Dr. Philipp Hacker is an AXA Postdoctoral Fellow at the law department of Humboldt University and a Research Fellow at both the Centre for Blockchain Technologies and the Centre for Law, Economics and Society at University College London. Previously, Mr. Hacker spent a year as a Max Weber Fellow at the European University Institute and a year as an A.SK Fellow at the WZB Berlin Social Science Center. In 2016, he started a new large-scale project on principles of digital-age economic regulation of AI and blockchain. He’s provided expert advice to the European Securities and Markets Authority (ESMA) on the regulation of initial coin offerings and blockchain technology and organized a number of conferences on the legal and political challenges posed by blockchain technology, initial coin offerings, and digital currencies and markets. Together with Ioannis Lianos, Stefan Eich and Georgios Dimitropoulos, he will soon release a volume entitled Regulating Blockchain: Techno-Social and Legal Challenges, forthcoming with Oxford University Press on August 1, 2019. Dr. Hacker received his LLM from Yale Law School in 2014.
How did you get involved in cryptocurrency and blockchain technologies, especially from an academic and/or legal perspective?
Through my academic work, I have always been interested in the interdisciplinary ramifications of the law, and how this impacts market structures. In my PhD thesis, I looked into how behavioral economics may change the way we think about market law. As that project drew to a close, in 2014, I stumbled upon some papers on law and technology that I found particularly interesting. I had always been intrigued by mathematical analysis, and hence started investigating machine learning and blockchain technology, both of which are firmly rooted in different branches of mathematics, and their respective impacts on the law. I had the feeling that both technologies could easily be used in socially useful but also in more problematic ways, and disentangling this conundrum from a regulatory perspective has remained a key thrust of my work.
What are you working on right now? What kind of day-to-day work do you do with respect to cryptocurrencies/blockchain technologies?
When it comes to blockchain and related technologies, I focus on a double-edged regulatory perspective: what kind of challenges do these technologies hold for the law and regulatory compliance, but how could they also be potentially used to make regulation more effective? I am lucky to be involved in a number of research initiatives in this context, at UCL and the University of Amsterdam, for example. From 2017 on, a key focus of my work has been to delineate to what extent blockchain applications need to comply with securities regulation. Many regulatory agencies came forward with guidelines or market warnings on ICOs, and it was truly thrilling to be, directly or indirectly, part of that process. For example, I consulted the European Securities and Markets Authority (ESMA) on the regulation of initial coin offerings and blockchain technology.
Regulatory compliance continues to be a key topic in my academic research today, partly because, when I talk to blockchain developers, this is an issue that causes pressing concerns for them. There is still so much regulatory uncertainty, particularly when looking at the differences between jurisdictions – what we would need is an international coordinated effort to clarify and stabilize the regulatory environment, perhaps even some type of minimum harmonization coupled with a “global passport” so that your decentralized project could comply with the requirements of one state and get access to the markets of other states without the need to redo the regulatory work for all these other jurisdictions again. But that is, of course, merely wishful thinking at the moment.
What was the impetus for co-editing your new book, Regulating Blockchain: Techno-Social and Legal Challenges (2019), and what’s your central thesis?
In 2015, I sat down with the co-editors of that volume (Ioannis Lianos, Georgios Dimitropoulos and Stefan Eich) to organize a conference in the realm of law and technology for the coming summer. We opted for a focus on cryptocurrencies. That effort quickly gained momentum, led to a research initiative at the Centre for Law, Economics and Society at UCL, to further conferences we organized, and finally to the edition of the book.
We had the feeling that, first, in methodological terms, we needed to bring together leading experts from both sides of the Atlantic to discuss the international phenomenon of cryptocurrencies across a number of jurisdictions, including a view to Asia. Second, this was a time during which not only the hype around blockchain technology took off, but there was also increasingly a talk about how this technology could free participants from the shackles of the state and old-fashioned law and lead to a peer-to-peer utopia transcending the law through code.
One key thesis of the book is that, while blockchain technology certainly facilitates transactions between diffused agents, it remains inescapably attached to, and to a certain extent dependent on, legal mechanisms. It is precisely in moments of crisis that the regulatory potential of the state reaffirms its necessity. We explore this through an interdisciplinary lens, blending insights from law, economics, technology, and history of economic thought. In this, we aim to show why blockchain matters for society, and why the law matters for blockchain.
I noticed you’ve organized a lot of conferences, workshops, and networks. What’s the motivation? How many people show up? What kind of feedback do you receive?
As part of the research initiatives on cryptocurrencies at UCL, we organized a number of conferences and workshops, and I later joined other international networks dealing with the legal and societal aspects of blockchain technology. On the one hand, in organizing conferences, we wanted to bring together players from different realms: academia, regulation, and the industry. This worked out very well, particularly because, when we organized the conferences in 2016 and 2017, there was an immense interest in those audiences to know more about the technology itself and to map out the legal implications.
So attendance was high, discussions were lively, and debates often revolved around the core questions we still grapple with today: what is the role of regulation in an international, decentralized setting; how can you even regulate these technologies; and should we not exempt peer-to-peer transactions from regulatory scrutiny, so as to facilitate a community of participants bound only by code? The answers to these questions continue to be debated, and I suspect that this discussion will gain even more momentum now with the announcement of Facebook’s LIBRA cryptocurrency. Our attempt to answer them, together with the views of many other academic contributors, can be found in the book “Regulating Blockchain” we just discussed.
Mind giving me a rundown of maybe 1-2 of your favorite talks?
When I talked to blockchain developers early on, I noticed that many of them were quite uncertain whether their projects, particularly when offered through an ICO, needed to abide by securities regulation. And rightly so: one of the things you clearly want to avoid in life is to be hit by a U.S. class action lawsuit. Now, that is precisely what happened to a number of initiators of ICOs, for alleged failure to comply with U.S. securities regulation. Similarly, heavy sanctions await developers who violate EU securities regulation. Therefore, Chris Thomale (whom, incidentally, I had met at the LLM program) and I propose a tripartite structure to differentiate between three different types of cryptocurrency tokens: currency tokens, investment tokens, and utility tokens.
First, there are currency tokens, whose main objective is to facilitate an exchange of value between members of the network. Bitcoin in its early days could be qualified as a currency token. LIBRA certainly will also exhibit aspects of a currency token.
Pure currency tokens, which have no other significant functionality, typically are not subject to securities regulation. The risks they engender are (mainly) currency transaction risks, and those are dealt with in payment services law, not in securities regulation. Second, investment tokens offer a future cash flow to holders of those tokens. “The DAO”, the project that quickly gathered around $ 150 million from investors and then lost about a third to an unknown hacker, had exactly such a structure, which is why it was investigated and found to be a security by the SEC. So far, so clear.
The third category, utility tokens, however, continue to engender significant regulatory uncertainty. We proposed that, if the token is meant to grant access to a certain decentralized service, without promising direct future cash flows, it should generally not qualify as security (even if it is the object of speculation and people may profit from reselling it after an appreciation in value). Such tokens are best regulated, we argue, through (crypto-)consumer law, not (crypto-)securities regulation, because they mainly exhibit functionality, not financial investment risks.
This distinction, which we published in an article, was later taken up by regulatory agencies such as the Swiss FINRA or the European ESMA. However, there continues to be significant legal uncertainty across different jurisdictions with respect to the treatment of utility tokens. Therefore, it is high time to progressively establish an international framework for the development and issue of these types of tokens. However, realistically, such a demarche is far from materializing. Therefore, developers need to reckon with and adapt to regulatory uncertainty.
Another regulatory front which concerns the feasibility of blockchain projects is privacy regulation. Generally, for privacy regulation to apply, personal data must be processed. Now, with blockchain technology enabling pseudonymous transactions, it is not perfectly clear whether and how data protection regimes map onto their services. As is well-known, the General Data Protection Regulation in the EU has introduced heavy sanctions for failing to comply with data protection rules. Therefore, it is of utmost importance for global crypto projects to comply with EU data protection law. In that context, we must distinguish between permissioned, private ledgers and permissionless, public blockchains.
Permissioned, private blockchains, which are run by one company or under the umbrella of one company (such as LIBRA), will mostly qualify as processing personal data. This is because the entity that runs the network will typically have access, at least indirectly, to identifying information: it can, if necessary, re-identify the members of the network because it holds, or has access to, the registration information. However, a similar logic increasingly applies to public ledgers (such as Bitcoin or Ethereum). Here, there is no single entity that authoritatively runs the blockchain or collects information.
However, public ledgers have come under increasing pressure from anti-money laundering rules: intermediaries that provide the on- and off-ramps to these networks (such as wallet providers or coin exchanges) are compelled to comply with KYC (Know Your Customer) rules. They have to collect identifying information when people open an account. This means that there is an entity that can theoretically re-identify many network participants, even if it is not a central authority that runs the network. However, under EU law, this generally suffices for data linked to these accounts to be considered personal. Therefore, even if only hashes and public keys are stored on the blockchain, this likely suffices to trigger EU data protection law.
The participants to the network therefore find themselves between a rock and a hard place: either, they refuse to collect identifying information at all, such as privacy-enhancing cryptocurrencies (monero, zcash) do. However, in that case, they risk running afoul of anti-money laundering regulation. Or, they comply with that regulation, but then risk violating data protection rules because the data qualifies as personal data, and cannot be easily erased from the blockchain anymore.
Today, there is a lot of technological development around aiming to provide fixes that enable blockchains to comply with the EU right to be forgotten. What remains unclear, however, is who, in the end, will be responsible for answering to these rights in a decentralized network. I have made some suggestions concerning that question by proposing a mandatory governance infrastructure for public blockchains, but a lot of both technological and legal research remains to be done in this field. This is what makes it both so challenging and exciting.
What’s your experience with the technology culture at Yale, and specifically the environment for studying or innovating in the areas of cryptocurrency and blockchain technologies?
When I did my LLM at Yale Law School in 2013/14, I was more involved with behavioral law and economics than with law and technology. However, after my graduation, I got more and more in touch with scholars from Yale’s Information Society Project, and was happy to be able to present one of my papers, co-authored with Bilyana Petkova, at a conference there.
With respect to blockchain technology, it helped me immensely to have taken classes on U.S. securities regulation and corporate law during my LLM. Generally, Yale has a vibrant community of technology law scholars who critically assess the current technological developments. For example, two of the three researchers I collaborated with for the research initiative on cryptocurrencies that led to the publication of Regulating Blockchain are Yale alumni, and the third colleague will join Yale Law School this year as a Research Scholar. Knowing one another through our time at Yale certainly made the project all the more exciting.