When I buy Bitcoin, am I entering into a contract? I lose my money — who can I sue?

And other questions from the SEC Investor Advisory Committee Meeting on Blockchain

“When I buy Bitcoin, am I entering into a contract? … Assume I don’t get what I bought. I lose my money. Is there someone I can sue?”

This was one of the interesting questions asked by a member of the Investor Advisory Committee (IAC) at the 12 October 2017 SEC IAC meeting. The answer given at the meeting was that it depends on a number of factors including: the protocol’s rules, the laws of the jurisdictions involved and whether you can find the identity of the person who wrote the code.

If we look into this further, there seems to be two separate questions—

1. Is there a contract between the buyer and seller of Bitcoin?

• This would also depend on whether the transaction was conducted using a third party service provider (such as an exchange, ATM, wallet) or P2P. If you bought Bitcoin on an exchange, you would have a contract with the exchange and may have rights against it for breach of contract (depending on the T&Cs and laws of the jurisdictions involved).
• If you bought Bitcoin directly from another party, and they failed to send the Bitcoin for whatever reason (e.g. the seller sent the Bitcoin to the wrong address or there was a failed transaction due to insufficient gas), then you may have rights against that party for breach of contract (depending on whether a contract existed at the time and the laws of the jurisdictions involved).
• The other way for the sale to fail is if the wrong address was provided by the buyer (in this case the sale would have been executed as agreed and the buyer has probably lost his money.)

Whilst the first question focuses on relationships external to the Bitcoin protocol (e.g. exchange hacks, wallet failures, credit risk), this next question focuses on potential issues (if any) within the Bitcoin protocol (e.g. bugs, network issues).

2. Is there a contract between the writer(s) of the code/core developers and participants of the Bitcoin network?

As Adam Ludwin, Chain CEO said at the meeting, if you dig gold from the ground, do you have a contract with earth?

Here is another analogy. Let’s say a person known as “Satoshi” built an open garden on an unclaimed island (public ledger). It is open to anyone and maintained by volunteers (core developers). He puts up a sign (whitepaper) proposing a system for a community garden where gardeners (participant nodes) can ‘mine’ vegetables. Gardeners are not obliged to contribute, and could leave anytime for other more luscious islands. A decade later, one gardener claims that their lettuce were destroyed by bugs, who can they sue?

Some may say that it would seem illogical to blame the creator who made no guarantees on the fertility of the garden, and instead allowed anyone to enjoy the fruits of his work without binding them to the garden or forcing them to contribute.

This brings me to the topic of open source software (OSS). Open source software, like all software, is copyrighted, but its authors release the code under a permissive license that allows anyone to use and modify it without seeking specific permission or making any payment to the original creators.[1] If you go to Bitcoin’s Github page, you will notice that the code is released under the terms of the MIT license. In summary, the MIT License lets people do anything they want with your code as long as they provide attribution back to you and don’t hold you liable. Here is an excerpt from the license:

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

I’m not an expert on OSS licenses, but this disclaimer seems pretty broad, and could potentially exclude claims for damages arising from the use of the Bitcoin protocol, including the P2P transfer of Bitcoin. However as this paper states, disclaimers such as those used in MIT license are not foolproof — a contrary representation or agreement may end up nullifying the disclaimer. Unless the Bitcoin whitepaper, the Bitcoin protocol or the writer(s) made representations that there are no bugs, it seems unlikely that you would have rights to sue the writer for issues relating to the code.[2]

“You guys have described a network, all these people are committed to the algorithm. It has rules that we have all promised to obey … That sounds like a contract …

… you have this worldwide group of people who have engaged in this activity, one in which people contribute computing power to this cooperative or collective that is the Bitcoin world, and people are speculating on the value of all this activity — it sounds like an investment contract doesn’t it?”

What promises?

No one is promising to obey the Bitcoin protocol. Whilst it is possible for smart contracts to be legally binding (refer to ISDA-Linklaters Whitepaper below), and for smart contracts to give effect to legal contracts, that is not the case for Bitcoin. Here are some further comments in response to the point on investment contracts:

• Miners are not committed to the network— they are incentivised to participate in the network and follow the rules because it is in their economic self-interest to do so. It is not uncommon for miners to switch networks based on the profitability of mining on the network.
• The rewards are not promised or guaranteed by a person or entity— the network is programmed to ‘mint’ new Bitcoins which are allocated to the successful miner (plus transaction fees denominated in Bitcoin from the sender).
• Although miners may expect to receive rewards in the form of newly minted Bitcoin (and transaction fees), these expectations are primarily based on their own efforts — solving cryptographic problems. These rewards are not shared or correlated with those of other miners (unless it is part of a mining pool).
• Miners do not invest any money— they contribute computing power to the network. Although an ‘investment of money’ (first prong of the Howey test) may include the provision of capital, assets and cash, goods and services, the contribution of computing power may not necessarily satisfy this prong as the miner has not committed its assets to the enterprise in such a manner as to subject itself to financial loss[3].
• Hodlers of Bitcoin do not receive any dividends or returns. Although investors may purchase Bitcoin with the expectation that the price may go up, recent news articles[4] suggest that changes in Bitcoin prices are mostly the result of forces other than the managerial efforts of others (i.e. Bitcoin core developers and miners).
• It may be extremely difficult to prove there was offer and acceptance in the Bitcoin network where the only means of communication between miners and users is broadcasting and validating transactions on the ledger using non-natural/non-human language. The initialisation of the software agent does not represent offer and acceptance by itself.[5]
• Similarly, it may be extremely difficult to prove there was an intention to create legal relations with an unidentifiable person, let alone a worldwide group of pseudonymous people whom you only know by their public address that looks something like: 16wXBpb48yeUHZVtYvk2iXdXYvNsZNsKJR

Could the Bitcoin protocol itself be or contain a legal contract?

Depending on the contract laws of the jurisdictions involved, it would be extremely unlikely that a judge would conclude that there was certainty in the terms of the contract, if any, due to the non natural/non human language used (even when translated). A more detailed answer can be found in footnote 8 of one of my favourite reads: ISDA and Linklater’s Whitepaper Smart Contracts and Distributed Ledger — A Legal Perspective.

It refers to a situation when smart contract code could be legally binding — (1) there is an offer and acceptance in the form of clear messages between the parties; (2) the code is programmed to move consideration between parties when certain conditions are met (and the offer clearly states this); (3) intention to create legal relations; (4) the code gives certainty of terms.

Note: although the Bitcoin protocol is not itself a smart contract code, similar legal issues apply.

Regulatory remarks

Overall there was a very multi-dimensional overview of Blockchain with an introduction from Nancy Liao, regulatory challenges as experienced by former CFTC Fintech Advisor Jeff Bandman, operational obstacles faced by DTCC (Michael Bodson), current use cases from NASDAQ (Fredrik Voss) and a colorful explanation of cryptocurrencies from Adam Ludwin, Chain.

The meeting demonstrated the importance of having informed discussions with regulators and being able to flesh out the key concerns that could be preventing potential changes from progressing. One concern that was discussed briefly was the topic of censorship resistance. This problem could be, in my opinion, one of the biggest problems faced by regulators — a situation where a network can only be shut down or controlled by a majority consensus, resulting in the inability for regulators to identify or prosecute participants (due to anonymity and the sheer number of participants around the world).

This could be a potential roadblock to positive reform if regulators are unable to separate the use of decentralised, unpermissioned, public networks from permissioned and controlled use by financial institutions.

Concluding thoughts

‘Who do you sue’ is always an interesting question in crypto-land. Due to the open sourced, decentralised and global nature of these networks, it is not always clear whether an identifiable or responsible person/entity exists let alone contractual relations with that person/entity. As a result, buyers and sellers of Bitcoin or other cryptocurrencies may only have recourse against the third party service providers/counter-party they are dealing with. In this type of environment, (1) it is up to the investors to ensure that the parties they deal with are legitimate/licensed/regulated; (2) that the terms of any agreement are clear, binding and enforceable; or (3) be prepared to accept they may have little or no recourse in the event of non-performance.

A recent case is Tezos’ recent $232 million (now worth approximately $400 million) token sale. Under the terms of the Tezos coin offering, there’s no guarantee participants will ever receive a single Tez. Participants agreed to accept the risk that the project “may be abandoned.”[6] Following an internal dispute between the Tezos founders and Tezos Foundation President, there is uncertainty as to when or whether the tokens will be issued.[7]

It is clear that certain uses of Blockchain technology will not always fit neatly under existing regulations or concepts of contract law. These complicated legal and regulatory issues reinforce the importance for investors to do their own due diligence and to understand the terms proposed before investing significant sums of money in an ICO and/or dealing with cryptocurrencies.

About me: I am an Australian lawyer living in New York with experience at the Australian Securities and Investments Commission (ASIC). I am interested in the legal questions on whether emerging tech fits under existing laws, policy questions as to what should be regulated, and technical questions as to how uses of tech can be regulated (where necessary).

Note: I am not a US lawyer and none of this is legal advice.

[1] https://coincenter.org/entry/what-is-open-source-and-why-is-it-important-for-cryptocurrency-and-open-blockchain-projects

[2] I could be wrong, as there appears to be a lawsuit with the alleged writer, although the claims are unrelated to issues with the protocol: “International attorney Dr. Jonathan Levy announced in an email he sent to CoinReport a global class action lawsuit alleging unlicensed banking, unfair business competition and fraudulent practices by cryptocurrency operators. The lawsuit is Christopher Strunk vs. Satoshi Nakamoto et al.”

http://bitconnect.news/2017/10/02/coinreport-bitcoin-fraud-unfair-competition-class-action-lawsuit-filed/

[3] Hector v. Wiens, 533 F.2d 429, 432–33 (9th Cir. 1976)

One argument is that there is no direct financial loss as the miner still owns and possesses the computers at all times.

[4] https://cointelegraph.com/news/bitcoin-price-drops-to-4300-whats-next-factors-and-trends

Bitcoin price factors - What influences the Bitcoin price?

What the Fork? Why Bitcoin Tech Changes Impact Price - CoinDesk

https://www.forbes.com/sites/cbovaird/2017/09/01/why-bitcoin-prices-have-risen-more-than-400-this-year/

[5] https://www2.isda.org/attachment/OTU3MQ==/Smart%20Contracts%20and%20Distributed%20Ledger%20%20A%20Legal%20Perspective.pdf

[6] https://www.reuters.com%2Farticle%2Fus-bitcoin-funding-tezos-specialreport%2Fspecial-report-backroom-battle-imperils-230-million-cryptocurrency-venture-idUSKBN1CN35K

[7] Since then, at least three law firms have announced that they will be launching an investigation into Tezos on behalf of the investors (Block & Leviton, Restis Law Firm and Silver Miller). On the one hand, some say it is unlikely that a class action lawsuit will succeed since US investors were not allowed to invest in Tezos, and investments in Tezos was described as a donation. Others argue that Tezos may be unregistered securities and that one of the legal remedies is rescission of the transaction. See also this post from Stephen Palley that discusses some of the legal issues and lessons learnt from this example.