While talking about Ethereum with a colleague about a week ago, the DAO inevitably came up. We disagreed about some of the risks and some of the benefits we imagined could stem from this new experiment but ultimately agreed on one essential point: the best thing about the DAO is that the internet is weird again! Regardless of your thoughts about the DAO you have to appreciate how new this all is: there’s a piece of software hanging out on the internet that is (itself!) in control of ~$150 million of value. And if history is any guide, things that start out this weird will often become the incredible innovations that improve our lives; a strange but exciting journey from weirdness to ubiquity, with hopefully not too many bumps in the road.

The DAO got big fast and it’s now the poster child for both (A) the excitement inherent in open networks for financial innovation and (B) the dangers of moving too fast and breaking too many things. So let’s take a step back and talk about what this all means, and why it matters from a public policy standpoint. Here are the key points starting with some facts about Ethereum and moving to DAOs and public policy:

Ethereum is open for innovation and experimentation. Perhaps the most exciting aspect of the Ethereum platform—and cryptocurrencies in general—is that it is entirely open for experimentation. There’s no patent or copyright to license, no university or corporation from which to seek a job, no exclusive membership fee to pay. Anyone with a computer and an Internet connection can develop and share her own currency, her own financial contracts and strategies, her own vision of the future.

Ethereum is a platform not a product. It is a set of software standards and shared computing power whose purpose is to enable group computing. Like the PC and the Internet, it is not useful in itself, but rather as a means for consumers to access applications and a means for developers to design and share new applications (for example, word processing applications make the PC platform useful and websites make the Internet useful).

Applications running on the Ethereum platform are called Dapps. We call the applications developed to run on the Ethereum platform Decentralized Applications, or Dapps for short. They are decentralized because the code of the application runs on all or many of the computers making up the Ethereum platform; the application does not run only on a particular computer (in other words, a server) in the network (as most cloud-based Internet applications do today). They might perform any range of services for users, from games to online identity and reputation management, and potentially even insurance or energy trading. See this list of ongoing Dapp development for more.

DOs and DAOs are types of Dapps. The terminology here is still being sorted out by the community, but the simple explanation is that if a Dapp has a number of users who also help govern its operation then it is a Decentralized Organization or DO. Users govern the DO by holding DO tokens or having possession of certain private keys, which the software of the DO, in turn, recognizes as a sort of voting or editing right to decide what the software should do (not unlike having permission to edit or comment on a group Google Doc—but without any centralized server owned by a company like Google). Alternatively, if a Dapp governs itself (the software code determines all internal management) without the help of users or owners, then it is a Decentralized Autonomous Organization or DAO. Note that according to these definitionsThe DAO (the Dapp that has raised about ~$150 Million and made recent headlines) is not a DAO, but rather a DO because it cannot self-govern; it relies on decisions made when The DAO token-holders vote. Confused? It’s ok, just remember that DO and DAO are often used interchangeably by the community, and generally refer to Ethereum applications that have internal governance mechanisms. We’ll just use DO for the the rest of this post because it is the broader category.

People may send money to DOs hoping to earn a return. Just like a fund or corporation, a DO can be designed to take in value, put it to productive use, and offer a return to investors. We can think of both corporations and DOs as entities with financial inputs (investment) and outputs (dividends) and internal maps of how inputs are utilized and when outputs are created (management). The main difference between a corporation and a DO is that the map of where and how value can flow within a DO is explicitly designed beforehand in software that can be audited and tested. In other words, before you even send any money to a DO, you can see the code which will manage that money. It has rules like: if a majority of your fellow investors vote to send the money to Project A rather than Project B, then that is what will happen.

People may lose the money they send to DOs. Just like when you support a new gadget being launched on Kickstarter, or when you invest in shares of a publicly traded corporation, you may be disappointed with the result. Products can fail to materialize and companies can fail to make profit.

The information asymmetries that create risks in traditional crowdfunding or securities investment are different than those in DOs. When we give money to a traditional company, we have no guarantees of precisely how that money will be used. Before we give money to a DO we can see the “smart contract” that specifies precisely how a DO is programmed to use received funds. That DO may have voting rules which means we’ll still be uncertain of how other participants will vote, or it may have outside inputs like market prices that trigger the use of internal funds, but the rules for these systems are and must be specified in the software of a DO before any funds are received. They are the ultimate disclosure of risks.

DOs are an important experiment in community governance. At root, a DO is an attempt to build a community and organize the resources of its members according to rules. Unlike traditional communities where rules are specified in human language and enforced by courts or norms, within a DO community the rules are specified in software code and enforced by decentralized computing platforms that use cryptography and economic incentives to prevent fraud. DOs surely have risks for the community members who join them, but they also present a generalized reward to society: they provide a valuable experiment, testing new software-based modes of community organization that may or may not prove superior to existing structures built on laws or norms. As with any new invention or scientific discovery,we cannot know the rewards and risks if we do not allow it to be studied or developed.

To the extent DOs are implicated by existing securities laws, a wait-and-see approach to regulation may be best. DOs present different risk-generating information asymmetries for investors than traditional securities. There may be greater certainty regarding the internal structure of the investment because rules for the use of invested funds are specified ex ante in precise and auditable software code. However, many cannot read and understand this code, and bugs in the software may go undetected until they create unanticipated results. These features present unique challenges to regulators and (once we fully understand those challenges) it may eventually be necessary to address investor risks with new regulatory mechanisms better suited to the technology than legacy tools. For now, however, without a clear picture of what those risks are, new regulation is premature. As a valuable social experiment, small scale DOs should be allowed to function unfettered by existing regulations, at least until their use allows policymakers to determine what the risks and rewards actually are. Throughout this period of experimentation the best regulatory policy may be providing investor and consumer alerts to ensure that potential participants understand the risks inherent in new and untested systems.

And just as there are important points for policymakers to understand about DOs, there are also some important cautions for developers to have in mind when it comes to regulation. We are lawyers, but we’re not your lawyer, and the legal issues surrounding DOs are complicated and still very unsettled. That said, we’d like to flag the key regulatory hazards in this area for the community. Starting with some background information on securities law and moving to possible future interpretations of that law, here are some things for developers and participants to keep in mind.

The relevant test in the US for what qualifies as a regulated security is the Howey Test: “An investment contract for purposes of the Securities Act means a contract, transaction or scheme whereby a person [1] invests his money in [2] a common enterprise and [3] is led to expect profits [4] solely from the efforts of the promoter or a third party, [exclusionary factors] it being immaterial whether the shares in the enterprise are evidenced by formal certificates or by nominal interests in the physical assets employed in the enterprise.”

Several investments not traditionally thought of as securities have been found by courts to be securities. For example, sales of various commodities or properties (e.g. orange groves, minks, condominiums, country club memberships) with attached maintenance and revenue sharing agreements have been found to be securities, and their promoters have been charged with issuing unregistered securities.

Ethereum and similar decentralized computing platforms themselves are likely not implicated by securities laws. While ether sales will likely involve the investment of money and possibly an expectation of profits, there is a weaker case to be made that there is strong commonality within the enterprise (because of the decentralized nature of the network and its participants) and there is a utility for the tokens beyond mere investment (similar to a line of cases dealing with condominiums or co-op apartments bought for primarily personal use rather than investment alone). For more see Coin Center’s Framework for Securities Regulation of Cryptocurrencies.

DO tokens sales, however, may qualify as securities offerings. As compared with Ethereum, a DO may have fewer contributors to its software and marketing efforts, the profits of these few may be strongly linked to the value of the token, and investors may rely on the efforts of these individuals to generate a return. Additionally, purchasers of DO tokens may be less interested in holding their tokens for some utility, and instead be purely driven by an expectation of profit.

The Securities Act intentionally defines “promoter” broadly: “any person that, alone or together with others, directly or indirectly, takes initiative in founding the business or enterprise of the issuer.” Given the breadth of this language, developers should carefully weigh the risks of being visibly associated with the release and sale of DO tokens.

Individuals deemed to be promoters of a DO may be found to be in violation of Section 5(a) and 5(c) of the Securities Act. Under these sections it is unlawful to directly or indirectly offer to sell or buy unregistered securities, or to “carry” for sale or delivery after the sale an unregistered security or a prospectus detailing that security. Even if a DO is deemed to be an unregistered security, it remains very unclear how promoting that DO would or would not equate to these unlawful activities, and who—if anyone—would be found to have violated the law. Nonetheless, broad interpretation of these laws may potentially implicate any participant or visibly affiliated developer or advocate.

So there it is. As always, you should talk to your lawyers if you are concerned about the laws that may or may not apply to your work. Also, Coin Center can and would like to do its part. We believe these technologies will change the world for the better, and we understand that no new technology is free of risks. Our goal is to share that vision and a fair accounting of those risks with policymakers, so that they can make the right choices: preserve the freedom to innovate and intervene only if and when real risks to consumers emerge. So if you’ve got a new app, Dapp, DO, or DAO and want to help shape, inform, or join in our conversations with policymakers, we’d love to talk.