What is Ethereum?

Simply put, Ethereum uses the same underlying technology as Bitcoin (the blockchain), but instead of providing the world with a digital currency, it provides the world with a global computer:

What Ethereum intends to provide is a blockchain with a built-in fully fledged Turing-complete programming language that can be used to create “contracts” that can be used to encode arbitrary state transition functions, allowing the users to create [any system capable of running on a computer], simply by writing up the logic in a few lines of code.

(From the original Ethereum whitepaper by Vitalik Buterin.)

The first concept to understand is the underlying blockchain technology, which powers Bitcoin and the wide array of altcoins:

Suppose Alice wants to send 11.7 BTC to Bob. First, Alice will look for a set of available [unspent money sources] that she owns that totals up to 11.7 BTC. Realistically, Alice will not be able to get exactly 11.7 BTC; say that the smallest she can get is 6+4+2=12. She then creates a transaction with those three inputs and two outputs. The first output will be 11.7 BTC with Bob’s address as its owner, and the second output will be the remaining 0.3 BTC “change,” with the owner being Alice herself.

If we had access to a trustworthy centralized service, this system would be trivial to implement; it could simply be coded exactly as described. However, we are trying to build a decentralized currency system, so we will need to combine the state transition system with a consensus system to ensure that everyone agrees on the order of transactions. Bitcoin’s decentralized consensus process requires nodes in the network to continuously attempt to produce packages of transactions called “blocks” . . . with each block containing a timestamp, a nonce, a reference to (ie. hash of) the previous block and a list of all of the transactions that have taken place since the previous block. Over time, this creates a persistent, ever-growing, “blockchain” that constantly updates to present the latest state of the Bitcoin ledger.

Exchanges Required to Maintain Cash Reserves in Hawaii and Wyoming

Apparently Hawaii has now joined Wyoming in requiring Bitcoin exchanges to maintain cash reserves equal to their customers’ digital currency balances:  http://www.coindesk.com/coinbase-just-stopped-serving-bitcoin-hawaii/

I haven’t seen an explanation for the rationale behind this move, but it seems counterintuitive. Exchanges would essentially need to keep twice as much money on hand as their customers have deposited (the cryptocurrency balance and the fiat equivalent.) It is hard to see how any exchange could survive such a regulation. Indeed, that is what motivated Coindesk’s story: Coinbase has announced that it is pulling out of Hawaii due to the regulation.

Bitcoin Privacy and Anonymity

Is Bitcoin anonymous? Maybe.

Is Bitcoin private? No.

(I borrowed this distinction, which I think is excellent, from Coindesk.)

What do I mean by that? The entire blockchain is public. Every transaction can be viewed by everyone. (Though some alt-coins, like Monero, are designed to “fix” this problem. And some projects, like payment codes, are designed to increase privacy on the Bitcoin blockchain.)

But if an individual Bitcoin address can be linked to an identity, that Bitcoin address can be used to discover other addresses held by the same person and addresses held by other people. A couple different techniques are described here and here.

There are also suggestions that law enforcement agencies have built tools for matching accounts to identities. Examples here and here. Those tools may be based on known techniques or on something entirely new.

Defining More Terms

Today, I am borrowing heavily from Andreas M. Antonopoulos’ book Mastering Bitcoin for more term definitions.

Address

Coindesk says:

A bitcoin address is used to receive and send transactions on the bitcoin network. It contains a string of alphanumeric characters, but can also be represented as a scannable QR code. A bitcoin address is also the public key in the pair of keys used by bitcoin holders to digitally sign transactions (see Public key).

Antonopoulos adds:

A bitcoin address look like 1DSrfJdB2AnWaFNgSbv3MZC2m74996JafV. It consists of a a string of letters and numbers starting with a “1” (number one). Just like you ask others to send an email to your email address, you would ask others to send you bitcoin to your bitcoin address.

This explanation gives a peek into a much deeper topic. While I am tempted to discuss public and private keys here, I’ll discuss those later. For now, I’ll just offer a warning: Addresses are not account numbers. They are more like a serial number for a check. You can write any amount you want on the check. It can be one bitcoin or a thousand. But the check can’t be reused. Every time a transaction occurs in bitcoin, a new address is created.

BIP

Antonopoulos says:

Bitcoin Improvement Proposals. A set of proposals that members of the bitcoin community have submitted to improve bitcoin. For example, BIP0021 is a proposal to improve the bitcoin uniform resource identifier (URI) scheme.

Block

Antonopoulos says:

A grouping of transactions, marked with a timestamp, and a fingerprint of the previous block. The block header is hashed to produce a proof of work, thereby validating the transactions. Valid blocks are added to the main blockchain by network consensus.

 

Blockchain

Coindesk says:

The full list of blocks that have been mined since the beginning of the bitcoin cryptocurrency. The blockchain is designed so that each block contains a hash drawing on the blocks that came before it. This is designed to make it more tamperproof.

To add further confusion, there is a company called Blockchain, which has a very popular blockchain explorer and bitcoin wallet.

Antonopoulos says:

A list of validated blocks, each linking to its predecessor all the way to the genesis block.

Confirmations

Antonopoulos says:

Once a transaction is included in a block, it has one confirmation. As soon as another block is mined on the same blockchain, the transaction has two confirmations, as so one. Six or more confirmations is considered sufficient proof that a transaction cannot be reversed.

Blockchain Technology Applied to the Stock Market

The opinion in In re Dole Food Co. Inc Stockholder Litigation, CA 8703-VCL (Del. Ch. Feb. 15 2017) offers an interesting window into places where blockchain technology could substantially improve current systems. In November 2013, Dole Food Co. went private. Some shareholders filed a lawsuit, seeking additional consideration (more money per share) for the going-private transaction.

The shareholders and the company eventually settled. A price was agreed upon, the class size was defined as 36,793,758 shares, and the settlement was approved. Only one problem: When the claim forms came back, there appeared to be 49,164,415 shares.

Turns out that no one had accounted for a few different quirks of the current system. The Court pointed to at least two problems:  (1) the T+3 day clearing rule for trades and (2) the accounting for short sales (technically both the owner of the shares and the short seller hold the shares). The Court ultimately throws up its hands and approves distributing the additional settlement consideration to the same people who received the merger consideration in the first place, which was a known, well-defined list.

But in its frustration with the current system, the Court notes that distributed ledger technology would likely have prevented these issues:

This problem is an unintended consequence of the top-down federal solution to the paperwork crisis that threatened Wall Street in the 1970s. Through the policy of share immobilization, Congress and the Securities and Exchange Commission addressed the crisis using the 1970s-era technologies of depository institutions, jumbo paper certificates, and a centralized ledger. See generally In re Appraisal of Dell Inc. (Dell Ownership), 2015 WL 4313206, at *3–7 (Del. Ch. July 30, 2015).

It was an incomplete solution at the time. Since then, despite laudable and largely successful efforts by the incumbent intermediaries to keep the system working, the problems have grown. See, e.g., In re Appraisal of Dell Inc., 143 A.3d 20, 59 (Del. Ch. 2016) (holding that under current Delaware law, beneficial owners forfeited their appraisal rights by inadvertently voting in favor of the merger due to complexities created by depository system); Dell Ownership, 2015 WL 4313206, at *9–10 (holding that under current Delaware law, beneficial owners forfeited their appraisal rights due to administrative change in the name of the nominee on the share certificate necessitated by depository system).

Distributed ledger technology offers a potential technological solution by maintaining multiple, current copies of a single and comprehensive stock ownership ledger. The State of Delaware has announced its support for distributed ledger initiatives. See Marco A. Santori, Governor Jack Markell Announces Delaware Blockchain Initiative, global       Delaware       Blog        (June      10,     2016),      http://global.blogs. delaware.gov/2016/06/10/delaware-to-create-distributed-ledger-based-share-ownership-

Where Are Digital Assets Located?

This seems like a silly question until you realize that it’s actually critical for determining jurisdiction. In other words, what court can order me to hand over cryptocurrency? What court can order me to pay taxes on that cryptocurrency? Where do I owe taxes on it? These are all important and open questions, and they apply to all intangible digital assets. Recently, the Second Circuit decided a case that many are watching as a bellwether for these issues.

In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation, 829 F.3d 197 (2d Cir. 2016) [Link] [Denial of En Banc Review]

Summary: Stored Communications Act authorizes government subpoenas for e-mail communications, but does not reach extraterritorial communications. E-mails stored on a Microsoft server in Ireland are located extraterritorially and beyond the reach of an SCA Warrant, even though a Microsoft employee could retrieve the e-mails from terminals in the United States.

Facts:

Microsoft Corporation appeals from orders of the United States District Court for the Southern District of New York denying its motion to quash a warrant (“Warrant”) issued under § 2703 of the Stored Communications Act (“SCA” or the “Act”), 18 U.S.C. §§ 2701 et seq., and holding Microsoft in contempt of court for refusing to execute the Warrant on the government’s behalf. The Warrant directed Microsoft to seize and produce the contents of an e-mail account that it maintains for a customer who uses the company’s electronic communications services. . . .

Microsoft produced its customer’s non-content information to the government, as directed. That data was stored in the United States. But Microsoft ascertained that, to comply fully with the Warrant, it would need to access customer content that it stores and maintains in Ireland and to import that data into the United States for delivery to federal authorities. It declined to do so. Instead, it moved to quash the Warrant. The magistrate judge, affirmed by the District Court (Preska, C.J.), denied the motion to quash and, in due course, the District Court held Microsoft in civil contempt for its failure.

. . . .

One of Microsoft’s datacenters is located in Dublin, Ireland . . . . According to Microsoft, when its system automatically determines, “based on [the user’s] country code,” that storage for an e-mail account “should be migrated to the Dublin datacenter,” it transfers the data associated with the account to that location. . . .

. . . .

Microsoft asserts that, after the migration is complete, the “only way to access” user data stored in Dublin and associated with one of its customer’s web-based e-mail accounts is “from the Dublin datacenter.” Id. at 37. Although the assertion might be read to imply that a Microsoft employee must be physically present in Ireland to access the user data stored there, this is not so. Microsoftacknowledges that, by using a database management program that can be accessed at some of its offices in the United States, it can “collect” account data that is stored on any of its servers globally and bring that data into the United States. Id. at 39-40.

Issues, Holdings, and Discussion:

  1. Do the warrant provisions of the Stored Communications Act contemplate extraterritorial application? No:

We dispose of the first question with relative ease. The government conceded at oral argument that the warrant provisions of the SCA do not contemplate or permit extraterritorial application.

. . . .

When Congress intends a law to apply extraterritorially, it gives an “affirmative indication” of that intent. Morrison, 561 U.S. at 265, 130 S.Ct. 2869. . . . We see no such indication in the SCA.

. . . .

The government asserts that “[n]othing in the SCA’s text, structure, purpose, or legislative history indicates that compelled production of records is limited to those stored domestically.” Gov’t Br. at 26 (formatting altered and emphasis added). . . . We find this argument unpersuasive: It stands the presumption against extraterritoriality on its head. It further reads into the Act an extraterritorial awareness and intention that strike us as anachronistic, and for which we see, and the government points to, no textual or documentary support.

Congress’s use of the term of art “warrant” also emphasizes the domestic boundaries of the Act in these circumstances.

. . . .

The term is endowed with a legal lineage that is centuries old.

. . . .

As the term is used in the Constitution, a warrant is traditionally moored to privacy concepts applied within the territory of the United States: “What we know of the history of the drafting of the Fourth Amendment … suggests that its purpose was to restrict searches and seizures which might be conducted by the United States in domestic matters.” In re Terrorist Bombings of U.S. Embassies in East Africa, 552 F.3d 157, 169 (2d Cir. 2008) (alteration omitted and ellipses in original) (quoting United States v. Verdugo-Urquidez, 494 U.S. 259, 266, 110 S.Ct. 1056, 108 L.Ed.2d 222 (1990)). Indeed, “if U.S. judicial officers were to issue search warrants intended to have extraterritorial effect, such warrants would have dubious legal significance, if any, in a foreign nation.” Id. at 171. Accordingly, a warrant protects privacy in a distinctly territorial way.

2. By requiring Microsoft personnel in the United States to retrieve data located in a Dublin datacenter, would the warrant reach extraterritorially? Yes:

Because the content subject to the Warrant is located in, and would be seized from, the Dublin datacenter, the conduct that falls within the focus of the SCA would occur outside the United States, regardless of the customer’s location and regardless of Microsoft’s home in the United States. Cf. Riley v. California, ___ U.S. ___, 134 S.Ct. 2473, 2491, 189 L.Ed.2d 430 (2014) (noting privacy concern triggered by possibility that search of arrestee’s cell phone may inadvertently access data stored on the “cloud,” thus extending “well beyond papers and effects in the physical proximity” of the arrestee).

The magistrate judge suggested that the proposed execution of the Warrant is not extraterritorial because “an SCA Warrant does not criminalize conduct taking place in a foreign country; it does not involve the deployment of American law enforcement personnel abroad; it does not require even the physical presence of service provider employees at the location where data are stored…. [I]t places obligations only on the service provider to act within the United States.” In re Warrant, 15 F.Supp.3d at 475-76. . . . [T]he magistrate judge’s observations overlook the SCA’s formal recognition of the special role of the service provider vis-à-vis the content that its customers entrust to it. In that respect, Microsoft is unlike the defendant in Marc Rich and other subpoena recipients who are asked to turn over records in which only they have a protectable privacy interest.

The government voices concerns that, as the magistrate judge found, preventing SCA warrants from reaching data stored abroad would place a “substantial” burden on the government and would “seriously impede[]” law enforcement efforts. Id. at 474. The magistrate judge noted the ease with which a wrongdoer can mislead a service provider that has overseas storage facilities into storing content outside the United States. He further noted that the current process for obtaining foreign-stored data is cumbersome. That process is governed by a series of Mutual Legal Assistance Treaties (“MLATs”) between the United States and other countries, which allow signatory states to request one another’s assistance with ongoing criminal investigations, including issuance and execution of search warrants. See U.S. Dep’t of State, 7 Foreign Affairs Manual (FAM) § 962.1 (2013), available at fam.state.gov/FAM/07FAM/07FAM0960.html (last visited May 12, 2016) (discussing and listing MLATs). And he observed that, for countries with which it has not signed an MLAT, the United States has no formal tools with which to obtain assistance in conducting law enforcement searches abroad.

These practical considerations cannot, however, overcome the powerful clues in the text of the statute, its other aspects, legislative history, and use of the term of art “warrant,” all of which lead us to conclude that an SCA warrant may reach only data stored within United States boundaries. Our conclusion today also serves the interests of comity that, as the MLAT process reflects, ordinarily govern the conduct of cross-boundary criminal investigations. . . .

Thus, to enforce the Warrant, insofar as it directs Microsoft to seize the contents of its customer’s communications stored in Ireland, constitutes an unlawful extraterritorial application of the Act.

Comments:

Exchanges Blocking Bitcoin Withdrawals

Big news broke today that two major Chinese exchanges are blocking Bitcoin withdrawals: http://www.coindesk.com/two-chinas-biggest-exchanges-stop-bitcoin-withdrawals/

What does that mean, and should it affect how people are managing their Bitcoin assets?

What does that mean? The answer is that I’m not sure. But it’s important to understand that exchanges often don’t provide you with the tools needed to directly manage your bitcoins. Take Coinbase as an example. It’s a well-known, reliable U.S. exchange. I would happily use it to exchange fiat to bitcoins and vice versa. And I would happily use it to store a small amount of bitcoins.

But it’s important to understand that Coinbase can deny you the ability to withdraw your bitcoins at any time. Coinbase provide “wallet addresses” to which bitcoins can be sent. Behind the scenes, Coinbase will (usually) make sure that bitcoins sent to these addresses get credited to your account. But these are not always public keys on the blockchain. More importantly, you do not have your private key. You cannot sign transactions or withdraw bitcoins if Coinbase doesn’t want you to do it.

 

Should it affect how people are managing their Bitcoin assets? It depends. There are advantages to exchanges. But I think most Bitcoin assets should be in hardware wallets. For corporate assets, they should be in hardware multi-sig wallets, which I’ll discuss in a future post.