Base Case: Remarks at the IC3 Blockchain Camp

Thank you, Jim, and thanks to the Initiative for Cryptocurrencies and Contracts. Before I begin, I must remind you that my views are my own as a Commissioner and not necessarily those of the SEC or my fellow Commissioners.

I am happy to be here at Princeton University, the place where my parents' romance began. My mother, hoping that I too would meet a wonderful husband here, urged me to apply to Princeton for graduate school in economics. Economics was my first love, and Princeton would have been a good place to pursue it and perhaps also to find my second love. Though I knew that I did not have the math scores to get into Princeton's excellent PhD program, applying was the least I could do for my long-suffering mother. The admissions committee-cruelly indifferent to the maternal plan-agreed with my self-assessment. Reviewing the agenda for this Blockchain Camp, which includes topics such as cryptography, privacy, and distributed systems, resurrected that thirty-year-old rejection letter. Reminded once again that I do not belong here on the Princeton campus, I am grateful that you admitted me despite my obvious deficits.

The fresh reminder of my own limitations only makes me more keenly grateful for the talent that those of you in this room possess. I delight to see others excel in areas in which I do not. You have the raw intelligence and the training to design and build things that make it easier, safer, and cheaper for humans to communicate, interact, and transact. Events like this one, which bring together so many smart people, enable you to critique, refine, and build upon one another's work and, importantly, to encourage one another to create good things that solve real problems. Thank you for the work that you are doing to improve the lives of other people and contribute to human flourishing.

What can I-a regulator-do to enable you to use your talents for good? I already have made clear that I will not be of any use on the technical side. My job is to work with Congress and other regulators to establish a sensible legal framework within which you can work on solving technical and commercial problems. The regulatory boundary lines need to be clear enough that you do not have to spend precious time and money working with lawyers to discern where those lines are, but not so prescriptive that they cannot accommodate technological change. Laws and regulations have a role to play, but they should be designed to encourage, not dissuade, you to invest your time and talent to build useful things.

Before I share my thoughts on what the SEC ought to do with respect to crypto, a reminder is in order. Law should not be the first place you look to solve problems. Statutes and rules take a long time to draft and, once they are on the books, they are hard to change. Moreover, governments do not have access to the expertise that is available to industry. Industry-devised solutions can be more effective and more responsive to technological changes. Tackle problems that you see instead of waiting for regulatory fixes. You can take common-sense steps to prevent future hacks of DeFi protocols, for example.[1] Fight AI hackers with AI. Consider whether you should build delays into your protocols to impede bad actors' attempts to steal assets. Plan for human failure by incorporating safeguards in your protocols. Establish industry standards for key management. Test and audit code before deploying it for customers to use. Make tools available that empower your users to see what is happening onchain and offchain. Figure out what the right balance of centralization and decentralization is for your project and be transparent with the public about the trade-offs you have made and the resulting risks to users. And, more generally, be honest.

The challenge permeating many of the issues under consideration by the SEC's Crypto Task Force is deciding where should regulation apply. In a 2024 article, Professor Reyes chided regulators and the law itself for their "overreliance on intermediaries [which] results in a lack of workable rules and undermines law's legitimacy."[2] The law's focus on intermediaries, Reyes explains, has led regulators confronted with decentralization in the crypto world to "pretend that an intermediary existed" when one did not.[3]

Regulators tend to look at everything through the eyes of their particular hobbyhorse. The SEC's rulebook is full of intermediaries: brokers, dealers, exchanges, clearinghouses, transfer agents, investment advisers, and investment companies. As a result, we see the crypto world teaming with brokers, dealers, exchanges, clearinghouses, transfer agents, investment advisers, and investment companies. In some cases, the blockchain is used to perform functions similar to those performed by these intermediaries, but it is not clear that our rules should apply to the blockchain itself, given that blockchains are used to do many things other than transact in securities.

Even where a tool has been designed to replicate the functions performed by a regulated intermediary, however, applying our traditional categories to the activities and actors we see is difficult. Accordingly, we are proceeding carefully (and more slowly than many people would like). We are trying to watch and learn as we go. Recently, for example, the Commission staff issued a staff statement on user interfaces that enable people to engage in crypto asset securities transactions.[4] The statement is a temporary measure as the Commission considers whether and how to regulate in this area. Similarly, the planned innovation exemption to permit onchain trading of NMS stock will enable us to consider how such trading should be regulated. More generally, Chairman Atkins and I have called on the Commission to reconsider key definitions, including exchange and broker definitions, to appropriately capture activity that should be regulated while carving out of those definitions activity that should not be subject to regulation.[5]

Some basic principles guide my thinking as I seek to apply securities regulation where it belongs and keep it away from activities that are not properly within our mandate:

• Publishing code is speech, which the First Amendment protects. People who do nothing more than write open-source code for other people to use should not have to register with the SEC.[6] As Coin Center has explained, software, including software that can be used "to facilitate activities that were historically intermediated" is protected speech, as is "publishing new versions of software, recommending updates, [and] attempting to persuade users to adopt improved or modified tools."[7]
• Blockchains are a general-purpose technology. Just as the internet is used for lots of purposes, blockchains are too. We need to limit our regulation to activities that are within our remit. The SEC is not a general-purpose infrastructure regulator. We should not require the people that operate the infrastructure to register with us simply because someone else uses that infrastructure to engage in activity that the SEC regulates.
• Blockchains work as intended when legal systems respect base-layer neutrality. Dr. Barczentewicz explained that "[b]lockchain networks derive much of their utility from their ability to process transactions without prejudice" and, he continued, "[r]ecognizing legally credible neutrality, therefore, is not just about avoiding overregulation. It's about preserving the core characteristics that make these services valuable in the first place."[8]
• If infrastructure providers do nothing more than impartially process data in accordance with verifiable, open, non-discretionary execution logic, the SEC should not treat them as securities market participants. Regulatory frameworks should govern conduct, not proximity to the conduct. Neutral conduits for the processing of data lack the foundational rationale for regulatory intervention. An infrastructure provider that processes securities-related data is no more a securities market participant than a telephone company that carries a conversation about stock tips is a broker-dealer. The subject matter of the data cannot determine regulatory status of the entity processing it.
• Technology can sometimes stand in for regulation. The power of a decentralized blockchain is that "every participant follows the same programmed rules, with no exceptions for powerful actors or special circumstances, including for the developers of these protocols."[9] Decentralization of technology and governance means that "no single party can change the rules arbitrarily or discriminate against users."[10]
• When centralized actors in crypto markets have discretion over or otherwise take custody of other people's securities and funds, securities regulation may be appropriate. Onchain CeFi, in contrast to true DeFi, is fair game for securities regulation, but that regulation may not be identical to regulation of traditional centralized finance.[11]
• People should be free to transact without intermediaries. Section 11A of the Securities Exchange Act recognizes the value of investors being able to execute their orders "without the participation of a dealer",[12] and we should welcome decentralizing technologies that make this possible. Intermediaries can rest assured that most investors will prefer the intermediated route, but the DIY option is important. The securities laws should not reach "transparent, non-custodial software tools that enable users to interact with autonomous blockchain networks and smart contract protocols to engage in transactions on their own."[13]
• The fact that multiple people use the same software code to transact in securities does not by itself mean somebody has to register as an exchange. If nobody is in control of the system, who would register?

These basic principles are meant to be a conversation starter or, more accurately, a conversation continuer. Am I on the right track? Should the Commission engage in an interpretive rulemaking to expressly adopt any of these principles, or should they simply be reflected in our approach to rulemaking and enforcement? Professor Reyes has pointed out "[e]merging technology is law's magic mirror" in that it can "reflect various flaws or gaps in existing legal regimes."[14] Crypto offers us the opportunity to think carefully about when, why, and how the securities laws should apply, and I welcome your participation in that undertaking-one that, even after all these years, I find to be fascinating. Thank you for listening. I look forward to the discussion ahead.