Sydney Node, Part 2 of 2
This Report explores some of the key legal and regulatory challenges facing the development and adoption of blockchain and distributed ledger technologies. Specifically, the use of cryptotokens as currency, assets, or utility has come under scrutiny in Australia.
While blockchain and distributed ledger technologies promise to solve some significant identity, security, trust, and provenance problems created by the internet, at this time there is still much work to be done in order to reassure regulators and users that some of the use cases for this innovative technology may be legitimate purposes and can be understood. Until then, a cautious reticence will continue to prevail in any conversation about Bitcoin, smart contracts, or distributed ledgers.
The 2018 Global Computation Law and Blockchain Festival Sydney (Australia) node convened in March 2018 to discuss blockchain law and policy issues. Attending the event were academics and professionals at the intersection of law, policy, and technology. This Report captures thoughtful analysis of various issues in law, technology, and entrepreneurship. It is derived from a roundtable symposium discussion co-hosted by the University of Technology Sydney Faculty of Law and Sydney Legal Hackers at the University of Technology’s Hatchery on March 18, 2018. Those contributing included academics (from the University of Technology Sydney and University of New South Wales), scientists from the Data61, regulators, policy-makers, legal professionals, entrepreneurs, and students (from the University of Technology Sydney and the University of Sydney), all sharing their knowledge and best practices on specific topics.1
Part 1 of this report dealt with legal issues that are of universal interest and for the purposes of enforcement necessarily traverse national borders: Taxation, Securities Law and Australian Anti-Money Laundering and Financial Surveillance.
Part 2 addresses legal topics where policy is generally managed within jurisdiction, including the European Union and federated nation states (for example, Australia and the United States of America): Federal Services Licensing and Chartering; Privacy and Security, Token-Related Policy Issues, and Smart Contracts as Legal Contracts. This Part concludes with Observations.
The structure of this Discussion Report was adapted from suggestions provided by the organisers of the 2018 Global Computation Law and Blockchain Festival. It is intended to reflect the discussions held over the weekend of the festival in The Hatchery at the University of Technology Sydney. It aims to resolve some of the more contentious problems that arise when trying legitimately to use cryptocurrencies, to launch an initial coin offering (“ICO”), or to design smart contracts that may or may not have legal consequences.
This Discussion Report will also raise some of the important problems that may arise in the context of a decentralised financial network. For example, anti-money laundering/financial surveillance controls that are traditionally managed by trusted third parties (like banks) need to be automated in a way that still provides accountability and allows for audit control. Meanwhile, smart contracts enable business exchanges conducted on the blockchain that may give rise to legal implications.
The footnoting style adopted in this Discussion Report is the convention recommended by the Australian Guide to Legal Citation (3rd Edition) and the Melbourne University Law Review. For ease of reference, all footnote entries are cited in full, without the use of ibid, op cit and/or above n.
4. Financial Services Licensing and Chartering
4.1 Is financial services licensing reasonable with regard to cryptocurrencies and tokens?
· Much of financial services regulation for consumer protection occurs through licensing or chartering (i.e., requiring permission to engage in a line of business; e.g., E-money licenses in the EU, state money transmission licensing in the US, and bank charters globally). Is this approach reasonable with regard to cryptocurrencies and tokens, given the ethos and dynamism of permissionless innovation in this industry?
The current KYC protocol surrounding the purchase of cryptocurrencies, from a user’s perspective, is an experience similar to the opening of a bank account identity verification. Nevertheless, the actual implementation of KYC features varies across businesses. In the relative absence of barriers to entry and still-emergent regulatory guidelines, there is little to immediately prevent businesses from setting up exchanges without proper AML-style measures in place.
Does that mean we need a new category of financial license?
It could be argued that Australian legislation pertaining to non-cash exchanges is currently sufficient for the space. There exist established expectations in financial markets encompassing behaviour such as front running and market manipulation. Even in large wholesale markets such as electricity, Australia has imposed security-style rules on how these markets should behave.
As blockchain-based solutions shift towards increasing retail participation, it remains uncertain whether the heavy infrastructure-based model designed for securities exchanges suits the cryptocurrency market.
It can be argued that regulating illicit actors is largely a waste of time. The alternative for organisations seeking compliance is a minimum safety net wherein many of the embedded protections applicable to market manipulation may also apply in the cryptocurrency context. In other words, the goal should be a regulated safe harbour.
The Australian Securities and Investments Commission has previously addressed non-cash exchanges such as those for loyalty schemes. The Commission has recognised their incompatibility with existing regulations as well as the need for alternate mechanisms. However, if individuals are not dealing with financial products or securities, the securities laws cannot afford any protections. Generally with respect to securities regulation, significant time and energy are spent to avoid the labels of managed investment or financial product. In such a case, only general fraud protection as administered by the Australian Competition and Consumer Commission remains.
5. Privacy & Security
Law enforcement and security agencies have legitimate interests in obtaining personal information to investigate crimes such as money laundering and threats to national security. Users of blockchain technology have rights and legitimate interests in protecting privacy and anonymity. The interests of law enforcement and security agencies, and the rights and interests of users and citizens, have always required a balance; the issue is how to transfer and preserve this balance in the context of blockchain technology.
The ability of people to transact anonymously, traditionally guaranteed by the anonymity of cash-based transactions, is threatened by online transactions which enable fine-grained tracking and monitoring. A balance must be struck between law enforcement and security vs. the rights to privacy and anonymity. Whilst cryptographic techniques such as zero-knowledge proofs and ring signatures are hardly new,2 and are not the only advanced security options, they do not affect the underlying principles at hand.
Data privacy laws are based on a centralised data processing paradigm, with obligations imposed on those who are responsible for that centralised processing. This creates difficulties when one is dealing with a decentralised system. It may be argued that the questions arising in the current data privacy ecosystem are more or less the same as those that have arisen traditionally, albeit in a different context. Legal mechanisms have been designed to protect the privacy of data operating within a centralised system. The issue raised then is, how can one approach privacy considering that blockchain technology operates within a decentralised system by design?
New questions arise such as, do the obligations imposed under European law on ‘data-controllers’ or ‘data-processors’ or under the Australian laws regulating ‘organisations’ apply? There are also novel issues surrounding what constitutes personal information, and whether a public key would be considered personal information. In Australia, a public key in isolation likely would not constitute personal information due to a Federal Court decision which held that an IP address does not relate to an individual and, consequently, is not personal information.
On 25 May 2018, the European Union established the General Data Protection Regulation (“GDPR”) rules conferring two fundamental rights: the right to correct the record and the right to deletion. A system that is purely immutable may well be in breach of the law if it does not allow individuals to exercise these rights.
The current position is non-privacy by default as there is a host of personal data collected all of the time and held very insecurely. In order to ensure that principles such as privacy by design or privacy by default are present in technology, these technologies must be developed with the above principles in mind. For example, there is the question of whether public key cryptography could be implemented in order to authenticate identities without a vast amount of personal data being given up.
To date, there has been significant contemplation of these issues. It is evident in anticipatory regulation, dynamic regulation and regulatory sandboxes which enable the experimentation of regulations. Regulation must essentially be fluid in order to find the best way to encourage innovation in design whilst also protecting rights and individuals from harm.
5.1 How can we strike a balance between privacy and the needs of law enforcement?
· Most cryptocurrencies seem too public to be long-term replacements for the traditional financial system, but law enforcement has come to rely on blockchain forensics for crime fighting. As new technologies like zero-knowledge proofs and ring signatures are integrated with blockchains, how can we strike a balance between privacy and the needs of law enforcement?
The starting point, as under EU law, should be that any interference with the rights to privacy and anonymity must be necessary and proportionate.3 In practical terms, this means determining whether there may be any tools available to law enforcement and security agencies for pursuing their legitimate ends, such as investigating unlawful transactions, which do not involve compromising encrypted data. It may be possible for investigations to proceed as they do in relation to other kinds of anonymous transactions without the need to compromise advanced security add-ons.
As a general principle, proportionate protection of rights to privacy and anonymity require proper procedural safeguards, such as a legal process for determining whether access to ostensibly anonymous personal data is justified. This means that law enforcement and security agencies should comply with legal safeguards, especially procedural safeguards, that are required to protect and preserve the balance between law enforcement and security, and privacy and anonymity, rather than relying on broad brush de-anonymisation forensics.
Identity anonymisation through cryptography enables individuals to create an anonymous transaction address and transact on the blockchain without disclosing plaintext identification information,4 such as one’s name, known alias, date of birth, sex, address, employer and driver’s licence number.5 This infrastructure mechanism is used in decentralised currency systems, such as the Bitcoin protocol, whereby individuals create a digital wallet that stores their details so that only their transaction addresses and the values of transactions are stored on the blockchain. Several features of the blockchain infrastructure render digital currencies vulnerable to misuse by illicit actors,6 including the ability to open an account with no customer due diligence or identification, the disguising of movement of value, movement of large amounts of funds offshore, and poor visibility of such transaction histories. Digital currency exchanges have been providing services outside the scope of AML-CTF regulations in Australia.7
Zero-knowledge proofs are an advanced cryptographic method that provide an additional layer of encryption over transactions by obscuring the source, destination and amount of transactions.8 When utilised by ‘privacy coins’9 such as Zcash and Monero, they give rise to an ideal alternative payment method for moving funds covertly and independently of the formal financial sector. Beyond identity anonymisation, zero-knowledge proofs further obfuscate transactions from law enforcement agencies by concealing transactions in ‘shielded pools’.10 Complete anonymity is pierced when mining fees exit the shielded pool and are received by a transaction address outside the shielded pool’s refuge.11 These instances are described as ‘round trip transactions’. There is some evidence suggesting that statistical analysis can be used to reveal a link back to a transaction address.12 While this is good news for law enforcement, not all transactions are round-trip transactions, and there are mitigation strategies that can be deployed to minimize the likelihood of linkages being made.13
In December 2017, following a review of Australia’s AML regime,14 the Anti‑Money Laundering and Counter‑Terrorism Financing Amendment Bill 2017 was passed to extend the reach of AML regulation to digital currency exchanges. A definition of digital currency has been included to standardise terminology and a register has been established to enable financial intelligence to be gathered by law enforcement from ‘digital currency exchanges’.15 These platforms must establish an operational framework for customer due diligence compliance, which includes the applicable customer identification procedure used to identify customers. Customers wanting to use convertible digital currencies will be required to provide KYC information.16 Whilst individuals will still be able to trade without sharing their identity on-chain with the other party, a record of their identification details will be centralised off-chain.
KYC information is verified using documentation or independent electronic data.17 For privacy reasons, providers will not be granted direct access to government databases or the Document Verification Service, which allows authorised organisations to electronically match an individual’s identifying information on government-issued identity documents. Nor will direct access be granted to the Reporting Entities Roll, which would enable providers to verify whether businesses are regulated by the Australian Transaction Reports and Analysis Centre. Instead, the Trust Digital Identity Framework (endorsed by the Australian Government in February 2018) will provide tools, rules and accreditation criteria to govern an alternative trust framework in a federated identity system.18 What this federated identify system will look like is still under development.
In line with the global FAFT recommendations,19 digital currency providers will also be required to keep transaction records and make suspicious matter reports.20 This is important given the potential misuse use of ring signatures schemes, a tool more popularly associated with concealing the identity of whistleblowers.21 Ring signatures enable a transaction without identifying the source transaction address, by hiding the source within a group of others, which collectively produce a signature without outing the source.22 The explicit requirement that sufficient transaction records must be made and kept by reporting entities to enable reconstruction closes the gap in the existing reporting framework.23 Whether this measure is appropriate is questionable from a security and privacy perspective, as providers will be required to retain a record of all users transaction records, including ‘transactions of a non-commercial nature’.24 However, such information about individuals is already held in the formal financial sector. The continued privacy of this information depends on data security measures, an area in which permissioned blockchains will greatly assist.
5.2 Balancing individual rights to privacy and organisational rights to collect data
· How might blockchain usage alter the balance of individual rights to privacy and organisational rights to collect data? What would be your ideal balance?
Blockchain technologies have the potential to offer both greater protection for privacy rights and to undermine those rights. However, much depends upon the particular implementation of the blockchain technology. In the privacy context, it is unhelpful to generalise the use of blockchain technologies.
Techniques which enable transactions, and authentication of transactions, without the revelation of personal data have the potential to enhance privacy protection. For example, it is possible to implement protocols that remove the need for a centralised trusted third party for the purposes of access control or authentication.25 Decentralisation, and potential automation, of trust may be privacy protective.
On the other hand, some implementations of blockchain technology pose considerable challenges to the protection of privacy and personal data. For example, if a bitcoin address is linked to a person, this may expose a person’s financial history. Thus emphasised is the need for the fundamental principles of privacy by design and privacy by default to be built into implementations of blockchain technology.26 Moreover, given the potential for poorly thought-through implementations to adversely affect personal privacy, principles of good privacy protection require the preparation of a Privacy Impact Assessment to ensure that privacy protection is encoded in the implementation.
The balance between individual rights to privacy and organisational rights to collect data is, in most jurisdictions, set by data privacy laws, which may be known as information privacy or data protection laws. The balance may differ depending upon the legal jurisdiction. But from a rights-based perspective, the collection of personal data should always be narrowly targeted to the purpose of collection and must be proportionate.
The application of existing data privacy laws to blockchain technology poses a range of challenges. The challenges arise largely because data privacy laws are based on the paradigm of centralised collection and processing of personal data. The decentralised nature of blockchain technology means that it may be difficult to determine who is the responsible entity for the collection of processing of the data, such as who is an ‘Australian Privacy Principle (“APP”) entity’ responsible for collecting personal information under the Australian Privacy Act or whether an entity is a ‘data processor’ or ‘data controller’ under the EU GDPR. Moreover, there are issues relating to whether or not data stored on a blockchain amounts to ‘personal data’ or ‘personal information’ for the purpose of data privacy laws. For example, is a user’s public key or bitcoin address personal data? The answer may depend upon the jurisdiction. For instance, under Australian data privacy law an IP address has been held generally not to be ‘personal information’,27 but under EU law an IP address is, in general terms, held to be ‘personal data’.28 As explained in the response to 5.3 – Immutability versus the individual’s right to modify or erase personal data, the potential immutability of data recorded in a distributed ledger poses fundamental problems for the rights of data subjects to correct or delete their personal data.
Confirming the validity of a transaction involves mining, whereby an arbitrary and complex mathematical problem is solved (proof of work) for a reward. This process of digitally signing a transaction identifies the source transaction address. If this address is ever compromised and associated with a real-world identity, a comprehensive picture can be drawn from linking all transactions from that address to a person. Satoshi Nakamoto warned us of this privacy issue,29 recommending that users generate new transaction addresses regularly to mitigate against the risk of identification. Even where zero-knowledge proofs, ring signatures and other encryption methods are used to obfuscate transaction addresses and transaction information, linkages are possible that may create trails of data about individuals.
In Australia, network data, including international mobile subscriber identities, IP addresses, accessed URLs, longitude and latitude information and other network identifiers were considered personal information.30 Although this network information is about the telecommunications service provided,31 the identity of an individual can be reasonably ascertained when cross-matched with information on other databases.32 An IP address in isolation is not considered personal information in Australia because of the lack of ability to link it to an individual in the absence of some other information. When linked with personal information (like a user ID in an URL collected through Google analytics and cookies),33 an IP address may be considered personal information. If linkages can be made that would reasonably identify an individual, under the current framework transaction addresses may be considered personal information to which privacy obligations attach.
Additional concerns arise as transactions in our lives become more digitised. If linkages are made back to an individual’s off-chain identity information, the accumulated linked information may be considered personal information. ‘Personal information’ encompasses a broad range of information about an individual or information that can be used to reasonably identify an individual. The Office of the Australian Information Commission has provided guidance on what is considered ‘personal information’.34 It includes things such as:
· information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record;35
· health information (potentially including health information about biological family members);36
· credit information (liabilities, repayment history, court proceedings and personal insolvency);37
· employee records (unless exempt);38
· tax file number information;39
· and mobile data.40
If it can be used to identify an individual in a manner that isn’t too tenuous or remote, it is likely to be personal information, whether recorded in writing, photos or voice recordings.
If information is not properly de-identified, there are risks of identity theft and fraud. Data on individuals and their interests, travel and consumption history is already collected, marketed and sold. It must be asked how much personal information individuals are willing to publicise to financers, insurers, potential employees, local and foreign governments, friends, colleagues, business partners and competitors. In a digital world, transparent information management is necessary. Blockchain infrastructure proves invaluable in this regard, providing a means of data security by recording rights, entitlements and permissions.
5.3 Immutability versus the individual’s right to modify or erase personal data
· How might we best reconcile immutability in distributed ledger technologies with a person’s right to modify or erase personal data?
A fundamental principle of data privacy laws is that data subjects have the right to correct or erase personal data held by others where, for instance, the data are inaccurate or irrelevant. For example, the GDPR provides that ‘every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay’.41 Similarly, under Australian privacy law, APP 13.1 provides that an APP entity that holds personal information must take reasonable steps to ensure that ‘the information is accurate, up to date, complete, relevant and not misleading’. The operation of this principle is illustrated by the ‘right to be forgotten’ under EU law which, in certain circumstances, requires Google to de-link search returns to personally identifiable data.42
Applying the ‘longest chain’ rule, the basis of consensus of most blockchains, makes it extraordinarily difficult to change data especially in a live blockchain. If an implementation of blockchain technology is ‘immutable’ in that not even a system administrator can alter it, then entities responsible for the implementation are likely in breach of their obligations under data privacy laws. There is clearly a tension between the benefits of a recordation system that promises accurate and permanent data, including the information security benefits, and the rights of data subjects to control their data, including their correction and deletion rights. The ‘immutability’ of a blockchain implementation and the rights of data subjects are therefore difficult to reconcile.
While it may be feasible for a blockchain implementation to make correction or alteration of data stored on the chain less difficult, a design decision such as this raises a host of problems. The problems include the question of who is (or should be) responsible for deciding that the data should be altered and the criteria to be applied in dealing with requests for altering or deleting data. If personal data can be deleted or altered, then what about other potential legal bases for altering or removing data, to the extent it is misleading or deceptive or infringes an intellectual property right? Moreover, if data is altered or deleted, this may cause harms] to third parties that have acted in reliance on the data, believing it to be accurate, giving rise to potential legal action based on the alteration or deletion of the data. And, more fundamentally, whenever there are different versions of a chain, there are the inevitable problems of potential forking.
While the only way to reconcile immutability and correction and erasure rights seems to be a facility for altering blockchain data, the implementation of such a facility presents formidable challenges.
The built-in obfuscation mechanisms that cryptography provides enable privacy on the blockchain in the traditional sense, by obscuring information securely from view and preventing that information from being the subject of unauthorised access or disclosure. This privacy-by-design is a legal (and social) necessity. The process of confirming transactions and verifying blocks through cryptographically secured distributed consensus is what ensures that information on the blockchain is reliable. This tamper-proof feature of an immutable design presents tensions in the context of privacy rights. As an append-only database, the information recorded on the blockchain cannot be amended. The only means by which amendment can be achieved is by storing identification information off-chain in a permissioned blockchain.
Neither blockchain immutability nor privacy is an absolute concept. The chain with a total accumulated proof of work greater than any other contains the highest difficulty of computational work and is therefore generally indicative of network consensus to other nodes.43 Nodes may disagree on the contents of the most recent blocks but converge towards what is believed to be the most up-to-date version of data. A node proposing to change a historical block deep in a chain would have to validate transactions with a hash at a faster rate than network validation in the existing chain. The cost of generating sufficient computing power to do this is prohibitive. In a 51% attack, nodes introduce information maliciously. Early in 2018, such an attack on Bitcoin was estimated to cost approximately $US8,188,880,660 for hardware and require $US14,635,627 per day for energy.44 The effect that quantum computing might have on reducing this cost is yet to be seen.
Personal information is not static. The information that can be linked to identify us changes over time. In Australia, individuals do not have a right to privacy or a right to be forgotten. However, privacy laws do secure an individual’s right to:
· modify the information held about him/her; and
· have that information destroyed or de-identified when it is no longer needed for the purposes it was collected for.45
Even if information is secured through cryptography, network consensus and ‘indistinguishability obfuscation’,46 the problem remains that the basic architectural design of blockchain networks does not provide a means for individuals to exercise their privacy rights of modification or deletion. If personal information is stored on the blockchain, e.g. a bankruptcy notice or an individual’s credit rating, that information would be available in perpetuity.
An entity must take reasonable steps to correct information when notified.47 If correction is refused, the individual must be provided with the reasons for refusal and complaint mechanisms regarding the decision.48 In a public blockchain, where no one entity controls the contents of the ledger’s information, there is the question of who could be accountable to meet this obligation. Supposing that a node’s controlling entity receives and refuses a correction request on the grounds that it is impractical by design and cost-prohibitive, a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading would need to be associated with the information.49 Applying this to every piece of information in the blockchain would not realistically scale.
The right to modification is a means to ensure users are acting on complete, accurate and relevant information which is not misleading. A timestamped record of personal information is arguably still able to be all those things, despite no longer being true in the present state. Similar observations can be made in the context of the requirement to destroy or de-identify information no longer needed for any purpose for which it was disclosed.50 The APPs are to prevent reliance on personal information if it would adversely impact the individual. Tensions between immutability and privacy highlight the important role that law plays in regulating behaviour to prevent harm. The aim of technologically neutral drafting through privacy principles is to provide for flexible application of the law to new technologies. In the high-risk environment of managing personal information, a regulatory lag brings the benefit of discussion while blockchain technology (and our technical understanding of its applications) matures.
6. Token-Related Policy Issues
6.1 Finding a mainstream use case for tokens
· What innovative use cases for tokens could be developed for the mainstream that build upon rather than clash with existing legal frameworks?
As tokens can be considered representations of an asset or utility built onto the blockchain, this question might be better framed by looking at the use cases of blockchain technology itself.
Take financial markets and exchanges, for example. Two public exchanges, NASDAQ in the US and the ASX in Australia, are looking at using blockchain technology to settle trades of traditional financial instruments.
Blockchain technology could replace the CHESS System in financial markets. There currently exists a delay before which a transaction is able to successfully clear. However, much like how cheques take at least 48 hours to clear, this delay occurs not because of a technological issue but due to business reasons.
Currently each of the institutions involved in the trades holds its own copy of data, and as a result, a reconciliation of each data set is required before a transaction clears, causing a delay. A blockchain solution would create a shared distributed database through which immediate consensus of data could be made possible, removing the delay.
What blockchain technology therefore allows is the future-proofing of business practices. Taking the above use case as an example, blockchain technology is at the very least capable of improving existing business systems and customs without clashing with current legal frameworks, and allows us the opportunity to disrupt, replace and/or automate them in a controlled manner.
7. Smart Contracts as Legal Contracts
As smart contracts begin operating in the retail consumer market, changes may need to be made to the application of blockchain technology itself and the rules regulating it.
Jurisdictional issues can arise when the operation of a smart contract is recognised as legal and enforceable in one jurisdiction but not another. The decentralised nature of blockchain technology enables the operation of smart contracts between participants in any jurisdiction.
Smart contracts enabled by blockchain technology are programmable applications that manage exchanges conducted online. Those exchanges would usually be an asset in exchange for value (but could be an asset in exchange for another asset, or one value for another value that is in a different currency). In the context of blockchain technology, value may be represented by a digital token, such as Bitcoin or another cryptocurrency.51
This dilemma of navigating across multiple jurisdictions is nothing new. Take for example when an aircraft is flown internationally. Whilst an aircraft may operate in different jurisdictions during departure, arrival and while travelling through airspace, interoperability between these jurisdictions is of paramount importance. The same can be said regarding smart contracts, which may become as accessible and commonplace as air travel as blockchain technology is adopted. The standardisation of protocols across jurisdictions will therefore be critical in ensuring that any jurisdictional issues relating to the operation of smart contracts are minimised.
It is important to note here the distinction between a smart contract from a solely technological perspective and a smart contract that is legally binding, which would be a legal contract consisting of smart clauses. Interoperability between the technology and the natural language of the law will be essential to ensure the enforceability of the contract as well as to determine the jurisdiction under which the contract will be governed. The fact that there is a technological layer to the legal contract does not detract from the agreement of the parties as to the terms of the contact including which jurisdiction is to govern the smart contract. Whilst the technology adds a layer of complexity, the law still exists, and mechanisms will be in place to ensure certainty as to the terms of the smart contract and its enforcement.
A benefit of a common law system which exists in the Commonwealth jurisdiction is that technology can impact the substance of the law and over time permeate into the principles of the law, allowing it to adapt to issues arising from new technologies.
7.1 Resolving jurisdictional and immutability issues related to smart contracts
· What is the best way to resolve jurisdictional and immutability issues related to smart contracts?
It is a fallacy that smart contracts inevitably exist outside of any particular jurisdiction. As with any other contract, the parties are at liberty to decide the most appropriate governing law or select an arbitral clause. Whilst a smart contract may have been formed without the selection of a jurisdiction, this does not mean that the contract exists above or outside the law, but only that establishing jurisdiction may be more difficult to ascertain. Where a dispute occurs, the parties will be at liberty to bring the case in the jurisdiction which makes most sense. This may be a place of residence, incorporation or business.
Jurisdictional and immutability issues related to blockchains—and the smart contracts that operate in the scripting language of the particular chain on which they live—pose significant difficulties for those seeking to standardise blockchains and regulate on-chain transactions. These difficulties especially arise where blockchain technology is being employed in a truly decentralised fashion across multiple and widespread jurisdictions. This discussion will focus on the impact of the Australian Consumer Law on the jurisdictional and immutability issues related to blockchains and smart contracts.
Technological Advancement and the Conflict of Laws
Thomas Jefferson famously said ‘[l]aws and institutions must go hand in hand with the progress of the human mind’.52 However, it may be that the problems arising from increased use of blockchains and smart contracts will continue to present potentially insurmountable difficulties as jurisdictions flow from notions of sovereignty.
One need only look to the extensive body of complicated, often conflicting, caselaw from around the world to see that the field of private international law has been and is filled with many challenges. Alternatively, the capacity for international private law to govern an increasingly globalised society may translate into workable global regulations for blockchain transactions.
Impact of the Australian Consumer Law on Jurisdiction and Immutability
Earlier in this report, issues relating to immutability and jurisdiction have been discussed in relation to an individual’s right to modify or erase personal data. The following discussion on the impact of the Australian Consumer Law on jurisdictional and immutability issues follows from that earlier discussion.
The Australian Consumer Law is contained in schedule 2 of the Competition and Consumer Act 2010 (Cth) (the “ACL”). The ACL is the core consumer protection legislation in Australia, and while it is beyond the scope of this discussion to cover its provided protections in depth, in broad terms it prohibits misleading or deceptive conduct,53 unconscionable conduct and unfair terms in standard form consumer and small business contracts.54
The ACL also provides a regime of protections known as the Consumer Guarantees.55 These Consumer Guarantees apply to consumer goods and services which, amongst other things, are defined as being valued below $AUD40,000, or of a kind ordinarily acquired for personal, domestic or household use or consumption.56 The Consumer Guarantees ensure that goods, amongst other things, will be of acceptable quality,57 match descriptions58 and be fit for purpose.59 In the case of services, the Consumer Guarantees ensure these are fit for purpose,60 carried out with reasonable care and skill,61 and completed within a reasonable time.62 In addition, the ACL provides minimum standards for consumer product safety.63
From this high-level overview of the ACL, it is apparent that transactions involving goods and services that fall within the scope of the ACL could well be recorded on a blockchain, with delivery facilitated in full or in part by a smart contract.
There are several provisions of the ACL which are relevant to the discussion on jurisdictional and immutability issues related to blockchains and smart contracts.
Agreements performed either in full or in part by smart contracts may contain terms known as jurisdictional clauses that nominate the law of a particular jurisdiction as the law that governs the contract. A nominated jurisdiction may or may not contain consumer and other protections similar to those provided under the ACL.
An interesting feature of the ACL is that its parent legislation, the Competition and Consumer Act, provides that the ACL extends to the engaging of conduct outside Australia by, amongst other things, corporations conducting business in Australia.64 However, this provision does not extend to the country of origin representations.
The extraterritorial operation of the ACL65 with specific regard to the application of the Consumer Guarantees and other statutory protections under the ACL66—covering supply of goods or services under a contract where objectively the proper law of the contract is the law of a country other than Australia—was recently considered by the Full Court of the Federal Court of Australia in the decision of Valve Corporation v Australian Competition and Consumer Commission  FCAFC 224 (‘Valve Corp’). That case concerned Valve Corporation, a company based in the State of Washington in the United States, which operates an online game distribution network on which there are around two million Australian subscriber accounts.67
In Valve Corp68 the Full Federal Court affirmed that statutory protections contained in the ACL69 apply to a cross-border transaction despite a jurisdictional clause nominating the law of another country to govern the agreement, and even though that foreign jurisdiction had a close and real connection to the transaction. It is important to note the statement in Valve Corp70 that ‘[t]he consumer guarantee provisions are … capable of application whether or not there is a contract.’71 This decision is especially relevant here in the context that a smart contract may not itself embody something that constitutes a legal contract. It also is relevant as privative type clauses are commonly found in blockchain and smart contract-related agreements asserting that the parties are not entering into a legal agreement. Consideration has not been given as to whether the same approach would be taken to other privative type clauses commonly found in blockchain and smart contract related agreements asserting that no jurisdiction applies to the agreement.
The prohibitions against unfair contract terms contained in the ACL72 apply to standard form consumer and small business contracts.73 The definitions of both a consumer and small business contract are broad and could well include a contract of significant value that a smart contract embodies in full or in part.74 The ‘take it or leave it’ unnegotiable pre-prepared terms commonly found online and elsewhere almost certainly fall within the ACL75 definition of a standard form contract.
The core characteristics of the meaning of ‘unfair’ are supported by a non-exhaustive list of examples of unfair terms that includes:
· a term that permits, or has the effect of permitting, one party (but not another party) to avoid or limit performance of the contract;
· a term that permits, or has the effect of permitting, one party (but not another party) to terminate the contract; and
· a term that limits, or has the effect of limiting, one party's vicarious liability for its agents.76
What might constitute an unfair term of a standard form consumer or small business contract is broad. This certainly opens the door for an Australian party to dispute a contract and seek a remedy in relation to an unfair term, which could give rise to the need to modify or remove a transaction recorded on an immutable blockchain.
The statutory remedies available for breaches of the ACL are broad and powerful. As will be seen, should a dispute about an on-chain transaction or operation of a smart contract reach an Australian court and be determined in favour of the applicant, the remedies available give rise to the very real possibility that a blockchain transaction may need to be altered, reversed or removed, and likewise for any associated smart contract.
The arbiter of appropriateness governs the remedies available for breaches of the ACL that could see the need to modify or remove a transaction recorded on an immutable blockchain and likewise any associated smart contract.77 Examples of these remedies include orders:
· declaring the whole or any part of a contract void either from the beginning, or at any subsequent time specified by the court;
· varying a contract or arrangement;
· refusing to enforce any or all of the provisions of a contract or arrangement;
· directing the refund or return of money or property; or
· in relation to an instrument creating or transferring an interest in land, directing the execution of an instrument that varies or terminates, or has the effect of varying or terminating, the operation or effect of the initial instrument.78
Remedies for breaches of the Consumer Guarantees that could see the need to modify or remove a transaction recorded or associated smart contract in an immutable blockchain include entitlements to:
· reject goods;79
· terminate contracts for the supply of services that are connected with rejected goods;80
· terminate contracts for the supply of services;81 or
· terminate contracts for the supply of goods connected with terminated services.82
It is important to note that altering a blockchain by fork or other mechanism may have an effect on transactions subsequent to the particular transaction(s) being altered. This is relevant as in ordinary circumstances the change to the record will require consensus which may not be forthcoming, and practically speaking, may be difficult for the court to enforce. Proceedings seeking orders of the type outlined above must be commenced within six years.83 In the case of the Consumer Guarantees, there is no specified time limit for commencing an action, and whether there has been a breach may in part depend on the type of good or service, when it was acquired and when the failure occurred. One only has to ponder the number of transactions that will have occurred on any given blockchain inside even the six-year time limit.
Issues arising from pseudonymity on the blockchain and the inherent difficulties of identifying transactional parties for naming as respondents—in any legal proceedings commenced seeking orders under the ACL, including those mentioned above—must be acknowledged. While beyond the scope of this discussion, it is sufficient to say that adequate provisions exist under procedural rules for such proceedings to identify individuals or entities, for example through third party on- and off-ramping service providers.84 An example of such a provision is the successful use of a ‘John Doe Summons’ issued on Coinbase by the US Internal Revenue Service to investigate potential tax avoidance.85 Perhaps a problem more difficult to solve is identifying an entity or person for the purposes of commencing proceedings where the smart contract or overarching agreement is created by a decentralised autonomous organisation.
The aim of these discussions is to assist in a more detailed understanding of the impact of the ACL on the jurisdictional and immutability issues related to smart contracts. Ideas to overcome the jurisdictional and immutability issues related to smart contracts, fully or in part, also merit examination:
· Standardising the coding of smart contracts to produce jurisdictionally appropriate results. Such a solution is not out of reach when geocoding technology is considered;
· Standardising the use of an appropriately designed forking mechanism that does not adversely impact transactions subsequent to that sought to be varied, reversed or removed—if at all possible. In line with the consensus issues raised above in relation to court-ordered alternations to a blockchain record, such a mechanism would need to be invocable with a special type of ‘consensus’, which could be a protocol coded into the scripting language that is invoked in response to court orders; or
· Confining standardisation or regulation of blockchain technologies to transactions that are unlikely to see numerous and frequent needs to amend the blockchain following court-ordered changes to transactions involving smart contracts.
7.2 On the legal validity of smart contracts86
Here we focus on two aspects of a contract:
· Clarity: This is taken to mean that terms and conditions in a contract should not be ambiguous. As a smart contract is a deterministic program, it seems to satisfy this requirement, given that the terms and their execution are specified by formal mathematical semantics. However, one has to consider that often, contracts contain terms that are left ambiguous on purpose (often called ‘open texture expressions’). For example, a contract can contain the expression ‘best effort’. While the general meaning of such an expression is often clear to the parties involved in the contract, there remains the issue of how the smart contract functions, how objects and methods associated with such terms are computed, whether the definitions are allowed to evolve during the performance of the contract, and whether the updates are transparent to the users. For example, the smart contract could rely on an external (off-chain) oracle that uses some machine learning algorithm to determine, based on previous executions of activities of the same type, whether an activity/transaction satisfies the condition for being classified as ‘best effort’. A potential problem is that the learning algorithm is not transparent for some of the contractual parties, either for the nature of the algorithm itself or for the amount of data required—which makes it essentially impossible for a person to manually replicate the computation to get a detailed explanation of the classification’s justification.
· Understandability: This refers to the capacity to understand the meaning of a program and to follow the steps implemented by the execution of the program. The signatories of the contract ideally should be able to understand the source code. Most smart contract systems today adopt an imperative, or procedural, approach. In this approach, the smart contract directly states that the computational operations must be performed to implement the legal contract. In research on AI & Law, it has often been argued that a declarative approach to modeling normative knowledge is preferable. The latter should state the legal arrangements upon which the parties have agreed, abstracting from the computations that are needed to implement them. This should allow for a more compact representation that is closer to natural language and to human understanding. When programming in an imperative language, the programmer writes an explicit sequence of steps to be executed to produce the intended result. The programmer has to write what has to be done and how to perform it. Furthermore, the order of steps to be executed is paramount to the correct behaviour, and it might become difficult to properly specify it for large-scale smart contracts. As a consequence, there is the risk that an imperative contract is so convoluted and complicated that a party cannot make sense of it, and this would render the smart contract not legally valid. On the other hand, a declarative contract may more easily pass the understandability test, being simpler and closer (more isomorphic) to natural language. However, a declarative contract requires an underlying engine/interpreter to implement the reasoning steps.
To conclude, we highlight a couple of technical issues with smart contracts that should be addressed before widespread adoption of smart contract technology for legally valid contracts.
· Termination clauses: What happens in circumstances where a contract is deemed invalid or void (by an entity, e.g., court or arbitrator, with the power to rule on the legal validity of the contract), but the smart contract does not have a switch to turn it off? A potential solution is to create a second smart contract to undo the changes done by the original contract. However, this option gives rise to several more issues, e.g., what if the original contract were a standing contract for re-occurring events? If the smart contract to undo the effects of the original smart contract must run every time the original contract is executed, who has to pay additional (gas) costs to run and undo the contract after it has been ruled void or invalid? Further, there is the question of whether such costs are reasonable sanctions (when one considers the high degree of fluctuation of cryptocurrencies related to the various platforms).
· Timing issues: Oftentimes a contract specifies deadlines and other temporal parameters, the satisfaction of which can be confirmed by a trusted third party. In a blockchain platform, however, transactions are submitted for inclusion in the platform with a timestamp. The most reliable timestamp corresponds with the time when the transaction has been recorded in a block, which is then included in the ledger—and this time comes after the time the transaction occurred. Reasons for the lag include the latency of the network, the time taken to mine the block where the transaction is to be permanently recorded, the waiting time before a transaction is to be included in a block based on the number of transactions in the queue, and the fees paid to miners that could influence the priority of inclusion of the transaction in the next block. Thus, even if a transaction is genuinely submitted before a deadline, the transaction could be recorded in the blockchain after the deadline.
In summation, it is necessary to acknowledge that the discussion presented here is mostly speculative for the following two reasons: the first is the present lack of cases arguing the legal validity of smart contracts; the second reason is that smart contract technology has not yet developed into practical legal smart contracts. While a simple contract may be easily implemented, the implementation of complex contracts—or reasoning engines for declarative approaches to the representation of contracts—are not feasible with current smart contract technology. Smart contracts either do not directly support programming features for easy implementation, and/or their complexity and deployment costs (e.g., gas needed to run the corresponding program) prevent practical and viable applications.
Generally, technology can assist in solving the problems that technology creates. For example, blockchain technology creates privacy issues; however, there are potential technology solutions to this problem. The real key is articulating the problem in a way that can be understood by the entire ecosystem of numerous disciplines. Solving these problems requires a true multidisciplinary approach comprised of thought leaders including lawyers, regulators, technologists and data scientists.
For example, in the eDiscovery world, the explosion of electronic data created by technology can easily translate into millions of potentially relevant documents on an average matter, a stark contrast to the days when most evidence was in paper form. Review of such large electronic volumes for a litigation or regulatory matter is cost prohibitive for litigants or respondents. However, advanced technologies such as analytics and predictive coding, a type of machine learning, can now assist in defensibly identifying a much smaller subset of electronic documents for review, enabling better access to justice. Indeed, technology is a double-edged sword, as it has created this problem but is now also helping to solve it.
Technological advances are changing both the nature and the practice of law. From big data to artificial intelligence to blockchain, new legal issues that will need to be tackled not only by the legal community but also by ethicists are now emerging. For example, there exist questions as to who is liable when a cryptocurrency wallet provider is hacked, or when the artificial intelligence engine trained by a team of lawyers to identify key evidence gives incorrect results.
In closing, we identify three significant questions that press the hardest on industry, government, and the legal profession:
1. How can blockchain be fit for purpose?
2. How can we achieve best practices for cryptocurrencies?
3. What is blockchain’s evolving relationship with the law?