Commonly known as Bitcoin’s underlying technology, blockchain is widely discussed but poorly understood. According to an HSBC global survey, 80% of individuals who have heard of “blockchain” said they do not understand it. While the technology has the potential to transform the way in which information and money is transferred and stored, it also presents important legal challenges for businesses contemplating incorporating this new technology into their operations.
How does the technology work?
Blockchain is a decentralised database, maintained by a distributed network of computers that permanently record the history of all transactions on the network. The database is distributed in the sense that all network members, known as “nodes,” store an up-to-date copy of the database and ensure its accuracy by validating transactions. Validated transactions are then grouped in a block, the size of which averages one megabyte. Each completed block is time-stamped and linked to the previous block in the chain using a hashing function (i.e., a digital signature), thereby creating a sequentially organized chain of blocks.
The main advantages of blockchain’s decentralised nature are twofold: (1) members of the network have the ability to reach a consensus on the validity of a transaction without the intervention of a third party, and (2) unauthorized manipulation of the data is extremely difficult, in that it would require overwriting each of the thousands of hashes in previous blocks and then generating new hashes for subsequent blocks.
Types of blockchain
- Public Blockchain. On a public blockchain, such as Bitcoin, the records contained in the ledger are visible to everyone. This means that anyone can take part in the validation process.
- Private Blockchain. On a private blockchain, the network is controlled entirely by one group or organisation, and is only visible to those authorized. This type of blockchain closely resembles the centralised networks of our current financial system.
- Consortium Blockchain. This network is partially decentralised in that only a selected set of nodes have the ability to verify transactions taking place on it.
In terms of security, public blockchain networks are the most difficult to tamper with due to the fact that no single “miner” controls more than 50% of the network’s power in the consensus process. The less robust consensus protocol inherent in private and consortium blockchain networks results in reduced security but improved efficiency and latency.
Despite being one of the most significant technological innovations since the Internet, the adoption of blockchain faces significant challenges, one of the reasons being that the technology will disrupt current legal regimes.
(a) Liability and Jurisdictional Issues
While the decentralised nature of the blockchain is advantageous in many situations, it can be problematic, for example, in the event that liability for glitches, code errors and data breaches must be established. Further, even if liability could be established, it is difficult to know how the determination would be made as to which laws apply and which courts have jurisdiction. On the blockchain, many transfers would take place between and be validated by different nodes across countries, with copies of the transactions permanently stored on a blockchain that does not have a single physical location. In the absence of specific legislation to address this reality, the courts will have no choice but to solve blockchain related disputes with existing principles and laws.
(b) Illegal Activities
Cryptocurrency is a prominent example of blockchain technology. As of January 2018, the total market capitalisation of Bitcoin had reached $250 billion. While cryptocurrency allows for the quick, efficient and inexpensive movement of funds, it also facilitates illicit activities such as money laundering and drug transactions.
It is estimated that one-quarter of all users and close to one-half of bitcoin transactions (44%) are related to illicit activities. This is not surprising given that cryptocurrency, unlike cash, is made up of electronic addresses, each composed of a unique string of letters and numbers such as “1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55.” This exact string of letters could either represent a cryptocurrency value of a couple of hundred dollars or hundreds of millions of dollars, and it is nearly impossible to tell how the amounts were generated. Once a bitcoin file is stored in a “wallet,” which has no physical representation, it can be easily transferred to a USB key and used anywhere in the world.
(c) Data Privacy
The European Union’s General Data Privacy Regulation (the “GDPR”), which came into force on May 25, 2018, gave every individual located in the EU the right to digital privacy. Under the GDPR, individuals have the right to erasure and correction of their data. However, data stored on the blockchain cannot be erased. Clearly the “right to be forgotten” under the GDPR is at odds with the main features of blockchain—transparency and immutability, and it is difficult to predict how the GDPR will be enforced in the context of blockchain applications being rolled out in the coming years.
Another privacy consideration is that the blockchain may also reveal more data about user profiles than conventional centralised databases do, thereby facilitating unlawful activities such as insider trading or identity theft.
Currently, blockchain technologies are simply not aligned with the way in which many businesses and legal systems operate. A successful transition to blockchain technology on a large scale will require collaboration between private and public actors in developing a legislative framework that fosters economic activity while ensuring public security.
In the meantime, entities using blockchain-based applications will need to consult their legal advisors to adequately address all the legal obligations in order to avoid exposure to financial, organizational and reputational damages. Although there are numerous legal issues related to the use of blockchain technology in day-to-day operations, none of them are insurmountable. They do, however, require advance consideration and planning prior to the roll-out of these applications.