‘Follow the Money’

Public and private actors are increasingly seeking to regulate user behaviour by asking payment intermediaries – like Mastercard, Visa, and Paypal – to exercise control over the flow of money.1

Case study: How Payment Intermediaries Attempted to Shut Down WikiLeaks

Video Overview by Shana Webster

In 2010, WikiLeaks partnered with multiple leading newspapers around the globe (such as the Guardian and New York Times) to publish over 250,000 cables between the US Department of State and US Embassies worldwide. These disclosures included highly sensitive information, such as identifying that the American Special Forces had been operating inside Pakistan. As the publication of the information is legal in the US, the Government could not prevent the release. Instead, the State wrote to WikiLeaks, imploring them to cooperate. The letter was strategically penned so as to insinuate illegal operations by WikiLeaks. It alleged that the anonymous source who released the information had broken the law, and so long as WikiLeaks held the material, the violation was ongoing. When WikiLeaks failed to cooperate, the State leaked the letter to the media.

Political Pressure: Influencing the Financial Industry

Within days of publication, most of the major payment providers who were processing donations to WikiLeaks terminated their services to the organisation. These companies included Paypal, MasterCard and Visa. They argued that WikiLeaks had breached use policies by encouraging illegal activity. The intermediaries admitted that the only evidence of unlawful activity relied upon was the leaked US Government letter. However, the illegality insinuated was a reference to an obsolete piece of American legislation that has never been successfully applied. Furthermore, it can be argued that its jurisdiction doesn’t extend to organisations such as WikiLeaks.

The accusations made against WikiLeaks in the US Government letter have never been legally grounded. As such, it is widely believed that it was actually concerted political pressure by the US Government that persuaded the blockade. After the publication, the US Government had made open attempts to convince the public that WikiLeaks was a terrorist organisation. Several congressman had publically called upon private intermediaries to cease services to WikiLeaks, many of which obliged. There were also allegations that several intermediaries were privately pressured by members of parliament. The risks incurred by these companies in cancelling services include legal liability and public upheaval. The question is then, why? It is hard to imagine that a successful, private company would subsume to political pressure without receiving a benefit in proportion to the risk. The benefit may well be the aversion of threats or blackmail, financial payments, legislative favour or protection type agreements.

‘Community’ Internet Regulation & the Importance of Public Consensus

The public reaction was an immense display of the power of community internet regulation. It also highlighted the importance of public consensus relating to intermediary regulation. The hacktivist group ‘Anonymous’ launched Distributed Denial of Service attacks at every business who refused service to WikiLeaks. DDoS attacks work by flooding the website with so many requests that the site becomes inundated and unavailable to those trying to legitimately access it. This made clear that those intermediaries who move to regulate without public support will be held accountable by the online community. It also demonstrates the potential for extremist actions of those who will act in lieu of public support. There is clear potential for private actors to usurp an infrastructural level of governance and control the flow of information to society. In an information society, this is a significant power.

Was the blockade a success?

While the financial blockade was not successful in shutting down WikiLeaks, it managed to cause substantial damage to the organisation’s operational value. It destroyed 95% of its revenue and forced the company to cease publications for several years. In 2014, WikiLeaks was victorious in a lawsuit against one of the intermediaries for breach of contract. A tumble effect followed, with most major intermediaries reinstating services. As it stands today, all financial intermediaries aside from the Bank of America have reinstated WikiLeaks services.

The Ongoing Privitisation of Internet Governance

The payment blockade raised valid concerns as to the ongoing privatisation of internet governance. The intermediary action demonstrates that private actors who own critical internet infrastructures are willing to deny services to individuals without proven legal cause. There is an argument that intermediary regulation is the most viable option at present, given the substantive jurisdictional issues surrounding internet governance. However, these private organisations are absorbing a significant amount of power due to infrastructural design as opposed to legal capacity or appointment. It is not realistic to assume that they have the ability to remain objective and resilient in the face of political pressure.

Governing Crypto Assets

The regulatory pressure that can be imposed by payment gateways and providers has led some people to move to decentralised cryptographic currencies - like Bitcoin. This section examines the regulatory challenges that crypto assets present.

Overview Videos by Madeline Menzies-Miha and Jennifer Singleton

Introduction to Crypto Assets

What is a Crypto Asset?

The term crypto asset refers to a class of asset that encompasses several different individual assets, including cryptocurrencies (such as Bitcoin or Ethereum), stablecoins, tokens or non-fungible tokens (NFTs). The Australian Securities and Investments Commission (ASIC) defines crypto assets as:

A digital representation of value or contractual rights that can be transferred, stored or traded electronically. Crypto assets use cryptography, distributed ledger technology or other technology to provide features such as security and pseudo-anonymity.”

Crypto assets are an asset with a digital representation and use cryptography or distributed ledger technology (DLT).

What is Distributed Ledger Technology?

DLT is a type of technology that records and tracks data in a ‘distributed’ network. This means that multiple participants have secure and consistent access to information on the ledger. It is secured using cryptography, a complex set of mathematical algorithms. The most common type of DLT is blockchain.

How does blockchain work?

  1. Every transaction gets sent to the network where it is checked by others in the network. If the transaction is verified, it will then be grouped into a ‘block’ with other transactions. Once the block is complete, it is given a unique hash as well as the hash from the previous block.

  2. The block is the connected to the previous block in a chain of data. The block links securely using the specific hash codes.

  3. Once added to the chain, the block cannot be edited as any change to the block will create a new hash which won’t link to the previous block.

Crypto Assets and the Australian Regulatory Framework

The Australian Government has expressed a commitment to regulating crypto assets, particularly in the areas of financial integrity and consumer protection. As part of their commitment, the Australian Government has adopted a ‘token-mapping’ strategy and flagged that token-mapping will inform future policy development by ensuring consistency in regulating economic activity, facilitate existing policy goals and allow responsible actors to innovate with the appropriate regulatory oversight.

Token-mapping refers to the process of identifying key activities and functions of the crypto ecosystem and mapping them against existing regulatory frameworks.

The government has identified that some parts of the crypto ecosystem are regulated under existing legal provisions. Existing regulators and the applicable provisions are summarised below:

Australian Securities and Investments Commission (ASIC)

Entities that provide financial products or services are required to hold an Australian Financial Services Licence (AFSL) and entities who operate a financial market in Australia need a Market Licence.

ASIC regulates crypto assets when they fall within the definition of a ‘financial product’. Whether a particular asset is considered a financial product depends on the individual characteristics of the asset. ASIC has released an information sheet to help entities navigate whether a digital asset offering is regulated as a financial product. ASIC has also released a consultation paper advising that Exchange Traded Products (ETPs), which invest in crypto assets, are classified as financial products and are regulated through ASIC.

Where crypto assets are considered a financial product, they require an AFSL and will be subject to all the obligations attached to the licence.

Example: Australian Securities and Investments Commission v Bit Trade Pty Ltd [2024] FCA 953

In August 2024, ASIC brought a successful case against a provider of a crypto asset exchange. Bit Trade P/L, who operate the Kraken crypto exchange, failed to comply with the design and distribution obligations required when offering a margin trading product. Bit Trade P/L was required to issue Target Market Determinations (TMDs) to all retail customers before issuing the product. This is required to ensure that the product is appropriate for the consumer.

The key issue was whether the Kraken Crypto Exchange was considered a financial product, which was required to issue TMDs. Some credit facilities are exempt from this obligation and Bit Trade P/L argued they were one of them. Ultimately, the case came down to whether Bit Trade offered ‘debt’ through their margin extension product. The Federal Court found that, regardless of whether consumers actually incurred debt, Bit Trade P/L offered a product where they could incur debt and would need to issue TMDs. Therefore, Bit Trade was in breach of their obligations.

Australian Transaction Reports and Analysis Centre (AUSTRAC)

Some digital asset businesses are required to register with AUSTRAC under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth). The scope of this Act was expanded in 2018 to include regulation of digital currencies exchanges, which includes cryptocurrency. Digital currency exchange providers must register with AUSTRAC and meet their reporting and compliance obligations.

Australian Taxation Office (ATO)

The ATO has provided several different Tax Determinations to outline the tax treatment of crypto assets. If the crypto asset is received as a ‘staking reward’, the value is to be included as assessable income. However, crypto assets are more commonly used for investment purposes, which means the crypto assets will be considered a capital asset and CGT provisions will apply.

If a business accepts crypto assets as a form of payment, they must account for these transactions in the same way they would for fiat currency and ensure they comply with goods and services tax obligations under the A New Tax System (Goods and Services Tax) Act 1999 (Cth).

Proposed Regulatory Framework

The Australian Government has been working towards regulating crypto assets for some time. The Digital Assets (Market Regulation) Bill 2023 (Cth) was introduced to Parliament but was rejected in September 2023 in the Senate for lacking detail and certainty for investors.

In October 2023, the government released a paper proposing new regulation for Digital Asset Platforms. They propose to regulate crypto assets using existing licencing frameworks. This is in line with the international recommendation that regulations should be consistent between traditional and emerging financial intermediaries.

This proposal involves introducing a new financial product, known as a ‘digital asset facility’ (DAF), which will cover digital asset custody arrangements as well as multi-function digital asset platforms that allow consumers to transfer and withdraw tokens. The proposal predominately focuses on ensuring providers of these products are licenced.

Given that the DAF will, itself, be considered a financial product, entities providing services in relation to DAFs will be required to hold an AFSL. Such entities include platform providers (entities who issue DAFs), brokers and dealers (who arrange for consumers to use the DAF), and financial advisors (given that they provide advice in respect of DAF). Their licence would require that these entities comply with the general obligations, financial requirements and other relevant obligations. These obligations cover general requirements such as having appropriate dispute resolution and risk management systems, and ensuring that they comply with Australian financial laws, but also cover more tailored requirements including solvency and positive net asset requirements.

Smart Contracts and Blockchain Technology

Introduction to Smart Contracts and Blockchain Technology

A blockchain is a decentralised digital ledger that securely records transactions across a network of computers. Instead of storing data in a central location, it organises information and transactions into “blocks,” which are linked together in a chronological “chain.” Smart contracts build on this technology by utilising the blockchain to execute agreements or transactions instantly and securely when certain conditions or instructions are met, adding a new layer of functionality and efficiency. For example, if a smart contract could be set up so that as soon as you purchased concert tickets online, the tickets were automatically transferred to your digital wallet.

In Australia, smart contracts are regulated under the Electronic Transactions Act 1999 (Cth) (ETA). The ETA ensures electronic contracts are treated similarly to traditional paper-based contracts. For a smart contract to be legally valid in Australia, it must meet the conventional criteria of a contract, such as intention, offer and acceptance, consideration and certainty.

Advantages and Disadvantages of Smart Contracts

Smart contracts offer the potential to streamline transactions by eliminating intermediaries, however their reliance on computer code makes them susceptible to flaws.

Advantages

  • Removal of Intermediary: traditional transactions often require a third party such as a lawyer, broker or financial institution to facilitate and validate a contract. This adds time, cost and the potential for human error. Smart contracts by contrast, allow parties to interact directly, streamlining the process and reducing reliance on third parties. Yet, this also means there is no third party to catch mistakes, leaving participants to navigate potential complexities alone - a shift that could be either empowering or risky.

  • Autonomous: smart contracts operate independently, executing terms without the need for human intervention. Once conditions are met, the contract will be automatically fulfilled, reducing the risk of delays or manual errors. However, this autonomy also means flexibility is limited – if adverse circumstances arise, the ability to modify or halt a contract may be constrained.

  • Transparency: the blockchain makes it possible for anyone, not just those involved in the smart contract, to see and follow all progress of a contract, providing a unique level of transparency. Given the contract’s execution is stored on the blockchain, there is a verifiable and permanent record of every action which is taken.

Disadvantages

  • Potential for errors in code: unlike traditional contracts which can be revised and renegotiated if mistakes are found, smart contracts are often unchangeable once deployed. A small bug or oversight may lead to unintended actions.

  • Security and privacy concerns: smart contracts, if not properly coded, can be exploited by hackers leading to stolen funds or unauthorised transactions. Additionally, as blockchains are publicly accessible, sensitive information could be exposed if not adequately protected. While the transparent nature of smart contracts can increase trust, it can also compromise privacy, with all transactions and contract details potentially visible to anyone on the network.

  • Complexity in design: designing a blockchain agreement currently requires a deep understanding of the technical aspects of blockchain programming. The process of translating legal language into code is complex and could result in misinterpretations or gaps in the contracts logic.

Smart Contracts: Case Study

In 2016, the DAO (Decentralized Autonomous Organization) was one of the most famous and earliest applications of smart contracts on the Ethereum blockchain. The DAO, through smart contracts, allowed participants to invest in projects without the need of intermediaries. However, a vulnerability in computer code was exploited, allowing bad actors to steal approximately $70 million USD of Ethereum. This event highlighted the potential risks associated with errors in smart contract code. Read more here: Bitstamp: Ethereum Dao Hack

Further Reading

For those interested in further reading, please see:

  • Cannon, Samuel C., “Terrorizing WikiLeaks: Why The Embargo Against Wikileaks Will Fail” (2013) 11(305) Journal On Telecomm. & High Tech L., 306.
  • DeNardis, Laura, “Hidden Levers of Internet Control” (2012) 15(5) Information, Communication & Society, 720.
  • WikiLeaks.org, “Banking Blockade” (2014), https://wikileaks.org/Banking-Blockade.html - while clearly a subjective opinion from WikiLeaks perspective, I found the PDF document linked on this page (https://wikileaks.org/IMG/pdf/WikiLeaks-Banking-Blockade-Information-Pack.pdf) to be a concise overview of the timeline of events. It is also a highly interesting read to view the blockade from the perspective of WikiLeaks and its advocates.
  • Forbes, “WikiLeaks Bypasses Financial Blockade With Bitcoin” (2012) http://www.forbes.com/sites/jonmatonis/2012/08/20/wikileaks-bypasses-financial-blockade-with-bitcoin/
  • RT, “Visa, MasterCard sued for blocking donations to WikiLeaks” (2014), https://www.rt.com/usa/214007-datacell-wikileaks-bank-blockade/
  • The Register, “Credit card donations to WikiLeaks restored as Mastercard breaks ranks” (2013) http://www.theregister.co.uk/2013/07/05/wikileaks_credit_card_donations_restored/
  1. See, for example, Mark MacCarthy, “What Payment Intermediaries are Doing About Online Liability and Why it Matters” (2010) 25(2) Berkeley Technology Law Journal 1139.