Every Friday, Law Decoded delivers analysis on the week’s critical stories in the realms of policy, regulation and law.

Editor’s note

The U.S. is preparing for its Independence Day tomorrow. New spikes in positive COVID-19 tests will put a damper on some but not all of the traditional fireworks, cookouts and Martina McBride. On the same day, new changes to the Russian Constitution, including those that may allow Putin to stay in power for another 16 years, take effect. In more light-hearted news, pubs will also reopen in the U.K.

The COVID-19 lockdowns have added new immediacy to the eternal tug-of-war between personal freedoms and common welfare. This week has also seen a rise in legal decisions around the world surrounding encryption and privacy, as well as the government’s relationship to cryptocurrencies as property or zones of privacy. 

Part of the classic appeal of crypto is a means of opting out of traditional government authority. Ownership over Bitcoin is as simple as “not your keys, not your coins”; monetary policy is determined by algorithms that feel no obligation to inject stimulus payments. And yet, how governments choose to treat Bitcoin matters and will continue to matter. Cryptographic independence can only go so far.

Kollen Post, Policy Editor


Subscribe to the Law Decoded newsletter, delivered every Friday

* indicates required

Not your keys, not the Kremlin’s problem

In a major ruling in St. Petersburg, Russia, the Petrogradskiy Court found that it did not have a duty to make thieves return 100 BTC that they had stolen. 

The thieves in question got access to the BTC by impersonating agents of the FSB (the successor agency to the KGB) in order to kidnap the victim until he surrendered over $90,000 in cash, as well as nearly $1 million worth of Bitcoin. 

The perpetrators have been sentenced to hard time and the court returned the victim’s cash, but it looks like the BTC will stay with them. The court’s reasoning was that Bitcoin, lacking legal status in the Russian Federation, does not constitute property. 

In theory, the ruling will only carry weight until the long-delayed Russian crypto law comes into effect, but when that will happen remains anyone’s guess. For the time being, it’s a pretty bold declaration from the state: We will protect your rubles but not your Bitcoin. 

A logical conclusion is that for the time being, it’s not even a crime to steal Bitcoin or other cryptocurrencies in Russia. So, if you are a resident or citizen, be warned and wary. 

Encryption giveth and encryption taketh away

News broke yesterday that an international coalition of European police departments arrested over 800 users of an encrypted chat network who were allegedly selling drugs and weapons via the platform.

It’s the largest arrest of its kind and ties into a global push to give authorities access to encryption. Indeed, one of the many controversies surrounding the public voter over Putin’s changes to the Russian constitution was that the blockchain-based platform’s encryption was weak enough to allow voters and third-parties access. 

Encrypted platforms are often the subject of regulator wrath, with authorities routinely painting encryption as a tool for illicit actors like weapons dealers, child pornographers and terrorists. 

More directly relevant to crypto, a U.S. court recently upheld the right to search Coinbase’s transaction records in a case centered on child pornography, arguing that access to this third-party information is well within the government’s purview. The IRS is likewise searching for a tool to track privacy tokens to make sure they get paid.

It’s obvious that many of these actors are a very nasty brand of criminal. At the same time, many of the protests against police brutality in the U.S. depended on Signal to organize. Telegram, which had faced accusations of facilitating terrorism, managed to get unblocked in the Russian Federation after proving extremely useful in spreading information on COVID-19. So, the question is: How much do you trust the state to be a good actor?

Plaid and private-sector financial data usage

The flip side to the privacy debate often comes from the private sector rather than the government, and that is data harvesting. A new class-action suit filed in California alleges that Plaid, a now-ubiquitous provider of fintech interoparational APIs, has been plumbing and profiting off of user financial data without users ever even knowing the firm’s name. 

California’s data protection act is currently the U.S.’s testbed for what will likely turn into a broader federal law governing data usage by private firms. Many see it as analogous to Europe’s GDPR, except presiding over Silicon Valley. 

While Plaid may not have the same brand recognition as, say, Visa (which bought Plaid for over $5 billion at the beginning of this year), it powers an enormous range of online finance. If the plaintiffs in this new class action get their way, it would set a new standard for fintech in the jurisdiction that effectively runs it globally.

Further reads

Justin Sherman writes on Russia’s decision to unblock Telegram for the Atlantic Council and finds that the block was doomed from the start. 

Recently discussed amendments to Section 230 of the Communications Decency Act will hobble open debate on the internet, says Brookings’s Derek Bambauer. 

Peter Van Valkenburgh of Coin Center summarizes the updates to New York’s BitLicense introduced on its fifth birthday.