Skip to main content

Can the law keep up with crypto?

Demystifying the law of the internet with crypto professor Tonya Evans

Share this story

Photo Illustration by Grayson Blackmon / The Verge | Photo by MDJ Photography

I’m going to let you in on a Decoder secret: at the end of last year, I tasked our producers with finding better ways for us to cover crypto and Web3 on Decoder. I don’t think it’s any secret that I’m fairly skeptical of crypto, but I want to come by that skepticism honestly — and on the flip side, I want to make sure to see its opportunities and benefits clearly. We’ve already done episodes on Bitcoin and DAOs (decentralized autonomous organizations), and we’re going to do more episodes as the year goes on.

A lot of Web3 ideas seem to run directly into the existing legal system in complicated and sometimes very funny ways. The NFT world seems to have an impressionistic understanding of copyright law. DAOs, well, they aren’t actually recognized as legal entities in most states. So in a very technical sense, they can’t actually do anything in the real world. But all these things still exist, and at some point, the law will have to catch up. 

So, today, I’m talking to Tonya Evans, a law professor at Penn State Dickinson Law. She teaches IP law, copyright, and blockchain. She also hosts the Tech Intersect podcast, where she covers how law and technology intersect. She has spent a lot of time thinking about crypto assets and how they interact with the law. Tonya’s point of view is that we shouldn’t just abandon many of the legal frameworks we have today — she just wants them to adapt to this new internet.

A few notes since the old law student in me can’t help trying to impress law professors when we have them on the show:

  • Tonya and I make reference to “the four corners” of an agreement. That’s lawyer slang for what a contract specifically covers.
  • We talk a lot about “partnership law,” which is how different kinds of companies are treated under the law. A “general partnership” is the default — everyone in the company is an equal partner and liable for everything the company does; an LLC or limited liability company is a company that protects the principals from being liable for what the company does. Right now, most states don’t recognize DAOs as any kind of company, which means they’ll be treated as general partnerships, and everyone in the DAO would be liable for what the DAO does.
  • And, we talked a lot about copyright law: the current copyright law in the United States was passed in 1976, with some updates in 1998 as part of the Digital Millennium Copyright Act, or DMCA. You’ll hear us say “copyright maximalist,” which is the idea that copyright should cover a lot of things and rights holders should have a lot of power over how their work is used, and “copyleft,” which is the idea that people should be able to use and modify works more freely for the public good.

That sounds like a lot, but trust me — this is a fun one.

This transcript has been lightly edited for clarity.

Professor Tonya Evans is a law professor at Penn State Dickinson Law, where she teaches entertainment law, intellectual property law, and blockchain — a rich intersection for our show. Welcome to Decoder.

Thanks so much. Happy to be here.

We have a lot to talk about, but I want to start with you. You are a lawyer and a professor. You have a long background teaching IP and entertainment law. How did you end up teaching cryptocurrency and NFTs?

Back in 2017, I fell down the proverbial rabbit hole trying to figure out what the heck blockchain is and  how it related to crypto assets. More broadly, folks focus on the idea of cryptocurrencies, but I used the broader term of crypto assets. I was not at all convinced about magic leprechaun money that lived somewhere on the internet. I’m licensed in four states — if it had anything to do with illegal activity, I wanted nothing to do with it because I’m going to hold on to my four licenses. Personally, I am always an early adopter of technology even though I don’t have a scientific or technical background per se. I thought it was important for me to at least figure out what it all is and what it means for the next wave of lawyers who have to really show up for businesses and technologists who are really creating the future today.

I started by focusing more on distributed ledger technology, which is a fancy way of describing blockchains. I also worked at the intersection of intellectual property and blockchain generally, but copyright in particular. There were a lot of open-source projects, and the fact that you have these public-facing digital records of transactions and balances — that was really interesting to me. I was starting to get some calls about folks who wanted to build on top of the layer-one infrastructure of blockchains. They wanted to monetize it, so I wanted to be conversant with the technology so I could best advise people — mostly entrepreneurs and startups in the space. I also wanted to be able to educate, again, the next wave of lawyers to really understand the intellectual property issues that were going to pop up in what we now commonly refer to as Web3.

So that’s 2017. It’s now 2022. I would say your predictions were correct.


There are many issues at play. It doesn’t seem like the legal frameworks have caught up to us, making some of these issues even more complicated. On the cultural side, the phrase “Web3” exists now. Everyone’s talking about it. You and I are talking just a few days after the Super Bowl, which was crypto ad city. From your perspective — having tracked it for five years or so — is crypto mainstream? Is this the time when it’s turning the corner and everyone has to understand it? Or is it still entrepreneurs, tech journalists, and lawyers who are building a framework so crypto can go mainstream?

These are the early days. The first blockchain is the Bitcoin blockchain that first launched in 2009. We are turning the corner, but it’s still relatively early. There are more folks than just technologists, or cypherpunks, or those who are either on the fringe of tech or the fringe of finance. We have more mainstream folks. That’s the reason that millions of dollars were spent for Crypto Bowl — also known as the crypto ads during the Super Bowl. Some really epic ones from Coinbase and FTX and — I am not paid by any of them. I would like to be. Please call me. I’m on Twitter.

But that’s when you know when it really hits the common ethos: when ad money is being spent to attract more folks not on the margins. Crypto really is still a very small segment of the larger financial markets. Even though the big banks and traditional finance have known about this technology for a long time, they were not forced to actually pay attention until now. Now crypto is a customer service issue; they want to make sure that they maintain their market share and maintain their control over their customers. Financial institutions want to make sure that if there’s some new hot product, they’re the ones bridging the divide between folks who don’t know about crypto and tech, so that customers actually stay with their financial products.

Those are the financial products. One of the things that strikes me about all tech companies is that the way you disrupt the incumbent is simple: you ignore the regulatory environment that costs the incumbent money. The example that always comes to mind for me is actually YouTube, which developed a dominant share of video streaming in the early days by just ignoring the existence of copyright law, more or less. I’ll pick on Viacom: Viacom could not have built a YouTube because they were the incumbent. They would’ve never been able to get the content onto any site they had built because their lawyers would’ve stopped them. YouTube was like, “We don’t have lawyers. We’re just a bunch of guys.”

“Lawyer-schmawyer,” right?

Right. The cost of compliance and the lawsuit against Viacom was worth it for the overwhelming profits they now generate for existing in the space. That is just a paradigmatic story of how internet companies get built. Do you think that’s what the crypto companies are doing now in relation to the banks? Do you think they’re ignoring their regulatory environments and saying, “We’ll pay the price down the line, but it’s worth it to get to where we need to go?”

It’s interesting because when I think about crypto life before companies, the whole point of it was decentralization — not having a centralized, more formal structure to actually deliver “products.” It’s antithetical, really, to the origins and the original ethos and spirit of crypto where it’s like, “We may not know each other or trust each other. We don’t trust government. We don’t trust big business. We’re going to trust the code. We’re going to share this common code across all of these different computers, and then it will be impervious to attack. It will be working outside of the traditional system.” Some parts of the internet and Web1 and Web2 were built like this as well. As you’re talking about the impact of regulation and maybe the perception of the absence of a regulatory environment — I don’t actually buy into that totally. I know that if I have a crypto wallet and you have a crypto wallet, we can, on a peer-to-peer basis, exchange value in the same way we did with MP3 files — not me, because I’m an IP lawyer, so I don’t believe in “sharing.”

See, I was a bad copyright lawyer because I represented the kids who got sued for using Kazaa.

And then I was like, “This is very depressing. I need to do something else with my life.”

Right? I read all these great cases and we think of Napster, Grokster, and Kazaa — now I know! But your point is well made. I attribute it more to startups and entrepreneurial endeavors where you move fast, you break shit, and then you figure it out after that. The cost of doing business and the overhead certainly is not just for traditional corporate structures, but more likely for entrepreneurs. The speed at which technology moves — it’s moving at this meteoric pace now. I liken it almost to birth pangs. We’re getting closer and closer and closer to something really epic and really big. It’s moving so fast, so we don’t really have time to sit around for two or three or 10 years for Congress to pass legislation or judges to render decisions. That’s just the speed of technology. This is no exception, because this is a technological innovation impacting and disrupting financial markets, as well as virtually every other sector in some form or fashion. Blockchain and/or crypto assets are having an impact, and it’s just moving really fast.

I think you make a good distinction between cryptocurrencies and crypto assets. There’s Bitcoin and Ethereum and other stores of monetary value, and they need to be regulated like money. But when you say crypto assets, you’re talking about inclusive of NFTs, inclusive of other crypto products, inclusive of DAOs. Those to me are in an even wilder West: you threaten the big banks. You threaten the United States Federal. The action’s happening — the train’s on its way. You threaten the sort of normative copyright system that we have in this country. Maybe nothing happens for a long time until you piss off Disney. There’s no action there. 

That, to me, seems like where I see NFTs and DAOs just stumble over and over again: when they come into contact with the existing regulatory structures. When an NFT product comes into contact with copyright law, something bad happens. When a DAO comes into contact with general partnership law, something bad happens. Why do you think there’s a gap between entrepreneurs and their ability to innovate out of these humps?

I think we didn’t do a good enough job. By we, I mean big business and all of the IP issues, generally — copyright issues in particular. You know them very well from the Web2 world where peer-to-peer technologies brought all the copyright infringement to the yard. It was a lot of the nomenclature around sharing. It was also all of the, I think ridiculous, suits coming from the music industry in particular and from other industries.

Those very ones I defended against.


I thought they were pretty ridiculous.

It’s unbelievable. We’ll sue you if you’re 13 or 92 and everybody in between, which is really terrible for the music industry. That’s a classic example of winning the battle and certainly losing the war. You saw other sectors within the industry kind of sitting on the sidelines to figure out that even if, technically, they were correct on the issues of law, it might be terrible for business for them to go and pursue it. You have other concerns — maybe perhaps as a matter of trademark, where you have an affirmative duty to police your mark. You don’t really have that affirmative duty on the copyright side, and there’s a lot of acceptable levels of infringement for the purpose of engaging with consumers. We saw a lot of that play itself out in Web2, but also the stage was set for the average person’s understanding and relationship to copyrighted information.

The whole lack of understanding between what it means to have fair use or public domain works when they are terms of art. You and I know they are terms of art. They have a specific definition. But some people will think that if it’s on the internet, it must be free: “If I can right-click and save it, then I can use it.” The advent of social media allows us to copy things, share things. When you think of the 106 rights of being able to reproduce, to copy, to distribute, to prepare adaptations, all of these adaptive works or what we would call derivative works, or the ability to publicly display or perform — all of that is commonly done with social media. The connection to ownership versus the ability to license and use, I think, is just not understood by most people.

Then transfer that into the non-fungible token space where the token isn’t the creativity, but it’s connected to the creativity. It’s this idea of some digital representation of some right or connection to something else. The way that we talk about it commonly now is something creative or something collectible, and so we’re just running up against it again with new technology. It presents some of the old questions that weren’t adequately resolved — just with another iteration of technology.

So one of our main ideas at The Verge comes from our features editor Sarah Jeong: that the only functional law on the internet is copyright law. It’s the only legal regime that everyone recognizes exists and can actually lead to results. You want YouTube or Facebook or Twitter to take something down, and if you come at it in any direction other than copyright law, your chances of success are not assured. If you come at it through copyright law, you can just open the DMCA portal and request a takedown and YouTube will probably do it. That law has a real power on the internet in a way that almost everything else does not. Everything gets filtered through the lens of copyright, whether or not it’s appropriate. We see that pattern play out over and over again.

I think we see it play out with consumers. I think the average consumer is more aware of YouTube’s DMCA policies or TikTok’s music rights policies than they’re aware of their local traffic laws, because they encounter the application of a regulatory system in their lives over and over and over again.

It took a long time to get there. Obviously, these platforms didn’t want to do it because they felt it was bad for business and they didn’t want to be the copyright police. We went through all of that with six strikes, or three strikes. But the advertising around DMCA — people may not even know what it stands for, but they know that acronym for sure because a lot of people were getting DMCA takedowns for all of the stuff they were sharing. That, coupled with the fact that people aren’t reading terms and conditions. That connection makes it very, very real for people in ways that pure contract law or other types of regulatory or legal regimes, they don’t come into contact. 

They can have all the advertising in the world. No one cares unless there are consequences. There were significant consequences for the platforms. They wanted to take advantage of [the DMCA’s] safe harbors, so they were pushing that down to the consumer. They tried kind of the nice way, but then you are going to get a notice. After a few notices, you’re not going to be able to access not only our product or our platform, but the interweb. That will get people’s attention for sure. That was before obviously the pandemonium and the essential nature of having access to broadband technology.

So that’s the DMCA. By the way, you’re correct. We didn’t even say what it stands for.

Digital Millennium Copyright Act. Everyone who listens now will get the A for the day. If you actually take nothing away from this interview, please know what DMCA stands for.

But put that next to NFTs — everyone knows about copyright law.


You can make a strong case that copyright is the only operative law on the internet as most people experience it. NFT is just like the Wild West: people are copying one another’s NFTs. There’s copy minting, where an NFT project takes off and somebody immediately just takes all the files and recopies them. There’s the generalized willful ignorance of copyright law existing from some NFT projects to begin with where the project leads are just using other people’s trademarks and works to make NFTs. Then they get lawyers and they complain that they’re being censored. 

It’s nuts to me, but it’s a real thing that happens. Why do you think that there is that willful ignorance of the underlying copyright law? To some extent, that’s what makes NFT valuable — the idea that you have a work that you can restrict the right to copy.

Yeah. It’s just a ton of speculation and it’s pure greed for money. When you think of art for art’s sake, there is a decided portion of the NFT space that is focused on the culture — focused on not just art, but also the value that comes from just owning something of value that you want to collect, not flip like it’s another token. We have a lot of speculators in the fungible token space, just meaning the Bitcoins and the Ethereums of the world — fungibility, long story short, just means interchangeable. So if you use the example of a dollar or a Bitcoin or an ETH — it doesn’t matter which one, so we’ll use physical cash because it’s easier to make the analogy. It doesn’t matter which dollar, even though they all have serial numbers on them, because they all have the same value. Non-fungible tokens are unique and have the potential to have extraordinary value. We’ve seen some that go for $69 million and everybody’s swinging for the fences for that one. It’s so easy to do. Ever since the late ‘90s with digital technology, peer-to-peer technology, the internet — the state of the technology makes it incredibly easy to make these near-perfect or perfect digital copies and sell them very quickly as well, on the OpenSeas of the world. Yes, I said it. 

There are several different types of minting platforms and sales platform environments, and each has its own approach to what is going to be offered for sale on their platform. We have DMCA takedowns going on, but it takes a long time to do.

By that time, the NFT may have already sold. This NFT that’s connected to infringed-upon art has sold a lot of different times. We have the problem of not readily being able to identify folks; although crypto and having a public wallet is pseudonymous, it’s not anonymous in the great majority of cases, so that’s a bit of a misunderstanding. 

It happens quickly. People flip it. People grab the money and run, and it’s a little more difficult — at least on the front end — to be able to hunt it down. I find that to be the bigger issue, or at least the issue you mentioned earlier with Web2. Again, it’s like on gas now. It’s just going at a much faster burn rate. The consequences are big because of the money, at least the potential for money that’s involved. Those platforms are going to have to tighten up their game. 

This has happened kind of in a Web 2.0 space: photographers got together and filed a class action suit last year. I don’t have the name of the case in front of me, but there are a lot of famous photographers who were concerned about the access that folks have to be able to reshare their framing, I think it’s called, on a website. They could pull, from Instagram, the actual post and then frame it within the context of an article, mostly happening in the entertainment world. The photographer said, “I wanted it shared on social media, but not on your site.” They all got together to say that it was a pattern and a practice of infringement that Instagram was not sufficiently guarding against the type of rampant infringement that almost every photographer was susceptible to. I think that type of class action suit could be really active against these minting platforms. There’s not one that we could speak about today, but there are enough concerns around OpenSea and too much being accessible without reproach, so we might see cases like that come up in the not-too-distant future.

That Instagram case is really fascinating. The Verge covered it; it’s a bunch of photographers’ class action suit against Instagram. The photographers claimed, basically, “You’re allowing people to embed our Instagram posts and they’re taking value from them.” 

I think most internet users are like, “What are you talking about? It’s an Instagram. Of course anybody can embed it. The whole point of the post is to share it.” The photographers are now filing a lawsuit to change not just a norm on the internet, but to create a precedent. The only logical outcome is that Instagram has to add a control that says this post is not embeddable, or if you want to embed this post, you’ve got to pay us, then we’ll channel that payment toward the —  I don’t know how it’d work.

Right. Good luck with that one.

Right. But suing somebody to get them to do something — at least when I was in law school, I was told that you can get money, but you can never get somebody to do something. No court is ever going to order somebody. That’s the hardest thing to do. Suing Facebook to get them to add software to their software seems really hard.

But then you take one step back. These photographers’ work is getting used for free. How do you solve that problem? I don’t know how to solve that problem in the case of Instagram. Do you think there’s any Web3 or blockchain products that can solve that problem? That’s the promise that I always hear, right? By turning everything into money, the money will flow more freely, especially to creators.

Or value. 


The NFT space is a great example of things that were sitting on the proverbial IP shelf, collecting dust. The NBA Top Shots of the world are like, “Hey, I think we could monetize that in the NFT space,” and they’re giving it a second life. Creating value and value streams are important. I don’t agree that there’s nothing that can be done. Do those technological capabilities exist? The short answer is yes — but at what cost to the platform, because that’s an added cost of doing business. They certainly don’t want to. Let’s analogize that to the privacy space, where the same companies that said, “We can’t use our technological capabilities to protect you against these various interactions with privacy threats and the like.” But then you go over to European nations and the same companies are asking you, “Well, do you want our cookies? If you don’t, that’s fine. You can turn them off.” There’s a whole different experience with privacy when you use a VPN or you’re in European nations than in the United States.

That means that technological capabilities exist. When companies are forced to do something in order to operate in a particular geofenced area, they will do it. I bring that all the way back to what we were talking about in the NFT space and copyright: if they’re required to do it in order to do business, they will do it. If they’re not, they won’t. That’s why we see a lot of companies spending a lot of time on Capitol Hill lobbying to ensure that there is as little that they are required to do as possible. Once they’re required to do something, it’s kind of a slippery slope from a regulatory point of view.

Again, I think we see that with privacy law, antitrust law, and certainly with at-market law. Are you seeing it in copyright law? It’s the area of law that’s slowest to move, but it’s also the area of law that affects everybody the most. That disconnect has always just seemed fascinating to me: you’re trying to get a bunch of internet users to change how they believe the internet works, which maybe you will never do. You have a bunch of creators who are saying, “Hey, I get ripped off all the time,” and you have platforms in the middle saying, “Yeah, we’re getting rich though.” More money than ever is happening on Instagram and YouTube and whatever.

Maybe you build some Web3 technology that allows people to get paid fractions of a Bitcoin whenever their work is displayed. That is the big promise, but none of that seems to be getting built either by any of these platforms.

Well, it is. This is a little bit slower. Now, in the world of Ethereum, there is a token standard, I think it’s 1155. There are three, four, maybe five platforms  now — I haven’t looked in the last few months — that use that instead of ERC 721, which is one of the original non-fungible token standards, piece of code in smart contracts. I don’t know how wonky you want to get with that.

Wonky is what we do. This show is deep in the weeds.

Cool, cool. So taking these token standards: you have these lines of code, and as long as you use these, you can build on top of them, but that core will create either an ERC 721, the first main non-fungible token standard, or 1155. But 1155 is creating the minting ability that you are referring to — to not just participate in downstream revenues on the same platform, but across platforms. If I sold something on Rarible or SuperRare, and then the next buyer takes it and sells it on some other platform, as long as that other platform also recognizes the 1155 standard, the person will continue to get paid. The problem is that someone can only be paid as long as it is sold on the same platform that it was minted on. The real game-changer is your ability to go cross-platform and be able to buy, sell, trade these NFTs.

But that is happening. It is operable on a few sites. The more minting platforms recognize this additional standard, it will allow these micropayments that you’re mentioning on the NFT side. I think that’s a really powerful thing for creatives, and I also think we’ll start to see some movement because there are more and more creatives who are not just consumers now. That was kind of the point of Web 2.0: there are even larger markets at this point in time to be able to sell damn near anything — evidently, you attach it to an NFT. That’s a whole other show that we could do. What are we attaching the NFT technology to? 

In addition to the creative and collectible — which is what’s sensational right now — we’ll see just average uses. Not just average uses, but also extraordinary uses to represent credentialing and identity. I’ve been out of school for a few minutes. If I had to go back to my high school — shout out to Friends’ Central in Philadelphia — to get my diploma, that can cost money and time. Who has time for that? But if the diploma could be represented with NFT technology, that could be really cool. We’re not exactly there yet, but those are things on the horizon.

Getting back to your original point about the consumer as creative: Once people are like, “You know what? I actually want to make money off of what I’ve created,” they’re going to start caring. People don’t care until they care. If they’re consuming without the requisite connection as a creative, they’re just not going to get it. They’re not going to get it because they want to use it, and they don’t want to pay for it. This is the whole thing. But when people have something that they’re selling, and they don’t want to be ripped off — that’s when you start getting people’s attention about what copyright actually protects, what it means, and how they can leverage it.

I wouldn’t say I’m pessimistic. I’m more skeptical about that. We live in a world where everyone who participates in the internet is a creator in some way, right? People are tweeting; they are posting on Facebook; they are creating TikToks.

But not for value. 

Right. They’re not doing it for money, but they also — this is way off into space.

Let’s go!

The controversy around TikTok dances: who gets paid when a TikTok dance gets famous and then Epic Games turns it into a Fortnite emote? A large group of internet users said, “Hey, somehow this video game has turned this cultural moment that everyone had for free into real money. Somehow that should have passed back down to us.” Then there was a flurry of cases. Alfonso Ribeiro, the actor who played Carlton on Fresh Prince of Bel-Air, he had that famous dance. He tried to sue Epic Games and said, “You ripped off my dance.” That, to me, was like — no, the goal is not to maximize copyright law and turn every little thing you do in the world into a potential infringement. It’s to somehow share the value of these shared cultural moments and have more of them. That’s what you actually want. You want a richer cultural life.

You’re coming from that copyleft, where everything wants to be free.

That’s me. That’s always been me.

I love it.

But I don’t see the balance there and I certainly don’t see any movement to change the actual law. Correct me if I’m wrong, but what I’m hearing from you is: eventually more people will participate in value and our norms will change. The way we interact with the law will change because more people will understand what the law means and what their rights are, and how they should interact with each other. Which, again, I’m not pessimistic, I’m just skeptical. I’m saying, “I think the law needs to change. And I don’t see any movement there that the law is changing to account for what is happening with NFTs and what is happening with the internet more broadly.”

Well, why on earth would you think we should change [the Copyright Act of 1976] with a few tweaks here and there? What on earth would make you think that we need a new law in 2022 when we have a perfectly good law from 1976?

That’s fair. The DMCA is from the millennium. Maybe it’s only 20 years old.

Fair. 1998. I stand corrected.

But even that did not contemplate how the internet would go.

Not at all.

What do you think needs to change?

Our system of governance is set up to move slowly. Congress, in the best of times, is set up to move slowly. Technology is not. From the piano roll days all the way to where we are now, technology advances, and we don’t have sufficient protections. When you think historically of copyright law, it’s not for the average person. Originally, it was just for the publishers to make money off of creatives. It has “evolved” — I’m using air quotes, because you all can’t see me — over time, but that was it. Now we have made some advances over time. We have the broadening of subject matter, but the broadening of subject matter without, to your point, real cognizable access to the average person, to the extent they want to leverage these rights.

You have worked with many people who believe that as long as you perhaps have some type of attribution — some people don’t even care about attribution. I think social media feeds into that. To your point, maybe we’re getting further away from that. But the law is what it is. Whether it is enforced, how and in what ways it’s enforced — that may change over time. But I’m seeing a groundswell — not a dramatic one — within the creative NFT community. People are very upset about what’s happening to their work and also doing a lot of self-regulation and self-policing. You can put something up in an NFT ripping it off from somebody else. You can mint all of the infringing NFTs that you want. Once the community finds out and they blast you on #cryptotwitter, or #NFTart, it’s game over. Your token is meaningless and it’s worth nothing. They put the kibosh on it well before anybody could go to small claims copyright court. Is that a thing yet? I haven’t been keeping up. It should be a thing this year.

I don’t know either.

They said it was coming. This is my point exactly. We were talking about this two years ago. I teach this every year, and I honestly don’t know the status of the small claims copyright court. Who has time? In order to even sue, people have to first register their copyright. People aren’t doing that. They’re left to self-regulation within a community. Thankfully, the NFT creative space is built on community. That’s the way that you see all these PFP projects selling out in 15 minutes, or you have these great one-for-ones and they’re being sold. It’s a community that supports it, and if somebody is a rogue actor within that community, their token will end up being meaningless. Maybe that’s the norm that we will see: extralegal — working outside of the legal regime — which may be the best result to avoid over-regulation, which also can be problematic in the copyright space.

Are there any cases that you’re keeping track of that have actually hit the court system?

Haven’t seen it yet. It’s so early. We’re just starting to see the cases on the fungible side where we have this BlockFi settlement with the SEC for crypto lendings. You see some of those cases and also enforcement actions from a securities perspective. We see the Commodity Futures Trading Commission waiting in the wings. The Securities and Exchange Commission, the SEC, some enforcement actions there, but far less so in the NFT space. 

NFTs really hit within the last two years, and so we’re just starting to see the larger focus on it from the average person. You’re going to have regulators wanting to figure out what’s going on in the space. I saw Commissioner Hester Peirce — she’s a commissioner known as “crypto mom” on the SEC — writing recently that the SEC needed to take a closer look and perhaps give some guidance on NFTs and when — not if, but when — certain NFT projects might also be considered securities. They just haven’t wound their way through enforcement, let alone hit a federal court just yet.

What are the controversies bubbling up that could turn into meaningful changes in the law?

These projects, in particular, that are really up against the line of securities: you send somebody a bunch of money and you’re trusting them, and they’re promising you that they’re going to give you a return on your investment at some future date. That really starts to come up against SEC rules and regulations. But there are a lot of projects that are close, also, to DAOs that are coming together for the purpose of raising money, like the Constitution DAO trying to buy the Constitution and things like that. Coming together to buy something sounds a lot like crowdfunding. Crowdfunding is very different from securities, but sending money based on advertising in the hopes of return on the profits by someone else’s effort is definitely coming up against securities.

The thing that looks like a DAO and a really cool idea to go buy something — does it start to run afoul of SEC rules if it then starts to fractionalize interest? We get to have these fractionalized NFT projects. If it currently exists and you want to buy a piece, that’s one thing. Let’s all buy a piece of the Mona Lisa. But if we’re all going to send money to this common enterprise for the purpose of, at a future date, getting return on the investment, that’s something that’s going to be problematic.

I want to talk about DAOs in a minute, but let me just wrap up the NFT piece. We had Scott Belsky, the chief product officer from Adobe, on Decoder. He told us they’re going to allow people to prepare NFTs for minting inside of Photoshop. That’s something they’re rolling out.


You mentioned OpenSea. They’re the largest NFT platform. It’s actually funny. We had our first fake NFT at The Verge and I went to our lawyers and I was like, “What are we going to do?” But they just have a DMCA portal, and they filed the request — just very simple. It was the same as any other social platform. Do you think these companies have a greater responsibility to police IP and copyright problems than they’re doing now? Do you think they’re in the right zone? Do you think that appropriate pressure is being placed on them?

At a bare minimum, they’re going to have to comport with the laws that already exist. Many of them weren’t set up to do that. They were like, “This is great. We’re going to allow you to mint. You’re going to free mint, and we’ll all make money and live happily ever after.” 

Then people started knocking on the door: “Oh, but I actually own that.” That became problematic. These are the same arguments that we heard from internet providers and online service providers back in the day: “We are just facilitating. We’re connecting people to do their own thing and we have nothing to do with it — except we’re making money.” 

That’s where secondary liability came from. That’s the push from a legislative point of view: to at least give them some opportunity to avoid secondary liability if they do certain things, and these minting platforms are no different than that. To your question, what action is going to be appropriate in addition to the standard DMCA notice and takedown? There is one significant difference: for the minting platforms that are storing the files on the InterPlanetary File System — IPFS — that means that file will persist. It’s one thing to take it down on the public-facing portion, but as long as it exists on IPFS, is it really taken down? I actually don’t have an answer to that today, but that is a problem that did not exist where you have centralized file storage, where it’s easy to not only take it down from a public view, but also double-delete. Evidently this goes on behind closed doors. That’s not as easy as it was in Web2, when we’re talking Web3 with decentralized file storage.

To me, this is one of the most complicated things. I’m glad you brought it up. In almost every other non-blockchain case, if you engage the power of the state in your controversy, the state can take something away: you made an illegal copy of my photo and you’ve got it hung up on your wall, and I sue you. I can take it away. It’s out of the system; I can destroy it or whatever. If you do a bunch of money laundering and you got a bunch of money you shouldn’t have, the state can go to your bank  and take your money out of the system.


You have a controversy in the blockchain, no one can delete anything from the blockchain, as far as I’m aware. That feels like it changes the nature of our relationship to not just stuff, but to society. Have you seen any legal or philosophical reckoning with that?

With the blockchain, we’re talking about the timestamped records of transactions and balances. There are times where in the memo line, you’ll see a reference to some other file, but separate and apart from the record of what happened at any given time — in some instances, it won’t be as controversial or problematic as we make it out to be in contrast to this decentralized file storage issue, which really takes us back to BitTorrent. Same type of thing; some aspect of it is going to persist over time. 

But to your point: what if we have an inaccurate record of something that happens? The accuracy is that this was recorded on a particular date and time, but what if it was connected to something that is inaccurate—

Or illegal.

—or illegal. What do you do about that? But the record of the occurrence of a thing is different from the thing itself. I don’t know if the record of it is as problematic. In fact, thinking about illegal activity: public-facing blockchains are terrible places to record [illegal activity], as you know [from recent coverage: A cringe rapper slash Forbes contributor allegedly found with billions in stolen Bitcoin.]

Did you listen to any of their rap songs?

I try not to, because I like my ears. I don’t want anything to do with that. I don’t want the internet police to know that I was listening.

We’re going to get Razzlekhan on Decoder. Creighton — he’s our producer — will hook this up.

Maybe it’s playing in the background and I don’t even know it right now. Shout out to Creighton.

We’re not buying those rights.

All right. Very good. It would be problematic to actually reach them right now, unless you have direct access to jail.

Do you own any NFTs?

I can neither confirm nor deny, but I do own my ENS [Ethereum Name Service] domain, because even if I don’t use it, I want to make sure nobody else uses it, so I had to buy up everything that remotely resembled Tonya Evans. Just like my domain names. I scoop them all up. As many as I can think of: Tonya Evans, Tonya M. Evans, IP Prof Evans. I had to scoop them all up.

That is the most IP lawyer answer. I wanted to prevent any infringing use, so I purchased everything affirmative. That’s great.


Last question here, and then I want to make sure we talk about DAOs. Let’s say you were just in charge of the American legal system.


I think you’d be a great steward of it. What changes would you make to copyright law right now to account for what we’re seeing?

Hmm. There’s so much. Gosh — we should have started this question about 30 minutes ago. First of all, to your point earlier, it has to be relevant to the state of the art and the norms of our exchange of information, and now exchange of value. The Copyright Act, under which we are operating today, could not even have contemplated what we are doing at this level in the creation and the dissemination and the adaptation of literary and creative works, and the way that we can do it quickly and easily. It’s interesting. There are other countries that have done more to protect user rights. Canada is a great example of actually codifying protections for users under certain circumstances. There may be a way to set up the regime. You think of the music industry and the compulsory licenses, or some caps below which you don’t even have to pay anything.

I’d just make it easier and safer because most people actually want to do the right thing when given the right information — but not under a 1976 law that’s been tweaked a couple of times when Mickey Mouse got upset. We have to fundamentally protect users while also maintaining the balance of this limited-time protection. I also think that copyright persists too long, because the duration of copyright is the life of the author plus 70 years after the author’s death. That is a long time for “limited times,” which is mentioned in article one, section eight, clause eight of the Constitution. I don’t know how you get that genie back into the box, but I think it persists way too long — particularly given the state of the art and how quickly technology moves.

See, now you sound like a copyleft person.

Me? I’m a professor now, but when I was getting the big bucks, I was singing a different tune for those first 10 years, but I believe very strongly in what you do as well.

Well, I don’t do anything anymore. I just talk to smarter people than me. It’s a great gig.

Let’s talk about DAOs. They are fascinating. We actually did have Jonah Erlich from the Constitution DAO on Decoder — fascinating conversation. It seems like DAOs are really good at what I would call database activity. You get a DAO together. You’re going to move some money around in a database. All the people are going to vote on what happens in the database. That is great. My theory is that the second a DAO encounters reality, it experiences a fatal event. The second you try to not do database activity, something bad happens to you.


That’s the Constitution DAO. They were capped in what they could spend; the other guy outbid them. Our senior reporter Adi Robertson is writing about the Spice DAO right now. They bought a book, but didn’t realize that it didn’t give them the copyright to the underlying Dune, which is very funny. Anytime they interact with reality, something bad happens and they die. Part of the reason is we don’t know what kind of company they are. They’re not an LLC. They’re not a partnership. They’re not all the stuff that you would learn about in law school, corporation law. Except in Wyoming. 

They passed a law saying DAOs registered in Wyoming can be LLCs, but DAOs recognized in any other state are not allowed to do business in Wyoming, which is amazing. That seems very problematic for anybody who wants to do business in Wyoming. What is the right framework for DAOs? Because I don’t think general partnership — for listeners who aren’t familiar, that means everybody who buys into the DAO is liable for everything the DAO does — I don’t think that’s what people think they’re buying into, but that’s the default in most states, at least as I understand it.


What is the right framework and how do we get across it?

Well, I love the way that Wyoming has approached this: they have over 20 laws on the books in some form or fashion regulating or providing regulatory clarity to folks who want to do business. When folks come together for the purposes of the DAO, they always want the upside. They don’t want any of the downside. They would think that the original organizer of the DAO — whether they actually know their names or not — is going to take the heat if something goes badly. By default, that is not what would happen. We will start to see that play itself out. 

Your mention of the Constitution DAO was interesting, because once they weren’t successful in the purchase, then it became the drudgery of, “How do we get folks their value back? What do we do next?” But it happened really fast, like in a week’s time. Think of how long most corporate entities have to get up and running, and you have all of these agreements, etc. Again, it’s the “move fast, break things” mentality of entrepreneurial endeavors. 

I like the way that Wyoming is at least giving a framework that makes sense. Oftentimes we see things percolate at the state level until there’s a tipping point that would require a federal response. You have to have some type of treasury that might be dedicated in case something goes wrong, some way to protect against the harms. Whatever the potential harms are that we would see with any governing structure that involves more than one person — you’re going to have to have some protections for them and for others who interact and do business with them. That doesn’t mean that the technology is flawed, but you want to just regulate or legislate around the potential harms to investors, to consumers, rather than to the technology itself.

Sure, we have to identify the harms, but right now, if I form a car-buying DAO and I’m not in Wyoming, the DAO can’t buy the car. The DAO doesn’t exist — it has no legal status as an entity that can do things. I have to buy the car and everyone in the DAO has to trust me. If they vote that I should sell the car or drive the car off a cliff, there’s no legal mechanism to actually make me do that thing outside of regular old contract law.

What’s wrong with regular old contract law?

Isn’t that the whole reason we have DAOs — to escape the bounds of boring old contract law?

Not to me, but I’m a rule follower. I’m the wrong person to talk about this with. You need a rule breaker.


Again, this gets to the point: there would be something illegal about taking people’s money and not doing what you had an agreement to do. It doesn’t have to be written on paper — are people still using paper? I don’t know — but “sufficiently permanent,” using language from the Copyright Act inappropriately. People’s understanding of the agreement gets really fuzzy when you’re using oral agreements or you come to a common understanding and it’s not recorded, but so much is actually recorded.

When you look at the organizational tools that DAOs tend to use, they’re going to use Discord or something else in a way that kind of sets in stone the communications around what the agreement is. So it’d be inaccurate to say that there’s nobody that — a court, if they came in and tried to unpack everything, could say, “What was the common agreement and where did it go wrong?” I’m more concerned about the enforcement of it than the existence of an agreement that might be enforceable as a matter of law. I also worry about the jurisdiction as well. Those are the things that concern me more than the existence of a breach of contract. Okay, we have a breach, now what the hell do we do about it? I’m more concerned about jurisdictional issues and enforcement issues than the existence of an enforceable agreement, which is a contract.

I have this vision of Discord chat logs being shown to a judge.

Me too.

The judge is saying, “The four corners of the agreement are in this Discord.” I’m going to go with you on that. That’s wild. I feel like we could do a whole hour on whether that would work.

I love that.

Sure, let’s say that you can prove you have a contract because of Discord logs and whatever else you’re using for your DAO.

They’ve used tweets too. This has happened. This is actually a thing.

People have used tweets to represent a contract?


I got to get off Twitter. The rule is never tweet — now we know why.

Right. You can’t use your phone, right? No email. Now no tweets.

I got to go offline. I’m pulling the internet connection after this conversation’s over. Okay, but let’s say  you can find the contract on Twitter. That jurisdiction question is really hard, right? Most contract law is state law.


Most of these DAOs are interstate commerce. Where would you even sue anybody?

I wrote a short piece on this and we had to cross this bridge, no pun intended, in a Web2 world as well, where there are all of these cross-border agreements and you had to deal with the enforceability of cross-border agreements, and the short answer is: there is an existing structure that supports cross-border contracts. How you overlay that onto this technology is not at all clear, but there is at least a framework. We’re not starting from scratch with cross-border agreements, because we’re kind of already there. This technology just takes it to the next level.

What’s the framework?

There are a lot of international treaties and conventions to codify how someone who is identified in one country [can be recognized in another country], as long as you have countries that are signatories. That’s also problematic if you have something where a country that is not signed up to be a part of a particular treaty or convention. Most of the ones that we would think about are already participating meaningfully and have existing structures for how those cross-border disputes would be settled. I can’t think of the precise treaties and conventions off the top right now, but if you have show notes or something like that — or I can tweet it out. That’s one thing that I can do as well, but I also have that up on my website at a copy of that particular paper that starts to unpack the various international treaties and conventions and how we might overlay that onto a blockchain world.

To me, that just gets really complicated, right? 


I’m a regular person, I see that Jonah and his friends want to buy the Constitution. I think that’s great. I’m going to throw some money at this. Now I have to go to and download a paper about my international treaty framework that might cause liability. It does not seem like anyone’s going to actually do that. It seems very complicated. It seems like a new kind of risk for something that seems like crowdfunding to normal people. How does that get reconciled?

This is the existential crisis that they may find themselves in: it’s “Down with the man!” and “Down with intermediaries!” until we need an intermediary. Are there intermediaries in a system or do we reimagine the role of intermediaries so they’re not just rent-seeking and exacting a premium, but adding value. To the extent that you need an intermediary to do certain things to navigate when things go badly — I think the space is great when things go well. There’s no reason to talk to me when things go well. It’s when things go badly. 

It’s not a matter of if, but when: we are not all altruistic out here, protecting each other and making sure everything goes well. The law and the framework of law is for when things go badly. We have a ton of lawyer jokes — they’re all funny until you need one. What are the protections and frameworks that don’t hyper- or overregulate the space, but provide the protections for consumers and investors in a meaningful way that allows the innovation to continue while it doesn’t harm people in the process? 

You said you’re a rule follower, so maybe this is kind of a layup question for you, but I think it is also philosophically very interesting. There is an underlying sense that the reason NFTs, DAOs, and smart contracts work better than the legal system is because the law itself is code. The idea is that contract law is not actually a legal system: it’s just code. Anybody can see the code. You can audit it — maybe someone will build a front end to audit it for you in a more user-friendly way. The code is law. I don’t think that the United States government is going to just take a step back and be like, “Yep, the code is law.” We still have laws and you can make code do illegal things fairly easily, as we’ve seen over and over again. Does that tension ever get resolved?

The way that I approach this question is that the technology was not developed in a vacuum. It is developed in a construct that we all buy into of these laws. Not everybody buys into it. Some people are completely off the grid. Awesome, be completely off the grid, but the moment that you need police or fire, or you stop at a stop sign, you are complying with laws. Regulation is all around us in so many different ways at the state, local, and federal level.

The fact that technology doesn’t exist in a vacuum means it has to comport with the laws that we’ve all agreed to abide by. If we don’t want to do that, then you change the laws — but when you have more than one or two or three people in a society, this is the way that we all interact and coexist relatively peacefully without killing or harming each other in the process, intentionally or unintentionally. So technology is going to have to comport with the laws, and as it continues to develop and comes at tension with existing laws, the question is: do we tweak and amend? Is there some hybrid? Do we do complete sui generis law, something completely new? I think that we are at a time in technology where we are going to need some new laws for a new day because the future is now.

All right. That is as good a place to end it as I can imagine. The future is now. Tonya Evans, thank you so much for coming on Decoder. This was great.

Appreciate you. Look forward to the next time.

Decoder with Nilay Patel /

A podcast from The Verge about big ideas and other problems.

Subscribe now!