How Congress should (and should not) approach DeFi

Prior restraint on merely publishing code is never the answer

Given that Congress is now considering cryptocurrency market structure legislation, we felt it was important to reiterate the distinction between activities by market actors that may be appropriately regulated, and the mere publishing of software, which is protected as free speech and may not be subject to prior restraint. The difference is especially important given various understandings of what constitutes decentralized finance, or “DeFi,” and potential proposals surrounding its regulation.

As we noted when the U.S. Senate was considering related legislation last year:

A mandatory registration regime should not apply to persons who are merely writing or publishing software, relaying or validating transactions on a permissionless network, or using that network for personal purposes. Mandatory registration of these activities would not only crush the innovative nature of these technologies with unnecessarily burdensome requirements, it would also violate our constitutional rights to speech and privacy.

Decentralized exchange, appropriately understood, allows cryptocurrency holders to exchange with each other directly. It is best understood as an action or verb, not a noun. The verb is the use of published code that requires no further development and is not under the control of any person or entity. The noun, sometimes known as a “DEX,” isn’t really a thing, as we’ve also previously explained:

When I use free software and an open blockchain network to trade one token for another directly with another trader, then I am engaged in decentralized exchange — an action, just as I might engage in running or paying. We have this habit of saying that a DEX is a thing rather than an action because we are stuck in a centralized services frame of mind. Coinbase is a thing, a business, a corporation. But if the trade is actually happening peer-to-peer, then the “DEX” being “used” is just software and an internet connection. In that case, there isn’t a thing called a DEX. There are no DEXs; there is just decentralized exchange, the action, taking place using software tools, open blockchains, and the internet.

Calling those tools “a DEX” and referring to “DEXs” as a category of things that exist in the world (rather than actions) does the entire technology a disservice: it wrongly portrays software tools as persons or businesses with agency and legal obligations. Corporations and persons — legal or natural — definitely have agency and obligations; software tools do not. Corporations and persons can be held responsible for their actions, software tools cannot.

That doesn’t mean that people won’t be obligated to use or not use those tools in certain ways, and that does not mean that people or businesses will not be liable for facilitating illegal activities merely because they built those tools or broadcast tool-related messages over the internet. But it does mean that the tool itself can’t be treated as a target of regulation any more than we could place legal obligations on hammers instead of carpenters, or automobiles instead of drivers.

If a “decentralized exchange” isn’t made with free software and an open blockchain alone, and if there is also a critical middleman of some sort, then it’s not really a DEX at all.

Regulation is best applied to the activities and actions of persons or organizations. A requirement to register with any government arm before publishing software code that allows decentralized exchange is not only inappropriate, it’s unconstitutional. By the same token, just because a person or entity that takes control of another’s cryptocurrency refers to itself as “DeFi” does not make it so. As we previously noted in comments to the SEC:

If there is some entity that actively plays an institutional role in the trade, a person that clients know and trust with their trading orders, then the service is not properly referred to as a decentralized exchange. If it, nonetheless, refers to itself as “decentralized,” regulators should look at function rather than form, and the existing regulatory definition of exchange offers the Commission sufficient authority to demand that such a “decentralized in name only” (DINO) exchange register as a national securities exchange or ATS. The distinguishing feature between trading digital assets using a traditional centralized exchange and true decentralized exchanges is that the only parties to a decentralized exchange are the traders themselves. …

Open-source decentralized exchange software is a particular type of content that advocates a strongly held political viewpoint: that we should be able to engage in payments and transactions free of middlemen and censorship. In practice, strict scrutiny forbids the state from passing laws that create a “prior restraint” on speech, that is to say a ban on speech that is in place before the speech is actually made. In other words a punishment for saying something defamatory after the fact is not a prior restraint, but a law that says “no one shall be allowed to say anything untrue about the President’s character” is a prior restraint. Any law that attempts to ban the publication of decentralized exchange software or make publication illegal without a license or some other precondition would be a prior restraint. In practice, courts always find these forms of regulation to be unconstitutional.

Some have argued that speech is no longer protected when developers are seeking to profit from the publishing of code. That is not the case. Even in a Supreme Court case that dealt with the sale of information relating to the prescribing activities of doctors, the Court ruled that “if the acts of ‘disclosing’ and ‘publishing’ information do not constitute speech, it is hard to imagine what does fall within that category.”1 This Supreme Court precedent is also backed up by a previous case in 1985 that dealt with the publication of a newsletter for profit. A concurrent opinion in the case noted:

“Where the personal nexus between professional and client does not exist, and a speaker does not purport to be exercising judgment on behalf of any particular individual with whose circumstances he is directly acquainted, government regulation ceases to function as legitimate regulation of professional practice with only incidental impact on speech; it becomes regulation of speaking or publishing as such, subject to the First Amendment’s command that Congress shall make no law . . . abridging the freedom of speech, or of the press.”2

Finally, it should be made clear that publishing open source code does not absolve one from regulatory obligations owing to other activities. If one engages in activities that are properly subject to regulation in addition to engaging in protected speech, then those other activities may well be regulated. Coin Center’s position is simply that the activity of publishing speech itself may never be subject to prior restraint, and thus registration, licensure, or similar limitations.

In the absence of an understood and commonly accepted definition of “DeFi,” it is critical that the publication of software code is not wrapped up in an unconstitutional regulatory regime. While entities that custody assets or are trusted to safeguard another’s cryptocurrency may refer to themselves as “DeFi,” they remain subject to existing regulatory requirements and may be appropriately addressed in further legislation related to the cryptocurrency market structure. But the publication of computer code on open blockchain networks that enable others to conduct personal, private transactions is speech protected by one of our most important civil liberties.


  1. Sorrell, et al. v. IMS Health Inc ., et al., 564 U.S. 552 (2011) 
  2. Lowe v. Securities & Exchange Commission, 472 U.S. 181 (1985)