The industry and lawmakers must work together in 2025 to ensure that the law accurately reflects the concepts of custody and control, as well as the responsibilities that arise from them.
Written by: Miller Whitehouse-Levine, Amanda Tuminelli
Translated by: 0xjs@Golden Finance
If someone runs a red light and causes an accident, who should be held responsible: the driver or the car manufacturer? Almost certainly the driver. Of course, the car manufacturer has a responsibility to use appropriate materials and install safety devices like seat belts and airbags, but their obligations are limited to that. It makes no sense to hold car manufacturers accountable for the bad driving behavior of their vehicle users, just as it makes no sense to hold drivers accountable for the manufacturing obligations of the car.
Similarly, if someone uses a vehicle from that car manufacturer as a getaway car in a bank robbery, you wouldn’t hold the developer of the self-driving car responsible. As a judge pointed out in a hypothetical scenario: you "would not sue the car company for aiding and abetting illegal activity; [you] would sue the individual who made the mistake."
In the automotive field, these principles seem obvious, but in the digital realm, they remain highly contentious. Determining who exercises control in a specific system and to what extent they have that control is the core issue around which all other policy and legal questions must revolve. The same intuitive principles that govern our understanding of car manufacturer and driver liability should form the basis for wise policy-making in the context of decentralized networks and protocols. (In fact, the judge referenced in the hypothetical scenario was discussing whether the decentralized cryptocurrency exchange Uniswap should be held liable for the plaintiff's purchase of scam tokens created by an unknown party.)
Formulating reasonable policies for cryptocurrency should always begin with an analysis of "control" within a given system: if someone controls a system or the assets of others, who is in control? How do they control it? When do they control it? Answering these questions can determine who can or cannot be held accountable for activities within the digital asset ecosystem.
Holding people accountable for systems and activities over which they have no power or control can lead to adverse consequences. Unfortunately, the U.S. Department of Justice (DOJ) has overlooked this distinction and has attempted to do so by holding software developers responsible for the actions of third parties using neutral tools that the developers originally created but no longer control.
In 2024, the DOJ began prosecuting software developers in the blockchain industry under Section 1960, similar to how car manufacturers are held accountable, with known cases including United States v. Storm and United States v. Rodriguez. The charges brought by the DOJ in these indictments are broad, indicating that many others in the industry may also become targets, effectively enforcing a policy akin to holding car manufacturers responsible for accidents.
Thus, as we enter a new era in 2025, the primary policy focus for the digital asset industry is to codify a correct and lawful understanding of "control" into law—particularly regarding the definition of "money transmission" under Section 1960. Money transmission businesses are subject to certain registration and information reporting requirements under the Bank Secrecy Act (31 USC § 5312) and criminal provisions (18 USC § 1960), which penalize those who fail to register their businesses. The penalties are severe: Section 1960 provides for fines of up to $250,000 and up to five years in prison for violators.
Clarifying and codifying the correct interpretation of money transmission laws necessarily involves incorporating the concepts of custody and control into the law itself. This also means ensuring that government entities consistently interpret the law in a way that includes these concepts. We believe this is the most critical issue facing the U.S. crypto industry, as failure to address it could allow the DOJ to continue prosecuting developers of non-custodial software—whether decentralized finance (DeFi) protocols, Bitcoin protocols, or similar neutral protocols—for operating "unlicensed money transmission businesses," even if these charges are baseless, as these developers cannot control the software or user assets.
The definitions of terms related to "money transmission" should undoubtedly be correctly interpreted. The Bank Secrecy Act defines "money transmission services" as "accepting currency, funds, or value that substitutes for currency and transmitting currency, funds, or value that substitutes for currency in any form." Meanwhile, Section 1960 defines "money transmission" to include "transmitting funds on behalf of the public in any manner." From the literal meanings of these definitions and relevant legal analysis, it is clear to everyone except the DOJ that "money transmission" businesses must actually control user funds.
To emphasize this distinction, consider an example of a person exchanging digital assets: that person can use the services of a centralized exchange or a DeFi protocol to make the exchange. To use a centralized exchange, the person first transfers their digital assets to the exchange, which then holds and controls those assets. In turn, the exchange trades on behalf of the person according to their instructions. In other words, the exchange "accepts" and "transmits" the user's funds on their behalf. The centralized exchange's control over individual funds carries certain risks (e.g., loss and misuse)—policy responses to what it can and cannot do with that control can mitigate these risks. If the centralized exchange loses the assets it controls on behalf of the person, the exchange should be held liable.
In DeFi, similar results can be achieved without relinquishing control of assets to a third party. When using decentralized software protocols to exchange digital assets, individuals can retain control over their digital assets and never relinquish that control. Instead, they use a new type of software tool—a DeFi exchange protocol—to unilaterally make exchanges in their own direction. Unlike centralized exchange businesses, the original developers of DeFi protocols do not retain control over the protocol and have no ability to control how third parties use it. Only the users of the DeFi protocol can control their own assets. While there are risks associated with using DeFi protocols (e.g., they may be complex technologies with higher user error rates), the risk of third parties losing user funds is lower because users never relinquish custody from the outset. (If you hold your own assets, a bank failure does not pose a risk to you.)
A fundamental understanding of control (i.e., the ability of a third party to actually transfer user funds) is key. This is why centralized exchange businesses, as described above, are appropriately regulated as "money transmission" businesses, while developers of immutable non-custodial smart contract protocols are not regulated. This also highlights the dangers of misunderstanding and misallocating control. On one hand, identifying and mitigating sources of risk; on the other hand, correctly assigning responsibility when issues arise, requires determining who has the necessary control over the system to mitigate risks or who bears the greatest responsibility for certain actions that need remedying.
The industry and lawmakers must work together in 2025 to ensure that the law accurately reflects the precise concepts of custody and control and the responsibilities that arise from them—whether in the context of market structure legislation, broker reporting obligations, or reforms to Section 1960. Currently, the industry faces a real threat from the DOJ's excessive and erroneous interpretation of what constitutes unlicensed money transmission, which is one of many misunderstandings present in the entire crypto policy landscape.
As we saw in the analogy above, if car manufacturers were to be held responsible for every collision beyond their control, cars would likely not succeed. Such a policy could stifle automotive innovation and freeze the U.S. automotive industry. If policymakers and lawmakers can reach a consensus on the realities of control and regulation in the context of software development, we will establish a clear and fair foundation for crypto entrepreneurs and developers in the United States.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
