Last week the internet jumped on a new research paper proclaiming that the bitcoin blockchain contains child pornography. The authors of that paper conclude that if you’re one of the thousands of people running a full copy of the bitcoin software, or even just a curious researcher downloading the transaction history, you’re breaking the law. Because removing any data from the blockchain destroys the functionality of the system, this legal trouble could spell doom for cryptocurrencies.

WIRED OPINION

ABOUT

Arvind Narayanan (@random_walker on Twitter) is a computer science professor at Princeton. Kevin Werbach (@kwerb) is a professor of legal studies and business ethics at the University of Pennsylvania. James Grimmelmann (@grimmelm) is a law professor at Cornell.

What was missing from the conversation is a more nuanced understanding of how the law works. Blockchain technologies in their current form may run afoul of the most literal interpretation of the law, but neither the legal system nor the technology are that pedantic. Both sides can be more flexible than they first appear, and innocent blockchain users aren’t going to jail. Still, the debate raises meaty questions about how the blockchain might stack up against current U.S. law.

Blockchains are shared ledgers that record cryptocurrency transactions. Just as you can write anything you like on the back of a transaction receipt, blockchains allow you to write arbitrary data along with your transaction if you have the right software. It’s a feature, not a bug. Bitcoin users have long used this capability to insert data into the blockchain ranging from Valentine’s day messages and Rickrolls to controversial Wikileaks documents.

The authors of the current paper, which was presented at the recent Financial Cryptography conference, systematically scanned the bitcoin blockchain. They found 1,600 examples of non-transactional data, including a handful they considered objectionable or illegal. As a result, they conclude that every person who runs a full copy of the bitcoin software, known as a full node operator, is in possession of illegal material such as child pornography—a serious crime—whether they realize it or not.

This isn’t the first apocalyptic claim about blockchains and the law. It won’t be the last. One standard story is that blockchains will make large swaths of criminal law, taxation, and financial regulation disappear by making all kinds of activities, including money laundering and leaking state secrets, impossible to prevent. The recent warning flips the script: It suggests blockchains will die under assault from law enforcement. Someone who sticks child pornography in a blockchain, according to this argument, contaminates the entire ledger with radioactive toxic waste, making it illegal for anyone else to touch.

The truth is otherwise. Blockchains won’t make the law go away, and the law won’t make blockchains go away. The reason is that both the law and blockchains are capable of adapting to a world with the other in it.

Start with the idea that if there is illegal material hidden somewhere in the blockchain, anyone in possession of a copy is a criminal. There’s a reason this sounds so harsh: It’s not the way the law actually works. Most crimes and regulatory strictures turn on your knowledge that you’ve done, or are doing, something wrong. A general awareness that there might be objectionable data on your computer is typically not enough; your knowledge has to be fairly specific. For example, copyright law has an exception—Section 512 of the Digital Millennium Copyright Act—for intermediaries who are just doing their jobs. Section 230 of the Communications Act provides similar protection for other kinds of content, which is why Twitter and Facebook weren’t shut down the moment one of their millions of users posted a defamatory statement, threatening hate speech, or nude pictures of children. From a legal perspective, users who run blockchain nodes perform functions similar to internet service providers or web hosts.

U.S. case law provides many other examples of nuanced distinctions. In the celebrated peer-to-peer file-sharing cases of the early 2000s, services like Kazaa and Grokster were only shut down because they clearly knew their services were primarily used for copyright infringement. In contrast, the overwhelming majority of the content on the blockchain is financial transactions. Even if the bitcoin ledger can, with some difficulty, be used to record child pornography, no one would call that its intended use. Similarly, when Tiffany sued EBay for listing counterfeit items, even though eBay had general knowledge of trademark infringement, it wasn’t held responsible because it took reasonable steps to address any specific cases.

One potential difference is that blockchain users may not be able to delete objectionable data once it’s pointed out to them, given the supposed immutability of blockchains—that is, their security rests on the fact that past entries cannot be altered. Even if this is so, intent and the level of awareness matter.

An analogy might be helpful: Running a full bitcoin node on your computer is similar to operating a bookstore that might have a few volumes of child pornography tucked away on a shelf. Say a police officer walks into the bookstore and finds the illegal material. The owner would have a good defense that she sells thousands of books, and doesn’t review them individually; she just orders the catalog from various distributors. Even though this is a strict liability offense, prosecutors will recognize the lack of intent. Those with a copy of the bitcoin blockchain will say the same thing: We had no idea that content was somewhere on our hard drive, given that the blockchain is supposed to be for financial transaction data.

The authors of the Financial Cryptography paper respond that sometimes, knowledge or intent can be inferred. They cite a doctrine in German criminal law, under which reckless disregard for the truth is sometimes treated as intent. Because we now know—thanks to the authors’ work—there is illegal material somewhere on the blockchain, no one can deny that by keeping a copy, they are possessing that material.

This interpretation is provocative, but probably wrong. In general, the fact that legal liability could apply doesn’t mean that it will, or even that users will fear that result. For example, those who run so-called exit nodes of the Tor anonymity network—a peer-to-peer system that allows users to anonymously access content online by routing their connections through a series of intermediate nodes—are in the same situation as bitcoin full node operators. In a statistical sense, it’s a virtual certainty that most Tor operators, of whom there are thousands around the world, have child pornography on their computers. But law enforcement agencies have grudgingly made peace with Tor because, like bitcoin, its primary purpose is for legitimate activity like protecting activists in authoritarian countries.

It’s also worth mentioning that at least so far, there seem to be primarily links to child pornography websites on the Bitcoin blockchain. The authors found one image that’s suspected to be child pornography, but they didn’t confirm it (and neither did we). As with intent and knowledge, there is a rich set of legal precedents distinguishing linking from hosting and displaying content.

If and when attempts to poison blockchains become more common, can blockchain software be redesigned to allow users to delete data that’s known to be objectionable? For straightforward ways to encode data into blockchains, the answer is yes. Because bitcoin’s blockchain allows its users to include arbitrary data in a transaction that’s irrelevant to the bitcoin software, much like a comment column in a ledger, one potential fix would be to make that feature editable or deletable. At least so far, most non-financial data has been encoded into the blockchain using this comment-like space.

An adversary could get creative, however, and encode the data in a way that’s impossible to foresee and inextricably linked to the record of financial transactions. Returning to our analogy, the publisher of a best-selling book might announce that the first letter of every line in the book can be interpreted as a sequence of pixels that represents a pornographic image of a child. Can the police then arrest owners of the book? Common sense suggests that the answer is no, and most lawyers would agree. The ability to remove problematic content once identified isn’t the only limitation on liability for possession.

The users running bitcoin nodes aren’t the bad actors; it’s the ones deliberately bending the bitcoin software to store illegal material in unintended ways. The law may not look kindly on those who play such tricks. Consider Valentine v. Chrestensen, an early commercial speech case. The defendant tried to get around an advertising ban by printing a political screed on the other side of his flyers. The Supreme Court easily upheld his conviction, because he was deliberately evading the law restricting advertising. We suspect there would be a similarly pragmatic attitude toward a joker who tried to put something extraneous in the blockchain in order to get other users in trouble. That said, it might be difficult to track down such an actor because of the relative ease of anonymously writing data into blockchains.

Knee-jerk reactions to sensational papers about the legal risks of new technologies can do real harm. Back in 1995, a Time cover story convinced Congress that there was a crisis of online pornography. The story was based on a single undergraduate report full of errors that hadn’t been peer reviewed. But the damage was done. Congress passed the Communications Decency Act the following year. The internet as we know it might have been seriously stunted if the Supreme Court did not later overturn portions of that overly broad law.

The presence of sensitive and objectionable content on public blockchains does raise some thorny issues. For example, we haven’t even discussed the implications for enforcing the Right to be Forgotten under the EU General Data Protection Regulation, which appears to mandate retrospective content removal. Squaring law and innovative technologies can be challenging, but we’ve done it before. Technologists and legal experts need to keep working to understand each other better. But jail time for innocent blockchain users? That’s not going to happen.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.

Blockchain Shenanigans

This article was syndicated from wired.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here