Foster open innovation, job creation, privacy and financial freedom through sensitive regulation of crypto technologies.
// SIGN THE LETTER BY CLICKING THIS LINK // SIGN THE LETTER BY CLICKING THIS LINK // SIGN THE LETTER BY CLICKING THIS LINK // SIGN THE LETTER BY CLICKING THIS LINK //
https://zgda3e5kgj0.typeform.com/to/Vz9SOJ0w
Dear ...,
the >2,000 signatories of this letter represent a significant part of the web3 community. We gathered some of the leading innovators, companies and projects behind this initiative.
We are sharing an open letter with you, our democratically elected representatives. We’d like to create a forum for an open, continuous and productive dialogue around the upcoming Markets in Crypto Assets and Transfer of Funds (MiCA, TFR) and other regulations targeting digital assets and their underpinning technologies.
We are aware that most European policymakers did not have any interactions with our community or if so - mostly negative ones. The signatories of this letter are condemning the partially provocative, threatening and misplaced comments of some individuals on social media. Our intention is to start a humane and respectful interaction around the topics we deeply care about.
We acknowledge the efforts already undertaken up until this point. Our community is 100% aligned with the goal of turning Europe into a frontrunner of web3 innovation to attract talent and capital. We appreciate the intentions and goals behind the MiCa framework. Our industry and techno-social movement needs clear regulations and consumer protection to flourish. We share the desire to limit technical failures, financial fraud and other criminal activities while protecting civil liberties and data sovereignty of EU citizens. Crypto is a frontier technology at the vanguard of the global innovation curve and we share your ambitions to turn Europe into a crypto powerhouse to attract world class talent and capital.
Before discussing the vast potential of crypto technologies (A.), clarifying common misconceptions (B.) and suggesting alternative policies (C.) more granularly, we’d like to summarize our core suggestions for a more balanced regulatory approach around MiCa and TFR:
Mica, TFR: An open letter to EU representatives v0.2 1
1. Open source, programmatic money 3
2. Internet native, transparent and programmatic financial services 4
3. A user owned economy of virtual goods (Metaverse) and services is enabling a more equitable distribution of wealth. 4
4. De-Monopolisation of the Tech Industry 4
B. Clarifying common misconceptions 5
1. Noncustodial (’unhosted’) wallets reduce cyber risks, break open monopolies and are essential to use blockchain based applications - financial or others 5
2. Software protocols are not necessarily companies and should not be treated as such by default 6
3. Internet native organizations which are not pure protocols should be regulated under a specialized framework (DAO LLC) 7
4. Crypto networks are an exceptionally weak tool for obfuscation and money laundering because of their transparency 7
5. Bitcoin’s ‘proof of work mining’ does not threaten the planet - banning it would be an unreasonable discrimination by technology. 7
C. The shortcomings of Mica / TFR regulations and improvement proposals 9
1. The threat of crypto enabled financial crime is insignificant relative to the conventional financial system. Current rules concerning fiat on- and off-ramps are sufficient. 9
2. The broad and unclear definition of CASPs (which is even broader than the definition of VASPs under the original FATF guideline) has grave implications to decentralized economy. 10
3. The public disclosure of all transactions and digital wallets violates privacy and security for EU citizens. It’s undermining self sovereign data ownership and data portability especially in in non-financial contexts. 10
4. Applying the travel rule to transactions between a CASP (crypto asset service providers) and a non-CASP (’unhosted wallets’) should be treated like a cash transaction. 11
5. Requirements for a legal entity organization is equivalent to a ban of decentralized technologies violating freedom of expression. 12
6. Reporting of all transactions > 1,000 EUR will discriminate against crypto holders compared to fiat holders. 12
7. Overly restrictive regulation undermines Europe’s competitiveness with regard to financial and internet innovation. 13
Globally, regulators are weighing the trade-offs between a laissez-faire approach towards crypto market regulation and strict surveillance regimes not unlike those currently underpinning conventional financial markets. In this vein, we appreciate regulators’ intentions to provide a clear set of rules for ecosystem participants while protecting consumers. Still in its early infancy, the crypto economy suffers from periods of fraud and cybersecurity risk – often lacking best practices and standards such as consistent smart contract audits or liability coverage. By and large those same risks plague traditional capital markets yet causally they are mostly tied to crypto’s infancy. As the crypto economy grows it will enable much higher degrees of transparency and security over financial interactions at scale – and at a higher rate of fidelity than legacy technologies ever could.
Therefore, we perceive overtures of heavy-handed regulation (often discriminating by technology) as an existential risk poised to throttle innovation.
Bitcoin provides humanity with a new monetary standard. A money that is equally accessible to anyone with an internet connection. It includes the unbanked living in emerging economies as well as those who lost access to their financial system, such as Ukranian refugees. It is politically neutral, rule based and transparent - no government or group of people can manipulate its monetary policy, it’s not tied to any country. It is a natively global and digital currency, and has been so since day one. It might be an innovation that is comparable to the scope of the internet. Limiting EU citizens’ ability to hold BTC or interact with the Bitcoin network would contradict the very ideas that the European Union has been founded upon - democracy and civil liberties like the freedom of expression.
Based on many of the same principles and technologies, an internet-native financial system is emerging (Decentralised Finance, Defi). Through a set of software protocols - not companies - it enables a vast range of programmatic financial services like the exchange or lending of digital assets for example. The inner mechanics of every kind of financial service are published on the ledger through computer programs called smart contracts - transparent and verifiable for every user. Smart contracts are composable and can be linked to one another enabling a lego box for financial innovation. This is a 100x improvement relative to the opacity and inefficiency of today’s financial services landscape. The defi category is still in its infancy but already processes hundreds of billions of dollars per month.
User owned, flourishing marketplaces for virtual land, programmatic art, collectibles or music represented in non fungible tokens (NFTs) are proliferating at a rapid clip. This has also fostered the creation of internet native decentralized autonomous organizations (DAOs) which follow a set of predefined rules encoded in protocols.They are not companies but software. This vision of the Metaverse was first articulated in the science fiction novels of the 80s and 90s but required the advent of digital scarcity (pioneered by Bitcoin) to truly manifest. Like Defi, these concepts are still in their infancy but we expect the metaverse economy to turn into a multi trillion dollar phenomenon within the next decade.
Some profound implications of the public infrastructure described above are the principles of open data and data portability. The ability to store and encrypt any type of data on public ledgers dramatically changes the dynamics of data ownership and sovereignty. Users cannot be kept hostage by intermediaries anymore, which can break data network effects and internet monopolies. Imagine you decided to stop using facebook but would like to take your social graph, posts, likes, calendars etc. with you to upload to another platform like Linkedin or TikTok. Today this would be unfeasible because your data is controlled by the respective intermediary - Facebook in this example. Noncustodial wallets, however, allow you to do exactly that: you can take your data with you to log into other services and interfaces. Data is freed, escaping its silos and the walled gardens erected by Big Tech incumbents.. We have the opportunity to create competition to GAAFA companies without regulation. Web3 is the biggest opportunity in decades to create alternatives for customers and to break internet monopolies. Crucially, this is only possible if your keys are managed in a noncustodial (’unhosted’) wallet.
In summary, given the support of an enlightened approach to government regulation and guidance, we believe that digital asset markets and crypto technologies will blossom into a macroeconomic mega trend – improving global financial markets and social coordination on a heretofore undocumented scale. As a cluster these technologies may stand amongst the most important innovations of the 21st century.
Paradigm shifts introduced by new waves of disruptive innovation are challenging. Based on previous interactions with policymakers, we realized that the following key concepts are particularly confusing and hard to grasp.
In the context of cryptocurrency systems public keys are a unique string of numbers and letters representing an address (think an email address or IBAN). Each of the addresses generated is unique and has a private key (think password or digital certificate) related to it. Whoever controls the private key is empowered to interact with the data related to the respective public key address. Ownership of the private key defines control over data. In some cases, controlling the data grants certain rights to control associated assets. The data held in a public key address can represent cryptocurrencies, financial assets or collectibles but also other data sets such as texts, emails, calendars or video files for example.
Today, most of the activities undertaken on crypto networks are routed through centralised exchanges. Exchanges are intermediary entities controlling the private keys of their customers, thereby holding funds of users in custody. On the one hand, users are not forced to store their private keys (passwords) securely and risk losing them. But on the other hand they are exposed to the risk of exchange hacks targeting both crypto assets as well as identifiable information leading to physical security concerns, alongside denial of service through the exchange as a gate keeping intermediary.
Non-custodial wallets (or ‘unhosted wallets’) provide an alternative option. Here the users can download a piece of open source software to their devices to control their private keys directly - without an intermediary. This is equivalent to a wallet in the physical world. It allows users to take real ownership of their data and their assets. It significantly increases security because of diminishing returns for attackers - there is no ‘honey pot’ (an aggregation of data with a high economic value) where assets worth billions of dollars are accumulated and attacking millions of individuals separately would be technically and economically unfeasible. Only through non-custodial wallets will the concept of open, portable data (see above under A. 4.) come to fruition to reduce data network effects and break internet monopolies.
Further, only non-custodial wallets provide open access to the world of permissionless services spanning not just Defi but a host of non-financial services and applications like private messaging, social media apps, music streaming and others. All of those services require the identification of a private key owner through a private key signature - which can only happen through a non custodial wallet. Applying strict surveillance regimes to users of non custodial wallets in non-financial contexts like blockchain based social media or private messaging apps is disproportionate.
The adoption rate of non-custodial wallets is exponential. Metamaks alone - one of the leading software providers for non custodial wallets - grew by 38x fold from 2020 to >21,000,000 active users in 2021. Metamask connects you to more than 3700 apps into the Ethereum ecosystem. Out-regulating non-custodial wallets as a driving force behind crypto technology adoption in financial and non financial contexts would be deeply regrettable.
One of the most complex and controversial topics in the realm of crypto networks is the definition and legal treatment of on-chain organizational structures, such as decentralized, autonomous organizations (DAOs).
Typically, DAOs can be defined as open, self-organized networks that are coordinated by crypto-economic incentives as well as self-executing code to achieve common goals. Often not for profit. Bitcoin was the first DAO ever created and the Ethereum network is the second one by market share. Both incentivise miners through a transparent inflation scheme to secure the network. However, the concept of ‘mining’ can be generalized. As of today it’s used in the context of providing liquidity, bandwidth for video transcoding or storage capacities amongst many others. They are not run by a board of directors or even any group of people; they are not corporations but open source code, machinery so to speak - and therefore should not be regulated as corporations.
That said, there are cases where protocols are launched which resemble corporations to a much higher degree because they (1) raised private capital into a (2) legal entity with (3) centralized governance, (4) did not fully open source their code base (5) have a for profit purpose and (6) beneficial (token) owners. Per definition they would not qualify as a ‘DAO’ in the sense defined above as they are neither decentralized nor autonomous. Since many consumers participate in such on-chain structures - a legally secure framework should be created for reasons of consumer protection and liability risk.
Such a framework has been pioneered by the US State of Wyoming.. It allows DAOs to be formed as a limited liability company which is a recognised legal personality - a DAO LLC. DAO LLCs are recognised in Germany and can operate in Europe. Their existence should motivate European legislators to create alternative legal frameworks (adding a new legal entity type) which can compete with that of Wyoming and others to attract international talent and capital - a huge opportunity for Europe to become a major hub of future internet innovation.
Crypto networks are public, transparent ledgers. Every interaction between individuals (peer to peer) or individuals and a set of smart contracts (protocols) are written into the ledger, visible for eternity. This makes cryptocurrencies a pretty weak tool for obfuscation and money laundering. Furthermore every transaction will be visible on-chain forever. This means that further developments of AI and big-data-analysis will ensure a nearly complete supervision of all transactions. Even now 80%-95% of all transactions can be traced back to the real name with the right tools. The media’s obsession with crypto hacks and scams is exclusively related to failures on the front end, intermediary companies like exchanges or the flawed design of smart contracts. These kind of attacks have in 10+ years of history never been related to a failure of the actual ledger. We are optimistic in developing better auditing and security standards to further mitigate the aforementioned risks over time.
It’s important to understand that many environmental concerns are exaggerated or based on flawed assumptions or misunderstandings of how the Bitcoin protocol works. The actual negative impact of Bitcoin mining is a lot less alarming than what most might think.
Bearing the sensitivity for such commonly held misconceptions in mind, we perceive the current MiCA/TFR draft regulations as predominantly un-proportional. In our view, they will result in unintended but nonetheless deleterious long-term consequences to the sector.
Crypto technologies are neutral by default - just like a car, a telephone or the internet they can be used for good or bad. Relative to other financial technologies, cryptocurrencies are used much less in the context of criminal activities:
Cryptocurrency based crime hit an all time high in 2021, with illicit addresses receiving $14 billion - up from $7.8 billion in 2020 (+80%), yet total transaction volumes grew to $15.8 trillion (+567%) in the same period. Hence, the growth of legitimate cryptocurrency usage is far outpacing the growth of criminal usage and not just year over year but also in the big picture: transactions involving illicit addresses came down to only 0.15% (2021) from 1.42% in 2017, 0.76% in 2018, 3.37% in 2019 and 0.62% in 2020. In comparison - according to the UN - between 2-5% of global GDP annually is connected to money laundering and illicit activity. Because of their transparent nature and links to regulated fiat money on and off-ramps, cryptocurrencies remain a poor tool for criminals intending to obfuscate illegal activities. The financial surveillance rules currently in place are applied whenever fiat money is converted into cryptocurrencies and vice versa. Those AML regulations are the least efficient public policy instrument ever created with every $1 captured yielding costs of $500. Applying an even more strict surveillance regime with even higher direct and indirect sociall costs to the emerging crypto economy is counter-productive and un-proportional.
We suggest our democratically elected representatives to not add additional surveillance practices beyond the monitoring of fiat on- and off-ramps. This would balance civil liberties with potential crime reduction in a healthy equilibrium.
The choice of who is and who is not a CASP is one of the most consequential choices policymakers can make in the next decade. It will determine the relative efficacy of policies aimed at defeating terrorism and financial crimes but also the collateral damage done to human rights and innovation.
Currently, a ‘crypto asset service provider’ is defined under Article 3, 1. (8) as “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis.”
It is followed by the definition of a ‘crypto asset service’ under (9) which means any of the services and activities listed below relating to any crypto-asset including e.g. (b) ‘the operation of a trading platform for crypto assets or (d) ‘the exchange of crypto-assets for other crypto assets’ among many others.
Given its enormous weight, the CASP definition should be justiciable, clearly defined and narrow. Which unfortunately it is not. In its current form it is unclear whether decentralized exchanges, decentralized marketplaces or other pieces of open source software infrastructure would fall under such definitions. As discussed earlier (B. 3.) software protocols are not necessarily corporations and developers do not operate any services once the smart contracts are deployed. Applying the CASP definition to them would represent a disproportionately broad definition and probably be unlawful.
The most important and clear factor to define whether a person or entity can be defined as a CASP should be the criterion of control over a user’s private key. As long as this condition is not fulfilled, users are interacting peer to peer without any intermediary, and should not fall under the CASP definition.
We propose to narrow the current CASP definition and take into account the factor of control over a user’s private key to achieve a more justiciable definition. We propose to explicitly exempt decentralized finance (Defi) projects, developers, miners, telcos and other infrastructure providers from the scope of the CASP definition.
The public disclosure of all transactions and digital asset wallets will put every digital asset owner at a high risk of losing access to their property and compromising their physical integrity. The personal data (address, name) stored by financial intermediaries will very likely be compromised through cyber attacks and hacks. We’ve witnessed this time and time and time again. The more data is collected, the bigger the incentive to break into a system. Once digital asset holders are threatened through ransomware attacks, kidnapping, robbery and blackmailing they are likely to re-consider holding any digital assets at centralized custodian wallets, which cannot protect their privacy. This would mean a de facto ban of secure self-custodian digital asset holdings and drive any activity underground, leading to less democratic control and tax evasion. As mentioned earlier (B. 2.), only non-custodial wallets hold the potential to let the principles of open / portable data come to fruition. By punishing the use of non-custodial wallets we would create a moat for centralized intermediaries and foster an intermediary driven monopolized internet economy.
As mentioned above (B. 2.) non-custodial wallets are essential to interact with any kind of permissionless applications including blockchain based social media apps, private messaging services, music streaming and countless others. Forcefully exposing a user’s real identity in such contexts would be unlawful.
We suggest not to open data honeypots in a thoughtless way. They put the physical integrity of EU citizens at a high risk. Below under C.4. we discuss alternatives.
Applying the travel rule to transactions between a CASP and a non-CASP (e.g. a private individual using a wallet) would require the CASP to collect personal data like the name and address of the respective recipient and sender. Whenever one participant of a transaction is not a regulated entity the transaction would more resemble a cash transaction than a wire transfer and should be treated accordingly: In cash transactions, institutions can report information about their customers but have no ability or right to obtain and report information about persons who are not their customers. Even the FATF agrees to not enforce the travel rule in cases of Non-CASP to CASP transactions.
We suggest not to apply the travel rules outside of CASP to CASP relationships in order to treat CASP to / from non CASP like cash transactions which are a closer analogy than wire transactions..
Alternatively, we suggest to pursue a risk based approach by monitoring the behavioral patterns of public key addresses - without collecting personally identifiable information. If a public key address has been verifiably involved in criminal activities or if meaningful evidence suggest an illicit activity is being undertaken through a transaction - transactions between a CASP and an unhosted wallet can be blocked.
Alternatively, we suggest allowing noncustodial wallets to operate independently of custodians while allowing them to provide AML/KYC information when legally necessary through a limited use, third party data processor operating under control of the data subject’s active consent.
One potential approach could be to store KYC proofs in the form of verifiable credentials (VCs) linked to a Decentralized Identifier (DID) according to the principles of self-sovereign identity (SSI). The personal data linked to a given verifiable credential can be stored in the owners’s personal data vault (active 24/7) and be shared with a CASP based on consent. The personal data linked to verifiable credentials would be stored off-chain. The technical implications of such design as well as practical considerations around existing regulations and compliance procedures are complex. We suggest exploring the design space more profoundly before implementing new regulations.
Requiring a legal entity organization and registration per se for any deployment of open source code on chain runs counter to the very foundations of decentralized technologies. Open access means that every individual with an internet connection can interact with decentralized technologies like the internet protocol suite or Bitcoin for example. If the formation of a legal entity organization is required to write and deploy code on crypto networks, freedom of expression would be severely undermined. For more context see the section ‘protocols; not companies’ above. The web2 equivalent of such regulation would be to make a company formation mandatory before posting a blog post or setting up a website.
A registration requirement for a legal entity registration should not be applied as it limits developers in their capabilities of writing and deploying code freely, hence violates their freedom of speech unnecessarily.
Section C. 4. laid out why the travel rule should not be applied in CASP to non-CASP transactions. Even if it was applied in such cases or in cases of CASP to CASP, transactions > 1,000 EUR should not be reported per default.
Every crypto transfer from a CASP to an un-hosted wallet or vice versa would have to be recorded and verified. Additionally, in the case of transfers larger than €1,000, they have to be submitted to the authorities whether an inherent risk is apparent or not.
The proposed regulation creates unnecessary bureaucracy and data honeypots ready for exploitation. Law abiding citizens using crypto technologies are discriminated against in comparison to those using cash.
A reporting requirement for every transaction > EUR 1,000 - e.g. for paying rent or a piece of furniture - would create an unacceptable burden on CASPs and it would drown authorities in an ocean of irrelevant transaction reports. Consequently, suspicious transactions would be obfuscated and thereby prevent regulators from efficient law enforcement. Also it creates big data honeypots for hackers putting our citizens' integrity at risk as laid out in Section 3.
The travel rule should not be applied to any CASP to non-CASP transactions (see C. 4). In case it does, only transactions which are indicative of financial fraud or other criminal activity should be reported to the authorities.
Summarizing the previous points, the current draft regulation would mean (i) a de facto ban of building decentralized technologies and (ii) the introduction of unbearable bureaucratic procedures to CASPs in a hyper growth emerging economy. Those measurements would lead to an exodus of talent and capital in the EU and motivate innovators to build elsewhere - like in the US, UK or other hubs with more progressive regulation. In short, completely undermining the intent of MiCA’s initial framing.
The signatories of this letter count on you to foster open innovation, privacy and financial freedom through a more sensitive and progressive approach to the regulation of the emerging crypto industry. The EU has an opportunity to be a global frontrunner in accelerating the benefits of human rights and transparency in web3 technology. This is achievable through open discussion, championed by Europe’s elected officials. We look forward to continuing conversation with policymakers and discussing ways of fostering balance between innovation and risk mitigation. With a holistic approach in mind we can collectively highlight the benefits of crypto for the body politic and safeguard Europe’s digital sovereignty in the process.
Yours sincerely,
the web3 community
[WE ARE ADDING SIGNATORY NAMES HERE - CURRENTLY >1,800 INDIVIDUALS AND ORGANIZATIONS SIGNED]
PLEASE DO NOT PUT DOWN YOUR NAME BELOW HERE BUT USE THE FORM: WE WILL PASTE ALL NAMES IN ONCE WE CLOSED THE FORM ON
https://zgda3e5kgj0.typeform.com/to/Vz9SOJ0w?typeform-source=www.google.com