A Response to SBF and Principled Crypto Regulation

Above image by AI, with prompt “a free city in the future, prosperous, classical artwork style, rennaissance”

Warning… long read.

Yesterday, Sam Bankman-Fried posted his “Possible Digital Asset Industry Standards.” He describes the document as “a set of standards that we as an industry could enact to create clarity and protect customers while waiting for full federal regulatory regimes.”

He stresses that his post is “just a draft” and he welcomes feedback.

Some have thrown Sam under the bus, questioned his motives, called him mean names, etc.  While I’ve met Sam, I don’t know him personally, and I’m going to give him the benefit of the doubt. My assumption here is that Sam is a good actor attempting to make a productive contribution to crypto policy.

This whole topic is too important for a mere snipey Tweet, so below are some deeper thoughts on crypto industry regulation and Sam’s specific proposals. 

Background

Factually, it’s important to understand where Sam is coming from; he is the Founder and CEO of FTX, one of the largest crypto exchanges in the world, and certainly the fastest growing one over the past few years. As a business, FTX can only be described as an inspiring achievement. 

Notably, FTX is custodial: it is a financial intermediary holding billions of dollars of customer money and personal information. 

Today, all financial intermediaries are regulated under numerous government agencies, and any operating within the US must abide by the Bank Secrecy Act (BSA). All such intermediaries are coerced into spying on their users through the KYC/AML regimes.

This naturally endangers all users because it exposes their personal information to X number of databases, negligent or malicious employees and 3rd parties, government entities, and all manner of data breaches, even though the users haven’t been accused of any wrongdoing. For this reason, the noble goal of consumer protection is sadly at odds with following the law; if you’re a financial intermediary, you can follow the law by siphoning and exposing the private details of millions of innocent people, or you can protect them by not siphoning that information… which means you’re breaking the law.  

Regulators don’t see this as a conflict, because they believe the world should trust them to store, analyze, and act on this personal information ethically.  “We’re from the government and we’re here to protect you, what do you have to hide?” etc.  Of course, every surveillance organization—from anti-protestant spy networks in the 16th century to the Soviet KGB in the 20th—believes it is acting ethically. 

But as sovereign humans in an allegedly free society, maybe we disagree.

SBF’s Suggestions

I appreciate that SBF welcomes feedback on his proposal, and since FTX currently endures substantial regulation, it’s understandable that he wants to help shape the future of this regulation. 

Let’s dig in…

Do we actually need regulatory oversight? That’s a deep conversation, better over beers and a campfire. For the purpose of this piece, we can agree at least that “there is and will be regulation.” Indeed, there are literally thousands of pages of financial regulation in the US alone, and much of it already applies to various crypto services. Nobody should perpetuate the myth that crypto is “unregulated.”

Sam says we need consumer protection.  I agree wholeheartedly. 

Sam says we need to “ensure an open, free economy, where p2p transfers, code, validators, are presumptively free.”  It’s clear he means free as in freedom, not as in “no cost,” and as such, I again agree wholeheartedly. A free economy is quite literally what Bitcoin and its crypto offspring are all about. 

A note on “standards” vs “regulations”

Rules are important, and rules in society can occur at a variety of levels and through a variety of means. A family has rules. A friendship has rules. An HOA has rules, as does the HR department of a business. Contract rules govern all manner of human interaction. “Standards” generally mean voluntarily-adopted rules within an organization or industry. These are noble, for they are not achieved through coercion and violence, but through consent and market forces. Standards are everywhere around you, from the shape of a USB connector to the barcodes on a book cover.

I am all for industry standards! Crypto could benefit from some.

Regulations… this is a different matter. Regulations are rules enforced coercively by the state. You probably agree with some and disagree with others, but they are fundamentally unique in that they rely on violence, not consent.  

  • To the degree someone proposes a rule via standard, we should listen eagerly and consider the proposal, for they act with civility under the banner of peace.

  • To the degree someone proposes a rule via regulation, we should employ a high degree of skepticism and caution, for they act without civility under the banner of violence. 


Blacklists

The concept of blacklists is interesting, and in certain cases I not only support them, but have participated and contributed to them.

 ShapeShift, for example, worked with several other leading exchanges & wallets starting back in 2016 to identify and blacklist what we considered to be illicit funds. If an exchange was hacked, for example, we’d do some blockchain forensics and block not only the direct recipient address of the stolen funds, but ancillary addresses. We worked with these other companies (who were technically competitors) to protect users.  

Importantly, we implemented blacklists voluntarily at the layer of our own applications. We did not seek to change protocol or legal rules to prohibit transactions at the blockchain layer. 

But it would be so much easier if the blockchains themselves would block illicit funds, wouldn’t it? 

That, my friends, is the road to ruin. That is the road to tyranny, ubiquitous surveillance, and the worst dystopian, Orwellian financial system that could be dreamed up. That is the road that every CBDC will take. Crypto—true crypto— must be different, or it has no reason to exist. Immutability at the base layer is the raison d’être.  

Sam’s suggestion of blacklists, created and updated in real time, which any party can access, is a reasonable idea. To the degree FTX desires such a list so that it can—with its own software and app layer—decide to block illicit transactions, that is perfectly fine, and is compatible with the free, open markets that Sam claims to desire, because it affects only his private property. 

Here is where the line must be drawn:  no law shall ever be made in America or any nation of free people whereby it is legally mandatory for blockchains or code itself (ie smart contracts) to enforce any blacklist whatsoever. 

  • If developers (the writers of speech in a digital age) wish to subordinate their decentralized code to a blacklist, that is their choice. 

  • If developers (the writers of speech in a digital age) are forced to subordinate their decentralized code to a blacklist (else they as authors or validators are fined or imprisoned), that is tyranny which must be resisted by every participant of this industry. 

That such would be a violation of the 1st Amendment is clear, and that such is more importantly a violation of morality among free people should be similarly apparent. 

On OFAC Specifically

In the blog, Sam stated that “everyone should respect OFAC’s sanctions lists.” This triggered me yesterday, and it deserves a more thorough response here.

For those who aren’t aware, OFAC (Office of Foreign Assets Control) is a department within the US Treasury, and they maintain a very specific blacklist of “sanctioned entities.” It is illegal for any American to do business with anyone on that blacklist.  That’s not necessarily unreasonable, is it? If that list is like the Top 10 FBI Most Wanted—people almost certainly guilty of heinous crimes—then precluding Americans from doing business with them is somewhat reasonable. 

But the OFAC list includes entire countries. It includes the entire nation of Iran, with 83 million people.  It is illegal for any American to do business with any Iranian.  You know those insanely brave Iranian women standing up against oppression in Iran right now? Those women espousing the greatest American virtue of individual liberty and doing so while literally facing torture and death?  If you’re an American, it is illegal for you to interact economically with those women, because of OFAC. 

This is not just absurd from an enforcement perspective, but is plainly unethical. The vast majority of Iranians, like the vast majority of Americans, are good people. They are not criminals. And to make a criminal of a good American because she does business with a good Iranian… this is inexcusable for a nation that purports to be virtuous. Two good people interacting voluntarily with each other should not be a crime. 

OFAC is unjust and unethical, and is anti-American, as defined by the virtues upon which this country is built. 

For Sam to suggest that the industry “should respect OFAC” is unbecoming. OFAC does not deserve respect. It deserves repeal. And anyone genuinely advocating for “an open, free economy” cannot support such blatant financial discrimination on millions of innocent people. 

Hacks and Accountability

SBF’s proposal for how to deal with hacks is reasonable. It is targeted clearly at the industry, as a standard, rather than advocating a coercive government “remedy.” 

Those of us who have run crypto exchanges and wallets have been relying on good-faith cooperation to hamper thefts, and as SBF states, have done a decent job with this. It goes without saying that profit-seeking, self-interested crypto exchanges have done more to improve security and thwart hackers than any politician or government law.  

When funds are retrieved, 9 times out of 10 it is the voluntary cooperation of exchanges which led to it. A lot of this goes on in the background, and to those participating in this self-policing, thank you.

Humbly, I’ll add that the best defense against hacks is the continued advocacy of self-custody and non-custodial exchange and wallet models. Self-custody as a market solution will always trump laws and mandates which try to protect centralized honeypots. 

Asset Listings & Securities

SBF states, “At least as of now, one central question that actors in the industry must sometimes answer is whether a particular asset is or is not a security.”

Sam raises a great point, fundamental to this industry. His conveyance of how FTX handles the question of securities is again reasonable, and he’s not advocating for any special new regulations.

But I must take this opportunity to rant for a minute…

It is not an exaggeration to say that tens of millions of dollars of legal bills have been spent by crypto exchanges trying to answer the question that Sam raises. 

If transparent, clear, consumer-protecting regulation is important, why doesn’t the SEC—which is charged with defining and enforcing securities laws—sit down for an afternoon and create a f#&%ing list of which assets are securities?

“The laws are clear,” they repeat to us. “Follow the Howie Test.”

Yet, Gary Gensler and his agency have been unwilling to draft even a list of the top 20 crypto assets to state authoritatively which ones are securities.  

They won’t even tackle the top 20. Why? 

If it’s so easy, fulfill your leadership position, Gary, and draft such a list!  Instead, you speak in platitudes and produce folksy YouTube videos while millions of consumers and an entire industry writhes around in confusion, suffocating under the weight of legal invoices. Not to mention Bastiat’s unseen, the great innovations which do not exist because their brilliant creators were too scared of prosecution. I bet there are thousands of innovators reading these sentences with tears in their eyes, because they didn’t have $100k to spend on preliminary legal review.

Occam’s Razor: the reason the SEC hasn’t produced such a list is because it’s not clear at all which tokens are classifiable and enforceable as securities. It’s not clear to the SEC. It’s not clear to industry participants. It’s not clear to lawyers. And it’s not clear to the public who buy and sell these things. 

The SEC enforces where it thinks it can easily win, and absolves itself of any proactive definitions, relying on an 80-year old rule about Florida orange groves to govern a global multi-trillion dollar industry of diverse and evolving digital assets. Is Dogecoin a security, Gary?  Is an NFT? What about an NFT that pays royalties? What about an LP token? A governance token? 

Sam and FTX have done what every crypto exchange has had to do, paying millions of dollars in legal fees to navigate an undefined space, and if their analysis is wrong in the eyes of an opaque agency, they get to spend millions more in an attempt to ward off the hounds, all for the crime of giving consenting adults a secure platform on which to voluntarily buy and sell digital assets. Is this America or the Soviet Union?

Worth noting, of course, is that any digital asset which has been explicitly characterized as a security has been effectively stillborn. And worth noting too, is that had Ethereum been explicitly classified as a security upon its initial crowdsale, the SEC would’ve smothered in its crib one of the greatest world-changing inventions in human history. 

Thank god Ethereum’s founding team had the courage to proceed without permission.

Customer Protections, Disclosures, and Suitability

“The clearest way to help protect investors is to provide transparency and prevent scams.”  - SBF

“Investors should be given clear, comprehensible information describing the asset they are considering, and regulators should crack down on any that misrepresent or make materially misleading marketing claims.” - SBF

We can agree wholeheartedly here.

I don’t believe anyone, even the die-hard libertarians, are really opposed to an agency like the SEC of CFTC prosecuting someone who steals or defrauds people. Gary, go after fraudsters and I will applaud your work. 

When it comes to “disclosures,” there is room for reasonable people to have different opinions about what is appropriate. 

Ceteris paribus, it is better when a buyer of an asset has easy access to important information about that asset. But how much information is important? Information from whom? How must it be written? How much must it be restrained to facts vs thoughtful opinion? Should disclosures be coerced (ie must an exchange communicate certain things by law)? When something is truly innovative, what does an “authority” even know about it?

In my humble opinion, the complexity of these questions is precisely why a market can and should handle the problem, and coercive regulations aren’t advisable. 

If an adult wishes to learn about an asset, today she may do so with the greatest tool ever invented by man: the internet. The ability to find information—shallow or deep—has never been stronger today, though this is where we must address personal responsibility. As a free, sovereign individual adult, it is my responsibility to learn about that which I buy. It is not my neighbor’s responsibility, nor the responsibility of the store from which I shop, and it is certainly not the responsibility of some politician 2,000 miles away from me to cultivate such information for my consumption. 

It is my responsibility, and to the degree I don’t understand something, I should avoid it.

Is the average American adult so foolish that this principle is unreasonable? If so, who at the US Department of Education should be accountable for such widespread failure?

Now, if someone lies to me, if some misleads me or cheats me in some material way, then a breach has occurred. This is precisely where a responsible regulator should become interested.

But if no such breach or lie has been committed, then my efforts as an individual and the market actors with whom I interact can, in general, figure these questions out. Maybe I choose to be reckless and yolo into every new meme-coin? Maybe I am incredibly conservative and spend three months deeply researching an asset? These are my choices to make, and those exchanges or services which provide useful information in my journey I will seek out and engaged with.

To the degree FTX voluntarily provides useful market and product information to its customers, I applaud them. 

To the degree a government agency crafts a one-size-fits-all disclosure regime and mandates it across all actors and circumstances, that’s worth resisting. 

After all, step back and consider the world tradfi has created. Open a brokerage account or buy an equity and there are hundreds of pages of disclosures. Do you find them valuable? Do you even read them? Do we want to replicate the “disclosure theatre” of the status quo finance system? 

Maybe, just as we can choose which foods to put in our bodies, we can choose which assets to put in our portfolios. Maybe we can be permitted to make mistakes and learn from them, as free people must do. And maybe if we start treating people like adults, more of them will start acting the part.

DeFi

Defi is the shining city on the hill. 

It is the frontier of finance. Everything good and beautiful about crypto has been a step in this direction: an open, borderless, immutable economic foundation for the world.

If defi does not swell your heart with joy, hope and inspiration, you are missing something. 

Bitcoin was the first defi project (granting us decentralized money itself), and the phenomenon has expanded outward in all directions, much of it existing now upon open-source smart-contracts.

Defi transcends humans and their political machinations. Defi operates through immutable code, and as such, represents “an economy of laws and not of men.” It is this neutral, objective foundation for economic arrangement which future generations will look back upon and thank us for.

They will thank us, so long as we don’t fuck it up.

The way to fuck it up is to treat this transcendent realm the same as we treat our subjective, human-biased, highly corruptible fiat financial system. The latter is based on layers of custody and intermediaries, each of which must be trusted opaquely (we cannot know how any centralized financial institution will behave in a given circumstance). Yet the former is based on open-source, immutable code, which acts precisely as it’s written. 

The root problem with conventional currencies is all the trust that’s required to make it work” - Satoshi

This new, special realm of defi does not bow to man, and if we try to make it do so,  we will corrupt only ourselves. 

Sam’s suggestions regarding defi are the most problematic of his blog. 

Thankfully, he recognizes that decentralized code is speech and as such ought not be regulated.  But unfortunately, he then advocates all manner of regulation on the means by which normal humans interact with such code. 

The above snippet is from Sam’s post. In point 3, Sam is advocating that a website which allows one to view/read/write to a defi smart contract should be “licensed.”

If we’re being honest about the result, this would mean, for example, that you would need to KYC to use Uniswap.com.  It would mean 80 million Iranians would be prohibited from accessing functions on Etherscan. It would even mean a non-custodial Bitcoin wallet interface would be required to spy on its users and report suspicious activities to FinCEN. 

These burdens are today suffered by all intermediaries, including FTX, Kraken, Coinbase, etc. With Sam’s above suggestion, the burdens would be expanded to every front end access point to the world of defi. Beyond the ethical concern, the simple cost of such compliance is a six-figure amount per year. Front-ends designed and built by hobbyists and enthusiasts would disappear, and this gets more frightening when one realizes that most early Bitcoin companies were simply projects set up by hobbyists and enthusiasts.

Requiring a license or compliance program = only well-funded companies are permitted to build financial software. The basement startup is excluded by law from the industry. It’s understandable for JP Morgan to advocate this. Hopefully FTX is not.

And from the user’s perspective, sure, the technical could still legally engage directly with a smart contract via command prompt (or would command prompt software be considered an interface?), but for 99% of people, defi would become tradfi. 

Such an outcome should not be acceptable to anyone who advocates for an open financial system.

“If you host a website that makes it easy for US retail to connect to and trade on a DEX, you would likely have to register it as something like a broker-dealer/FCM/etc. You would also potentially have KYC obligations.” - SBF

No. We cross that line, and we lose.

“We” here doesn’t mean us crypto folks. “We” means humanity, that vast majority of good people around the world that deserve and would greatly benefit from an open, immutable foundation of money and finance. It mustn’t be governed or controlled by any specific flag, just as we would not permit a flag to govern mathematics or language.  

Let the Chinese Communist Party try to impose their rules of tyranny on crypto. Let the autocrats in the Kremlin try to enforce against decentralize finance. But do not let America fall to the impulse of central control and surveillance over a decentralized realm. 

From a practical standpoint, a website which enables access to a defi contract is not holding any customer money, so why should it be treated as a “broker-dealer” replete with licensure? 

But from the more important principled standpoint, under what ethical justification do we prohibit the writing of software without license? Can we imagine the web itself if we needed to KYC before a Google search, or if we needed a license to post a blog? Are information and ideas any less dangerous than money? The freedom of not needing those things is why the web is beautiful and special, and is why the web is our last bastion of freedom in a world creeping toward autocracy. 

That ground was not given in the fight for the web.

It would be tragic indeed if the crypto pioneers surrendered that ground in the fight for money.

Stablecoins

Sam links to a https://www.ftxpolicy.com/posts/context-stablecoin-regulation on proposed stablecoin regulations in his blog. 

This is a topic that deserves separate treatment, and it occupies a strange place between crypto and fiat. I’ll save my comments on stablecoins for another time. 


Concluding Thoughts

Sam - if you’re reading this, I have three main suggestions for you. To the degree you’re principled, consider them on principle.  To the degree you’re self-interested, consider that much of the industry is principled and will revolt against you if you violate what is good and noble in crypto. 

  1. When it comes to blacklists, draw a line between the reasonable creation of blacklists accessible by private parties to help reduce fraud/theft, and the unreasonable creation of blacklists which are imposed coercively on all market actors (whether at app or protocol layers). The latter is the path to tyranny. 

  2. Reconsider your fidelity to OFAC. Obviously, as a company and an American you have to comply with it. But you don’t have to honor it, and someone of your stature should be speaking out against the injustice of it on humanitarian and economic grounds. 

  3. Consider that decentralized protocols aren’t appropriate to govern under the Bank Secrecy Act and its downstream regulations, which conceives only the relationship between intermediaries and customers. Exclude that which is decentralized from any bills which contemplate intermediaries. And crucially, the publishing and hosting of websites, to the degree that they aren’t financial intermediaries themselves, must remain free and open, regardless of whether they’re providing access to a financial smart contract (as with Uniswap.com) or to the entire canon of human knowledge (as with Wikipedia.com)

On a practical level, I know the DCCPA bill is looming. To the degree that this bill clarifies, simplifies, or improves financial regulation as it pertains to financial intermediaries in the crypto ecosystem, that’s reasonable and you likely have important and valid thoughts on this topic. To the degree this same bill tries to contemplate and govern defi, and does so by fitting the status quo principles of financial surveillance and control upon it—even if only through the interfaces (which everyone uses!)— that would be a serious step backward. Defi, being unassailable, would survive, but America’s position as a leader of global finance, may not. 

Don’t let the entire United States make the mistake New York made with the Bitlicense. The echos are loud.

As my last appeal, I ask you to consider your own wisdom…

Sam, thank you for building an amazing crypto company, and please remain a principled steward of, as you put it, “an open, free economy.” 

Previous
Previous

Sophistry and the Savior

Next
Next

The Veil of Democracy