Blockchain – Can we trust you? What legal and cybersecurity risks lurk behind the hype?

null

Initial Coin Offerings (ICOs)

With over 1,000 ICOs to date and tales of fortunes won and lost, it is easy to think that if you don’t jump on that train before it leaves the station, you will have missed your crypto fortune, to add to your dot-com loss. However, in many cases it may be that your train hasn’t been purchased yet, nor the track laid. The crypto Pied Pipers want your money in order to build their promised train-set, with the added bonus of making some of them very rich. It is blockchain technology which gives the Pied Pipers the cover of respectability, creativity and wonder.

KODAKOne

A recent ICO example is the announcement of a proposal to develop KODAKOne (a blockchain technology platform to register photographers’ copyright and help monetise it) and an associated crypto-token, KODAKCoin. WENN Digital, a Delaware company formed in November 2017, is behind all this, not Eastman Kodak (Kodak). Kodak have licensed their brand. An interesting marketing ploy for both companies. They currently have no discernible product (no train nor track).

A minimum $25,000 subscription for KODAKCoins comes with the warning that the purchase has “a high degree of risk”, gives no ownership or voting rights in WENN or Kodak, may result in the loss of some or all of one’s investment and there may never be a market to sell them. If KODAKOne is developed investors should be able to spend their KODAKCoin on the platform, but that’s a lot of credit to spend on photography. The target raise is $83.5m (100m KODAKCoins). WENN has rights over a further 73m. Kodak’s rights are limited to just 3m KODAKCoins (less than 2 per cent). However much is raised, we are told that less than half will be spent building KODAKOne, the balance covering costs, marketing and working capital, significantly increasing WENN’S value.

Crypto-craze

One explanation for the crypto-craze is the offer of tokens, generally connected to a technology product such as KODAKOne, which often have to be paid for in another cryptocurrency. High valuations of the tokens create more demand for say bitcoin, inflating its value. The success drives another ICO and on it goes.

Crowdfunding on steroids

Some useful technology products have been developed around ICOs. However, some of the valuations have attracted press comment, such as for Ripple whose currency, XRP, at the start of May had a valuation of c.$32.5bn, exceeding that of Twitter. The FT reported that at one time the digital platform Tron had a market valuation of “$17bn without any discernible product”.

Collapse and litigation

In any suspected bubble where billions of dollars are being raised without having much to sell beyond vapourware, fraud, miss-selling, breach of securities regulations in numerous jurisdictions where the offeror’s website can be accessed, are likely just a few of the avenues speculators will turn to in order to try and recover their losses should the market collapse. One suspects that criminal charges would not be out of the question in some cases.

Blockchain hype

The blockchain hype is a core component of the crypto-craze. The technology behind bitcoin is ingenious, and real-world businesses have invested in it order not to be left behind what some fear may be a disruptive technology. Harvard Business School Professors Marco Iansiti and Karim R. Lakhani see blockchain as a ‘foundational technology’, more like TCP/IP or email, which, whilst it will eventually affect most everyone, due to “barriers to adoption” and “sheer complexity”, the question is when.

Daily increasing examples

Many are pushing hard and we have seen the use-case in scenarios ranging from recording art provenance, to tracking inventory in global supply chains, evidencing the source of diamonds, recording music copyright, and tokenised ownership of natural assets in Siberia. An interesting use-case may come should Amazon issue is own digital currency, enabling customers to buy direct from Amazon (no banks or credit card companies involved at all – rather like store card points but stored on a blockchain), adding a new layer to the internet: a value-transfer layer. Many examples remain small trials, with most of the complexity still to be ironed-out.

Blockchain, the computerised distributed ledger protected by verifiable, permanent, tamper-proof encryption techniques, is sufficiently new and complex technology which makes the speaker sound ‘clever’, that when coupled with an ICO and the promise of quick-wealth, a bubble is born.

But is the blockchain infallible; incorruptible; transparent; lawful; a record of truth; a solution for all sorts of problems we didn’t now we had? Is there more than one type of blockchain? Does it merit our unquestioning trust?

Garbage in, garbage out

At a recent hearing of the Treasury Select Committee, a witness stated: “It’s the same as any system – it’s garbage in, garbage out”. Having a tamper-proof ledger isn’t useful if the tampering has taken place in advance of the record being written to the blockchain. Whether its diamonds, music or photos (as with KODAKOne), there has to be some basic trust, verification or fool-proof system in place before the data is recorded.

Sheer Complexity

  • Blockchains themselves and any processing system around them, need to work as intended, and likely will require regular auditing.
  • Coding errors (and the sheer complexity of some of the mathematical models) will provide vulnerabilities to be exploited, and hacking has plagued bitcoin exchanges from early on. Open source will no doubt be a pre-requisite in certain scenarios where transparency is essential, being a key part in improving cyber-security.
  • Criminals will inevitably try and spoof blockchains as they do bank websites today.
  • The International Organization for Standardization (ISO) is trying to agree international standards for blockchains, which has seen various countries vying for their coding methods and encryption standards to be accepted as the standard, including the Russian and Chinese governments. State-level backdoors are thought to be a concern.
  • The designs for different blockchains in different scenarios will be important, with different voting methods to determine which are genuine or correct transactions, with some models being very computing-power heavy, slow and wasteful in terms of resources (perhaps unsustainably so) (e.g. bitcoin).
  • A full copy of the bitcoin ledger has historically been copied to every user (several million – highly distributed), greatly aiding the security of the whole. If only two or three copies exist however, the blockchain would be very much less tamper-proof or immutable and matters such as the insolvency of one party would be significant. Both models have their place but need to be correctly selected.
  • Quantum computing may demand the adoption of new encryption methods.
  • The amount of privacy different blockchain use-types and their users will need is a further complication, and new designs are needed today to supplement the use of ‘private side-chains’ connected to the central blockchain.
  • The smart contracts promoted as providing key extra functionality to enable automatic payment on completion of a contract, for example, will all require great care and sophisticated environments in which to run, as well as working with the banking and other systems which will need to interface with them. Errors here will cost businesses significantly, whether in insurance or breach of contract claims.

GDPR introduces a significant hurdle for blockchains which store personal data – how will they accommodate the individual’s right to rectification and erasure of their data? How will they meet the obligation to ensure data protection by design? Given the size of the potential fines, businesses who develop and deploy blockchain technology will need to be careful and invest time and money into finding solutions.

Right time, right place

It will likely take years and enormous investment for blockchain solutions to replace working systems today, and in many cases blockchain won’t provide a suitable or a better answer (transactions per minute are currently too low, for example). The “sheer complexity” of getting competing businesses to adopt common data structures in order to cooperate on a common blockchain, will be a challenge if it means a loss of differentiation and/or privacy. Developing smart contracts which have to talk to outside systems faultlessly day in, day out, will take time to refine, become systematised and regulated. However, despite the challenges, as Estonia has shown with their blockchain powered digital IDs for all citizens as a safeguard against an aggressor destroying their records, great progress can be made quickly where there is a will and some freedom to change, and certain applications suit blockchain down to the ground.

Adam Edwards, Partner and Head of IT Law at Wedlake Bell LLP
Image Credit: Zapp2Photo / Shutterstock