Hello What’s Next readers, and welcome to another dispatch from the front lines of technology and law. This week, we get a glimpse of all the activity happening at the SEC around digital tokens, the UK data regulator weighs in on facial recognition technology, and reason no. 18,472 not to trust your tech devices.

Are you at the “Coachella of Bitcoin” this week? Are there other events or goings-on you think I should know about? Drop a line at bhancock@alm.com or on Twitter @benghancock.

➤➤ Would you like to receive What’s Next as an email? Sign up here.


Watch This Space: Something Brews at the SEC

In an ornate hotel ballroom with a view overlooking San Francisco last week was a scene that was, in the same instance, very Washington and very Silicon Valley. There were a lot of lawyers in dark suits talking about navigating risk and regulatory enforcement. For a while, accounting fraud was the major topic of discussion. But then, the focus shifted to all that was going on in the world of cryptocurrency and digital tokens.

Robert Cohen, the head of the SEC’s cyber unit—which was formed from separate groups of about 30 existing officials last fall—took the podium at the Securities Enforcement West Forum and said, in fact, a lot is happening. Investigating initial coin offering registrations (or lack thereof) and digital asset fraud is “keeping us very busy,” Cohen said. Then, he added a warning.

The agency, he said, has put participants in the crypto space on notice of how securities laws apply through last summer’s “DAO Report,” numerous speeches by SEC Chairman Jay Clayton, and the Munchee ICO enforcement action (which did not result in any penalty).

“If the conduct continues, despite all that,” Cohen said, “I think you will continue to see cases and probably the remedies will go up.”

It was as clear an indication as any that the SEC is likely to bring the hammer down again in the crypto space in the coming months. The tone was reminiscent of the regulator’s warnings some two years ago about enforcement against non-public companies, or “unicorns,” which it most visibly followed through on in its recent action against Theranos.

But as I sat in the room, I didn’t have to wait much longer for another signal that something is coming down the pike. Steven Buckholz, an enforcement official in the SEC’s San Francisco office, told the audience on a separate panel that there would be “more cases” similar to Munchee—so far the sole case dealing purely with whether tokens are securities. Michael Dicke of Fenwick & West, who was also on the panel, noted that there had been something to the tune of 435 different ICOs in 2017—raising more than $6 billion, by one estimate. Dicke then turned to Buckholz to ask him how the SEC would deal with that volume.

But if he was hoping for an indication that the regulator was just going to let some of those slide off the radar, he didn’t get it. Instead, Buckholz responded evenly that the SEC has “tried to think about how to be efficient” in conducting its investigations.

Dicke, looking slightly aghast, quickly added that he wasn’t asking the regulator to bring 435 cases.

>> Takeaway: The SEC has been casting its net wide in probing the many different offerings of digital assets. In the coming months, it will be pulling that net in.

Photo of Robert Cohen. Credit: Jason Doiy/ALM 

The Other ICO You Should Know About

OK, I’ve probably given readers an overdose of crypto-related news lately (but wait, there’s more!) So here’s a totally different “ICO” you should also know about: the UK’s Information Commissioner’s Office.

I mentioned the ICO in passing last week when I wrote about the office ruling in favor of an American academic who demanded that Cambridge Analytica hand over the data it had gathered on him. For the uninitiated, the ICO is the UK’s Data Protection Authority—i.e. one of the data regulators that will get a lot more power when the GDPR comes into effect this month. (Let’s set aside for the moment the UK’s plan to exit the European Union). And this week, Information Commissioner Elizabeth Denham weighed in on an issue that is increasingly prevalent in society the world over: facial recognition technology and policing.

Denham took a strong line, hinting that she believes certain uses of facial recognition technology, or FRT, may run afoul of rules protecting personal data.

“For the use of FRT to be legal, the police forces must have clear evidence to demonstrate that the use of FRT in public spaces is effective in resolving the problem that it aims to address, and that no less intrusive technology or methods are available to address that problem,” she wrote in a blog. “Strengthened data protection rules coming into law next week require organizations to assess the risks of using new and intrusive technologies, particularly involving biometric data, in a data protection impact – and provide it to my office when the risks are difficult to address.”

The commissioner also said she would be taking a serious look at recent reports on the technology by civil society groups, including the UK’s Big Brother Watch and the Electronic Frontier Foundation in the U.S.

If you’re thinking this has nothing to do with your client’s awesome new facial-recognition chat app, wait a tick. Eduardo Ustaran of Hogan Lovells says in a tweet:

On the Radar: 3 Things to Know

  1. This case could test whether you can have a “common law” trademark claim for the name of a digital asset that doesn’t exist yet.
  • Telegram, the encrypted messenger app, has sued a blockchain commerce company called Lantau that filed a trademark for the term “gram” to use as the name for the cryptocurrency it’s developing. Telegram says it’s developing its own digital tokens that it calls “GRAMs.”
  • Neither digital token actually exists yet, though, raising the question of whether Telegram can claim a common law trademark for using a name “in commerce.” Telegram’s lawyers say the company’s massive fundraising for the token mean that the answer is yes.

>> Context: Telegram has reportedly raised some $1.7 billion in purchase agreements for its digital tokens, including from some heavyweight Silicon Valley VCs. But some of the newer crypto investors have been shunning the offering.

  1. This service can sell your location data. It did just that to a Missouri sheriff, who used the tracking information without a warrant. 
  • bombshell story in The New York Times last week turned up court filings against a former sheriff in Missouri who allegedly used a private service called Securus Technologies to get location information on a judge and members of the state Highway Patrol.
  • ZDNet reports that Sen. Ron Wyden of Oregon is now demanding an investigation into how the company got the location information from cell phone carriers. “The company boasts coverage of 95 percent of the country, thanks to its access to all the major US carriers, including US Cellular, Virgin, Boost, and MetroPCS, as well as Canadian carriers,” it says.

>> Think Ahead: It’s creepy that one company has gathered all that information and is apparently selling it to whoever will pay. But is it illegal? One expert told ZDNet that the answer is no, calling it “one of the biggest gaps in U.S. privacy law.”

  1. Tesla is under the microscope of federal auto safety authorities. Now, its lead technical contact with safety and regulatory agencies has gone to Waymo. 
  • The Wall Street Journalreports that Matthew Schwall joined Google self-driving car unit Waymo amid multiple investigations by the National Transportation Safety Board into crashes involving Tesla vehicles. Some, but not all, of those crashes involved autopilot.
  • A source told the Journalthe move was “unrelated to issues Tesla is dealing with regarding Autopilot.” It’s another instance of a high-profile move in the autonomous car space, in an area with a lot of competition for talentand a lot of open questions about legal liability.

>> Context: Tesla’s relations with the NTSB haven’t exactly been going swimmingly. The Journal notes that the board kicked company officials off an investigation into a Tesla vehicle crash that happened earlier this year near San Francisco, after the company released information about the crash before the board had vetted it.

IRL: ’The Coachella of Bitcoin’

If you’ve been to a conference in New York City, you’ve likely been to the Hilton Midtown. But you’ve probably never been to something quite like Consensus, a massive event on blockchain technology and cryptocurrency happening at the hotel this week in Manhattan. Mashable offers some scenes from the “Coachella of Bitcoin,” including Lamborghinis, a fake banker protest, and crypto jewelry.

One attendee tweeted: “The vibe at #Consensus2018 feels very much like conferences from the dotcom era.” (He clarified: circa 1996…before the bubble burst).

Dose of Dystopia

There have been fears before among privacy activists about smart home assistants being turned into wiretaps—but maybe that’s the least of our worries. The New York Times has done a terrifying deep dive into the hacks that Siri and Alexa can hear, but you can’t.

Researchers, Times reporter Craig Smith writes, “have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online—simply with music playing over the radio.”

Right now, those tests are confined to the lab. But Nicholas Carlini, a Ph.D. student in computer security at U.C. Berkeley who helped author a study on the attack, cautions: “My assumption is that the malicious people already employ people to do what I do.”

That’s it for this week. Keep plugged in with What’s Next!