Blockchain: Need for a Relevant Legal Framework

Blockchain is now perceived, as a disruptive and utopian solution to a host of technology-related challenges. However, there is need for consensus on how different jurisdictions would create a legal and regulatory framework which addresses key legal concerns around blockchain solutions - including data privacy, intellectual property, enforceability of contracts and choice of jurisdiction.

Saurabh Awasthi Jan 11th 2018

Blockchain caught the attention of the world towards the end of the noughties, when a developer bearing the pseudonym Satoshi Nakamoshi, wrote what is now considered a seminal piece describing a peer-to-peer network which uses cryptography to create a consensus-based electronic transaction system. Thereafter, blockchain achieved recognition as the underlying technology for trading of bitcoin – the dominant cryptocurrency currently in circulation.

The US and Singapore emerged as first-movers in evaluating the use of blockchain technology, for use-cases relating to cryptocurrency, trade finance, securities or funds settlement, supply chain and monetization of intellectual property. In India, the Reserve Bank of India has run a pilot to assess the efficiency of blockchain’s financial use-cases and deepen its understanding of the range of applications supported by blockchain.

In simple terms, Blockchain refers to a digital ledger-based technology which uses cryptography to effect transactions between participants, each of whom retains a replicated node of the overall ledger. However, subsequent developments (a hack on bitcoin and its current speculative value) resulted in strong opposition to this technology which was perceived to encourage speculation and obviate know-your-customer norms, due to its anonymous and decentralized structure. Observers may have missed the point that blockchain technology would entail two kinds of solutions, with open/decentralized architecture or alternately, a permissioned framework with consenting participants who can agree on access control measures for a blockchain network.

It is likely that large enterprises will likely opt for a blockchain architecture that enables them to ‘permission’ membership, enable multi-party transactions efficiently and have built-in security /access-control mechanisms. In this context, as one parses through the legal facets of blockchain technology and use-cases in circulation, the foremost legal issues that emerge are:

How does a blockchain solution involving diverse data subjects and cross-border transfer, address data privacy requirements?

A key myth around blockchain is that it serves as a repository for data and documents and is essentially an important archival source. However, blockchain technology is not geared towards hosting large volumes of data, as it would severely impact the underlying technology platform’s capability to process transactions, require participants to arrange inordinate data storage capacity, thus negating two critical benefits of blockchain technology – a shared single source of information; and efficient transactions between consenting participants.

One way to approach this issue, is to build an on-chain and off-chain model. The information ‘on-chain’ is masked by using cryptography and thus obviates data privacy concerns.. The corresponding data and documents for these transactions would be stored in an off-chain and data controllers would procure, store and process data, in compliance with data privacy laws applicable to the jurisdiction where the data is hosted off-chain.

For financial/banking-related solutions, how does a public blockchain framework reconcile Anti-Money Laundering/Know-Your-Customer disclosure norms with anonymous and permissioned access?

Even at this nascent stage, blockchain applications’ highest focus is on the financial sector with use-cases built around banking, securities and funds settlement, trade finance and cryptocurrency. The slant towards financial sector solutions is due to the fact that financial transactions require maintenance of secrecy (secure and permissioned), integrity of data (immutability) and reconcilable transactions (provenance). However, the paradox is that regulators across jurisdictions have set up robust KYC declarations and maintenance of absolute transparency, to combat money-laundering and siphoning activity relating to funds.

Hence, blockchain solutions in the financial sector will eventually need to strike a balance in offering participants continued secrecy and immutability for their financial transactions, but build-in the ability for banking/financial regulators to receive access to transaction data and sensitive personal information relating to participants.

How do contemporary blockchain solutions deal with the operation and enforceability of smart contracts?

Smart contracts are computer protocols which operate irrespective of fairness or subjectivity and whose enforcement conditions are supreme. These contracts are in essence, the rules based on which the participants to a blockchain framework will carry out transactions with one another. For instance, a smart contract may include description of participants to a transaction, the assets owned by them, description of events/actions which constitute the initiation and completion of a transaction and the rules for re-allocating assets between blockchain participants in accordance with the transaction. The rule-based protocol for smart contracts ensures that a blockchain network will auto-execute transactions and record its consequences on the network. However, this also poses a fundamental challenge, as smart contracts may not take into account factors which are outside the boundaries of the rules framed for their operation. For instance, whether one party’s default caused a consequent failure to perform obligations by the counter-party to a contract, or, where a smart contract was operated basis a fraudulent representation, or worse, induced by fraud or dishonest intentions. In these instances, there is no mechanism to unwind smart contracts and the possibility of offering recourse, by way of de-recognizing ‘tainted’ smart contracts.

Are there anti-trust law related concerns for blockchain solutions which involve aggregation of competitive data, cooperation between industry participants and common protocols?

As we review developments in blockchain technology, a key feature that is universal to diverse use-cases is that blockchain solutions involves aggregation of sensitive data (including sensitive personal data), storage and handling of deeds/documents and sharing of transaction information between network participants.  As blockchain-based use-cases address enterprise requirements, it should avoid raising adverse inferences around cartelization, sharing of price-sensitive information and/or abuse of dominance of non-participants or customers. One way to craft a regulatory defense around blockchain solutions would be to rely on the principle of Rule of Reason - an established doctrine by which enterprises will need to demonstrate that their blockchain use-case does not violate any the aforementioned three anti-trust themes. It would also be comforting to government agencies and regulators if it could be demonstrated that blockchain technology forms the bedrock for solutions which can enable elimination of fraud, corruption and falsification of records relating to commercial transactions.

Blockchain is now perceived, rightly or otherwise, as a fundamentally disruptive technology and a utopian solution to a host of technology-related challenges. However, the jury is still out on how different jurisdictions would create a legal and regulatory framework which addresses key legal concerns around blockchain solutions including, data privacy, intellectual property, enforceability of contracts and choice of jurisdiction.

The author is Counsel, Legal Department, IBM Global Markets

Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).