Discussion Post: Meta-Trust

CTA: “In these threads, we attempt to further the discussion of a key problem in this category and evolve our understanding of the domain space where research work has not yet answered the specific problem or question being considered. These posts are living documents, and it is our hope that the community will continue to contribute to their structure and content.”

Ducuing, C. (2019). How to make sure my Cryptokitties are here forever? The complementary roles of the blockchain and the law to bring trust. European Journal of Risk Regulation, 10(2), 315–329. https://doi.org/10.1017/err.2019.39


Meta-Trust: While blockchains theoretically create a trustless environment to transact in, an application connected to the blockchain (such as a non-fungible token or NFT) can involve another layer of trust beyond the blockchain: whether an application represents what it purports to. This concept is called meta-trust. Beyond the implications for decentralized applications (Dapps), meta-trust raises the question of legal jurisdiction. How will blockchains interact within the legal system to give users the confidence to put their “meta-trust” into the technology?

Decentralized Applications (Dapps): A genuinely decentralized application fits the following four criteria according to David Johnston: (1) it is fully open-source and it “operates autonomously” with “no entity controlling the majority of its tokens” while changes to the protocol are “decided by consensus of its users.” (2) The “application’s data and records of operation are cryptographically stored in a decentralized public blockchain in order to avoid any central points of failure.” (3) The application “uses a cryptographic token […] necessary for access to the application and any contribution of value […] should be rewarded in the application’s tokens”. Finally, (4) it must “generate tokens according to a standard cryptographic algorithm acting as a proof of the value nodes are contributing to the application”.

Code is Law: A quote originating from Lawrence Lessig’s book Code and Other Laws of Cyberspace (1999) that was adopted by the Ethereum community as a representation of the ethical framework that the code underlying a smart contract represents a legally binding contract between the parties utilizing a smart contract to come to terms of agreement or settlement.

Trustless Trust: A theoretical framework in which the need to trust a single individual to verify or validate a given unit of information is removed.

Cryptokitties: A game created by Dapper Labs, and built on the Ethereum blockchain, which claimed to give players ownership over virtual “cryptokitties” that they could collect, breed, and sell.

Key Problem / Topic Area

Many Dapps have captured the public’s attention under the guise of being blockchain- or smart contract-based projects, only to be exposed as only tangentially using those technologies, if at all. One example is Cryptokitties, a game that claimed to be a “distributed application” giving its users the capacity to create and sell digital cats while being “secure in the knowledge that the blockchain [would] track ownership securely,” as its advertising explicitly stated.

In Cryptokittes’ Terms of Service agreement, “Dapper Labs, Inc”’ (the company which created Cryptokitties) was given the right to collect 3.75% of each transaction’s total value. By articulating a third-party arbitration agreement, Dapper Labs effectively centralized the legal mechanism that dictates terms of operation on the Cryptokitties app. They claimed ownership was decentralized on the application, but in reality, ownership was bound by a legal agreement that was rooted in a centralized legal system.

The author argues that presenting an application as “trustless” because it was built on a decentralized layer could be a deceptive practice when there is also a contract establishing a third-party arbiter. The application intentionally conflates the network layer, application layer, and legal protections provided by the terms of service governing the platform.

According to the author, this type of deceptive marketing targeted individuals who were looking to participate in what they believed to be “decentralized applications.” Their misleading implementations of blockchain technology were intended to attract venture capital and presented little or no novelty for their users who were effectively entering contracts under false pretenses. This presents an ethical quandary: Is it “deceptive” if a contract involving a third-party dictates the terms of use of a “trustless” application layer?

Specific Question or Problem Statement

The recent Equifax and Office of Personnel Management hacks stand out as representative of a problem with large-scale data repositories: centralized systems create compelling incentives for attackers to target them, given the troves of sensitive information they might contain.

Blockchain’s distributed ledger removes single repository risk, effectively mitigating one of the most significant risks associated with data management. Smart contracts can also allow legal trades that would not otherwise occur due to many variables, including a lack of counterparty trust. The author labels the intersection of trust in the viability of technology and trust in the law’s capacity to protect that technology as “meta-trust” under the premise that blockchain technology has not yet achieved the legal protections to attain enough meta-trust to gain mainstream adoption.

Are the legal ramifications of a decentralized smart contract congruent with the legal protections and, by proxy, the perception of those protections, provided to parties entering a smart contract (asks Ducuing)?

Approach / Methodology

Ducuing analyzes the Cryptokitties app and the subsequent fallout to determine whether the balance of information between users and developers undermined their proposed “trustless” execution. She analyzed terms of service agreements associated with the most widely-used token-based collectibles at the time of her research relative to the most broadly applicable legal frameworks those applications were operating under. She did not attempt to audit websites or terms of service.

Conclusions / Key Takeaways

Ducuing calls for co-regulation between blockchain developers and governments. Creating a legal framework that would define intellectual property rights within the blockchain space would clarify much of the legal gray area between decentralized ownership and local government. It is unclear whether Ducuing’s definition of trustless execution is intentionally conflated with decentralization or her definition was a conflation of concepts within the cryptocurrency/blockchain lexicon.

CTA: Future Work / RFP

In this context, learning the source of definitions and frameworks (such as Ducuing’s use of “decentralization”) that dominate perceptions about the blockchain among users would be of value. Assessing how academics and enthusiasts discover information concerning advancements in the blockchain space could provide important perspective. For example, if their information comes from informal sources such as social media or forums, it would be helpful to determine the ratio of time spent learning from informal sources to the time spent learning in formal venues.

Another avenue would be looking at the general terms of service agreements associated with websites that issue NFTs to assess whether their claims about ownership of an NFT are congruent with the legal enforcement of ownership within the seller and purchaser’s jurisdictions.


A very timely legal decision has been made giving smart contracts the same legal status as regular contracts in the state of Iowa:

Iowa Legislature - BillBook


That is certainly timely! I wonder how that would work though. Even if it has the same legal status, are smart contracts equally enforceable? Or maybe not equally. Maybe similarly or possibly are the words I’m looking for.


I wouldn’t think so, as US law is not technically even equally enforceable. The capacity to enforce a law only goes as far as jurisdiction and capacity to enforce within that jurisdiction. That makes me think of the New York lawsuit against Coinseed New York’s attorney general files lawsuit against crypto investment app company (theblockcrypto.com).

In that case, NY is suing a company for not complying with New York State law because the company operates on the Internet and by proxy New York assumes their state’s residents will have access to commerce with Coinseed.

The case is still pending due to the fact that New York really has no authority over Coinseed funds or operating status, and will depend upon the action of the SEC to enforce their findings, thus reinforcing the notion that legality is only as legal as it is enforceable.

States diverge on crypto oversight as industry awaits clarity | Money | omaha.com

This problem hasn’t really been solved within REGULAR contracts. Is it even rational to expect smart contracts to solve a jurisdiction problem that still remains a problem even in traditional legal contracts?


Do you have a sense of what arbitration agreements other DApps might be operating under? I’m particularly curious about NFTs, is something posted on OpenSea bound by the same arbitration agreements? And what happens when the token is transferred off the platform? I’d love to see some court cases or academic studies addressing these issues if anyone has any.

1 Like

I have looked at a few, and they are absolutely horrible. The arbitration agreements are so bad, and not ubiquitous either. This whole NFT wave is a legal debacle in the making.

Most of them amount to “arbitration is between the buyer and seller, and the platform has nothing to do with it. Due diligence is the responsibility of the NFT minter and buyer” even down to IP protection not being the responsibility of the platforms based on ToS.


One of my big realizations about NFTs came when I mentioned to an artist how much I liked one of the pieces he’d sold to someone else, and he minted me a new one… I didn’t say anything (and the piece in question was only about $5) but it made me realize some of the potential problems with a ‘trusted’ setup.


If there is no explicit contract that an artist will not just mint another copy of an NFT, what is stopping an artist from just minting another NFT?

Clearly in your example, “nothing” is the answer, which is effectively undermining the whole “rarity” aspect by proxy.

1 Like