Introducing Disclosure NFTs, Disclosure DAOs, and Disclosure DIDs
Building a sustainable DeFi firm or protocol, or for that matter any technology company, will increasingly involve a merger of manufacturing and disclosure.[1] Founders will, in short, have to continue building compelling products and services that people want, while also delivering information that makes clear their benefits and risks in a way people can understand.
Intensifying scrutiny by regulators has made this undertaking all the more critical for DeFi firms seeking to scale — even as the interests of regulators and innovators in many ways overlap. Founders, after all, need to differentiate their dapps to compete and grow, just as regulators have long demanded transparency in order for people to know what they’re buying. But adapting disclosure frameworks popularized in the 1930s to today’s digital marketplace requires bridging decades of technological evolution and fundamentally alien assumptions about market infrastructure.
In this thought experiment, drawn from my white paper on disclosure and DeFi, I’d like to introduce some new concepts to the DeFi lexicon for building out disclosure delivery systems native to the crypto ecosystem. The objective is to imagine disclosure systems that are programmable, capable of evolving with technology — and which could provide the infrastructure for further tools for empowering tomorrow’s participants in the Metaverse and beyond. If properly developed, the ideas below could draw on DeFi’s strengths and provide more functionality and security than regulators’ legacy technology stack. Moreover, they could afford a new generation of developers and engineers a unique opportunity to reorient disclosure towards its original purpose: to be read.
The Technical Challenge
Disclosure = Transparency + Information. And in some ways, DeFi is well situated to produce it. Because most blockchains operate on code accessible to the public, virtually anyone, regardless of their status as investor or consumer, has access to the underlying code for smart contracts and dapps.[2] And anyone, at least in theory, can inspect its robustness against varying cybersecurity threats including market attacks, front running and reentrancy, and is secure for handling and transacting large sums of crypto assets.[3]
Furthermore, an entire informational ecosystem has emerged to support crypto transactions. For example, white papers have served as dual experimental exercises and disclosure tools for founders and researchers seeking transparency and validation for new ideas and ventures. Moreover, an entire universe of communications tools and platforms have emerged to reduce the technicality of discourse, and increase crypto’s accessibility, from blogs and web landing pages to social media and messaging apps.
Still, disclosure in the ecosystem has raised its fair share of red flags. For the most part, only technologically sophisticated actors can access, and understand the publicly available code relevant to DeFi applications to evaluate systems and test claims. Retail investors, by contrast, are for the most part left in the dark as to the risks and rewards of varying dapps. Making things worse, carelessness, inaccuracies, and even scams are too often endemic to pitches and posts describing novel cryptocurrency and DeFi technologies.[4]
The challenges to transparency have, not surprisingly, spurred calls for regulation — and the delivery of higher quality disclosures to investors. But the mechanics of mandated government disclosure and delivery, at least as conceived under securities law frameworks, offer limited use to non-sophisticated parties navigating decentralized applications. Contemporary securities law is based on voluminous and often technical disclosures designed to be filed with authorities and parsed by institutional actors, not retail end users. Complicating things further, mandated disclosures do not map the needs of the end of the end user, and require disclosure about topics like corporate governance while missing more critical concerns like blockchain governance.[5] Disclosures then live on an analog technology stack: the SEC’s EDGAR database. Besides having been proven vulnerable to cybersecurity attacks, it offers no functionality to the few retail investors aware of its existence, and it offers no functionality designed to empower them besides housing the extensive, and often technical filings of public companies.[6]
The Opportunity
Public blockchains contrast considerably with EDGAR operationally and invite policymakers and industry to imagine regulatory systems that might not only be more effective in upgrading users’ disclosure experience, but which also might inspire further research and development of the space.[7] As I noted above, disclosure is in some ways embedded within blockchains to the extent to which transactions and data are visible to anyone and are, at least in principle, immutable, and offer more transparency than traditional corporations operationally have provided. In principle, anyone can view and audit code. Smart contracts are likewise visible and available for public scrutiny, and built on top of the open-source software provided by blockchains. The results of operations are visible on-chain at all times, at least for the trained eye. Similarly, adverse events that occur on chain (hacks, etc.) are usually visible, at least much more than is the case with nonpublic systems like EDGAR.[8] It is possible to see who is holding what tokens (or at least the wallet address), figure out what wallets are held by which individuals (or what the concentration is), and much more.[9]
Public blockchains also introduce the possibility of integrating a disclosure system into DeFi applications that are themselves native to the ecosystem where disclosure enhancements are sought. As discussed in further detail below, disclosure can be programmed, and tokenized as a digital asset along with an investor’s interaction with that disclosure. This optionality creates a range of interesting pathways to explore for building better disclosure, delivery, and operations in ways that could advance regulatory concerns, and innovations, in ways that truly benefit users of DeFi tools and services.
Disclosure NFTs
Because blockchain systems enable the creation of a digital representation of value for nearly anything, the sheer range of potential projects in the space is limitless. That said, any starting point for something as ambitious as a DeFi disclosure regime should possess features that are not only familiar to the ecosystem, but which also might spark interest among engineers and builders to support experimentation and its subsequent development.
With this in mind, non-fungible tokens offer an obvious point for departure. NFTs, as mentioned above, have become wildly popular — in not only sports and music, but also politics as well — in part because they can be recorded on a blockchain to provide unique digital proofs of ownership. Thus far, their most familiar applications involve packaging jpegs or music on a blockchain to create opportunities to own and even fractionalize digital entertainment. But it is worth imagining how NFT architectures might be leveraged as a data wrapper for disclosure, and by extension, an application layer for DeFi compliance.
NFTs are interesting not only because they can represent physical or digital items on blockchains, but also insofar as they embed, or can be embedded within, smart contracts to create new disclosure experiences for end users or investors. The hard question is just how a disclosure NFT in particular would best work. In perhaps the most intuitive case, an NFT could tokenize disclosures available for an end user to review. Disclosure could be submitted to prospective investors or end users of decentralized applications via an NFT. The NFT could in turn include a link that points to off-chain disclosures hosted on external servers or to disclosures living on a distributed file system such as IPFS or Filecoin.[10] Subsequent updates to disclosure could generate a new token or a new version of an existing token that could be held in a digital wallet. Third party communities could grow around the tokens, with tokenholders enabled to discuss and deliberate on token delivered information in special chat rooms on Discord, the popular voice and chat app.
Realistically, however, operating on many blockchains for the moment can be expensive, and in the absence of efficient blockchain implementation, disclosure NFTs would not likely not fare favorably compared to low cost off-chain alternatives like using email to deliver disclosure. Instead, to be feasible disclosure NFTs would likely require a more ambitious tokenization thesis to justify the complexity and cost.
This creates a number of technical opportunities. One is the continuation of efforts to improve blockchain efficiency. [11] If blockchain implementation can improve, products can be designed to deliver information at lower cost. And to be sure, updates to the Ethereum blockchain, along with the emergence of more efficient blockchains create the prospect of inexpensive technology solutions that could support not only tokenized disclosures off chain, but also the prospect of disclosures living on-chain.
But to be clear, that’s really just the start of technical options. Another pathway — and one worth considering even as blockchain operational efficiency improves — would be to tweak the very tokenization thesis of a disclosure NFT, and in the process upgrade the very idea and functionality of “disclosure” as it has been understood since the 1930s.
As a reminder, blockchain systems enable the creation of a digital representation of value for nearly anything. Disclosures locked away off-chain are just one example. More ambitious product designs are just as possible — including NFTs where rote disclosure is not what is tokenized, but instead a recipient’s interaction with the disclosure.
Under this kind of system, companies could load disclosures to their website. Once the disclosures were read, the reader could be directed to answer one or more test questions — or even a game testing their understanding of the app. When the question(s) are answered, or the game was successfully navigated, a disclosure token could be issued to the end user or investor in the project to their wallet. The tokens disbursed to the end user would be unique, embedding the fact that a particular person passed the test, but not transferable. They could then be saved in the wallet of the relevant end user or investor as a sign that they had read (and engaged in) relevant disclosures.
What would be novel is the potential for merging disclosure and technology literacy, and moving disclosure’s functionality far beyond that of the drop-and-go operation of the EDGAR database. Consumers and investors could be given a choice of traditional disclosure, with a website link to company filings — or have the option of navigating a disclosure game, and receiving disclosure tokens with governance rights or other benefits for their work.[12] For especially risky ventures, protocols could even be programmed to only accept customers who possess disclosure tokens in their wallet, leveraging NFTs in ways akin to AML/KYC whitelisting tools used for the verification of identities for combatting terrorism and illicit finance.
The ultimate collection of disclosure tokens in a particular wallet could also provide helpful information concerning the wallet holder’s sophistication, offering another kind of technological functionality far beyond that provided in the EDGAR database. As currently configured, EDGAR provides public information only as pertaining to issuers of securities. Consumers of EDGAR’s data are primarily financial institution analysts or traders. The disclosures on the database are usually only valuable for retail investors after some kind of malfeasance has been committed, insofar as they can provide the basis for lawsuits asserting violations of U.S. antifraud rules. However, to the extent to which disclosures are actually designed and delivered to be read, and some indication can be given as to whether they are internalized by investors or end users, metadata can be created for regulators and entrepreneurs to reference when trying to determine, among other things, whether investors meet the sophistication requirements for private (accredited investor) transactions. Disclosure tokens could also double as social tokens, and be used to access portals or gateways for social networking, guild-building and participating in governing DAOs in DeFi. Protocols could also check for conflicts through an examination of the users’ collection of disclosure tokens where certain protocols forbid users from holding particular assets or voting on governance decisions in other protocols.
Disclosure Libraries
The framework disclosure offered above is based on a concept of disclosure as financial and technological (and crypto) literacy. As such, disclosure tokens would require developers to come up with disclosures, as well as disclosure delivery systems. And for start-ups, this could still create onerous costs. One simple tool for mitigating such costs could be to create disclosure libraries on an internet portal for developers. Structured after GitHub, open-source systems could be developed where developer-builders, lawyers, nonprofits and trade associations could post and experiment with disclosures for new Web3 applications.[13]
As a part of this solution, a central repository could be created with all the files associated with any model disclosure, or a specific project’s disclosures, deposited on it. Over time, changes to the model disclosure could be “checked in” to the central server on which all disclosures are made.[14] In this way, disclosures could be forked, enabling developers to work from earlier disclosure-projects in other accounts, create new versions of the disclosure, and then modify the disclosures under their own account.[15]
This approach is at least intuitively appealing because digital disclosure libraries could live on-chain or off-chain as an independent tool for increasing disclosure in the ecosystem. In either case, digital disclosure libraries could serve Web2 portals, as well as the landing pages of dapps and even Web3 tokens.
Disclosure DAOs
Digital disclosure libraries as I’ve mapped out are ultimately attempts to make transparent, share, and build on individual efforts at innovating disclosure in the ecosystem. But it is not hard to also imagine an interest in crowdsourcing inputs, and organizing collective decision-making in a directed manner in order to advance the broader development and dissemination of disclosure standards and tokens.
Organizational efforts could take place on and off chain. But there is a practical value in integrating efforts in order to leverage and align interests among both DeFi developers, investors and end users. From this standpoint, I’d like to introduce a third crypto-native concept for consideration: Disclosure DAOs. Along these lines, participants could create tax exempt, nonprofit DAOs designed to promulgate disclosure frameworks, tokens and compliance tools.[16] In its basic guise, statutory voting members could come to a consensus on disclosures necessary for dapps and create open-source model disclosures. Additionally, the bylaws could provide additional powers to the members, including the ability to submit their own disclosure principles or model disclosures for other members. Individuals who submit winning disclosures could be recognized with special NFTs that show up in your profile, and help burnish professional reputations. Similarly, individuals who submit model disclosures that become popular could likewise be rewarded with a special NFT that afforded developers with access to certain guilds or even decision-making processes within the DAO.
Like the disclosure token model described above, a disclosure DAO could also standardize how credentials for disclosure tokens are whitelisted to access regulated financial opportunities. DAOs could develop smart contracts that run on the Ethereum Virtual Machine, launch a beta program for disclosure tokens, and then develop credentials or keys for dapps. Individuals who read the disclosures and then received tokens could then be whitelisted for transactions on approved dapps.
Decentralized Disclosure: Beyond NFTs
NFTs are a relatively obvious starting point for thinking through compliance due to their growing popularity, visibility and programmability. But it’s helpful to recognize that other building blocks are possible, and which could operate both on- and off-chain. Perhaps the most relevant here is that category of solutions leveraging Decentralized Identifiers (or DIDs). Under this model, public keys could be anchored to most public blockchains to provide the immutable foundation for Decentralized Identifiers that comply with standards being defined by a relevant standard setting community (e.g., Decentralized Identity Foundation (DIF) and W3C Credentials Community Group). [17]
A Decentralized Identifier at its simplest is a text string that associates a person or entity with a set of data, called a DID document, describing the person or entity.[18] This data includes information like cryptographic public keys, verification methods, and means of communication or interacting with the individual, as well as associated network addresses, like HTTP URL, which operate on behalf of the person or entity.[19] The DID document then serves as the means of authentication for the subject of the Decentralized Identifier, and the foundation for trustable interactions associated with that subject. [20]
In theory, a Decentralized Identifier system, or disclosure DID, could be applied to De-Fi disclosure systems.[21] After reading disclosure, and being tested for comprehension, a credential could be provisioned with an individual’s Decentralized Identifier to substantiate the successful engagement with the disclosure. That credential could then be held in an off-chain, personal datastore or wallet or even layered on top of a digital driver’s license — or included as part of an individual’s disclosure DID, and by extension, the Decentralized Identifier itself. What’s more is that the information could be self-sovereign, meaning the holder of the data could determine when and which data is accessed, and by whom.
In this way, dapps could confirm the delivery and engagement with disclosure, which, as in our disclosure token example, could occur off-chain. After a confirmation is made, the customer or investor could then proceed to transact on the dapp, and possibly others with similar risk profiles or disclosures. All along, a decentralized, immutable chronological event record could be created to provide metadata relating to past disclosure engagement.
What would differentiate disclosure DIDs from NFTs is the credential in a DID framework. As opposed to an NFT serving in effect as the credential, here credentials would be stored off-chain in a digital wallet, and the only data on-chain would be the disclosure DID and a hash pointing to the credential ensuring data privacy. Credentials would also be built on open-source standards compliant with frameworks set by decentralized identity standard setters (e.g. DIF, W3C) to ensure interoperability with other decentralized identity applications. In theory, disclosure engagement credentials could thus be combined with other kinds of credentials issued and used to prove identity claims for any number of compliance use cases, from AML/KYC verification, to validating accredited investor status. However, unlike NFTs, which for the most part live on the popular Ethereum blockchain, and provide easy ports for engineering engagement on-chain, disclosure DIDs would operate on comparatively siloed and competing member-supported networks, with as of yet much less familiarity with the public. To bridge the gap, developers could conceivably adopt hybrid NFT-DID strategies, like embedding disclosure DIDs in NFTs.
Coda
The ideas above are just that, ideas. They represent a modest attempt to both inspire and catalyze new, but not far-fetched brainstorming about not just crypto, but disclosure as well. And to do so in ways that can excite developers and software engineers as much as policymakers — and highlight how disclosure systems can (and should) grow with technology instead of being superseded by it.
There are plenty of other questions, like what should be the substance of DeFi disclosures, and how government could productively support projects and rails in the ecosystem that ultimately further the public good — issues I raise in the larger white paper, Disclosure, Dapps and DeFi.[22] It is, in virtually every sense, early going. But in a digital ecosystem, one thing is clear: that disclosure systems can and should be designed in ways that leverage how people live their lives, and the technology they interact with. This reality, which is expressing itself around the world in everything from legislative proposals to enforcement actions, creates challenging questions for DeFi — and exciting opportunities.
[1] Hat tip to Alex Johnson for framing the concept of manufacturing and distribution, from which this observation is inspired.
[2] World Economic Forum White Paper, Decentralized Finance (DeFi) Policy-Maker Toolkit (2021), available athttp://www3.weforum.org/docs/WEF_DeFi_Policy_Maker_Toolkit_2021.pdf.
[3] Conflux Network, State of DeFi Audits, Medium (June 24, 2020), https://medium.com/conflux-network/the-overlooked-element-of-defi-adoption-e3b29829e3da.
[4] For an overview of shortcomings of white paper disclosures, see Shaanan Cohney, David A. Hoffman, Jeremy Sklaroff, and David A. Hoffman, Coin-Operated Capitalism, 119 Colum. L. Rev. 608 (2019), available at https://columbialawreview.org/content/coin-operated-capitalism/.
[5] See Chris Brummer, Jai Messari and Trevor Kiviat, What Should be Disclosed in an ICO? in Cryptoassets: Legal, Regulatory and Monetary Perspectives 157–202 (2019).
[6] The SEC’s Edgar system has been hacked on several occasions. In one of the most high-profile prosecutions, the system was hacked in October 2016, but did not disclose the hacking to the public until September 2017. See Alexandra Stevenson and Carlos Tejada, S.E.C. Says It Was a Victim of Computer Hacking Last Year, N.Y. Times (Sept. 20, 2017),https://www.nytimes.com/2017/09/20/business/sec-hacking-attack.html. See also Securities and Exchange Commission v. Ieremenko et al., (D.N.J. 2019) (№19-cv-00505), available at https://www.sec.gov/litigation/complaints/2019/comp-pr2019-1.pdf.
[7] See infra the discussion of Digital Ids for another interesting approach. This white paper does not purport to catalog all approaches in the DeFi space, or for that matter modern cryptographic methods, though ideally it may inspire more thought and attention for comment and exploration.
[8] The SEC’s Edgar system has been hacked on several occasions. In one of the most high-profile prosecutions, the system was hacked in October 2016, but did not disclose the hacking to the public until September 2017. See Alexandra Stevenson and Carlos Tejada, S.E.C. Says It Was a Victim of Computer Hacking Last Year, N.Y. Times (Sept. 20, 2017),https://www.nytimes.com/2017/09/20/business/sec-hacking-attack.html. See also Securities and Exchange Commission v. Ieremenko et al., (D.N.J. 2019) (№19-cv-00505), available at https://www.sec.gov/litigation/complaints/2019/comp-pr2019-1.pdf.
[9] As to the many sources illustrate the point, see Chainalysis, Lessons from the Wormhole Exploit: Smart Contract Vulnerabilities Introduce Risk; Blockchains’ Transparency Makes It Hard for Bad Actors to Cash Out, https://blog.chainalysis.com/reports/wormhole-hack-february-2022.
[10] Off-chain locations for the disclosure would likely be less expensive, and could yet exhibit some decentralized features, though it would lack the immutability and security functionality of blockchain based systems.
[11] The general industry expectation for blockchain implementation solutions in the near term is strong. Layer 2 updates on Ethereum are already functioning at a fraction of the cost of Layer 1, and Ethereum updates to proof-of-stake and layer 2 solutions will, according to most observers, lower cost dramatically. Additionally, the growth of cheaper and faster chains such as Solana makes it already feasible. NFTs that are aimed at masses (e.g., election campaign NFTs) chose to use Solana as it is cheap and environmentally friendly.
[12] Dapps like Rabbithole, for example, and many others like it, teach users how to use and contribute to decentralized apps, allowing them to earn on-chain credentials demonstrating their mastery of core skills and protocols based on their on-chain activity. Rabbithole, Your guide through web3, https://rabbithole.gg.
[13] As with GitHub, a community based distributed system could be set up with users enjoying the option of hosting their own Git server.
[14] In this way, open-source innovations could be brought to bear on compliance. For an overview of larger open source community categories, see Jan-Felix Schrape, Open Source Projects as Incubators of Innovation: From Niche Phenomenon to Integral Part of the Software Industry (University of Stuttgart, Discussion Paper, May 2017), available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2977352.
[15] See Klint Finley, What Exactly Is GitHub Anyway?, TechCrunch (July 14, 2012), https://techcrunch.com/2012/07/14/what-exactly-is-github-anyway.
[16] See Gene Takagi, DAO: What is it? What does it mean for nonprofits?, Nonprofit Law Blog (Nov. 21, 2021), https://nonprofitlawblog.com/dao-what-is-it-what-does-it-mean-for-nonprofits.
[17] See Alex Simons, Identity Hubs as personal data stores, Microsoft: Azure Active Directory Identity Blog (Mar. 29, 2019), https://techcommunity.microsoft.com/t5/azure-active-directory-identity/identity-hubs-as-personal-datastores/ba-p/389577.
[18] Decentralized Identifiers (DIDs) v1.0, GitHub (Aug. 3, 2021), https://w3c.github.io/did-core/#dfn-did-documents (last visited Feb. 3, 2021).
[19] Id.
[20] Id.
[21] For purposes of accuracy we note “in theory” because the technology for internet-based authentication systems for MDL information is still under development. An in-person (offline) authentication system is very much already underway, with a pilot planned with the TSA and Apple. Although the government and industry officials surveyed for this report indicate that similar standards sponsored by the World Wide Web Consortium (W3C) may be imminent for online transactions, there is as of this writing no internet version of the ISO-18013–5 standard, which governs how mdl information is passed from one entity to the next.
[22] Chris Brummer, Disclosure Dapps and DeFi, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4065143
