Ethereum 2.0’s New Consensus Protocol: “Proof of Security?”

The author would like to thank Darren Sandler, Gabriel Shapiro and Adrian Cortez for sharing their insights and providing invaluable suggestions during the drafting of this article.

Introduction

On Tuesday, November 12, 2019, Heath Tarbert, Chairman of the U.S. Commodities and Futures Trading Commission (CFTC), indicated that both his agency and the U.S. Securities and Exchange Commission (SEC), were undertaking a careful analysis of Ethereum 2.0’s new proof-of-stake (PoS)-based transaction validation model.1Christine Kim, What the CFTC Chairman Actually Said About Ether Futures and Ethereum 2.0, CoinDesk (last updated Nov. 17, 2019), https://www.coindesk.com/what-the-cftc-chairman-actually-said-about-ether-futures-and-ethereum-2-0. As recently as October 10, 2019, the same Heath Tarbert stated approvingly that “It is my view as chairman of the CFTC that ether is a commodity.”2Daniel Roberts, CFTC says cryptocurrency ether is a commodity, and ether futures are next, Yahoo! Finance (Oct. 10, 2019), https://finance.yahoo.com/news/cftc-says-cryptocurrency-ether-is-a-commodity-and-is-open-to-ether-derivatives-133455545.html. And in June of 2018, William Hinman, Director of the SEC’s Division of Corporation Finance, stated, “[B]ased on my understanding of the present state of Ether, the Ethereum network and its decentralized structure, current offers and sales of Ether are not securities transactions.”3William Hinman, Digital Asset Transactions: When Howey Met Gary Plastic), U.S. Securities and Exchange Commission (June 14, 2018), https://www.sec.gov/news/speech/speech-hinman-061418. Some commentators already believe that Ethereum dodged a bullet for not being brought to task for its token sale in 2014,4See, e.g., Preston Byrne, Ether is not a Security?, The Back of the Envelope (a blog) (June 14, 2018), https://prestonbyrne.com/2018/06/14/ether-is-not-a-security/; Chris Padovano, What Nobody Wants to Hear: The Sale of Ether Tokens was Likely a Sale of Securities, Decentralized Legal: Emergent Legal Issues Facing Distributed Systems (September 6, 2016), https://web.archive.org/web/20190517210405/https://decentralizedlegal.com/ether-is-a-security/. so the fact that it is now back under SEC review is legitimate cause for concern. If the SEC concludes that Ethereum’s new PoS validation model involves securities transactions, it could have significant negative implications for the Ethereum Network’s planned upgrade to version 2.0, as well as the wider cryptocurrency market.

What is Proof-of-Stake?

In contrast to Bitcoin’s “global, statistical gamble which is played every 10 or so minutes”5mining pools – What are bitcoin miners really solving?, Bitcoin Stack Exchange, (answer updated Dec. 9, 2017), https://bitcoin.stackexchange.com/questions/8031/what-are-bitcoin-miners-really-solving/8034#8034 known as proof-of-work (PoW) mining, PoS mining typically requires operators of validator nodes (i.e., “validators”) to store (i.e., “stake”) a specified amount of cryptocurrency in their digital wallet and keep the wallet online so it can automatically broadcast its balance to the network.6Darren J. Sandler, Citrus Groves in the Cloud: Is Cryptocurrency Cloud Mining A Security?, 34 Santa Clara High Tech. L.J. 250, 258 (2018). Furthermore, whereas PoW rewards miners who successfully prove their work with a fixed amount of cryptocurrency upon block creation,7See, e.g., Andreas Antonopoulos, Mastering Bitcoin: Programming the Open Blockchain 26 (2d ed. 2018) (“A successful miner will collect a reward in the form of new bitcoin and transaction fees.”) PoS protocols typically reward validators with a block reward in proportion to their stake.8Ameer Rosic, Proof of Work vs Proof of Stake: Basic Mining Guide, Blockgeeks (Mar. 15, 2017), https://blockgeeks.com/guides/proof-of-work-vs-proof-of-stake/.

In the case of Ethereum 2.0, users “can post Ether as collateral and verify and attest to the validity of blocks to seek financial returns in exchange for building and securing the protocol.”9Diederik Loerakker, Ethereum 2.0 Phase 0 — Honest Validator, GitHub (updated Nov. 15, 2019), https://github.com/ethereum/eth2.0-specs/blob/dev/specs/validator/0_beacon-chain-validator.md. The requirements to become an Ethereum 2.0 validator are as follows:

To collect staking rewards / transaction fees, validators must also do the following:

  • Maintain a balance of 32 Ether in the validator wallet;
  • Ensure that the validator is updated with the latest software; and
  • Ensure that the validator client stays online and can communicate with the network.11Id.

How Might Ethereum 2.0’s PoS Model Implicate Securities Laws?

The starting point for determining whether something qualifies as a “security” under U.S. law is by looking at the statutory definition of “security,” which can be found in Section 5 of the Securities Act of 19331215 U.S.C.A. §77b(a)(1) (West 2019). and Section 12(g) of the Securities Exchange Act of 1934.1315 U.S.C.A. §78c(a)(10) (West 2019). “‘Congress’ purpose in enacting the securities laws was to regulate investments, in whatever form they are made and by whatever name they are called.’ To that end, it enacted a broad definition of ‘security,’ sufficient ‘to encompass virtually any instrument that might be sold as an investment.’”14S.E.C. v. Edwards, 540 U.S. 389, 393 (2004) (quoting Reves v. Ernst & Young, 494 U.S. 56, 61 (1990)). In both statutes, the term “investment contract” is included in the definition of a “security.” As has been stated by the SEC15See, e.g., Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81207, 117 SEC Docket 745 (July 25, 2017) (applying the “investment contract” analysis to DAO Tokens), https://www.sec.gov/litigation/investreport/34-81207.pdfIn re Munchee Inc., Securities Act Release No. 10445, 118 SEC Docket 975 (Dec. 11, 2017) (concluding that MUN tokens were securities because they were investment contracts). and at least one U.S. federal district court,16See Balestra v. ATBCOIN LLC, 380 F. Supp. 3d 340 (S.D.N.Y. 2019) (holding that ATB Coins qualify as “investment contracts” and therefore “securities”). arrangements involving digital assets are properly analyzed by considering whether they are “investment contracts” as that term is used in the statutes mentioned above. Since Ethereum 2.0’s PoS model involves digital assets, the “investment contract” analysis is similarly appropriate.

In the seminal case S.E.C. v. W.J. Howey Co., 328 U.S. 293 (1946), the United States Supreme Court proclaimed, “[A]n investment contract for purposes of the Securities Act means a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.”17S.E.C. v. W.J. Howey Co., 328 U.S. 293, 298–99 (1946). Known popularly now as the “Howey test,” this definition of investment contract “embodies a flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits.”18Id. at 299.

The Howey test requires the following elements to be present for a “contract, transaction or scheme” to be considered an “investment contract” (and therefore a security):19See, e.g., Howey, 328 U.S. at 300 (“Thus all the elements of a profit-seeking business venture are present here. The investors provide the capital and share in the earnings and profits; the promoters manage, control and operate the enterprise. It follows that the arrangements whereby the investors’ interests are made manifest involve investment contracts, regardless of the legal terminology in which such contracts are clothed.”); cf. United Hous. Found., Inc. v. Forman, 421 U.S. 837, 858 (1975) (“What distinguishes a security transaction—and what is absent here—is an investment where one parts with his money in the hope of receiving profits from the efforts of others…”).

  1. An Investment of Money
  2. In a Common Enterprise
  3. With a Reasonable Expectation of Profits
  4. Derived from the Efforts of Others

Each of these elements are considered in turn as they relate to Ethereum 2.0’s proposed PoS protocol.

An Investment of Money

The first question that needs to be answered when applying the Howey test is whether the arrangement involves “an investment of money.” According to the latest Ethereum 2.0 GitHub repositories, users must stake 32 Ether to operate a validator node,20Eth 2.0 Economics, EthHub, https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-economics/. so the answer quite clearly appears to be “yes.” The fact that the consideration paid is not in the form of cash is irrelevant for purposes of this part of the Howey test.21See, e.g., Uselton v. Comm. Lovelace Motor Freight, Inc., 940 F.2d 564, 574 (10th Cir. 1991) (“[I]n spite of Howey’s reference to an ‘investment of money,’ it is well established that cash is not the only form of contribution or investment that will create an investment contract.”).

In a Common Enterprise

The second question that needs to be answered when applying the Howey test is whether the arrangement involves “a common enterprise.” The U.S. federal court system recognizes three different tests, which vary depending upon which federal court circuit has jurisdiction over the matter: (1) horizontal commonality; (2) broad vertical commonality; and (3) narrow vertical commonality.22“The D.C., First, Second, Third, Fourth, Sixth, and Seventh Circuits use horizontal commonality[;] the Fifth, Tenth, and Eleventh Circuits use broad vertical commonality[; and] the Ninth Circuit recognizes narrow vertical commonality.” Sandler, supra note 5, at 272-75.

However, to the extent that the SEC is the agency performing a “careful analysis” of Ethereum 2.0, this is effectively a non-issue. That is because in its Framework for “Investment Contract” Analysis of Digital Assets published on April 3, 2019, the SEC Strategic Hub for Innovation and Financial Technology (FinHub) stated the following: “The [SEC] does not require vertical or horizontal commonality per se, nor does it view a ‘common enterprise’ as a distinct element of the term ‘investment contract.’”23FinHub, Framework for “Investment Contract” Analysis of Digital Assets, U.S. Securities and Exchange Commission (Apr. 3, 2019) [hereinafter Framework] https://www.sec.gov/files/dlt-framework.pdf, at 13 n. 10, (citing In re Barkate, 57 S.E.C. 488, 496 n.13 (Apr. 8, 2004)). Furthermore, FinHub states in its Framework that “in evaluating digital assets, [the SEC has] found that a ‘common enterprise’ typically exists.” Whether the federal courts would side with the SEC on this issue is beyond the scope of this article, but given the foregoing, there is every reason to believe that the SEC (at least) will find this element satisfied in the case of Ethereum 2.0.

With a Reasonable Expectation of Profits

Of all the questions that need to be answered when applying the Howey test, the third, whether Ethereum 2.0 involves a “reasonable expectation of profits,” is the simplest to answer. That is because Ethereum 2.0’s own specifications state the following: “[A validator] is an optional role for users in which they can post ETH as collateral and verify and attest to the validity of blocks to seek financial returns in exchange for building and securing the protocol.”24Loerakker, supra note 8 (emphasis added). As stated by the U.S. Supreme Court in S.E.C. v. Edwards, 540 U.S. 389 (2004), “[T]he commonsense understanding of ‘profits’ in the Howey test [is] simply ‘financial returns on … investments.’”25S.E.C. v. Edwards, 540 U.S. 389, 396 (2004) (quoting United Hous. Found., Inc. v. Forman, 421 U.S. 837, 853 (1975)). Thus, this third element of the Howey test is also satisfied.

Derived from the Efforts of Others

The fourth and final question that needs to be answered when applying the Howey test is whether the reasonable expectation of profits from the arrangement being considered is “derived from the efforts of others.” Or, as stated by the Howey court, derived “solely from the efforts of the promoter or a third party.”

Relying upon the explicit language found in Howey, an argument could be made that an arrangement to run a validator node on the Ethereum 2.0 network actually fails this part of the test, because users have to expend quite a bit of effort before they are eligible to collect any “financial rewards.” As stated previously, in order to collect staking rewards / transaction fees, validators must do all of the following: (1) configure and run the validator client software; (2) stake 32 Ether to the validator’s wallet address;  (3) maintain a continuous balance of 32 Ether in the validator wallet; (4) ensure that the validator client is updated with the latest software; and (5) ensure that the validator client stays online and can communicate with the network.26Eth 2.0 Economics, EthHub, https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-economics/. A failure to perform any of these tasks will result in users losing their right to collect any staking rewards / transaction fees (at least until the problem is rectified), thereby suggesting that the ability to receive any financial returns is derived solely from the efforts of the user, and not “solely from the efforts of [any] promoter or a third party.”

Unfortunately, “in light of the remedial nature of the [U.S. securities] legislation,” the federal courts have “adopt[ed] a more realistic test, whether the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.”27Sec. & Exch. Comm’n v. Glenn W. Turner Enterprises, Inc., 474 F.2d 476, 482 (9th Cir. 1973). It is therefore the efforts which affect the failure or success of the Ethereum Network as a whole which is the correct focus of the analysis, and in fact was the focus of the previously referenced speech made by SEC Director William Hinman in concluding that the current iteration of Ethereum does not implicate securities laws.28Hinman, supra note 3. As stated by Director Hinman,

If the network on which the token or coin is to function is sufficiently decentralized – where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts – the assets may not represent an investment contract.29Id (emphasis added).

The ultimate question, then, is whether the rollout of Ethereum 2.0 signals that the Ethereum Network itself is not as “sufficiently decentralized” as the SEC previously thought.

What Does “Sufficiently Decentralized” Mean?

Ever since Director Hinman’s speech was published, much digital ink has been spilled debating the usefulness of a “sufficiently decentralized” standard, with some commentators suggesting that “[i]nnovators should take comfort that this standard for decentralization, properly understood, is not overly burdensome or unrealistic, and seems to permit projects to have significant, necessary centralized leadership”30Blockchain Association, Understanding the SEC’s Guidance on Digital Tokens: The Hinman Token Standard, Medium (Jan. 10, 2019), https://medium.com/@BlockchainAssoc/understanding-the-secs-guidance-on-digital-tokens-the-hinman-token-standard-dd51c6105e2a. while others arguing that “it is highly problematic to use ‘decentralized’ as a legal standard, for a variety of reasons, from our poor understanding of the concept, to its inevitably shifting nature.”31Angela Walch, Deconstructing “Decentralization”: Exploring the Core Claim of Crypto Systems, Crypto Assets: Legal and Monetary Perspectives (OUP, Forthcoming) (Jan. 30, 2019), available at SSRN: https://ssrn.com/abstract=3326244. In fact, focusing solely on those two words independent of the rest of Director Hinman’s speech is troublesome, especially considering the fact that even in the context of blockchain protocols, “there is often a lot of confusion as to what this word [decentralization] actually means.”32Vitalik Buterin, The Meaning of Decentralization, Medium (Feb. 6, 2017), https://medium.com/@VitalikButerin/the-meaning-of-decentralization-a0c92b76a274 .

Whether a blockchain protocol or system is “sufficiently decentralized” for purposes of securities law has far less to do with blockchain technology or even “decentralization” and instead has much more to do with the fundamentals of securities law, which are designed, as Director Hinman put it, “to remove the information asymmetry between promoters and investors.”33Hinman, supra note 3. In particular,

[W]hen the efforts of the third party are no longer a key factor for determining the enterprise’s success, material information asymmetries recede. As a network becomes truly decentralized, the ability to identify an issuer or promoter to make the requisite disclosures becomes difficult, and less meaningful.

[O]f course there will continue to be systems that rely on central actors whose efforts are a key to the success of the enterprise. In those cases, application of the securities laws protects the investors who purchase the tokens or coins.34Id.

The question that the SEC is therefore likely to be grappling with—given both the manner in which Ethereum 2.0 is being rolled out as well as the new specifications involving PoS—is whether Ethereum can continue to be successful without the involvement of individuals like Vitalik Buterin (one of the co-founders and considered by many to be the “face” of Ethereum) and organizations like the Ethereum Foundation.35The stated mission of the Ethereum Foundation is to “promote and support Ethereum platform and base layer research, development and education to bring decentralized protocols and tools to the world that empower developers to produce next generation decentralized applications (dapps).” [34] Ethereum Foundation, EthHub, https://docs.ethhub.io/ethereum-basics/ethereum-foundation/. If the answer is yes, then it is still likely to be considered “sufficiently decentralized” for purposes of the Howey test. Otherwise, it is not. And for the reasons discussed above, if it is no longer “sufficiently decentralized” for purposes of the Howey test, the SEC may conclude that Ethereum 2.0’s PoS implementation implicates U.S. securities law, possibly requiring registration under the Section 12(g) of the Securities Exchange Act of 19343615 U.S.C.A. §78c(a)(10) (West 2019).—something that the Ethereum Foundation is unlikely to want to do.

Is Ethereum 2.0 “Sufficiently Decentralized?”

Exactly how the SEC will come down on this question is anyone’s guess, but guidance can be gleaned from FinHub’s Framework (mentioned above). In particular, the Framework provides several examples which, “[a]lthough [not] necessarily determinative, the stronger their presence, the more likely it is that a purchaser of a digital asset is relying on the ‘efforts of others’”37Frameworksupra note 22, at 3. (and thus less likely that the network is “sufficiently decentralized”), including the following:

An AP38The term “AP” is short for “Active Participant,” which is defined in the Framework as “a promoter, sponsor, or other third party (or affiliated group of third parties).” Id. is responsible for the development, improvement (or enhancement), operation, or promotion of the network, particularly if purchasers of the digital asset expect an AP to be performing or overseeing tasks that are necessary for the network or digital asset to achieve or retain its intended purpose or functionality.

An AP has a lead or central role in the direction of the ongoing development of the network or the digital asset.

An AP has a continuing managerial role in making decisions about or exercising judgment concerning the network or the characteristics or rights the digital asset represents including, for example[, d]etermining whether and how to compensate persons providing services to the network or to the entity or entities charged with oversight of the network.

Purchasers would reasonably expect the AP to undertake efforts to promote its own interests and enhance the value of the network or digital asset, such as where[ t]he AP has the ability to realize capital appreciation from the value of the digital asset. This can be demonstrated, for example, if the AP retains a stake or interest in the digital asset. In these instances, purchasers would reasonably expect the AP to undertake efforts to promote its own interests and enhance the value of the network or digital asset[; or where t]he AP owns or controls ownership of intellectual property rights of the network or digital asset, directly or indirectly.39Id. at 3-5 (emphasis added).

Applying the examples given above to Ethereum 2.0:

  1. It is generally understood that the specifications for Ethereum 2.0 were developed by a small team at Ethereum Foundation including Vitalik Buterin, and the Ethereum Foundation is primarily responsible for the “development and (in the case of Ethereum 2.0) improvement or enhancement (via the 2.0 upgrade) of the network.”40Ethereum Foundation, EthHub, https://docs.ethhub.io/ethereum-basics/ethereum-foundation/.
  2. The Ethereum Foundation therefore “has a lead or central role in the direction of the ongoing development of the network or the digital asset” and purchasers of Ether (or those who decide to become validators by staking a minimum of 32 Ether to validator nodes when they come online via the 2.0 rollout) obviously expect the Ethereum Foundation to “perform[] or oversee[] tasks that are necessary for the [Ethereum] network or [Ether] to achieve or retain its intended purpose or functionality.”
  3. The Ethereum Foundation gives various independent teams grants to build the specifications, thus “[d]etermining whether and how to compensate persons providing services to the network,” although “[i]t is currently not known how much the Ethereum Foundation spends on its organization and grants every year.”41Id.
  4. The Ethereum Foundation “owns or controls ownership of intellectual property rights of the network or digital asset,” including “the following trademarks: ETHEREUM, ETHER, ENTERPRISE ETHEREUM and ENTERPRISE ETHEREUM ALLIANCE.”42Id.
  5. The Ethereum Foundation “retains a stake or interest in the digital asset” as can be demonstrated by the fact that “[t]he Ethereum Foundation’s multisig wallet is known and as of 4/10/19 [held] 645,137 Ether. That equate[d] to ~$118,000,000.”43Id.

Do all these factors indicating reliance on the efforts of the Ethereum Foundation for the success of Ethereum 2.0 mean that the SEC is going to reverse its previous-held position that the Ethereum Network is “sufficiently decentralized” and find Ethereum 2.0 as currently spec’d out involves “investment contracts” and therefore securities transactions? Of course not, but as the Framework states, “the stronger their presence, the more likely it is that a purchaser of a digital asset is relying on the ‘efforts of others’”44Frameworksupra note 22, at 3. and thus less likely that the network is “sufficiently decentralized,” so the fact that it is now back under SEC review means a reversal is entirely possible.45Note that even if the SEC concludes that an arrangement to operate a validator node on Ethereum 2.0 qualifies as an “investment contract,” it does not automatically imply that Ether is a security.

Conclusion

Note that the purpose of this article is not to create “fear, uncertainty and doubt,” or “FUD” as it is frequently shorthanded in the crypto space. In fact, its purpose is quite the opposite: to encourage those who develop digital asset-based technology to accept the fact that the laws apply to what they’re doing and to proactively engage with regulators to make sure that their work does not run afoul of applicable legal and regulatory frameworks. Failing or refusing to do that can have serious negative consequences not just for the project they happen to be working on, but in the case of Ethereum, which as of this writing maintains the second-largest market capitalization of any cryptocurrency at $13,960,096,932,46Ethereum (ETH) price, charts, market cap, and other metrics, CoinMarketCap (retrieved Dec. 21, 2019), https://coinmarketcap.com/currencies/ethereum/. it can have wide-ranging implications across the entire cryptocurrency market. Regardless of how this unfolds, it is something that needs to be watched very carefully for anyone interested in this asset class.

2 thoughts on “Ethereum 2.0’s New Consensus Protocol: “Proof of Security?””

  1. I don’t disagree at all with your description of the work required by stakers, because running a node properly is not easy. But the case law (in particular Sec. & Exch. Comm’n v. Glenn W. Turner Enterprises, Inc. which you can read online at https://www.mlmlegal.com/legal-cases/SEC_v_GlennWTurnerEnterprises.php) states that the focus is on “whether the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.” In other words, the real question is if the Ethereum Foundation suddenly decided to stop funding developers and close up shop, would that impact the returns generated by the stakers? I don’t know the answer to that question, but I suspect it’s the one the SEC is trying to answer. Thanks for the comment.

  2. Very wrong conclusions. In staking, it’s not Ethereum Foundation who does the work, but the stakers themselves. They have to secure and run the machines with Ethereum full nodes.

    It’s really a full-time job. There are multiple small businesses emerging who do that as a service if you pay them (so-called staking operators). If _they_ tokenize their stock, or what they stake – that certainly will be a security. But not the underlying asset.

    I’d recommend the author to spin up an Ethereum full node on AWS and keep it up and running for a couple of months, just as an experiment. That’s not easy!

Comments are closed.