The author would like to thank Darren Sandler, Gabriel Shapiro and Adrian Cortez for sharing their insights and providing invaluable suggestions during the drafting of this article.

Introduction

On Tuesday, November 12, 2019, Heath Tarbert, Chairman of the U.S. Commodities and Futures Trading Commission (CFTC), indicated that both his agency and the U.S. Securities and Exchange Commission (SEC), were undertaking a careful analysis of Ethereum 2.0’s new proof-of-stake (PoS)-based transaction validation model. As recently as October 10, 2019, the same Heath Tarbert stated approvingly that “It is my view as chairman of the CFTC that ether is a commodity.” And in June of 2018, William Hinman, Director of the SEC’s Division of Corporation Finance, stated, “[B]ased on my understanding of the present state of Ether, the Ethereum network and its decentralized structure, current offers and sales of Ether are not securities transactions.” Some commentators already believe that Ethereum dodged a bullet for not being brought to task for its token sale in 2014, so the fact that it is now back under SEC review is legitimate cause for concern. If the SEC concludes that Ethereum’s new PoS validation model involves securities transactions, it could have significant negative implications for the Ethereum Network’s planned upgrade to version 2.0, as well as the wider cryptocurrency market.

What is Proof-of-Stake?

In contrast to Bitcoin’s “global, statistical gamble which is played every 10 or so minutes” known as proof-of-work (PoW) mining, PoS mining typically requires operators of validator nodes (i.e., “validators”) to store (i.e., “stake”) a specified amount of cryptocurrency in their digital wallet and keep the wallet online so it can automatically broadcast its balance to the network. Furthermore, whereas PoW rewards miners who successfully prove their work with a fixed amount of cryptocurrency upon block creation, PoS protocols typically reward validators with a block reward in proportion to their stake.

In the case of Ethereum 2.0, users “can post Ether as collateral and verify and attest to the validity of blocks to seek financial returns in exchange for building and securing the protocol.” The requirements to become an Ethereum 2.0 validator are as follows:

Configure and run a validator client; and

Stake 32 Ether to the validator’s wallet.

To collect staking rewards / transaction fees, validators must also do the following:

Maintain a balance of 32 Ether in the validator wallet;

Ensure that the validator is updated with the latest software; and

Ensure that the validator client stays online and can communicate with the network.

How Might Ethereum 2.0’s PoS Model Implicate Securities Laws?

The starting point for determining whether something qualifies as a “security” under U.S. law is by looking at the statutory definition of “security,” which can be found in Section 5 of the Securities Act of 1933 and Section 12(g) of the Securities Exchange Act of 1934. “‘Congress’ purpose in enacting the securities laws was to regulate investments, in whatever form they are made and by whatever name they are called.’ To that end, it enacted a broad definition of ‘security,’ sufficient ‘to encompass virtually any instrument that might be sold as an investment.’” In both statutes, the term “investment contract” is included in the definition of a “security.” As has been stated by the SEC and at least one U.S. federal district court, arrangements involving digital assets are properly analyzed by considering whether they are “investment contracts” as that term is used in the statutes mentioned above. Since Ethereum 2.0’s PoS model involves digital assets, the “investment contract” analysis is similarly appropriate.

In the seminal case S.E.C. v. W.J. Howey Co., 328 U.S. 293 (1946), the United States Supreme Court proclaimed, “[A]n investment contract for purposes of the Securities Act means a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.” Known popularly now as the “Howey test,” this definition of investment contract “embodies a flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits.”

The Howey test requires the following elements to be present for a “contract, transaction or scheme” to be considered an “investment contract” (and therefore a security):

An Investment of Money In a Common Enterprise With a Reasonable Expectation of Profits Derived from the Efforts of Others

Each of these elements are considered in turn as they relate to Ethereum 2.0’s proposed PoS protocol.

An Investment of Money

The first question that needs to be answered when applying the Howey test is whether the arrangement involves “an investment of money.” According to the latest Ethereum 2.0 GitHub repositories, users must stake 32 Ether to operate a validator node, so the answer quite clearly appears to be “yes.” The fact that the consideration paid is not in the form of cash is irrelevant for purposes of this part of the Howey test.

In a Common Enterprise

The second question that needs to be answered when applying the Howey test is whether the arrangement involves “a common enterprise.” The U.S. federal court system recognizes three different tests, which vary depending upon which federal court circuit has jurisdiction over the matter: (1) horizontal commonality; (2) broad vertical commonality; and (3) narrow vertical commonality.

However, to the extent that the SEC is the agency performing a “careful analysis” of Ethereum 2.0, this is effectively a non-issue. That is because in its Framework for “Investment Contract” Analysis of Digital Assets published on April 3, 2019, the SEC Strategic Hub for Innovation and Financial Technology (FinHub) stated the following: “The [SEC] does not require vertical or horizontal commonality per se, nor does it view a ‘common enterprise’ as a distinct element of the term ‘investment contract.’” Furthermore, FinHub states in its Framework that “in evaluating digital assets, [the SEC has] found that a ‘common enterprise’ typically exists.” Whether the federal courts would side with the SEC on this issue is beyond the scope of this article, but given the foregoing, there is every reason to believe that the SEC (at least) will find this element satisfied in the case of Ethereum 2.0.

With a Reasonable Expectation of Profits

Of all the questions that need to be answered when applying the Howey test, the third, whether Ethereum 2.0 involves a “reasonable expectation of profits,” is the simplest to answer. That is because Ethereum 2.0’s own specifications state the following: “[A validator] is an optional role for users in which they can post ETH as collateral and verify and attest to the validity of blocks to seek financial returns in exchange for building and securing the protocol.” As stated by the U.S. Supreme Court in S.E.C. v. Edwards, 540 U.S. 389 (2004), “[T]he commonsense understanding of ‘profits’ in the Howey test [is] simply ‘financial returns on … investments.’” Thus, this third element of the Howey test is also satisfied.

Derived from the Efforts of Others

The fourth and final question that needs to be answered when applying the Howey test is whether the reasonable expectation of profits from the arrangement being considered is “derived from the efforts of others.” Or, as stated by the Howey court, derived “solely from the efforts of the promoter or a third party.”

Relying upon the explicit language found in Howey, an argument could be made that an arrangement to run a validator node on the Ethereum 2.0 network actually fails this part of the test, because users have to expend quite a bit of effort before they are eligible to collect any “financial rewards.” As stated previously, in order to collect staking rewards / transaction fees, validators must do all of the following: (1) configure and run the validator client software; (2) stake 32 Ether to the validator’s wallet address; (3) maintain a continuous balance of 32 Ether in the validator wallet; (4) ensure that the validator client is updated with the latest software; and (5) ensure that the validator client stays online and can communicate with the network. A failure to perform any of these tasks will result in users losing their right to collect any staking rewards / transaction fees (at least until the problem is rectified), thereby suggesting that the ability to receive any financial returns is derived solely from the efforts of the user, and not “solely from the efforts of [any] promoter or a third party.”

Unfortunately, “in light of the remedial nature of the [U.S. securities] legislation,” the federal courts have “adopt[ed] a more realistic test, whether the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.” It is therefore the efforts which affect the failure or success of the Ethereum Network as a whole which is the correct focus of the analysis, and in fact was the focus of the previously referenced speech made by SEC Director William Hinman in concluding that the current iteration of Ethereum does not implicate securities laws. As stated by Director Hinman,

If the network on which the token or coin is to function is sufficiently decentralized – where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts – the assets may not represent an investment contract.

The ultimate question, then, is whether the rollout of Ethereum 2.0 signals that the Ethereum Network itself is not as “sufficiently decentralized” as the SEC previously thought.

What Does “Sufficiently Decentralized” Mean?

Ever since Director Hinman’s speech was published, much digital ink has been spilled debating the usefulness of a “sufficiently decentralized” standard, with some commentators suggesting that “[i]nnovators should take comfort that this standard for decentralization, properly understood, is not overly burdensome or unrealistic, and seems to permit projects to have significant, necessary centralized leadership” while others arguing that “it is highly problematic to use ‘decentralized’ as a legal standard, for a variety of reasons, from our poor understanding of the concept, to its inevitably shifting nature.” In fact, focusing solely on those two words independent of the rest of Director Hinman’s speech is troublesome, especially considering the fact that even in the context of blockchain protocols, “there is often a lot of confusion as to what this word [decentralization] actually means.”

Whether a blockchain protocol or system is “sufficiently decentralized” for purposes of securities law has far less to do with blockchain technology or even “decentralization” and instead has much more to do with the fundamentals of securities law, which are designed, as Director Hinman put it, “to remove the information asymmetry between promoters and investors.” In particular,

[W]hen the efforts of the third party are no longer a key factor for determining the enterprise’s success, material information asymmetries recede. As a network becomes truly decentralized, the ability to identify an issuer or promoter to make the requisite disclosures becomes difficult, and less meaningful.

…

[O]f course there will continue to be systems that rely on central actors whose efforts are a key to the success of the enterprise. In those cases, application of the securities laws protects the investors who purchase the tokens or coins.

The question that the SEC is therefore likely to be grappling with—given both the manner in which Ethereum 2.0 is being rolled out as well as the new specifications involving PoS—is whether Ethereum can continue to be successful without the involvement of individuals like Vitalik Buterin (one of the co-founders and considered by many to be the “face” of Ethereum) and organizations like the Ethereum Foundation. If the answer is yes, then it is still likely to be considered “sufficiently decentralized” for purposes of the Howey test. Otherwise, it is not. And for the reasons discussed above, if it is no longer “sufficiently decentralized” for purposes of the Howey test, the SEC may conclude that Ethereum 2.0’s PoS implementation implicates U.S. securities law, possibly requiring registration under the Section 12(g) of the Securities Exchange Act of 1934 —something that the Ethereum Foundation is unlikely to want to do.

Is Ethereum 2.0 “Sufficiently Decentralized?”

Exactly how the SEC will come down on this question is anyone’s guess, but guidance can be gleaned from FinHub’s Framework (mentioned above). In particular, the Framework provides several examples which, “[a]lthough [not] necessarily determinative, the stronger their presence, the more likely it is that a purchaser of a digital asset is relying on the ‘efforts of others’” (and thus less likely that the network is “sufficiently decentralized”), including the following:

An AP is responsible for the development, improvement (or enhancement), operation, or promotion of the network, particularly if purchasers of the digital asset expect an AP to be performing or overseeing tasks that are necessary for the network or digital asset to achieve or retain its intended purpose or functionality.

…

An AP has a lead or central role in the direction of the ongoing development of the network or the digital asset.

…

An AP has a continuing managerial role in making decisions about or exercising judgment concerning the network or the characteristics or rights the digital asset represents including, for example[, d]etermining whether and how to compensate persons providing services to the network or to the entity or entities charged with oversight of the network.

…

Purchasers would reasonably expect the AP to undertake efforts to promote its own interests and enhance the value of the network or digital asset, such as where[ t]he AP has the ability to realize capital appreciation from the value of the digital asset. This can be demonstrated, for example, if the AP retains a stake or interest in the digital asset. In these instances, purchasers would reasonably expect the AP to undertake efforts to promote its own interests and enhance the value of the network or digital asset[; or where t]he AP owns or controls ownership of intellectual property rights of the network or digital asset, directly or indirectly.

Applying the examples given above to Ethereum 2.0:

It is generally understood that the specifications for Ethereum 2.0 were developed by a small team at Ethereum Foundation including Vitalik Buterin, and the Ethereum Foundation is primarily responsible for the “development and (in the case of Ethereum 2.0) improvement or enhancement (via the 2.0 upgrade) of the network.” The Ethereum Foundation therefore “has a lead or central role in the direction of the ongoing development of the network or the digital asset” and purchasers of Ether (or those who decide to become validators by staking a minimum of 32 Ether to validator nodes when they come online via the 2.0 rollout) obviously expect the Ethereum Foundation to “perform[] or oversee[] tasks that are necessary for the [Ethereum] network or [Ether] to achieve or retain its intended purpose or functionality.” The Ethereum Foundation gives various independent teams grants to build the specifications, thus “[d]etermining whether and how to compensate persons providing services to the network,” although “[i]t is currently not known how much the Ethereum Foundation spends on its organization and grants every year.” The Ethereum Foundation “owns or controls ownership of intellectual property rights of the network or digital asset,” including “the following trademarks: ETHEREUM, ETHER, ENTERPRISE ETHEREUM and ENTERPRISE ETHEREUM ALLIANCE.” The Ethereum Foundation “retains a stake or interest in the digital asset” as can be demonstrated by the fact that “[t]he Ethereum Foundation’s multisig wallet is known and as of 4/10/19 [held] 645,137 Ether. That equate[d] to ~$118,000,000.”

Do all these factors indicating reliance on the efforts of the Ethereum Foundation for the success of Ethereum 2.0 mean that the SEC is going to reverse its previous-held position that the Ethereum Network is “sufficiently decentralized” and find Ethereum 2.0 as currently spec’d out involves “investment contracts” and therefore securities transactions? Of course not, but as the Framework states, “the stronger their presence, the more likely it is that a purchaser of a digital asset is relying on the ‘efforts of others’” and thus less likely that the network is “sufficiently decentralized,” so the fact that it is now back under SEC review means a reversal is entirely possible.

Conclusion

Note that the purpose of this article is not to create “fear, uncertainty and doubt,” or “FUD” as it is frequently shorthanded in the crypto space. In fact, its purpose is quite the opposite: to encourage those who develop digital asset-based technology to accept the fact that the laws apply to what they’re doing and to proactively engage with regulators to make sure that their work does not run afoul of applicable legal and regulatory frameworks. Failing or refusing to do that can have serious negative consequences not just for the project they happen to be working on, but in the case of Ethereum, which as of this writing maintains the second-largest market capitalization of any cryptocurrency at $13,960,096,932, it can have wide-ranging implications across the entire cryptocurrency market. Regardless of how this unfolds, it is something that needs to be watched very carefully for anyone interested in this asset class.