 token-supply can be created for a network fee of $0.003. And the setup requires only a few clicks and no programming knowledge.

Regulators should be aware of this activity, and do their best to understand the nuances. There are risks to consumers beyond those associated with buying shares of stock listed on the NYSE or NASDAQ. Recently, after a simple website hack, $7MM meant to buy shares in the Coindash ICO was directed into the wallet of a thief. And because tokens are transferred on blockchain networks that may provide true anonymity, stopping illegal activities like insider trading could be particularly difficult.

Quasi-Securitization

Some tokens don’t promise direct payment from the issuer’s profits, but still allow buyers to bet on the success of the enterprise. For example, consider storj. The distributed cloud storage network sold tokens that will be the ticket to buying space on the network. At first blush, this isn’t too different from how Dropbox works — users send Dropbox something of value (fiat currency) in exchange for the ability to store files up to a certain size. But, nobody buys U.S. dollars with the hope that the dollar’s value will increase because of their usefulness on the Dropbox network. On the other hand, people may buy storj tokens with the hope that as the storj network becomes more valuable, the tokens will later command a higher price.

Consider the following: 73,228,000 tokens were sold in storj’s ICO. If the storj network has a total capacity x, one token will be able to buy x/73,228,000 of storage space. If storj is successful and attracts more storage providers to its network, such that its new capacity is 2x, every token should then be able to buy 2x/73,228,000 in storage space — i.e., twice as much. Keeping all else equal, the storj token should trade for twice its previous price.

Even if these tokens don’t qualify as securities, they still attract a great deal of speculation. Civic, a provider of blockchain-based identity verification services, raised $33MM in a June 2017 ICO. As of late August 2017, Civic’s tokens are worth $183MM in total. Tokens don’t stand for any ownership in Civic — their only intrinsic value is that they can be spent within the Civic ecosystem, to pay for Civic’s services. Civic has lofty goals; it wants to become the go-to KYC and identity verification provider for banks, e-commerce and medical providers. It hopes to become the standard provider of e-signatures. And more, including personal identity-theft protection. It’s a safe bet that a large part of Civic tokens present market value of $183MM represents speculation that Civic will become widely adopted, and that demand for the tokens will increase.

The booming market for non-ownership tokens like Civic’s should attract attention from regulators. Many of the issues implicated by securities markets will present themselves here, too.


Assessment of these and other factors should be an ongoing venture. A digital currency that does not provide anonymity today could easily do so tomorrow. Ethereum, for example, does not currently support private transactions, but is set to implement full privacy with an upcoming update. A token that does not pay dividends now might do so in the future. And, because the features of digital currencies are limited only by the present state of technology, future-day regulators might find themselves facing digital money that we can’t even contemplate today.