Australian Corporate Lawyer - Summer 2018

theAustraliancorporatelawyer
acla.acc.com
THE BLOCKCHAIN:
HYPE OR REVOLUTION?
The creation of blockchain technology has been compared to the creation of
email and the internet. Whether or not you agree with this comparison, there
is no doubt that organisations around the world want to know more, and
lawyers should share their knowledge.
A
blockchain is simply a record of events that have occurred.
Unlike a traditional database, the ledger is not stored on a
single computer, where it can be vulnerable to attack. It is
instead distributed across hundreds, or even thousands, of
computers that store identical copies and control how new entries are
added.
For a new event to be recorded on the ledger, the distributed
computers must first validate the record to ensure it isn’t fraudulent. If
a transaction is validated, the event is recorded on every copy of the
ledger, where it is permanent and unalterable.
Consider a scenario where Jim agrees to give Mary his car in exchange
for one bitcoin. Before Jim agrees to transfer the title to his car, he
wants to make sure that Mary actually owns that bitcoin and hasn’t
transferred it to someone else beforehand. When Mary transfers the
bitcoin to Jim, Mary effectively asks the distributed computer network
to validate, using their copies of the ledger, that she holds that bitcoin.
Once this is validated, the bitcoin transfer to Jim is recorded as a new
event on every copy of the ledger.
Although the ledger is held by many third-party computers, only Mary
and Jim ever hold the bitcoin, because of the private keys they hold
to read the encrypted data. Therefore, there is no need for a trusted
intermediary such as an escrow or bank.
Rapid adoption of blockchain
The blockchain revolution is moving at a pace at which the law is
struggling with. While regulators take a ‘watch and wait’ approach to
this emerging technology, companies and governments around the
world are moving forward and adopting the blockchain to solve a
myriad of critical issues.
With the increasing adoption of blockchain, it is imperative that
corporate counsels understand how it works, how it is being used and
what risks their clients need to consider. Issues relating to common
law contracts, privacy and data security, and managing liability and
risk are just some legal complexities that will arise as blockchain
matures and is adopted more broadly.
How your clients are using blockchain
The concept of the blockchain was born out of a 2008 White Paper
written by a pseudonymous author, Satoshi Nakamoto, who posited a
currency known as bitcoin that operated on the very first blockchain. This
‘cryptocurrency’ was decentralised and independent of any government
or centralised bank control. 1 While the identity of Nakamoto remains
unknown, he published the blueprint to his bitcoin blockchain, which
seeded the creation of over 1500 different blockchains that extended its
use beyond the financial industry to solve many complex problems across
a variety of sectors.
process. 2 This blockchain is used to verify personal information and the
validity of travel documents, without the need for sharing the information
with trusted third parties or storing the sensitive information on a
central database. In China, a large milk manufacturer has combined the
blockchain with Radio-frequency identification (RFID) anti-counterfeit
labelling practices to help consumers determine the source of its
products and verify its authenticity. 3
Around the world, the public sector has also seized opportunities to trial
this technology in various capacities. The governments of Sweden, Russia,
Georgia and Brazil are among a few countries trialling the blockchain to
manage their respective land title registries. These countries intend to
replace long-standing deed systems with a single system for land transfers
and ownership. 4 In Australia, the ASX announced its intention to replace
its legacy CHESS system with a blockchain-based system for managing its
$2 trillion equities market by 2020. 5
Despite its conservative approach to new technologies, the health
industry is also increasing its adoption of blockchain technologies to
manage patient data and records. A PWC report revealed that 49% of
global healthcare companies are developing blockchain solutions for a
variety of uses, ranging from patient record management to prescribing
and dispensing medication. 6
These are just a few examples of organisations and sectors voluntarily
disrupting their own ways of working to adopt blockchain.
Common law contracts and smart contracts
One use of the blockchain that may excite and disrupt the legal profession is
the smart contract. The term ‘smart contract’ was first coined by the computer
scientist, Nick Szabo, who described it as being ‘a set of promises, specified in
digital form, including protocols within which the parties perform on [these]
promises’. 7 In 2013, Vitalik Buterin developed the second blockchain after bitcoin,
called Ethereum, which combined the concept of Szabo’s smart contract and
Nakamoto’s bitcoin to provide a blockchain primarily designed to facilitate the
creation and operation of smart contracts.
From a legal perspective, smart contracts are not necessarily common law
contracts, and must still satisfy the basic elements of a contract to be valid. It is
not always easy to determine whether this is the case, as some characteristics
of smart contracts are unique. Smart contracts are often entirely in computer
code and parties may elect to be completely anonymous, a feature facilitated
by the incorruptible nature of blockchains. Smart contracts may also be crossjurisdictional
and, unless parties elect a jurisdiction, it may not be apparent which
court has jurisdiction to handle disputes. It will almost certainly challenge courts
who may need to shoehorn legacy contract law into an entirely new way of
transacting.
With the Electronic Transactions Act 1999 (Cth), mirrored in each State and Territory
legislation, Australia has adopted a relaxed approach to recognising the validity
of electronic contracts. The legislation was created to recognise that transactions
recorded and effected electronically are not, by that reason alone, invalid. 8
legal or computer science backgrounds to quickly prepare and execute legally
binding smart contracts. It may not be long before judges are reading ‘if’ and ‘then’
statements in a programmer’s code instead of the carefully crafted clauses and
headings of a contract lawyer.
Privacy and the blockchain
Commentators and technologists became more interested in the interplay
between privacy regulations and the blockchain when the European Union’s
(EU) General Data Protection Regulations (GDPR) commenced in May this
year. One benefit of the blockchain, which may be at odds with privacy
legislation, is its immutable nature. You will recall that once a transaction is
recorded on the blockchain, it is permanent and cannot be erased. While this
feature is a tenet of blockchain technology, it flies in the face of Article 17 of
the GDPR. This provision provides EU data subjects the right to be forgotten
and, under certain circumstances, requires a data controller to erase any
personal data it holds about them. While it may be easy to dismiss this as a
problem for European countries, the borderless nature of the blockchain and
the unprecedented extraterritorial effect of the GDPR makes this an important
consideration which Australian lawyers should consider.
Similar concerns surround Australian privacy laws. Companies looking to
trial blockchain should start to consider how local privacy laws will affect
their solutions, particularly if they decide to store personal information. While
it is probably too early for courts and legislators to specifically deal with
blockchain, Australia is leading the way with privacy regulations. The Australia
Standards recently made recommendations to the International Organisation
for Standardisation, stating that privacy, security and identity issues should be
prioritised as the industry develops uniform blockchain standards. 10
It is likely that Australian privacy law will be more malleable than the GDPR
when it comes to regulating the blockchain. Under the federal privacy
regime, the source of these obligations is in the Privacy Act 1999 (Cth) (Privacy
Act), including the Australian Privacy Principles (APPs) that govern many
organisations around the country. It’s important to note that just because data
stored on a blockchain may be encrypted, it does not mean that it cannot be
reasonably identifiable and therefore outside of the operation of the Privacy
Act and APPs. While encrypted data may obscure original information, it can
easily be de-identified with a decryption key, so it is best to assume that the
Privacy Act will still apply. 11
Unlike the GDPR, the Privacy Act and APPs do not provide for an equivalent
‘right to be forgotten’; however, there are similar obligations related to taking
reasonable efforts to ensure that personal information is accurate and up to
date. 12 Arguably, what is ‘reasonable’ may take into account the impossibility
of deleting entries in the blockchain, a leniency which the GDPR fails to take
into account. Another aspect that should be considered is how personal
information is collected and stored, particularly given the distributed and
cross-jurisdictional nature of the blockchain. 13
Organisations subject to the Privacy Act, APPs or any state-based privacy
legislation should consider the effect of the privacy laws on their proposed
blockchain solutions. Lawyers should review their privacy statements to
ensure they accurately reflect how personal information is stored and
handled. Some commentators have compared the creation of the blockchain
Blockchains and liability
Replacing contracts with code, and centralised storage with distributed
ledgers, will create some commercial and practical efficiencies; however, this
may be at the cost of unquantifiable risk. Before lawyers hand over the keys to
computer programmers, they should take a moment to reflect on the times
when things did not go to plan.
The Decentralised Autonomous Organisation (DAO) is a decentralised venture
capital fund that uses blockchain to democratically fund blockchain projects.
In May 2017, a hacker was able to take advantage of a critical programming
error to re-direct approximately US$70m to the hacker’s account in a matter
of hours. 14
portion of the code that was deleted irreversibly froze the funds of around 500
wallets, a total of US$160m in funds. 15
These two examples represent a few high-profile instances of what can go
wrong; however, these are just a small sample of instances where nefarious
actors and poor-quality control led to disastrous outcomes. While the
potential for blockchain is endless, it is important to recognise the risks it
poses, especially where large sums of money or critical information is at
stake. Lawyers will play a vital role, working with software and information
technology teams, to help identify and manage risk to avoid catastrophic
outcomes such as those illustrated by DAO and Parity incidents.
In the private sector, British Airways announced that it was trialling a Several non-legal organisations have already started to offer services that allow
An organisation called Parity also came under scrutiny when one of their
blockchain solution called VChain to completely streamline its check-in parties to design and ‘draft’ their own smart contracts. 9 Agrello, Contract Vault
software developers accidentally deleted part of its source code. Parity
and Ether Party are just a few providers who offer platforms for people without
operates as a wallet for clients wishing to access their cryptocurrencies. The
36 | VOLUME 28, ISSUE 4 – SUMMER 2018 VOLUME 28, ISSUE 4 – SUMMER 2018 | 37
Conclusion
Some commentators have compared the creation of the blockchain with
the creation of email or the TCP/IP protocol, which allows us to use the
internet. Regardless of whether this is an exaggeration, there is no denying
that around the world, we are seeing both public and private sectors testing
the capabilities of blockchain and purposely disrupting long-standing ways
of working. It is important for the legal industry to be part of the journey and
ensure their clients operate within the boundaries of relevant regulatory
framework. a
Footnotes
1. Nick Szabo, Smart Contracts: Building Blocks for Digital Markets, White Paper, 1996.
2. Oliver Smith, ‘Blockchain Startup VChain is Flying High After its Royal Seal of Approval’, Forbes, 21
May 2018.
3. Jessica Lin, ‘A Startup is Using Blockchain Technology to Tackle Counterfeit Milk Powder – Here’s
How’, Business Insider Singapore, 24 November 2017.
4. Edina Oliver and Alexander Ross Davis, ‘Ledgers are Forever: How Blockchain Could Solve Several
of Real Estate’s Perennial Problems’, Thomson Reuters Legal Insight, 4 July 2018.
5. James Eyers, ‘ASX Blockchain to go Live at End of 2020’, Australian Financial Review, 27 April 2018.
6. PwC Health Research Institute, A Prescription for Blockchain and Healthcare: Reinvent or be
Reinvented, 2018.
7. Nick Szabo, Smart Contracts: Building Blocks for Digital Markets, White Paper, 1996.
8. section 4, Electronic Transactions Act 1999 (Cth).
9. www.aggrello.io, www.contractvault.io, www.etherparty.com.
10. Allens Linklater, Blockchain Reaction: Nine Months On, April 2017.
11. Office of the Australian Information Commissioner, De-identification and the Privacy Act, March
2018.
12. APP 13.
13. APPs 6 and 8.
14. Emma Avon, ‘The DAO Hack – What Happened and What Followed?’, coincodex, October 2017.
15. Iain Thomson, ‘Parity’s $280m Ethereum Wallet Freeze Was No Accident: It was a Hack, Claims
Angry Upstart’, 10 November 2017, https://www.theregister.co.uk/
Matthew Southwell
A Senior Legal Advisor at the
Department of Premier and
Cabinet (Victoria), Matthew
combines a keen interest
in emerging technologies
such as blockchain, with
his primary practice areas
of information technology,
telecommunications and
privacy law. In addition to
his Law Degree, Matthew
previously completed a
Biomedical Science degree.
The views in this article are his own
personal thoughts and opinions,
and not the opinion of the
Victorian Government.