What are blockchain main legal challenges? Who is liable for what happens in the network? What is the difference between permissioned and permissionedless blockchains?
If the initial Blockchain’s hype was mainly referable to cryptocurrencies, such as Bitcoin and Ethereum, multiple markets are now taking their chance to renovate the way they have been operating until now and find new technology-based solutions to keep up with the ongoing revolution.
Whether this is the most significant innovation since the Internet, the fourth industrial revolution, as many say, we are facing a near future where manual labour will quickly be automated, along with many types of intellectual activities.
The main scepticism is explained by the fact that the processes that allow Blockchain technology to be implemented often differ greatly from how most financial activities operate because they do not conform to current legal structures and create legislative gaps.
While waiting for legislation to provide some Blockchain-related crimes coverage, we are required to perform an exercise in interpreting and assessing current legal schemes and value the applicability to new legally relevant relations.
Permissioned and permissionless types of Blockchain
The main distinction to be made is between permissionless and permissioned Blockchain.
If anyone can participate without having to authenticate, this is a permissionless Blockchain. Here users have pseudonyms not to be recognised as they act and interact with other users in public by either contributing to validate transactions or creating new transactions with other users, exactly as it happens with Ethereum or Bitcoin, where users transfer digital currencies among themselves.
Permissionless Blockchains exemplify quite well the concept of transparency (as public nodes can see the transactions) and mostly decentralisation, as they totally lack a central authority applying to many use-cases such as Digital Identity and e-voting (full decentralisation).
On the contrary, permissioned Blockchains are private and require each participant to be approved to have access (access control) in order to guarantee the privacy or trade secrets of those involved.
Participants are authenticated and then identifiable, and in some cases, they have an administrator to control what they do in the network, marking the most significant shift from the typical decentralisation scheme.
This could be classified as a lighter version of decentralisation, as a central authority can approve who’s entitled to join the club or not, and it is especially useful in private organisations to ensure trust.
Particularly in food tracking or Banking, they might need to customise their networks without entirely sacrificing anonymity: each identity is still protected using cryptography.
Who is liable for what happens in the network?
Problems arise when the network decides to pursue illegal activities, such as trading prohibited goods or products: how victims (often counter-parties) will recover damages and who can be accountable for the crimes committed within the network or for the civil tort where mostly everyone is protected by anonymity?
And also, which court has jurisdiction over those cases without a geographical location? Due to decentralisation, nodes can be located everywhere in the world, and it is not possible to pinpoint any position to determine the governing law. Not easy also to define what law conflict resolution method applies.
Given the struggle to identify the malicious person behind the crime or other illicit activity, some suggested blaming the network’s developer or programmer.
However, strict liability should be applied in a very limited number of situations and analysed with caution.
Other jurists claim that since permissioned Blockchains present some sort of identification that allows a provider to be identified, it is possible to set up a centralised liability for the events occurring on the Blockchain.
That would not be possible in a permissionless Blockchain, where the only solution would be to create distributed and contributory liability of all the participants to the Blockchain.
But it is also true that even when access control is established, there won’t be full control over any event occurring on the network, so this type of responsibility would not be legally practical and ethically acceptable.
Another solution comes through the legal status of the Blockchain participants and the legal personality of the Blockchain itself.
If its participants are data controllers or data processors, they must comply with data protection requirements and all related provisions, for instance, the General Data Protection Regulation (GDPR), which has been in force since 2018.
Also, if Decentralised Autonomous Organisations (DAO) have no legal personality, how can they contract with third parties and have enforceable agreements?
Instead, individual members could draw up proper contracts off the chain to regulate at least their status in the internal relationship or to define the applicable law and jurisdiction for potential litigation. This could be linked to the network with a secure hash value to guarantee the parties that the valid version is the one they have actually agreed to.
But the blind spots are countless and extend to intellectual property and risk to fair competition, just to name a few.
Most of these questions remain unanswered so far, as we are still at a low point of evolution, but we could find workable solutions with a thoughtful approach.