Blockchain & Law in 2017:

Finally friends or still foes?

Lawyers Greg McMullen and Florian Glatz discuss.

Intro: Blockchain in 2017

By Choo Yut Shing (CC BY-NC-SA 2.0)

It’s the Year of the Rooster and blockchain hype is still on the rise. Yet despite all the excitement, the law has not been able to keep up.

That’s nothing new. The law has never been able to keep pace with new technology, and blockchain has been no exception.

Regulators scrambled to crack down on Bitcoin and other cryptocurrencies when they feared drug dealers and terrorists could send secret internet moneys without restrictions. By 2016 basic legal principles were in place for cryptocurrencies, but the technology did not keep still so the law could catch up. Technologists have moved on to building a wide range of applications on blockchain. It is far more than a ledger for cryptocurrencies!

In 2017, laws and regulations will start to catch up with the advances in technology. Lawyers, lawmakers, regulators, and maybe even prosecutors will begin looking beyond cryptocurrency to understand the legal implications of other applications of blockchain technology. They may even see opportunities to use blockchain in regulatory work, rather than just seeing it as something to be regulated.

Here are our predictions for the best, worst, or just plain interesting of the intersection of blockchain and law in 2017.

1. Blockchain tokens, crypto equity, and ICOs.

Expect a helping hand from regulators, and a heavy hand from prosecutors.

One of the hot terms of the second half of 2016 was “ICO”, or an “initial coin offering” — the sale of equity represented by crypto-tokens to establish “virtual companies”. ICOs raised staggering amounts of capital from a mass of pseudonymous individuals that jointly provision an unstoppable peer-to-peer public currency network.

If this sounds a bit sketchy, that’s because it often was. Many ICO offerings so far have been legally dubious, at best created by anarchists willing to play fast and loose with regulatory requirements, and at worst by scammers eager to take the money and run.

It doesn’t have to be this way. An increasing number of early-stage startups are looking for new business models and sources of funding, ownership, and organisation. They want clarity and certainty. They want to raise crypto capital in a way that is legally compliant. Some of them are even doing the heavy legal work required to make that a reality (see Joel Monegro of USV).

Bankers and anarcho-capitalists alike must consider the challenging legal questions raised by these new forms of organization. What is the legal nature of a blockchain-based token? How can the creation and trade of such tokens be structured so as to comply with laws and regulations around financial services?

Regulators are not oblivious to the ICO situation. We hope they will bring some clarity, but it is unlikely that complete regulatory frameworks and laws will emerge in 2017. Instead, we expect to see some statements, guidance, or interpretation bulletins from securities regulators. In addition, we would not be surprised to see regulatory or prosecutorial action against some of the more controversial schemes, especially given the SEC’s stated concern over investor protection in ICO schemes.

More generally, the European regulator has been working on harmonizing regulation on crowdfunding for a while now, with the goal of creating a single set of applicable rules in all of Europe. It’s unclear at this point how blockchain-based crowdfunding will be affected by the upcoming regulation on the European level. Some overlap can certainly be expected.

2. Digital signatures and blockchain evidence.

Expect streamlined rules of evidence and blockchain-friendly rules for binding e-signatures.

For blockchain applications to have bearing in the real world, two things need to happen: digital signatures need to be as binding as pen-and-paper, and evidence recorded on blockchains needs to be admissible in court.

Not all digital signatures are born equal. Sometimes there is a good reason to choose one system over another, like avoiding a system that has been poorly designed or secretly sabotaged by spies (we’re looking at you, Five Eyes). But other times it’s completely arbitrary. Governments have set complicated standards for digital signatures to give them the same weight as pen-and-paper (see the US and EU requirements). The process of signing electronic documents is full of frustration and grief (or friction, as a ux designer call it). We hope this friction will be reduced in 2017 by a combination of government action and solutions designed to thread the needle of regulation.

Another issue is the use of electronic signatures and blockchain-based evidence in court. Courts have complex rules of evidence about what information can come in, and in what format. Right now in most legal systems, blockchain evidence can be considered, but only with the help of expensive expert witnesses to explain what it means. This process would eliminate the potential efficiencies gained through use of blockchain technology, and would instead increase court costs and decrease access to justice.

Governments are looking to streamline rules of evidence to allow blockchain evidence to be deemed admissible without an expert. U.S. states are leading the way. Vermont passed a bill that creates a presumption of admissibility of blockchain records that meet certain requirements. Admitted records can be used as evidence of contractual parties or terms, effective dates, ownership, money transfers, identity, authenticity of a document, or anything else (see PDF the bill). Delaware, the long-time favorite for incorporating, is moving to use blockchains for corporate recordkeeping (more below). We can expect to see much more of this in 2017.

3. Anti-Money Laundering (AML) requirements.

Expect tightened AML requirements across the EU, and startups shopping around for jurisdictions with lighter regulatory burdens.

Under the banner of counter-terrorism, the European Commission published a draft directive in July 2016 that would extend AML regulation to virtual currency exchanges. In 2017 we expect these efforts to progress and find their way into actual regulations or laws that will apply to all exchanges across Europe.

Regulation and compliance always comes at a cost. The level of regulatory overhead proposed by the European Commission may force startups to consider establishing themselves in friendlier regulatory environments. To take competitive advantage of Europe’s regulatory overreaction, more forward-thinking jurisdictions could consider establishing “regulatory sandboxes” to allow pilot projects and experimentation in an environment that is closely monitored but less restrictive.

4. “Govtech” proof of concepts.

Expect government agencies to explore the use of blockchain to deliver services.

The blockchain community is full of stories about governments exploring blockchain protocols as a foundational technology for e-government services. We call this govtech. The govtech trail is often led by Estonia, where the identit.ee e-residency project provides a strong framework for building applied blockchain services. Delaware is also getting on board, with it blockchain-based corporate services (see above). We expect the same trend to continue well into 2017, with more and more governments trying proof-of-concept projects in conjunction with the private sector.

In the developing world, the private sector is leading the way. Nairobi, Kenya played host to the latest COALA Blockchain Workshops in December 2016. Many in attendance saw govtech as an opportunity for underdeveloped countries to “leapfrog” past developed nations. The private sector is playing a key role in this leapfrogging. For example, African startups are providing private versions of basic services like street addresses (OkHi in Kenya) or land registries (BenBen and Bitland in Ghana) that governments have failed to deliver. In the developed world there is a sense that existing regimes for addressing and land registries are good enough as-is. This provides an opportunity for the developing world to skip the current model and go directly to blockchain-based registries.

5. Data protection and privacy law.

Expect regulators and blockchain companies to struggle over data storage, encryption standards, and the “right to erasure”.

Red Flags by Nahemoth (CC BY 2.0)

So far, data protection authorities have not had a lot of involvement in blockchain. That will change in 2017. Companies are going to start putting a wide range of personal information onto blockchains, and the authorities will have to address the reality.

Writing personal information to a public blockchain raises two bright red flags: i) public blockchains are public, and ii) the data written to blockchains is immutable. We’ll look at both of these issues below.

i. Public blockchains are public.

Unlike traditional databases, the information stored on public blockchains is visible to anyone who cares to look. This seems obvious, but it’s often overlooked.

The public nature of blockchains will be a nightmare for regulators, who are accustomed to groups collecting data and keeping it locked down internally. Incidents that allow access by outsiders are typically unauthorized, and are considered data breaches. Data breaches are being taken very seriously by regulators around the world, and can now result in mandatory notifications to customers, along with potential fines or damages.

Storing personal information on blockchains tips this model on its head. Information on a public blockchain can be assumed to be available to everyone.

These blockchain models assume that sensitive information will be protected by encryption before information is even written to the blockchain. The key will be held by the party writing the data or, even better, by the subject of the data.

This model should prove to be much more secure than monolithic databases held by a single company and locked under a single encryption key, but it will require regulators to see the world differently. Right now, regulators look at encryption as a way to mitigate harm if a database is breached. They will need to accept encryption as front line protection. And with the number of companies about to put loads of personal information on blockchains, they will need to accept it soon.

ii. Blockchains never forget.

Another privacy concern is the immutable nature of blockchains. Once data has been written, it can never be deleted. This will make compliance with European “right to erasure” under the new General Data Protection Regulation (GDPR) problematic, to say the least.

Assuming personal information is encrypted before it is written to a blockchain, destroying the key renders the data unreadable. But is this enough to comply with the right to be forgotten, if the data is technically still there? Regulators should accept the destruction of a key as an erasure for the purposes of the GDPR, so long as the destruction is done in accordance with best practices and in an auditable way.

6. Copyright law.

Expect blockchain proof-of-concept projects from copyright offices in the US and EU, and maybe more in the developing world.

In early 2014, ascribe — BigchainDB’s predecessor — started registering artwork to the Bitcoin blockchain. It was perhaps the only company doing IP-on-blockchain at the time. We did our best to come up with contracts to supplement existing copyright laws to serve our customers, but in the end, copyright is based on statute. Real reforms to copyright law have to come through government action, and in 2014 they were not moving to meet us.

Times have changed. Governments are now taking notice of the possibilities of intellectual property on a blockchain. In the closing months of 2016, both the European Union’s Intellectual Property Office Observatory and the United States’ Patent and Trademark Office held meetings on blockchain technology. The U.S. Copyright Office is also considering major reforms that sound a lot like the benefits of a blockchain without using the word explicitly.

Governments don’t change quickly, and we won’t see any developed nations switching to blockchain copyright registries in 2017. However, the wheels are starting to turn, and we may see real steps toward the development and implementation of government-sanctioned and legislatively-enabled copyright on blockchain.

More rapid change may occur in the developing world. In places where the intellectual property regime is not as entrenched, blockchain technology can make more rapid inroads. In Senegal, Allmedia is working to help copyright collection societies pay creators. They plan to monitor the music played in clubs, music venues, and on radio using small internet-enabled devices, identify the music played, and use blockchain technology to securely send information to the collecting society and payment to creators. This kind of transparency and accountability has been absent in Senegal’s copyright regime, and blockchain technology can help make it happen.

7. “Going dark” and the new crypto wars

Expect law enforcement demands for back doors, front doors, and golden keys… which may or may not impact blockchain.

By Mike Mozart. (CC BY 2.0)

The term “going dark” is used by law enforcement agencies to complain that end-to-end encryption in chat apps has made criminals’ communications impossible to read — the trail has gone dark.

Through 2016, there were intense battles over encryption framed in the language of “going dark”, including Apple’s fight with the FBI over iPhone backdoors, the U.K.’s Investigatory Powers Act, and the ongoing saga of the Brazilian judiciary battling over WhatsApp encryption. Governments around the world are applying heavy pressure on technology companies to create backdoor access into encrypted communications.

These debates are about access to the content of communication, not an all-out war on cryptography. However, the underpinning technology is the same. Imprecise or overbroad legislation intending to give access to the contents of communications could weaken the technology that underpins blockchain, or even force its development to take place outside countries that restrict cryptography.

The biggest question for 2017 is what position the incoming Trump administration will take on encryption. He took the side of the FBI during its dispute with Apple, threatening a boycott against the company until it provided backdoor access to the phone.

Trump has named Rudy Giuliani his cybersecurity advisor, and General John Kelly to head the Department of Homeland Security. Giuliani is blustery and aggressive, but Gen. Kelly seems reasonably level-headed. It remains to be seen what their policy positions will be or what influence they will have in the Trump administration.

8. Something else?

Expect the unexpected.

Think we missed something or got something entirely wrong? We’d be happy to hear from you. Let us know in the comments or on Twitter!

About the authors

Florian Glatz (@heckerhut) is a blockchain lawyer, developer and researcher.

Greg McMullen (@gmcmullen) is a lawyer and the Founder & Executive Director of the Interplanetary Database Foundation.