The irony of the situation cannot be overstated. While governments and regulators worldwide voice their support for innovation, entrepreneurship, and the future of digital finance, their banking sectors are waging an under-the-radar war to suffocate the industry. Banks, often citing vague compliance risks, are unilaterally denying crypto companies access to the financial infrastructure required to operate. This is not merely a hindrance to a niche market; it is a direct assault on the innovation and competition that drive economic growth and opportunity. The problem becomes even more complex when we examine the dichotomy between governments’ public positions and the actions of their banking syndicates. In countries like India, the government’s regulatory pivot towards recognizing and potentially regulating cryptocurrency is a step forward, yet banks continue to treat the industry with hostility. This creates a scenario where compliance with the law provides no assurances of fair treatment—a dangerous precedent for any industry

The United Arab Emirates offers another paradoxical case study. Renowned for its ambitions to become a global hub for cryptocurrency and blockchain technology, the UAE has issued licenses to numerous crypto firms, signaling regulatory endorsement. Yet, local banks remain hesitant, reluctant to provide even the most basic financial services. This contradictory behavior creates a frustrating labyrinth for crypto businesses that have invested heavily in compliance and innovation. Instead of fostering growth, these barriers force companies to navigate precarious alternatives, increasing costs and operational inefficiencies while stifling progress. At the heart of this issue lies a broader, more insidious problem: the unchecked discretion of financial institutions and their regulators. Documents obtained through FOIA requests in the United States reveal that Operation Choke Point 2.0 may not be an official policy, but it operates with a coordinated efficiency that suggests otherwise. Regulatory bodies like the FDIC have been implicated in advising banks to sever ties with crypto firms, actions that stifle innovation and economic opportunity under the guise of risk management. The implications extend beyond the crypto industry, raising alarms about the future of free enterprise itself. Operation Choke Point 2.0 is not just about banking or cryptocurrencies. It’s a battle for the soul of free market capitalism. When financial institutions wield unchecked power to deny access to lawful businesses, they undermine the rule of law, weaken economic competition, and stifle innovation. This is a fight that impacts not just crypto but the principles that underpin global economic progress. If left unchallenged, it sets a dangerous precedent, paving the way for future assaults on industries deemed inconvenient or politically unfavored. The stakes are enormous, and the need for accountability has never been greater.

History Repeats Itself:

The Rise of Operation Choke Point 2.0 The roots of Operation Choke Point 2.0 can be traced back to its predecessor, Operation Choke Point, launched in 2013 during the Obama administration. The initiative was a collaborative effort among the Department of Justice (DOJ), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC). Officially, its goal was to combat consumer fraud by cutting off financial access to industries deemed high-risk, such as payday lenders and firearms dealers. However, its implementation raised significant ethical and legal concerns, ultimately tarnishing its stated mission. Central to Operation Choke Point was the concept of "reputation risk," which regulators used as a tool to pressure banks into severing ties with certain businesses. Informal guidance documents and policy statements subtly advised financial institutions to reassess relationships with clients engaged in "unsavory" industries. These included gun dealers, pawn shops, and payday lenders—all of which were legal enterprises operating within the boundaries of the law. Regulators redefined reputation risk in a way that extended beyond the bank's own image to encompass the perceived reputation of their clients. This vague and manipulable standard provided the leverage regulators needed to coerce banks into compliance without explicit directives. The tactics employed were chillingly effective. Bank examiners warned institutions that continuing to serve targeted businesses could result in increased audits or other regulatory scrutiny. In one instance, an examiner reportedly told a banker that their decision to support a flagged industry would lead to an "immediate, unplanned audit of [their] entire bank." Under such pressure, many banks severed ties with lawful businesses, leaving them without recourse or explanation. These actions effectively choked off access to the financial system for targeted industries, depriving them of the infrastructure needed to operate and survive. Despite its purported focus on consumer protection, Operation Choke Point quickly became a tool for ideological enforcement. Businesses were judged not on their compliance with the law but on subjective assessments of their industries. Payday lenders, for instance, were targeted because officials found their practices "ugly" or "unsavory." This regulatory overreach sparked backlash from lawmakers, industry leaders, and civil liberties advocates. Congressional investigations and lawsuits revealed the extent of the coercion, and the program was officially terminated in 2017 under the Trump administration. However, the principles and tactics of Operation Choke Point did not disappear. Critics argue that they have resurfaced in Operation Choke Point 2.0, this time targeting the cryptocurrency industry. Like its predecessor, this iteration relies on informal guidance, reputational risk assessments, and covert pressure to limit financial access. While there is no official acknowledgment of a coordinated campaign, the patterns are strikingly similar. Regulators' warnings about the risks of engaging with crypto firms, coupled with increased scrutiny on banks serving the sector, create a hostile environment reminiscent of the original Operation Choke Point. Operation Choke Point’s history serves as a cautionary tale about the dangers of unchecked regulatory power. It illustrates how informal guidance and subjective risk assessments can be weaponized to suppress lawful industries, undermining the principles of free market capitalism. The revival of these tactics in Operation Choke Point 2.0 underscores the urgent need for transparency, accountability, and a balanced approach to regulation.

The Pressure Mounts:

Regulatory Crackdown on Crypto On January 3, 2023, a joint statement by the Federal Reserve Board, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency signaled escalating scrutiny on banks with crypto-asset-related activities. While couched in language about "safety and soundness," the message was clear: crypto was under the regulatory microscope. Banks were advised to be vigilant against "fraud and scams" and "inaccurate or misleading representations" in the crypto sector—risks present in virtually every industry from cash and gold to mortgages and car loans. But instead of issuing universal guidelines for managing such risks, regulators chose to single out the crypto industry, effectively stigmatizing it. Later that month, the Federal Reserve doubled down with a policy statement discouraging state banks from holding crypto assets. The warning came with an unsettling caveat: "Legal permissibility is a necessary, but not sufficient, condition" for banks to engage with crypto. This cryptic guidance blurred the line between legality and regulatory discretion, signaling that compliance with the law did not guarantee freedom from regulatory rebuke. Without public comment, this statement was entered into the Federal Register as a final rule, bypassing open debate and accountability.

By February 2023, the regulatory noose tightened further. A second joint statement from the Federal Reserve, FDIC, and OCC warned banks of heightened liquidity risks linked to crypto. These included potential sudden withdrawals by crypto companies' customers and market fluctuations affecting stablecoin reserves. Yet, even as the crypto market weathered a $2 trillion decline in 2022 without triggering significant liquidity crises, these warnings appeared disproportionately focused on crypto. The broader financial risks posed by long-dated U.S. Treasury securities or uninsured deposits were conspicuously absent from the narrative. Banks, feeling the regulatory pressure, began severing ties with crypto businesses.

Third-party payment processors followed suit. Circle, a key player in the crypto payment ecosystem, announced it would halt ACH and wire payment services for its partners. Whistleblower revelations added another layer to the unfolding saga. Senator Pat Toomey disclosed allegations that FDIC officials had pressured banks to avoid crypto businesses, with some banks reportedly downgrading loans to crypto companies without legal justification. Crypto leaders and firms faced a stark reality. Kraken’s official account tweeted that "Operation Choke Point 2.0 might have overplayed its hand," but the threat of ongoing attacks on the industry’s financial infrastructure remained palpable. High-profile individuals were not spared. Uniswap founder Hayden Adams revealed that JPMorgan Chase had closed his personal accounts without explanation. Citigroup similarly shut down the personal and business accounts of Swan Bitcoin CEO Cory Klippsten. These actions, coupled with mounting evidence of regulatory bias, painted a picture of an industry systematically sidelined by both overt and covert tactics.

The Biden administration’s anti-crypto stance extended beyond banking regulators. The Securities and Exchange Commission (SEC) opened a second front, targeting crypto custodians and issuers. A 2022 Staff Accounting Bulletin required digital assets held in custody to appear on custodians' balance sheets, raising complex questions about capital requirements. Simultaneously, the SEC escalated enforcement actions, with lawsuits against Ripple, LBRY, Paxos, and Coinbase signaling a broad crackdown.

The Trump Administration’s Pivot and Pro-Crypto Leadership During his 2024 campaign, Donald Trump explicitly criticized Operation Choke Point 2.0, promising to dismantle what he described as a targeted effort to "choke you out of business." Speaking at the Bitcoin Conference in Nashville, he declared, "They want to choke you; they want to choke you out of business. We’re not going to let that happen." With Trump now back in power, the landscape is poised for a significant shift. The Securities and Exchange Commission (SEC), historically aggressive under the Biden administration, is set to be led by a pro-crypto chief, signaling a potential relaxation of regulatory hostility toward the digital asset sector. This change in leadership could mark a turning point for the crypto industry. A pro-crypto SEC chief might prioritize clear and consistent regulatory frameworks over punitive enforcement actions. Such leadership could foster innovation, encourage investment, and provide much-needed clarity for businesses operating in the crypto space. Moreover, with the Trump administration’s public commitment to dismantling Operation Choke Point 2.0, banks and financial institutions may feel emboldened to reengage with crypto companies without fear of regulatory backlash. While the crypto industry remains cautious, the prospect of a regulatory environment that balances oversight with opportunity offers a glimmer of hope. If implemented effectively, these changes could restore confidence in the sector and reinvigorate its role as a driver of technological and economic innovation.

Hunting down Crypto-friendly banks:

This alleged coordinated effort by regulators targets banks that serve the cryptocurrency industry, effectively stifling innovation and driving lawful businesses offshore. The fallout of this initiative is staggering, with billions of dollars in stablecoins fleeing the U.S. financial system, critical banking infrastructure dismantled, and a chilling precedent set for other emerging industries.

Case 1:

Silvergate Bank’s Closure Silvergate Bank, a prominent player in crypto banking, was among the first casualties. Known for its Silvergate Exchange Network (SEN), which facilitated real-time crypto transactions, the bank announced its voluntary liquidation on March 8, 2023. While the official explanation cited "recent industry and regulatory developments," the timing and circumstances raise questions. Silvergate faced intense regulatory scrutiny and a cascade of deposit withdrawals in the wake of FTX’s collapse, but its decision to wind down appeared less about insolvency and more about regulatory pressures. Silvergate’s shutdown left crypto firms scrambling for alternatives to process payments.

Case 2:

The Abrupt Closure of Signature Bank Just five days later, New York State regulators seized Signature Bank. With $110.36 billion in assets and $88.59 billion in deposits at the end of 2022, Signature was solvent and had stabilized after experiencing $10 billion in withdrawals following the Silicon Valley Bank collapse. Despite this, regulators removed management and began selling off assets. One critical component of Signature’s business was its Signet platform, the last remaining blockchain-based payment network in the U.S. that operated 24/7 for crypto clients. Regulators insisted the closure was due to governance issues, but Barney Frank, a member of Signature’s board and co-author of the Dodd-Frank Act, said otherwise: "The regulators wanted to send a very strong anti-crypto message." Operation Choke Point 2.0’s Collateral Damage Operation Choke Point 2.0 mirrors its predecessor, a controversial Obama-era initiative targeting industries like gun manufacturers and payday lenders by pressuring banks to sever ties. The modern version has targeted crypto under the guise of "risk management," but the statistics paint a troubling picture: • $12 billion in stablecoin assets have been driven offshore since early 2023, flowing to jurisdictions like Bermuda, Puerto Rico, and the Bahamas. • The FDIC Deposit Insurance Fund took a $2.5 billion hit from Signature’s closure, partly because bidders were reportedly required to exclude crypto-related assets from their offers. This exclusion made it impossible to recoup the full value of Signature’s assets. • The ripple effects have pushed at least two dozen crypto companies to seek banking relationships outside the U.S., increasing exposure to unregulated financial systems.

Case 3:

Custodia Bank’s Legal Battle Wyoming-based Custodia Bank is emblematic of the challenges faced by crypto-friendly banks. Founded to provide safe custodial services for digital assets, Custodia backed its deposits with more than 100% reserves, far exceeding the requirements of traditional banks. Yet the Federal Reserve denied its application for a master account in January 2023, claiming Custodia’s business model was "too risky." This rejection ignored Custodia’s impeccable compliance record under Wyoming law. Custodia filed a lawsuit against the Federal Reserve, citing violations of the Administrative Procedure Act (APA) and the Monetary Control Act. The bank argued that the Fed’s actions were politically motivated, pointing to a pattern of dismissive treatment toward crypto-focused institutions. Despite Custodia’s legal challenge, the court sided with the Fed, reinforcing the regulator’s authority to block access to critical financial infrastructure.

The rejection not only set back Custodia’s operations but also highlighted the Fed’s apparent inconsistency: While criticizing stablecoins for lacking full reserves, the Fed dismissed Custodia’s model for holding excess reserves. raditional banks operate under a fractional reserve system, lending out most deposits, yet they face far less scrutiny than Custodia, which prioritized deposit safety. Regulatory Capture and Hypocrisy A troubling pattern emerges when examining how regulators treat large, traditional banks versus smaller crypto-focused institutions:

Big banks, such as JPMorgan Chase and Goldman Sachs, have quietly entered the crypto space through blockchain initiatives and digital asset custody services. Yet smaller players like Custodia and Signature face regulatory hurdles at every turn.

The Office of the Comptroller of the Currency (OCC), which granted conditional trust charters to crypto banks in 2021, has since reversed course. Under current leadership, the OCC has allowed these charters to expire, leaving firms like Protego Trust Bank and Anchorage Digital Bank in limbo. Economic and Market Consequences The crackdown on crypto-friendly banking has far-reaching implications beyond the industry itself:

1. Financial Innovation at Risk: By driving crypto businesses offshore, the U.S. risks losing its competitive edge in blockchain technology. Offshore banking relationships expose crypto firms to increased risks of money laundering and financial instability.

2. Increased Costs: Without access to U.S.-based banking, crypto firms face higher costs for payment processing and settlement. This inefficiency hampers growth and innovation.

3. Regulatory Precedent: The Fed’s refusal to process Custodia’s application despite legal requirements sets a dangerous precedent. It signals that regulators can arbitrarily deny lawful businesses access to essential infrastructure. The Bigger Picture Operation Choke Point 2.0 is more than a crackdown on crypto—it’s a challenge to the principles of free market capitalism. By using bureaucratic tools to suppress industries deemed undesirable, regulators undermine innovation, competition, and economic opportunity.

   The actions against Silvergate, Signature, and Custodia reflect a troubling consolidation of power in unelected hands. As Caitlin Long, CEO of Custodia Bank, put it: "This fight goes beyond digital assets. It’s about whether unelected bureaucrats can quietly suppress lawful businesses, dismantling competition in the name of risk management."

Crypto’s “Pause Letters” and FDIC Shadow-ban

Thanks to a series of Freedom of Information Act (FOIA) requests spearheaded by Coinbase, a trove of revealing documents—informally termed "pause letters"—has unveiled a regulatory game of musical chairs orchestrated by the Federal Deposit Insurance Corporation (FDIC). These letters have become the latest flashpoint in the battle over cryptocurrency’s place in the American financial system, laying bare a troubling mix of regulatory ambiguity, political maneuvering, and innovation-suppressing tactics. The “Pause Letters” and Their Content The letters themselves are a fascinating study in bureaucratic caution. Ostensibly designed to ensure risk management, they effectively order banks to freeze all crypto-related activities until further notice. "Pause all crypto asset-related activity," they bluntly state, signaling more of a command than a suggestion. Banks were instructed to await a determination on "supervisory expectations" for crypto—a determination that, notably, hasn’t yet arrived.

The letters also demanded exhaustive cost-benefit analyses and risk assessments, burdening banks with homework that could rival a doctoral dissertation. In simpler terms, these letters were the regulatory equivalent of a teacher assigning busywork to avoid addressing the elephant in the room: the lack of a clear, coherent framework for integrating crypto into the traditional banking sector. Meanwhile, the FDIC sat on the fence, issuing pauses rather than policies. A Strategy or a Stalemate? The FDIC’s "pause and reflect" approach reveals a regulatory strategy that feels less about managing risks and more about halting progress. By slowing down crypto’s integration into traditional finance, regulators have effectively built a moat around the banking sector, keeping the innovative—and disruptive—crypto knights at bay. The rationale? A purported need for more data and risk analysis.

The result? A chilling effect that has forced crypto firms to either pay exorbitant costs for limited banking access or seek refuge in offshore financial havens. The Fallout: A Chilling Effect The numbers tell a stark story. Between March 2022 and May 2023, these pause letters helped drive over $12 billion in U.S. dollar stablecoin assets offshore. Destinations like Bermuda and Puerto Rico have eagerly welcomed what the U.S. has shunned.

This exodus not only hurts U.S.-based crypto firms but also undermines the regulators’ stated goals of protecting consumers and reducing money laundering risks. After all, offshore jurisdictions are less regulated, less transparent, and—ironically—more vulnerable to the very risks the FDIC claims to fear. For banks, the message is clear: serving crypto clients is a one-way ticket to regulatory headaches. Even institutions with sterling compliance records face an uphill battle. The letters’ vague language leaves banks in limbo, forcing them to either halt crypto operations or risk becoming collateral damage in a regulatory crackdown.

Case in Point: Custodia Bank Custodia Bank, a Wyoming-based pioneer, provides a glaring example of this regulatory overreach. Backing its deposits with over 100% reserves—a rarity in a world of fractional reserve banking—Custodia should have been a poster child for stability. Instead, it found itself locked out of the Federal Reserve’s payment systems. The reason? Its crypto-centric business model was deemed "too risky." The irony is hard to miss: a bank prioritizing safety was punished for not being reckless enough. The Federal Reserve’s rejection of Custodia’s master account application highlights the inconsistency in its stance. The Fed chastises stablecoins for not being fully backed, yet penalizes Custodia for holding excessive reserves. It’s as if regulators can’t decide whether crypto is too safe or too risky—so they’ve settled on treating it as both.

Legal and Ethical Concerns The informal nature of these pause letters has sparked significant legal and ethical questions. Critics argue they bypass established regulatory processes, like public comment periods, violating principles of due process under the Administrative Procedure Act (APA). Moreover, targeting an entire industry rather than individual entities raises concerns of discrimination under banking laws that prohibit such practices. If this isn’t a textbook case of regulatory overreach, it’s at least an honorable mention. The Broader Implications This regulatory chokehold extends far beyond crypto. It’s a cautionary tale about the dangers of unelected bureaucrats wielding unchecked power. By sidelining innovation and picking winners and losers, regulators are eroding the principles of free market capitalism. What’s worse, this approach risks driving the U.S. further behind in the global race for financial innovation. While jurisdictions like Singapore and Switzerland craft forward-thinking crypto policies, the U.S. seems intent on building barriers instead of bridges.

The FDIC’s pause letters have exposed a troubling undercurrent in U.S. financial regulation—a willingness to stifle innovation under the guise of caution. But the crypto community isn’t pausing. With firms like Coinbase leading the charge, the industry is fighting back, demanding transparency, accountability, and a fair shot at revolutionizing finance. Whether this battle ends in regulatory clarity or a continued stalemate, one thing is certain: the pause letters have ignited a debate that extends far beyond crypto, touching the very foundations of free enterprise in America. It’s a fight worth watching—and one worth winning.

Crypto and Banking: Basel Standards, Global Policies, and the Hunt for USD Payment Rails

In the high-stakes world of finance cryptocurrencies are the disruptive teenager rattling the well-ordered household of traditional banking. While their promise of innovation and financial freedom excites many, regulators and banks are grappling with how to welcome this newcomer without losing control. At the center of this tug-of-war lies the Basel Committee on Banking Supervision (BCBS), whose July 2024 revisions to the prudential framework for cryptoassets highlight the global banking sector’s cautious optimism—and its very real reservations. These Basel Standards, scheduled for implementation by January 2026, provide a regulatory roadmap for banks dealing with crypto. However, the practical challenges of accessing banking services, especially USD payment rails, remain a roadblock for crypto firms worldwide. Let’s dive into this intricate narrative, examining how major jurisdictions, from the UAE and India to Singapore, Hong Kong, and Switzerland, are shaping the crypto-banking landscape.

The Basel Standards: Regulatory Tightrope Walking The Basel Committee’s updated framework treats cryptoassets with the suspicion one might reserve for a houseguest with a questionable background. Cryptoassets are divided into two groups:

Group 1 assets, including tokenized traditional assets and stablecoins that meet stringent reserve and redemption requirements, are given preferential treatment.

Group 2 assets, which include algorithmic stablecoins and speculative tokens, are treated as high-risk, with a 1,250% risk weight that essentially screams, "Proceed at your own peril."

The framework also limits a bank’s exposure to Group 2 assets to 1% of its Tier 1 capital, with breaches triggering severe capital requirements. While these rules aim to safeguard financial stability, they leave banks facing a stark choice: engage with crypto and shoulder the burdensome costs, or steer clear and avoid the headache altogether. Unsurprisingly, many opt for the latter. But crypto’s challenges in banking don’t end with Basel’s capital requirements. Liquidity rules exclude most cryptoassets from being considered high-quality liquid assets (HQLA), making them less appealing to hold. Add to this the extensive disclosure obligations, and it’s little wonder that banks are hesitant to extend the welcome mat.

The Global Patchwork: Where Crypto Meets Banking The Basel Standards may set a global foundation, but how they’re implemented—or ignored—varies widely. Different countries bring their own flavor of caution or enthusiasm, resulting in a patchwork of crypto policies that often confuse more than they clarify.

The UAE: Crypto Ambitions, Banking Gaps The UAE’s relationship with crypto is like a high-stakes poker game—it’s all in on regulatory leadership but still hesitant to show its hand when it comes to banking. Dubai’s Virtual Assets Regulatory Authority (VARA) and Abu Dhabi’s ADGM provide some of the most sophisticated crypto licensing frameworks in the world. The Central Bank of the UAE has stepped in to regulate payment tokens and license stablecoin issuers, positioning the country as a global crypto hub. Yet, for all its forward-thinking policies, the UAE’s banking system has been slower to adapt. Beyond Zand Bank, few institutions are willing to open their doors to crypto companies. Even Zand’s processes are complex, requiring exhaustive due diligence that can feel more like a regulatory endurance test. This creates a paradox: while the UAE government courts the crypto industry, its banks seem reluctant to join the dance, leaving many firms struggling to settle client funds or manage operational accounts.

India: A Crypto Boom Held Hostage India’s crypto industry is a paradoxical mix of massive potential and regulatory uncertainty. The country boasts one of the world’s largest crypto user bases, yet its regulators treat the industry with a mix of skepticism and distrust. The Reserve Bank of India (RBI) has a long history of hostility toward crypto, banning banks from servicing the sector in 2018—a decision overturned by the Supreme Court in 2020. But the scars of that ban linger. Many banks still avoid crypto companies, citing informal guidance from the RBI. Recent tax policies, including a 30% tax on crypto gains and a 1% TDS on transactions, have only muddied the waters, creating more hurdles without offering clarity. For Indian crypto players accessing banking services often feels like navigating a labyrinth. Without reliable banking relationships, many rely on payment gateways or alternative arrangements ( some go for unreliable smaller less liquid cooperative banks) that increase operational complexity and cost.

Singapore: Regulatory Clarity, Banking Caution Singapore is the polished elder sibling of the crypto world—well-organized, thoughtful, and progressive. Its Monetary Authority of Singapore (MAS) has introduced a robust regulatory framework under the Payment Services Act, along with specific rules for stablecoins. These policies emphasize reserve transparency, redemption assurances, and strict AML/KYC measures. Yet, despite this regulatory clarity, Singapore’s banks remain cautious. While institutions like OCBC and DBS offer services to a select few crypto firms, smaller companies find the process arduous. Banking access is more an exception than a rule, creating a gap between Singapore’s progressive policies and its banking reality.

Hong Kong: Welcome, but Not Too Close Hong Kong, too, has signaled its intent to embrace crypto, with the Securities and Futures Commission (SFC) rolling out clear regulations for exchanges and custodians. Yet, like Singapore, its banks remain reserved. Institutions like DBS and HSBC offer limited services, often contingent on exhaustive risk assessments. For many crypto firms, this half-hearted embrace leaves them in a state of limbo—welcome in principle but not in practice.

Switzerland: A Rare Beacon of Openness If most countries approach crypto with a wary eye, Switzerland strides forward with confidence. The Swiss Financial Market Supervisory Authority (FINMA) has created a clear regulatory framework for crypto companies, encompassing everything from ICOs to tokenized assets. Swiss banks like SEBA Bank and Sygnum Bank have embraced crypto wholeheartedly, offering seamless account opening processes. This openness has made Switzerland a global leader in crypto banking, proving that clear regulations and supportive banks can coexist.

The EU: Harmonization in Progress The EU’s Markets in Crypto-Assets (MiCA) regulation represents a bold attempt to harmonize crypto policies across member states. While the European Central Bank (ECB) urges caution, some countries, like Lithuania, Lichtenstein, Germany and Estonia, have taken a more open stance. MiCA’s implementation is expected to streamline banking access, but its practical impact remains to be seen. Still, the European Central Bank (ECB) has warned banks against rushing into crypto. A 2023 ECB survey found that only 2% of EU banks had significant cryptoasset exposures

The USD Problem: A Global Bottleneck No matter how progressive a country’s crypto policies, one issue transcends borders: access to USD payment rails.

Why USD Matters: USD remains the backbone of global trade, stablecoins, and crypto transactions. Without access to USD banking, crypto firms struggle to settle transactions, manage liquidity, or scale their operations.

SWIFT and USD Transfers: The inability to access SWIFT networks or conduct USD telegraphic transfers forces many crypto firms to rely on offshore banks or decentralized solutions, increasing costs and risks. Ripple Effects: The U.S.’s retreat from crypto-friendly banking has created a global ripple effect, with international banks hesitant to fill the void. This lack of USD access represents a critical bottleneck, limiting the growth of the crypto ecosystem despite its global ambitions.

Where Do We Go from Here? The crypto-banking conundrum is a classic case of growing pains. The industry needs banking services to thrive, but regulators and banks are reluctant to engage without clear safeguards. The path forward requires collaboration, compromise, and a willingness to innovate.

1. Global Harmonization: Aligning the Basel Standards with regional regulations can reduce fragmentation and create a more cohesive global framework.

2. Risk-Based Approaches: Banks need to assess crypto firms individually, rewarding compliance and transparency rather than applying blanket restrictions.

3. Public-Private Partnerships: Governments, regulators, and banks must work together to address compliance concerns while fostering innovation.

4. USD Access: International banks must step up to provide USD payment rails, a critical component of the global financial system.

The Rise of Neo Banks and EMIs: Crypto’s Risky Dance with Non-Traditional Finance

When traditional banks pulled the rug out from under crypto companies, a new breed of financial service providers—Electronic Money Institutions (EMIs) and neo banks—stepped in, dressed like knights in shining armor. But don’t let the glint fool you; these knights charge hefty fees and are prone to tripping over their own swords. The reliance on these non-traditional players is less of a love affair and more of a forced partnership. Traditional banks, spooked by regulatory specters and the volatility of crypto, abandoned the field. Enter EMIs and neo banks, offering services that sound promising—banking-as-a-service, fiat on- and off-ramps, SWIFT, ACH, SEPA, and telegraphic transfers (TT). But as any crypto firm will tell you, there’s a steep price for this convenience.

A Symphony of Fees and Delays Imagine you’re sending a SWIFT payment through one of these institutions. The fees? Five to ten times higher than what a traditional bank would charge. And the time it takes? It’s like watching paint dry—batch processing, manual checks, and intermediary banks all stretch the process to days. ACH and SEPA transfers, while cheaper, often come with hidden costs and unpredictable delays, particularly when the transaction involves multiple currencies or jurisdictions. And if you’re in the business of high-frequency crypto trades or liquidity-sensitive operations, these delays can feel like a slow-motion car crash.

KYC: Kafkaesque Yet Inconsistent Non-traditional providers often overcompensate for their risk exposure with hyper-vigilant KYC/AML policies. Imagine jumping through hoops, then finding the hoops are on fire and constantly moving. Some institutions demand excessive documentation that makes even the most legitimate businesses feel like they’re being treated as suspects. Yet, ironically, these same institutions might unwittingly leave loopholes for less scrupulous actors. The technology mismatch doesn’t help. Blockchain analytics tools are still catching up to the pace of crypto transactions, leaving EMIs struggling to align compliance with the operational needs of their clients. The result? A patchwork of requirements that can derail onboarding and frustrate operations.

The Operational Ballet: Costly, Clunky, and Risky Running a crypto business with multiple banking partners feels less like managing liquidity and more like spinning plates while riding a unicycle. These patchwork solutions introduce layers of operational complexity: • Higher Costs: Juggling multiple accounts means higher maintenance fees, transaction costs, and compliance overheads. • Unreliable Service: System downtimes, delayed responses, and botched transfers are par for the course with EMIs and neo banks, leaving crypto firms vulnerable to missed opportunities and liquidity crunches. • Risk of Disruption: A single hiccup in the correspondent banking chain can bring the entire system to a grinding halt, putting billions in jeopardy.

A Riddle Wrapped in Fees: Ethical and Financial Quandaries The exorbitant fees charged by these institutions straddle the line between opportunism and necessity. Is it fair to charge a premium simply because traditional banks are too scared to play? That’s debatable. But as crypto firms are left with little choice, these practices may one day draw the ire of regulators tasked with ensuring fair financial services. And what about the broader implications? The reliance on less-regulated entities introduces risks not only for the crypto ecosystem but for the entire financial network. When liquidity is concentrated in a handful of players, any disruption could ripple outward, undermining stability and trust.

Dancing on the Edge Crypto’s flirtation with EMIs and neo banks is a precarious dance—graceful one moment, chaotic the next. While these entities provide a vital lifeline, their high costs, operational inefficiencies, and unpredictable compliance measures make them a far cry from the ideal partner. The solution lies in bridging the gap between traditional banking and crypto needs. Until then, crypto companies will keep spinning plates and dodging flaming hoops, all while hoping they don’t trip over the hefty fees and bureaucratic hurdles along the way.

Conclusion:

Banking on Irony, Innovation, and Inevitable Change As the dust settles on Operation Choke Point 2.0, one thing becomes painfully clear: this isn’t just a battle for crypto—it’s a high-stakes chess game for the future of free markets. The regulators may think they’re playing a clever endgame, but the moves are riddled with irony so rich, it could power a blockchain itself. Consider the paradox: banks rejecting crypto for being “too risky” while teetering on their own shaky foundations due to speculative investments and questionable lending practices. Or the fact that crypto firms, designed to bypass traditional banking, are being pushed to innovate faster—essentially becoming the sleek predators in an ocean of regulatory plankton. The humor, of course, lies in the unintended consequences. Regulators aimed to crush innovation but inadvertently gave it a growth hormone. By forcing crypto firms offshore and into DeFi ecosystems, they’ve created a monster far less controllable than the one they sought to tame. It’s like trying to swat a mosquito and accidentally unleashing a swarm. Bravo. For those still loyal to the antiquated belief in free enterprise, the message is clear: unelected bureaucrats are rewriting the rules, with the ink of ideology and the paper of selective enforcement. But history, as always, has a funny way of flipping the script. The great irony is that crypto, born out of distrust for centralized power, is proving to be the very force that holds centralized overreach accountable. And let’s not ignore the human comedy. While regulators flex their might, crypto entrepreneurs have pivoted from mere survivalists to rebellious innovators. Picture Caitlin Long of Custodia Bank, armed with Wyoming’s regulatory blessings, valiantly taking on the Fed’s fortress like a modern-day Don Quixote tilting at bureaucratic windmills. If only irony could be monetized, the Fed might finally understand the value of blockchain. In the end, Operation Choke Point 2.0 might just be remembered as the catalyst for crypto’s most significant evolution yet. It’s a stark reminder that suppression often breeds ingenuity, and barriers are merely opportunities in disguise. The regulators may have the pen, but crypto has the code—and it’s writing a future where resilience, innovation, and decentralization win the day. So, here’s to the inevitable: a financial landscape where banks embrace innovation rather than fear it, where regulators remember that free markets thrive on competition, and where irony, as always, keeps us all a little more honest. Until then, crypto marches on—disrupted, defiant, and undeniably destined to outlast its detractors.

Satoshi Nakamoto, the so-called father of Bitcoin, has brought this phenomenon to the world of finance. He appeared out of nowhere in 2008 and vanished just as quickly three years later, after creating the world's first cryptocurrency. On April 23, 2011, he said goodbye to a fellow Bitcoin developer in an email. "I've moved on to other things," he wrote, assuring Bitcoin's future was "in good hands." And that is the last one We officially heard from him.

Thanks for reading Legosapiens By Shaswata! Subscribe for free to receive new posts and support my work.

Today, Bitcoin is worth nearly $325 billion, and while Nakamoto's identity may be merely speculative for some, it is far more significant for others: he is said to own over 1 million bitcoins or roughly 5% of the total number in circulation. Even though the price of Bitcoin has plummeted by over 66 percent since January 1, 2022, the value of Nakamoto's Bitcoin holdings would be more than $16.2 billion. The mysterious figure's bitcoins would have been worth more than $67 billion at the peak of the cryptocurrency market in November of last year.

The cryptocurrency market would be completely upended if the person—or persons—behind the name Satoshi Nakamoto decided to sell even a small portion of this hoard. Coinbase noted the potential revelation of Nakamoto’s identity (and the movement of that person’s Bitcoin holdings) as a risk factor in its IPO filing with the Securities and Exchange Commission (SEC). Coinbase even went so far as to send a copy of the filing to the last known email address for Nakamoto.

That may sound like overkill to some, but it was recently made abundantly clear just how much of an effect an individual party can have on the entire cryptocurrency industry. Ahm, Remember FTX & SBF? So speculation aside there are plenty of reasons for the urge of becoming Nakamoto, Australian Craig Wright claimed to be Nakamoto in 2016, and Bitcoin developer Andresen corroborated the statement, saying he was “98 percent sure” that Wright was the elusive Satoshi. The bitcoin community wasn't having it, so Wright withdrew the assertion.

Suspicion also fell upon Nick Szabo, a secretive crypto expert who contributed significantly to the development of Bitcoin. Linguistic researchers analyzed Szabo’s writing as well as writing from other suspected Satoshis. The linguists claimed that there were definitive similarities between Szabo’s writings and Satoshi Nakamoto’s. The New York Times even went so far as to pin Szabo as the shadowy Nakamoto, but Szabo strenuously denied the claims.

Now let’s shift the focus to Craig Wright’s Tulip Trading has brought one case to the shore of the Court of Appeal in England and Wales that could be the most significant Bitcoin case to date, and can change the crypto industry and open source industry as a whole: Tulip Trading Ltd is seeking to bring proceedings in the High Court that would require 16 bitcoin developers based around the world to write software ‘patches’ to enable the recovery of assets worth more than £1bn stolen in a 2020 hack on Wright's computers. The March judgment dismissed the claim that the developers owe any continuing fiduciary duty to users of their open-source software.

The Court ruled that open-source Bitcoin software authors do not bear any fiduciary obligations or common law duty of care to those who use their code to store or trade their crypto assets, despite the fact that their technology is widely utilized and used to trade and store cryptocurrencies.

The Bristol and West Building Society v. Mathew case served as the Court's starting point in determining whether a fiduciary duty was owed. According to Millett LJ, a fiduciary is "someone who has undertaken to act for or on behalf of another in a specific matter in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty. The principal is entitled to the single-minded loyalty of his fiduciary.” When there is a fiduciary relationship, there is "a legitimate expectation" that the fiduciary won't act in a way that is inimical to the interests of the principal.

The actions Tulip sought to require the Developers to perform to "patch" the relevant software would be entirely for Tulip's profit and not for the benefit of users generally, despite the fact that the underlying relationship between the Developers and bitcoin owners generally had a fiduciary quality. Furthermore, those actions may in fact prejudice other bitcoin owners who have certain expectations about how the software will function, such as the expectation that digital assets can only be transferred using private keys, the effectiveness of the blockchain's "proof of work" processes, and anonymity.

TTL argues that:

1. TTL had a considerable amount of BTC/digital assets stolen (thieves unknown)

2. The devs control the core BTC network (and other relevant BTC forks) and therefore that the devs owe TTL

a) a fiduciary duty; and/or

b) a tortious duty of care

a) devs have ‘complete power’ over the relevant protocols

b) digital asset owners have no power over protocols & entrust the care of their coins to devs

c) devs can amend the protocols to return the stolen coins

so the devs owe TTL fiduciary duties.

Mrs. Justice Falk (MJF) rejected TTL’s arguments for various reasons

1. Imbalance of power alone is not enough to create a fiduciary relationship

2. Devs are a ‘fluctuating, and unidentified’ body of individuals

3. Positive duty to act is imposed on devs (change protocol)

Now for tortious duties

What’s a tort?

It’s a civil wrong that results in loss/harm to another & imposes civil (rather than criminal or contractual) liability. The injured party is entitled to a remedy eg monetary damages or injunction (to compel/prevent certain conduct)

For a successful claim in tort typically claimant needs to establish (amongst other things) the existence of a ‘duty of care. Duty of care roughly = circumstances, where common law recognizes one person, has a responsibility to ensure others don’t suffer unreasonable harm/loss.

TTL has only suffered what is termed ‘pure economic loss’ ie there hasn’t been any physical harm to a person/property, just financial loss. In the context of pure economic loss, for duty of care to exist there needs to be a ‘special relationship’. For a special relationship to exist, there generally needs to be a clear assumption of responsibility (to for eg safeguard the claimant). There is also no general duty to protect others from harm or to prevent third parties from causing injury/loss.

TTL’s claim: the court should recognize a duty of care is owed by devs to digital asset owners that have lost control of their private keys & in oral submissions TTL argued that the existence of a fiduciary relationship would constitute the necessary ‘special relationship’.

MJF rejected TTL’s arguments regarding the tortious duty of care:

1)No fiduciary duty exists so no resultant special relationship

2)Devs don’t control the third party (hackers)

3)Devs as a class are ‘unknown and potentially unlimited’ and the scope of duty would be ‘open-ended’.

But The English Court of Challenge is currently considering Tulip Trading’s lawsuit on the legal duties owed by blockchain developers and granted permission to appeal the High Court’s decision to throw the case out for lack of jurisdiction. When granting permission, the Court of Appeal stated that the question of whether developers have any fiduciary or other obligations to the owners of digital assets is "considerably important" and "rightly regarded as a matter of some complexity and difficulty.”

Importance of This Case with context with Recent update:

Now the case is now in 2 days hearing at the Court of Appeal in England and Wales And the arguments are greatly interesting :

Counsel talked about the powers and decisions of developers:

1. Saying that even if developers have the powers and decisions that TTL assert (that they can patch the network) that doesn’t mean that a fiduciary duty exists in the first place.

2. Devs don’t have the power to stop transactions.

3. Private keys are not in the control or power of the devs. Devs can’t return the keys. To use the “physically safe” analogy - devs cannot return or remake keys if they have been lost.

4. Counsel is now saying that it is an extremely wide obligation on devs to argue that they have a duty to take “all reasonable steps” to do certain things in relation to the safeguarding of or access to bitcoin.

5. Counsel is now saying that it is an extremely wide obligation on devs to argue that they have a duty to take “all reasonable steps” to do certain things in relation to the safeguarding or access to bitcoin.

6. What circumstances can justify a fiduciary duty to an indeterminate and unknown class of owners of bitcoin?

7. The class of owners could include entities, individuals, government agencies, partnerships, associations, etc. All of those owners are spread across the globe in both common law and civil law jurisdictions and jurisdictions that the court would not normally interact with at all.

8. At the time of the hack, the power over TTL’s bitcoin DOES NOT lie with the Bitcoin devs. Nor does that change when the hack happens. Nor does that change when the hack happens.TTL and TTL alone had the power to look after their own private key. Dev power certainly did not outweigh the power of TTL. And certainly was not an imbalance of power.

9. This imbalance of PowerPoint is slightly different from how TTL expressed it though. TTL said that devs can patch code at any time. Of course, this then raises the fork issue: The judge asked “ who gets to control updates to the Bitcoin GitHub repo?”

10. Counsel says the power to add code to GitHub is not one that affects the existence of the fiduciary duty

11. Counsel says the power to add code to GitHub is not one that affects the existence of the fiduciary duty.

12. Judge: Might it be relevant to ask whether devs are fiduciaries in the limited sense that they have a responsibility not to destroy the system/network?

13. The dev power is limited to ensuring the code operates as deployed. Moving bitcoin on or off the chain is not in the power of devs.

14. If duties are owed to all owners of bitcoin, Counsel says it is the case that there is a real risk of conflict between multiple principals. How do devs know who owns what bitcoin?

15. If establish fiduciary duty, then devs would have an obligation of loyalty and confidentiality to all of their principals.

16. Devs would end up being party to proceedings because they have to be sued to get the in-personam order that TTL wants (the patch).

17. Dev. Counsel opposed the amendment to the claim (the arguments for which were made by TTL Counsel on 1st day of the hearing).

18. Counsel is trying to get Court to refuse permission to amend (based on the merits of the amendment) and If the claim survives only because of the amended case, then devs want costs for that and enhancement of existing security.

19. Now in the context of Satoshi's addresses in dispute and the private keys. 1Feex and 12ib7 “Developer power is limited to the writing of software code which is published on an open source repository”.

20. Saying that even if developers have the powers and decisions that TTL assert (that they can patch the network) that doesn’t mean that a fiduciary duty exists in the first place.

21. Counsel has said that it is an extremely wide obligation on devs to argue that they have a duty to take “all reasonable steps” to do certain things in relation to the safeguarding or access to bitcoin.

22. Counsel used the “serious issue to be tried” test in the Altimo Holdings case, “Serious issue to be tried on the merits of the claim (based on facts or law)” is the test. Counsel is basically describing how they see the test for fiduciary work. Expect this is so that they can then go on to argue that it is easy to apply this test to the Bitcoin devs and show that there is no serious issue to be tried that a fiduciary duty exists.

23. What circumstances can justify a fiduciary duty to an indeterminate and unknown class of owners of bitcoin? The class of owners could include entities, individuals, government agencies, partnerships, associations, etc.

24. All of those owners are spread across the globe in both common law and civil law jurisdictions and jurisdictions that the court would not normally interact with at all. What particular matter have the developers undertaken to act for TTL? The claim then becomes unsustainable.

25. What particular matter have the developers undertaken to act for TTL? The claim then becomes unsustainable.

26. The “particular matter” is that the developers don’t act capriciously, unlawfully, or for their own advantage or to abuse their own position. Counsel says those are standards to apply to fiduciaries not tests for fiduciaries.

27. If duties are owed to all owners of bitcoin, Counsel says it is the case that there is a real risk of conflict between multiple principals.

28. Counsel: TTL has self-adjudicated that it owns the bitcoin. Due to the vast range of potential owners of bitcoin, an English in-personam judgment based on ownership of bitcoin would not be conclusive. This could give rise to many problems for devs in other jurisdictions (particularly if ownership is disputed elsewhere).

29. If TTL's claim is unsuccessful and the court finds that TTL can’t prove owns the bitcoin. The devs still have to be embroiled in the litigation which is a big risk to devs.

30. But the pragmatic approach for Tulip Trading Limited would be injunction cases are also helpful for claimants. Few experts argued those injunction cases only work against an exchange.

31. “In this case, what TTL could have done is not wipe its system, It could’ve also not wiped its cloud backup. TTL could have obtained a freezing order over the public addresses 1Feex and 12ib7.

32. The fundamental flaw of the case is that these defendants would still have to take a position on the question of ownership, which they are *not able to do.*

33. Counsel says that there is normally a causal connection between a duty and a loss. Here, we have a loss that would have occurred irrespective of whether the duty existed or not. Ie. The bitcoin would’ve been lost by TTL even if devs did owe them a duty.

It will be interesting and precedent-setting to watch this case of Tulip Trading Limited in a Bitcoin developer's fiduciary obligation and tortuous duty. It's Irony that Reserve Bank of India Governor Shaktikanta Das warned about the risks of Cryptocurrency investment, referring to the Dutch tulip bulb market bubble in the 17th century.

Thanks for reading Legosapiens By Shaswata! Subscribe for free to receive new posts and support my work.

A lawyer's note ( not a piece of legal advice )

Today's crypto world is quite like the universe of Stranger Things (Netflix's popular sci-fi show, if you don't get my pop culture reference it's my mistake, not yours)

One side is a lovely sunny morning where a lot of productive conferences are happening, stakeholders are delving into the positive future of the web 3.0 & Crypto world, Crypto startups raising money, and more conventional professional people diving deep into this world. The conversations at the dinner table have turned from the discussions of sports & politics into Crypto & web 3.0.

At the same time in the world of upside down, Regulators in Big nations are bullish on banning or strict regulations, and enforcement agencies ( SEC, CFTC in the USA, ESMA in EU, RBI & ED for now in India, etc) are fighting it out with crypto players, Headlines of Millions to Billions valued crypto, NFT stealing, hacking, data leaks, Ponzi scheme, and other frauds, Crypto companies going bankruptcy ( Chapter 11 Calling).

Thanks for reading Legosapiens By Shaswata! Subscribe for free to receive new interesting take on legal & Tech and support my efforts.

Now Some will say Winter is coming, some say Winter is here, the bear is sleeping, some are anticipating the bull to return, many opinions to be honest. THEN why should I resist burning my hands in this heat?

The problem lies in the start: Either these crypto start-ups are messing with the whole industry with malice or they have been played by the already established big players and because of all of them the market is suffering there are no two ways about it, but I think with pinch of sense & laws players can still figure this Chaos, at least I hope!

So first please don't get disheartened about the gloomy reality I'm going to sell at first but I will come down with a good one, bear with me for a few sentences.

In the last few months, we have seen drops in various crypto currencies ranging from 20% to 70%, with an estimated $2 trillion in losses. Industry observers had already predicted a surge in crypto M&A beginning in early 2022, and in a recent interview with Barron's, John Todaro, a senior crypto and blockchain researcher at Needham & Company, said he believes this downturn will lead to a wave of crypto mergers and acquisitions in the second half of this year and even into 2023.

Valuations have dropped across the board this year as the market has experienced unprecedented volatility, according to Todaro, and "the valuations for public crypto companies have fallen by about 70% this year." These lower valuations may make these companies more appealing targets for acquisition, and activity in this area has already begun to pick up.

According to recent CNBC coverage, some larger cryptocurrency companies are already looking for acquisition targets to drive industry growth and help them acquire more users. Todaro believes that the majority of M&A activity will be crypto-to-crypto acquisitions rather than traditional buyers, though there is still an opportunity for non-crypto companies to capitalise on these lower valuations, and some are already doing so.

We may see an increase in the number of acquisitions across industries as valuations remain lower than a year ago, but if the crypto sector continues to experience this type of downturn, the level of activity in this area may be much higher than previously seen. That being said, both the target company and the acquirer should conduct the same level of due diligence on any transaction rather than rushing into any deal out of panic or haste.

The failure of Celsius Network LLC last month could be a sign of things to come for other troubled cryptocurrency startups, whose backers appear hesitant to provide emergency funds.

Now I believe when you see a failure (in our instance of this piece we can consider this failure to be a scam, or broken acquisition-M&A, fraud investment trap) you learn the mantra for success: In this first part, I will focus on two very recent forest fires in two parts of the Crypto world, one in Solana ( No, I'm not going into literally 'Phantom' attack on Solana, that's for another day) & the bloodbath between WazirX & Binance.

Fake it till You make it

I stole the popular caption from my friend's WhatsApp abouts, oops! No, I am not the guilty one here, where Macaliano Brothers ( two crypto developers) faked a whole DeFi ecosystem.

Something about Sunny Aggregator seemed off to cryptocurrency user Saint Eclectic.

Sunny was the newest decentralized finance (DeFi) app to hit Solana last summer, during the blockchain's scorching bull run, when its native token increased fivefold. Sunny had only been alive for two weeks when billions of dollars in cryptocurrency poured into this yield farm in early September. Saint and others, however, had some concerns: Who was the man behind Sunny? Why was its creator, "Surya Khosla," a pseudonym? Was the codebase examined? Will users' money be safe?

But like other crypto schemes, users didn't feel comfortable but they poured their crypto in.

So who was this Surya ?

Ian Macalinao, the chief architect of Saber, a Solana-based stablecoin exchange. As a result, he constructed the Sunny Aggregator on top of Saber.

That's just the tip of the iceberg.

Ian, a 20-something computer wizard from Texas, coded as 11 ostensibly independent developers and created a vast web of interlocking DeFi protocols that projected billions of dollars of double-counted value onto the Saber ecosystem. As the network approached its peak last November, this temporarily inflated the total value locked (TVL) on Solana. TVL is regarded as a barometer of on-chain activity by DeFi devotees.

"I devised a scheme to maximize Solana's TVL: I would build protocols that stack on top of each other, allowing a dollar to be counted multiple times," Ian wrote in an unpublished blog post that CoinDesk reviewed. The blog post was written on March 26, three days after Cashio, one of Ian's secretly built protocols, was hacked and lost $52 million.

What is total value locked (TVL) in crypto and why does it matter?

Since the rise of Decentralised finance (DeFi) in 2020, financial market experts have grappled with a new type of investment and sought ways to assess its performance.

Aside from market capitalisation, trading volume, and total and circulating supply, total value locked (TVL) is a popular crypto indicator among DeFi investors for determining the overall value of assets deposited in US dollars or any fiat currency across all DeFi protocols or in a single DeFi project.

DeFi assets include rewards and interest derived from traditional services such as lending, staking, and liquidity pools, which are delivered via smart contracts. For investors looking to support the DeFi platforms with the highest rewards, TVL in staking, for example, is a particularly useful indicator. It represents the amount of assets deposited by the liquidity providers and is the total value locked in the DeFi staking protocols.

TVL will have reached nearly $2 billion in global revenue by 2022, up from $400 million in the previous two years. With the growing popularity and value of DeFi in the cryptocurrency space, TVL has become an important metric for investors looking to determine whether the entire ecosystem or a single protocol is healthy and worthwhile to invest in.

While TVL is simply defined as the total value of cryptocurrency locked in a smart contract, there are other factors that can affect the value of DeFi projects.

DeFi platforms require capital to be deposited as loan collateral or liquidity in trading pools in order to function. TVL is important because it indicates the capital's impact on the profits and usability of DeFi applications for traders and investors.

When the TVL of a DeFi platform increases, so does its liquidity, popularity, and usability. These elements help to ensure the project's success. A higher TVL indicates that more capital is invested in DeFi protocols, with participants reaping greater benefits and profits. A lower TVL implies less money available, which leads to lower yields.

TVL is counted in a not-so-smart manner. If you stacked protocols on top of each other, the TVL would be doubled (or more). Combine that with multiple accounts controlled by a single person (aka a Sybil attack in the case of Ian, Sunny Aggregators), and you have the makings of a delusion of great wealth and inclusion.

Ian wrote that he despised this "vanity metric," but that "it bothered me that Ethereum TVL was so much higher" than Solana's, because, in his opinion, DeFi projects on Ethereum - the largest blockchain for DeFi - are "stacked" to double-count deposits.

"I wanted to create a system very similar to this," he wrote. "If the same team built each protocol, TVL would be more ridiculous as a metric. As a result, I created more anonymous profiles," he wrote.

Ian wore 11 masks. In public, Ian and his brother Dylan referred to their anonymous personas as "friends" or "friends of friends." Their "Ship Capital" coder club was laying the "blueprints for my ideal DeFi ecosystem," Ian wrote in an unpublished blog. Saber and its so-called liquidity provider (LP) tokens anchored everything.

The frightening reality was that The Macalinaos wanted other crypto protocols to become so reliant on Saber that "its failure would result in the entire system going down," as Dylan put it on October 1, 2021. "By the way, this is the 200 IQ [Saber Labs] strategy, which few understand..."

Through this Sybil attack and its subtle anonymous puppets, these anons have constantly abused crypto users’ trust. 0xGhostchain's Cashio project provides a compelling view into how the "army of anons" pumped double-counted value into Saber.

Cashio's CASH was introduced last November, near the peak of the crypto market, as a "decentralised stablecoin" with dollar-pegged Cryptocurrency backed by "liquidity provider" tokens. (LP tokens are a type of cryptocurrency that holders "stake" in order to earn additional yield. They are distributed by DeFi protocols to users whose loaned tokens keep trades running smoothly.)

As collateral, Cashio only accepted LP tokens from Saber. Last November, Saber, an "automated market maker" with over $1 billion in TVL, was a major DeFi trading venue for stablecoin pairs on Solana. (The current TVL for Saber is $90.6 million.)

To generate yield, Cashio relied on Saber ecosystem projects created by Ian's anons.

It first used Crate to package Saber LP tokens into "tokenized baskets," which Ian created under the alias "kiwipepper." It routed those "crates" through Arrow, a yield redirection platform built by Ian as "oliver code." Finally, Cashio stated that it earned a return by staking these deposit derivatives in Sunny Aggregator. Profits were directed to Cashio's treasury, which was overseen by a decentralised autonomous organization (DAO).

Sounds complex melancholy? CoinDesk asked two prominent Cashio users to explain the app's complicated process; neither could. The app's "about" page was also " don't know much".

When were the users interested in the process? They saw a lucrative deal! CASH holders could deposit their LP-backed stable coins into Sunny liquidity pools and earn 10% to 30% returns. According to one trader, if they had deposited Saber LP tokens into Sunny instead of Cashio, they would have received only 5% -10%. It didn't matter that both were powered by the same crypto asset.

The implications of ramming deposits from Saber-to-Cashio-to-Crate-to-Arrow-to-Sunny-or-Quarry were even greater for Saber. According to Ian, it converted $1 of visible TVL into $6. Many DeFi projects gauge their worth by touting total user deposits, abbreviated as TVL."TVL can only count if protocols are built separately," Ian wrote, explaining why the protocols of his anons appeared to be built separately.

Cashio's true origins are revealed in Ian's unpublished blog. Ian rushed to finish an exemplar of Saber LP-backed stablecoins as 0xGhostchain in time for Breakpoint, the Solana ecosystem's largest-ever gathering of fellow developers. Ian wished for others to imitate Cashio, he wrote. Each protocol that replicated its reliance on Saber LP tokens would act as a liquidity spigot, allowing more TVL to flow into the $1.7 billion mothership.

"This is part of why the code was insecure, it was rushed for this deadline," he wrote on March 26, after a hacker spoofed Cashio's unaudited smart contracts with bogus collateral, draining the company of $52 million.

It's unfortunate that in crypto We are so focused on the fight against double payment that the double counting got passed. It is a common practice in traditional financial markets known as a money multiplier. So it works like this: every bank that holds retail investors' money in their account can hold a minimum value, say 10% (this value is determined by the regulations of the country of operation), and the rest of the money can be lent out again, which is 90%. This is taken by a new entity, and the cycle continues. As a result, this process generates a double count of the double count. In macroeconomics, the money multiplier is important because it determines the money supply, which affects interest rates. It is also important in banking because it influences monetary policy and banking sector stability. Unfortunately, De-fi has hit the same bug but as now the community knows it can we do something different in smart contracts on chains?

Can we now take a pinch of Salt, When it comes to the projects which are creating tokens as liquidity for other tokens? But many people succumb to its hype and FOMO… The questions we need to ask and retrospect which should be the ideal matric for valuation in Blockchain? Or is there no ideal ‘fit for all’ metrics, will it vary from project to project?

Another factor contributing to TVL's poor evaluation value is that many of the largest smart contract platforms have artificial demand. They have massive ecosystem funds (up to $1 billion!) that they use to attract developers. These developers then create projects that frequently provide very high percent APY for early product usage. There's nothing wrong with that, but when those incentive programs run out, all the yield farmers take their money out of the protocol and go somewhere else, depleting a project or even an entire chain.

Take TVL with a grain of salt, especially if you're new to the game.

This will surely take time to sink in, to read the headline on The potential Ethereum Successor " Solana as "Why Solana Is The Biggest Scam In Crypto, According To A Software Developer!" It's hard to swallow as web 3.0 Advocate. This is Part 1: The Questionable Valuation Metrics in the Crypto ecosystem: Crypto Financing Conundrum, in Part 2, I will go into the details of the bloodbath between WazirX and Binance, what exactly part ED & Indian-Chinese govt are playing & how the now standard Merger & Acquisition of crypto companies are stuck with legal challenges and what can be the way forward from here!

It will be a long weekend, Adios web 3.0 mates, see you in the Part 2 !

Thanks for reading Legosapiens By Shaswata! Subscribe for free to receive new posts and support my work.

Standing in today’s time of 4-5 cameras at back, 2 at the front, having curved (foldable for Rich for now) 6.7inch display, 8k video recording, 16GB RAM, and need to play the tagline “Console Level Graphics” game from PUBG, PES, Asphalt, Fortnite ( Not in the Antitrust Controversy of Apple & Epic; that’s for another day WE are spoiled consumers and knowledgeable too. We are skeptics, we research and invest hours before deciding on one brand, and then on the model, we also need to know in-depth about camera sensors and processors-sub processors-AI/neural engines-ISPs and even security chips. We will watch our favorite tech YouTuber’s reviews of the newest and freshest chocolates of Apples, Samsungs, and their Davids: Chinese counterparts ( autocorrected into counterfeits, the wrong statement, no worries I myself use one Chinese brand smartphone) Xiaomi, Vivo, Oppo, Oneplus and Huawei. Pixels, Nokia, Sony Xperia, Asus, and Motos are not mainstream buying habits in India so if you use those don’t hold me for the offense of not taking the name of your smartphone brand in the same line.

In this stark contrast between using smartphones in 2012 and now in 2022, what’s the problem that let me write an entire article? Yes, there are! 

Today’s smartphone users are much more tech-savvy, for example, take a look at home, my mother when bought her first smartphone in 2012 she bought HiTech, one forgotten Chinese brand which the salesman pushed her into, then in 2015 she bought LAVA one family member suggested her into, recently she bought Samsung M series, and guess what? No, she just asked me to confirm her choice. She did not go for Samsung brand image, she watched a lot of reviews, comparisons, camera tests, battery tests, service experiences, and performance tests to reach a decision.

And My mother is not the only one. You all might experience it, right?

Here the problem lies... No, not with ourselves, We have been much smarter in choices, but the smartphone companies became much smarter in manipulating our choices also.

People who see a lot of youtube content of smartphone reviews, you will see reviewers ( can refer to MKBHD, Unbox Therapy, Mr. Mobile, MrWhosTheBoss, C4ETech, Technical Guruji, UrAvgConsumer, Linus Tech Tips, GeekyRanjit, etc) come performance test or reviews or performance comparison between different smartphone CPU, GPUs of different companies talk about Real World Performance or Like say, “ We all know benchmarks don’t always translate into real day to day work, etc” but also shows the AnTuTu, 3DMark, Geekbench, AI, PCMark for Android Benchmarks of those smartphones. 

And the PROBLEM IS SMARTPHONE COMPANIES MANIPULATE THESE BENCHMARKS OR CHEAT IN THESE BENCHMARKS: Practically smartphone companies get caught cheating with smartphone performances!

It is happening from the time when the smartphone performance benchmarks come and no consequences of these actions, Funnily strange enough?

What are the Benchmarks and what it is supposed to do?

A benchmark, at its most basic level, is an app that determines how quickly your phone can perform certain tasks. It puts the phone through a series of tests to determine its maximum capacity. The theory is that if you put enough stress on the phone, it will function at its best. That performance may be graded numerically, with each number positioned in relation to the others.

This is the problem with benchmarks. There is no such thing as an absolute scale. Every benchmark has its own scale for grading applications. You can't compare two benchmark programs; you can only compare two devices that are both running the same benchmark.

And what it is supposed to do and how?

Benchmarking each smartphone literally takes hours.  Benchmark testers basically begin the test, wait till it finishes evaluating and record the result. It’s just not done yet. You start all over again and perform the same operation a couple of times. Mind you this is only for one benchmarking test. The reason behind performing the test in multiple iterations is that the result varies each time. So, why does that happen? The working of the smartphone CPU is quite complex. At times it might use just two cores to do a job, while the same job might require four cores if there are multiple applications in the background. So, the evaluated performance is not even all the time. This is why there is a need to run multiple iterations and later average them out.

It’s always a wise thing to take these benchmarking numbers with a grain of salt and there is a multitude of reasons why you should do that. In any field that involves electronics, there is tolerance. So, the performance is not always the same. Having said that – the consistency of all the electronic components has greatly improved.

For example, the compiler used for evaluating ARM-based silicon is not the same for gauging the performance of an Intel-based chipset. Now if you want to take a look at some of the most common Benchmark apps, there are

AnTuTu Benchmarking 

Geekbench 3 Benchmarking

Quadrant Benchmarking

Basemark Benchmarking

GFX Bench

Benchmark cheating & background manipulation :

The action of whitelisting a benchmark app by optimizing the maximum performance of the smartphone just for specifically targeted benchmark app is generally considered by the industry as cheating since it defeats the purpose of a benchmark, which is to reflect user experience for day to day use.

Back in 2013 When Anandtech learned about some of Samsung's antics with the GPU of Exynos chipsets on the Galaxy S4, it blew up into a larger investigation of the practice among many of the mobile manufacturers at the time - with all of them being found guilty. The Samsung case finally resulted in a winning $13.4 million class-action lawsuit verdict against the business — AnandTech, a tech analytics website, was the first to notice the discrepancy and was even included in the court filing.

Over the years, the naming and shaming worked, as merchants rapidly abandoned such tactics for fear of media reaction - the drawbacks significantly surpassed the rewards.

In 2017, Apple was also caught in this manipulative practice, no they did not cheat on benchmarks, Apple has been fined 25 million euros (£21 million, $27 million) for intentionally slowing down older iPhone models without informing customers.

The DGCCRF, France's competition, and fraud watchdog levied the penalties, claiming that customers were not informed. Apple confirmed that it did slow down some iPhones, but said it only did so to "prolong the life" of the devices. the company confirmed it did slow down some models as they age, but not to encourage people to upgrade.

It claimed that as the lithium-ion batteries in the gadgets aged, they became less capable of meeting peak current demands. As a result, an iPhone may shut down abruptly to safeguard its electronic components.

After that iPhone 6, iPhone 6s, and iPhone SE received a software upgrade that "smoothed out" battery performance. A client verified the practice after posting performance tests on Reddit, claiming that their iPhone 6S had slowed significantly as it aged, but had suddenly speeded up again once the battery had been replaced.

But every OEM did not get the same clean chit from users, OEMs of all sizes (including Samsung, HTC, Sony, and LG) took part in this arms race of attempting to fool users without getting caught. 

One investigation on the OnePlus 3T caught that OnePlus was targeting these benchmarks by name, and was entering an alternate CPU scaling mode to pump up their benchmark scores.

Oneplus at that time assured they will not again target any benchmark and will not use this coded manipulation in cheating. But without any such regulations and legal implications. But again in the case of Oneplus 5, they went one step further, the cheating mechanism is blatant and aimed at maximizing performance, unlike last time which did not increase scores by much on average, but did reduce variance and thermal throttling.

. XDA Developers literally put the headlines in their posts, “ [UPDATED STATEMENT] Do NOT Trust OnePlus 5 Benchmarks in Reviews – How our Review Unit is Grossly Cheating at Benchmarks”.

And ..Again… With the Oneplus 9, they cheated in the benchmark again! Anandtech in their test discovered weird behavior on the OnePlus 9 Pro flagship: Popular apps are performance limited, while benchmarks are unaffected. After repeated incidents, year after year Performance benchmarking platform Geekbench, at last, delisted the OnePlus 9 and the OnePlus 9 Pro.  Geekbench officially stated, “ It's disappointing to see OnePlus handsets making performance decisions based on application identifiers rather than application behavior. We view this as a form of benchmark manipulation. We've delisted the OnePlus 9 and the OnePlus 9 Pro from our Android Benchmark chart.”

In 2018 Huawei P20, Huawei Nova 3, and Honor Play were delisted from 3DMark for benchmark cheating.

OPPO Find X and F7 were delisted from 3DMark for benchmark cheating in that year only,

But the big fish caught in 2020, when the SOC maker Mediatek get caught cheating and yes, these chips were in most of all Chinese OEM smartphones, MediaTek was cheating on benchmarks by creating a whitelist of applications that would run the device in a special ‘Sports Mode’ that significantly boosts the performance of a device beyond it’s real-world day to day capabilities and would be unsustainable in day to day usage. Shockingly the cheating mechanism had been hiding in plain sight for years in some innocuous-looking code. Hidden in the firmware there is a .xml file with a list of popular applications with various power management tweaks, including a list of popular benchmarks that would kick off MediaTek's Sports Mode.

 After the article came out about Mediatek malpractice, first of all, they denied the allegation directly. Their official press release says, ‘We believe that showcasing the full capabilities of a chipset in benchmarking tests is in line with the practices of other companies and gives consumers an accurate picture of device performance’’

Other SoC vendors and smartphone vendors that got caught “cheating” in the past have owned up to their behavior and cleaned up their acts.  MediaTek doesn't seem to back down from this at all. In fact, the company published a blog titled ‘Why MediaTek Stands Behind Our Benchmarking Practices’ on their website shortly after the Anandtech article on catching Mediatek malpractice went live.

And all comes down to this 2022, February-March Samsung Mobile.

the company is accused of throttling 10,000 Android apps—but not benchmark apps. It sounds like the scheme OnePlus was caught running last year. Instead of boosting the SoC speeds when a benchmark app is running, Android OEMs are now turning down phone performance any time a benchmark app isn't running. It's like benchmark cheating but in reverse.

Samsung's throttling app is called the "Game Optimising Service." 

Users of the Korean message board Clen.net found wildly different benchmark scores depending on whether benchmark apps had their original names or not.

The list also includes every popular third-party app you can think of—Netflix, Disney+, TikTok, Facebook, Twitter, Amazon, among others. The only apps you reliably won't find on this list are benchmarking apps. Geekbench, 3D Mark, PCMark, GFXBench, Antutu, CPDT, and Androbench are all missing from the list.

And the result was not so much as easy criticism, Geekbench accuses Samsung of benchmark manipulation, delisting the last four years of Galaxy flagships.

Regulatory Demand : 

Unfortunately, these smartphone companies(OEMs) and SOC makers are not bound to not do this malpractice or cheating by any law not in India nor in any specific law. Benchmark cheating, Performance throttling, and performance push in certain actions and apps are not defined by the state or any common stakeholder bodies. We can say these make companies look bad in the eyes of consumers and reviewers, but this reputation loss can be the right redressal method. These malpractices by OEMs and smartphone chip makers are clear manipulation to trick consumers to buy into their products-services which should come under the Consumer Protection Act,2019 in India and also by whitelisting benchmark apps or some specific apps are an abuse of power and position and raises antitrust concern for rest of the apps and even competitive OEMs it should be taken into consideration By Competition Commission of India under Competitions Act. There is a massive regulatory void in regulating and controlling these under the hood CPU-GPU level cheating or antitrust actions by these companies for over 10 Years. It is now time for the stakeholders and government should take note of this situation more seriously and actively, GeekBench or 3D Mark Delist can be the investigation starter but there should be proper procedural safeguards for consumers and competitors and a proper checking process and regulating structure with legal statutory backing. I hope my short article can be the start to the end of mischief by these smartphone companies ( OEMs & SOC makers)

BTS: Thank You AnandTech & XDA Developers for being the Angels in Demon.

Image credit: Fortune

The "Fourth Industrial Revolution" is being dubbed quantum computing, and it will transform the way we use and perceive technology. Traditional computers cannot match the computing capacity of these ultrafast machines. Quantum physics underpins its technology. It has the potential to disrupt a wide range of sectors, as well as have a direct influence on cybersecurity and privacy. Large technological firms including IBM, Google, Intel, and Microsoft have put major money towards the project. In truth, IBM Quantum is an organization-wide endeavor to develop universal quantum computers for use with its supercomputers to solve complicated problems. Once a result, as this type of technology becomes more common, other manufacturers will follow suit. But unfortunately, India is still far off the race of quantum computing where China is leading the race. 

Quantum Computing in a box:

Qubits, or quantum bits, are at the heart of quantum computing. Quantum computers employ them as the fundamental units of data. Unlike normal bits, which store data as either 1s or 0s, qubits use the quantum phenomena of superposition to store data. This means they exist as both 1s and 0s at the same time.

In computers, this has the advantage of exponentially increasing the amount of data that can be processed. A pair of qubits that can be either 1s or 0s can represent four different states. Eight qubits can be represented by three qubits. However, 300 qubits can hold more states than the number of atoms in the universe.

The Ministry of Electronics and Information Technology (MeitY) unveiled the 'Quantum Computer Simulator (QSim) Toolkit' in September 2021 to provide academicians, industry experts, students, and the scientific community in India with the first quantum development environment. This is the result of an INR 8,000 crore budgeted investment to support quantum technology development and adoption in India. A few private companies and startups have started to develop these critical quantum components, but most hardware is still imported.

Quantum computing's power, like that of many other revolutionary technologies, has some worrying legal implications. Because quantum computers are so far ahead of ordinary computers, it may result in an unfair power balance in society. An individual or organization using a quantum computer might simply get beyond a normal device's defenses.

Some of the most prevalent concerns here are privacy and data security. An organization with a quantum computer, such as Google, might decrypt any modern encryption standard that an ordinary user has, putting their privacy at risk. This could jeopardize whistleblower protection, as whistleblowers are responsible for 70% of collected fraud damages. And it's quite risky to wield this much power without sufficient legal and ethical guidelines and organization.

Legal Principle Prospect :

At this time in February 2022, World Economic Forum Annual Meeting 2022 provides a roadmap for these emerging opportunities across public and private sectors. The principles have been co-designed by a global multistakeholder community composed of quantum experts, emerging technology ethics and law experts, decision-makers and policymakers, social scientists, and academics.

"At the start of this historic transition, the important opportunity is to address ethical, societal, and legal concerns well before commercialization," said Kay Firth-Butterfield, World Economic Forum's Head of Artificial Intelligence and Machine Learning. "This study is an early intervention and the start of a multidisciplinary, global discourse that will steer quantum computing development for the benefit of all society."

In adapting to the coming hybrid model of classical, multi-cloud, and soon quantum computing, the Forum’s framework establishes best-practice principles and core values. These guidelines set the foundation and give rise to a new information-processing paradigm while ensuring stakeholder equity, risk mitigation, and consumer benefit.

The governance principles are grouped into nine themes and underpinned by a set of seven core values. Themes and respective goals defining the principles:

1. Transformative capabilities: Harness the transformative capabilities of this technology and the applications for the good of humanity while managing the risks appropriately.

2. Access to hardware infrastructure: Ensure wide access to quantum computing hardware.

3. Open innovation: Encourage collaboration and a pre-competitive environment, enabling faster development of the technology and the realization of its applications.

4. Creating awareness: Ensure the general population and quantum computing stakeholders are aware, engaged, and sufficiently informed to enable ongoing responsible dialogue and communication; stakeholders with oversight and authority should be able to make informed decisions about quantum computing in their respective domains.

5. Workforce development and capability-building: Build and sustain a quantum-ready workforce.

6. Cybersecurity: Ensure the transition to a quantum-secure digital world.

7. Privacy: Mitigate potential data-privacy violations through theft and processing by quantum computers.

8. Standardization: Promote standards and road-mapping mechanisms to accelerate the development of the technology.

9. Sustainability: Develop a sustainable future with and for quantum computing technology

Quantum computing core values that hold across the themes and principles:

Common good: The transformative capabilities of quantum computing and its applications are harnessed to ensure they will be used to benefit humanity.

Accountability: The use of quantum computing in any context has mechanisms in place to ensure human accountability, both in its design and in its uses and outcomes. All stakeholders in the quantum computing community are responsible for ensuring that the intentional misuse of quantum computing for harmful purposes is not accepted or inadvertently positively sanctioned.

Inclusiveness: In the development of quantum computing, insofar as possible, a broad and truly diverse range of stakeholder perspectives are engaged in meaningful dialogue to avoid narrow definitions of what may be considered a harmful or beneficial use of the technology.

Equitability: Quantum computing developers and users ensure that the technology is equitable by design, and that quantum computing-based technologies are fairly and evenly distributed insofar as possible. Particular consideration is given to any specific needs of vulnerable populations to ensure equitability.

Non-maleficence: All stakeholders use quantum computing in a safe, ethical and responsible manner. Furthermore, all stakeholders ensure quantum computing does not put humans at risk of harm, either in the intended or unintended outcomes of its use, and that it is not used for nefarious purposes.

Accessibility: Quantum computing technology and knowledge are actively made widely accessible. This includes the development, deployment, and use of the technology. The aim is to cultivate a general ability among the population, societal actors, corporations, and governments to understand the main principles of quantum computing, the ways in which it differs from classical computing and the potential it brings.

Transparency: Users, developers, and regulators are transparent about their purpose and intentions with regard to quantum computing.

The Quantum Computing Governance Principles is an initiative of the World Economic Forum’s Quantum Computing Network, a multi-stakeholder initiative focused on accelerating responsible quantum computing. Quantum computing will need new law of Quantum.

The next steps for the Quantum Computing Governance Initiative will be to work with wider stakeholder groups to adopt these principles as part of broader governance frameworks and policy approaches. With this framework, business and investment communities along with policymakers and academia will be better equipped to adapt to the coming paradigm shift. Ultimately, everyone will be better prepared to harness the transformative capabilities of quantum sciences – perhaps the most exciting emergent technologies of the 21st Century.

Horizon Worlds, Meta's virtual-reality social networking platform, was made public in December 2021. Early descriptions of the platform make it sound like it'll be a lot of fun, and it's been compared to Minecraft. Horizon Worlds allows up to 20 avatars to gather at the same time to explore, hang out, and develop in the virtual world. Trouble has begun to brew as Facebook prepares to launch its metaverse and virtual reality social platform 'Horizon Worlds.' In the Metaverse, sexual harassment has become all too common. Sexual impropriety of any type, of course, becomes much more acute in the Metaverse. In comparison to the ordinary internet, the metaverse adds another layer, making it extremely distressing for the victim.

According to Meta, a beta tester reported something unsettling on November 26: she had been molested by a stranger on Horizon Worlds. Meta disclosed on December 1 that she had shared her Horizon Worlds beta testing experience on Facebook.

The beta tester should have used a tool called "Safe Zone," which is part of a suite of safety precautions incorporated into Horizon Worlds, according to Meta's internal investigation. When users feel endangered, they can activate Safe Zone, a protective bubble. No one can touch them, talk to them, or interact with them until they signal that the Safe Zone should be lifted. 

In 2016 Jordan Belamire wrote an open post on Medium about being grabbed while playing Quivr, a game Stanton co-designed in which players shoot zombies with bows and arrows.

Belamire mentioned joining a multiplayer mode in which all characters were identical save for their voices in the letter. "I was sitting out next to BigBro442, waiting for our next attack, in between shooting down waves of zombies and demons." BigBro442's disembodied helmet suddenly turned to face me. His floating hand neared my body, and he began to stroke my chest virtually. 'Stop!' I screamed... This enraged him, and he pursued me around the room, grasping and pinching my chest even when I turned away from him.

“There I was, being virtually groped in a snowy fortress with my brother-in-law and husband watching.”

Stanton and his cofounder, Jonathan Schenker, immediately responded with an apology and an in-game fix. Avatars would be able to stretch their arms into a V gesture, which would automatically push any offenders away.

Stanton, who today leads the VR Institute for Health and Exercise, says Quivr didn’t track data about that feature, “nor do I think it was used much.” But Stanton thinks about Belamire often and wonders if he could have done more in 2016 to prevent the incident that occurred in Horizon Worlds a few weeks ago. “There’s so much more to be done here,” he says. “No one should ever have to flee from a VR experience to escape feeling powerless.”

Metaverse sexual harassment is sexual harassment :

"Many online replies to this episode were dismissive of Belamire's experience and, at times, hostile and misogynistic," according to a recent study of the events surrounding Belamire's encounter published in the journal for the Digital Games Research Association. Given the virtual and humorous setting in which it occurred, readers from all perspectives struggled to comprehend this behavior." Belamire vanished from view, and I couldn't find her on the internet.

After Belamire's Medium essay, there was a lot of discussion on message boards about whether or not what she had experienced was genuinely groping if she wasn't physically touched. When virtual reality is immersive and genuine, toxic behavior that occurs in that environment is as real, according to Katherine Cross, an online harassment researcher at the University of Washington. "At the end of the day, virtual-reality settings are designed to fool the user into believing they are physically in a given space, that their every bodily activity is taking place in a 3D world," she explains. "It's one of the reasons why emotional reactions can be more intense in that environment, and why VR causes the same internal nervous system and psychological responses."

That was true in the case of the woman who was groped on Horizon Worlds. According to The Verge, her post read: “Sexual harassment is no joke on the regular internet, but being in VR adds another layer that makes the event more intense. Not only was I groped last night, but there were other people there who supported this behavior which made me feel isolated in the Plaza [the virtual environment’s central gathering space.

Perhaps the underlying issue is the impression that when you play a game or participate in a virtual environment, there is a "contract between developer and player," as described by developers and platforms. "As a player, I agree to be free to do whatever I want in the developer's world as long as I follow their rules," he explains. "However, as soon as that contract is broken and I'm no longer at ease, the company's job is to return the player to wherever they want to be and make them feel at ease."

The Big Question :

The question is, who is responsible for ensuring that consumers are at ease? Meta, for example, claims that it provides users with tools to help them stay safe, effectively shifting the responsibility to them. But what about the already happened groping or any sexual or any offense? what about the offender and punishment?

image: wired

Will the restriction on the offender's activity temporarily or permanently prevent him from making such offenses in the virtual world or in case real life? Are not these avatars not an extension of our real identity and should not this offender get charged under IPC, CrPC, and in situations that demand other legislation like Sexual Harassment of Women at Workplace Act,2013, I was just talking about India. Now consider other jurisdictions too.

"We want everyone in Horizon Worlds to have a great experience with easy-to-find safety tools—and it's never the fault of the user if they don't use all of the capabilities we provide," said Meta spokesperson Kristina Milian. "We will continue to improve our user interface and gain a better understanding of how people use our products so that users may easily and reliably report issues." Our goal is to make Horizon Worlds a safe place to visit, and we are dedicated to achieving that goal."

Milian said that users must undergo an onboarding process prior to joining Horizon Worlds that teaches them how to launch Safe Zone. She also said regular reminders are loaded into screens and posters within Horizon Worlds.

Image credit: Meta

Until we figure out whose job it is to protect users, one major step toward a safer virtual world is disciplining aggressors, who often go scot-free and remain eligible to participate online even after their behavior becomes known. 

We need deterrents, That means making sure bad actors are found and suspended or banned. (Milian said Meta “[doesn’t] share specifics about individual cases” when asked about what happened to the alleged groper.)

If there's one thing that's apparent, it's that no one is directly responsible for the rights and safety of those who participate in virtual worlds or anyplace else online. The metaverse will remain a hazardous and troublesome realm unless something changes.

[ I am not against Metaverse, Technological evolution is always most welcome with required responsibility. Law needs to move ahead and the metaverse centric companies and users both need to be cautious and the regulators & metaverse companies are proactive, In my #MetainBeta series I will share my thoughts on metaverse legal and ethical problems and solutions, I Hope companies take note of concerning opinions and improve. We need both Technology and Humanity to win together.]

Last evening I saw my father was making the next plan for the trip and the first thing he did, opened google map and tried to gauge the distance to the destination from our home and what’s nearby locations, landmarks, traffics, transport mediums, restaurants, etc. I know for sure when my family will reach there that they will mostly rely only on google maps.

And who am I saying? While thinking and writing on this piece I felt hungry and ordered some fried chicken through Zomato ( in your case any food delivery app ) and tracking the delivery person on google Maps extension ( consensual tracking pun intended ).

And..and. Remember waiting for a cab and it’s showing your ride is 5 mins away!

And whatnot else? For Google maps( Market leader as say) We will never be lost in any place with an active internet connection where Humans have reached till this date….I mean if  Google Earth - satellite imagery can reach that will still do. Now Google offline is there to help with remote places.

It’s no wonder Google Maps solved and changed the way we travel, think about mapping, and many more. Yes, they have solved many pain points. But for that did we and should we give consent to track us 24/7? 

Google Map Knows Your search History :

The "Web & App Activity" settings on Google detail how the business collects data, such as user location, to provide a "more personalized" experience. For the 18 months, any site you look at in the app gets saved and included into Google's search engine algorithm, whether it's an adult site, a biryani recipe, or your local weed supplier.

Google thinks you're probably creeped out by this. That's why the company employs so-called "dark patterns," which are user interfaces designed to entice us into making decisions we might not otherwise make, such as by emphasizing a choice with different typefaces or brighter colors.

For the experiment Vice Media, they created a fresh Google account to explore how tough it would be for a new user to avoid the black patterns. They were shown a pop-up after pressing the "Create Account" button that said the account was "configured up to include customization elements" in little grey letters, with a much larger blue button that said, "Confirm." Vice accepted the above-mentioned "Web & App Activity" settings by clicking "Confirm." The less visible "More options" button opened a new page with extensive and complicated explanations as an alternative. To opt-out, consumers still have to deactivate the "Web & App Activity" settings manually. Now to think my father or a normal user would go to this extent to opt-out is quite a stretch.

If you do not share your search history, Google Maps restricts its features.

You'll notice a circle in the top right corner of your Google Maps app if you're linked in with your Google account. You can simply log out if you don't want to do so. The log out button is, of course, somewhat buried, but it can be accessed as follows: Log out of Google Maps by clicking the circle > Settings > scrolling down > Log out of Google Maps

If you're not signed in to your Google account, Google Maps will not allow you to bookmark frequently visited locations. If you don't log in, you'll see the "Tired of typing?" button when you click the search box, urging you to check in and encouraging you to collect more data.

Google Map can rat you out if you are not a good friend 

Google Maps, like good friends, wants to know your habits and encourages users to offer a quick public evaluation. "What did you think of the fried chicken wings? Assist others in understanding what to expect "After you've picked up your dinner, the app suggests. This appears to be a humorous, informal question, and it is based on the wonderful feelings we experience when we help others. However, all of this information is stored on your Google profile, making it easy for someone to find out if you're just passing by or if you reside nearby. 

And suppose you are trying to make a distance with your friend, google Maps ( path is Profile icon> Your profile > Edit profile > Profile and privacy settings > Scroll down > Restricted profile ). Now you are feeling at peace, right?

Google may rat you out and share your information with law enforcement agencies. Google's legal team assesses each case separately, according to its FAQ page on the subject. The corporation issues a transparency report every six months, but nothing has been released for 2020. Google received 81,785 requests impacting 175,715 accounts globally between July and December 2019, and disclosed information in the majority of cases, with 74 percent in May of 2019.  

If you turn on "Location History," your phone "saves where you go with your devices, even when you aren't using a specific Google service," as this page explains. This feature is essential in the event that you misplace your phone, but it also transforms it into a true tracking device.

Google is Great 

"At the core of what Google does is providing useful, meaningful experiences," the big tech claims on its website, adding that knowing your location is critical for this. They claim to use this information for a variety of purposes, including "security" and "language settings" — as well as, of course, ad sales. Advertisers can also use Google to see how well their advertisements reached their target (you!) and how often people visited their physical stores "in an anonymized and aggregated manner." But only if you choose to participate (or you forget to opt-out)

Evil Attorneys are in a war against Great Google 

The Attorney General's Office of the District of Columbia, as well as the Attorneys General's Offices of Texas, Washington, and Indiana, are suing Google for misrepresenting customers and breaching their privacy.

AG Racine Leads Bipartisan Coalition is suing Google Over Deceptive Location Tracking Practises That Invade Users' Privacy.

His claim is that Google Is relying on “dark patterns” to undermine users’ informed choices: To gain access to user location data, Google manipulates its users through deceptive design choices that alter user decision-making in ways that harm the user and benefit Google. 

AG Ferguson files a lawsuit against Google for secretly tracking consumers’ location.

He alleges that even when customers switch off "Whereabouts History" in their account settings, Google collects data on their location. Google profits from this dishonesty. The ability of Google's billion-dollar advertising company to tailor adverts to people based on information about their whereabouts is crucial.

When users enable the "Location History" setting, Google saves information about their location in order to "offer you tailored maps, suggestions based on locations you've visited, and more," according to Google's account settings.

Even when location access is off on Android devices, Google follows them. Android users, who must negotiate a confusing network of settings on both their device and their Google account, have it even more difficult to control location tracking. This was not made clear to users by Google.

AG Pax­ton Sues Google for Deceptive Track­ing Users’ Loca­tion With­out Consent.

In his most recent Geolocation case, Attorney General Paxton claims that Google misled Texas consumers by continuing to track their location even when they tried to stop it. Google exploits the illegitimate data it collects to tailor adverts to consumers, resulting in massive earnings from improperly gathered personal data.

According to the latest Google lawsuit, the corporation misled Texas customers by continuing to track their personal location even after the user thought he or she had disabled it. The falsely obtained data is then used by Google to push adverts to consumers, resulting in massive profits for the Big Tech giant.

Attorney General Todd Rokita sues Google over deceptive practices in harvesting Hoosiers’ location data.

Although Google offers a wide range of products and services, targeted advertising and advertising analytics account for the majority of its earnings. Google collects personal data from customers in order to market them attorney General Rokita's lawsuit aims to ensure that Hoosiers are no longer forced to give up their privacy. He also wants Google to pay back all revenues and benefits it received as a result of its illegal conduct. Finally, he wants civil fines imposed on Google for violating the Indiana Deceptive Consumer Sales Act. terms based on their expected interests, which is a valuable part of the company's business.

Not the conclusion :

Google said that the attorney general's charges were unfounded, and it has made numerous improvements to its privacy policy to help consumers protect their location data.

A representative for Google stated, "The attorneys general are launching a case based on incorrect claims and outdated assumptions about our settings." "We've always included privacy features in our products and given users a lot of control over their location data." We will adamantly defend ourselves and correct the record."

But there is smoke there’s some fire! And We have to watch out keenly if really House of Google is on fire or not? Google and other big techs are dodging the bullets for quite some time. Maybe it is time to stand up as accountable. And India needs to be more proactive against the red-eye surveillance of tech companies.

After all, in the digital world, they are for us, not the other way around!

These powerful companies utilize such dossiers to curate the content that each user sees on their platforms — not just advertising, but also newsfeeds, suggestions, trends, and so on — in order to keep users engaged so that more ads can be provided and more data can be mined.

Surveillance Advertisement & Protest

Because extreme material gets the most engagement and profit, major social media sites reinforce hate and conspiracism by developing and feeding users increasingly extreme content. Everything from COVID-19 scams and bogus disease treatments to white supremacist groups and Holocaust denial has benefited from their algorithms & ML-AI.

Facebook and Google's monopoly strength and data-mining techniques have given them an unfair advantage, allowing them to monopolize the digital advertising market and siphoning off cash that once supported local newspapers.

So long as it serves their financial interests, Big Tech will continue to stoke discrimination, divisiveness, and delusion — even if it drives targeted violence or sets the framework for an insurgency

A multinational coalition of consumer protection, digital and civil rights organizations, and data protection specialists has joined the rising chorus of voices calling for a ban on "surveillance-based advertising."

In an open letter to EU and US policymakers, the international coalition — which includes Privacy International, the Open Rights Group, the Center for Digital Democracy, the New Economics Foundation, Beuc, Edri, and Fairplay — calls for legislative action, calling for a ban on ads that rely on "systematic commercial surveillance" of internet users to serve what Facebook founder Mark Zuckerberg calls "social good."

Previously, the EU's senior data protection supervisor called for a ban on targeted advertising that relied on ubiquitous tracking, citing a slew of potential rights violations.

Last year, the European Parliament called for stricter limits on behavioral advertising.

In my last blog, I was calling for the USA big-tech companies to take action and put trust & transparency back for consumers and their surveillance loving government for a change has taken a stance that can potentially reshape the tech industry.

What’s this proposed The Banning Surveillance Advertising Act all about?

"The Surveillance Advertising Ban Act accomplishes exactly what it says in the name. "

With the exception of wide location targeting to a designated area (e.g., municipality), the legislation prevents advertising facilitators (e.g., Facebook, Google DoubleClick, data brokers) from targeting ads," according to a press release announcing the proposed legislation.

"Advertisers will not be able to target ads based on protected class information or any information they purchase under the bill."

The Federal Trade Commission, state attorneys general, and private lawsuits can also enforce violations, it continues.

Individual users can also sue platforms like Facebook and Google if they break the law, with up to $5,000 in damages available per violation.

The bill would also make it illegal to target advertisements based on protected class characteristics like ethnicity, gender, or religion.

The bill's sponsors are Democratic Reps. Anna G. Eshoo of California and Jan Schakowsky of Illinois, as well as New Jersey Senator Cory Booker.

The bill has the support of a number of organizations, including the Anti-Defamation League (ADL) and the Electronic Privacy Information Center (EPIC); companies like DuckDuckGo and privacy-focused services provider Proton; and academics like Shoshana Zuboff,( author of The Age of Surveillance Capitalism), Joan Donovan,( Research director at the Harvard Kennedy School's Shorenstein Center on Media, Politics, and Public Policy); and Woodrow Hartzog(professor of law and computer science at Northeastern University)

Target Advertisement was not for the betterment of consumers, are you sure?

Targeted advertising, according to tech corporations like Facebook, is a good thing because it means that the ads people see on their platforms are more relevant to their interests. However, Facebook and others collect vast amounts of data on users' preferences, location, attributes, and more in order to support that targeting, placing that data in danger. Third parties can use that data for their own harmful objectives or use the firms' ad platforms to target certain groups of individuals with falsehoods.

But according to experts "The 'Ban Surveillance Advertising' legislation gives the FTC key new definitions of an 'unfair and deceptive act' in relation to sharing personal data with online advertising corporations and data brokers—a critical shift that will provide existing federal frameworks additional accountability levers." This new legislation also clarifies that a State Attorney General can pursue civil action against an ad tech company that violates the new requirements, which is an important provision that ensures that multiple legal organizations (FTC + State AGs) can investigate and hold these data brokers accountable.

Bidstream data is the flow of sensitive data that parties can access by participating in the ad bidding process, and regulation may be effective against it. Surveillance corporations have used this data in goods they sell to the government, as Motherboard has documented. The regulation appears to place a special emphasis on location data, which might be the "death nail" for dangerous data brokers like Safegraph, which have created global data supply chains with dozens, if not hundreds, of advertising companies feeding crowd data.

Now everything will be fine after this bill proposal?

Facebook's recent 'turn to privacy,' its desire to lock in its first-party data advantage (by integrating the infrastructure of separate messaging apps), has been met with widespread criticism.

It's also why Google is developing a set of alternative adtech to take the place of third-party monitoring cookies. Although its planned successor — the so-called 'Privacy Sandbox' — would still allow its algorithms to cluster groups of Internet users into 'interest' buckets for ad targeting purposes, which isn't ideal for Internet users' rights either. (Concerns have also been expressed about competition.)

When it comes to its 'Sandbox' plan, Google may be was considering the potential of The Surveillance Advertising Ban legislation that forbids — or at the very least regulates — microtargeting. And it's racing forward with building alternative adtech that would have similar targeting potency (maintaining its market power) but might perhaps avoid a prohibition on microtargeting technicality by substituting out people for cohorts of online users.

It’s just the trailer…

Legislation attempting to prohibit a predative but complex business model cannot rely on rhetoric to close technical data supply chain gaps. Regrettably, the 'Ban Surveillance Advertising' legislation appears to make no attempt to mimic the GDPR terminology, which classifies businesses in a data supply chain as either 'controllers' or 'processors.'

Legislators addressing this act will therefore need to be tactful in how they draft clauses intended to tackle the damage caused by surveillance-based advertising. And Let’s hope these companies understand the gravity of this legislation.

Taking an example…..

The Austrian data protection authority ruled on December 22, 2021:

“In the opinion of the data protection authority, the Google Analytics tool (at least in the version of 14 August 2020) can thus not be used in accordance with the requirements of Chapter V of the GDPR.”

In this case, the website's "anonymization" method for IP addresses had not been properly applied. Regardless of this technological peculiarity, the regulator ruled that IP address data as personal data since it could be combined with other digital data to identify a visitor, similar to a "puzzle piece."

As a result, the Austrian Data Protection Authority found that the website in question — netdoktor.at, a health-focused website that had been exporting visitors' data to the US as a result of implementing Google Analytics — had violated Chapter V of the EU's General Data Protection Regulation (GDPR), which governs data transfers outside the bloc.

"It cannot be excluded that these intelligence services have already collected information with the help of which the data transmitted here can be traced back to the person of the complainant," the regulator writes in the decision.

This is the first verdict on noyb's 101 model complaints, which were brought following the "Schrems II" decision. As part of an EDPB "task force," regulators coordinated on these cases, and other EU member states are expected to make similar decisions. The DSB decision from Austria appears to be the first to be issued.

Google Analytics may soon also be outlawed, according to the Dutch privacy regulator Autoriteit Persoonsgegevens (AP).

For a long time, Google's services have been criticized in the Netherlands for not providing adequate privacy protection. The Ministry of Justice and Security (J&V) declared in March 2021 that the central government would not be migrating to Google Workspace for Education. According to the ministry, there were still too many privacy concerns that needed to be addressed.

Schrems II…..

And this traces back to 2020, Court of Justice of EU hit the paradise of US Tech companies at their chests, The CJEU delivered its landmark "Schrems II" judgment in July 2020, declaring that transfers to US providers that come under FISA 702 and EO 12.333 violate the GDPR's limits on foreign data transfers. As a result, the CJEU has declared the transfer agreement "Privacy Shield" null and void, after the nullification of the prior agreement "Safe Harbor" in 2015. The European Union's Court of Justice (CJEU) determined that utilizing US providers violates the GDPR since US surveillance rules require corporations like Google and Facebook to hand over personal data to US authorities.

While this caused a stir in the tech world, US ISPs and EU data exporters have mostly ignored the situation. Google, like Microsoft, Facebook, and Amazon, has relied on "Standard Contract Clauses" to keep data transfers going and keep its European business partners comfortable.

Max Schrems, honorary chairperson of noyb.eu commented: "Instead of making significant changes to their services to comply with GDPR, US companies have attempted to sidestep the Court of Justice by simply adding some language to their privacy policies. Many EU firms have followed suit instead of moving to legal alternatives."

While Google has submitted submissions claiming that it has implemented "Technical and Organizational Measures" ("TOMs") such as erecting fences around data centers, reviewing requests, and implementing baseline encryption, the DSB has dismissed these measures as completely ineffective when it comes to US surveillance.

Unfortunate Probable Future…

The most widely used statistics program is Google Analytics. Despite the fact that numerous alternatives are housed in Europe or can be self-hosted, many websites rely on Google and thereby send their users' data to the US multinational. The possibility that data protection authorities would progressively rule US services illegally adds to the pressure on EU companies and US suppliers to seek out safe and legal alternatives, such as hosting outside of the US.

In the long run, it appears that the US tech companies like Google have two options: either it adapts baseline safeguards for foreigners to support its tech economy, or US providers will have to hold foreign data outside of the US.

USA Government’s Love of Surveillance….

But I think the USA government and regulators have a different stance on this whole surveillance and data transfer fiascos.

Federal authorities in the United States have been surreptitiously tracking WhatsApp users for the past 35 years, with no explanation as to why or who they are targeting and if they want and maybe what they are already doing with Meta and other tech companies.

In November 2021, DEA officers sought that the Facebook-owned messaging business track seven users based in China and Macau, according to a recently unsealed government surveillance application in Ohio. The DEA didn't know the identities of any of the targets, according to the app, but instructed WhatsApp to track the IP addresses and phone numbers with which the targeted individuals communicated, as well as when and how they used the service. Such monitoring is carried out via pen register technology and is governed by the 1986 Pen Register Act. It does not seek any message content, which WhatsApp could not supply anyhow because it is end-to-end encrypted.

Over the last two years, as Forbes reported, US law enforcement has repeatedly ordered WhatsApp and other internet companies to install such pen registers without providing any probable cause. The government order to track Chinese users was accompanied by the statement that the Justice Department just needed to provide three "components" to support tracking of WhatsApp users, as it had done in previous cases. They include the applicant's identity, the name of the attorney or law enforcement officer who filed the application, and a certification from the applicant that "the information likely to be obtained is important to an ongoing criminal investigation being conducted by that agency."

A snapshot from a federal order on WhatsApp reveals that US investigators had no idea who the seven people they requested data on. ( Copyright: Forbes )

According to a survey, most Americans don't trust firms with their personal data and believe they have little control over what information is collected about them and how it is used.

The Pew Research Center reported on Friday that nearly 80% of Americans are "somewhat" or "extremely" concerned about how firms exploit their personal digital data, confirming a fear that had always existed. Furthermore, 81 percent of adults believe they have little or no control over the data collected by businesses.

The Washington Post reported in 2013 that the National Security Agency and its British counterpart had essentially hacked reams of information from customers of Google, Yahoo, and other American internet companies without their knowledge, based on documents from former US government contractor Edward Snowden. Intercepting internet traffic from undersea internet cables or other access points between business computer centers outside the US was how the spy agencies did it.

Google, Microsoft, Then Facebook, and Yahoo have increased their usage of encrypted technology, which scrambles the content of messages or phone calls so that anyone listening in can only hear gibberish.

The drama is yet to be concluded….

These Big Tech companies time and time are hacked by their government and made to use their services for government surveillance and unfortunately, all classified information does not get so-called compromised so we do not and will not never how much dark web conjured these big tech companies. 

Google Analytics and the example of Whatsapp being used for surveillance may not have a lot of common points. But one thing is clear because of laziness in adopting necessary compliance and safeguards after Schrems II by Google and lack of trust in USA silicon valley’s privacy standard ( USA Government’s frowning over Big-tech ) is getting them gradually boycotted and strictly regulated in other jurisdictions.

It is high time for these tech companies to wake up and take charge of their own mishaps. And maybe they can try to make understand surveillance heavy USA government why they are called as BIG-TECH?

The UAE Cabinet Office announced the much-anticipated Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data ("PDPL") on November 27, 2021. The PDPL is the UAE's first comprehensive federal data privacy law, governing the acquisition and processing of personal data. It is part of a historic law reform meant to support the UAE's ambitious economic and innovation strategy.

The General Data Protection Regulation ("GDPR") has had a significant impact on the PDPL, and it is typically linked with larger international data protection practices, with essential transparency and accountability concepts established in the PDPL.

Definitions

The PDPL employs terms that are extremely similar to those used in the GDPR (e.g., "personal data," "data subject," "processing," "controller," and "processor") and provides broadly similar meanings.

The GDPR's specific categories of personal data definition is comparable to that of sensitive personal data. There are notable distinctions; for example, the PDPL definition includes information about a person's family and criminal history. While criminal offense data is processed differently under GDPR than other personal data, it does not fall under the definition of special categories of personal data.

Territory

The PDPL governs the processing of personal data by any of the following entities:

A data subject who lives or works in the UAE; a controller or processor-based in the UAE, regardless of whether personal data is processed within or outside the UAE; or a controller or processor-based outside the UAE who processes personal data of data subjects who live or work in the UAE.

When a non-EU organization processes the personal data of EU residents, the GDPR does not immediately apply; certain conditions must be met (targeting or monitoring). In this way, PDPL is more expansive.

GDPR, on the other hand, applies to organizations outside the EU where their processing is "in the context of the operations of an establishment in the EU" - that is, when processing is linked to an EU establishment even though that institution does not perform the processing. PDPL, on the other hand, only applies to process done by a UAE individual.

The law's application to data subjects mirrors the PDPL's phrasing, which is strange because data subjects commonly get an exemption if they process data for 'personal purposes.’

Exceptions

The UAE Data Office can exclude establishments that do not process a considerable volume of personal data under the PDPL.Entities in free zones where there are already laws in relation to personal data in place (namely the Dubai International Financial Centre, Abu Dhabi Global Market, and, potentially, Dubai Healthcare City).

The objective appears to be to exempt small and medium-sized firms. There is no analogous exception option for corporations in the GDPR.

Data protection principles

The PDPL includes general criteria for lawfulness, fairness, and transparency, as well as purpose limitation, data minimization, data quality, retention, and security, which are roughly similar to the GDPR's principles. The Executive Regulations may include further additional provisions.

Legal basis for processing

Consent is one of several legitimate bases under GDPR, however, it is not stated as the primary valid basis. However, unless an exemption exists, the PDPL prohibits the processing of personal data without the agreement of the individual. Processing without consent will be permitted, for example, if it is required to carry out a contract with a data subject; to comply with legal obligations; to protect the public interest; if the data subject has already made the personal information publicly available; or if the processing is required for the establishment or defense of legal claims or relates to judicial or security measures (amongst others).

The PDPL does not allow for processing on the basis of ‘legitimate interests pursued by the controller/a third party which is provided in the GDPR.

Consent

Consent must be a precise, informed, and unambiguous declaration or affirmative action, whether in writing or electronically, indicating the data subject's acceptance to the processing of personal data. This means that enterprises may no longer rely on the so-called "catch-all" permission that has been widely employed in the UAE.

Other consent requirements are similar to the GDPR's requirements. Controllers must be able to demonstrate consent. The method for getting consent should contain instructions on how the data subject can withdraw consent, and the procedure must be simple for them to follow. , The legality of the processing carried out previous to the withdrawal is unaffected by the loss of consent.

Data subject rights

The PDPL gives data subjects a variety of rights, including the right to access, the right to request a transfer (which is generally similar to the GDPR's right to data portability), the right to be forgotten, the right to restrict, the right to object, and the right to object to automated processing.

The PDPL's rights are ambiguous and subject to a number of exclusions that do not entirely align with the GDPR. Only under exceptional circumstances may the controller refuse a data subject's request. For example, if the request is for information not covered by the PDPL; or if the request is excessively repetitive, conflicts with judicial procedures or investigations; or if the request could jeopardize the controller's information security efforts or otherwise compromise the privacy and confidentiality of others' personal data. The information must be made available without charge. The PDPL does not provide a timeframe for a controller to reply to a data subject access request, but the Executive Regulations are likely to address this.

Technical and organizational measures

The PDPL, like the GDPR, imposes a broad security duty on controllers and processors, requiring them to implement measures that are proportional to the amount of risk.

According to the PDPL, the controller and processor must take technical and organizational measures to maintain a high level of data security appropriate to the level of risk, which may include encryption and pseudonymization, as well as technical and organizational measures that ensure the availability of personal information and measures for testing and assessing the effectiveness of implemented measures.

Data protection officer

Although the GDPR appears to have an impact on scenarios where a DPO is required, they are not the same. When processing sensitive personal data would result in a high risk to the data subject's privacy as a result of adopting new technologies, the processing would involve a systematic and comprehensive assessment of sensitive personal data, including profiling and automated processing, and/or the processing would be done on large volumes of sensitive personal data, the PDPL requires the appointment of a DPO.

The PDPL, like the GDPR, requires enterprises to hire a DPO with the necessary data protection skills and competence to oversee compliance.

The DPO might be an internal firm employee or an external party headquartered in or outside the UAE. As a result, organizations with DPOs for GDPR reasons might utilize the same person to fulfill a comparable job in the UAE, as long as that person has received training and assistance on UAE standards. Furthermore, the PDPL specifies that the DPO shall be provided with resources to ensure that they are able to fulfill their tasks.

Data protection impact assessments

When employing any modern technology that poses a high danger to privacy and confidentiality, the PDPL requires data controllers to conduct DPIAs. The GDPR defines "high risk" as a risk of infringing on a natural person's rights and freedoms; however, the PDPL refers to a high risk to the privacy and confidentiality of personal data. It needs to be seen whether this linguistic distinction translates into a big difference in practice. It's also worth noting that the PDPL restricts the DPIA obligation to situations using "modern technology." While the GDPR specifically mentions the use of new technologies, the duty to conduct a DPIA is not restricted to these scenarios.

The PDPL specifies the minimal information that should be included in an impact assessment, and these standards coincide with the GDPR's DPIA requirements. For example, a clear explanation of the nature and purpose of the processing activity in question, an assessment of the processing's necessity in relation to its purpose, an assessment of the potential risks to data subjects' personal information, and suggested measures to mitigate the potential risks of such processing activities.

Data breaches

Data breaches must be reported to the UAE Data Office as soon as they are discovered. Any breach of personal data that "prejudices the privacy, confidentiality, or security of a data subject's personal data" must be reported. The requirement applies to all data breaches, but the GDPR's supervisory authority notification requirement for personal data breaches does not apply to breaches that are unlikely to put data subjects in danger. The PDPL's stringent timeframe is remarkable - it is instantaneous, whereas the GDPR requires notification to be made without undue delay and, where possible, within 72 hours.

The controller must also tell the data subject of the breach, and unlike the GDPR, there is no higher threshold (e.g., high risk) for data subject notification than there is for reporting the Data Office. The Executive Regulations will include more information about alerting data subjects, including any reporting term.

Similar to the GDPR, processors must notify the controller of any breach as soon as they become aware of it (rather than the GDPR's "without undue delay").

International transfers

The PDPL, like the GDPR's idea of adequacy, permits for the transfer of personal data outside of the UAE to countries with an appropriate degree of data protection (albeit the Data Office has yet to produce a list of such 'adequate' jurisdictions). If any exemptions apply, it may be allowed to transfer data to other jurisdictions. For example, obtaining the data subject's explicit consent, if this does not contradict with the UAE's public or security interests, or if the transfer is required to fulfill duties or execute a contract with the data subject. We expect the Executive Regulations to include details of permitted countries, even though it is not explicitly specified in the PDPL.

Records of processing activities

The PDPL mandates that controllers and processors keep track of their processing activity. The content standards are substantially in line with the GDPR's equivalent obligations, with a few exceptions. Data controllers, for example, are obligated to include information about those who are allowed to access personal data.

Marketing

Businesses may only use personal data for direct marketing purposes with the consent of the data subject, according to the PDPL. Processing for direct marketing purposes is an example of processing that could be necessary for a controller's legitimate interests under the GDPR (through separate e-Privacy legislation that could require consent).

The PDPL, like the GDPR, gives data subjects the right to object to processing for direct marketing reasons.

Suggestive Sources :

1. UAE: Federal level data protection law enacted – Privacy Matters

2. Ensuring Data Protection - News | Khaleej Times

3. UAE - Data Protection Overview | Guidance Note | DataGuidance

4. Data Protection Legislation - Privacy - United Arab Emirates

5. UAE issues landmark personal data protection law: Clyde & Co

6. Data protection laws - The Official Portal of the UAE Government

7. Quick Comparison Chart (GDPR and DIFC) | Practical Law

8. The impact of GDPR in UAE | CMS Expert Guide

Bitcoin, Ethereum, and other cryptocurrencies have gotten a lot of attention in India and throughout the world amidst the uncertainty surrounding Covid-19. Many people believe that digital currencies (including private cryptocurrencies) are the way of the future. In the absence of restrictions, however, cryptocurrencies have been relegated to a speculative asset class with high volatility.

According to analysts, the cryptocurrency sector presents India with a significant growth opportunity, but positive rules are required to realize its full potential. According to experts, effective regulation and ease of doing business can help India become the world's largest crypto, blockchain, and Web3 leader.

Experts also said that India might learn from Dubai in terms of fostering crypto and blockchain-based startups and businesses in the country. Dubai is largely regarded as a global crypto powerhouse, having a welcoming administration, expat-friendly policies, and infrastructure, among other things. A clear and welcoming policy for investors and businesses can help India leapfrog the competition in the crypto market.

But I have some eyebrows raised in the chaotic buzz of cryptocurrency, NFT, Metaverse, and web 3.0, All of these are absolutely going to be mainstream sooner or later. Yes, Regulators need to move fast to catch up and secure these technological revolutions for society and the opportunities are endless in this new digital domain.

But..But.. I think we all are forgetting the central pivot of all these shiny techs, BLOCKCHAIN. It is the most real and most vital piece of technology which is maybe getting traction from startups, MNCs, and techies but Government needs to come fast with the Blockchain governing Act not just some policies.

And I think which country comes first to win the race of the next 20 years digital world ! So I have some questions and opinions why Government first look at Blockchain law rather than cryptocurrency bill :

1. First, coming to revolutionize the legal system in India, Can Blockchain technology be used for the digital stamp duty - electronically registration of documents?

For example, Karnataka is going to use Blockchain for property registration, and a pilot project of the same happened to be in one Haryana town.

2. As happened back in 2016 Jio's 4G plan for all & UPI combine, digital payment system ramped up, can Govt with the boom of Blockchain tech companies bring De-Fi in masses which will be easy for cross border payment processing, Interoperable, lower the trade finance and smart contract for the same effect?

3. Govt is coming with digital health infrastructure so my question is that health and a lot of other personal data fed to govt and big tech, Can We use Blockchain by solving the problem of Interoperability & securely share the sensitive health data, the question of this challenge in "Centralise or Federate "?

4. Digital commerce is in the next evolution phase in India. But as India has long roads, many intermediaries in between the manufacturer/ service provider to the consumers so Can e-commerce companies can employ blockchain, to create an automated system for managing invoices from and payments to its third-party freight carriers & other intermediaries.

As it can be viable for the likes of Delhivery, EkartLogistics, and e-commerce players. This is a case example of Walmart Canada, as in probably 2018 started as a now they are successfully renovating supply chain management.

5. All my queries come from the same joint point of Blockchain so we can implement Blockchain in our Whole digital infrastructure in India. I think rather than Cryptocurrency, NFT, metaverse, web 3.0, self-driving cars we should invest more in underlying Blockchain tech to solve real problems.

So, shouldn't the government focus more on policy for Blockchain technology and implementation of this tech, creating a proper Regulatory & Compliance Authority and also create separate legislation on the ambit of Blockchain only and related data privacy, payment, infrastructure, Media & Entertainment, health care, and other elements?

Share your take and opinion on this and let’s move this conversation to the regulators!

Subscribe now