a16z: The U.S. Department of Justice's Action Against DeFi is a Disaster

Original Title: Why the Department of Justice's actions against DeFi are a wreck

Original Authors: Miller Whitehouse-Levine, Amanda Tuminelli

Original Translation: 0xjs, Golden Finance

If someone runs a red light and causes a car accident, who is responsible: the driver or the car manufacturer? It's almost certainly the driver. Of course, the car manufacturer has a responsibility to use proper materials and install safety features like seatbelts and airbags, but their obligation stops there. Holding the car manufacturer accountable for the reckless driving of the car's user would be nonsensical, just as holding the driver accountable for the manufacturing obligations of the car would be nonsensical as well.

Likewise, if someone uses that car manufacturer's vehicle as a getaway car in a bank robbery, you wouldn't expect the self-driving car developer to be held responsible. As a judge pointed out in the hypothetical scenario: you "would not sue the car companies for aiding and abetting crime; [you] would sue the individual who did the wrong."

In the automotive realm, these principles may seem obvious, but in the digital realm, they are still subject to significant debate. Determining who has control in a particular system and to what extent they have control is the core question around which all other policy and legal issues must revolve. The same intuitive principles that govern our understanding of manufacturer and driver liability should form the basis of wise policymaking in a decentralized network and protocol context. (In fact, the judge referenced in the above hypothetical scenario is discussing whether the decentralized cryptocurrency exchange Uniswap should be held responsible for a plaintiff purchasing a scam token created by an individual of unknown identity.)

Developing sound policies around cryptocurrency should always start with an analysis of "control" within a given system: Who controls a system or someone else's assets, and how? When? Answering this question can help identify who can or cannot be held accountable for activities in the digital asset ecosystem.

Holding individuals accountable for systems and activities they do not have the power or control to influence would lead to adverse outcomes. Unfortunately, the U.S. Department of Justice (DOJ) has overlooked this distinction and has attempted to achieve this by holding software developers accountable for the actions of third parties using developer-created but no longer controlled neutral tools.

In 2024, the U.S. Department of Justice began prosecuting software developers in the blockchain industry under the 1960 statute (akin to car manufacturers, creating neutral technology). Two known cases include United States v. Storm and United States v. Rodriguez. The charges brought forth by the DOJ in these indictments are broad, indicating that many others in the industry could also be targets, thus enforcing a policy equivalent to holding car manufacturers responsible for car accidents.  

Therefore, as we enter the new era of 2025, the digital asset industry's primary policy focus is to compile the correct and lawful understanding of "control" into law—particularly based on the definition of "money transmission" under Section 1960. Money transmission is subject to certain registration and information reporting provisions of the Bank Secrecy Act (31 USC § 5312) and criminal provisions (18 USC § 1960), which penalize those who fail to register their business. The penalties are severe: Section 1960 specifies that violators can face a maximum fine of $250,000 and up to five years in prison.

Clarifying and compiling the correct interpretation of the money transmission law inevitably involves incorporating the concepts of custody and control into the law itself. This also means ensuring that government entities interpret the law consistently in a way that includes these concepts. We believe this is the most critical issue facing the U.S. crypto industry because, if left unresolved, the Department of Justice can continue to prosecute non-custodial software developers—whether in decentralized finance (DeFi) protocols, the Bitcoin protocol, or similar neutral protocols—for operating an "unlicensed money transmission business," even though these charges are baseless as these developers cannot control the software or user funds.

The definition of "fund transfer" related terms should be unequivocally interpreted correctly. The Bank Secrecy Act defines "money transmission services" as "accepting currency, funds, or other value that substitutes for currency and transmitting the currency, funds, or other value in any way." Meanwhile, Section 1960 defines "fund transfer" to include "representing the public in any way to transfer funds." From a literal and legal analysis of these definitions, it is clear to everyone except the Department of Justice that a "fund transfer" business must effectively control user funds.

As an example to emphasize this distinction, consider an individual exchanging digital assets: the individual can use the services of a centralized exchange or a DeFi protocol to make the exchange. To use a centralized exchange, the individual first transfers their digital assets to the exchange, which then custodies and controls these assets. In return, the exchange transacts on behalf of the individual. In other words, the exchange represents the user in "accepting" and "transmitting" the user's funds. There is a certain level of risk in the control of individual funds by centralized exchanges (e.g., loss and misuse)—policies governing what this control can and cannot do can mitigate these risks. If a centralized exchange loses the assets it controls on behalf of the individual, the exchange should be held accountable.

In DeFi, individuals can achieve similar outcomes without entrusting asset control to a third party. When exchanging digital assets using decentralized software protocols, individuals can retain control of their digital assets and never relinquish this control. Instead, they use a new type of software tool—a DeFi exchange protocol—to unilaterally transact based on their own instructions. Unlike centralized exchange businesses, the original developers of DeFi protocols do not retain control over the protocol and do not have the ability to control how third parties use it. Only users of the DeFi protocol can control their own assets. While there are risks associated with using DeFi protocols (e.g., it may be a complex technology with a higher user error rate), the risk of third parties losing user funds is lower because users never give up custody in the first place. (If you hold your own assets, a bank failure is not a risk to you.)

A fundamental understanding of control (i.e., the ability of a third party to actually transfer user funds) is key. That's why centralized exchange businesses, as described above, are appropriately regulated as "money transmission" businesses, while developers of immutable non-custodial smart contract protocols have gone unregulated. This also underscores the danger of misunderstanding and misallocating control. On the one hand, to identify and mitigate risks at the source, and on the other hand, to properly allocate responsibility in case of issues, it is necessary to determine who has the necessary control of the system to mitigate risks, or who bears the greatest responsibility for certain actions that need to be remedied.

The industry and legislators must come together by 2025 to ensure that the law accurately reflects the precise concepts of custody and control and the responsibilities that flow from them—be it in the context of market structure bills, broker reporting obligations, or the reform of Section 1960. Currently, the industry faces a real threat from the Department of Justice's overbroad and mistaken interpretation of unlicensed money transmission, one of the many misunderstandings in the broader crypto policy space.

As seen in the analogy above, if car manufacturers were held responsible for every collision beyond their control, cars would likely never succeed. Such a policy could stifle automotive innovation and freeze the American automobile industry. If policymakers and legislators can align on the realities of control and regulation in a software development context, we will be able to establish a clear and fair foundation for crypto entrepreneurs and developers in the U.S.

Original Article Link