Versatility is one of blockchain’s key advantages. The technology can be adapted to most sectors of activity, and to a large share of processes that do not involve sensitive information or require human oversight. Most industries have jumped on the blockchain development bandwagon, and according to independent sources banks are expected to quintuple their investment in the technology over the next two years. The technology is bringing together finance and insurance companies, while other sectors such as healthcare and agriculture are also investigating the technology’s capabilities.
At this time, interest in potential blockchain applications includes enabling payments and financial transactions, actioning “smart contracts”, and managing complex supply chains. While blockchain can support a decentralised and trusted open database with immutable transactions, there are several legal risk areas which private business should take into account:
At its core, blockchain is a distributed database that allows any participating node to retrieve and verify its content. All data in this database is accessible to any participating node. While data stored on the blockchain can be (and generally is) stored encrypted or in a de-identified way (for example, a BitCoin address consists of nothing more than a string of random-looking alphanumeric characters), the transactions on the blockchain are readable (so that participating nodes can process and verify the transactions). For example, a processing node will be able to determine that address A sent 5 BitCoins to address B at a particular time (but will not be able to tell the identity of the person in control of address A and address B). While de-identification is a useful means to protect privacy, the risk of re-identification through data-matching will need to be considered, especially over the long term. For example, if the owner of address A is identified (at any time), then all BitCoin transactions made by that address A will be associated with that person. In BitCoin, this privacy risk can be addressed by the user not reusing any BitCoin addresses. Another way to address the privacy risk is to operate a permissioned blockchain that only permits trusted entities to process (and therefore view) the blockchain.
In conventional transactions, trust between the parties is generally established through identity verification. Similarly, identity verification is a core aspect of the ‘know your client’ requirement that applies to many businesses and transactions. Blockchain implementations are naturally geared towards enabling automated processing where the identity of the underlying actors are not relevant or automatically masqueraded. While identity can be verified separately and linked to the on-chain data, this creates privacy risks as described above.
By its nature, a blockchain is an ever growing sequential chain of chronological transactions that is linked by the rules implemented in that blockchain. For example, reversing an incorrect transaction on a blockchain requires a new transaction (which must generally be initiated by the relevant user, given the de-centralised nature of blockchain) to reverse the economic effect of the old transaction, rather than deleting the old transaction. While this permanency is beneficial in many use cases, it may not be appropriate for certain use cases. For example, in the case of a fraudulent transaction involving a blockchain-based asset registry or BitCoin, the court may order the reversal of the transaction, but the lack of central control means that the enforcement of that order is difficult if the fraudulent actor cannot be found or compelled to initiate the reverse transaction. At present, such issue can be addressed by creating a ‘fork’ of the blockchain, but that requires consensus of the community and may result in a fractured community. Developments are also being made to develop blockchains that can be edited in certain circumstances, but such a model requires a central administrator, which removes the benefits of a fully decentralised model.
It is important to recognise that the perceived immutability and integrity of a blockchain is based entirely on its implementation, and the level of trust offered by the blockchain reflects the subjective views of its users. For example, BitCoin implements a ‘proof of work’ regime that effectively requires an attacker to control a majority of the network processing power in order to control and revise transaction history. Users of BitCoin place inherent trust that such an attack would be difficult to carry out in practice. Similarly, users of ‘smart contracts’ (which should be seen as computer code implemented to represent a particular transaction, such as an arbitrage or hedging transaction, or automatic payment upon occurrence of certain activities) place their trust on the accurate coding of the ‘smart contract’, and the proper execution of the code through the blockchain. The current laws relating to electronic transactions are silent on whether such trust is sufficient such that the blockchain is automatically enforceable, and it remains to be seen how a court would react if, say, a participant in a smart contract claims that the transaction should be reversed because it was implemented incorrectly and does not reflect the intent of the parties.
While cost-effective in the long-run, blockchain requires high capital investment in the early stages. Organisations engaging in platform design should protect resulting IP sooner rather than later in the process to avoid issues. However, protection of software IP in the context of blockchain has its own challenges, as participants of the blockchain will likely demand a full copy of the source code and its implementation to satisfy itself that the implementation is sound and reflects the intended operational rules. Many blockchain technologies are also either based on open source software, or released as open source software, which further limits the ability to claim exclusive IP protection.
While legislatures will unlikely regulate blockchain as a technology itself, the implementation of blockchain in particular use cases may be the subject of additional regulatory scrutiny (for example, within the financial or health sectors). At this time, we are not aware of any regulations that govern particular blockchain implementation (including BitCoin, which has received a fair degree of regulatory scrutiny in the context of how it sits within existing regulatory frameworks). However, we estimate that with rapid technological development there will come a regulatory change that companies should prepare for.