Monthly Archives: June 2018
Harvard Business School Panel: How Should ICOs and Cryptocurrencies Be Governed?
Originally published in the Legal Executive Institute
by Joseph Raczynski
BOSTON — Recently I moderated a session at Harvard Business School surrounding its first annual Business, Regulation and Technology of Blockchain Conference. It was held in conjunction with the MIT China Innovation & Entrepreneurship Fund and the Harvard Law Entrepreneurship Project’s Blockchain Initiative.
Before a crowd of 175 attendees — comprised mostly of members of the legal and financial cryptocurrency communities, and MBA and law students — the panel focused on the governance of cryptocurrencies in 2018. The panel experts consisted of Kendrick Nguyen, CEO of crowdfunding platform Republic; Caitlin Long, self-described blockchain enthusiast and former Chair and President of Symbiont; and Anil Advani, Managing Partner of Inventus Law.
The Difference between a Utility Token and a Security
In pushing to help people understand the Initial Coin Offering (ICO) market, I posed the most hotly debated question in the crypto community: What is the difference between a Utility Token and a Security?
Advani jumped into the conversation by discussing how Jay Clayton, the Chairman of the Securities and Exchange Commission (SEC), defines the distinction, “If you are running a laundromat it is a utility, but if you are raising capital that is a security.” Advani went on to explain, if the token is designed to serve as a prepaid service, or it allows you to access a company’s service, e.g. a loyalty points system, it is a token. However, if you are simply trying to use an ICO to raise capital, that is a security and hence subject to SEC regulation.
Nguyen agreed, speculating that he “expect to see this space to be litigated in court” and added that he hopes “that a lot more tokens will be determined to be utility tokens rather than securities.”
Long emphasized that it may take some time for regulators to sort this out, but companies need to be cautious in the meantime. “Most of the cryptocurrency platforms are not functional yet,” she noted. “So the token currently is not exchangeable for a good or service until that platform is built.” Therefore, these tokens need to be locked up until the companies are operational and not sold until they are ready, she explained, adding that if a company sold its tokens sold ahead of being functional, those tokens could well could be considered a security.
A Token Can Change its Stripes
As this topic is of paramount interest to a $500 billion cryptocurrency industry, the panelists continued the conversation, noting several recent developments. Long described a recent interaction she had with SEC Chairman Clayton. “A token can change it stripes,” Long mentioned, outlining the two stages of a company’s build. In the first phase, because there is no product the tokens are likely considered Security tokens; however, once the platform is running, and the tokens can be exchanged for goods or services, they could be converted to a Utility Token. The key, Long said, is not to “market it as an investment.”
Finally, one of the points noted by Advani was that “Chairman Clayton’s off-remarks during events are similar to Trumps tweets.” It is creating a lack of clarity in this market, thus leading to confusion and consternation, he said.
Privacy Tokens & Taxes
Some of the cryptocurrencies listed among the 1,600 currently available are completely anonymous. I posed the question about its impact on anti-money laundering (AML) rules and the market. Advani is concerned about the ability to track these sorts of assets and said it raises a deep level of concern about how any government would be able to account for this.
Another question that I presented to the panel was on taxes, prompting Long to respond: “This is clear as mud.” There is very little guidance on how to tax hard forks of a cryptocurrency and mining operations, for example, and Long went on to say that this will require legislation to help understand the various facets of the new tokenized society and tax.
While the panel covered a wide spectrum of the impact of regulation on cryptocurrencies, the primary theme that emerged is that though there are glimmers of definition from various agencies in the United States, considerable guidance is still necessary for people to better understand how to invest, create new companies, and work with cryptocurrency.
Cyberattacks are here to stay – protect your organization with these 10 best practices
Originally published on the Thomson Reuters Tax & Accounting Community Connect
by Joseph Raczynski
Our online connections can be downright frightening! The diabolical among us seize every opportunity to plunder our personal information. In fact, FireEye, a leading cybersecurity corporation, has some startling statistics to support this. When conducting an audit of 1,200 companies, they found that 97 percent of the organizations’ networks had been compromised—meaning that the vast majority of these businesses had malware sitting on their servers collecting internal information and sending it back out through the firewall to a remote locale. For most of these companies, it was at least 225 days before they realized a bad actor was sitting inside their network syphoning critical business data.
That’s the bad news. Here’s the good news: There are best practices and tools that will help protect your organization from hacks. Here are 10 that I recommend.
Create an email address for junk.
Use it for newsletters, online merchants, cable companies and mobile carriers. These companies will be or have already been hacked. More than likely, phishing emails asking you to click on links will come from this group. By creating a separate inbox for junk, you’ll know that most of the email in this account can be ignored or taken with a grain of salt, while communications from trusted accounts will be sent to a different email address (although still be cautious about clicking on links in your “trusted” account, as well).
Encrypt your hard drive.
This will protect your information if ever you lose your computer or phone. Essentially, an encrypted hard drive requires that you enter a password on the device as soon as it boots up. It is not the Windows or iOS sign-on. If the Windows or iOS sign-on is the first thing you see when you start your computer or phone from scratch, your computer is not encrypted and is at risk.
Use a URL defense application.
If your company doesn’t already have one, encourage them to look into getting one. The software determines whether a link is safe by going to a special secure server when you click on it. If the link isn’t safe, the application blocks the content from ever hitting your computer or phone.
Use a browser to identify fake websites.
If you don’t have a URL defense application, don’t click directly on an email link. Instead, open a browser and type in the company’s URL. This may be inconvenient, but many of the links embedded in emails connect to fake websites designed to download malicious software to your computer or phone.
Encrypt, encrypt, encrypt.
At some point, someone will break into your computer, phone, or network. Secure your documents, photos, and other important data beforehand by encrypting them in special encrypted folders. If hackers gain access, they will have to decrypt your important files—which isn’t easy.
Keep antivirus software updated.
While antivirus software has become a bit less effective, make sure yours is up to date and turned on. Many malware applications turn antivirus software off. If you see that your firewall or antivirus protection has been deactivated—usually there is a pop-up that will alert you—have your computer looked at by someone in IT.
Immediately update all software when prompted.
Some of the most recent attacks that have hit machines running Windows operating systems had patches that people put off for six weeks. Those debilitating viruses could have been prevented with a quick update requiring just a few minutes. Even better, turn on automatic updates for all of your applications.
Use a password management utility.
Look into an application like LastPass, which houses all of your passwords and randomly updates them for you so you don’t have to.
Make passwords more complex.
If you don’t use a password management application, create passwords that are actual sentences and vary them among your accounts. There are simple apps that can easily guess passwords, especially if they are short and don’t include a mix of letters, numbers, and symbols. A sentence password can look something like: MyMomW3ntT0HarvardIn1958! Just be sure to avoid including personal information in your passwords.
Authenticate, authenticate, authenticate.
If you have the option of dual-factor authentication, opt for the ones that use something like Google Authenticator. These apps create randomized numbers every 60 seconds which you input after your normal login and password. Sometimes people use a confirmation text with a number that you need to enter, but this is actually less secure than the authenticators. Not all services use this yet but will increasingly do so over the next few years with bank accounts and email.
Finally, in meeting with one of my customers recently, the chief technology officer of a 3,000-person institution mentioned that there had been 12 million attacks on his organization over the last six months—many from foreign actors. His institution is not alone. Malicious cyberattacks will only continue to increase, so implement the tips above, and be mindful of what you are doing with your data to protect yourself.
Joe Raczynski Technologist 
Episode 2 of THE HEARING is now live!
In episode 2 of The Hearing Podcast Kevin Poulter speaks to futurist Joseph Raczynski on #legaltech #AI #blockchain and the future of the robot lawyer.
Listen now and subscribe to #thehearingpodcast on:
iTunes – https://tmsnrt.rs/2swyzmz
Spotify – https://tmsnrt.rs/2kOOpVw
SoundCloud – https://tmsnrt.rs/2Js4deI