John Reed Stark

In recent days, a number of leading retailers have announced that they are initiating processes to allow consumers to complete purchase transactions using bitcoin or other cryptocurrencies. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at these developments in the retail industry. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.


Warren Buffett, perhaps the most celebrated investor ever known, refers to bitcoin as “rat poison squared.” I disagree. Bitcoin is worse than rat poison – it is more akin to the plague and mayhem that rats can spread if not properly contained. Now, the bitcoin plague has spread to U.S. shopping malls.

Thanks to a new initiative, several big name retailers, including Crate and Barrel, Nordstrom, and Amazon-owned Whole Foods, according to Fortune, will now reportedly accept bitcoin and three other types of digital currency.

At first glance, creating cryptocurrency payment arrangements for retail products might seem like a no-brainer, falling squarely in line with classic, basic and critical marketing principles.  Consider all the benefits:

  • What better way to attract customers than to create a financially friendly environment where a customer’s cryptocurrency fanaticism is enthusiastically embraced;
  • Sharing the excitement of cryptocurrency offers a unique chance to bond with tech-savvy customers, especially those beyond borders;
  • The medium can become the message. By accepting cryptocurrency as payment, a retailer is demonstrating its commitment to creativity, modernization and originality – traits that customers might appreciate and find compelling;
  • Payment flexibility can attract business in and of itself. Given that accepting debit and credit cards online can make a retailer more appealing to current and potential customers, so too can accepting other forms of payment, including cryptocurrencies; and
  • Retailers can take advantage of the chance to demonstrate tangible support for a client’s libertarian financial preferences. By “putting your money where your mouth is,” retailers can prove themselves true believers in the future of technology-driven digital currency, setting themselves apart from their scribe competitors who remain content to observe the crypto-revolution from the safety and shelter of the sidelines.

But despite all of the crypto-hoopla, retailers should ignore the Marketing 101 crypto-lesson blather set forth above. Given its complete and utter lack of oversight and meaningful licensure, the cryptocurrency marketplace has spawned a growing global cadre of dangerous criminals, and the risks for retailers accepting cryptocurrency run a perilous gamut of legal, regulatory, financial, ethical and reputational dangers.

In short, accepting cryptocurrency from customers in today’s crypto-manic environment is, despite all of the high-tech allure, just not worth it – and a glaring exemplar of commercial ignorance; opportunistic corporate pandering; and sadly, plain old-fashioned executive avarice.

The Dark Side of Cryptocurrency

Need a fake I.D., a bottle of opiates, a cache of credit card numbers or a thousand social security numbers? Need a way to collect a ransomware payment? Need to fund terrorist-related activities? Need to hire a hitman? Need to finance an election tampering scheme? Cryptocurrencies like bitcoin have become the payment method of choice for these, and a slew of other, criminal enterprises.

What exactly is bitcoin? Bitcoin is a virtual or digital currency that uses encryption techniques for governance and security and operates independent of any central bank. A token is a digital asset that can be used in many ways — for example, as a unit of value (or as means of providing access to and transactional value inside a particular blockchain system (e.g., retail allows access to electronic data storage space in Sia’s blockchain ecosystem). Tokens are built on top of blockchain technology, a form of distributive ledger technology, which is a digital database that is consensually shared and synchronized across networks spread across multiple sites, institutions or geographies.

Transactions in cryptocurrencies like bitcoin are pseudo-anonymous, encrypted and decentralized by nature, offering a convenient method of transferring funds obtained from illegal activities without an audit trail. Cryptocurrencies also operate outside of traditional and established financial networks and are alarmingly unregulated. There is no central issuer of bitcoins, nor a Federal Reserve of Bitcoins monitoring and tracking transactions or controlling their value. In short, government surveillance and regulation of cryptocurrency is virtually nonexistent (no pun intended).

Thus, it should come as no surprise that bitcoin can trace its origins with criminals in the dark web marketplace. Indeed, cryptocurrency and criminal activity have remained inexorably linked ever since the 2011 launching of The Silk Road, who began using bitcoin as its main currency in their virtual marketplace for buying and selling drugs, weapons, and all things illicit on the dark web. Until shut down by law enforcement in 2013 and then again in 2014 and finally going offline in 2017 due to loss of funding, Silk Road served as a glaring example of the crimes so easily facilitated by cryptocurrency (in 2015 Silk Road’s creator, Ross Ulbricht, was sentenced to life in prison).

After Silk Road was shut down, bitcoin’s price plummeted, and many crypto-pundits expected bitcoin demand to dry up. But in the following years, the opposite seemed to happen. Recent data from Kapersky CiperTrace shows criminals have laundered $2.5 billion worth of criminally utilized bitcoin through cryptocurrency exchanges, and almost all of it ends up in countries with lax Anti-Money-Laundering (AML) and Know Your Customer (KYC) regulations. The data, which spans from January 2009 to September 2018, indicates 97 percent of the bitcoin laundered through cryptocurrency trading platforms ends up in countries with lenient AML regulations. Kapersky CiperTrace deemed transactions to be of criminal nature if they came directly from, or with close connection to, sources such as “dark market sites, extortion, malware, mixer/tumbler/money laundering, ransomware, and terrorist financing services.”

Though bitcoin traversed from the digital to physical world with the first-ever bitcoin ATM at a Vancouver coffee shop in 2013, bitcoin’s use as a real currency has not truly caught on as a legitimate means of payment. Bitcoin ATMs remain mysterious, suspicious and enigmatic to say the least. Meanwhile the U.S. government has never recognized bitcoin as a currency – rather, bitcoin and all other cryptocurrencies are simply property or, as lawyers would say, chattel.

Spotlight: Cryptocurrency and Ransomware Extortion Schemes

One of the more prominent criminal uses of bitcoin involves so-called “ransomware” schemes and provides a definitive example of how nefarious cryptocurrency has become.

Insurer Beazley Group in its May 2019 Beazley Breach Insights Report (BBR) claims its clients have reported twice the number of ransomware cyberattacks in the first quarter of 2019 as they did last year, with hackers targeting bigger companies and demanding bigger ransoms than ever before. The size of demands is also growing. According to the May 2019 BBR, in Q1 2019, the average ransomware demand reported to the BBR Services team was $224,871, an increase of 93% over the 2018 average of $116,324. Here is how a typical ransomware extortion scheme works:

Ransomware attackers break into a corporate system and encrypt, or lock-up, a corporate victim’s data. Most ransomware infections come from phishing attacks, in which unwitting users are enticed to open a file or click on a link containing the ransomware malware;

  • The ransomware attackers demand payment in cryptocurrency for the encryption key to enable the victim corporation to unlock the now inaccessible data;
  • The ransomware victim pays the cryptocurrency ransom to the attacker; and
  • The ransomware attackers move on to their next victim.

While ransomware attacks come in many forms, in each case they infect a computer and restrict users’ access to certain data, systems, and files, until a ransom is paid. A few particularly disturbing statistics about ransomware:

  • A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021;
  • 1.5 million new phishing sites are created every month;
  • Ransomware attacks have increased over 97 percent in the past two years;
  • 34% of businesses hit with malware took a week or more to regain access to their data;
  • Cryptocurrency payments made to ransomware attackers increased nearly 90 percent in Q1 2019 over the previous quarter, according to Coveware’s latest report; and
  • In 2019 ransomware from phishing emails increased 109 percent over 2017.

What makes ransomware attacks so devastating is that many variants do not simply target individual endpoints, but rather establish a foothold on one device and then fan out across a corporate network, encrypting everything from shared drives and email servers to website platforms and backup servers. In this way, ransomware attackers can cripple significant portions, or even all, of a company’s technologically facilitated operations. Hence ransomware’s dirty little secret: most corporations pay the ransom.

How do most corporate victims of ransomware attacks pay the ransoms demanded? Bitcoin of course – it’s fast, reliable, verifiable, subject to little regulation, and virtually untraceable. Bitcoin is ideal for ransomware extortion schemes. The hacker can simply watch the public blockchain to know if and when a victim has paid up. Hackers can even create a unique payment address for each victim and automate the process of unlocking their files upon a confirmed bitcoin transaction to that unique address.

Unlike the sequence of events during a kidnapping scenario, where the exchange of money arguably places criminals in their most vulnerable position, ransomware attackers facilitate pseudo-anonymity by orchestrating a bitcoin transaction process. Rarely is there ever even an arrest, let alone a successful prosecution, of a ransomware attacker. Law enforcement remains virtually powerless, and has even fallen victim themselves to ransomware extortion schemes. Ransomware attackers have become yet another class of cybercriminal who continue to enrich themselves while, for the most part, law enforcement can only watch from the sidelines.

Once the ransomware attackers take possession of the bitcoin payment, it can now be laundered via the Dark Web – that is, until now.  Now, ransomware attackers might have a new and better money laundering option: using ransomware proceeds to buy a pint of avocado ice cream at Whole Foods; a Nantucket Rug at Crate and Barrel or a Zegna Quindici Tie at Nordstrom’s.

Isn’t Cash Equally as Dangerous as Bitcoin and Other Cryptocurrencies?

Bitcoin and other crypto-fanatics argue that criminals can use cash just as easily as they can use bitcoin and other cryptocurrencies to commit crimes. After all, in comparison to bitcoin and other cryptocurrencies, isn’t cash similarly anonymous; untraceable; and fungible?  The answer is no – which is precisely why bitcoin has evolved into the currency of choice for criminals.

First off, in the U.S., pursuant to the Bank Secrecy Act (BSA), transactions involving traditional financial firms, such as banks, brokers and dealers, and money service businesses (MSBs), are subject to strict federal and state anti-money laundering laws and regulations aimed at detecting and reporting suspicious activity, including money laundering and terrorist financing, as well as securities fraud and market manipulation.

AML programs typically include a system of internal controls to ensure ongoing compliance with the BSA; independent testing of BSA/AML compliance; a designated BSA compliance officer to oversee compliance efforts; training for appropriate personnel; and a customer identification program. Thus, to ensure AML compliance, financial firms start by obtaining clearly identifiable information about a prospective client, and identifying any potential risks of association.  This makes engaging in cash-related crimes challenging.  Given in particular the tremendous technological innovation at financial institutions, moving or warehousing cash without detection and surveillance has become significantly challenging.

The same is not necessarily true for cryptocurrency transactions. Cryptocurrency transactions can create challenging hurdles for law enforcement to identify criminals. Theoretically, anyone with an Internet connection and a digital wallet can be part of any cryptocurrency platform, initial coin offering or other cryptocurrency financing endeavor operating anywhere on the globe – which, of course, opens the laundry room door for those with criminal motives.

For example, in July, 2018, special counsel Robert Mueller indicted twelve Russian intelligence officials for allegedly attempting to influence U.S. elections in 2016. The indictment notes that the conspirators used bitcoin to fund the purchase of servers, register domains, and make other payments “in furtherance of hacking activity.” According to the indictment, the “use of bitcoin allowed the Conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds.”

The same rationale of secrecy and pseudo-anonymity unfortunately applies to terrorism financing. For instance, the Palestinian military-political group Hamas, which the U.S. government deems a terrorist organization, may be using the Coinbase cryptocurrency exchange for fundraising.  Similarly, in December 2017, a woman was arrested in New York for allegedly obtaining $62,000 in bitcoin to send to Islamic State. Around the same time, an Islamic State-affiliated Darknet site called Isdarat sought bitcoin contributions from supporters.

Wildly Absurd and Oft Manipulated Crypto-Valuations

In addition to becoming a facilitator for cryptocurrency transactions, by accepting cryptocurrency from customers, retailers are also indirectly endorsing cryptocurrency’s oft manipulated and wholly unregulated farcical valuations.

In fact, the criminalities associated with cryptocurrency’s use are almost as egregious and disturbing as the criminalities associated with its valuations. Bitcoin and other cryptocurrency’s anarchistic valuations remain generally unregulated and without any meaningful oversight, leaving them easily susceptible to fraud and chicanery by insiders, management and better-informed traders and market participants.

For example, researchers from the University of Texas found that manipulation in the cryptocurrency market is rampant and much of the run-up in Bitcoin’s price during 2017 was due to manipulation orchestrated by the Hong Kong exchange Bitfinex. In a 66-page paper, the authors found that tether was used to buy bitcoin at key moments when it was declining, which helped “stabilize and manipulate” the cryptocurrency’s price.

More Illiquidity, Fraud and Manipulation Risks

For retailers to willingly subject themselves to bitcoin’s sinister and stealthy environment of illiquidity, fraud and manipulations makes little sense. Here’s why:

The logistics of accepting cryptocurrency are unique, complicated and problematic. It is not as if a retailer can stroll across the street and convert cryptocurrency to U.S. dollars, record the data in a firm’s accounting software, and be back in time for lunch. First, the retailer must identify a reliable and trustworthy financial institution to safeguard the cryptocurrency (and to convert the cryptocurrency upon demand. Where to find this kind of honorable, respected and U.S. financial institution? Not among Wall Street’s traditional ranks of federally registered, regulated and monitored reliable institutions.

The institutions servicing cryptocurrency clients are barely in their infancy. For the typical cryptocurrency trading platform, there is no central regulatory authority; no state or federal team of bank auditors and compliance experts scrutinizing transactions and policing for manipulation; no existing federal licensure – it’s not just the Wild West, it’s global economic anarchy.

Cryptocurrency intermediaries often give the impression to investors that they are regulated or meet the regulatory standards of national securities exchanges and that their operations are similarly transparent, reliable, trustworthy and bonafide. This is not true.

Although some of these platforms claim to use strict standards to pick only high-quality digital assets to trade, the U.S. Securities and Exchange Commission (SEC), the primary regulator of securities exchanges, does not review these standards or the digital assets that the platforms select, and the so-called standards should not be equated to the listing standards of national securities exchanges.

Likewise, the SEC does not review the trading protocols used by these platforms, which determine how orders interact and execute, and access to a platform’s trading services may not be the same for all users. Again, investors should not assume the trading protocols meet the standards of an SEC-registered national securities exchange.

Along the same lines, cryptocurrency trading platforms claiming to abide by AML, KYC and other similar safety standards and protocols are nothing like registered banks, national exchanges, broker-dealers. Given the identification and verification challenges associated with the global locations, pseudo-anonymity and historically criminal tendencies of typical cryptocurrency users, AML, KYC and other similar compliance procedures have little in common with the sophisticated technological compliance infrastructure at traditional U.S. financial institutions.

For instance, the U.S. Department of Justice (DOJ) announced in April of 2019, that it has charged two individuals with bank fraud in connection to a system for depositing funds to cryptocurrency trading platforms. In a statement, the U.S. Attorney’s Office for the Southern District of New York alleged that Reginald Fowler of Arizona and Ravid Yosef, said to live in Tel Aviv, Israel, were part of a scheme that involved using bank accounts to move money into a series of unnamed cryptocurrency trading platforms.

Similarly, on April 26, 2019, after New York’s attorney general accused the owners of a prominent cryptocurrency trading platform, Bitfinex, of using illicit transactions to mask $850 million in missing funds. According to a 23-page legal filing, Bitfinex raided the reserves of a so-called stablecoin called Tether — a digital currency purportedly backed one-to-one by U.S. dollars—in order to pay out customers demanding withdrawals from the platform.

The New York AG filing also reproduces messages written by a Bitfinex executive which plead for capital from a Panamanian payment processor to which it had transferred funds. The exact identity of the Panamanian payment processor, Crypto Capital, is unclear. According to the attorney general, Bitfinex, which is incorporated in the British Virgin Islands, relied on a shadowy network of money agents, including “human being friends of Bitfinex employees that were willing to use their bank accounts to transfer money to Bitfinex clients.

Thus, for the most part, the various financial intermediaries operating within the cryptocurrency marketplace typically:

  • Are not registered with any federal government agency and has no liquidity, net capital or other depository or financial requirements of any kind;
  • Are not examined or audited by any federal agency such as the Federal Reserve or the U.S. Securities and Exchange Commission (SEC);
  • Are not regulated by any quasi-government agency such as the Financial Industry Regulatory Authority (FINRA).
  • Warehouse property such as bitcoin (bitcoin is not recognized as an official currency), which is not insured by any federal agency, such as the Federal Deposit Insurance Corporation;
  • Do not have any federal accounting requirements with respect to their assets;
  • Do not report their financial condition in any form of official SEC filing, such as an annual report or Form 10-K;
  • Do not have any federal record-keeping requirements with respect to their operations, communications or any other aspect of its business;
  • Would assert that they have no specific federal requirements regarding the pricing of any cryptocurrency trading transaction, the use of employees of its payment systems or any federal anti-manipulation requirements; and
  • Would assert that they do not have the same federal compliance systems or code of conduct requirements of traditional financial institutions such as banks, investment companies, brokerages and other financial firms, who spend millions of dollars every year on internal compliance infrastructure and customer-protection-related infrastructure.

The bottom line: cryptocurrency financial marketplaces tend to believe that they have no federal licensing requirements to meet the bulk of the vigorous federal safeguards historically rooted and associated with U.S. financial institution registration and regulation. These standards and practices, formulated after decades of scrutiny, analysis and enquiry, are the hallmark of U.S. financial institutions.

Currently, when a customer has a problem with a cryptocurrency transaction, there also exists no established federal government watchdog, which causes further enforcement consternation. To exacerbate matters, typical cryptocurrency transactions are by definition irreversible – no anti-fraud guarantee from a financial institution and no reversing the charges, if any dispute or problem arises.

And even if there was a formal federal regulatory complaint filing structure, the pseudo-anonymous nature of virtual currencies, ease of cross-border and interstate transport, and the lack of a formal banking edifice creates enormous challenges for law enforcement to investigate and apprehend any individuals who use cryptocurrencies for illegal activities.

Price Volatility Risks

For retailers accepting bitcoin, they are encouraging their customers to take on tremendous price volatility risks.

Bitcoin started a decade ago but gained status as a household name during its 1,300 percent price rise and march to nearly $20,000 last year. Because the cryptocurrency’s value can vary drastically in a single day, its unprecedented volatility creates serious challenges to using bitcoin as a method of payment for retailers.

For instance, since January, bitcoin has fallen roughly 70 percent and recently fell below $3,500 for the first time in 14 months, losing 30 percent in over seven days. Bitcoin recovered slightly afterwards but continues to experience dramatic, unpredictable and startling price swings.

Enabling retail customers to pay via bitcoin is a not-so-subtle endorsement encouraging them to invest in bitcoin – which is replete with too many risks to mention, and seems irresponsible for any U.S. corporation.

Cybersecurity Risk

Transacting in bitcoin for a retailer and its customers carries with it extraordinary cybersecurity risk. Bitcoin’s true believers tout that cryptocurrencies provide a safe and secure way of making payments, but rarely have a clue as to how they work.

In 2016, hackers stole $72 million worth of bitcoin from exchange Bitfinex. And in 2018, hackers stole $500 million in digital tokens from exchange Coincheck. Binance, one of the largest cryptocurrency trading platforms in the world, just announced that hackers stole $40 million worth of bitcoin from them using a phishing and virus scheme, in what the company described as a “large scale security breach.” According to the Wall Street Journal, more than $1.7 billion in cryptocurrency has been stolen over the years, most of which has come from exchanges and been centered around Asia.

Hackers have now become virtual bank robbers – except their break-ins can be done thousands of miles away from a dark and quiet basement, and then launder the proceeds through various digital wallets or their friendly neighborhood U.S. retailer.

Renowned security technologist Bruce Scheier explains in clear and simple terms the cybersecurity risks of cryptocurrency, emphasizing bitcoin’s (and blockchain’s) regulatory and enforcement vacuum:

“If your bitcoin exchange gets hacked, you lose all of your money. If your bitcoin wallet gets hacked, you lose all of your money. If you forget your login credentials, you lose all of your money. If there’s a bug in the code of your smart contract, you lose all of your money. If someone successfully hacks the blockchain security, you lose all of your money. In many ways, trusting technology is harder than trusting people.”

Say it Ain’t So Whole Foods  

Benevolently branded Whole Foods seems the most incongruous of these purported crypto-friendly retailers. Loyal Whole Foods Market customers laud the company’s commitment to minimally processed products free of certain artificial ingredients, and foods that contain nitrates, harmful pesticides, artificial colors, antibiotics, and hormones. Whole Foods farmed seafood standards are the highest in the industry: antibiotics, growth hormones, preservatives like sulfites and phosphates, genetically-modified seafood, and land animal by-products in feed are all prohibited.

Several times a year, each Whole Foods holds “5% days,” where five percent of that day’s net sales goes to support local education, hospitals or non-profits. Whole Foods Market also sets an example in its use of wind power, solar power, company-wide recycling programs, green buildings for their stores, etc. Whole Foods markets their benevolence aggressively — and consumers love it.

But by accepting cryptocurrency, Whole Foods would be assisting in the growth of an increasingly sophisticated, dangerous and terrorist-minded gang of global criminals – which to me, seems far more menacing than the threats posed by genetically-modified seafood or feed containing land animal by-products.

Looking Ahead

Bitcoin resides amid a libertarian financial realm of competing bandits. That is why, ironically, one of bitcoin’s most useful criminal attributes is its use for the theft of other bitcoin.  Retailers should think twice before lending an aura of legitimacy to bitcoin and other cryptocurrencies, and consider carefully their role in supporting cryptocurrency growth and encouraging cryptocurrency use.

In the history of financial innovation, modernization and invention, there has always existed one constant: whatever the product, criminals will attempt to exploit its application. Bitcoin dramatically illustrates this axiom. Yet despite the treacherous reality of bitcoin’s predominant use, retail apparently wants in. It would seem that retailers have become so desperate for market share that they will resort to enabling terrorism, extortion and other criminalities.

It’s not just that bitcoin-friendly retailers have given little consideration to the myriad of victims of crypto-funded ransomwareterrorismdrug dealing and the like. Cryptocurrency’s liquidity risk; price volatility; cybersecurity vulnerabilities; commission fees; AML implications; ethical dilemmas; tax burdens; entanglement mishaps and the rest, create a situation that could be unmanageable or even untenable for a retailer’s shareholders, partners, affiliates and other fiduciaries. Not to mention that for the most part, the entire cryptocurrency system resides amid an unregulated, mysterious and sinister environment – a patently poor choice of virtual venue.

Cryptocurrencies purport to be items of inherent value (similar, for instance, to cash or gold) that are designed to enable purchases, sales and other financial transactions, and promise to provide many of the same functions as long-established currencies such as the U.S. dollar, euro or Japanese yen. But retailers should not be fooled.

Cryptocurrencies are mere computer-generated chattel, and Whole Foods, Nordstrom and Crate and Barrel should not agree to accept chattel from customers as consideration for their purchases. We are not living in the 1800s and this is not Deadwood, South Dakota.

Don’t get me wrong, the blockchain technology on which cryptocurrencies are based may turn out to be the most exciting, disruptive, transformative and efficiency enhancing breakthrough since sliced bread. But aside from complex issues of privacy, security, ethics and simple practicality, blockchain technology remains embryonic; has still yet to be proven; and happens to reside amid an economic ecosystem rife with fraud, deceit, dishonesty and thievery. Bitcoin is arguably blockchain’s most celebrated accomplishment yet much of bitcoin’s value, outside of mere speculation, is derived solely from its ability to facilitate criminal activity.

Moreover, just because some mythical engineer has discovered a potentially revolutionary manner to engage in and verify commercial transactions (e.g. replacing a traditional corporate entry recorded in an intermediary institution’s centralized ledger with a virtual entry recorded on a blockchain’s decentralized distributed ledger), it does not mean that criminals should be permitted to create their own form of currency to use to commit robbery, theft, extortion and even murder.

I can appreciate that bitcoin investors are merely ascribing to the historically proven greater fool theory, betting that there will always be a “greater fool” in the cryptocurrency marketplace poised to pay a price based on higher valuation for an already overvalued bitcoin. But the inherent scourge of bitcoin is an altogether different story. For retailers, where reputation is so critical, the risks of somehow becoming ensnared or even merely associating with the dark and seedy underbelly of cryptocurrency are considerable.

Director of the SEC Enforcement Division from 1974 to 1981; general counsel to the Central Intelligence Agency from 1981 to 1985; and U.S. District Court Judge for the District of Columbia from 1985 to 2000, famed Judge Stanley Sporkin put it best when he said, “When you lie down with dogs, you wake up with fleas.”

When it comes to bitcoin and other cryptocurrencies, the so-called “fintech” lawyers advising retailers contemplating crypto-cash registers should take heed of Judge Sporkin’s enduring admonition. Fintech legal advice should be plain and simple: bitcoin is a plague, so stay as far away from it as you can.


John Reed Stark is president of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He currently teaches a cyber-law course as a Senior Lecturing fellow at Duke Law School. Mr. Stark also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of global data breach response firm, Stroz Friedberg, including three years heading its Washington, D.C. office. Mr. Stark is the author of “The Cybersecurity Due Diligence Handbook.”