Doing an “ICO” increasingly seems to be the yardstick by which progress (or even, dare I say, success) is measured in the Ethereum space. So, as Colony was one of the very first projects to be announced on Ethereum, we get asked when Colony’s sale will be — a lot.

We got started in September 2014 and presented our work in progress at both Devcon 1 and Devcon 2. We’re a team of 12 (and growing). We have a large community, a live beta, solid operational processes we blog about each quarter, and a monster of a technical whitepaper detailing our fully decentralised platform in which a token is a vital functional component.

Designing that token has entailed more than a year of legal work, and tens of thousands of dollars spent with three of the top law firms in the space. That work has gotten us to a position of comfort that our token design is unlikely to be considered a security in the US.

So, given that that’s way more than most projects have achieved at the point of their token sale, it’s not unreasonable to ask when ours will be.

It was going to be August.

We had everything in place. Whitepaper. Wiki. A beautiful new website. Our tokensale contract had been audited by the talented guys at DappHub. The works.

We were just about to pull the trigger.

And then we cancelled the entire plan.

Why?

In the eyes of the SEC, we would have been illegally issuing unregistered securities.

Wait.

What?

Didn’t I literally just say the Colony token wasn’t a security?

That’s right. It won’t be. Once the Colony Network is live.

Once the network is live, and CLNY can be used for its intended purpose, it won’t be. Until then, it probably would.

Why? Well, let’s be honest for a second here. People are not panic buying millions of dollars worth of tokens because they are just really excited to use that dApp. They are buying them because there are efficient, liquid markets on which to trade them. They believe there is potential to profit from that token if the dApp is successful. No judgement implied. I do this.

If a token is purchased before it is functional — that is, before the dApp is live — then its only value is a speculative one.

It’s a gamble. If the team developing the project pulls through and delivers their application, and a sufficient market exists, then the token may increase in value.

However, until that time, the token’s value is wholly reliant upon the success of the efforts of the developer.

That is pretty much the definition of a security.

For an ICO token not to be a security, the purchaser must not be reliant on the promoter or other third party for the token to have a value. The dApp must be fully decentralised (i.e. not reliant on the developer’s centralised servers at all), and it must be live at the point of token issuance.

Put it this way: if the team developing a dApp gets wiped out by a tsunami during their post-ICO company all hands on Necker Island, and the dApp is not already live, the token price is going to zero. If on the other hand the project is live, is fully decentralised and open source, sure price will probably dip, but the dApp will carry right on working. Others can continue the development if need be, and token holders will not lose their shirts.

Here’s the short of it. As far as we can tell, no matter what, tokens purchased for pre-functional products are securities. After it is functional, it depends. Talk to your lawyers.

So, we will do a token sale when the Colony Network is live on mainnet and people can use their tokens for their intended purpose right away.

Until then we will continue to fund Colony’s development privately. We’d recommend others do the same using the SAFTE we shared earlier this year.

If all of this has you thinking:

“But… every single token sale up to now has sold a token for something that doesn’t yet exist?”

Well, yeah. It’s a bit of a worry.

If you want to dive deeper, read on, there’s more to be said. Otherwise, above was the TL;DR.

Still with me? Alright, down the rabbithole we go.

What is a security anyway?

The Howey test is the rubric used to determine whether something is an ‘investment contract’. This is a slight oversimplification, but it can be broken down into three ‘prongs’:

An investment of Money

Confusingly, the investment doesn’t actually need to be “money”. It can be anything of value—a "consideration". Even an email address has been found to constitute a consideration in the past, so cryptocurrencies certainly apply. In a common enterprise

There are several types of ‘commonality’, but the gist is that investors funds are pooled together so everyone shares in the risk and reward of the venture, and/or that the financial fate of the investor is intertwined with that of the promoter. With the expectation of profits derived from the efforts of others.

The key idea here is that profits are expected to be derived from the management, expertise, or efforts, of the promoter or other third party.

If all this sounds rather broad, that’s because it’s meant to be. The regulation is intended to embody:

“a flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits.” S.E.C. v. W. J. Howey Co., 328 U. S. 293, 328 U. S. 299 (1946)

So what?

General solicitation for the sale of securities is subject to stringent regulation in the US and most other jurisdictions. Doing so without adhering to those regulations is considered somewhat naughty, and can put you on the receiving end of a rather stern talking to.

If found guilty of securities fraud, returning the funds and paying a fine will be on the menu. If your actions are deemed to have been a more egregious attempt to defraud investors, then Menu A may be served with a delicious side of jail time.

Importantly, the SEC has ‘long arm jurisdiction’. They can come after you wherever you are in the world, as long as US investors are affected. That expensive Swiss Foundation won’t protect you.

Alright, block the US then.

Lots of projects have tried to do that. Many have blocked US IP addresses. I can see it now:

“No your honour, we team of software engineers have never encountered this ‘VPN’ of which you speak.”

Others have required purchasers to declare that they are not US citizens before being shown the contribution address. (Though this precaution is rather undermined if the address is then tweeted!)

A more robust approach is to require every purchaser to register for the sale and submit to KYC, allowing only accredited US investors, or those outside of the US to participate. But let’s be honest, that’s pretty antithetical to this whole permissionless, decentralised vibe we’ve got going on here, isn’t it?

It’s also totally missing the point of basing the regulatory analysis of a token’s design on US law. Most jurisdictions have similar securities regulations, it’s just that the US laws are the clearest and the SEC are the most ‘prosecutey’. Regulations vary meaningfully across jurisdictions, but if you’ve satisfied the requirements of the SEC, that's a good start towards satisfying them elsewhere too.

Further, it’s not clear where liability lies if, through secondary market trading, tokens considered securities under US law find their way into the hands of non-accredited US investors. Some may even argue that blocking the largest market for tokens simply manufactures demand for resellers of the token to serve, thereby increasing speculative demand for the token in the ICO. Even if the promoter isn’t liable, passing that risk on to the people who buy your token seems like kind of a dick move.

Why not sell a token but not actually issue it until the platform is live on mainnet. Surely then it’s no different from a Kickstarter, right?

This is probably the greyest area in all of this. It definitely does make it more like a Kickstarter, but at least in the view of our legal team, there are some important differences.

“In searching for the meaning and scope of the word ‘security’… form should be disregarded for substance and the emphasis should be on economic reality.” S.E.C. v. W. J. Howey Co., 328 U. S. 293, 328 U. S. 298 (1946)

The key economic reality here is that in the overwhelming majority of cases, people buying something on Kickstarter are buying it because they want that item. It’s not totally unheard of for people to buy into a popular kickstarter in the hope of flipping for a profit, but it’s not exactly easy to do. There is no highly efficient, liquid market for Kickstarter items in the way there is for tokens. You can’t Shapeshift a 3D printer.

I call bullshit. The SEC said ETH isn’t a security, it’s a currency, and they did a pre-sale.

True. However, the Ethereum Foundation did not issue Ether, they issued pre-sale wallets. Ether was only created at the point of the genesis block. Ether probably isn’t a security, but I wouldn’t like to speculate on whether that is true of the pre-sale wallets.

But <waving hands> decentralisation!

It doesn’t matter. Laws exist whether we agree with them or not, and people are subject to them even if the software they write does not have client-server architecture.

Pfft. You guys are a bunch of lily livered ninnies.

Perhaps so. But we sleep soundly at night knowing that we are not exposing ourselves, or the future inhabitants of the Colony Network, to unnecessary legal or financial risk.

Our legal counsel have advised us that the SEC are in “a proactive frame of mind” about ICOs. The SEC believe ‘Howey’ is right way to assess whether tokens are securities, and they do not intend to introduce new regulations. However, they also do not intend to wait for someone to make a complaint. What this will practically mean for those who have issued tokens already though, we don’t know.

The SEC exists to protect investors. You have to imagine they are aware that by prosecuting projects they deem to have violated securities regulations, they run the risk of causing the kind of investor loss they exist to prevent. On the other hand, perhaps they view the current ICO frenzy as a situation getting out of control, and to make an omelette, you gotta break some eggs.

There are those who have, despite their best and well meaning efforts, already issued tokens which may be deemed securities in the US. To protect them, and to ensure that the space in which we operate is given a light touch in the future, I propose we act to self-regulate now.

While we can put sales of the past down to well meaning naivety, the same cannot be said for those in the future.

Going forward, boycott public sales except for those which confer immediate utility within a live and fully decentralised platform. Don’t do it because it’s somehow righteous — it’s not — we think you should be free to be as smart or as dumb with your money as you like. Do it for your own rational self interest, because if a project is willing to take a big legal risk in order to get their hands on your hard hodl’d ETH, then it suggests they are either desperate, greedy, or incompetent. None of those are attributes you should look for in people you give your money to.

One caveat. I am not a lawyer. This might all be nonsense. I’m pretty sure it’s not, but it’s possible. Therefore, don’t take my word for it. If you’re considering a token based project, engage your own lawyer, and make it a good one.

Jack is a former artist in diamonds, current blockchain nerd, and co-founder of Colony.

Fascinated by the potential of the power shift a decentralized future brings.

When not making $100m diamond skulls, or paradigm shifting blockchain applications, Jack enjoys sesquipedalianism, bathos, and a nice cup of tea and a sit down.

If you have any feedback or stories to share, reach out to us on Twitter.

Colony is a platform for open organizations.

Join the discussion on Discourse, follow us on Twitter, sign up for (occasional) email updates, or if you’re feeling old-skool, drop us an email.