Ethereum 2.0’s New Consensus Protocol: “Proof of Security?”

The author would like to thank Darren Sandler, Gabriel Shapiro and Adrian Cortez for sharing their insights and providing invaluable suggestions during the drafting of this article.

Introduction

On Tuesday, November 12, 2019, Heath Tarbert, Chairman of the U.S. Commodities and Futures Trading Commission (CFTC), indicated that both his agency and the U.S. Securities and Exchange Commission (SEC), were undertaking a careful analysis of Ethereum 2.0’s new proof-of-stake (PoS)-based transaction validation model.¹Christine Kim, What the CFTC Chairman Actually Said About Ether Futures and Ethereum 2.0, CoinDesk (last updated Nov. 17, 2019), https://www.coindesk.com/what-the-cftc-chairman-actually-said-about-ether-futures-and-ethereum-2-0. As recently as October 10, 2019, the same Heath Tarbert stated approvingly that “It is my view as chairman of the CFTC that ether is a commodity.”²Daniel Roberts, CFTC says cryptocurrency ether is a commodity, and ether futures are next, Yahoo! Finance (Oct. 10, 2019), https://finance.yahoo.com/news/cftc-says-cryptocurrency-ether-is-a-commodity-and-is-open-to-ether-derivatives-133455545.html. And in June of 2018, William Hinman, Director of the SEC’s Division of Corporation Finance, stated, “[B]ased on my understanding of the present state of Ether, the Ethereum network and its decentralized structure, current offers and sales of Ether are not securities transactions.”³William Hinman, Digital Asset Transactions: When Howey Met Gary Plastic), U.S. Securities and Exchange Commission (June 14, 2018), https://www.sec.gov/news/speech/speech-hinman-061418. Some commentators already believe that Ethereum dodged a bullet for not being brought to task for its token sale in 2014,⁴See, e.g., Preston Byrne, Ether is not a Security?, The Back of the Envelope (a blog) (June 14, 2018), https://prestonbyrne.com/2018/06/14/ether-is-not-a-security/; Chris Padovano, What Nobody Wants to Hear: The Sale of Ether Tokens was Likely a Sale of Securities, Decentralized Legal: Emergent Legal Issues Facing Distributed Systems (September 6, 2016), https://web.archive.org/web/20190517210405/https://decentralizedlegal.com/ether-is-a-security/. so the fact that it is now back under SEC review is legitimate cause for concern. If the SEC concludes that Ethereum’s new PoS validation model involves securities transactions, it could have significant negative implications for the Ethereum Network’s planned upgrade to version 2.0, as well as the wider cryptocurrency market.

What is Proof-of-Stake?

In contrast to Bitcoin’s “global, statistical gamble which is played every 10 or so minutes”⁵mining pools – What are bitcoin miners really solving?, Bitcoin Stack Exchange, (answer updated Dec. 9, 2017), https://bitcoin.stackexchange.com/questions/8031/what-are-bitcoin-miners-really-solving/8034#8034 known as proof-of-work (PoW) mining, PoS mining typically requires operators of validator nodes (i.e., “validators”) to store (i.e., “stake”) a specified amount of cryptocurrency in their digital wallet and keep the wallet online so it can automatically broadcast its balance to the network.⁶Darren J. Sandler, Citrus Groves in the Cloud: Is Cryptocurrency Cloud Mining A Security?, 34 Santa Clara High Tech. L.J. 250, 258 (2018). Furthermore, whereas PoW rewards miners who successfully prove their work with a fixed amount of cryptocurrency upon block creation,⁷See, e.g., Andreas Antonopoulos, Mastering Bitcoin: Programming the Open Blockchain 26 (2d ed. 2018) (“A successful miner will collect a reward in the form of new bitcoin and transaction fees.”) PoS protocols typically reward validators with a block reward in proportion to their stake.⁸Ameer Rosic, Proof of Work vs Proof of Stake: Basic Mining Guide, Blockgeeks (Mar. 15, 2017), https://blockgeeks.com/guides/proof-of-work-vs-proof-of-stake/.

In the case of Ethereum 2.0, users “can post Ether as collateral and verify and attest to the validity of blocks to seek financial returns in exchange for building and securing the protocol.”⁹Diederik Loerakker, Ethereum 2.0 Phase 0 — Honest Validator, GitHub (updated Nov. 15, 2019), https://github.com/ethereum/eth2.0-specs/blob/dev/specs/validator/0_beacon-chain-validator.md. The requirements to become an Ethereum 2.0 validator are as follows:

• Configure and run a validator client; and
• Stake 32 Ether to the validator’s wallet.¹⁰Eth 2.0 Economics, EthHub, https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-economics/.

To collect staking rewards / transaction fees, validators must also do the following:

• Maintain a balance of 32 Ether in the validator wallet;
• Ensure that the validator is updated with the latest software; and
• Ensure that the validator client stays online and can communicate with the network.¹¹Id.

How Might Ethereum 2.0’s PoS Model Implicate Securities Laws?

The starting point for determining whether something qualifies as a “security” under U.S. law is by looking at the statutory definition of “security,” which can be found in Section 5 of the Securities Act of 1933¹²15 U.S.C.A. §77b(a)(1) (West 2019). and Section 12(g) of the Securities Exchange Act of 1934.¹³15 U.S.C.A. §78c(a)(10) (West 2019). “‘Congress’ purpose in enacting the securities laws was to regulate investments, in whatever form they are made and by whatever name they are called.’ To that end, it enacted a broad definition of ‘security,’ sufficient ‘to encompass virtually any instrument that might be sold as an investment.’”¹⁴S.E.C. v. Edwards, 540 U.S. 389, 393 (2004) (quoting Reves v. Ernst & Young, 494 U.S. 56, 61 (1990)). In both statutes, the term “investment contract” is included in the definition of a “security.” As has been stated by the SEC¹⁵See, e.g., Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81207, 117 SEC Docket 745 (July 25, 2017) (applying the “investment contract” analysis to DAO Tokens), https://www.sec.gov/litigation/investreport/34-81207.pdf; In re Munchee Inc., Securities Act Release No. 10445, 118 SEC Docket 975 (Dec. 11, 2017) (concluding that MUN tokens were securities because they were investment contracts). and at least one U.S. federal district court,¹⁶See Balestra v. ATBCOIN LLC, 380 F. Supp. 3d 340 (S.D.N.Y. 2019) (holding that ATB Coins qualify as “investment contracts” and therefore “securities”). arrangements involving digital assets are properly analyzed by considering whether they are “investment contracts” as that term is used in the statutes mentioned above. Since Ethereum 2.0’s PoS model involves digital assets, the “investment contract” analysis is similarly appropriate.

In the seminal case S.E.C. v. W.J. Howey Co., 328 U.S. 293 (1946), the United States Supreme Court proclaimed, “[A]n investment contract for purposes of the Securities Act means a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.”¹⁷S.E.C. v. W.J. Howey Co., 328 U.S. 293, 298–99 (1946). Known popularly now as the “Howey test,” this definition of investment contract “embodies a flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits.”¹⁸Id. at 299.

The Howey test requires the following elements to be present for a “contract, transaction or scheme” to be considered an “investment contract” (and therefore a security):¹⁹See, e.g., Howey, 328 U.S. at 300 (“Thus all the elements of a profit-seeking business venture are present here. The investors provide the capital and share in the earnings and profits; the promoters manage, control and operate the enterprise. It follows that the arrangements whereby the investors’ interests are made manifest involve investment contracts, regardless of the legal terminology in which such contracts are clothed.”); cf. United Hous. Found., Inc. v. Forman, 421 U.S. 837, 858 (1975) (“What distinguishes a security transaction—and what is absent here—is an investment where one parts with his money in the hope of receiving profits from the efforts of others…”).

1. An Investment of Money
2. In a Common Enterprise
3. With a Reasonable Expectation of Profits
4. Derived from the Efforts of Others

Each of these elements are considered in turn as they relate to Ethereum 2.0’s proposed PoS protocol.

An Investment of Money

The first question that needs to be answered when applying the Howey test is whether the arrangement involves “an investment of money.” According to the latest Ethereum 2.0 GitHub repositories, users must stake 32 Ether to operate a validator node,²⁰Eth 2.0 Economics, EthHub, https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-economics/. so the answer quite clearly appears to be “yes.” The fact that the consideration paid is not in the form of cash is irrelevant for purposes of this part of the Howey test.²¹See, e.g., Uselton v. Comm. Lovelace Motor Freight, Inc., 940 F.2d 564, 574 (10th Cir. 1991) (“[I]n spite of Howey’s reference to an ‘investment of money,’ it is well established that cash is not the only form of contribution or investment that will create an investment contract.”).

In a Common Enterprise

The second question that needs to be answered when applying the Howey test is whether the arrangement involves “a common enterprise.” The U.S. federal court system recognizes three different tests, which vary depending upon which federal court circuit has jurisdiction over the matter: (1) horizontal commonality; (2) broad vertical commonality; and (3) narrow vertical commonality.²²“The D.C., First, Second, Third, Fourth, Sixth, and Seventh Circuits use horizontal commonality[;] the Fifth, Tenth, and Eleventh Circuits use broad vertical commonality[; and] the Ninth Circuit recognizes narrow vertical commonality.” Sandler, supra note 5, at 272-75.

However, to the extent that the SEC is the agency performing a “careful analysis” of Ethereum 2.0, this is effectively a non-issue. That is because in its Framework for “Investment Contract” Analysis of Digital Assets published on April 3, 2019, the SEC Strategic Hub for Innovation and Financial Technology (FinHub) stated the following: “The [SEC] does not require vertical or horizontal commonality per se, nor does it view a ‘common enterprise’ as a distinct element of the term ‘investment contract.’”²³FinHub, Framework for “Investment Contract” Analysis of Digital Assets, U.S. Securities and Exchange Commission (Apr. 3, 2019) [hereinafter Framework] https://www.sec.gov/files/dlt-framework.pdf, at 13 n. 10, (citing In re Barkate, 57 S.E.C. 488, 496 n.13 (Apr. 8, 2004)). Furthermore, FinHub states in its Framework that “in evaluating digital assets, [the SEC has] found that a ‘common enterprise’ typically exists.” Whether the federal courts would side with the SEC on this issue is beyond the scope of this article, but given the foregoing, there is every reason to believe that the SEC (at least) will find this element satisfied in the case of Ethereum 2.0.

With a Reasonable Expectation of Profits

Of all the questions that need to be answered when applying the Howey test, the third, whether Ethereum 2.0 involves a “reasonable expectation of profits,” is the simplest to answer. That is because Ethereum 2.0’s own specifications state the following: “[A validator] is an optional role for users in which they can post ETH as collateral and verify and attest to the validity of blocks to seek financial returns in exchange for building and securing the protocol.”²⁴Loerakker, supra note 8 (emphasis added). As stated by the U.S. Supreme Court in S.E.C. v. Edwards, 540 U.S. 389 (2004), “[T]he commonsense understanding of ‘profits’ in the Howey test [is] simply ‘financial returns on … investments.’”²⁵S.E.C. v. Edwards, 540 U.S. 389, 396 (2004) (quoting United Hous. Found., Inc. v. Forman, 421 U.S. 837, 853 (1975)). Thus, this third element of the Howey test is also satisfied.

Derived from the Efforts of Others

The fourth and final question that needs to be answered when applying the Howey test is whether the reasonable expectation of profits from the arrangement being considered is “derived from the efforts of others.” Or, as stated by the Howey court, derived “solely from the efforts of the promoter or a third party.”

Relying upon the explicit language found in Howey, an argument could be made that an arrangement to run a validator node on the Ethereum 2.0 network actually fails this part of the test, because users have to expend quite a bit of effort before they are eligible to collect any “financial rewards.” As stated previously, in order to collect staking rewards / transaction fees, validators must do all of the following: (1) configure and run the validator client software; (2) stake 32 Ether to the validator’s wallet address;  (3) maintain a continuous balance of 32 Ether in the validator wallet; (4) ensure that the validator client is updated with the latest software; and (5) ensure that the validator client stays online and can communicate with the network.²⁶Eth 2.0 Economics, EthHub, https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-economics/. A failure to perform any of these tasks will result in users losing their right to collect any staking rewards / transaction fees (at least until the problem is rectified), thereby suggesting that the ability to receive any financial returns is derived solely from the efforts of the user, and not “solely from the efforts of [any] promoter or a third party.”

Unfortunately, “in light of the remedial nature of the [U.S. securities] legislation,” the federal courts have “adopt[ed] a more realistic test, whether the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.”²⁷Sec. & Exch. Comm’n v. Glenn W. Turner Enterprises, Inc., 474 F.2d 476, 482 (9th Cir. 1973). It is therefore the efforts which affect the failure or success of the Ethereum Network as a whole which is the correct focus of the analysis, and in fact was the focus of the previously referenced speech made by SEC Director William Hinman in concluding that the current iteration of Ethereum does not implicate securities laws.²⁸Hinman, supra note 3. As stated by Director Hinman,

If the network on which the token or coin is to function is sufficiently decentralized – where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts – the assets may not represent an investment contract.²⁹Id (emphasis added).

The ultimate question, then, is whether the rollout of Ethereum 2.0 signals that the Ethereum Network itself is not as “sufficiently decentralized” as the SEC previously thought.

What Does “Sufficiently Decentralized” Mean?

Ever since Director Hinman’s speech was published, much digital ink has been spilled debating the usefulness of a “sufficiently decentralized” standard, with some commentators suggesting that “[i]nnovators should take comfort that this standard for decentralization, properly understood, is not overly burdensome or unrealistic, and seems to permit projects to have significant, necessary centralized leadership”³⁰Blockchain Association, Understanding the SEC’s Guidance on Digital Tokens: The Hinman Token Standard, Medium (Jan. 10, 2019), https://medium.com/@BlockchainAssoc/understanding-the-secs-guidance-on-digital-tokens-the-hinman-token-standard-dd51c6105e2a. while others arguing that “it is highly problematic to use ‘decentralized’ as a legal standard, for a variety of reasons, from our poor understanding of the concept, to its inevitably shifting nature.”³¹Angela Walch, Deconstructing “Decentralization”: Exploring the Core Claim of Crypto Systems, Crypto Assets: Legal and Monetary Perspectives (OUP, Forthcoming) (Jan. 30, 2019), available at SSRN: https://ssrn.com/abstract=3326244. In fact, focusing solely on those two words independent of the rest of Director Hinman’s speech is troublesome, especially considering the fact that even in the context of blockchain protocols, “there is often a lot of confusion as to what this word [decentralization] actually means.”³²Vitalik Buterin, The Meaning of Decentralization, Medium (Feb. 6, 2017), https://medium.com/@VitalikButerin/the-meaning-of-decentralization-a0c92b76a274 .

Whether a blockchain protocol or system is “sufficiently decentralized” for purposes of securities law has far less to do with blockchain technology or even “decentralization” and instead has much more to do with the fundamentals of securities law, which are designed, as Director Hinman put it, “to remove the information asymmetry between promoters and investors.”³³Hinman, supra note 3. In particular,

[W]hen the efforts of the third party are no longer a key factor for determining the enterprise’s success, material information asymmetries recede. As a network becomes truly decentralized, the ability to identify an issuer or promoter to make the requisite disclosures becomes difficult, and less meaningful.
…
[O]f course there will continue to be systems that rely on central actors whose efforts are a key to the success of the enterprise. In those cases, application of the securities laws protects the investors who purchase the tokens or coins.³⁴Id.

The question that the SEC is therefore likely to be grappling with—given both the manner in which Ethereum 2.0 is being rolled out as well as the new specifications involving PoS—is whether Ethereum can continue to be successful without the involvement of individuals like Vitalik Buterin (one of the co-founders and considered by many to be the “face” of Ethereum) and organizations like the Ethereum Foundation.³⁵The stated mission of the Ethereum Foundation is to “promote and support Ethereum platform and base layer research, development and education to bring decentralized protocols and tools to the world that empower developers to produce next generation decentralized applications (dapps).” [34] Ethereum Foundation, EthHub, https://docs.ethhub.io/ethereum-basics/ethereum-foundation/. If the answer is yes, then it is still likely to be considered “sufficiently decentralized” for purposes of the Howey test. Otherwise, it is not. And for the reasons discussed above, if it is no longer “sufficiently decentralized” for purposes of the Howey test, the SEC may conclude that Ethereum 2.0’s PoS implementation implicates U.S. securities law, possibly requiring registration under the Section 12(g) of the Securities Exchange Act of 1934³⁶15 U.S.C.A. §78c(a)(10) (West 2019).—something that the Ethereum Foundation is unlikely to want to do.

Is Ethereum 2.0 “Sufficiently Decentralized?”

Exactly how the SEC will come down on this question is anyone’s guess, but guidance can be gleaned from FinHub’s Framework (mentioned above). In particular, the Framework provides several examples which, “[a]lthough [not] necessarily determinative, the stronger their presence, the more likely it is that a purchaser of a digital asset is relying on the ‘efforts of others’”³⁷Framework, supra note 22, at 3. (and thus less likely that the network is “sufficiently decentralized”), including the following:

An AP³⁸The term “AP” is short for “Active Participant,” which is defined in the Framework as “a promoter, sponsor, or other third party (or affiliated group of third parties).” Id. is responsible for the development, improvement (or enhancement), operation, or promotion of the network, particularly if purchasers of the digital asset expect an AP to be performing or overseeing tasks that are necessary for the network or digital asset to achieve or retain its intended purpose or functionality.
…
An AP has a lead or central role in the direction of the ongoing development of the network or the digital asset.
…
An AP has a continuing managerial role in making decisions about or exercising judgment concerning the network or the characteristics or rights the digital asset represents including, for example[, d]etermining whether and how to compensate persons providing services to the network or to the entity or entities charged with oversight of the network.
…
Purchasers would reasonably expect the AP to undertake efforts to promote its own interests and enhance the value of the network or digital asset, such as where[ t]he AP has the ability to realize capital appreciation from the value of the digital asset. This can be demonstrated, for example, if the AP retains a stake or interest in the digital asset. In these instances, purchasers would reasonably expect the AP to undertake efforts to promote its own interests and enhance the value of the network or digital asset[; or where t]he AP owns or controls ownership of intellectual property rights of the network or digital asset, directly or indirectly.³⁹Id. at 3-5 (emphasis added).

Applying the examples given above to Ethereum 2.0:

1. It is generally understood that the specifications for Ethereum 2.0 were developed by a small team at Ethereum Foundation including Vitalik Buterin, and the Ethereum Foundation is primarily responsible for the “development and (in the case of Ethereum 2.0) improvement or enhancement (via the 2.0 upgrade) of the network.”⁴⁰Ethereum Foundation, EthHub, https://docs.ethhub.io/ethereum-basics/ethereum-foundation/.
2. The Ethereum Foundation therefore “has a lead or central role in the direction of the ongoing development of the network or the digital asset” and purchasers of Ether (or those who decide to become validators by staking a minimum of 32 Ether to validator nodes when they come online via the 2.0 rollout) obviously expect the Ethereum Foundation to “perform[] or oversee[] tasks that are necessary for the [Ethereum] network or [Ether] to achieve or retain its intended purpose or functionality.”
3. The Ethereum Foundation gives various independent teams grants to build the specifications, thus “[d]etermining whether and how to compensate persons providing services to the network,” although “[i]t is currently not known how much the Ethereum Foundation spends on its organization and grants every year.”⁴¹Id.
4. The Ethereum Foundation “owns or controls ownership of intellectual property rights of the network or digital asset,” including “the following trademarks: ETHEREUM, ETHER, ENTERPRISE ETHEREUM and ENTERPRISE ETHEREUM ALLIANCE.”⁴²Id.
5. The Ethereum Foundation “retains a stake or interest in the digital asset” as can be demonstrated by the fact that “[t]he Ethereum Foundation’s multisig wallet is known and as of 4/10/19 [held] 645,137 Ether. That equate[d] to ~$118,000,000.”⁴³Id.

Do all these factors indicating reliance on the efforts of the Ethereum Foundation for the success of Ethereum 2.0 mean that the SEC is going to reverse its previous-held position that the Ethereum Network is “sufficiently decentralized” and find Ethereum 2.0 as currently spec’d out involves “investment contracts” and therefore securities transactions? That’s highly unlikely, but as the Framework states, “the stronger their presence, the more likely it is that a purchaser of a digital asset is relying on the ‘efforts of others’”⁴⁴Framework, supra note 22, at 3. and thus less likely that the network is “sufficiently decentralized,” so the fact that it is now back under SEC review means a reversal is entirely possible.⁴⁵Note that even if the SEC concludes that an arrangement to operate a validator node on Ethereum 2.0 qualifies as an “investment contract,” it does not automatically imply that Ether is a security.

Conclusion

Note that the purpose of this article is not to create “fear, uncertainty and doubt,” or “FUD” as it is frequently shorthanded in the crypto space. In fact, its purpose is quite the opposite: to encourage those who develop digital asset-based technology to accept the fact that the laws apply to what they’re doing and to proactively engage with regulators to make sure that their work does not run afoul of applicable legal and regulatory frameworks. Failing or refusing to do that can have serious negative consequences not just for the project they happen to be working on, but in the case of Ethereum, which as of this writing maintains the second-largest market capitalization of any cryptocurrency at $13,960,096,932,⁴⁶Ethereum (ETH) price, charts, market cap, and other metrics, CoinMarketCap (retrieved Dec. 21, 2019), https://coinmarketcap.com/currencies/ethereum/. it can have wide-ranging implications across the entire cryptocurrency market. Regardless of how this unfolds, it is something that needs to be watched very carefully for anyone interested in this asset class.