Once regarded as the digital playground of choice for money launderers and criminals, blockchains are keeping far more respectable company these days.
The technology that underpins cryptocurrencies such as bitcoin, ethereum and ripple is increasingly on the radar for governments, financial institutions and businesses as they weigh up its benefits.
Such distributed ledger technology (DLT) is now being considered for all manner of financial system transactions ranging from capital raising, trading, global payments, and property and casualty claims, through to digital identity management.
Ross Buckley, a scientia professor and King & Wood Mallesons chair of international financial law at UNSW Sydney, says that given the dramatic broadening of the potential uses of blockchains they are coming under greater scrutiny from regulators and law-makers.
It is annulling past assumptions of many technology experts that blockchains are beyond the law because the ledgers, at their best, have virtually unbreakable security and unparalleled transparency.
"Sorry guys, you're no longer going to avoid liability just by doing things on a blockchain," Buckley says.
He is the co-author with Dirk A. Zetzsche, a professor of law at the University of Luxembourg, and Douglas W. Arner, the Kerry Holdings professor in law at the University of Hong Kong, of Distributed Liability of Distributed Ledgers: Legal Risks of Blockchain.
The paper takes the view that "while the law may be dull and the technology exciting, the impact of the law cannot be simply wished away".
"DLT projects may well be found, by courts, to constitute joint ventures with liability spread across all owners and operators of systems serving as distributed ledgers," the authors say.
"Regulators seeking to support appropriate approaches to 21st-century financial infrastructure must focus on these legal consequences."
'Sorry guys, you’re no longer going to avoid liability just by doing things on a blockchain'
– ROSS BUCKLEY
For many, the concept of blockchain is still confusing. In essence, blockchains are distributed digital databases, or ledgers, that are used to record transactions, thereby allowing market participants to keep track of digital currency transactions without central record-keeping.
Originally developed as a platform for bitcoin, blockchains are now appearing in myriad commercial applications. DLT systems can be permissioned (on private networks) or permissionless (on public domain software).
Michael Bacina, a partner in law firm Piper Alderman and an expert advising on cryptocurrencies and blockchain matters, welcomes a recent surge of capital raisings through initial coin offerings (ICOs) – the cryptocurrency equivalent of initial public offerings.
Bacina believes this will ramp up blockchain funding and technology improvements in the same way that dotcom investment in the late 1990s ultimately led to the creation of modern corporate powerhouses such as Amazon, Google and eBay.
"These ICOs get the word out that this technology is here and it's amazing and people are willing to support and back ventures deploying that technology," he says.
Nevertheless, Bacina acknowledges that the fast-changing world of DLT and blockchains will face significant legal and regulatory challenges.
For instance, while farmers using a platform such as AgriDigital – which allows them to sell grain on a blockchain – will not have to understand the technology and algorithms behind it, the platform providers and their lawyers should be cognisant of any issues with the so-called smart contracts that digitally enable the execution of blockchain transactions.
"The professionals working in this space will need to have a much deeper knowledge of technology than they do now," Bacina says.
In their paper, Buckley, Zetzsche and Arner cite cases in which blockchain investors lost out. In 2016, for example, Hong-Kong-based bitcoin exchange Bitfinex was hacked, causing the loss of 119,756 bitcoins with a market value at the time of about US$72 million.
Buckley says this case, and others, demonstrates that financial services provided via distributed ledgers are not without risk.
While it is true and "utterly extraordinary" that the blockchain on which bitcoin runs has never been hacked, that has led to the false assumption in some quarters that all blockchains are safe and that there is no risk of liability with personal data and other breaches.
However, as Buckley emphasises, "not all blockchains are created equal".
Blind confidence in blockchains is fraught with danger. The authors note in their paper that the potential of DLT has led to many financial institutions investing heavily in pilot applications of the technology.
At the same time, there has been a bullishness in the tech community that blockchain and other distributed ledger systems offer "unbreakable security, immutability and unparalleled transparency, so law and regulation are seen as unnecessary".
Think again, says Buckley, who chairs the digital finance advisory committee for the Australian Securities & Investments Commission. His thesis is that courts in countries such as Australia see themselves as the final refuge for people who have been harmed.
"And they are not going to give up that jurisdiction," he notes.
'It doesn’t matter how much the credit card company wants to get rid of that information, they can’t. The blockchain is immutable'
– MICHAEL BACINA
Thrills and spills
The authors point out that "part of the thrill of blockchain to date has been its disregard of the law" and that "with law in the picture, data are less attractively housed in distributed ledgers".
However, they maintain that liability matters and distributed ledgers may ultimately be legally structured, especially in permissioned systems, so that all servers are owned and operated by one entity, or a few specified entities, rather than by multiple entities.
Bacina agrees that blockchains should be required to comply with the law and notes that a number of US states, including Wyoming, Arizona, Vermont, Florida and Delaware, have been developing legislation around blockchains and smart contracts which mandates that blockchain records can be relied upon by courts as evidence.
"This is a really important element," he says, "which shows that courts will move over time to accept blockchain records as admissible proof of facts."
Wyoming is set to pass arguably the most comprehensive blockchain laws to date and which potentially provide a framework for other countries to follow, Bacina says.
However, while uniform international laws may be desirable, "it's going to be hard because history tells you that sort of thing takes a long time to develop".
According to Bacina, there are clear risks associated with the availability of data on blockchains. Imagine if a data breach from a credit card company led to customer information being posted on to a blockchain that is publicly accessible in perpetuity.
"It doesn't matter how much the credit card company wants to get rid of that information, they can't. The blockchain is immutable. So what damages might they face for that breach?" he asks.
"It raises the stakes for companies and businesses that retain personal information on their customers or potential customers."
Without doubt, DLT and blockchains represent a game-changing technology that will gradually reshape the way business is transacted. Yet, as Buckley, Zetzsche and Arner show in their paper, the legal risks are a clear and present danger.
They suggest financial intermediaries involved in a distributed ledger should hold sufficient capital, or get insurance if it is on offer, to protect themselves from liabilities stemming from DLT participation.
Ironically, operators may have to accede to rules similar to those governing centralised payment and settlement systems deployed within banks and traditional financial institutions.
When the dust settles and blockchains are an accepted part of financial infrastructure, Buckley believes "one of the big impacts of blockchain may have been to trigger company boards into investing money into upgrading their software systems in ways that prove to be really important".
"Virtually all of our banks and big companies have a lot of code in their operating systems that is decades old and the reasons for which sometimes no current employees fully understand," Buckley notes.