I think it should be tested in court. Many ICOs are the textbook depictions of Ponzi schemes. When there is stealing, possibly self-stealing, involved the word "fraud" comes to mind.
- Since Cryptocurrency is international, the US SEC does not have jurisdiction everywhere in the world. When there is millions on the line, you could just move to another country and try a scheme, or direct a foreign lackey to do it.
- "The Federal Reserve simply does not have authority to supervise or regulate bitcoin in any way. To the best of my knowledge, there is no intersection at all in any way between Bitcoin and banks that the Federal Reserve has the ability to supervise and regulate."
- To count for an exchange you have to issue shares. Not everybody does this.
- Is cryptocurrency a token or a security?
- How to distinguish between nouveau riche BTC millionaires trying out their luck with an ICO and a criminal organization using it to launder money?
- Who is the single legal entity to target when the ICOs are distributed, and no single entity issues coins?
- What to do with those that profit from future illegal activity, as a 3rd party? Right now there is a lot of obvious market manipulation going on. Whales banding together to influence and set prices. Pumping up interest with bots and 5-cent army trolls. Selling stolen coins for 50% of market value. Sharing upcoming announcements with a small group of investors, devs, and supporters, allowing them to speculate on insider knowledge. How do they prove I must have known about the stolen coins, when the news hasn't even broken yet and I already put out a buy order of 50% of the price in case of a flash crash?
I'm talking about people buying the coins from the hacker on an exchange.
I think in my jurisdiction we have a law against pawning stolen goods: If the price is too good to be true (100$ macbook), and you still buy it, you can get your goods confiscated. But how does this translate to cryptocurrency and its volatile pricing (a 50% drop or increase in price is not extremely rare)? Is it illegal to set a buy order for 50% of the price? Especially if you set this before the hack, just hoping to cash in on a flash crash, I can't see which law you break.
About stealing coins, of course this (should) be against the law. But then again, data is not a good. For many jurisdictions, data isn't anything at all. You can not own data in the legal sense, because it only applies to tangible goods.
As to "stealing" coins by manipulating a smart contract, its a grey area. Of course in the real world, contracts can be breached in spirit, not only by the letter. But with smart contracts, you only have the letter of the contract: The code is law.
Looking at the coins as just "data" is ignoring a lot of what they are. Your bank account is just "data", but if I hacked into it and took the 1s and 0s making up your balance, well, there's no question that's a crime. Replace bank account with stock broker account and the same would apply. I don't see why it wouldn't be the same for cryptocurrency.
I fail to see how smart contracts is a grey area; if you're abusing a fault in the code, that's very clearly fraudulent behavior.
In short, there's a lot of "This is new! Things are different! The existing laws don't apply!" regarding some of these things, but I'm just not convinced. It may be harder to enforce or to prosecute, but that doesn't mean that it doesn't fall into existing laws.
> but if I hacked into it and took the 1s and 0s making up your balance, well, there's no question that's a crime.
It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property).
> if you're abusing a fault in the code, that's very clearly fraudulent behavior.
Another way to put this is that you are using the contract in a manner how it was defined by the author. Compare with a misconfigured web server showing open directories of files, or a robots.txt with a typo in it (ignore: /adminn). What is a fault and what is a feature? Who decides this? Solely the author of the contract? The parties involved (who splits the ties)? A majority of 3rd party volunteers? If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?
> doesn't mean that it doesn't fall into existing laws
If law was a software product, we are definitely a few pull requests behind its intended use. Look at how long it took to update authorship/copyright laws with the evolution of the internet, and how ugly things are when wrestled into the old framework of: I create it, I forever own it.
"It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property)."
This is quite wrong; it's still considered a crime of stealing from the bank. The law does not care if you used a computer to do it instead of using dynamite to break into the safe, nor should it.
"Another way to put this is that you are using the contract in a manner how it was defined by the author."
No. If you are using an undisclosed exploit, then that is not true in the least. If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud. No amount of, "you should have known better" or "you should have done your research" will help you. Take the recent case of the hack involving Etherium. It exploited something in the "smart contracts" which very few people knew existed, and, judging by the actions of the team in charge, clearly was not meant to be there. But beyond that, if the contract were to be disputed in court, one thing that would become very clear is that no rational person would be expected to believe that was the intention of both signing parties. And thus, it would be decided that the contract was fraudulent.
"If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?"
So if I forget to lock my door, then my house should be free game for everyone?
> This is quite wrong; it's still considered a crime of stealing from the bank.
The law cares. Like I said, in many jurisdictions this was only recently amended with special clauses -- clarifying the distinction between physical and virtual goods. In some jurisdictions theft requires fraudulently taking a physical tangible good: virtual goods can not be stolen (but you can still be charged with computer intrusion). Remember also the debate about downloading a cam movie vs. stealing property of movie studios.
> If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud.
But the contract is out there for both parties and their lawyers to have a look at it, before agreeing to it. If Google indexes my /admin directory because I made a typo error in our crawling contract (robots.txt), who is ultimately to blame? Judging by my actions and panic, the directory was clearly meant to be excluded. If we end up with the "smell test" in court for smart crypto contracts, we should just go back to "dumb" paper contracts and signatures.
> So if I forget to lock my door, then my house should be free game for everyone?
Non-sequitur. If you publish an article on Wikipedia then it is free game for everyone to visit it, edit it, and you can not retro-actively say: you are not supposed to be here.