Is the decentralised governance of Bitcoin really a myth?
Code is law (unless the Court of Appeal says there is a realistic argument that it is not)
“If the decentralised governance of Bitcoin really is a myth, then in my judgment there is much to be said for the submission that Bitcoin developers, while acting as developers, owe fiduciary duties to the true owners of that property” - Lord Justice Birss
The recent Court of Appeal decision in Tulip Trading Limited v van der Laan and Others  EWCA Civ 83 has generated significant interest in the Bitcoin community and the wider digital asset sector. The claimant asks the English court to order software developers alleged to control various Bitcoin blockchains to modify source code to restore the claimant’s control over Bitcoin for which its private key has been stolen.
The case has generated unease in some quarters because the notion of a national court requiring the modification of a decentralised ledger is contrary to two of the key tenets of DLT, namely that the information recorded on the ledger is immutable and there should be no central governing authority. Undermine those principles, some say, and the value of digital assets, and Bitcoin in particular, may collapse. It is important to note that nothing has been yet decided definitively.
The Court of Appeal addressed only whether the claimant has a realistic argument that the very novel fiduciary and tortious duties on which it relies actually exist in English law. Whether they do will be the subject of a trial in the High Court, likely next year. While the Court of Appeal’s reasoning will be influential in the final decision, the High Court will have to engage with detailed evidence (including expert evidence) on issues such as decentralised governance and, possibly, the wider ramifications of the remedy sought. Nevertheless, this case shows that the English courts are willing to engage fully with the potentially difficult legal issues arising from DLT.
The Court of Appeal’s decision gives rise to some interesting broader issues:
- Control: The claim could fail on the issue of whether the developers “control” the blockchains. But each blockchain is governed and controlled in slightly different ways and the issue of control may be a key issue in future similar cases. A wide number of actors could be implicated, ranging from DAOs, to software companies providing blockchains as a service, to cloud computing giants hosting code and nodes. It would, therefore, be prudent at the outset of any new project to ensure that the issue of control is analysed fully and that claims of “decentralisation” are made only if well founded. • Liability for Coding Bugs: Where any entity or individual is found to be in control of a blockchain, the Court of Appeal’s comments provide affected owners grounds on which to argue they are owed duties to have “bugs” (however so defined) fixed and possibly losses compensated. Owners will also have good arguments that any controlling entity will be in breach of legal duties if they introduce code for their own benefit and to the detriment of owners.
- Managing Liability: Developers should consider whether it is possible to have users/owners agree to liability waivers. The BTC developers relied on a waiver in this case but the Judge did not consider it relevant at the jurisdictional stage and in any event considered its meaning unclear. It was not considered by the Court of Appeal but is another issue that may be live at trial. It is interesting to note that some of the defendants in this case have already publicly distanced themselves from further development work, with some expressly referring to increased legal risk.
- Wider Fallout: Other businesses handling or holding Bitcoin (as well as other digital assets that would likely be affected by analogy), such as exchanges, wallet providers, custodians and funds may be affected if this claim succeeds and paves the way for other owners to seek to have blockchains rectified. It may call into question precisely what assets are held and for whom. Potentially affected businesses should consider whether they can protect themselves from adverse outcomes in their agreements with customers, users and investors.
- Owner Friendly Jurisdiction: This decision together with others in recent years show English courts have been supportive to owners of digital assets following fraud or hacks. That, together with the expectation of a judgment in the claimant’s favour in this case, could encourage owners of digital assets to hold them in England in order bring them within the jurisdiction of the English court. Other jurisdictions may respond by introducing similar rules or possibly, on the other hand, laws blocking foreign court judgments on these issues, which may be attractive to the development community.
- Conflict of Law Reform: While the English courts are fast approaching an orthodoxy on their jurisdiction in respect of digital assets, there has been little discussion of the implications of those decisions. Courts treating a digital asset as being located in the jurisdiction of the owner (for the purposes of establishing both English jurisdiction and governing law) has been useful in fraud cases against persons unknown outside of England. However, its application in this claim is not as intuitive. An unprincipled asymmetry would arise if owners of digital assets in England can ask courts to order to modification of a blockchain (that otherwise has no connection to England) when foreign owners cannot. But if other jurisdictions take the same approach, developers could find themselves litigating worldwide. One solution is bespoke conflict of laws rules for digital assets. The Law Commission has recently started a new project in this area but international coordination and consensus is a very long way off.
- Future Developments in “On Chain” Enforcement: Developers are experimenting with “on chain” methods of dispute resolution that would resolve the claimant’s problem without having to resort to litigation before national courts. The first defendant in this case (who did not join the jurisdiction challenge) is reported to have settled with the claimant and now plans to implement software that permits any court orders to be enforced directly onto the BSV blockchain . Other examples include the dedicated arbitration system on the EOS blockchain. Similarly, the Digital Dispute Resolution Rules give an arbitrator the power to “operate, modify, sign or cancel” digital assets that, if embedded in appropriate technical infrastructure, may permit reversals of transactions on a blockchain. The English courts are taking a leading role. In February, it has been reported that a complex “counter exploit” was undertaken pursuant to an English court order, which involved rewriting a DeFi smart contract to retrieve stolen assets.
The Facts and the Claim
The claimant is a Seychelles company which claims to own Bitcoin at two addresses currently worth approximately USD 4 billion. The claimant’s ultimate owner (Dr Craig Wright) lives in England and claims that that the encrypted wallet containing the private keys was removed from his home computer by hackers. Unable to proceed against the unknown thieves, the claimant started proceedings against software developers who (the claimant says) can change the source code of the relevant blockchains.
The claim concerns different Bitcoin blockchains (BTC, BCH, BSV and BCH ABC). Each is the product of a “hard fork” following debates within the Bitcoin community about whether proposed source code changes adhered to the philosophy and purpose of Bitcoin. Those debates involved developers (including many of the defendants and Dr Wright), owners, miners and major exchanges.
The claimant alleges that each blockchain is controlled by certain the developer defendants. Moreover, in parallel proceedings in England, Dr Wright claims he owns database rights in BTC and BCH and that their further operation is subject to his consent.
The claim is that the developers will be in breach of (novel) fiduciary and tortious duties owed to all Bitcoin owners if (once a court has confirmed that the claimant owns the Bitcoin) they fail to take steps to provide the claimant with access to and control of the Bitcoin, specifically by deploying new source code on each blockchain. The developers denied that they are subject to any fiduciary and tortious duties under English law and that blockchain governance was decentralised and that the remedy sought went against the “core values of Bitcoin as a concept” and would not be accepted by miners or owners, possibly leading to a hard fork.
All defendants were outside of England and most of them challenged the court’s jurisdiction and order granting the claimant permission to serve its claim outside of the jurisdiction. That means that the courts have considered only very limited evidence on these issues at this stage. The Court of Appeal’s decision resolves the issue of jurisdiction in the claimant’s favour.
Jurisdiction Challenge and the Appeal
To serve a claim on defendants that are outside the jurisdiction, a claimant must establish:
- There is a “serious issue” to be tried and there is a “real prospect” of success and not merely arguably or fanciful.
- The claim must fall within one of the “jurisdictional gateways” in the English civil procedural rules, or the claimant must have a good arguable case that it does.
- England is the “appropriate forum” for the claim.
At first instance, Mrs Justice Falk decided that, while the claims fell within the gateways and England was the appropriate forum, there was no real prospect of the claimant establishing that the fiduciary or tortious duties existed under English law. The claimant appealed the decision on the merits test. The defendants did not appeal the outcome of the jurisdiction or forum tests.
The Court of Appeal upheld the appeal. Lord Justice Birss (with whom Lord Justices Lewison and Popplewell agreed) held that there is a realistic argument that fiduciary duties existed but whether this argument is sound depends on whether Bitcoin governance is truly decentralised. That was left as a matter for trial, which is expected to take place in early 2024. The Court of Appeal was cognisant of the often-made warning that courts should not decide controversial points of law in a developing area on assumed or hypothetical facts.
Why was there a realistic argument that the developers owed fiduciary duties to owners? English law recognises certain categories of fiduciary relationships, such as solicitor and client, director and company and trustees and beneficiaries. The Court of Appeal acknowledged that it is exceptional for new categories of fiduciary relationships to be recognised but accepted that this case should not be dismissed lightly given the facts are unlike anything considered in any previous case. The Court of Appeal confirmed that whether a fiduciary relationship exists is an objective question and the definitive test was Bristol and West Building Society v Mothew:
“A fiduciary is someone who has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty. The principal is entitled to the single-minded loyalty of his fiduciary. This core liability has several facets. A fiduciary must act in good faith; he must not make a profit out of his trust; he must not place himself in a position where his duty and his interest may conflict; he may not act for his own benefit or the benefit of a third person without the informed consent of his principal. This is not intended to be an exhaustive list, but it is sufficient to indicate the nature of fiduciary obligations. They are the defining characteristics of the fiduciary.”
The claimant relied on several Australian cases to say that the test also took account of (i) a reasonable expectation that a person will not act in a self-interested manner; and (ii) an imbalance of power and vulnerability. The Court Appeal said that while these may have some “explanatory power” they were not part of the test.
The Court of Appeal’s analysis was predicated on the factual assumption that the developers exercised “de facto” control of the blockchains given that only they (and only they) could change codes.
The Court of Appeal was also influenced by two aspects of a developer’s role that were not directly relevant to the claim. Firstly, developers (on the claimant’s case) fixed “bugs” identified by third parties, which was said to demonstrate an exercise of authority and a “decision-making role” on behalf of owners, indicative of a fiduciary relationship. Secondly, a developer introducing code that comprised the security of the blockchain to its own advantage did arguably breach a fiduciary duty to put the interests of all the owners as a class ahead of the developers’.
A number of conclusions flowed from these assumed facts, which resulted in the conclusion that there is a “realistic argument” that developers owe fiduciary duties to Bitcoin owners.
- The developers’ “de facto” control meant that owners could not avoid putting their property into the developers’ care, which represents “entrustment”, a key component of a fiduciary relationship. While the Judge dismissed the entrustment argument, the Court of Appeal said that the Judge had done so on the erroneous basis that the developers were a “fluctuating and unidentified body”, when this is contested by the claimant and is a key part of the “decentralisation” debate for trial.
- If developers owed owners a duty to not compromise the security of the blockchain, it was feasible that they owed a corresponding duty to introduce code to fix bugs drawn to their attention. The Court of Appeal recognised that there was a significant difference between a negative and positive duty but that the latter was arguable based on developers’ “de facto” control and fixing bugs was one of their primary roles.
- Owners provide developers with “informed consent” to make” good decisions on their behalf” even if they do not agree with the decision or there is not consensus, particularly when it comes to addressing bugs. On that basis, the developers could not object that the remedy sought by the claimant would override a fundamental feature of the blockchain because they are already entrusted to make decisions.
- The Court of Appeal said there was a “realistic” argument that Bitcoin owners had a legitimate expectation that developers would act in the manner described above. This is perhaps one of the most controversial aspects of the judgment and it will be interesting to see at trial whether the defendants seek to deploy evidence on the general expectation of Bitcoin owners on the issue of whether developers can restore control in the case of lost or stolen private keys.
- The developers’ concern that the remedy sought would put them in an invidious position if a rival owner of contested Bitcoin secured a court order in another jurisdiction was said to be an issue for trial. However, it seems the Court of Appeal saw little force in that point as it noted that “[t]aken to its logical limit the problem would arise whichever court a claim of this kind came before and would lead to the view that there is no court which can adjudicate the claim. That is not right. The internet is not a place where the law does not apply.”
The final point was the closest that the Court of Appeal came to addressing any wider practical, policy or economic issues. As the Court of Appeal did not engage with the tort claims it did not deal with any “floodgates” arguments or give any consideration to the fact that, if these duties do exist, courts and blockchain developers could be faced with a very large number of claims. Similarly, whether such duties would have a chilling effect on a public good. It will be interesting to see whether such arguments are considered at trial as part of the “decentralisation” debate.
Did the Claimant satisfy the jurisdiction and forum tests?
The claimant relied on the “jurisdiction gateways” in CPR PD 6B paragraphs 9(a) and 11 (and alternatively 4A). The Judge held that all were engaged and this was not appealed. The Judge’s decision therefore forms a helpful addition to the growing body of caselaw on digital assets and the jurisdictional gateways, in which there is broad consensus that digital assets (or at least Bitcoin and NFTs) are property and that the property is in the jurisdiction in which its owner is resident or carries out business. The Judge clarified that, where digital assets are owned by a company, they are located where that company is resident (i.e. where its central management and control is exercised) rather than where it is domiciled (i.e. incorporated).
In relation to the forum test, the Judge clarified that England was the appropriate forum because it was the place of all the “primary connecting factors”. Seychelles was dismissed and, as the defendants were located all over the world there was “no other jurisdiction with which I can see a closer link than England, or which strikes me as even arguably the proper forum.” Nevertheless, this case illustrates some of the emerging difficulties arising from the way in which English courts have applied conflicts of law rules to digital assets cases.