Crypto Caselaw Minute #24–2/21/2019

This week’s CCM deals with a shareholder derivative suit related to GPUs, a domain name dispute involving an exchange(authored by the esteemed Drew Hinkes), and a settlement between the SEC and a crypto company. [As always, Rosario summaries are “NMR” and Palley summaries are “SDP”, guest post from Drew Hinkes is “DH”]

Disclaimer: These summaries are provided for educational purposes only by Nelson Rosario [twitter: @nelsonmrosario] and Stephen Palley [twitter: @stephendpalley]. They are not legal advice. These are our opinions only, aren’t authorized by any past, present or future client or employer. Also we might change our minds. We contain multitudes. (Picture credit: https://pixabay.com/en/bull-bear-stock-market-business-1885566/; CC0 Creative Commons).

Yang v. Huang, et al., 3:19-cv-00766 (N.D. Cal. February 12, 2019)[NMR]

We’ve written a lot about class action lawsuits. Typically, the cases we covered involved companies that did, or tried to do, an ICO. Usually, things go south, people lose money, and you know the drill. This case is sort of like a class action lawsuit. This case is a shareholder derivative lawsuit against the corporate officers of Nvidia brought by one its shareholders on behalf of Nvidia. Huh? Yep.

Yuju Yang owns Nvidia stock and is suing the corporate directors of Nvidia for violating their duties to the company. Basically, in a shareholder derivative lawsuit the shareholder (that’s Yang) can sue on behalf of the corporation if the corporation has a valid cause of action, but is not pursuing the cause of action for some reason. Here, Yang is suing the corporate officers of Nvidia for mismanagement of the company, and related not so good stuff. So, what does any of this have to do with crypto?

Nvidia, for those of you who don’t already know, makes graphics processing units, or GPUs. The company is one of the two main GPU manufacturers, along with AMD, in the world and has been doing its thing for 25 years now. GPUs are great for video games, but it turns out they can also be great for mining cryptocurrency, and that is where things get interesting with respect to this lawsuit.

There is something called “the business judgment rule” in corporate law. Essentially, judges don’t want to spend time second guessing decisions made by businesses that are, well, business decisions. Put another way, in lawsuits against corporate officers the court will assume that the officers acted in the best interests of the corporation unless proven otherwise. Here, Yang, is suing the corporate officers of Nvidia alleging that they violated their duties and cost the company money in an egregious manner. The corporate officers will inevitably respond that, no they didn’t violate their duties, and instead they were making informed decisions that they believed were in the best interest of the company.

The specific allegations at issue in this suit concern Nvidia targeting the burgeoning cryptocurrency mining market starting in or around August 10, 2017, up to the present day. As alleged in the lawsuit “the Individual Defendants made and/or caused the Company to make false and misleading statements indicating that the Company could withstand the volatility of the cryptocurrency market, specifically through their computer gaming customer demand, and effectively navigate the cryptocurrency market.” In addition, the plaintiff alleges that Nvidia was perfectly capable of managing their inventory, which was allegedly “connected little if at all to customers purchasing its GPUs for cryptocurrency related purposes.” In November 15, 2018, Nvidia said that it expected a $2.7 billion drop in revenue for the next quarter. Whoops.

Yang also alleges that the officers were selling their shares in the company during a boom in the stock price driven by crypto related sales, and that the officers forced the company to buy back shares at inflated prices that they knew were inflated, because of their alleged misrepresentations related to crypto. Oh, and for good measure Yang threw in a blurb about two pending securities fraud lawsuits involving the corporate officers. Man, there is a lot going on in this case. It will be fascinating to see how the defendants respond that, no, in fact they were making informed decisions concerning the focus on crypto and their bullishness was a totally reasonable business decision. Maybe it was, maybe it wasn’t?

Bittrex Inc. v. Amanda Lomendres Lopes, 2019 WL 6562239 (UDRP-ARB Dec.)[DH]

In the early 1990s, Federal Judge Frank Easterbrook and Harvard Law Professor Lawrence Lessig (he who brought us “Code is Law”) famously disagreed about whether law schools should teach students about the emerging “Law of Cyberspace.” Judge Easterbrook thought that industry-specific classes (i.e. “The Law of the Horse”) were “doomed to be shallow and miss unifying principles,” and that law schools should instead teach “subjects that could illuminate the entire law,” like torts, property, and contracts, and then teach students to apply those general laws to novel factual situations. Professor Lessig suggested that there was value in studying the new aspects of cyberspace (privacy, IP rights, etc.…) that would allow students to consider how broader concepts of how law and regulation actually work. Although their dispute focused on what law schools should teach, it highlighted a broader question- would the Internet require radical new legal approaches, or mere adaptations of existing law? Both were right in a sense- although the Internet spawned innovative privacy and IP-related laws, most contract, property, and tort laws work on the Internet the same way they do offline.

One area that required a new legal approach was resolving disputes over web site domain names. Domain names are a new type of property created by the Internet that is globally accessible, adding to the complexity of the issue. Disputes over domain names would be common and needed to be resolved on a global basis.

The solution emerged in the form of Uniform Domain Name-Dispute Resolution Policy (UDRP) established by the Internet Corporation for Assigned Names and Numbers (ICANN), an SRO that sets standards for how the Internet functions. ICANN commissioned the United Nations World Intellectual Property Organization (WIPO) to report on the Trademark Dilemma. On April 30, 1999, WIPO recommended a “mandatory administrative procedure concerning abusive [domain name] registrations”, which would allow for a “neutral venue in the context of disputes that are often international in nature.”

Here’s the process created by the UDRP. First, domain registrars require domain name registrants to agree to arbitration, and to agree that they will not use the domain name to infringe on any other party’s rights. The Complainant, claiming that a domain name is infringing, can file its claim before one of 5 arbitration organizations to start a proceeding to decide who should own the domain name. To prevail on its claim, the complainant must show that the (a) domain name is confusingly similar or identical to its protected trademark /service mark, (b) registrant has no rights /legitimate interests in the domain name, and (c) the domain name was registered and is being used in bad faith.

The registrant can defend by showing (a) use or preparations for use of the domain or a name corresponding to the domain name in connection with a legitimate offering of goods and services before the registrant was notified of the dispute, (b) common knowledge of the registrant being known under the domain name, even absent trademark /service mark, or, (c) a legitimate noncommercial or fair use of the domain name, with no intent for commercial gain to misleadingly divert consumers or tarnish the Complainant’s trademark /service mark. The arbitrator may rule for registrant and deny any relief, or rule for the complainant and order the domain registrar to either cancel the domain registration or transfer the domain to the complainant.

A party who loses a UDRP proceeding may still appeal the arbitration outcome in court, or — in the US- file an independent claim under the Anticybersquatting Consumer Protection Act. Most cases are resolved by UDRP arbitration. (Also, crypto world, take note: Here’s a non-governmental entity recognizing an emerging legal problem and implementing its own effective solution with buy in from necessary intermediaries.)

Recently, crypto exchange Bittrex filed a claim of infringement against Ms. Lopes, who registered www.bittrex-es.com. Bittrex alleged that the domain name is confusingly similar to Bittrex’s web site, www.bittrex.com, that Bittrex owns the trademark for Bittrex, and that the domain was used for a phishing scheme. The arbitrator found that Bittrex made out a prima facie case, and then shifted the burden of proof to registrant Lopes — who failed to respond. (It’s usually smooth sailing when you have competent counsel and the opposing party doesn’t appear to oppose). The arbitrators in this case found that:

• www.bittrex-es.com is confusingly similar to www.bittrex.com (based on other cases that held that adding a hyphen and 2–3 characters to a domain qualifies a domain as “similar”);
• Registrant is not commonly known as www.bittrex-es.com, and does not have any other rights to use that domain name;
• The domain at issue was used in bad faith for a phishing scheme according to the Ethereum Scam Database and the IRIS security platform, sources which the opinion notes have been relied upon in other UDRP arbitrations brought by Bittrex against other registrants;
• Registrant lacked rights and legitimate interests in the domain at issue; and
• Registrant had knowledge of Bittrex’s trademark, as Registrant intended to confuse web browsers into assuming www.bittrex-es.com it was a legitimate Bittrex web site as the basis for its phishing scheme.

Game, set, match, Bittrex. The arbitrator ordered the domain transferred to Bittrex’s control.

In the Matter of Gladius Network, LLC, SEC Administratitve Proceeding №3–19004 (Order Instituting Cease and Desist Proceedings), February 20, 2019. [SDP]

Order: https://www.sec.gov/litigation/admin/2019/33-10608.pdf

Another day, another SEC token sale consent order. While these things aren’t quite an Every Day Thing just yet, the SEC’s enforcement activity in the fraught 2017/18 ICO space has shown no sign of letting up. This latest consent order reflects that. It also shows the potential benefit of working with the commission to voluntarily resolve failure to register a token that is actually probably really a security, whatever the terms and conditions said.

Before we dig into the Order, it’s worth remembering that an SEC consent order is exactly what it sounds like: the respondent (here, a corporate entity that ran an ICO) has consented to the entry of the Order and to the “undertakings” (things it has agreed with the SEC that it will do). There was no litigation. A court didn’t rule on whether or not the ICO was a securities offering. The order is not judicial precedent, though (as discussed below) it’s an indication that the SEC might go easier on people who didn’t commit outright fraud, screwed up by not registering, but came to the SEC voluntarily and worked with it to fix their problem. But, again, it’s not precedent and so far there isn’t very much of that.

The order describes the facts as follows — Gladius developed a network to rent spare bandwith and and storage space to use to defend against cyberattacks to to enhance content delivery speed:

“The Gladius Network was to be a decentralized, peer-to-peer node network that offered internet content providers faced with a DDoS attack or increased traffic the ability to access spare bandwidth and storage space belonging to organized ‘pools’ of individuals and businesses (called “nodes”). Gladius Network participants were able to purchase the excess bandwidth and storage these pools would provide.”

As part of this, they created GLA tokens to be issued on a blockchain, and the tokens would be used as the sole currency for services on the network. Gladius raised almost 13 million dollars worth of Ether in a fall 2017 ICO.

THere was, of course, a whitepaper. And the whitepaper said that the tokens weren’t a security and that purchasers of the tokens were buying it for services:

“The Terms also stated that GLA Tokens were “not being structured or sold as securities or any other form of investment product,” and required purchasers to warrant that ownership of GLA granted access to the Gladius Network, but conferred no equity or other rights (including ownership rights) as to Gladius. Similarly, Gladius required purchasers of GLA in the ICO to warrant that their purchases were made “solely for the purpose of accessing Services . . . [and not for] any investment, speculative or other financial purposes.”

The SEC didn’t buy this, and the Order includes the SEC’s Howey analysis, in which it concludes that the tolen sale was an unregistered securities offering, in violation of the Securities Act of 1933.

What’s interesting about this Order isn’t really the securities analysis which is by this point — even for non-lawyers who follow the space — pretty cut and dry. People invested money with Gladius so that it could build the network and reasonably expected profits from Gladius’s managerial efforts, “whether or not they used the planned [] network” and Gladius offered, sold and distributed the tokens without registration or an applicable exemption.

Realizing that they had problem, though, Gladius “self-reported to Commission Enforcement staff. From the beginning of its discussions with Commission staff, Gladius expressed an interest in taking prompt remedial steps and complying with the federal securities laws going forward.” Instead of imposing a penalty, as it has in other cases (see https://www.theblockcrypto.com/2018/11/17/the-sec-cracks-down-on-two-icos-creates-a-template-for-future-enforcement/) the consent order requires Gladius to register the tokens as a security and give investors the opportunity to get their investment back by filing a claim form.