Deconstructing the SEC’s Cryptocurrency-Suppression Program: Part Two | Arnall Golden Gregory LLP
Origins of Cryptocurrency Prohibition
This is Part II of a series of articles that addresses the Securities and Exchange Commission (“SEC”)’s suppression of cryptocurrency, or what we call private digital money (“PDM”).1 Part I introduced the SEC’s sleight of hand in its anti-cryptocurrency efforts and sources the Agency uses to claim jurisdiction over cryptocurrencies. In Part II, we discuss specific parts of the SEC’s history of suppressing PDM.
As we noted in Part I, the SEC’s program has ignored the jurisdictional limitation imposed on the agency, which is that the SEC can become involved only when a security is sold or transferred; if what is sold is not a security or related to one, then the SEC lacks authority to regulate it. PDM is not a security and, unless the entire conception of security is stretched beyond recognition, it never will be a security. But an agency’s exerted administrative power can obviously exceed its actual authority unless the over-reach is reined in by the courts or by an internally-directed change of direction by its leadership.
The SEC’S Brief History with Cryptocurrencies
With respect to PDM, the SEC has: (1) published materials associating private PDM with fraud and criminality; (2) claimed that PDM is often a security, specifically, a non-standard type of security known as an “investment contract;” (3) required producers of PDM to navigate a security-registration process that the SEC’s Division of Corporation Finance administers at its own pace and with its own, unstated standards as to PDM; and (4) used its Division of Enforcement to bring federal district court and administrative proceedings (“enforcement actions”) against sellers of PDM units who considered PDM not to be a security, who were unsuccessful in the registration process, or who were unwilling to register PDM units for sale, including a company that sold PDM before the SEC had apparently realized, in mid-2017, that PDM was a security.2 The SEC’s enforcement actions against PDM producers reflect a practice of regulation by lawsuit.
SEC Publications Link Bitcoin to Fraud
One can suppress the growth of a market of any product by interrupting buy-sell transactions: discouraging demand and choking off supply. The SEC first addressed the buyer and demand side of the PDM market when it associated PDM with fraud and various forms of criminal conduct. Then, in 2017, it started choking off supply. Before mid-2017, the SEC issued two “investor alerts” concerning Bitcoin, and both referred to SEC v. Shavers, a Ponzi scheme in which the culprit essentially stole depositors’ Bitcoin. The first alert came out on the day that the SEC announced the Shavers case, July 23, 2013,3 and the second some nine months later, on May 7, 2014.4 The SEC’s alarmism about the use of digital currency in such schemes failed to note that fiat money can and routinely is used in fraudulent schemes, including Ponzi schemes; but the SEC has not suggested that U.S. dollars are fraudulent because they, like Bitcoin, have been the medium for fraud.
SEC v. Shavers (2013)
The first SEC lawsuit involving a PDM (Bitcoin) was SEC v. Shavers.5 This case reflected the classic Ponzi scheme, a fraud model in which a fraudster touts proceeds from sales of securities as earnings from the business enterprise’s operations. The business enterprise was a “bank,” originally and aptly named Pirate’s Bank & Trust Company (“Bank”) but renamed Bitcoin Savings & Trust, or BTCST. The founder and principal, Trendon T. Shavers, solicited customer deposits in Bitcoin by promising to arbitrage the Bitcoin for profit and distribute profits of 7% per week per each investor’s deposit.6
The reality differed considerably from the rhetoric. The Bank had no earnings, and Shavers used the most recent deposits to pay interest to earlier depositors and—of course—himself.7 The promises he made and account statements he sent evidenced the contracts. Whether they are called contracts of deposit or debt agreements, these contracts were securities easily characterized as investment contracts.8 Investors paid value to the principal and agent of the Bank on promises that profits from the Bank’s operations would pay them interest on their invested value. On July 23, 2013, the SEC announced the filing of a legal civil action against Shavers and issued an “Investor Alert,” referencing the new action. Under the heading, “Look Out for Potential Scams Using Virtual Currency,” the Investor Alert warned that “the rising use of virtual currencies . . . may entice fraudsters to lure investors into Ponzi and other schemes in which these currencies are used to facilitate fraudulent, or simply fabricated, investments or transactions.”9 It stated that such schemes “may also involve an unregistered offering or trading platform,” and “often promise high returns for getting in on the ground floor of a growing Internet phenomenon.”10
Shavers claimed that because all the Bank’s relevant transactions involved Bitcoin and Bitcoin was not a security, the SEC lacked jurisdiction over the Bank’s transactions with depositors. The SEC contended, and the U.S. district court agreed, that the security was the contract between the Bank and each of its depositors; it was not the currency used to buy the security or generate business profits. Shavers had sold “investment contracts”: (1) the currency, Bitcoin, satisfied the “purchased-for-money” requirement; (2) the Bank was a common enterprise; and (3) the investors expected profits from the efforts of the Bank’s principal, Shavers.11
Although the SEC knew the contract was the security and the currency used was mostly irrelevant, it used Shavers to sully virtual currencies, particularly Bitcoin. The SEC’s July 23, 2013 alert noted that fraudsters could use Bitcoin to lure unwary investors. Bitcoin allows parties to remain anonymous in transactions, and transfers can occur without bank control and visibility.12 On May 7, 2014, the SEC issued a second alert that again rang the alarm bell on Bitcoin.13 The heading read, “Investments involving Bitcoin may have a heightened risk of fraud.”14 The SEC described Bitcoin as a “decentralized, peer-to-peer virtual currency that is used like money—it can be exchanged for traditional currencies such as the U.S. dollar, or used to purchase goods and services, usually online,” but, “[u]nlike traditional currencies, Bitcoin operates without central authority or banks and is not backed by any government.”15
The Alert noted that defrauded investors’ recoveries may be less because “[t]raditional financial institutions (such as banks) are not involved in Bitcoin transactions, making it more difficult to follow the flow of money.”16 To dissuade “investments involving Bitcoin,” the SEC reminded readers that the Securities Investor Protection Corporation (SIPC) typically insures securities accounts at U.S. brokerage firms and the Federal Deposit Insurance Corporation (FDIC) insures certain deposit accounts at U.S. banks, but no one insures Bitcoin held in one’s digital wallet or a Bitcoin exchange.17
The alert did not identify the “heightened risk of fraud” that may be associated with Bitcoin (or any virtual currency), except to note the SEC’s concern that the agency might not be able to call on its customary resources—bank accounting systems—to track the flow of Bitcoin funds. The alert does not distinguish between the risk of an asset losing market value and the risk that a third-party, such as a bank, broker-dealer, or investment company that holds a customer’s asset and “borrows” it to make more money, is unable to replenish the customer account if the third party piles up losses on what it has borrowed from its customers’ accounts. Because banks use a customer’s assets for their money-making purposes18 and have historically not resisted the urge to gamble with those funds, they are heavily regulated. They also benefit from the governmental insurance organization, FDIC, to persuade customers of the safety of their funds (up to the loss limit, that is) and encourage the use of banks’ services. Unlike fiat money and securities, third parties do not come between the owner of Bitcoin and Bitcoin, a point the SEC did not choose to make, so the risk created by using or stealing a customer’s bank account value does not exist with Bitcoin which, as the SEC has noted, does not require the involvement of a bank. The only real risk associated with Bitcoin comes from hacking, which is a ubiquitous risk at this time—including for banks.
The DAO Report (2017)
On July 25, 2017, the SEC issued a Report of Investigation in which it announced that digital tokens of the Decentralized Autonomous Organization (“DAO”) constituted “securities” and, as such, the tokens were subject to the SEC’s regulatory and enforcement jurisdiction (“DAO Report”).19 The DAO Report stated: “Based on the investigation, and under the facts presented, the Commission has determined that DAO Tokens are securities under the Securities Act of 1933.”20
The DAO was a pooled-funds business enterprise that sold units for dollars, used the dollars to invest in projects, and paid profits to unit-holders. Each DAO Token or unit consisted of two distinct products. One was the contract giving the holder a right to the unit’s proportionate share of the DAO’s profits, and the other product was a unit of private currency or PDM. The rights to profits was an equity-type security that would fall under the catch-all term “investment contract;” however, as a digital currency, it was PDM—not a security. The SEC conflated the two functions, transferring the equity-function of the DAO Token to the PDM function. The next step was to attribute silently to standalone PDM in other cases the DAO Token’s function as an equity-type security and cite to the DAO Report as precedent.
Differences Between Shavers and the DAO Matter
The pooled-funds or investment-company type structure of the DAO was not fraudulent, making it different from Shavers’ bank. The security in each of these two matters, although falling in the investment contract category, also differed: in Shavers, the investment contract was a debt-type contract, while in the DAO, it was an equity-type contract. The DAO Token had two distinctly different functions: firstly, it gave its holder a contractual right to earnings of the business enterprise’s investment portfolio; and secondly, it functioned as a virtual currency. The DAO arrangement was also the inverse of the Shavers situation: in Shavers, the portfolio was made of virtual currency, but the contract existed independently of that particular currency; in the DAO matter, the DAO portfolio used regular currency, but the DAO Token was the contract evidencing ownership and giving rights to the business’s earnings. It was only in this function as evidence of the contract—a contract giving rights to the business enterprise’s profits from operations—that the DAO Token was a security under the federal securities laws.21
The SEC’s PDM Program
On September 27, 2017, about two months after issuing its DAO Report, the SEC announced the creation of a new “Cyber Security Unit” (“CSU”) office in the SEC’s Division of Enforcement.22 The CSU was formed to investigate and propose civil actions for, among other things, “[v]iolations involving distributed ledger technology and initial coin offerings,”23 and soon began to identify, investigate, and bring legal actions against entities and individuals that sold, usually quite successfully, large quantities of PDM units.
From 2018 to 2019, the CSU brought over fifteen PDM matters, which included federal court actions, typically unsettled when filed, and administrative proceedings that had settled before filing. In these matters, the agency sought to enjoin and obtain disgorgement and penalties from companies that had sold units of PDM to the public without SEC approval under the Securities Act of 1933 (“Securities Act”).24 In 2020, the unit brought over fifteen additional PDM matters, many of which involved a so-called initial coin offering (“ICO”).25
A pattern emerged of two different types of “violators:” companies and individuals that did not register the PDM under the Securities Act, particularly PDM issued in an ICO, and those that not merely failed to register, but also engaged in fraud in purported violation of the anti-fraud provisions of the Securities Act, typically section 17(a)(1), and the standard anti-fraud provisions of the Securities Exchange Act of 1934 (“Exchange Act”), namely, section 10(b) and Rule 10b-5, which the SEC created to implement section 10(b).
SEC v. Ripple Labs, Inc. (2020)
On December 22, 2020, the SEC filed a 71-page complaint against Ripple Labs, Inc. (“Ripple”) and two individual defendants alleging that Ripple has offered and sold, since 2013, 14.6 billion units of a “digital asset security” called XRP for $1.38 billion USD without registering the XRP units under the Securities Act and without an exemption from registration. The complaint asserts that the “digital asset securities” are investment contract-type securities and their sales violated the registration requirement of the Securities Act.26 The complaint notes that Ripple had sought and “received legal advice as early as 2012,”27 informing Ripple “that under certain circumstances XRP could be considered an ‘investment contract’ and therefore a security under the federal securities laws,”28 an important point, given that the SEC had not itself reached this legal conclusion until mid-2017. The complaint cites to the DAO Report and its “advising ‘those who would use . . . distributed ledger or blockchain-enabled means for capital raising to take appropriate steps to ensure compliance with the U.S. federal securities laws,’ and finding that the offering of digital assets at issue in that report were investment contracts and, therefore, securities.”29
According to the complaint, Ripple offered XRP tokens “as an investment into a common enterprise that included Ripple’s promises to create a liquid secondary market.”30 Implicitly, the “enterprise” is not a separate accounting entity—whether formalized or not—but is, instead, the “effort” Ripple promised to make and did make to develop a secondary market for the XRP tokens, which did increase the selling price of XRP tokens on both the secondary and primary markets. Demand in a secondary market is the only way in which buyers could recover their purchase price and a possible profit upon resale of their XRP tokens, as Ripple does not distribute its revenue as interest or its retained earnings as dividends to token-holders. This “effort” was apparently “common” to Ripple and XRP token buyers because they both stood to gain with a strong secondary market: buyers of XRP tokens could resell the tokens at a possible profit into the secondary market and Ripple, using revenue from token sales to increase demand, could profit from limited sales into a primary market. Ripple’s profit, however, was not from selling financial claims (securities) against Ripple, but only from selling products to customer-investors.31
Ripple filed an answer on January 29, 2021, and the SEC filed an amended complaint on February 18, 2021; on March 4, 2021, Ripple filed its answer to the amended complaint. Discovery is currently scheduled to be completed in mid-August 2021. The parties have estimated that if the matter is tried before a jury, the trial will most likely last two weeks.32
Having considered the SEC’s brief history with PDM and the agency’s move to regulate cryptocurrencies by characterizing them as securities, in Part III, we will discuss the similarities between PDM and digital collectibles and compare the digital token to the concept of a “security.” Ultimately, the SEC’s attempts to capture cryptocurrencies as securities puts any form of digital token, including Non-Fungible Tokens (“NFTs”), at risk of being swept into the SEC’s dragnet.
 PDM is money of account that differs from fiat money insofar as: (1) it is not put into the economy by means of a central bank—it is private “currency,” although it is not manifested, even in part, by paper or metal; and (2) it is not listed as a claim—either as debt or equity or some hybrid—on the balance sheet of the business enterprise that produces and sells (issues) it, but is a product of operations, like a good or service, albeit one that may be bundled with a promise—like a warranty—to provide additional performances, such as construct a blockchain; and (3) it has an origin that differs from fiat money.
PDM is not a virtual banknote, such as a Federal Reserve note. Banknotes originated as receipts for value, like precious metal, that a party deposited with the bank, thus creating a liability for the bank. Public money is a money of account that includes currency and coin, units of money that are manifested in paper as currency or in metal as coin. We will discuss security tokens, which are securities, later in the series and distinguish them from PDM or more generic digital tokens or digital assets.
 Complaint, SEC v Ripple Labs, Inc., Case No. 1:20-cv-10832, ¶ 1 (SDNY Dec. 22, 2020), https://www.sec.gov/litigation/complaints/2020/comp-pr2020-338.pdf (“Ripple Complaint”).
 SEC, Office of Investor Education & Advocacy, Investor Alert: Ponzi schemes Using virtual Currencies (July 23 2013), https://www.sec.gov/investor/alerts/ia_virtualcurrencies.pdf.
 SEC, Office of Investor Education & Advocacy, Investor Alert: Bitcoin and Other Virtual Currency-Related Investments (May 7, 2014), https://www.sec.gov/oiea/investor-alerts-bulletins/investoralertsia_bitcoin.html.
 The SEC complaint is available at https://www.sec.gov/litigation/complaints/2013/comp-pr2013-132.pdf.
 Shavers started offering demand deposit accounts in September 2011. In July 2012, he dropped the Bank’s weekly interest rate from 7% to 3.9%, but by August 2012, his scheme had collapsed.
 Shavers transferred 150,649 Bitcoin tokens, worth about $968,000 at that time, into his own account.
 Debt that is not statutorily exempted.
 July 23, 2013 Investor Alert, supra note 3, at 1.
 SEC v. Shavers, No. 4:13-CV-416, 2014 WL 4652121, at *3-4 (E.D. Tex. Sep. 18, 2014).
 July 23, 2013 Investor Alert, supra note 3.
 May 7, 2014 Investor Alert, supra note 4.
 Id. (emphasis in original). The U.S. government does not issue Federal Reserve notes that make up the U.S. currency. A note requires the maker of the note, in this case, the Federal Reserve Bank, to “pay” the note, but the assets the Federal Reserve Bank holds to offset its liabilities consists mostly of U.S. Treasury debt. The taxpayer holding a Federal Reserve Note, in effect, pays the U.S. Treasury debt and, therefore, pays the note—“the asset”—he or she holds.
 Id. This is a business opportunity for some. Lester Coleman, Insurance Giants See ‘Big Opportunity’ in Cryptocurrency Storage Coverage, yahoo!Finance (July 21, 2018), https://finance.yahoo.com/news/insurance-giants-see-big-opportunity-163341835.html.
 As for broker-dealers, see G. Tepe, Broker-Dealer Use of “Idle” Customer Assets: Customer Protection with Sweep Programs and Securities Lending (2016), https://academiccommons.columbia.edu/doi/Text-4269-1-10-20190610.pdf.
 SEC, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exch. Act Rel. No. 81207 (July 25, 2017) (“DAO Report”). https://www.sec.gov/litigation/investreport/34-81207.pdf. The SEC issued the DAO Report under Section 21(a) of the Securities Exchange Act of 1934 (“Exchange Act”), 15 USC § 78u(a). Section 78u(a)(1) authorizes the SEC to investigate possible violations of the Exchange Act and “[to] publish information concerning violations, and to investigate any facts, conditions, practices, or matters which it may deem necessary or proper to aid in the enforcement of such provisions, in the prescribing of rules and regulations under this chapter, or in securing information to serve as a basis for recommending further legislation concerning the matters to which this chapter relates.” Id.
 DAO Report, supra note 19, at 1.
 The DAO Report did not provide this clarity—this is the interpretation the agency should have provided. Instead, as noted above, the SEC collapsed the two functions of the DAO Token and failed to note what it had done.
 We suspect the SEC was punning in choosing the two-word spelling for “cybersecurity.” Whether one or two words, the term refers to the practice and processes of protecting computers (and related technology) from intrusion or destruction. It also refers to the state of being protected. By itself “cyber” is an adjective for computers, and “security” can have the second meaning of a financial product. In this second sense, “cyber security” would be a neologism meaning a computer-created security or computer-only security.
 SEC, Press Release: SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors (Sep. 25, 2017), https://www.sec.gov/news/press-release/2017-176.
 Approval can be in different forms: registration or approved exemption from registration, for instance, by means of a Regulation A exemption. See Regulation A, 17 CFR § 230.251-.263 (2020), https://www.ecfr.gov/cgi-bin/text-idx?SID=c395f9ef73e021327612e76dda074813&mc=true&node=sg17.3.230_1240.sg2&rgn=div7.
 The use of the term initial coin offering or ICO draws a parallel between sales of PDM units and sales of common stock in an initial public offering or IPO, and implicitly equates units of PDM with units of common stock. After an IPO, the public owns some portion of the issuer; after a typical ICO, the public has no ownership of the PDM-producer.
 Complaint, SEC v Ripple Labs, Inc., Case No. 1:20-cv-10832, ¶ 1 (SDNY Dec. 22, 2020), https://www.sec.gov/litigation/complaints/2020/comp-pr2020-338.pdf (“Ripple Complaint”).
 The complaint noted that a law firm provided two legal memoranda dating from 2012 that addressed the risk that XRP could be an investment contract and, therefore, a “security” under the federal securities laws. Ripple Complaint, ¶ 52. The legal memoranda “warned that XRP was unlikely to be considered ‘currency’ under the Exchange Act because, unlike ‘traditional currencies,’ XRP was not backed by a central government and was not legal tender.” Id. ¶ 54. Since the SEC appears to have obtained access to documents providing legal advice, which would normally be shielded by attorney-client privilege, it seems that Ripple may either have waived its attorney-client privilege during the SEC’s investigation or attempted to rely on the advice of counsel defense, which could have resulted in a waiver.
 Id. at ¶ 3.
 Id. at ¶ 37 (alterations in original).
 Id. at ¶ 213.
 For reasons that will become clear as we publish the follow-on articles in this series, this is the argument that Ripple’s attorneys should make to the court.
 Civil Case Management Plan and Scheduling Order, Case No. 1:20-cv-10832 (SDNY Feb. 22, 2021).