Welcome back to another week of What's Next, where we report on the intersection of law and technology. Today, we have a Q&A with Fenwick & West partner Michael Dicke about SEC enforcement of digital tokens. There's also a new report showing Tesla's autopilot can be undone by … stickers? We also talk with Hogan Lovells' Logan Breed about the FTC's new Big Tech task force. All of that and more below.

Fenwick & West partner Michael Dicke.

When is a digital token a security? It has the ring of modern haiku, but it's a serious question to securities lawyers operating on the cutting edge of the crypto-world. What's Next caught up with Fenwick & West partner Michael Dicke, the former enforcement chief of the San Francisco regional SEC office, to tackle the question. What follows is an edited transcript of our exchange.

Are we any closer today to knowing when the SEC sees an ICO as a security offering than we were a year or two ago?

Yes. We now know that the SEC usually will view digital assets designed to raise funds to be used by a central management team in building a new venture as securities offerings. In other words, if you selling a token or digital assert to raise funds to develop or build something, you are likely engaged in a securities offering. Accordingly, ventures that are raising funds in this fashion are being counseled to do token offerings as securities offerings, under applicable exemptions from registration such as Reg D (to accredited investors in the U.S.) or Reg S (to overseas investors). Of course, it is crucial that the strictures of such exemptions are met, and that proper records are kept to prove that the offering met each of the requirements of Reg D or Reg S.

As the SEC enforcement division works through its backlog of investigations relating to the 2017 and early 2018 ICOs, I think we will begin to see less new actions involving token issuances and more focus on other areas involving digital assets. [That] likely will include cases involving cryptocurrency exchanges, registered broker-dealers trading security tokens, funds holding digital assets, and derivative instruments whose value is tied to the price of particular digital assets. Questions the SEC likely will be grappling with include: What standards do independent auditors apply to audits of broker-dealers which trade digital assets that qualify as securities? What constitutes market manipulation of digital asset markets? How should fund managers value and report their holdings to investors, given the volatility and opaqueness of cryptocurrency markets? All of these questions are likely to be presented in the next wave of SEC enforcement investigations.

How much of what the industry knows comes from public statements and guidance, and how much comes from the agency's enforcement actions and positions the SEC has taken in litigation?

What we collectively know about the SEC's views on token issuances and related cryptocurrency issues comes from a combination of enforcement actions, public statements of SEC officials, and what defense lawyers and others have learned from one-on-one discussions with SEC officials. This later source is often overlooked but in some ways offers the most up-to-date insights about the agency's views on particular emerging issues in this space.

Of course, what's missing from this list is SEC rule-making. Many in the cryptocurrency industry have been clamoring for the SEC to pass specific rules to address when a particular token offering constitutes a securities offering, as well as rules governing secondary market sales of tokens, ETFs, and related issues. I'm not surprised, however, that the SEC has failed to take steps to enact new rules in this space. The rule-making process is terribly slow and deliberate. With the rapid evolution of the crypto space, the rule-making process risks being overtaken by new developments in the industry.

While I understand the frustration of the lack of clear rules in this space, I think that those wishing for specific SEC rules would likely be disappointed. The SEC inherently is a conservative organization and is uncomfortable making bold changes. And when it comes to investments offered to “main street” investors (to borrow Chairman Clayton's phrasing), the SEC always is going to err on the side of investor protection. Think back 5 or 6 years ago when there was a clamor for crowdfunding rules. The SEC's response, Regulation Crowdfunding, is so restrictive and modest that few entrepreneurs have raised meaningful capital under its provisions. I don't think anyone in the digital asset space wants to wait years for the SEC to write rules that end up stifling, instead of enhancing, the burgeoning cryptocurrency industry.

So that essentially means that the courts and the SEC will continue to apply the “Howey test” to determine whether there's an underlying “investment contract” in a token offering. How do you explain what the Howey test is, and what to look out for in it, to clients in the crypto space?

When talking about straightforward token issuances, like we saw with the ICOs in 2017 and 2018, here's how I explain to clients what likely will run afoul of the Howey test and result in the client's offering being at risk of being seen by the SEC as a securities offering: if you are offering to sell a digital asset such as a token (or a right to a future token) for value (e.g. money or Bitcoin), and you plan to use the funds raised to build the enterprise which will make that token functional or more valuable, then you likely are engaging in securities offering.

Similarly, as the SEC has emphasized, if you are marketing the sale of the digital asset to potential purchasers as something which should increase in value due to the efforts of a centralized group of people (e.g. the management of the enterprise), you likely are engaged in a securities offering.

It's worth noting that there is another court-developed test for determining whether a particular instrument is a security, and that's the Reves “family resemblance” test. While this test hasn't been applied to digital assets yet, the SEC or courts could look to Reves in addition to the Howey test, in certain instances. The four-part Reves test is used to determine when a note should be classified as a security. For particular cryptocurrency projects, such as certain varieties of stablecoins, there is an argument that the instrument sold could constitute a note. So for such instruments, it is possible that the SEC and courts will look to the Reves test in addition to Howey to determine if the instrument is a security.

When it's all said-and-done, does the question of whether a particular token offering could be construed as a sale of securities come down to the facts and circumstances of a particular case? How so?

It does, although as noted earlier, the developing body of SEC actions and pronouncements have provided important guidance. Frankly, the need to delve into the specific facts and economic realities of a particular instrument or particular transaction to determine if the federal securities laws are implicated is not unique to the digital asset space. Whenever there is an issue about whether a particular instrument is a security, you need to analyze the particular facts against the applicable caselaw.

Are you seeing an uptick in private litigation involving token issuances, and what are the principal issues you're seeing in those suits? 

Most definitely. I am representing, or in discussions to represent, a broad array of participants in the digital asset space in disparate litigation matters. These matters run the gamut, from allegations of unregistered securities offerings and fraud in ICOs (on both the plaintiff and defense side), to breaches of agreements between digital asset issuers and consultants hired to market the offerings, to alleged cybersecurity failures which allowed investors' digital assets to be stolen. Moreover, we have seen this past year the traditional securities class action plaintiffs' firms filing class actions against ICO issuers. I would expect to see all these types of cases proliferate, and would also expect to see more intellectual property disputes ripen to litigation.

Every new innovative technology inevitably spawns disputes among the participants which find their way into the courts. Not surprisingly, then, we are seeing an array of disputes ripening into litigation across different segments of the cryptocurrency industry, and that will continue.

—Ross Todd

Dose of Dystopia

Driverless cars are supposed to make the roads safer—so much so that some are predicting the death of auto insurance as we know it. Machines, of course, are not infallible. But, you would think it would take more than, say, a few strategically placed stickers to throw them off.

As Ars Technica reports, security researchers in a division of Chinese multinational company Tencent were able to show how they could get a Tesla to veer into oncoming traffic using stickers that made the car's automated process think a lane was shifting. You can see some pictures in the lengthy paperpublished by Tencent's Keen Security Lab. It certainly seems that a driver would be unlikely to see the stickers, and thus be unprepared for what was about to happen.

Tesla autopilot module's lane recognition function has a good robustness in an ordinary external environment (no strong light, rain, snow, sand and dust interference), but it still doesn't handle the situation correctly in our test scenario.This kind of attack is simple to deploy, and the materials are easy to obtain.

The exploit was tested on the Tesla Model S 75. Tesla, in response, said it fixed another vulnerability identified by the researchers that would allow “contact-less” remote control of the steering back in 2017. And it was dismissive of the other exploits, saying they were “not a realistic concern given that a driver can easily override Autopilot at any time.”

“Can,” but will they—and in time? These are scary possibilities, especially as someone who putzes around on the Tesla-infested roadways of Silicon Valley. And these discoveries always brings me back to the question, Is the law equipped for this? Who has to pay when someone gets hurt (or worse) because a technically savvy trick works? Maybe fighting about that in the courts will be enough to keep the auto insurers in business for a few more years to come.

—Ben Hancock

On the World Stage

When I talk to an attorney for the first time about legal technology, the knee-jerk reaction tends to be either “oh, like Lexis/Westlaw?” or “oh, like e-discovery?” And for U.S. attorneys, that reaction may have a kernel of truth. But recently, the legal tech ecosystem has grown to be a lot more than a New York or Silicon Valley-centric market, with new ideas popping up in places you might not expect.

Take a look at what's happening in Australia. The e-discovery market there may just be beginning, especially in the wake of 2017's McConnell Dowell v. Santam decision granting the use of technology-assisted review. But that hasn't stopped start-ups from popping up in areas including intelligent contract management, analytics applications and more. And although navigating time zones may be a tricky proposition for those Down Under, there are benefits to being in an up-coming market.

Neota Logic's Julian Uebergang, for instance, told Legaltech News that thanks to new programs at Melbourne University and other law schools, technology is quickly becoming part of the country's core law curriculum. Plus, cross-functional skills are “from a law firm perspective, especially here in Australia, really in demand. So students that have got experience in multiple disciplines or have had experience in a start-up business, from a recruitment perspective that's what law firms and corporate legal departments are looking for.”

This type of experience is also quickly becoming necessary in Brazil, where uncertainty surrounding the country's General Data Privacy Law (LGPD) is driving an increased focus on privacy-oriented tech solutions. Among other things, the LGPD requires any foreign entity operating in Brazil or offering services to Brazilian consumers to get consent before collecting personal information, and mandates they meet certain transparency and data protection standards. That means a GDPR-like rush to shore up systems in a way that Brazilian attorneys haven't had to deal with before.

David Shonka, a partner with Redgrave LLP, told LTN that technology will be integral to these types of compliance efforts in Brazil or elsewhere, citing information requests that flow from things M&A work or cross-border fraud cases. He also thinks that tools that can help shuttle information in between languages as it passes back and forth across borders will play a role in the e-discovery process. As he deftly explains: “In a global economy, anything is in play.”

—Zach Warren

A Day of Reckoning for Tech Giants? Here's Another View:

Last month, we told you about how some antitrust lawyers are skeptical of a new U.S. Federal Trade Commission task force announced to monitor antitrust issues in Big Tech. Well, Hogan Lovells' Logan Breed has a different take.

Breed, a partner in the firm's Washington, D.C., regulatory group, said the task force is likely to tie up hours of inside and outside counsels' time with investigations of past and future deals. That's despite there being a small likelihood of the FTC going to court to unwind old deals (IE: Facebook's 2012 acquisition of Instagram.)

“I know the leadership at the agency is committed to making this a substantive working team that is going to be tasked with a broad range of potential issues they could pursue,” Breed said.

Breed attended the American Bar Association's annual spring meeting last week in Washington, D.C., where the FTC commissioners and the director of the Bureau of Competition talked about the types of issues they envision the task force addressing. All of them indicated they believe the task force could take on backward-looking reviews of consummated mergers, unilaterally conduct investigations involving the acquisition or maintenance of monopoly power, and investigate new mergers.

Breed said that's an indication of what FTC leadership believes the task force can accomplish.

“I would expect that tech companies will be on notice that their conduct, and possibly their past mergers and future mergers will be under more scrutiny because of this task force than they were before,” Breed said, adding that companies called to the carpet might have to endure multiyear probes.

Short of a court challenge, the task force could also make an impact “if the task force would come up with new theories of harm, new ways to apply antitrust laws in the tech industry, or something else that expands the issues the FTC plans to address in the future,” Breed said.

That's it for this week. we will be back next week with more What's Next.