B. CODE’S RESISTANCE TO THE LAW
To solve the problems mentioned, one could simply try to apply the concepts, principles, and rules of private law to DLT. This would entail determining for each and every operation on the blockchain the applicable national law and checking whether its requirements for the transfer of property are fulfilled. Yet such a legalistic approach cannot overcome the gap between law and technology. There are several stumbling blocks that stand in its way.
1. THE AUTONOMY OF THE BLOCKCHAIN VIS-À-VIS NATIONAL LAW
The first obstacle on the road to applying the law to DLT is its autonomy. The technology operates independently from the law.64 It is also impossible for the law to impose its requirements on the blockchain.65
The problem is well illustrated by the case of stolen bitcoin that a thief transfers to his own public key.66 Legally, this transfer should be invalid given that the holder of the bitcoin has never agreed to it.67 But when the correct codes are entered and broadcast to the nodes, a new private key is created for the recipient in about ten minutes, the average time to confirm a bitcoin transaction.68 This private key gives the transferee the factual power to dispose of the crypto currency despite the fact that there was no legal basis for the transfer.69 Though the
64. See Fairfield, supra note 3, at 809 (discussing the insulation and autonomy of blockchain property).
65. See discussions supra Part A.1.
66. See e.g., Joey Garrison, 2 Men Arrested in Elaborate Plot to Steal $550K in Cryptocurrency by Hacking Social Media Accounts, USA TODAY, https://www.usatoday.com/story/news/nation/2019/11/15/massachusetts-men -arrested-plot-steal-cryptocurrency-bitcoin-social-media-threats/4201763002/ [https://perma.cc/B62X-GTFS] (last updated Nov. 15, 2019, 3:19 PM) (reporting examples of stolen bitcoins); Michael Kaplan, Hackers are Stealing Millions in Bitcoin—and Living Like Big Shots, NY POST (Apr. 13, 2019, 2:43 PM), https://nypost.com/2019/04/13/hackers-are-stealing-millions-in-bitcoin-and-living-like-big-shots/ [https://perma.cc/G3EN-6ZUM] (reporting examples of stolen bitcoins).
67. See RESTATEMENT (SECOND) OF CONTRACTS supra note 47 and the accompanying text.
68. See How Long Does It Take to Transfer Bitcoins and Why?, COINSUTRA, https://coinsutra.com/bitcoin-transfer-time/ (last updated Aug. 6, 2019) (explaining why it takes ten minutes to confirm a transaction).
69. See DE FILIPPI & WRIGHT, supra note 2 and the accompanying text.
recipient cannot be considered the “owner” of the bitcoin in a legal sense, he has obtained the ability to transfer via the blockchain. It is impossible to prevent him from exercising this power by, for example, sending the bitcoin to a third party. Any transfer made by him leads to the creation of a new private key in the transferee’s favor, who can be anywhere on the planet. This new key can then be used again to create a further new private key for anybody in the world, and so on. The process is legally unstoppable.
Another illustration of the blockchain’s resistance to the law is the hypothetical of succession. Let us imagine “A,” dying intestate with his private key stored on an office computer to which his employer has exclusive access. Legally, all of A’s assets belong to his estate.70 Yet factually, the employer has the private key in his possession, which gives her unlimited power to send the crypto currency to anybody she wants. The legitimate heir or executor of the will, in turn, is unable to dispose of the crypto asset as he lacks the private key. There is no way to obtain it other than via the blockchain. The technology resists accounting for the death of the bitcoin holder because the event takes place outside of the blockchain.
What emerges in these cases is that the divide between law and technology cannot be easily overcome. DLT is a selfcontained mechanism that works autonomously and is shielded from outside influences. A transfer of crypto assets is effective on the blockchain whenever the private and public keys are used, and only in this case. For this reason, the hacker who obtained bitcoins illegally can dispose of them, whereas an heir or executor who is legally entitled to them cannot. To make DLT compatible with the law would require a complete reconceptualization of the technology. This cannot be done under the protocol in its current form.
2. THE IRREVERSIBILITY OF BLOCKCHAIN TRANSFERS
One could attempt to avoid the clash between technology and the law by “correcting” the blockchain after a transfer is executed. Instead of requiring title or property as a condition of transfer, one might, for instance, consider the transfer made by the thief to himself in the example above as being invalid. As a
70. See MCGOVERN ET. AL., supra note 57, at 8 (defining “estate” as the property of the decedent).
consequence, the newly added block of the chain would have to be deleted and the original owner and victim of the theft would have to be reinstated as the rightful holder of the bitcoin. The same procedure could be used where someone other than the heir of the bitcoin holder or the executor of his will disposes of his assets. In other words, the blockchain would be changed subsequent to the transfer in such a way as to restore the parties to their original positions.
Such a corrective approach would, however, be inhibited by another feature of the blockchain: its immutability or “nonrepudiability.”71 Once a transfer has been added to the chain in the form of a block, the information can no longer be removed technologically. The chain has been transformed forever and can only be accepted by other nodes as such. Every transfer on the blockchain is, therefore, immutable, which is one of the major reasons why DLT is particularly tamper-proof and can dispense with trust.72
One must partially qualify the characterization of blockchain transfers as immutable. There are a great variety of DLT networks, which represent different trade-offs in terms of reversibility and finality of transactions.73 They can be roughly divided into permissioned and permissionless networks.74 Permissionless systems are those in which anybody can
71. See DE FILIPPI & WRIGHT, supra note 2, at 37 (stating that the data stored on the blockchain is nonrepudiable).
72. See discussion supra Part A.1.
73. See, e.g., Xiwei Xu et al., A Taxonomy of Blockchain-Based Systems for Architecture Design, IEEE INT’L CONF. ON SOFTWARE ARCHITECTURE 246 (2017), http://ieeexplore.ieee.org/document/7930224/ (last visited Mar 26, 2018); Richard Gendal Brown, A Simple Model to Make Sense of the Proliferation of Distributed Ledger, Smart Contract and Cryptocurrency Projects (2014), https://gendal.me/2014/12/19/a-simple-model-to-make-sense-of-the-proliferation-of-distributed-ledger-smart-contract-and-cryptocurrency-projects/ (last visited Mar 27, 2018); Tim Swanson, Consensus-as-a-service: a Brief Report on the Emergence of Permissioned, Distributed Ledger Systems 12– 14 (April 6, 2015), available at: http://www.ofnumbers.com/wp-content/uploads/2015/04/Permissioned-distributed-ledgers.pdf.
74. See Xu et al., supra note 73 at 246 (describing permissioned and permissionless blockchain as two design options for blockchains). Cf. Till Neudecker & Hannes Hartenstein, Network Layer Aspects of Permissionless Blockchains, 21 IEEE COMM. SURV. & TUTORIALS 838, 838 (2019) (characterizing permissionless systems as unstructured peer-to-peer networks that typically rely on the consensus of the participants, not a central operator).
participate and where consensus is thus highly distributed.75 In contrast, permissioned systems feature one or more authorities that act as gatekeepers.76 They allow participants into the network and sometimes also confirm transfers.77 In a permissioned system of the latter type, i.e. one with confirmation powers limited to some nodes, it is relatively easy to reverse a transaction with the help of the authorities in charge.78 Yet reversals are also not unthinkable in other types of permissioned and even in permissionless systems.79 They are effectuated by creating a so-called hard fork that splits the blockchain protocol in two. This happened, for example, to the Bitcoin network when it was reorganized in 2013,80 and with the Ethereum network after a considerable amount of the cryptocurrency was siphoned off by hackers in 2016.81 In both instances, a new version of the blockchain was created. While the case of Bitcoin seems to have been relatively unproblematic, in the case of Ethereum, the old, hacked ledger refused to die, which resulted in the parallel existence of two separate currencies: Ethereum (One) and Ethereum Classic.82
The example of Ethereum illustrates that a reversal of the blockchain comes at a hefty price. Two parallel versions of the same ledger are far from ideal and may lead to many problems. Those who have invested in the “dying” ledger are deprived of the “real” cryptocurrency. All other participants will be confused
75. See Neudecker & Hartenstein, supra note 74 and the accompanying text.
76. See Xu et al., supra note 73, at 245 (“[A] blockchain may be permissioned in requiring that one or more authorities act as a gate for participation.”).
77. See id. (including permission to “join the network . . . , permission to initiate transactions, or permission to mine”).
78. Cf. Swanson, supra note 73, at 26 (discussing permissioned blockchains and accountability for reversals).
79. See, e.g., id. at 21 (noting reversal possibility in a permissionless blockchain such as Bitcoin).
80. See Vitalik Buterin,* Bitcoin Network Shaken by Blockchain Fork,* BITCOIN MAG. (Mar. 12, 2013, 11:14 PM), https://bitcoinmagazine.com/articles/bitcoin-network-shaken-by-blockchain-fork-1363144448/ (“Starting from block 225430, the blockchain literally split into two . . . . For the next six hours, there were effectively two Bitcoin networks . . . .”).
81. See Eduard Gómez, The Ethereum Hard Fork & Ethereum Classic, MERKLE (July 21, 2016), https://themerkle.com/the-ethereum-hard-forkethereum-classic/ [https://perma.cc/4PRJ-X59G].
82. See Low & Teo, supra note 37, at 19.
by the parallel existence of two versions of the same ledger.83 Both effects undermine trust in the cryptocurrency. It is hard to overestimate the negative repercussions since the value of the cryptocurrency depends first and foremost on trust.84 Therefore, a hard fork is not a viable option except for the most extreme and rare cases, such as the discovery of a major hack that corrupts a very large number of transfers. For all other purposes, undoing a DLT transfer is impracticable.
3. THE A-NATIONAL CHARACTER OF THE BLOCKCHAIN
Another problem that stands in the way of applying law to the blockchain is that before one could do so, it would first be necessary to determine which national law applies. The rules of private law are mainly made at the level of the state. Since the world is split into states with differing rules of private law, there is no such thing as a global law for private transactions. In order to assess any blockchain transfer in legal terms, one must, therefore, first determine the applicable national law. This is the task of conflict of laws, or “private international law” as it is called in many parts of the world.85 Conflict of laws works by attributing sets of facts or “relations” to the law of the state with which it has the closest connection.86 DLT presents a formidable challenge for this methodology.
The blockchain is a global or “transnational” transfer mechanism that has little to no connections with any particular state. Transfers are executed on the basis of private and public keys without determining the location of the parties.87 The
83. Id.
84. See supra note 4 and the accompanying text.
85. See, e.g., HAY ET. AL., supra note 14, at 1 (defining conflict of laws as “the body of law that aspires to provide solutions to international or interstate legal disputes between persons or entities other than countries or states as such”) (emphasis in original); See also JAMES FAWCETT & JANEEN CARRUTHERS, CHESHIRE, NORTH & FAWCETT: PRIVATE INTERNATIONAL LAW 3 (Peter North ed., 14th ed. 2008) (explaining that private international law “comes into operation whenever the court is faced with a claim that contains a foreign element”).
86. See FAWCETT & CARRUTHERS, supra note 85, at 682 (explaining the “most closely connected” test for determining which law governs in international contract law); HAY ET. AL., supra note 14, at 16–18 (providing a background of Savigny’s theory of the seat); See, e.g., RESTATEMENT (SECOND) OF CONFLICT OF LAWS § 145 (1971) (regarding the applicable law for torts).
87. See Nakamoto, supra note 16, at 2 (illustrating the transaction process with respect to public and private keys).
protocols are stored on computers worldwide. Anybody can participate in permissionless systems like Bitcoin for there is no authority or server that controls access.88 Confirmations take place through distributed consent from nodes all over the world.89 It is thus not exaggerated to say that permissionless systems are completely de-nationalized and not connected to any particular country, which makes it impossible to determine the state with the closest connection.
A further problem is that most conflict-of-laws systems provide different rules for different types of relations. They distinguish between contracts, torts, property, and succession, to name but a few.90 To fit the blockchain technology into of one of these categories is challenging, to say the least. On the one hand, there is clearly a transactional aspect to blockchain in the cases where the transfer is accompanied by an agreement between the transferor and the transferee.91 On the other hand, a property law analysis may also seem apposite because the coins or other assets encrypted on the blockchain often have market value and can be assimilated to goods which are the object of property law.92
Let us consider for a moment the implications of one or the other qualification. A contractual qualification would lead to the principle of party autonomy, according to which the parties to a contract can freely select the law applying to their agreement.93
88. See Xu et. al., supra note 73, at 245 (explaining that permissionless systems are completely open to new users).
89. *See id. *at 244 (explaining that nodes in a network validate transactions and propagate them to their peers, potentially around the globe).
90. See, e.g., HAY ET. AL., supra note 14, at 147–49 (explaining that subject matter characterization of the legal dispute at issue is “the natural and necessary starting point for the analysis of any conflicts case.”).
91. Some authors therefore speak of the “transactions on a blockchain.” See DE FILIPPI & WRIGHT, supra note 2, at 6 (describing the function of blockchain protocols in regard to transactions on a blockchain).
92. See Fairfield, supra note 3, at 843 (describing goods as property).
93. See Russell J. Weintraub, Functional Developments in Choice of Law for Contracts, 187 HAGUE ACAD. COLLECTED COURSES ONLINE 239, 271 (1984) (describing party autonomy as “perhaps the most widely accepted private international law rule of our time”). The principle has, for instance, been recognized in Commission Regulation 593/2008 of 17 June 2008, On the Law Applicable to Contractual Obligations, 2008 O.J. (L 177) 10, art. 3(1) [hereinafter Rome I]. See also Hō no Tekiyō ni Kansuru Tsūsokuhō [Act on the General Rules of Application of Laws], Law No. 78 of 2006, art. 7 (Japan), translated in (Japanese Law Translation [JLT DS]), http://www.japaneselawtranslation.go.jp/law/detail/?id=1970 (providing that “[t]he formation and effect of a judicial act shall be governed by the law of the place chosen by the parties at the time of the act”); Bundesgesetz über das Internationale Privatrecht [IPRG] [Federal Act on Private International Law] Dec. 18, 1987, SR 291, art. 116 (Switz.) [hereinafter Swiss PILA] (stating that “[i]n matters involving an economic interest, the task of establishing foreign law may be assigned to the parties”); GRAZHDANSKII KODESK ROSSIISKOI FEDERASTII [GK RF] [Civil Code] art. 1210 (Russ) (providing that parties who enter into a contract “may select by agreement between them select [sic] the law that will govern their rights and duties under the contract”) (http://en.smb.gov.ru/support/regulation/ccpart3/); Zhonghua Renmin Gongheheguo Shewai Minshi Falvguanxi Shiyongfa (中华人民共和国涉 外民事关系法律适用法) [Law of the People’s Republic of China on Application of Law in Foreign-related Civil Relations] (promulgated by the Standing Comm. Nat’l People’s Cong., Oct. 28, 2010, effective April 1, 2001), Chap. 6, art. 41 (China), translated in 2010 CHINA LAW LEXIS 3009 (stating that “[t]he parties may select by agreement the law applicable to a contract”); Inter-American Convention on the Law Applicable to International Contracts, Org. Am. St., art. 7, Mar. 17, 1994, 33 I.L.M. 732 (stating that “[t]he contract shall be governed by the law chosen by the parties”); Hague Conf. on Priv. Int’l L. [HCPIL], Principles on Choice of Law in International Commercial Contracts, art. 2 § 1, (Mar. 19, 2015) (stating that “[a] contract is governed by the law chosen by the parties.”).
If followed strictly, this principle would allow the parties to choose the law applying to the transfer. As a result, a great variety of different laws would govern DLT. A different law could apply to each transfer recorded on the chain, depending on the choice made by the individual parties. This would be incompatible with the coherence of the chain. Also, the law that the transferor and the transferee have chosen would be unknown from the perspective of other participants, except where this choice had been coded into the blockchain, which is highly unusual and not easy from a technical point of view.
One could instead embed a central choice of law in the protocol of the cryptocurrency. The chosen law would then govern all transactions with the digital asset.94 Yet it is very unlikely that such a choice of a national law would be made because it is contradictory to the explicit anti-legal philosophy underlying Bitcoin.95 Such a choice is incompatible with the ideals of crypto aficionados,96 and is therefore unlikely to be
94. This option has been envisaged by the Financial Markets Law Committee (FMLC). See Distributed Ledger Technology and Governing Law: Issues of Legal Uncertainty, FIN. MKTS. L. COMITY Mar. 2018, at 15 [hereinafter FMLC], http://www.fmlc.org/dlt-and-governing-law.html (last visited Mar. 27, 2018) (considering the law chosen by the network participants for the DLT system as “elective situs”).
95. See May, supra note 19 and accompanying text.
96. See supra Section A.1. ***
made. Moreover, it would give a single state plenary power over the blockchain, which lends itself to abuse. Applying one national law exclusively may be appropriate for some permissioned systems that are backed up by one or several authorities sitting in a certain country, yet it seems inappropriate for permissionless systems that are open to the whole world and not connected to any particular state.
In case no law has been chosen, a contractual qualification would lead to the applicability of default conflicts rules. Many legal systems point to the law at the habitual residence of the party that is to perform the characteristic obligation as the law governing contracts in the absence of a choice.97 But such a default rule would not work for the anonymous transfers on the blockchain, in which neither the identity nor the address of the transferor is known.
These difficulties in applying classic conflict rules for contracts point to a larger problem: These rules are designed for the exchange of goods or services between parties that know each other, not for pseudonymous transfers of crypto assets in a computer system. It is not even justified to assume that a DLT transfer is supported by an agreement, since it can also be the result of a mistake or coercion.98 In this sense, a contract conflicts-of-laws analysis creates many issues that are insurmountable.
If one instead characterizes crypto transfers as property, the law that would normally apply is the lex rei sitae, which is the law of the state where the object of the property right—“the thing”—is located.99 Such a locational exercise would be all but impossible for a virtual object stored in the blockchain. These objects “exist” only in the ledger that is distributed among numerous computers around the world. The simple truth is that a bitcoin has no geographical home and is impossible to locate.
There are, however, variations and adaptations of the lex rei sitae rule that one could attempt to follow. For instance, many states apply the so-called PRIMA rule for incorporeal securities, which refers to the law in force at the place of the relevant
97. See Rome I, supra note 93, at art. 4(1), (2); Swiss PILA, supra note 93, at art. 117.
98. See supra Section A.2.b.
99. See, e.g., HAY ET. AL., supra note 14, at 1253–54 (applying the law of the situs to tangible moveable property).
intermediary.100 This approach could be used, e.g., for permissioned systems without an explicit choice of law. One could submit them, e.g., to the law of the relevant operator, even though its role is not precisely the same as that of an intermediary administering “accounts” of securities.101 But while such an approach may perhaps work for permissioned systems, it is not feasible in a permissionless environment, which gives no special status to any of the participants spread around the world. The PRIMA rule therefore does not fit blockchains such as those for Bitcoin.102
A third route between contract and property could be to use the conflict-of-laws rules for assignment. Assignment is a special technique whereby the assignor transfers a nonphysical claim to the transferee.103 It is usually effectuated by a simple agreement between both parties. Once perfected, the transfer of the claim is effective against third parties, such as creditors of the transferor or competing transferors.104Hence, assignment can, to a certain extent, be assimilated to the transfer of property in intangible objects. The conflict-of-laws rules that apply to assignment are, however, notoriously uncertain and oscillate between different solutions, such as applying the law in force at the domicile of the transferor, the law governing the assignment, or the law underlying the claim.105 Moreover, any analogy
100. Hague Convention on the Law Applicable to Certain Rights in Respect of Securities Held with an Intermediary art. 4, adopted July 5, 2006, 17 T.I.A.S. 401. The Convention has been signed by the United States and Switzerland.
101. FMLC, supra note 94, at 18–19 (suggesting two approaches: the Place of the Relevant Operating Authority/Administrator (PROPA) approach or the Primary Residence of the Encryption Private Master Key Holder (PREMA) approach).
102. See id. at 11 (noting that the lex situs does not translate well when applied to a DLT ledger).
103. See, e.g., HAY ET. AL., supra note 14, at 1279–81 (discussing the assignment of intangibles).
104. See id. at 1280–81 (discussing assignment for the benefit of creditors).
105. See, e.g., Harry C. Sigman & Eva-Maria Kieninger, The Law of Assignment of Receivables: in Flux, Still Uncertain, Still Non-Uniform, in CROSS-BORDER SECURITY OVER RECEIVABLES 1, 43–74 (Harry C. Sigman & Eva-Maria Kieninger eds., 2009) (discussing various solutions to determine the law applicable to assignment); AXEL FLESSNER & HENDRIK VERHAGEN, ASSIGNMENT IN EUROPEAN PRIVATE INTERNATIONAL LAW: CLAIMS AS PROPERTY AND THE EUROPEAN COMMISSION’S “ROME I PROPOSAL” 77–78 (2006) (defending the application of the law chosen by the parties to the assignment ); Francisco Garcimartín Alférez, Assignment of Claims in the Rome I Regulation: Article 14, in ROME I REGULATION: THE LAW APPLICABLE TO CONTRACTUAL
between blockchain and assignment is bound to fail because the scope of application of the blockchain is much wider than that of assignment. Besides incorporeal claims, it can be used to transfer virtual assets, like cryptocurrencies, or intellectual property rights, e.g. copyrights in pictures. One can even employ DLT to transfer physical assets, whether movables or immovables, through tokenization.106 These assets are very different from claims and call for different conflict rules.
In sum, none of the received conflict-of-laws solutions lends itself to DLT. This problem is fundamental because it stands in the way of developing new substantive rules that are specific to the blockchain. Proposals such as those to reconceptualize property law107 or to recognize bitcoin as a new kind of property108 are built on the implicit assumption that a certain national law governs the blockchain (often the common law). Yet they fail to address the primary question of how this law is determined, or which version of the common law they mean, and why it is this and not another national law that applies. A set of substantive rules that could eliminate conflicts issues and govern the blockchain as a whole would have to be global in scope. We are, however, far away from having such a law. In fact, it is nowhere in sight.