At a glance.
- US state securities regulators crack down on crypto markets.
- US military found to be using Team Cymru internet tracking tool.
- Could the SEC have jurisdiction over all Ethereum transactions?
US state securities regulators crack down on crypto markets.
The Washington Post describes how Joe Borg, director of the Alabama Securities Commission, and other state regulators have made headway in policing the ever-expanding cryptocurrency market, succeeding where federal regulators have seemingly failed. As Alabama’s chief financial watchdog, Borg worked with his counterparts in states like Kentucky and Texas to issue cease and desist orders against crypto banks Celsius and Voyager this summer, leading the banks to declare bankruptcy. And it’s not the first time; in 2021 state regulators filed a cease-and-desist order against BlockFi, resulting in the crypto bank paying a $100 million settlement. The US Securities and Exchange Commission (SEC) got involved only after the case was largely settled.
Speaking about the Celsius/Voyager case, Texas State Securities Board enforcement director Joe Rotunda said, “I didn’t anticipate we would end up in the driver’s seat. There’s a lot of money on the table, these are very complex cases, and it would be the job of the national regulator. I don’t know why the SEC isn’t out there in these areas right now.” Rotunda is not the only one wondering why the SEC isn’t at the forefront of these operations. John Reed Stark, a crypto critic who formerly headed the SEC Office of Internet Enforcement noted, “The states were on very solid ground, acting courageously and swiftly, and the SEC should have really followed those footsteps as fast as they could.” SEC chair Gary Gensler insists the Commission is doing its part, stating, “We’ve worked well with the states. I think the firms could have done a lot more to protect the public. I think the firms could do a lot more still to protect the public. And that’s why I continue to say, come in, work with us, find a path to registration, comply with the laws.”
US military found to be using Team Cymru internet tracking tool.
According to documents reviewed by the investigators at Motherboard, as well as a whistleblower who recently contacted the US Senate, multiple branches of the US military have purchased access to Augury, an internet monitoring tool that claims to track 93% of the world’s internet traffic. Vice explains that with this tech, the military could gain access to the data in individuals’ email accounts, browsing history, and other internet activity. Augury is developed by cybersecurity firm Team Cymru, and according to a description found in its marketing documents, “The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day.” This includes packet capture data (PCAP), highly detailed information about network activity related to email, remote desktop, and file sharing protocols that one cybersecurity expert described as “everything” it’s possible to capture about a user’s data.
The whistleblower submitted a letter to Senator Ron Wyden claiming the civilian law enforcement arm of the Navy called the Naval Criminal Investigative Service, or NCIS, is purchasing data from Team Cymru that include both “netflow records and some communications content” without a warrant. Though use of platforms like Augury is not illegal, the procurement of the data by NCIS could constitute a violation of the Fourth Amendment. When asked about the allegations, the Navy Office of Information’s Charles E. Spirtos said that NCIS specifically “conducts investigations and operations in accordance with all applicable laws and regulations. The use of net flow data by NCIS does not require a warrant.” Still, Senator Wyden has asked oversight branches of the Departments of Homeland Security, Justice, and Defense to “investigate the warrantless purchase and use of Americans’ internet browsing records by the agencies under your jurisdictions.”
Could the SEC have jurisdiction over all Ethereum transactions?
On Monday the SEC filed a federal lawsuit against Ian Balina, a crypto influencer who failed to register a cryptocurrency as a security before launching an initial coin offering (ICO) in 2018. The SEC has filed suits of this kind before, but what sets this case apart is the SEC says it’s suing Balina not just because he conducted transactions in the US, but because, in their eyes, the US government has jurisdiction over the entire Ethereum network. The regulator’s reasoning is that all of the Ethereum transactions technically took place in the US because they were “validated by a network of nodes on the Ethereum blockchain, which are clustered more densely in the United States than in any other country.” In other words, all Ethereum transactions, regardless of where in the world they take place, should be considered American in origin.
University of Kentucky law professor Brian Fyre told Decrypt, “Saying that enables [the SEC] to characterize doing business on the Ethereum blockchain, as doing business on a US securities exchange. Which, from their regulatory perspective, is convenient.” Historically Ethereum has fallen into a gray area, as SEC leadership under the previous administration suggested that Ethereum was “sufficiently decentralized” and therefore could not be defined as a “security.” And, as Fyre explains, the language in the SEC’s suit technically bears no legal weight, as the court is unlikely to weigh in on this specific case. Still, if the SEC succeeds in changing how the courts view the US’s jurisdiction, it would give the regulator unprecedented power over the Ethereum market, where the vast majority of NFT and DeFi activity takes place.
