Demystifying the Blockchain – What is it, and what are the legal considerations?
February 26, 2019
“The Blockchain will do for transactions what the internet did for information”.
Blockchain is seen as one of the most significant technological developments in recent years, with the potential to change (and even ‘disrupt’) many industries. As Ginni Rometty (CEO of IBM) put it:
“The Blockchain will do for transactions what the internet did for information”.
ORIGINS: CRYPTOCURRENCIES AND FAR BEYOND
Blockchain is the technology that underpins the first cryptocurrency, Bitcoin. It acts as an incorruptible digital ledger for the storage of transactions, which is useful given the susceptibility of traditional currencies to fraud, counterfeiting etc. However, it is now clear that the potential applications of blockchain go far beyond this.
WHAT IS IT?
A blockchain is, in simple terms, a ledger showing an audit history of information or data and any changes made to it – e.g. currency transactions, medical records, intellectual property rights etc…
The data in question is stored in ‘blocks’ (essentially time-stamped snapshots of the most recent iteration of that data), which are stored together in an audit ‘chain’.
The blockchain is stored in all ledgers across a wide network of participating computers (or ‘nodes’), and all ledgers are automatically updated with each transaction. This creates a secure, immutable, audited and distributed data record. In a public blockchain such as this, there is no central server or company controlling data entry or its integrity. A variation on this would be where there is a closed or proprietary system – such as proposed for the NHS – where there would be controls on the extent to which the blockchain is distributed.
With every change or addition to the data, a request is sent to the relevant nodes within the network (or ‘miners’). The miners then race to verify the transaction, which involves solving a mathematical problem. Once that maths problem has been solved, (and provided everything matches up) the new block is added to the existing chain and distributed across the network.
The information itself is secured using public/private key cryptography.
Such a trustworthy environment could (according to blockchain advocates) have myriad applications, particularly where you have multiple parties wanting to share data, and the integrity of that data is critical. For example:
- In financial services – combating fraud by storing data on a distributed basis, whereby there is no single ‘point of failure’, and a reduced requirement for intermediaries (who are vulnerable to crime); enabling more secure payments between organisations; and facilitating more efficient compliance checks (KYC, AML and so on).
- In the context of IP – recording evidence of ownership and use, as well as tracking and enforcing IP licences and the management of IPR generally.
- In the music industry, blockchain could be used to create a digital rights database which enables automated royalty payments, (to name just a few…).
Clearly there is a great deal of excitement in the business world, however before widespread adoption of this technology can happen, there are some legal conundrums that we lawyers must attempt to solve.
This is one of the buzzwords that we often hear in the context of blockchain. Simply put, a smart contract is a set of coded instructions which automatically trigger an action on a specified event – e.g. a read access to some data for a specified time. The basic concept of a smart contract or an algorithmic contract is not ground-breaking in itself, but the potential of having algorithmic rules, conditions or permissions built into data at a storage level through cryptography is quite exciting. Traditional systems separate out the rules from the data that is stored. This means it could be possible to bypass a rule and make unauthorised change to the data. In theory this would not be possible in a blockchain implementation of a smart contract. However, problems start to arise when the law gets involved. For instance, could one of these smart contracts be valid and binding for the purposes of contract law (think: offer, acceptance, consideration, intention and certainty)? Who are the parties? What constitutes negotiation, agreement and signing? Can hardwired code react to events in the real world? As the lines between the smart contract and the ‘traditional’ contract become more blurred, all of these questions (and more) require answers.
If something goes wrong on the blockchain, how do you apportion blame or liability where there is no central point of responsibility? What about in the case of a DAO (or Distributed Autonomous Organisation – see glossary!) – what is its legal status and how is it held to account if one of its smart contracts is poorly written and has an undesired effect? There are plenty of questions that need to be addressed as the use of blockchain becomes more wide spread, including important questions on legal personality and status.
At its heart blockchain is all about the secure storage of data. With data protection being such a hot topic at the moment (please visit our website to see our recent publications on the GDPR), organisations adopting blockchain technologies need to ensure that, where personal data is involved, the systems in question are fully-compliant. In some ways, the distribution of data across the blockchain network makes this trickier than it already is, for example: where the network spans across borders, is the transfer of data across those borders lawful? Which data laws apply? Are mechanisms in place to ensure that all the rights of the data subject are respected? Could the coding of, say, the GDPR into a smart contract actually make compliance easier?
“one of the key aspects of blokchain is that each new block contains a copy of the entire data set. This means that the amount of storage required increases exponentially over time.”
governing law & jurisdiction
As touched upon above, if something goes wrong, or there is a dispute regarding the blockchain or the data stored within it, the ‘parties’ need to know: which laws apply to that dispute; which courts have jurisdiction; and which dispute resolution mechanism is most appropriate. Perhaps a more pressing question is: where are these issues going to be addressed? Will they be hardcoded into the relevant smart contract? In the case of a private system, will service providers require users to agree to certain contractual terms before they can access the system? All of this remains to be seen.
Clearly the over-arching question here is how regulators will address the many legal quandaries that blockchain poses. The current lack of regulation (coupled with the use of ‘sandbox’ programs) provides an opportunity for innovation and disruption, however this does little to help larger firms operating in heavily-regulated sectors who want to embrace and utilise blockchain. There is also a question over how an ultra-secure blockchain can be adapted or tweaked to ensure continued compliance with new laws.
CAN IT BE RELIED UPON?
In amongst all the hype, it is important to ask ourselves whether blockchain ‘does what it says on the tin’ – i.e. provide a completely secure and trustworthy record of historical data. According to some commentators, this is where question marks start to creep in.
One of the key aspects of blockchain is that each new block contains a copy of the entire data set (see diagram towards the end of this note to see how it works!). This means that the amount of storage required increases exponentially over time. At the same time, we have the widely-accepted notion that computer processing power increases over time, which means a greater chance of encryption being ‘cracked’ by sheer brute force (the advent of quantum computing will only speed this up – but we won’t go into this!).
We end up in a situation where we are relying on computers getting sufficiently big and powerful in order to meet the growing blockchain storage requirement, while at the same time hoping computers don’t get so big and powerful that blockchain encryption is undermined. Some computer scientists have argued that this is an impossible paradox to solve without manually deleting and recreating the blockchain, thus losing the data integrity advantage.
With this in mind, those using blockchain or looking to harness it should tread carefully. For instance, if you end up using blockchain technology as part of your compliance regime, be sure to check that the system in question gives you what you need in terms of audit-trail and security. Similarly, if you are a provider of services based on blockchain, make sure you don’t overpromise in terms of the technology’s capabilities and longevity.
THE LAWYER’S ROLE
In order to make smart contracts a reality – or apply algorithms in the context of GDPR or MiFID compliance – the analytical and logical skills of the lawyer will now need to flourish not just in the drafting of traditional contracts but in the coding of the rules and algorithms. This does not mean that the lawyer has to become a coder, but he or she will need to understand the functioning of the blockchain world and the methods used by coders.
On the topic of coding, we have also published an insight into the approach to be taken when drafting commercial agreements, and the striking similarities between that process and the process of writing computer code.
HOW WE CAN HELP
We already have experience advising early-stage blockchain companies, including one specialising in secure data distribution for enterprises on a private SaaS basis. We are therefore familiar with: (i) the legal pitfalls to be avoided; and (ii) advising blockchain companies in relation to data protection, commercial agreements, corporate structure, and the protection, management and exploitation of their intellectual property.
As ever with fast-moving technology, it is always best to get on top of the legal side of things as early as possible, rather than having to firefight at some point in the future. With that in mind, if you are a technology company looking to harness blockchain systems as part of your business, or if you would simply like to discuss this topic in a bit more detail, please do not hesitate to contact one of our team who would be happy to help.
Bitcoin – a digital currency based on blockchain technology, invented in 2008. It allows the making of payments without the need for banks, using blockchain distributed ledger technology.
Ledger – in the context of blockchain, an encrypted copy of the entire database and all of its audit history.
Node – a computer within the blockchain network holding a copy of the ledge.
Minder – a node which solves mathematical problems to verify if a transaction is valid.
Smart contract – a coded set of instructions which allow or block a particular action on certain specified criteria being met
GDPR – the EU General Data Protection Regulation, which came info force in the UK on 25 May 2018 (see our other publications on the GDPR and the Data Protection Act 2018).
Personal data – any information relating to an identified or identifiable natural person – i.e. someone who can be identified directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical physiological, generic, mental, economic, cultural or social identify of that natural person.
Sandbox – a means by which regulators (such as the FCA) allow innovative technologies to be tested prior to being approved for launch (essentially a ‘supervised’ virtual space). The FCA has joined with other regulators in extending this internationally
DAO (Distributed Autonomous Organisation) – an entity which is operated and underpinned entirely by pre-written smart contracts, needing little to no human intervention.