Heading into new legal territory with blockchain technology

26 September 2018


Heading into new legal territory with blockchain technology

Everybody’s talking about blockchain: A technology that could revolutionize entire industries and enable completely new business models to emerge. Company lawyers should be asking themselves how this could impact their work. And this requires an understanding of what blockchain technology can and cannot do.

Information in a blockchain is stored in a decentralized way and is unalterable, making it extremely secure. This creates great confidence in the correctness and consistency of the information stored. It also enables trust to be established between business partners who have never met personally. If blockchains weren’t being used, partners may have little reason to believe anything said by their business counterparts.

Information is stored in a way that is reflected in its very name: a block chain. Individual transactions are recorded one after the other in a block until this block is full. Another block is then added to the chain, which starts with encrypted information about the previous block. A chain of blocks emerges with an exactly defined sequence. If someone wanted to change information in this system at a later date, they would first have to crack the block containing the data to be manipulated and change it. The next step would be to create new encrypted information and enter it into the next block so that the chain continues. It would be necessary to manipulate the encrypted information in each subsequent block in the chain, so that data changes could not be detected. Another factor that makes this so difficult is that blockchains are usually distributed in a decentralized way using many computers. Anyone who wants to manipulate data would have to crack numerous encryptions, input new information and subsequently create new chains of many blocks.

Because the technical effort required to make changes in the blockchain is so great, it is currently considered unalterable and therefore very trustworthy. A public blockchain is also highly reliable. It runs on a decentralized network of many computers and information is stored in distributed form, which makes it possible to compensate for any errors on individual devices. Private or permission-based blockchains work slightly differently. They are operated by a company or consortium and often just serve as a new kind of database. Some security features of the blockchain – such as not being subject to manipulation – do come into play, but the advantages of decentralization are often lacking. And of course, the blockchain user must also protect their password used for verifying transactions. Most Bitcoin thefts to date have been possible because hackers were able to acquire a user’s private key, which is usually kept in a so-called digital wallet, and then gain access to their assets.

Blockchain is known as the technology underlying digital currencies like Bitcoin. But a blockchain can also store information on all types of transactions. For example, it can serve to record that person A has sold their house to person B – the blockchain is a digital land register in this case. The links in a supply chain could also be tracked. Corporations could create a blockchain-based authorization profile for employees, thereby permanently documenting approval processes. Pioneering providers are currently working on making it possible for citizens to manage personal data by storing important information in the blockchain and making it accessible to a third party, if necessary. This means that anyone wanting to open a bank account could grant the bank access to certain information required to verify their identity and contact details. The account could then be opened, and the information that the bank has fulfilled its legal obligation to identify the new customer would also be stored in the blockchain – all this information would be secure and unalterable.

Blockchains have long been utilized only to document simple transactions, such as A gave something to B. But for some time now, Ethereum has not only been providing users with the second largest digital currency after Bitcoin, but also a platform for using smart contracts. These are small, relatively simple programs, called distributed apps (DApps), used to document specific actions or automatically process transactions. Smart contracts could become the legal basis for business transactions between machines on the Internet of Things (IoT), as well as for those between people and machines. The sensor in the door handle of a hotel room, for example, could provide a DApp with information about how long the cleaning personnel were in the room. The smart contract would then charge the hotel for the service and inform the cleaning company about the fee due to them. This would be a fully automated, fast and verifiable transaction based on the unalterable data stored in the blockchain about the time and duration of the work assignment.

A blockchain is not a data storage medium in the traditional sense, where vast amounts of documents are stored, can be retrieved immediately at any time using the search function and are saved again after updates. Entries in the blockchain take a long time, require a lot of energy and incur high costs compared to conventional databases. A Bitcoin transaction currently consumes about as much electricity as one Dutch household per month. As a result, smart contracts have to be designed with economic efficiency in mind, without neglecting the security aspects during practical application that would result in a loss of trust in the system. Blockchain can be used to check the integrity of data, for example by uploading its hash value instead of the entire protocol. The originals stay in the database and only a short sequence of digits and letters, which is calculated by a special algorithm, would be entered into the blockchain. If a contractual partner later suspects that the log in the database has been manipulated, this can be checked easily: If the hash value is recalculated and only one character has been changed, this would result in a different digit/letter sequence to the one stored in the blockchain and prove that changes had been made. If recalculation produces the identical hash value, it is clear that the original in the database has not been altered and the facts recorded there are relevant for the assessment to be performed.

Blockchain is new legal territory, but its use could affect almost every area of law, depending on the business model. That is why company lawyers have to get involved in the discussion about rights and the use of this technology from the start. Take the EU’s General Data Protection Regulation (EU GDPR): If personal data is stored in the blockchain, this is in direct conflict with the GDPR’s right to be forgotten because it cannot be erased. Another example relates to withdrawal periods: If a transaction is entered in the blockchain, it cannot be revoked unilaterally, but only jointly in the form of a new transaction. Take general terms and conditions: Which law, which place of jurisdiction applies if machines on the Internet of Things do business with each other autonomously and one of the underlying operators is dissatisfied with the result in the real world? Or due diligence: In many industries, companies must identify their customers and comply with certain legal requirements, for example with regard to money laundering; this has to be taken into account when programming a DApp. And what about confidentiality: Transaction entries and hash values must be encrypted so that no one can read them, because the public blockchain is actually ‘public’. A final example, the privacy shield: Peer-to-peer networks include computers from all over the world. This means that personal data may be stored on computers outside the EU or in certain associated countries, which would be in violation of the law. The same applies to tax-related data.

Blockchain technology has the potential to permanently change the way contracts are concluded between partners and how the resulting use of rights or fulfilment of obligations is documented. However, the question arises as to how agreements or misconduct will ultimately be assessed in court in the event of disputes. This could increasingly involve technical aspects of programming, security issues and details about processing, which would be quite a challenge for lawyers when it comes to providing evidence. Wikipedia explains the benefits of smart contracts as follows: “Smart contracts try to achieve greater contractual security compared to traditional contract law while simultaneously reducing transaction costs.” The blockchain can provide more confidence in the information stored there. In view of how smart contracts handle increasingly complex, automated transactions in the digital world: Company lawyers must play a decisive role at an early stage in order to achieve the greatest possible legal security.

Comment or question? Don’t hesitate to contact:  feedback@inhouse-legal.eu

© istockphoto.com/NicoElNino

Leave A Reply

Social media & sharing icons powered by UltimatelySocial