Who’s responsible for illegal blockchain smart contracts?
Technically, Augur is a binary options marketplace, but who's selling them?
Who's responsible for an illegal smart contract or a legal smart contract used for illegal purposes? On decentralised systems, the answer isn't quite clear and responsibility could arguably land on any of the following:
- The platform developers themselves, such as the Vitalik Buterins, who could arguably be said to "own" the platform and the smart contracts on it
- The creators of a specific contract
- The end user of an illegal smart contract
- The miners who process an illegal contract
Commodity and Futures Trading Commission (CFTC) commissioner Brian Quintenz recently pondered the options aloud at the Gulf Information Technology Exhibition, while emphasising that the views expressed are just his own and do not necessarily reflect the CFTC's opinion.
The rules of the blame game
It's not a hypothetical question. Preventing fraud and enforcing other kinds of laws means establishing which party is responsible for various elements of a decentralised system, and there are a great many smart contracts which might fall afoul of existing laws.
Quintenz gave the example of smart contracts which could resemble investment advice or might constitute insider trading, such as a contract that automatically initiates purchases that would have been illegal in other circumstances or a contract that constitutes illegal gambling.
"A particular area of interest to me is how regulators apply existing legal paradigms to novel technologies not contemplated when those laws were adopted," Quintenz explained. "[The CFTC's typical] supervisory framework is not applicable in the disintermediated world of blockchain, which raises several complex legal and policy issues. In the context of decentralised blockchains, like Ethereum, on top of which multiple applications can run autonomously via smart contracts, it requires identifying who is responsible for ensuring that activity on the blockchain complies with the law.
"To recap, there are many actors essential to the functioning of the blockchain ecosystem: the core developers of the blockchain software, the developers of smart contract applications, miners that validate transactions, and users, who transact and execute smart contracts on the chain."
Question 1: Is it the CFTC's responsibility?
The first thing the CFTC should consider, Quintenz suggests, is whether a smart contract falls under the CFTC umbrella.
- Is it a contract for sale or a rental agreement? Does it have the essential characteristics of a swap, future or option?
- Is the product accessible by US persons?
If the answer is yes to both, it's technically the CFTC's responsibility whatever form it might take.
At this point, the question is whether it violates an existing law, which is where things get very open ended and potentially complicated.
Is the contract being inappropriately offered to retail participants? Does it need to be traded on a securities exchange? Or does the contract itself perform exchange and trading functions? Maybe the smart contract itself needs to be appropriately registered and licensed as an exchange?
Or maybe it's an insurance smart contract that functions as a fully automated insurance product?
"Smart contracts are easily customized and are almost limitless in their applicability," Quintenz says. "For example, a protocol could create smart contracts for flight insurance. If you were worried about a flight being late, you could check how much it would cost to buy insurance, and if you thought the price was reasonable, you could purchase the contract with cryptocurrency. Then, if your flight was late, the contract, by consulting public flight records, would automatically compensate you for the delay."
Is that smart contact an insurance product? Or is it more like an insurance company? Who's responsible for ensuring that buyers are appropriately informed before they purchase it? Who's responsible if someone inappropriately touts that smart contract in a way that constitutes financial advice?
There are no right answers yet, Quintenz notes, but you don't have to look far to find popular contracts which are arguably illegal.
Augur's binary options
Binary options are a type of derivative where a trader makes an all-or-nothing bet on an outcome. For example, whether the price of a certain asset will hit a certain point in the next hour.
Like all investment products, and almost all financial products in general, it's literally just gambling polished up with a fancy name because it's existentially terrifying to think about how the global economy is basically just a giant casino.
Binary options in particular have earned a bad name because they're often shady products touted at inexperienced investors, and so are justifiably regulated quite strictly. In Australia, for example, an entity must hold an Australian Financial Services License to market binary options to Australian investors.
So where does that leave Augur, a predictions market that is technically just an entire network dedicated to the selling of illegal binary options?
And where does that leave the things like guides to purchasing Augur REP tokens? Does it technically qualify as marketing unlicensed binary options?
Augur would have been legally decimated in the blink of an eye if it was a company creating and offering its own predictions to the market. But by decentralising it all, the picture changes. Augur itself is just a bunch of smart contracts, which are themselves just bundles of open-source code.
At what point in time do the letters and numbers in that code become an illegal binary option, and who's responsible for it when it happens?
No one knows.
So who's responsible?
Illegal financial products don't just spring up out of thin air, so someone's got to be responsible – maybe.
Was it the underlying platform developers?
"One could look to the core developers of the underlying blockchain code. Without this foundational code, the smart contracts could never be executed," Quintenz says. "However, these core developers had no involvement in the development of the smart contract code. They invented a code upon which any number of applications can run and, in my view, it seems unreasonable to hold them accountable for every subsequent application that uses their underlying technology, without further evidence of knowledge or intent. They may not even be aware that this particular type of smart contract has been deployed."
It might be analogous to blaming a car maker if one of its vehicles is used as a getaway car after a bank robbery.
Was it the miners?
"Similarly, miners and general users of the blockchain are not in a position to know and assess the legality of each particular application on the blockchain. The anonymous, decentralised nature of the chain makes it difficult or even impossible for miners and users to monitor the activity of other miners and users."
Blaming the miners might then be analogous to blaming the shipping company that brought the bank robbery car from the country of its manufacture to the country it was sold in.
Was it the contract developers?
The contract developers and individual users are the most likely culprits, Quintenz says, within reason. The real question might be whether they had reason to believe their contracts would be used in a way that contravenes existing laws and made no effort to prevent it.
"Think of someone asking you to borrow the keys to your car because they want to rob a bank," he says. "If you let them borrow your car, it would be reasonable for the government to hold you partially responsible for the ensuing criminal activity. However, it would be unreasonable for the government to prosecute the car manufacturer."
But at Quintenz says, cracking down on contract creators does nothing to actually pull them from the market. Illegal contracts will keep ticking along just fine regardless of what penalties are levied on the creators.
Was it the end users?
Individual users are also partly responsible for knowingly accessing illegal contracts, Quintenz says. But he notes that it's not terribly practical to prosecute them.
"Going after users may be an unsatisfactory, ineffective course of action," he said. "From a practical perspective, the blockchain is an anonymised, global network. It seems likely that determined users will be able to gain access."
Plus, in many cases, the end users will technically be the victim of an illegal contract. When an end user "purchases" an Augur binary option, for example, they're technically the victim, having lost their money to a scam financial product. Fining a consumer for violating consumer protection laws doesn't seem terribly productive.
But it wouldn't necessarily be uncharacteristic, given the United States' rich history of civil forfeiture. The notion of penalising a smart contract creator or platform owner is vaguely reminiscent of the many times homeowners in the United States have had their houses confiscated because someone else used or dealt illicit drugs on their property without their knowledge.
Against this kind of historical backdrop, it might be overly optimistic to assume that any enforcement decisions will actually be helpful in any way – especially because there's such a wide gulf between the current state of blockchain technology and CFTC laws.
There might be no practical way of applying existing CFTC regulations
Quintenz's presentation, as an example of the CFTC's line of thought on the blockchain space, mostly highlights the impossibility of trying to lay existing laws over the emerging field of cryptocurrency and blockchain technology.
To paraphrase the implications of his presentation, enforcement actions will inevitably have to take the form of a series of punitive punishments with no effect beyond making an example of the occasional unfortunate programmer.
"Enforcing CFTC regulations against those individuals (contract creators) does not immediately stop the activity from occurring, because individual users could continue to use the software to execute their own event contracts," he said. "In addition, it could attempt to prosecute individual users of the contracts to discourage future participation."
Then you have the impossibility of trying to unify global regulations around global systems.
"In the United Kingdom... event contracts are not viewed as financial instruments, but rather as a permitted form of wagering regulated by the Gambling Commission. And, although the United States permits binary options based on commodity prices, the European Union bans that very same type of product," Quintenz said. "How then does the CFTC enforce its regulations on U.S. activity when the marketplace for that activity has become seamless, anonymised, and global?
"I do not have all the answers today, but I expect it may be an issue that the CFTC faces in the future, as public blockchains create international markets in which everyone wants to participate."
It may or may not have to be this way
Quintenz urges smart contract developers engage with the CFTC to see if there's a way they can create contracts that are compliant with the law. And if that's not possible, he concedes that the CFTC may need to update the laws.
"In some cases, it may be that new products require the Commission to rethink its existing regulations or provide regulatory relief – both courses of action that I think would be appropriate depending upon the technology in question."
But the CFTC can't let it go until it knows more, he said.
"I would much rather pursue engagement than enforcement – but in the absence of engagement, enforcement is our only option."
In the end, it might be that any jurisdictions with overly onerous laws will simply find themselves excluded from the open market – a la residents of New York being excluded from the global cryptocurrency markets – and forced to unnecessarily commit resources to policing something that no one else is bothering with.
So far, it's not entirely clear how or why most smart contract developers would bother with the creation of contracts that explicitly work in line with global regulations. Slapping a "do not use if you are a US resident" sticker on a GitHub repository is one thing, but creating a contract that, for example, simultaneously manages to be licensed as a wager in the UK, a financial product in Australia and unavailable to US residents, simply won't be happening.
It's already very clear that existing laws will need to be updated for the blockchain age, ideally on a global scale. Punitively applying the letter of all existing laws, even just as a stopgap, is just pointless cruelty.
And to its credit, the CFTC has been very mindful of this. So far it's only been going after outright scams, rather than going down the road of punitively punishing legitimate projects.
But unified cryptocurrency regulations will be needed eventually, and given the tendency of US laws to run over the rest of the world, it might be time to start looking in that direction rather than wondering how to apply existing laws to the crypto space.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and ADA.