CIP#xx - Enforce Curve's IP Rights

Also, we should encourage friendly forks which can benifit veCRV holders

Excellent question and exactly the sort of issues this proposal would aim to lock down. The license document on github suggests it’s owned by Curve, not an individual. But under US law an exclusive licensee can also bring an infringement claim so the own/exclusive licensee topic may not prove critical. Either way, these sorts of issues need clarity, focus, and, when appropriate, legal enforcement.

good point made here.

Even if legal action is possible (I’m not convinced it is at this point), I’d prefer it be the last option. If we can work with Saddle to share ownership with veCRV or even poach their developers, I’d rather go that route. Might also be an unlikely strategy, but I prefer a strategy that appears more collaborative and aligned with the values of the DeFi community.

Agree with the sentiment here - it’s important for Curve to establish a defensible position against IP infringement.

However, the power it yields should be used sparingly - getting embroiled in legal battles can become extremely distracting for the protocol/DAO. Also Curve should act from a place of strength, as the intellectual moat (and community) it has built up around the IP can’t just be forked.

Most competitors will go the way of Swerve, and other fork-dramas (Uni-Sushi) have not ultimately hurt the forkee (e.g. since June 1, 2.4MM Uniswap swaps vs. 142k Sushi swaps) and created more industry competition (healthy).

TL;DR This is smart, but only if used wisely.

I think this is delusional, ill-advised, and destructive to our brand.

We stand to do much better by being collaborative; composability is tantamount to Curve’s long term success.

There’s no legal cure that would be material for Curve, especially in light of future anon forks.

We should be focused on V2, expanding the suite of pools, and ensuring we’re generating value for CRV and veCRV holders.

There are hundreds of pools and metapools that we’re missing that could double or triple our volumes.

Absence of litigation is a typical representation in a lot of VC agreements. This won’t work for token-based transactions, but where VCs are investing in a traditional company with equity / terms sheets, etc. If timed right, it could derail their deal. Generally, well-written angrygrams from lawyers usually have a chilling effect on deal making for many VCs who reject dozens of good opportunities for every one that they invest in. Why go for the dirty shirt when there’s a clean one over there? So even for the token-based transactions, if a copy is sent to the VC in advance of the deal, it could slow things down at least.

I’m not sure putting the litigation / proposal up for DAO is the right strategy though. Some governance structure should be investigated, but legal strategies that can be seen by the adversary are bound to fail.

What I would also say is watch what Uniswap do - there’s already a uniswap v3 clone on the BSC.

This won’t eliminate the clones, but it’d at least discourage certain types of them in certain jurisdictions.

Clearly there are lots of other issues identified that need to be investigated, notably the concept of whether this would raise more problems than it solves (e.g. would that turn CRV into a security for US law purposes, which is a more complicated matter than I actually pretend understand). But those can be researched as a next step before proceding further.

It also requires a different skill/knowledge set and mentality than authoring the next version of Curve, negotiating with other protocols around different types of pools, and other value added activities. That can be outsourced and should not detract from those.

Just want to reiterate this point because I believe it can’t be said loud enough:

This is definitely delusional. I’ve developed software & chased after some IP for it. It’s almost completely unenforceable except for copyright infringement. And copyright infringement is primarily only enforceable if it’s a direct copy (in whole or in part). The “infringer” (saddle) who triggered this nonsense definitely did not copy the code in whole. Based on a cursory review it wasn’t copied in part either.

TL;DR you’re chasing your tail. Chase after improvements to the protocol & stop acting like TRAD BANK.

I really appreciate your insight that this issue and ongoing dev are totally separate questions which would not detract from each other in terms of time/attention. To me that’s the beauty of a DAO: people and resources from different perspective collaborating for a better project than anyone could ever do solo.

Under the Howey test, a cryptocurrency would be considered an “investment contract” (which is included in the U.S. definition of “security”) when there is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others. The most recent guidance published by the SEC (Framework for “Investment Contract” Analysis of Digital Assets) indicates that the SEC would potentially view a cryptocurrency as a security if there is a somewhat centralized or coordinated group making significant decisions and managerial efforts that impact the success or failure of the cryptocurrency. Under this framework, most cryptocurrencies fall in the “security” bucket unless it is very decentralized, its intended functionality is largely realized, and/or there is no expectation of profit.

Don’t get me wrong, curve and its team are awesome, but this is pretty lame. If curve wants to maintain its lead, it should innnovate.

By way of background, I’m an attorney working in the DeFi space and also a veCRV holder so I’m absolutely not biased (pulls tongue from cheek). I’ve worked as an attorney for multinationals in the tech sector for over 20 years so I know my way around this type of issue. Perhaps that makes me more inclined to look at this as a hard-nosed business choice.

I’ve voted in support of the proposal but this is obviously a complex issue that goes beyond the psycho-babble and Deleuzian fever dream that passes for legal analysis in this industry. Full disclosure: I frankly care less about the ideological purity of ETH or DeFi maxis or the laughable spoutings of their libertarian offspring - we’re not going to take on global behemoths and FI titans and win on their turf with that approach. That leaves us with 2 pragmatic options. We either:

1. desparately hold onto the idea that we are professional revolutionaries in the midst of perpetual revolution. (spoiler alert: Lenin is dead, along with a few others); or

2. try the more modest approach recommended by the Fabians - gradual, modest reform from within the structure being reformed. Still revolutionary but with a nice haircut and table manners.

If you’re concerned with my reference to far-left theorists to frame this discussion, you’d be well advised to ask why. Who knows, perhaps there are more than a few closet Marxists amongst us. In any case, we can learn something from these thinkers. Like, what really happens after the DeFi revolution is over and the blood has been hosed away? We’re basically left with the same power structures as before, mutated to adapt to the new historical reality. For a recent example, see: Arab Spring, Feb 2011.

Applying all of this to the OP, he accepts the basic tenets of intellectual property law and the traditional legal system. That’s a good start.

If one accepts intellectual property, and, a priori, property and ownership structures, then there is only one legitimate response that keeps an eye on the long-term ramifications. And that is to initiate legal actions to protect that property. Property-Violence: the necessary bedfellows. And if you are hoping for some natty software or smart contract to solve this problem? Nation-states will never allow smart contracts to replace their monopoly on the threat of violence that underpins all litigation and legal enforcement. There is no easy, bloodless, drone strike to solve this problem. We’ll need to get up close and risk having blood on our hands.

This isn’t just about protecting IP against start-ups or competing DeFi platforms - those minnows will die as soon as the pond dries up. It’s about installing boundaries and electric fences to slow down the greybacks who are about to enter this territory, predators who will patent and trademark the living crap out of everything they find, forcing existing DeFi teams to submit. Any aggressive litigation by Curve now will make them think twice. In fact, why not flex some muscle and take down several nonsensical copycats?

If you feel queasy about this, you’re in the wrong game. This isn’t personal - it’s business. While we’re at it, save some money to take on the regulators too. Want to know what shuts them up and makes them think twice? I good spanking in the appellate courts. They’re our regulators. We pay their wages. We scrutinise their actions and budgets. They have limits that are within our reach.

Meanwhile, let’s learn from the large FIs: start taking down some small offenders and build a rep that tells the market: mess with us at your peril. This tip-toeing and dancing around regulators and third parties that is endemic in crypto is not working. It’s time to step up the game.

en bref: We have a war-chest and should use it to protect Curve’s legitimate business interests. That includes IP. Let’s extend our horizons beyond bull and bear markets. It’s time now for some tough business logic to kick in before we get chewed up and spat out by something bigger up the food chain.

Hi Anon-cat/all

Firstly-this response is not legal advice, just commentary from an IP consultant. I am not a solicitor.

One thing to recall here is that copyright relates to expression. If I copy code without permission line by line that is normally infringement. If I look at the output from some code and write a new and different program to create the same output my code will be a new expression and my expression and (as I likely cannot see the original code) it will be my code. (It still might infringe a patent if I execute it though). That is one intangible asset - the copyright.

However IP involves a lot more. I regularly perform IP audis for software companies - software companies have code, proprietary know-how, registered and unregistered trademarks, data, databases, software which incorporates registered or registered computer implemented inventions, contracts, relationships, processes etc. All these assets have value which needs to be managed.

So there is a lot more than copyright for Curve and other DAOs (and other crypto firms) to consider.

As to the is Curve a security question that is a separate regulatory question and the answer will be yes or no.

But if the question is should crypto companies protect their IP in my opinion the short answer is yes, if you are a for profit organisation.

The choice to enforce is a different question. Does Curve have budget for that? Victory is not certain and litigation investors are like VCs - choosy. They will certainly want clarity on who owns any infringed code - is that known?

For profit companies are constituted to make profit. It is OK to be non-profit but most companies and their investors are looking to profit. So it is important to look after the intangible assets otherwise they will leak out. There are ways to stop leakage.

Happy to discuss IP issues with any crypto DAO or firm looking to sort out its IP strategy.

This looks like a good discussion.

I appreciate your enthusiasm and your big picture vision of what we will ultimately be up against. In some way this conversation is more about how we prepare Curve to protect itself in the future as it attempts to establish itself against legacy finance and potentially hostile governments. Saddle is a nonissue by comparison, but useful to manifest discussion and train us how we should respond when the stakes really get high.

So, given your background in law and in DeFi, do you have anything tangible to share about this specific case? Some questions I have:

1. Can you determine that, based on public code, that the accusation against Saddle is valid and a case can be made?
2. Will a court recognize Curve despite no regulation, legal status, or legal precedent for handling DAOs?
3. In what jurisdiction would a case be brought forth?
4. What outcomes would Curve hope to achieve with a case?
5. What’s the likelihood of getting favorable outcome from a court?

Hi Wormhole and Daimon,

Glad to see someone else with a similar background to myself join the conversation Daimon - maybe you’ll connect with Lex DAO too? Tomorrow’s my first time joining that call so hoping this is a topic of discussion.

Regarding the questions, I think some of them are quite debatable right now and have some dependencies:

1. For purposes of the legal discussion, one must assume that Charlie’s copying claim is true. I’m not an expert and really you don’t want the lawyers opining on that. But “copying” is not the same thing as “valid and a case can be made” and to be honest, probably nothing in the public record is sufficient to answer “valid and a case can be made.” That will probably require discovery of the people who did the copying and experts.
2. Pursuing the claim likely requires the Curve IP starting to live within some sort of legal entity somewhere on earth. Lots of the Twitter discussion tends to focus on US legal structures, but that’s not required, Curve could set up any number of legal entities (i.e. corporation, foundation, trust, verein, etc.) in any number of countries to satisfy this part. My first-impression view is that a non-US either not-for-profit corporation or trust for the benefit of the veCRV holders would likely be the best path, but there are a lot of factors to weigh before making that decision and it needs a decent amount of investigation and evaluation.
3. Probably a case would be brought at least initially in the U.S. District Court for the Northern District of California as it seems Saddle is based in silicon valley.
4. Excellent question - generally your options are money damages or injunctive relief (a court order to stop infringing) or both. One potential option is that Curve could seek to force Saddle to pay a license fee, which would create something like Curve’s other partnerships.
5. Way too early (and dependent on stuff mentioned above and lots of other stuff) to know. But to Daimon’s point, even trying sends a very strong message to the world that discourages the next potential pirate.

I am not a lawyer and not sure how this fits into the picture but Wyoming recently passed a bill that lets DAOs be recognized as LLCs:

https://www.wyoleg.gov/Legislation/2021/SF0038

might be worth exploring?

@hydrosam Before I comment on the specifics, I just need to be clear that this is not legal advice. I’m commenting purely for my own personal amusement and for what I hope is some measure of entertainment for others.

1. Can you determine that, based on public code, that the accusation against Saddle is valid and a case can be made?

Rather than comment on any specific example, let’s look at a hypothetical copyright infringer of Curve’s IP which is the only thing I’m interested in. We need to establish and agree an approach for what will likely be a recurring problem. All comments below relate to such a hypothetical case.

So, does it matter if we have a iron-clad case against the infringer? And why discuss that here in full view of everyone? My point is simple: any suggestion that copyright has been infringed should be met with an immediate response.

The correct approach is to immediately send a cease and desist and prepare for interlocutory relief. We can worry ourselves about the merits of the case while we are taking the urgent action necessary.

2. Will a court recognize Curve despite no regulation, legal status, or legal precedent for handling DAOs?

We only need to find one person who can claim legitimate rights over the IP in question. Based on the GitHub repository, that currently falls to @iamdefinitelyahuman

Failing that, I see no reason why the veCRV stakeholders couldn’t file as a class even if that’s on a basis that’s beyond potential IP claims.

There are lots of intermediary steps to take that will definitely make an impact:

• Curve raises the issue with GitHub and requests closure of the relevant repo along with the accounts of any devs involved for breaching GitHub’s (read Microsoft’s) Acceptable Use Policy:

• Curve could also issue cease and desist on the host of the infringer. Their terms of use make it relatively simple to alert them of the issues and force a shutting down of the account (see for example cl 6.2 here. The infringer might relocate but if they’re thinking of running a multi-million DeFi platform and keep going offline or moving to sketchy jurisdictions, their users will start thinking twice about the platform. Very few users are going to interact with the smart contracts directly - ultimately, this is about liquidity and trade volume. Without that, they’re dead.

• If the infringer has just started and is thinking of listing on a CEX, then even the possibility of messy litigation will definitely make the CEX nervous and potentially put the infringer on a blacklist.

• Then approach Medium and ask for their Medium account to be shut down.

• Send formal notices to Discord and Telegram and request closure of the channels as they would likely be in breach of Acceptable Use Terms.

Where does this leave the infringer: no CEX on the horizon - disrupted social media channels - website offline - uncertain roadmap - peeved community - buh bye…

Apologies for the gory details - this is how the sausage is made. Actually, this is how corporate chess is played - small tactical victories over many years that produce network effects and coalesce into an overwhelming advantage.

For clarification I should add here that litigation isn’t my main interest and I can’t wait till we see the back of the securities issues in this space. My main focus is protecting the long-term viability of DeFi projects as well as exploring the exciting stuff (for me, anyway) that is coming including likely mergers, acquisitions and strategic partnerships, DeFi as a Service, commoditised/retail DeFi products, interfaces into trad-fi etc etc.

3. In what jurisdiction would a case be brought forth?

It depends on a number of factors such as where the infringer is located. It’s surprisingly easy to solve this problem because there are 2 classes of potential infringers:

A. Pure scammers who will happily steal code and then vanish once they’ve rugged their investors.

B. “Legitimate” operators who want to build a business and be around for a long time and either messed up or pushed their luck a bit too far.

Class B projects are easy to deal with. You simply pick off the devs who are publicly known. Or if the project is incorporated, you go after the company (and the devs too for good measure).

Side benefit: good devs will quickly re-align to projects that want to do the right thing rather than expose themselves to litigation and personal damages suits.

But that’s down the road. For now, we simply need appropriate representation, a plaintiff and we’re ready to initiate action.

4. What outcomes would Curve hope to achieve with a case?

Please refer to my original post.

5. What’s the likelihood of getting favorable outcome from a court?

I won’t comment on that here as we’re talking hypotheticals. This is about protecting legitimate business interests and IP by exercising all legal rights available to Curve.

Few questions:
What’s the risk of retaliatory SLAP suits.
If we have an avenue for litigation, does that not open CurveDAO up to receiving litigation?

Does the DAO own the IP or individuals?

If the DAO owns the IP, then how does a fork work? Will both the implementations of the DAO have IP rights post fork? How is that decided?

These are good points.

I agree that once we create a surface to launch attacks, we have a surface to receive attacks. But that risk is the same for every established business and Curve Finance is well past the point of being able to hide away. Noting its market presence, social media, TVL, volumes, airdrops, existence of founders and investors and employees, underlying infrastructure etc, there is a lot of surface to attack. Better to own those risks and manage them rather than goofing about and pretending that we’re still in hobbyist territory.

It’s also worth remembering that, whether we like it or not, Curve has investors who will definitely want to protect their investment (30% of 3.03B CRV tokens not worth fighting for?). I’m wondering where they are in all this?

The GitHub account that publishes the code is the account that would appear to have an obvious interest in the Curve code. There might be other code and libraries that isn’t published on GitHub but which is important to the operation of Curve (the front end might be one example). I am not aware of the DAO being registered as a legal entity anywhere so you have to look back to the individuals who developed the code and who those individuals are employed by to do that development.

There may also be confidential licensing, or even assigment, arrangements for the Curve code which mean that the IP is owned by unknown third parties. If that is the case here, then it’s up to those third parties to take up the challenge. It would be good if the Curve leads could chime in here.

As for forks - I’m not sure which type you are referring to: code forks of the DAO or forks at the consensus layer? In any event, one still needs to apply first principles of intelletual property rights to the Curve code and forks don’t circumvent that task.

I would vote for obtaining what’s formally called a “Legal Opinion Letter” from competent counsel about the proposal. This should then be posted publicly and a vote from there.

One idea for someone to consider for this Opinion Letter is https://otonomos.com
I’ve been following them for some time but haven’t had a reason to hire them.