Monday, October 31, 2022

The PayPal misinformation wars

If you ever glance through the acceptable use policies or terms of service of consumer-facing payments company like PayPal or GoFundMe, you'll see that they have incredibly long and stifling lists of prohibited activities. Why would these companies willingly turn away legitimate business? 

There are a bunch of reasons, but here are three important ones:

1) Some customers are a nuissance. Their businesses may suffer from high rates of payments fraud and/or frequent chargebacks, which means that it may not be to expensive for a payments company to connect them.  
2) The products that some businesses sell are semi-legal (i.e. marijuana) or potentially illegal (libelous publications), and so it's too risky to connect them.
3) Some businesses engage in activity that is legal but potentially controversial (like white supremacist lit or sex toys). The payments company that connects them could look bad, which means potentially losing customers, shareholders, or employees.

This is a pretty sensible set of reasons for prohibiting certain activities from your payments platform. However, if you're a businesses that has been barred by a processor, you'll certainly be upset, and understandably so. Payments are vital to any enterprise. Having as many competitors to choose from is important. To boot, being suddenly cut off is a pain; you'll need to scramble for an alternative.

When a payments firm enacts a new prohibition on a certain type of businesses, this in turn feeds into the political arena. In return for votes and funding, political actors offer support to particular companies and business lobbies. When their constituents are suddenly prevented from accessing a certain payments platform, these political agents loudly broadcast their displeasure. And so the acceptable use policies of companies like PayPal have become incredibly politicized documents. Progressives bellow when sex workers are cut off from PayPal. Republicans howl when firearms are disallowed.  

Case in point was the massive push back against PayPal which earlier this month updated its acceptable use policy to prohibit "misinformation." I've screenshotted the update below, with the changes being entirely confined to section 5. PayPal already fines customers $2,500 for engaging in prohibited activities such as selling cigarettes, hate literature, and items that are considered obscene. With this new update, PayPal would now be prohibiting anyone from using its platform to engage in fake news and would extend its existing $2,500 fine to infringers. [An archived copy of the policy update is available here.]

PayPal's updated acceptable use policy, since rescinded. The changes are all in section 5.

PayPal executives probably had good business reasons for wanting to prohibit misinformation from their platform. Last month conspiracy theorist Alex Jones was ordered by a judge to pay almost a billion dollars to his victims for fabricating fake news about them. With numbers as big as that being bandied around, lawyers at payments company have to be wary that they too could be pursued by the victims of misinformation for facilitating the disinformation attacks of their customers.

Not only that, but associating with a bad actor like Alex Jones could hurt the reputations of consumer-facing payments companies, leading to customers bolting.

Long story short, the legal, financial, and reputational risks of having fake news artists as customers are just too high for mainstream firm like PayPal, and thus the prohibition on misinformation was introduced into its acceptable use policy page.

But acceptable usage policies have become politicized, and so PayPal's move led to all sorts of outrage. Republicans were furious. Senators Bill Hagerty, Cynthia Lummis, Pat Toomey, and others expressing their "deep concern" in a letter to PayPal, subsequently broadcast across social media. A big chunk of the internet's many misinformation artists are their misinformation artists, after all, and need to be protected. 

Meanwhile, commentators like Glen Greenwald were upset by what they see as a PayPal attempt at "punishing dissidents in the West through exclusion from the financial system." Which I don't think is the right way to process the event. PayPal is a business. It doesn't refuse to serve a certain set of customers because of an ideology requiring it to punish "dissent from neoliberal orthodoxies." PayPal chooses to stop serving clients because it believes that this would reduce its income, adjusted for risk. While some "dissenters" are too risky for PayPal to serve, many dissenters aren'tand probably make for fine customers.

Greenwald's reliance on the word "banishment" also betrays a misunderstanding of how payments work. PayPal is a low-risk payments processor, not a high-risk one. There are other payments companies that do specialize in serving a riskier clientele. These firms will compete to reconnect the fake news sites that PayPal has decided to offboard. In short, there is no such thing as payments banishment.

In response to the push back, PayPal said that it would not be adding the misinformation clause to its acceptable use policy after all. (It actually said that the update was an error, but that sounds unlikely.)

And again, you can see why it made a business decision to change its tune. The move had made some of its existing rule-abiding customers unhappy, and they threatened to close their acconts. PayPal wants to drop bad customers, but not at the expense of losing the good ones.

This is interesting because it shows how a business decision gets ingested by the political machine, the resulting output being fed back into PayPal's business decision making process, leading to a 180 degree turn.

Nor did things end there. With acceptable use policies having become a key political battleground, and politics loves controversy, the fake news mill – the very targets of PayPal's misinformation clause – kicked into high gear. Across the internet, articles began to pop up alleging that PayPal's rescinded misinformation clause and associated $2500 penalty had been stealthily "added back into the terms of service with equally ambiguous language," as one article put it.

One of many articles wrongly claiming that PayPal sneakily re-updated its policy

A quick check of PayPal's acceptable use policy in the WayBack Machine shows that these claims aren't factual. Agree or not with the $2500 fine, it wasn't added back after "criticism on social media died down." The fine has been there since it was tacked on by PayPal back in September 2021.

The article also alleges that the misinformation clause has reappeared in the form of a prohibition on intolerance. But the intolerance clause has been there since 2018. Never mind that it's an error to equate a prohibition on intolerance with a prohibition on misinformation. They're just not the same thing.

The fake facts continued to pile up. PayPal has a long-existing rule against lying about account details like your name and age. A second article erroneously tries to claim that this longstanding rule is a new one, more specifically that it is the "misinformation" clause sneakily reintroduced back into PayPal's list of acceptable uses. It's a silly argument that I rebutted more fully on Twitter.

So no, the controversial rescinded misinformation clause has not been quietly added back to PayPal's acceptable use policy. But the facts don't necessarily matter. This wave of fake news successfully fed back into the political arena, with folks like Republican representative Tom Emmer seizing on them to air his worries that PayPal is being "weaponized to control speech." There are existing users of PayPal, the ones that PayPal would like to keep, who will listen to Emmer and close their accounts.

The whole series of events illustrates how complicated it is for a company to modify its terms of services.

Firms want to boost their profits, which means establishing policies to reach a certain type of desirable client while excluding other types of clients that don't fall within their targeted market. But firms also need to try and calculate how their proposed changes will be digested in the political arena, and how the resulting outrage feeds back into the decisions of their desirable clients, who might choose to leave.

And firms must also consider the third degree of complexity: how the political controversy over their  policy changes gets respun by fake news sites, the resulting sausage being imported back to the political arena for additional consumption, more outrage, and (potentially) more client departures. It's a difficult nut to crack. I wouldn't want to be PayPal, or its lawyers, the next time it comes time to update its acceptable use policy.

Thursday, October 13, 2022

Stablecoins, meet 3% interest rates

The global rise in interest rates is finally beginning to percolate into the stablecoin sector. One of the effects of this rise is that centralized stablecoins like USD Coin and Gemini Dollar, which by default pay 0% to holders, are introducing backdoor routes for paying interest to large customers. (See my tweets here and here).

In the case of USD Coin, Coinbase refers to interest as a "reward." Gemini calls it a "marketing incentive." But less face it: they're really just interest payments.

The links I provide are the only public evidence of stablecoins doling out interest, but you can be sure that behind closed doors, large issuers like Circle/Coinbase, Gemini, and others are offering their largest customers -- in particular exchanges like Binance and Kraken -- the same deals.

Stablecoin issuers are offering interest to select customers because of the inexorable pressure of competition. After hovering near 0% for much of the last decade (see chart above), interest rates have ramped up to 3% in just a few months. Issuers hold assets to back the stablecoins that they've put into circulation, and now these previously barren assets are yielding 3%. That means a literal payday for these issuers. In the first quarter of 2022, for instance, Circle (the issuer of USD Coin) collected $19 million in interest income after making just $7 million the quarter before. In the second quarter of 2022, interest income jumped to $81 million. I suspect the third quarter tally will come in well above $150 million.

However, if they don't share at least some of this juicy reward, issuers risk having their customers flee to alternatives that do offer interest, like Treasury bills or corporate deposit accounts. And then the amount of stablecoins in circulation will shrink, eating into issuers' revenues.

And thus, we get to a world where Gemini is promising incentives and Coinbase rewards.

Alas, while large stablecoin holders may be benefiting from this trend, small holders of stablecoins are being ignored. They don't get to share in these sweet flows of interest income. Even folks with old-school U.S. savings accounts are being paid 0.17%!

Small stablecoin holders need to unite. By working together through a StablecoinDAO, their bargaining power vis-a-vis the big stablecoin issuers improves. They may be able to negotiate the same interest payments from Circle and other issuers that large stablecoin customers are getting.

For a good example of strength in numbers, take a look at the phenomenon of high-interest savings ETFs in Canada. Corporate customers of Canadian banks get far better interest rates on chequing deposits than retail customers do. A high-interest savings ETF manager bridges this divide. They collect money from retail customers, invest the proceeds in banks at the corporate rate, and then share the superior return with thousands of retail ETF unit holders.

A StablecoinDAO would work along the same lines as a high-interest savings ETF. People would deposit their stablecoins -- USD Coin, Gemini Dollar, Binance USD, USDP, Tether, Dai -- into a smart contract. In return they'd get a new stablecoin called, say, UniteUSD, which would be redeemable on demand into any of the DAO's underlying stablecoins. UniteUSD itself would be useful. It could be used for purchases, deposited into smart contracts, or traded on decentralized exchanges and whatnot.

StablecoinDAO would have the authority to swap one underlying stablecoin out with a new one. That potential threat would give the DAO the necessary leverage to negotiate interest payments. "Hey Circle, if you don't pay us 1% then we're going to shift the DAO's holdings over to Binance USD, your competitor." As a nuclear option, the DAO could threaten to buy short-term government debt.

The interest that the DAO receives would be funneled back to UniteUSD holders. 

In sum, that's how interest rates finally filter through to small stablecoin owners.

A few random afterthoughts about stablecoins and interest payments, in no particular order:

* A version of StablecoinDAO may already exist... in the form of MakerDAO, a decentralized-ish bank that issues Dai stablecoins. Think of MakerDAO as an organizing device for small stablecoin customers to extract interest from stablecoin issuers. These small holders deposit their stablecoins (USD Coin, USDP, etc) into MakerDAO smart contracts and receive Dai stablecoins in return, which are convertible to any of these underlying stablecoins on a 1:1 basis. MakerDAO negotiates with issuers for interest payments, sluicing this interest back to Dai owners.

* Some tricky regulatory issues arise when retail customers are promised a return. If StablecoinDAO were to pay interest on UniteUSD, then UniteUSD might be deemed to be a security, and thus StablecoinDAO would have to register with a securities agency. This could doom StablecoinDAO, or at least make things very difficult for it. (Remember, when PayPal used to pay interest to customers? It did through an SEC-registered money market mutual fund.)

* StablecoinDAO would become a stablecoin black hole: all other stablecoins would quickly get sucked up into it. Why? In a world where USD Coin and USDP can only pay 0% to small stablecoin holders, but depositing said coins into StablecoinDAO means earning 2%, then every small holder will deposit their funds into StablecoinDAO. The DAO would inhale the big stablecoins -- USD Coin, Binance USD, Tether, etc -- right out of circulation, leaving UniteUSD as the dominant stablecoin.

* As competition forces large issuers to share the interest they earn, this will have implications for the finances of those very issuers. Circle, the issuer of USD Coin, envisions being profitable in 2023, as the table below illustrates:

Source: Circle Q2 2022 financials [link]

A big part of Circle's estimates are based on higher flows of interest from the assets that it holds to back USD Coin. What this table isn't accounting for is the concurrent pressure to share interest income with USD Coin holders, both large and small ones, which threatens Circle's 2023 projections.

Sunday, October 9, 2022

How to stop illegal activity on Tornado Cash (without using sanctions)

List of sanctioned Tornado Cash addresses, via OFAC

[This is a republication of my latest piece from CoinDesk.]

How to Stop Illegal Activity on Tornado Cash (Without Using Sanctions)
Rather than sanctioning code, U.S. authorities should have targeted the human intermediaries.  

Did the U.S. government have better tools at its disposal to counter the crimes on Tornado Cash than the one it eventually used? Could it have avoided the blunt instrument of sanctions, which are normally aimed at individuals rather than code?

In August, decentralized obfuscation tool Tornado Cash (a currency “mixer”) was designated by U.S. authorities as a sanctioned entity. In the years prior Tornado had become the default platform for blockchain users – both licit and illicit – for privacy in transactions.

Users deposit their ether(ETH) into any of Tornado’s 0.1, 1, 10 or 100 ETH pools, then wait for a period of time to withdraw it. Thanks to this collaborative placing of ether into the same pot, which disguises its origins, and Tornado's innovative use of zero-knowledge proofs the trail is broken.

The crypto community was furious with the U.S. government. The need for privacy is especially pressing on blockchains because all transactions are viewable by the public. Without Tornado to mix funds, achieving blockchain privacy becomes much more complicated.

Sanctions or not, it's hard to deny that the authorities had to do something about Tornado-based money laundering. Tremendous amounts of dirty money were being cleaned by the mixer, including big batches of funds stolen during the $182 million Beanstalk hack, the $196 million BitMart exploit and the $34 million compromise of, just to name a few.

To make matters worse, in April 2022 North Korean state-sponsored hacker group Lazarus began to use Tornado to launder the proceeds of its massive $625 million hack of the Ronin Bridge. Lazarus was sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) in 2019.

OFAC is the U.S. federal government agency responsible for enforcing economic sanctions programs against countries and groups of individuals. Its targets include terrorists, narcotics traffickers and money launderers, among others.

Although the U.S. government’s response to Tornado Cash could have taken many forms, the one it ultimately chose was to sanction Tornado Cash itself. On Aug. 8, Tornado was listed by OFAC as a Specially Designated National, or SDN, along with all of the smart contracts that drive the tool’s functionality. It is illegal for U.S. citizens to interact with SDNs, so in that very instant Tornado Cash’s Ethereum-based smart contracts became off-limits for Americans.

The pushback to the U.S. government’s decision arrived immediately. According to the Electronic Frontier Foundation (EFF), a nonprofit that promotes internet civil liberties, Tornado Cash smart contracts are code. By sanctioning code the authorities are treading on constitutionally protected freedom of speech.

Coin Center, a Washington, D.C., nonprofit that advocates for decentralized computing technologies, argued that OFAC had overstepped its authority. According to its rules, OFAC can only target entities that are individuals or companies. But Tornado Cash smart contracts are neither; they cannot alter their behavior, nor lodge an appeal with OFAC to have the sanctions revoked, a key element in any sanctioning process.

If OFAC can designate Tornado Cash to be an SDN, the implication is that it can add other defenseless open-source software tools, too – hardly a great precedent.

Don’t penalize code, penalize users of code.

The criticisms aired by EFF and Coin Center are serious ones. Let's imagine the U.S. government had a chance to do things over. Rather than sanctioning Tornado Cash smart contracts, did the government have alternative tools available for countering Tornado-based money laundering, tools that avoided triggering these criticisms?

Yes. Rather than punishing code, penalize the people who use the code. There are three types of Tornado Cash users who could be targeted by the authorities: relayers, liquidity providers and the Ethereum-rich.

Let’s start with relayers, the people who add a key layer of privacy to Tornado Cash by processing withdrawals.

Relayers solve the following problem. If someone wants to remove mixed funds from Tornado to a new wallet address, he or she needs to pay a gas fee for the withdrawal, and so the new wallet must have some funds on it. But prefunding may compromise anonymity because this transaction can be traced.

Tornado Cash creators solved the prefunding problem by introducing third-party relayers who pay the necessary gas fees, sending on the user's withdrawal to the new address. These relayers collect a service charge for their efforts.

Highlighting the importance of relayers, over 75% of all Tornado Cash withdrawals are made with their intermediation.

In addition to going after relayers, the authorities could target liquidity providers.

Liquidity providers are people who use Tornado Cash to earn a profit. They deposit ether into various Tornado pools in order to receive anonymity points, which in turn can be sold for TORN, Tornado's native token.

After this points-based incentive scheme was introduced in late 2020, the quantity of ether deposited into Tornado's mixing pools began to grow exponentially. These deposits, often referred to as the tool's anonymity set, improved Tornado’s ability to anonymize funds. The deeper the anonymity set, the easier it is for users to hide.

Law enforcement could investigate relayers and liquidity providers and charge them with money laundering, a criminal offense. The case can be made that by indiscriminately forwarding mixed ether, relayers conduct transactions involving criminally derived funds. As for liquidity providers, they profit financially by widening Tornado’s anonymity set, which abets criminals in their efforts to hide their financial trails.

Because blockchains are transparent, it’s likely that relayers and liquidity providers would have been aware that criminals and SDNs were using Tornado Cash. Thus they knowingly offered their services.

Along with a money laundering offense, federal prosecutors could potentially indict relayers and liquidity providers for using Tornado Cash to provide money transmission services to those without such a license.

Alternatively, relayers and liquidity providers could be sanctioned, fined or charged by OFAC.

Relayers and liquidity providers are individuals, not code. And so arresting or sanctioning them wouldn't trigger the code-is-speech criticism raised by EFF. And since these users have agency, they can defend themselves against their accusations, addressing Coin Center’s concerns.

At the same time, by targeting relayers and liquidity providers the U.S. government would achieve its goal of reducing Tornado-based money laundering. A successful prohibition of relayers would have made it easier to link depositors with withdrawn funds, thereby making Tornado Cash less able to hide criminally-derived funds.

Targeting liquidity providers would reduce Tornado Cash’s anonymity set, the effect being to reduce criminals’ capacity to launder funds through it.

If pursuing liquidity providers and relayers doesn’t crimp Tornado-based money laundering, the authorities could have gone after the Ethereum-rich: large licit owners of ether who regularly interact with Tornado Cash’s 100 ETH pool to get privacy.

The authorities have a number of tools to target the Ethereum-rich, but one of the best tools would be OFAC’s civil monetary sanctions.

U.S. citizens who regularly make large deposits to Tornado Cash’s 100 ETH pool could be named by OFAC and fined a suitably large amount of money. OFAC could argue that by putting their ether into the 100 ETH pool at the same time as Lazarus Group, the Ethereum-rich enabled the laundering of Lazarus’ funds and thus ran afoul of OFAC’s 2019 sanctions on the group.

OFAC civil monetary sanctions have been used before on crypto users. BitPay, a bitcoin payment service provider, had to pay a $500,000 fine for allowing individuals in sanctioned locations like North Korea, Sudan, Iran and Syria to transact.

Since civil fines are levied on Tornado users, and not the code, the concerns raised by EFF and Coin Center are addressed. And fined individuals would be free to appeal their punishment.

By signaling to the public that depositing funds into Tornado Cash is prohibited, the fines would encourage the Ethereum-rich to avoid Tornado. Tornado's anonymity set would get smaller, making the tool less capable of cleaning large transactions from SDNs and thieves.

A recipe for dealing with future smart contract crime

Like them or not, OFAC's sanctions appear to have worked, up to a point.

In an effort to avoid penalties, the public has mostly stopped using Tornado smart contracts. The amount of ether in Tornado Cash pools has plunged by 61% from 225,000 to just 89,000. As a result, Tornado-facilitated money laundering has taken a hit. The mixer wasn’t even used to launder the proceeds of the $160 million Wintermute exploit, the biggest hack since the Aug. 8 sanctions.

This same result could have been achieved by targeting the users of the code, like relayers, rather than the code itself. It would have taken the authorities more time and effort. But many of the thorny criticisms that a direct outlawing of code are now attracting would have been sidestepped.

It's too late now for Tornado Cash. But the next time a set of smart contracts gets mobbed by bad actors, the U.S. government needn’t put a blanket ban on code. It has a more nuanced, user-centric approach at its disposal.