Published in Asian-mena Counsel: Cyber Crime & Data Protection Special Report 2018

Screen Shot 2018-10-23 at 6.26.56 PMBy Ronald Yu

Email: ron.yu@iipcc.org

 

Counsel need to be aware of the potential legal and other limitations of this rapidly evolving technology.

 

Screen Shot 2018-10-23 at 6.11.23 PMThere is much talk about blockchains, with billions of dollars being invested in the technology and many organisations looking to apply it in some fashion to their respective operations. But there are important questions counsel should ask before jumping in.

A blockchain can be thought of as a cryptographically secure database of digital transactions (ie, a ledger) shared across a network of participants (nodes) over public or private networks, where each participant holds a copy so all the information on the database is potentially available to all participants at any moment in time.

Blockchains are distributed and incorporate a public/private key infrastructure (ie, you need a public and private key for access). Proponents of blockchain talk of its immutability; meaning that once data is stored it cannot be altered (at least not easily).

These characteristics raise several very significant managerial and legal issues.

 

Is distributed best in all cases?

If you need centralised control (for example, to manage corporate confidential information), a transparent distributed system may be problematic. In a public blockchain, the audit history is publicly viewable, which means:

  • One might be able to indirectly derive identifying information based on transaction patterns, timing, volumes, etc.
  • It may not be private. Web trackers and cookies have been used in investigations to track down identities of blockchain users. Critics decried the UK Department of Work and Pensions’ trial of a blockchain application to track how welfare claimants spend their benefits in 2016 as a waste of public funds and a violation of users’ privacy.
  • There are associated cybersecurity risks. Blockchains are potentially at risk from cyber attacks.

Moreover, while distributed blockchain ledgers may well be more secure than traditional centralised ledgers, cyber risks remain and recent events call for analysis as to who bears the loss and responsibility for damages in connection with a blockchain including:

  • the Mt. Gox hack that resulted in the loss of hundreds of thousands of bitcoin;
  • the January 2015 attack on Luxembourg- and London-based Bitstamp, that led to the loss of 19,000 bitcoin, valued at about US$5.1 million;
  • the 2016 attack on Hong Kong-based Bitfinex resulting in a loss of nearly 120,000 bitcoin; and
  • the September 2018 hack on the Japanese cryptocurrency exchange Zaif, with losses of bitcoin and two other digital currencies estimated at about US$59.67 million.

 

Key-ed in

As blockchains require a set of keys for access and amendment to the ledger, who holds the keys and what happens should these persons leave the organisation for whatever reason is a problem. Loss of keys potentially means loss of access, thus their management is a serious thing. Also, there is a risk that a malicious user may attempt to compromise or steal keys to gain access to the digital assets on the blockchain.

 

Environment and security

Organisations concerned about their environmental footprint — or energy costs — need to know that blockchain systems can consume large quantities of energy. In 2017 it was claimed that the bitcoin network consumed as much energy as was used by 159 of the world’s nations. This prodigious consumption is mostly a consequence of proof-of-work (PoW) algorithms employed by many blockchain applications such as bitcoin.

Proof-of-stake systems attempt to address this issue but raise new security concerns (PoW systems are also theoretically vulnerable but this is beyond the scope of this article).

 

Legal issues

As with many new technologies, the law is struggling to catch up and as a result, there exist several potential legal issues surrounding blockchains and blockchain applications.

Being network based, blockchain systems can cross jurisdictional boundaries as the nodes on a blockchain can be located anywhere in the world. This can pose a number of complex jurisdictional and legal issues.

Few jurisdictions have adopted a blockchain law, while some jurisdictions have simply banned certain blockchain-related applications. (For example, in September 2017, the People’s Bank of China issued a ban on ICOs totally, declaring them to be illegal and disruptive to economic and financial stability).

The law relating to and the acceptability of blockchain-related contracts (ie, smart contracts) is not settled and there are partnership/joint venture questions as well.

 

Cooperation in a blockchain environment

Blockchain nodes work cooperatively, resulting in several as yet unanswered questions:

  • Does a group of entities participating on a blockchain constitute a ‘partnership’ or ‘joint venture’ (with all the associated legal implications)? The answer is not clear owing to different standards for what constitute a ‘partnership’ or ‘joint venture’ between civil and common law jurisdictions.
  • Are individual transactions executed via a distributed ledger are likely to be considered contracts? This is important because contractual liability results in joint liability where the causes of actions are not distinct and the defendants acted in furtherance of a common objective (ie, blockchain). So, if nodes and developers cooperate in developing and managing a blockchain, could they be liable in relation to third parties?
  • Is an entity operating in the blockchain potentially liable in tort if its negligent act, omission or misstatement causes loss or damage including loss, for example, due to a security breach or a coding error?

 

Garbage in, garbage out

Blockchains do not check the data that go into them, they only check whether or not the individuals writing to the blockchain have the right to do so.

Thus, information going into the database needs to be of high quality as data stored on a blockchain is not inherently trustworthy. Moreover, once you store data on a blockchain this data cannot easily be altered.

An inaccurate record on the system may cause losses to those relying on it. Such entity’s liability in negligence will depend on whether it owes a duty of care and has breached that duty, whether the breach caused loss or damage, and whether it has effectively contractually excluded liability for this type of loss or damage.

This also raises privacy issues — how can the immutability of a blockchain be reconciled with existing privacy legislation (eg, the EU’s General Data Protection Regulation) that give individuals the right to rectify or delete any data, especially incorrect data, that affects them or has been posted or uploaded without their consent?

 

Further details

And as if all this were not enough, there are also unanswered IP-related questions surrounding blockchains and blockchain applications, as well as ownership of the information in the database.

In particular, counsel must not be lured into thinking, as some blockchain pundits might have people believe, that a piece of content attached to a blockchain is equivalent to or can replace a registered IP right; it is not, as it lacks the same legal effect and rights as, say, a patent.

 

It’s still developing

Finally, blockchain is still evolving as a technology, which means that several technical problems have not been settled in addition to the aforementioned legal ones and that multiple standards have emerged.

 

This raises:

  • Interoperability risks — blockchains employing different standards may be unable to interact with one another.
  • Technological risks — choosing a standard that is later superseded is potentially costly given the high initial capital costs or subsequently discovering serious flaws in the technology.

All this does not mean that companies should not employ blockchain technologies, indeed there are many worthwhile applications for blockchain in supply chains, food safety, asset tracking, etc. But counsel need to be aware of the potential legal and other limitations of this rapidly evolving technology.

 

Email: ron.yu@iipcc.org

Official Publication: Asian-mena Counsel

Click Here to read the full issue of Asian-mena Counsel: Cyber Crime & Data Protection Special Report 2018.

Related Articles by Firm
Clasis Law (India) Newsletter August 2015
Analysis of the revocation of a company's drug patent and other key court rulings and updates on corporate and commercial matters
Foreign Banks Allowed to Operate in Myanmar
After more than 50 years of banning, the Central Bank of Myanmar has issued the first final licenses allowing four foreign banks to operate in Myanmar.
Tanzanian Draft National Energy Policy of 2015
Highlights on the ongoing and upcoming industry developments with focus on the transition of the energy sector since the introduction of the Big Results Now! campaign
Mineral Rights Available in Tanzania
Overview of the mineral rights available in Tanzania, with specific focus on the various categories of mineral rights
The Legal Framework of the Aviation Sector in Tanzania
As attention turns to Tanzania’s trade and energy opportunities, the spotlight has fallen upon the nation’s infrastructure. This update focuses on the capabilities and issues of the Tanzanian aviation sector.
Oil price volatility - Offshore oil storage
Are there any legal concerns with tankers being used for floating storage?
Oil price volatility - risks and opportunities in 2015
While many companies can weather the oil price slide and volatility, some industry players face a real risk of insolvency.
India: Union Budget 2015
A bullet-point overview of changes in Direct Tax, Indirect Tax and Goods and Service Tax in India in light of Finance Minister Arun Jaitley’s first full-year Budget…
Prohibition against transfer of personal data outside Hong Kong
Section 33 of the Personal Data (Privacy) Ordinance (PDPO) prohibits the transfer of personal data to places outside Hong Kong, except in circumstances specified in the PDPO.
Security of payment under FIDIC contracts: more secure, for now
The High Court of Singapore recently handed down an important judgment in relation to the enforceability of Dispute Adjudication Board (DAB) decisions under the FIDIC forms of contract.
Insurance Laws (Amendment) Bill passed as Ordinance in India
The long-awaited Insurance Laws (Amendment) Bill has become a provisional law in India. The Bill amends the Insurance Act (1938), the General Insurance Business (Naturalisation) Act (1972), and the Insurance Regulatory and Development Act (1999).
SICC: now open for business
On Monday 5 January 2015, the Singapore International Commercial Court ("SICC") was officially opened...
Myanmar insurance update
Clyde & Co partner Michael Horn recently visited Myanmar's commercial capital Yangon and reports on the current state of the insurance market...
Launch of the online mining cadastre transactional portal
Plus, a summary of the key mineral rights available in Tanzania; and, a look at the manner in which mineral rights can be transferred.
Restrictions imposed on holders of mineral rights
This briefing looks at some of the restrictions imposed on holders of mineral rights in Tanzania by the Mining Act 2010
Draft local content policy for the oil & gas industry in Tanzania
The first draft of the long-awaited local content policy for the oil & gas industry in Tanzania has now been published by the Ministry of Energy and Minerals ...
Tanzania: Revocation of mining licences
The Tanzanian government recently announced the cancellation of a total of 174 mining licences. This mining update examines the key continuing obligations imposed by the Mining Act upon mining licence holders.
Mining Development Agreements
In this month’s mining briefing we look at Mining Development Agreements (MDAs) and the role that they play in the mining sector in Tanzania.
The Tanzanian railway system: current legal framework
The railway system of mainland Tanzania has a total track length of 3,676 kilometers (km) with two separate networks, run by two separate organisations ...
Related Articles
When disaster strikes – seven lessons in handling a cyber attack
Proper preparation and planning can help organisations set out a clear path for responding to a cyber breach ...
The Law on Cybersecurity and its effects on enterprises in Vietnam
Foreign service providers may be affected by a new regulation aimed at improving cybersecurity in the country ...
Toward an innovative new strategy for In-House Counsel
An in-house legal team can achieve much more than saving money, but it requires a more strategic approach than most companies have adopted, writes Mitchell Kowalski, the Gowling WLG Visiting Professor in Legal Innovation at the University of Calgary Law ...
Related Articles by Jurisdiction
Latest Articles
Print Edition Subscription Form – Asian-mena Counsel
Asian-mena Counsel Print Edition Subscription Form
Creating an effective fintech IP strategy
Revised guidelines could provide opportunities to protect technology in this rapidly developing sector.
Significant precedents from the DIFC courts
Afridi & Angell successfully defended an anti-suit injunction, an application to exclude evidence and obtained a document production order.