A little off our topic of tm and blockchain but very interesting nevertheless. SLAW the Canadian group of legal information professionals who write on many areas of the law have published the following article. The first of its kind we’ve seen and well worth a read.
This is a general and quick review of who should or can be responsible if something goes wrong on blockchain. I am brainstorming, not educating. Don’t take this essay as legal advice.
I can think of two categories of potential defendants in blockchains: developers and users. But first of all, what is liability?
Black’s, tenth edition, defines liability as “The quality, state, or condition of being legally obligated or accountable; legal responsibility to another or to society, enforceable by civil remedy or criminal punishment.” I am interested only in civil liability here.
The key element of liability is that it occurs before anyone does anything wrong and that wrongdoing is not necessary to have liability. But without wrongdoing there is no remedy, which is normally awarded by courts.
Liability is a consequence of entering into a relationship or transaction, of taking a step or being in a position capable of influencing others. You can come into liability or it can come to you. We all are in a state of liability 24/7 but for most people who stick to standard routines, significant wrongdoing is rare and probably insured.
To think about blockchain liability, you need to understand what roles exist in the blockchain world, how they can affect others, how much anyone should care, and finally what remedies are realistically available.
Let’s talk only about cryptocurrencies—the first and the most common application of blockchains. We’ll consider developer and user liability.
Developers write software code. Users download the code and build software or download software that someone already built from source code. “Building” is not as creative in the source code world as it sounds. It’s largely an automated process of turning human-readable text of source code into a machine-readable binary form ready for execution by computer CPUs. Let’s ignore third-party liability for incorrectly building software from source code and let’s focus on developers and users.
Cryptocurrencies are records of who owns how much money spread out in identical copies over (hopefully) many computers, all talking together and keeping these copies in synch automatically.
Developers write the source code for software that keeps these computers talking and working together like a hive mind.
If that’s all that developers do, are they liable for negligent bugs or intentional features in source code that result in loss of cryptocurrencies? For example, if developers use outdated techniques for keeping track of time, a major clock change such as Y2K can confuse computers and wipe out data. If you’re over 40 you must remember Y2K.
First of all normally developers license the source code on certain terms. Users download licenses with source code (and normally don’t read). For example, bitcoin core developers rely on the MIT license, which contains the famous ALL-CAPS exclusion of liability clause: bitcoin/COPYING at master · bitcoin/bitcoin · GitHub Reminder: there is no legal advice in this article.
Besides, all bitcoin source code is open, and the central tenant of the open source movement is that it’s up to the user to examine the source code before running it. Most people don’t. Instead they rely on a wide community of sophisticated users who reports flaws, bugs, and vulnerabilities. Basically most users hope that media will pick up and spread stories of important bugs. Notice the widening matrix of reliances here and how ultimately no single party is responsible but the system works? Welcome to open source. Almost all software around you was built fully or partly that way.
But what if developers release a version of source code that makes cryptocurrency nodes redistribute money unfairly by tampering with the records on the blockchain?
Remember that blockchain—the data, the records—are separate from source code for software that manages the blockchain. In bitcoin, for example, you can download a copy of the source code and a separate copy of the blockchain. Then you are free to make changes to the source code and program your version to start its own blockchain with the copy of the blockchain you downloaded. Then all that’s left is convincing enough people to switch to your version of source code and your replica of the blockchain. From the moment of the first transaction managed by the alternative source code, the blockchain replica will diverge from the original blockchain. The two will live in parallel. Impossible you say? It happened more than a few times with bitcoin and new blockchains were recognized by enough people to have significant value in US dollars—a unit readers will recognize. Head spinning yet?
The point is publishers of source code don’t manage data, necessarily. Users of source code run software that manages data (which is one and the same as money in cryptocurrencies) according to rules programmed by developers openly and publicly. How can you find developers liable if what they do is basically speech?
You can find users liable (to each other) in more traditional ways: hacking, fraud, coercion, breach of contract, negligence—you name it. Cryptocurrencies are valuable with all attendant consequences.
The problem is enforcement. If someone owes you 5 bitcoin how do you get a judgment against them? In some jurisdictions, courts cannot order payment in currencies that are not national currencies or recognized foreign currencies (Ontario comes to mind). You can go for an injunction but how do you enforce it? Contempt of court? What if the debtor swears he lost the private key or someone stole it and the bitcoins? Will you prove otherwise beyond reasonable doubt?
As you can see, there are more questions than answers about blockchain liability. Is it perhaps because the origin of blockchain is specifically in an effort to make something immune to the traditional political and legal structures including the courts? What can lawyers do about it and should they do anything at all?