The myth of decentralised governance of bitcoin? Tulip Trading Ltd v van der Laan

Background

As set out in our original article, here, covering the first instance decision:

• Tulip Trading Limited ("Tulip Trading"), claimed that access to its bitcoin (the "Bitcoin") valued at approximately $4.5 billion was lost following a hack on the computer of its CEO, Dr Craig Wright, during which the private keys needed to control the Bitcoin were deleted. Dr Wright had no other record of the private keys.
• Tulip Trading brought a claim against the defendant developers (the "Developers") for declarations that:
  i) it owned the Bitcoin;
  ii) the Developers owed it fiduciary or tortious duties which required them to assist it in regaining control of its Bitcoin (essentially to create a 'patch' to allow it to regain control); and/or
  iii) it was owed equitable compensation in damages for breach of those duties.
• As the Developers were resident outside the jurisdiction, Tulip Trading sought and was granted an application for permission to serve outside the jurisdiction on an ex parte basis.
• Several of the Developers sought to set aside that order. They deny owing any such duties to bitcoin owners. They argued that Tulip Trading's claim goes against the core values of the concept of bitcoin, which, they claim, operates through a decentralised model with a large, shifting group of contributors. They also countered that any potential solution would be ineffective in any case because miners would refuse to run it and it could lead to a "fork" in the networks, resulting in new additional networks rather than a solution, as well as a potentially damaging Developers' reputations.
• The High Court dismissed Tulip Trading's claim, finding that Tulip Trading had not established a serious issue to be tried because there was no realistic prospect of establishing that the facts pleaded amount to a breach of fiduciary or tortious duty owed by the Developers. Tulip Trading then appealed that decision.

The Court of Appeal's decision

The Court of Appeal unanimously held that there was in fact a serious issue to be tried. Birss LJ gave the lead judgment, with which Popplewell LJ and Lewison LJ agreed.

The merits test

The relevant test here is whether there is a real as opposed to fanciful prospect of success³, the same as the test for summary judgment. When approaching points of law, the same approach applies to a jurisdiction application as to the test under the gateways for service out of the jurisdiction. If the point goes to jurisdiction and it can be decided summarily then it should be, but the Court warned against deciding controversial points of law in a developing area on assumed or hypothetical facts, even where they arise on a jurisdiction challenge.

Grounds of Appeal

Tulip Trading was granted leave to appeal on six grounds, but appealed on four particularly key grounds:

Ground 1: This is a developing, complex and uncertain area of law and therefore the point ought to go to trial.

The Court of Appeal considered this to be more thematic of Tulip Trading's overall submissions rather than a point in and of itself and it was not capable of turning a case in which there was no serious issue to be tried into a viable action which ought to go ahead.

Ground 3: Taking into account the Law Commission project was an error

The Court of Appeal found that this was a minor point and a poor one at that. Falk J had made a relevant observation that the Law Commission is undertaking a project in this area. The existence of the Law Commission report had not influenced the first instance decision but rather (rightly) highlighted the need for legislature to intervene in this area.

The real issues of detail that the Court grappled with related to grounds 2 and 4:

Ground 2: The conclusions are in error because they are based on findings impermissibly assumed against Tulip Trading

Ground 4: The judge was wrong to hold that Tulip Trading has no real prospect of establishing that the claimed fiduciary duties exist

The Court of Appeal upheld these grounds.

Birss LJ noted that key characteristics of a fiduciary role are that it involves acting for or on behalf of another person in a particular matter and the existence of a relationship of trust and confidence. He considered it clearly arguable that the Developers had taken on such a role to bitcoin owners.

On Tulip Trading's case, it is the Developers who control the bitcoin software, whereas the Developers argue that it is decentralised, consisting of a fluctuating and unidentified body. Key to Tulip Trading's case is how the Developers exercise control over the software, which involves, for example, taking active steps to update the code in the event of a software bug. That control of access to the source code, making decisions on behalf of those within the network, including bitcoin owners, suggests authority and discretionary decision making, both features of fiduciary duties⁴.

It is also arguable that the Developers owe some kind of fiduciary duty other than that pleaded by Tulip Trading: "it is indeed conceivable that relevant individuals – when they are acting in the role of developers – should be held to owe a duty in law to bitcoin owners not to compromise the owners’ security in that way. It would be a duty which involves abnegation of the developer’s self-interest. It arises from their role as developers and shows that the role involves acting on behalf of bitcoin owners to maintain the bitcoin software. It is also single minded in nature at least in the sense that it puts the interests of all the owners as a class, ahead of the developer’s self-interest. It is, I would say, arguably a fiduciary duty. It is difficult to see what other sort of duty it could be."

A further step is then whether the Developers' arguable duties include not only a negative duty not to exercise their power in their own self-interest but a positive one to introduce code to fix bugs which are drawn to their attention. The Court noted that "[i]t would be a significant step to define a fiduciary duty in that way, but since the [D]evelopers do have the practical ability to prevent anyone else from doing this, one can see why a concomitant duty to act in that way is properly arguable". Bitcoin owners have no choice but to place their property into the care of the Developers. That is arguably an 'entrustment', which Falk J had wrongly found at first instance could not exist because the Developers are a fluctuating and unidentified body.

The bitcoin owners had a legitimate expectation that the Developers would refrain from exercising their own self-interest to the disadvantage of bitcoin owners, and that they would act in good faith to fix bugs in the software. Whilst there might not be consensus amongst bitcoin owners as to how to deal with a bug, that does not mean the nature of the Developers' role is not fiduciary - if anything it underlines that owners trust the Developers to make good decisions on their behalf, much like trustees sometimes do.

The Developers flagged the risk to which they might be exposed by differing court orders in different jurisdictions. Whilst accepting that concern may be more than fanciful, the Court held that it cannot be a reason why there is not a serious issue to be tried. That issue would arise in whichever court such a claim arose and, on the Developers' case, would ultimately lead to no court being able to adjudicate the claim. That is not right: "The internet is not a place where the law does not apply".

The fact that updating software involves a positive step by the Developers is also not a sound basis for saying there is no realistic prospect of success. The nature of the activity that would be required of the Developers to fulfil their duty is the same kind as the Developers already undertake to fulfil their ordinary role, i.e. a code update. The difference between positive and negative steps is very fact dependent and there is not always a clear-cut distinction.

Birss LJ concluded by setting out a potential argument that:

1. The Developers are a sufficiently well-defined group to be capable of being subject to fiduciary duties.
2. They have undertaken a role which involves making discretionary decisions and exercising power for and on behalf of other people, in relation to property owned by those other people.
3. Those people have entrusted their property into the care of the Developers, and so the Developers are fiduciaries.
4. That duty involves single minded loyalty to the users of bitcoin software and includes duties not to act in their own self-interest and to act in positive ways in certain circumstances, as well as potentially to introduce code so that an owner’s bitcoin can be transferred to safety in the circumstances alleged by Tulip Trading.

Comment

The trial in these proceedings will be eagerly awaited. The Court recognised that "for Tulip’s case to succeed would involve a significant development of the common law on fiduciary duties", and that would not necessarily be simple or easy. However, as Birss LJ noted, "the common law often works incrementally and by analogy with existing cases, and rightly so; but if the facts change in a way which is more than incremental I do not believe the right response of the common law is simply to stop and say that incremental development cannot reach that far." As Birss LJ concluded: "If the decentralised governance of bitcoin really is a myth, then…there is much to be said for the submission that bitcoin developers, while acting as developers, owe fiduciary duties to the true owners of that property".

The notion of decentralisation has, until now, been seen by many as key to blockchain technology. If developers do in fact owe duties to bitcoin owners, it should become easier for victims of digital asset hacks and fraud to recover their assets, but it will have a huge impact on developers. Policing blockchain activity and assisting those who have been the victim of hacks or lost their keys would be a costly and potentially very difficult task.

As the Court of Appeal made clear, the internet is not above the law and we are on the path to increased regulation of digital assets. On 1 February 2023 the government launched its consultation on the future financial services regulatory regime for cryptoassets which will close on 30 April 2023 and iterated its "ambition to place the UK's financial services sector at the forefront of cryptoasset technology and innovation"⁵. The government's ostensible desire for the UK to become a leader in this field engenders an environment for the law in this area to be tested further and clarified in the courts as well as through legislation and regulatory regimes.