A recent public statement from the U.S. Securities and Exchange Commission implied that those engaged in writing and publishing code might need to worry about running afoul of securities laws. In its statement about the cease and desist order against the co-founder of decentralized cryptocurrency exchange EtherDelta, the SEC indicated that someone who simply “provides an algorithm” might be found to be running a securities exchange.  In the order itself, the SEC stated that EtherDelta’s creator had violated securities laws because he “wrote and deployed” code that he “should have known” would contribute to EtherDelta’s alleged violations. EFF today sent a public letter reminding the agency that writing and publishing code is a form of protected speech under the First Amendment, and that the courts don’t take kindly to government agencies requiring people to obtain licenses before exercising their free speech rights. 

EtherDelta was founded by Zachary Coburn. The SEC charged Coburn with running an unregistered national securities exchange, and he settled and agreed to pay over $300,000. While EFF takes no position on whether other aspects of EtherDelta violated the law or SEC regulations, EFF urged the SEC to clarify its dangerously broad language regarding potential liability for merely writing and publishing code.

Setting aside whatever other issues the SEC might have had with EtherDelta, there are many reasons why software that enables decentralized currency or other exchanges may be useful to consumers. That’s why it’s important that regulatory interventions today don’t stifle that innovation by claiming they can impose liability merely for the act of writing or distributing code. 

 Centralized exchanges invest power in a central intermediary, which can freeze the funds of customers, block certain customers from the platform, or block specific transactions, with no obligations to provide affected customers with an appeals process. Centralized exchanges can suffer outages that prevent customers from accessing their digital currencies. These centralized exchanges are also a target for criminals seeking to steal customer funds, and can themselves be run by unscrupulous individuals who abuse their access to customer funds and data.

For these and other reasons, EFF has called on cryptocurrency exchanges to adopt best practices around defending user rights, including issuing regular transparency reports. It’s also not surprising that regulators are cracking down on exchanges, and indeed EFF supports regulators stepping in to hold exchanges accountable for engaging in fraud, theft, and other misleading business practices.

But there’s also a technological response to the risks of centralized exchanges, and that’s where decentralized exchanges come in.

Decentralized exchanges allow for the exchange of digital currencies using smart contracts. Requests to sell and buy cryptocurrency can be submitted to a smart contract that matches and completes these transactions. Decentralized exchanges often don’t need to hold funds for customers—rather, customers can maintain possession of their cryptocurrency, and the decentralized exchange can automatically complete exchanges  without taking possession of the assets. Decentralized exchanges thus do not need to hold a honeypot of money that might attract criminals, as centralized exchanges do, and cannot themselves steal funds. Furthermore, because trades are not approved by an individual or company, they cannot easily be censored by an intermediary.

Decentralized exchanges are in their earliest stages of development. They aren’t widely used right now, but this is an area of rapid research and innovation.  Many cryptographers and programmers are experimenting with smart contract systems to develop new systems to help users correct the power imbalances they face when engaging in online transactions. 

When describing its action against EtherDelta, the SEC argued that EtherDelta “provided a marketplace for bringing together buyers and sellers for digital asset securities through the combined use of an order book—a website that displayed orders—and a smart contract run on the Ethereum blockchain.” The SEC said it would take a “functional approach” to determining whether something was or was not an exchange that should register with the SEC: “The activity that actually occurs between the buyers and sellers—and not the kind of technology or the terminology used by the entity operating or promoting the system—determines whether the system operates as a marketplace and meets the criteria of an exchange under Rule 3b-16(a).”

The SEC wrote:

A system uses established non-discretionary methods if it provides a trading facility or sets rules.  For example, an entity that provides an algorithm, run on a computer program or on a smart contract using blockchain technology, as a means to bring together or execute orders could be providing a trading facility. As another example, an entity that sets execution priorities, standardizes material terms for digital asset securities traded on the system, or requires orders to conform with predetermined protocols of a smart contract, could be setting rules. Additionally, if one entity arranges for other entities, either directly or indirectly, to provide the various functions of a trading system that together meet the definition of an exchange, the entity arranging the collective efforts could be considered to have established an exchange.

 The SEC’s broad language about “an entity that provides an algorithm” could include cryptographic researchers and coders who are publishing ideas or code for debate and discussion, and working to develop systems that could benefit the public. Even if the individuals never deployed the code and never actively maintained or promoted a decentralized exchange, this overly broad language implies the SEC could well expect people merely writing and publishing code to register as a national securities exchange or face liability.

The free speech protections enshrined in the First Amendment and upheld through court cases across decades include the rights of individuals to publish their ideas without preemptively obtaining a license.

 This isn’t just dangerous because it could quell research; it’s unconstitutional. The free speech protections enshrined in the First Amendment and upheld through court cases across decades include the rights of individuals to publish their ideas without preemptively obtaining a license. And code itself is speech. EFF fought to establish this principle in 1995, which led a federal court to strike down Commerce Department export restrictions on encryption technologies for exactly this reason, ruling that forcing cryptographic researchers to obtain a license before publishing their work was a gross violation of the freedom of expression. Other courts have recognized this principle, and today it is not controversial that writing code implicates the same First Amendment protections as writing in any other language.

Imposing liability on coders and researchers who fail to obtain a license as a national security exchange prior to publishing their code on GitHub or describing their methods in a white paper would similarly be an affront to the First Amendment. This would unfairly hamper the expressive rights of countless coders and researchers in this space. As we explained to the SEC, restricting the ability to merely write and publish code would fail the well-established test for imposing restraints on speech. Courts have found that such restraints are justified only in unusual and extreme circumstances, and they must survive the most exacting scrutiny.

There were many facts in the specific case of EtherDelta that may have attracted the SEC’s attention, but the act of publishing code used in a decentralized exchange should not be one of them. As we said in our letter to the SEC, it is crucial that those engaged in developing protocols, verifying transactions through mining, and writing code are not held liable for operating, or assisting with operating, a securities exchange. Imposing regulatory or criminal liability for such activity would run afoul of the First Amendment. 

Read our letter.

Note: EFF is grateful to Prof. Joseph Bonneau, Lindsay Lin, and Marta Belcher for providing feedback related to blockchain technology and policy.