Welcome, Glitches! Today’s main topic is financial software that can operate without human control—something on which crypto advocates and policymakers haven’t been able to find common ground. An interesting new proposal has the potential to change that.
In this issue:
Define: DeFi
ODDS/ENDS
Someone deepfaked Joe Biden’s voice; now the White House is pro-crypto(graphy)
Google and Meta want nutrition labels for AI content
Farcaster Frames, so hot right now
Bitcoin goes ZK
An argument for blockchain systems as “critical infrastructure”
We’ve said it before: the legal impasse between the US Treasury and cryptocurrency advocates over blockchain-based applications like Tornado Cash has implications beyond crypto. How it plays out could very well define the future of financial regulation—and in turn financial software itself—for decades to come.
At the center of the argument is the question of whether it’s even possible for the Treasury’s anti-money-laundering division to regulate a blockchain application that can’t be controlled by any individual or group. A new paper by a trio of pro-crypto policy wonks argues that it is not possible—and proposes a fresh approach that treats “genuine” decentralized finance (DeFi) protocols not as financial institutions but as open-source communications software.
The paper’s authors—Polygon Labs’s general counsel Rebecca Rettig, its senior public policy lead Katja Gilman, and Michael Mosier, who has seen both sides of the coin as a former head of Treasury’s financial crimes unit and former general counsel for crypto startups—acknowledge that not everything calling itself “DeFi” is really DeFi.
In its purest form, DeFi is a completely alternative set of financial rails that has no gatekeepers because it runs on public blockchain networks. But some projects trying to crowd under the umbrella are not actually that, the authors write. Somewhere along the line, someone has what Rettig, Gilman, and Mosier call “independent control”: the power to unilaterally modify or even shut down the system.
The use of the term “independent control” isn’t a coincidence: the Treasury has used it before, as part of a 2019 guidance on “certain business models involving convertible virtual currencies.” Though that guidance didn’t delve much into the nuance of how DeFi protocols work, it introduced the notion that whether an individual or entity is subject to the requirements of America’s anti-money-laundering law, called the Bank Secrecy Act (BSA), depends on if they have “independent control” over the value in a business’s crypto wallet.
If it’s possible to identify someone or some group that has independent control over a blockchain-based financial application, the authors of the new paper argue, regulators can and should apply traditional approaches, which rely on financial intermediaries like banks and other institutions to keep track of their customers’ identities and report certain kinds of suspicious transactions.
But if no one has independent control, traditional regulation won’t work because there are no intermediaries to lean on, Rettig, Gilman, and Mosier argue. They say the feds should look beyond the BSA.
And they have a bold proposal.
First, they posit that a genuine DeFi protocol is not a financial institution—it’s a communications tool. “Traditionally, communications tools and communications providers (e.g. telephone and internet infrastructure companies)—even to communicate one’s intention to complete an economic transaction, or, in fact, moving bits and bytes that represent actual value—are not classified as financial institutions subject to the BSA.”
Instead, they argue, DeFi protocols should fall into the purview of agencies devoted to cybersecurity, starting with the Cybersecurity and Infrastructure Security Agency (CISA). CISA has identified 16 “critical infrastructure” sectors, including the financial sector, and it works across agencies to manage risks in those sectors. Rettig, Gilman, and Mosier say CISA should classify genuine DeFi as critical infrastructure.
Whether it is truly “critical” is debatable, they acknowledge, as DeFi isn’t (yet) big enough to represent a threat to the traditional financial system. On the other hand, the government appears extremely concerned about the national security risks of platforms like Tornado Cash.
Deeming DeFi critical infrastructure would be far from the end of it. Combating illicit finance “will require a multi-tiered approach consistent with the ways in which technology is used and continues to develop,” the authors write. For example, they say CISA could work with Treasury to develop ways of managing risk based on the wealth of transaction information available via public blockchains. It’s possible to use this information to “detect, document, and deter illicit actors from finalizing transactions on a blockchain network,” the authors say.
Many businesses running blockchain nodes today already block sanctioned countries and addresses. Rettig, Gilman, and Mosier note that blockchain analytics firms have also developed software that can score “wallet risk” based on factors including exposure to sanctioned wallets or wallets associated with known criminal activity.
It’s a strange question, but we have to ask: Do US federal policymakers acknowledge that “genuine DeFi” exists? Or do they classify it as crypto fan fiction?
Because if Rettig, Gilman, and Mosier are right, these protocols aren’t institutions or businesses—they are pieces of open-source software whose operation is under no one’s control. And using old approaches to mitigate the illicit finance risks associated with genuine DeFi will be ineffective. If Treasury’s anti-money-laundering measures are a hammer, these aren’t nails.
If that’s true, sooner or later it will become obvious—even to crypto-skeptical policymakers—that they are using the wrong tool. —Mike Orcutt
ODDS/ENDS
“Cryptographically verify” everything from the White House. That’s the goal, White House AI advisor Ben Buchanan told Business Insider. This comes after a robocall went out to voters in New Hampshire last month in which an AI-generated voice that sounded like President Biden urged people not to vote in the primary election. What technology, exactly, do they intend to use to do the verifying? No word on that.
Meanwhile, Google and Meta say we need standardized labels for AI-generated content. Google is joining an effort that’s already been underway for a few years called the Coalition for Content Provenance and Authenticity, or C2PA. However, researchers at Stanford have pointed out that the current C2PA standard, which relies on cameras adding digital signatures to image metadata, is still vulnerable. Zero-knowledge cryptography fixes that, they say.
Crypto fans are obsessed with Farcaster Frames. Farcaster, a decentralized social media protocol that runs on the Ethereum Layer 2 network Optimism, became a main character overnight last week thanks to a feature called Frames, which weaves the old web together with “web3” in a way we haven’t quite seen before. Think social media posts with buttons, like Twitter polls, but on crypto steroids. Users can connect their wallets, mint NFTs, interact with other websites, and even buy things using crypto—all without leaving whatever Farcaster app they are using. Could it be that those crazy crypto heads are really onto something here?
Fellow Twitter clone Bluesky is now open to everyone, and its developers say they will soon release its underlying protocol for building decentralized social media apps. We explored some of the interesting new technology under Bluesky’s hood way back in Glitch #2.
The developers behind Bitcoin’s first zero-knowledge (ZK) rollup say it will help the network deal with increasing congestion and fees. Crypto OGs remember the fierce debates in the mid-2010s over whether and how to scale Bitcoin’s network. Then the rise of Ethereum and “crypto” seemed to drown much of that out. But thanks to the recent growth in the popularity of Ordinals, Bitcoin’s version of an NFT, the scaling debate is back. Enter Citrea, Bitcoin’s first-ever zero-knowledge (ZK) rollup, a Layer 2 network similar to several already running on Ethereum and other chains.
Disney has invested $1.5 billion in Epic Games to build a “persistent, open, and interoperable ecosystem that will bring together the Disney and Fortnight communities.” That’s certainly an intriguing boatload of buzzwords and cash.
News website Semafor has launched a newsfeed that will rely on tools from Open AI and Microsoft. Called “Signals,” it “responds to the deep and continuing shifts in the digital media landscape and the post social news moment, and to the risks and opportunities posed by artificial intelligence,” Semafor’s editors said.
The Linux Foundation has launched a new “Post Quantum Cryptography Alliance.” The group will try to get ahead of security problems expected to arise when quantum computing takes off.
Lawmakers in nearly a dozen US states have proposed legislation that would take action to oppose the introduction of central bank digital currency (CBDC). According to Ledger Insights, some prevent the state from accepting CBDC as payment, many block participation in any sort of CBDC trials, and some are even trying to exclude a CBDC from the definition of money in the Uniform Commercial Code, a set of rules that businesses in all states have adopted to govern commercial transactions.
Glitch is powered by its readers! Please, like, subscribe and share!
Also, follow us on Twitter or get corporate with us on LinkedIn—if you want.