Discussion Post: Meta-Trust

CTA: “In these threads, we attempt to further the discussion of a key problem in this category and evolve our understanding of the domain space where research work has not yet answered the specific problem or question being considered. These posts are living documents, and it is our hope that the community will continue to contribute to their structure and content.”

Ducuing, C. (2019). How to make sure my Cryptokitties are here forever? The complementary roles of the blockchain and the law to bring trust. European Journal of Risk Regulation, 10(2), 315–329. https://doi.org/10.1017/err.2019.39

Background

Meta-Trust: While blockchains theoretically create a trustless environment to transact in, an application connected to the blockchain (such as a non-fungible token or NFT) can involve another layer of trust beyond the blockchain: whether an application represents what it purports to. This concept is called meta-trust. Beyond the implications for decentralized applications (Dapps), meta-trust raises the question of legal jurisdiction. How will blockchains interact within the legal system to give users the confidence to put their “meta-trust” into the technology?

Decentralized Applications (Dapps): A genuinely decentralized application fits the following four criteria according to David Johnston: (1) it is fully open-source and it “operates autonomously” with “no entity controlling the majority of its tokens” while changes to the protocol are “decided by consensus of its users.” (2) The “application’s data and records of operation are cryptographically stored in a decentralized public blockchain in order to avoid any central points of failure.” (3) The application “uses a cryptographic token […] necessary for access to the application and any contribution of value […] should be rewarded in the application’s tokens”. Finally, (4) it must “generate tokens according to a standard cryptographic algorithm acting as a proof of the value nodes are contributing to the application”.

Code is Law: A quote originating from Lawrence Lessig’s book Code and Other Laws of Cyberspace (1999) that was adopted by the Ethereum community as a representation of the ethical framework that the code underlying a smart contract represents a legally binding contract between the parties utilizing a smart contract to come to terms of agreement or settlement.

Trustless Trust: A theoretical framework in which the need to trust a single individual to verify or validate a given unit of information is removed.

Cryptokitties: A game created by Dapper Labs, and built on the Ethereum blockchain, which claimed to give players ownership over virtual “cryptokitties” that they could collect, breed, and sell.

Key Problem / Topic Area

Many Dapps have captured the public’s attention under the guise of being blockchain- or smart contract-based projects, only to be exposed as only tangentially using those technologies, if at all. One example is Cryptokitties, a game that claimed to be a “distributed application” giving its users the capacity to create and sell digital cats while being “secure in the knowledge that the blockchain [would] track ownership securely,” as its advertising explicitly stated.

In Cryptokittes’ Terms of Service agreement, “Dapper Labs, Inc”’ (the company which created Cryptokitties) was given the right to collect 3.75% of each transaction’s total value. By articulating a third-party arbitration agreement, Dapper Labs effectively centralized the legal mechanism that dictates terms of operation on the Cryptokitties app. They claimed ownership was decentralized on the application, but in reality, ownership was bound by a legal agreement that was rooted in a centralized legal system.

The author argues that presenting an application as “trustless” because it was built on a decentralized layer could be a deceptive practice when there is also a contract establishing a third-party arbiter. The application intentionally conflates the network layer, application layer, and legal protections provided by the terms of service governing the platform.

According to the author, this type of deceptive marketing targeted individuals who were looking to participate in what they believed to be “decentralized applications.” Their misleading implementations of blockchain technology were intended to attract venture capital and presented little or no novelty for their users who were effectively entering contracts under false pretenses. This presents an ethical quandary: Is it “deceptive” if a contract involving a third-party dictates the terms of use of a “trustless” application layer?

Specific Question or Problem Statement

The recent Equifax and Office of Personnel Management hacks stand out as representative of a problem with large-scale data repositories: centralized systems create compelling incentives for attackers to target them, given the troves of sensitive information they might contain.

Blockchain’s distributed ledger removes single repository risk, effectively mitigating one of the most significant risks associated with data management. Smart contracts can also allow legal trades that would not otherwise occur due to many variables, including a lack of counterparty trust. The author labels the intersection of trust in the viability of technology and trust in the law’s capacity to protect that technology as “meta-trust” under the premise that blockchain technology has not yet achieved the legal protections to attain enough meta-trust to gain mainstream adoption.

Are the legal ramifications of a decentralized smart contract congruent with the legal protections and, by proxy, the perception of those protections, provided to parties entering a smart contract (asks Ducuing)?

Approach / Methodology

Ducuing analyzes the Cryptokitties app and the subsequent fallout to determine whether the balance of information between users and developers undermined their proposed “trustless” execution. She analyzed terms of service agreements associated with the most widely-used token-based collectibles at the time of her research relative to the most broadly applicable legal frameworks those applications were operating under. She did not attempt to audit websites or terms of service.

Conclusions / Key Takeaways

Ducuing calls for co-regulation between blockchain developers and governments. Creating a legal framework that would define intellectual property rights within the blockchain space would clarify much of the legal gray area between decentralized ownership and local government. It is unclear whether Ducuing’s definition of trustless execution is intentionally conflated with decentralization or her definition was a conflation of concepts within the cryptocurrency/blockchain lexicon.

CTA: Future Work / RFP

In this context, learning the source of definitions and frameworks (such as Ducuing’s use of “decentralization”) that dominate perceptions about the blockchain among users would be of value. Assessing how academics and enthusiasts discover information concerning advancements in the blockchain space could provide important perspective. For example, if their information comes from informal sources such as social media or forums, it would be helpful to determine the ratio of time spent learning from informal sources to the time spent learning in formal venues.

Another avenue would be looking at the general terms of service agreements associated with websites that issue NFTs to assess whether their claims about ownership of an NFT are congruent with the legal enforcement of ownership within the seller and purchaser’s jurisdictions.

A very timely legal decision has been made giving smart contracts the same legal status as regular contracts in the state of Iowa:

Iowa Legislature - BillBook

That is certainly timely! I wonder how that would work though. Even if it has the same legal status, are smart contracts equally enforceable? Or maybe not equally. Maybe similarly or possibly are the words I’m looking for.

I wouldn’t think so, as US law is not technically even equally enforceable. The capacity to enforce a law only goes as far as jurisdiction and capacity to enforce within that jurisdiction. That makes me think of the New York lawsuit against Coinseed New York’s attorney general files lawsuit against crypto investment app company (theblockcrypto.com).

In that case, NY is suing a company for not complying with New York State law because the company operates on the Internet and by proxy New York assumes their state’s residents will have access to commerce with Coinseed.

The case is still pending due to the fact that New York really has no authority over Coinseed funds or operating status, and will depend upon the action of the SEC to enforce their findings, thus reinforcing the notion that legality is only as legal as it is enforceable.

States diverge on crypto oversight as industry awaits clarity | Money | omaha.com

This problem hasn’t really been solved within REGULAR contracts. Is it even rational to expect smart contracts to solve a jurisdiction problem that still remains a problem even in traditional legal contracts?

Do you have a sense of what arbitration agreements other DApps might be operating under? I’m particularly curious about NFTs, is something posted on OpenSea bound by the same arbitration agreements? And what happens when the token is transferred off the platform? I’d love to see some court cases or academic studies addressing these issues if anyone has any.

I have looked at a few, and they are absolutely horrible. The arbitration agreements are so bad, and not ubiquitous either. This whole NFT wave is a legal debacle in the making.

Most of them amount to “arbitration is between the buyer and seller, and the platform has nothing to do with it. Due diligence is the responsibility of the NFT minter and buyer” even down to IP protection not being the responsibility of the platforms based on ToS.

One of my big realizations about NFTs came when I mentioned to an artist how much I liked one of the pieces he’d sold to someone else, and he minted me a new one… I didn’t say anything (and the piece in question was only about $5) but it made me realize some of the potential problems with a ‘trusted’ setup.

If there is no explicit contract that an artist will not just mint another copy of an NFT, what is stopping an artist from just minting another NFT?

Clearly in your example, “nothing” is the answer, which is effectively undermining the whole “rarity” aspect by proxy.

I did a few hours of research explicitly looking for academic publications about the intersection of ToS, Smart Contracts, and regulation. While the list on its own does not look that bad, it took going through over a thousand articles to accumulate this list:

Research on Terms of Service and Smart Contracts - Governance and Coordination - Smart Contract Research Forum

Thanks for spending the time and pulling these together as a resource!

That seems like a really valuable resource, thanks @Larry_Bates . I wonder if we can make it more accessible? Could that list be a markdown file in a new thread talking about ToS research? Or maybe we make a new ‘wiki’ post that anyone can help us edit?

That’s a great idea!

Would the crypto ecosystem benefit from some kind of self-regulation or self-enforcement? Maybe a crypto equivalent of the Admiralty Law or something like that? Seems like there are vigilante movements putting the brakes on flash bots and the sandwich attacks.

It would theoretically, but I will then ask you “who” gets to decide who carries that authority in a decentralized system? How does self-regulation manifest without becoming a special interest that could potentially turn hats one day without some sort of reputational or legal responsibility? Further, is self-regulation by consensus “government”?

I don’t have the answers, but I think this is why we need to have these discussions.

I guess I’m imagining something like the MPAA – a kind of industry consortium… but crypto space has all kinds of interesting governance, so maybe the key would be issuing a governance token and voting for regulatory issues, or maybe something wild like a police DAO or algorithmic immune system (granted that’s how you get to SkyNet…). I wonder if we might eventually see nation-state conflict over these kinds of regulatory questions.

Is a crypto version of the MPAA “centralization”?

How could that work without recentralizing?

If it works without centralizing, what is the mechanism that keeps it working?

Not to start asking you questions, but I think there hits a point where the crypto space REALLY has to start thinking about these issues to have a debate about them and what their implications mean philosophically relative to the mantra of “decentralize everything”.

Should everything be decentralized?

Or conversely: how would a globally distributed group reach consensus about governance enforcement without recentralizing authority?

I think one of the problems with “consortiums” is that you inherently have many special interests attempting to find common ground.

The r3 consortium is “kind of” in line what what you’re suggesting, but I will let you do research on its success to see what “consortium at scale” looks like in the real world:

R3 | DLT & Blockchain Software Development Company

There is a growing sentiment among legal experts that the notion of “self-enforcing contracts” was a paradoxical framework that was mistakenly put forth by developers and engineers unfamiliar with contract law:
‘Self-Enforcing’ Contracts Don’t Exist | by CleanApp | Crypto Law Review | Medium
The author proposes the following -

1. First, many conceptual building blocks for today’s ‘smart contracts’ turned out to be doctrinally wrong , expressly contradicting settled global contract law principles.
2. Second, separately from legal doctrine, self-enforcing ‘smart contracts’ are conceptually unstable because they offer no theory for solving the main objective of contract (enforcement), other than fiat pronouncements that automating performance is de facto enforcement . Spoiler: it’s not.
3. Third, supposedly self-enforcing ‘smart contracts’ radically restrict contract parties’ autonomy — in both legal & functional terms.
4. Fourth, even as the myth of contractual ‘self-enforcement’ gets debunked and the real costs of conceptual incoherence continue to skyrocket, many people — including many lawyers — believe that its impossible or impracticable to reverse the confusion .
5. Fifth, instead of ending the confusion by returning to a more simple, doctrinally-grounded, and functional understanding of … contract, many SC theorists propose even more complex and elaborate taxonomies — including categories like ‘smart legal contracts’ and variously-styled ‘legal wrappers’ for SCs. Because of conceptual fragmentation, confusion regarding ‘self-enforcing smart contracts’ is likely to get worse before it gets better.

Cryptocurrency networks are decentralized, meaning that they are not controlled by any central authority or organization. Instead, they rely on a decentralized network of computers, also known as nodes, to validate transactions and maintain the integrity of the network. This decentralized structure is an important aspect of cryptocurrencies and is one of the main ways in which they differ from traditional financial systems.

It is possible to imagine a crypto version of the MPAA, or any other centralized organization, operating in a decentralized manner. For example, a decentralized version of the MPAA could be based on a cryptocurrency network, with nodes on the network responsible for enforcing copyright laws and determining whether content should be allowed on the network. In this case, the decentralized network would be responsible for enforcing governance, rather than a centralized authority.

However, it is important to note that decentralized systems can be more complex and difficult to manage than centralized systems, and may not always be the best solution for certain problems. It is also worth considering whether or not everything should be decentralized, as there may be certain situations where a centralized approach is more effective or efficient.

In terms of reaching consensus about governance enforcement without recentralizing authority, one approach could be to use a decentralized decision-making process, such as a voting system, in which all participants on the network have an equal say in governance decisions. This would allow for a globally distributed group to come to a consensus on governance issues without the need for a central authority.