D. COUNTER-ARGUMENTS AND COMPLICATIONS
Every solution to a problem creates a heap of new issues. The proposal made here is no exception. The relinquishment of the traditional property analysis presents a challenge for classic legal thinking and will raise many eyebrows. These concerns deserve to be seriously addressed.
1. THEFT WITHOUT OWNERSHIP?
The first concern is whether abandoning a property law analysis foregoes the legal protections of crypto asset holders. Many authors see the need for submitting virtual currencies to property law to obtain such protection. For instance, Joshua Fairfield has called for a reconceptualization of property law as the “law of information” so as to allow it to cover intangible objects.134 Others have qualified Bitcoin as a “new class of private property”.135 An expert in criminal law has stressed the societal expectation that “cryptotheft” must not go unpunished.136 Uniting all of these statements is the conviction that the law must protect the holders of bitcoin and other crypto assets like traditional property owners.
The demands for property or property-like protection are not at variance with the proposals made here. The above statement that one should replace the property analysis with a return obligation merely concerns the transfer of crypto assets. It does not preclude the holder of such assets being protected by the law. Indeed, such protection is indispensable if one seriously strives for a symbiosis between the legal and the technological perspective. If the blockchain is to be endowed with legal effects, the holder of bitcoin and other assets recorded must be shielded against hacking, fraud, extortion, and similar torts. This can
134. Fairfield, supra note 3, at 849–54.
135. Bayern, supra note 36, at 29.
136. Henry S. Zaytoun, Cyber Pickpockets: Blockchain, Cryptocurrency, and the Law of Theft, 97 N.C. L. REV. 395, 401 (2019).
necessarily be done only by recognizing her position with some form of legal status. Such status is also necessary for the creation of a security right over the crypto asset, e.g., a lien or a pledge, which necessarily requires some type of legal right to the asset. We can leave it to the applicable tort, contract, or security law whether to call this status “property,” “possession,” or by another term. What matters is that the factual position of the holder of the private key receives protection by the law.
On a theoretical level, it may seem unsatisfying to grant protection to someone who cannot prove that he has acquired ownership under an applicable national law. What the “holder” of the bitcoin has is merely the private key, i.e., a string of numbers produced by an algorithm. Yet to protect such information is not without parallels. For instance, personal data and business secrets are protected as well,137 despite the fact that they do not relate to physical objects and that they can be infinitely multiplied. There is consensus that they merit protection independently of their precise legal categorization and their invisibility in the real world.138 These examples forcefully demonstrate that the protection by private law can go beyond traditional conceptions of property in physical objects. One should accept the private key as being reserved or “private” only to the holder. This protection must be independent of any showing of legal title. The mere factual situation that the private key was created for some person should suffice as a basis for a claim of return.
2. THE CASE OF HACKED OR ILLEGALLY OBTAINED CRYPTO ASSETS
This article argues that the results obtained by the operation of DLT merit legal protection independently of how they are qualified under national law. It is, however, necessary to make an exception: The holder of the cryptocurrency or other virtual asset should not be able to rely on his position recorded on the blockchain where it can be proven in a court of law that
137. See, e.g., California Consumer Privacy Act 2018, CAL. CIV. CODE §§1798.100–.199 (Deering 2019) (requiring protection of personal data); See also Rivendell Forest Prods. v. Georgia-Pacific Corp., 28 F.3d 1042 (10th Cir. 1994) (discussing trade secrets and the Uniform Trade Secrets Act, a widely adopted uniform law which protects business secrets).
138. See, e.g., Fairfield, supra note 3, at 849–54; Bayern, supra note 36, at 29; Zaytoun, supra note 136, at 401.
he has obtained the private key without the will of the former holder. This exception applies to cases in which the holder of the private key has hacked or copied the private key of another person and carried out a transfer to himself.139
In this case, a mere obligation to retransfer would be insufficient. This can be illustrated by the case of bankruptcy: If the “stolen” crypto assets—i.e. the new private keys—were deemed to belong to the hacker, they would fall into the hacker’s bankruptcy estate.140 The former holder would merely have a claim against the bankruptcy administrator, which he would have to pursue as a creditor in the ordinary bankruptcy proceedings. This means that he would have no guarantee of getting his assets back even if he could prove the wrongdoing. The other creditors in the insolvency proceedings should not, however, benefit from the illegal maneuvers of the insolvent debtor. The only way to avoid this result is to consider the holder as lacking legal title to the assets.
What if the hacker or fraudster has transferred the crypto assets to a recipient who knows about the hack? In this case, the result must be the same. The bad faith recipient should not be able to rely on his recording on the blockchain. Those who share the knowledge of his illegal undertaking deserve no protection. The situation is similar to that of the stolen banknote, which has been discussed before.141 The thief can only transfer property to good faith recipients.
The same treatment should be applied in case of fraud or blackmail. A fraudster does not deserve the protection of the law, in line with the old Latin adage “fraus omnia corrumpit” (fraud negates everything); nor do the creditors of his bankruptcy estate or those who know about the fraudulent obtainment of the private key. There is no reason to treat blackmailers and their creditors differently.
It is important not to weaken the blockchain record beyond these exceptional situations. Otherwise, one would run the risk of paralleling the DLT with a largely futile and inefficient legal
139. In case the hacker has merely obtained the private key of the victim and has not yet used it to do a transfer to himself, the situation is somewhat easier. There is no invalid position that the holder could rely on. Yet there may be a confusion as to who is the “true holder” of the crypto asset. This should obviously be the victim of the hack.
140. See discussion infra Section A.3.
141. See discussion supra Section A.3.
analysis. Beyond a case in which the private key was hacked, obtained by fraud, or obtained by blackmail from the defendant, there should not be any analysis of the property situation before the suit. Where a person has willfully typed the private key into a computer, she should not be able to attack the position of the recipient. In cases where a person made a mistake or has not received a counter performance, she must rely on the reverse transfer to vindicate her rights.142 The function of the DLT would be greatly compromised if the title of the recipient or third parties would depend on the validity of an underlying contract or the correct rendering of a counter-performance. Furthermore, the onus of proving that the crypto asset has been illegally obtained should be on the victim. The transfer should only be considered as not having occurred where she can prove that the holder of the private key has taken the information from her without her consent.
3. TRANSFERS OUTSIDE THE BLOCKCHAIN
Further issues raised by the proposal made here concern the possibility that crypto assets may be transferred outside the blockchain. These issues have been described above as “endogenous” problems.143 Consider the example of succession: Upon death, legal systems typically vest the ownership of the decedent in his representative or heir.144 This legal transfer comprises all of the decedent’s assets, thus it should also include her crypto assets.145 The transfer happens by mere operation of the law without regard to whether the representative or heir has knowledge of the private key or access to it.146 This means that, legally, a person who is not the holder of the private key must nevertheless have a legal right to the crypto assets recorded on the blockchain.
How can such a result be obtained without compromising the working of DLT? The easiest solution is to consider the crypto assets as the “property” of the holder; since in case of death, all property of the decedent vests in the trustee, heir, or devisees of testament, the characterization as property would
142. See discussion supra Section A.3.
143. See discussion supra Section A.2.a.
144. See supra note 56 and the accompanying text.
145. See supra note 57 and the accompanying text.
146. Id.
explain why the crypto assets now “belong” to the latter. This explanation is possible even though the transfer is not analyzed in terms of property law. A property qualification may not be necessary in those legal systems in which all rights of the decedent are transferred to the representative or heir, whether they are proprietary, contractual, or other.147 The legal construction is ultimately up to the national law governing the succession to decide. It suffices to say that the bitcoin were assets of the deceased to justify their automatic transfer to his representative or heirs.
Practical problems may occur where the key is not accessible to the heirs. If it is, for instance, stored on the office computer of the deceased, it may be difficult for the heir or representative to dispose of the crypto asset. However, the novelty of the problem should not be exaggerated. Similar difficulties arise where physical objects are in the possession of third parties, e.g. china in the care of the maid or an expensive watch in the hands of a nurse. Many legal systems give the successor a claim against the third party to turn over the possession to them.148 In the case of crypto assets, this entails the duty to provide the private key.
147. For French law, see CODE CIVIL [C. CIV.] art. 724(1) (Fr.) (“Heirs designated by legislation have seizin by operation of law of the assets, rights, and actions of the deceased.”), For German law, see Bürgerliches Gesetzbuch [BGB] [German Civil Code], Jan. 2, 2002, BGBL. I at 42. § 1922 (Ger.) (“Upon the death of a person, that person’s inheritance passes as a whole to one or more than one other person. . . .”). An exception applies only to highly personal rights such as personality rights, see FRANÇOIS TERRÉ, YVES LEQUETTE & SOPHIE GAUDEMET, DROIT CIVIL. LES SUCCESSIONS. LES LIBÉRALITÉS margin no. 50 [2013], but this exception is not applicable to crypto assets.
148. Some legal systems still allow the Roman hereditatis petitio, i.e. the claim of the heir against the possessor of any object belonging to the estate. See, e.g., Bürgerliches Gesetzbuch [BGB] [Civil Code], § 2018 (Ger.) (“The heir may request every person who, on the basis of a right of succession that he does not really have, has acquired something from the inheritance (possessor of the inheritance) to surrender the item or items acquired.”) Others follow the doctrine “le mort saisit le vif” developed by the ius commune, according to which the heirs are considered to be the owners and possessors of the estate at the moment of ownership. See, e.g., LA. CIV. CODE ANN. art. 936 (1997) (“The possession of the decedent is transferred to his successors, whether testate or intestate, and if testate, whether particular, general, or universal legatees. A universal successor continues the possession of the decedent with all its advantages and defects, and with no alteration in the nature of the possession. A particular successor may commence a new possession for purposes of acquisitive prescription.”); CODE CIVIL [C. CIV.] [CIVIL CODE] art. 724(1) (Fr.) In both cases, the heir has a cause of action against any person that possesses an object belonging to the estate.
However, a pure duty of information would not suffice. One must also fight the risk that the person in possession of the private key first uses it for a self-interested transfer before handing it over to the heir or representative. This can easily be achieved by supplementing the obligation to transfer the private key with the obligation to abstain from any use, disposition, or sharing of the information with third parties.
Similar obligations as those in succession cases also arise in other cases in which a party steps into the shoes of another. As illustrations, one may think about the new company in a merger transaction or the bankruptcy administrator after the opening of a bankruptcy proceeding. In both of these cases, it is necessary to provide the successor with a legal claim against the person that currently holds the private key and thus the information necessary to dispose of and otherwise administer the crypto asset.
4. APPLICABLE LAW
One may ask which legal system provides for all of these consequences. Is it necessary to create a proper blockchain regime for them?
The answer is no. One may derive the protection in cases of erroneous transfers by using the normal conflict rules for unjust enrichment, which refer, inter alia, to the place of the enrichment.149 Where problems under a contract occur, the obligation to perform a reverse transaction will result from the applicable contract law.150 In the case of hacking, blackmail, or
149. See, e.g., Council Regulation 593/2008, On the Law Applicable to Contractual Obligations, 2008 O.J. (L 177) 6, art. 10. (stating that the existence and validity of a contract are determined by the law which would govern it if the contract or term were valid); RESTATEMENT (SECOND) OF CONFLICT OF LAWS § 221(2)(b)(1971) (providing that, for restitution, the local law of the state with the most significant relationship to the particular issue is used to determine rights and liabilities of the parties for that issue and “the place where the benefit or enrichment was received” can be used to determine which state has the most significant relationship to the issue); HAY ET AL., supra note 14, at 1218–22 (discussing choice-of-law alternatives for preexisting contractual relationships).
150. See, e.g., RESTATEMENT (THIRD) OF RESTITUTION & UNJUST ENRICHMENT § 54(2)(a) (2008) (“Rescission requires a mutual restoration and accounting in which each party restores property received from the other, to the extent such restoration is feasible . . . .”).
fraud the transfer has no legal effect.151 Nevertheless, the victim may claim the restoration of the private key under tort law.152 The applicable national law can be determined according to the ordinary conflict-of-laws rules, which point to the place of the tort.153 National law is capable of protecting positions deriving from the blockchain, as is demonstrated by the fact that other incorporeal rights are also protected, such as personal data154 or business secrets.155 Where a national law does not currently afford similar protection to crypto assets, it needs to be developed further in this direction. Otherwise, the citizens of the country in question will be in danger of losing their crypto assets due to hacking, fraud, or coercion.156
The consequences of a succession, merger, or bankruptcy proceeding are determined by the applicable national law. This
151. See, e.g., RESTATEMENT (SECOND) OF CONTRACTS §§ 175–76 (1981) (stating that a “threat to make public embarrassing information concerning the recipient unless he makes a proposed contract” may result in a voidable contract, along with contracts induced by fraud or misrepresentation).
152. See, e.g., RESTATEMENT (SECOND) OF TORTS § 922 (1979) (discussing the return of converted chattel); RESTATEMENT (SECOND) OF TORTS § 222A (1965) (defining conversion).
153. See, e.g., RESTATEMENT (SECOND) OF CONFLICT OF LAWS § 145 (1971) (“The rights and liabilities of parties with respect to an issue in tort are based on the local law of the state which, with respect to that issue, has the most significant relationship to the occurrence and parties . . . .”).
154. See, e.g., Council Regulation 2016/679, On the Protection of Natural Persons with Regard to the Processing of Personal Data and On the Free Movement of Such Data, 2016 O.J. (L 119) 1 (instituting the General Data Protection Regulation (GDPR) with the purpose to “respect [the] fundamental rights and freedoms [of natural persons], in particular their right to the protection of personal data”).
155. See, e.g., 18 U.S.C. § 1836(b)(1) (2016) (“An owner of a trade secret that is misappropriated may bring a civil action under this subsection if the trade secret is related to a product or service used in, or intended for use in, interstate or foreign commerce.”).
156. See, e.g., Timothy G. Massad, It’s Time to Strengthen the Regulation of Crypto-Assets, ECON. STUD. AT BROOKINGS, Mar. 2019, at 2, available from https://www.brookings.edu/wp-content/uploads/2019/03/Timothy-Massad-Its -Time-to-Strengthen-the-Regulation-of-Crypto-Assets-2.pdf (“There is a gap in the regulation of crypto-assets that Congress needs to fix. The gap is contributing to fraud and weak investor protection in the distribution and trading of crypto-assets.”); cf. Ivan Novikov, The Three Layers of Crypto Security, FORBES (May 3, 2018, 7:15 AM), https://www.forbes.com/sites /forbestechcouncil/2018/05/03/the-three-layers-of-cryptocurrency -security/#2680bb6029aa (recommending methods of protecting cryptocurrency assets).
law can be determined using the normal conflict rules.157 For instance, the law applicable to succession is usually determined based on the nationality or habitual residence of the deceased,158 the law applicable to mergers by the law of the entities in question,159 and the law applicable to bankruptcies by the law of the country in which the bankruptcy proceedings are opened.160 Where this law contains a provision on universal transfers, it should also be applied to the private keys of blockchain assets. Where it does not contain such a provision, the legal issue does not arise.
Some confusion may still arise due to the fact that the conflict rules regarding all of these issues are not the same around the world. However, this is not unusual. The same issue arises all the time in other situations as well.161
More problematic is that national laws may take a view that is different from the one in this article. In particular, they may not accept DLT as a fact and try to double it with an analysis of the legal “validity” of blockchain transfers under their property law.162 A good way to provide more certainty would be an international text that endows a blockchain record with some legal protection.163 It could also provide for the exceptions in case
157. See, e.g., RESTATEMENT (SECOND) OF CONFLICT OF LAWS § 145 (1971) (discussing that the rights and liabilities of parties with respect to an issue of tort are based on the local law that has the most significant relationship to the occurrence and parties).
158. See, e.g., id. at § 260 (“The devolution of interests in movables upon intestacy is determined by the law that would be applied by the courts of the state where the decedent was domiciled at the time of his death.”).
159. See, e.g., id. at § 302 (discussing the applicable law with respect to powers and liabilities of corporations).
160. See, e.g., CLARK A. NICHOLS ET AL., CYCLOPEDIA OF FEDERAL PROCEDURE § 2:192 (3rd ed. 2019) (“American courts have consistently recognized the interest of foreign courts in liquidating or winding up the affairs of their own domestic business entities.”).
161. See, e.g., Donald Earl Childress III, International Conflict of Laws and the New Conflicts Restatement, 27 DUKE J. OF COMP. & INT’L L. 361, 374–76 (discussing application of foreign comity in a suit filed in California for a bombing that occurred in Santo Domingo, Dominican Republic).
162. Cf. Katie Szilagyi, A Bundle of Blockchains? Digitally Disrupting Property Law, 4 COLUM. L. REV. 9, 24–28 (arguing that blockchain should be treated as property under conventional property law and arguing that using a Hegelian property framework to validate a property owner’s status with respect to the property is incompatible with Bitcoin).
163. See Jonathan Cardenas, The Rise of the Crypto Asset Investment Fund: An Overview of the Crypto Fund Ecosystem, in 1 BLOCKCHAIN & CRYPTOCURRENCY 149, 150 (Josias Dewey ed. 2019) (stating that institutions around the world are attempting to develop international norms for blockchains and the “crypto ecosystem”).
of theft, blackmail, and fraud that have been advocated here. Such an international text could take the form of a convention, a legislative guide, or a model law. Possible fora could be the Hague Conference on Private International Law, UNIDROIT in Rome, or UNCITRAL in Vienna. The treatment of these issues by one of these international fora would be in line with the global nature of DLT. As long as they have not acted, one must hope for the reasonableness of national courts in applying their national law to blockchain transfers.