States OK blockchain ‘smart contracts’ but buy-in is uncertain
Three states have endorsed the technology through legislation, but widespread practical use does not appear imminent
An Illinois law took effect last month that recognizes a new form of legal agreement known as a smart contract, a binding accord executed using blockchain technology, putting it on equal footing with traditional legal contracts.
Illinois is the third state to officially endorse the concept, although it’s not clear that practical applications for the concept have developed as quickly as the underlying technology. Arizona and Tennessee passed similar legislation recognizing smart contracts, and similar bills have been introduced in Ohio, New York and Nebraska.
The purpose of smart contracts, much like other technology, is to cut down on the administrative costs and limit the need for human interaction and costs. In this case, adopters could cut down on the need for lawyers to draft and enforce agreements.
None of the state laws mandates that anyone use blockchain, the technology that came to prominence for its use in cryptocurrencies, but they expressly recognize that it can create a legally enforceable agreement.
“I think at this point there is probably more talk than reality,” said David Zaslowsky, an attorney at Baker McKenzie in New York, who has a background in computer programming and closely follows smart contracts.
Legislation clears the way for the technology to be admissible in court, but the concept still has a long way to go before it has widespread practical use, Zaslowsky said. He said ethical and liability questions will need to be resolved by legislators, regulators or courts to determine who is liable when something goes wrong.
The basic idea behind a smart contract is that computers are already programmed to execute “if, then” functions, so the same dynamic could automate parties’ obligations, rather than relying on the parties to perform under the threat of legal action for noncompliance.
While the technology is new, the basic idea has been likened to that of vending machines: Putting money in a machine obligates the machine to dispense the candy.
Another example is a Netflix subscription. Software automatically provides the service if a valid credit card number is supplied, with no human intervention required to execute the transaction each month.
These examples are simple. It becomes more difficult to envision how software could handle the complex legal agreements that typically fill up reams of paper, such as a company merger or real estate deal, each of which can carry representations and warranties, termination terms and lengthy boilerplate.
Arizona’s version of the law, which passed in 2017, defined a smart contract as an “event-driven program” run on blockchain or another decentralized ledger. Blockchain creates a record that cannot easily be manipulated because it is distributed and decentralized, although other vulnerabilities have been exploited to cause havoc in smart contracts in the past.
Just as in a cryptocurrency transaction, the smart contract would involve use of a private key to verify the user’s identity using mathematical principles underlying cryptography, Alexander Tsankov, a software engineer at Chainalysis, said in an interview with CQ Roll Call. Chainalysis, a blockchain analysis company, develops software for banks, government regulators, and businesses to monitor blockchain and cryptocurrency applications.
“Every user would have a private key that is about 40 alpha-numeric characters,” said Tsankov. He said the key would be randomly generated on the user’s machine and would grant access to transact on the network. One potential problem is that the key could be lost or stolen, he said, and there is currently no solution to verify an identity or reset the key.
For more complex agreements, a preselected third-party source of objective information, called an oracle, can be used to confirm a contract’s triggering conditions or preconditions. The oracle is a useful tool for neutral information, but it isn’t meant to take on the role of arbitrator or judge if the transaction falls apart.
Zaslowsky used the common example of a drought insurance contract to illustrate how it might work. He explained that software could be coded to provide an automatic insurance payout to policyholders if rainfall in a given area failed to exceed a threshold. The oracle would determine whether the rainfall threshold was met based upon resources such as National Weather Service measurements. The transaction would be automatic and binding, potentially cutting down on administrative costs.
“No need to deal with the insurance company, no need to submit claims, or no need to measure rainfall after the fact,” Zaslowsky said.
Blockchain technology has promise in the legal world, but the immutable nature of smart contracts can also create problems, according to Maurice Herlihy, a computer science professor at Brown University. Herlihy regularly teaches courses on blockchain and is now working on sabbatical with the blockchain company Algorand.
The philosophy of smart contract supporters is that “code is law,” Herlihy said. This view posits that software code is immutable and whatever the program executes is the correct result. Herlihy said there really are no agreed-upon rules about what happens if something goes wrong.
“This notion of a smart contract is in many ways kind of a misnomer,” said Herlihy. “It’s really more like what’s called a script — a program that gets executed by certain circumstances.”
“It doesn’t mean you couldn’t put a layer of legal requirements on top of it, but there is nothing particularly magical or contract-like about what people call smart contracts,” he said.
He pointed to problems with the now-infamous Decentralized Autonomous Organization, where hackers exploited a loophole to steal about $50 million from investors. DAO was a crowdfunded venture capital fund meant to be directed by its investors.
Herlihy said the attackers manipulated an error in the code that prioritized withdrawals over ledger updates. They flooded the system with withdrawal requests to exploit the bug and were able to extract millions of dollars’ worth of cryptocurrency into an untraceable account, he said.
When vulnerabilities in the code interfere with a smart contract, it isn’t clear who is liable, according to both Herlihy and Zaslowsky.
“Coders aren’t taught to be perfect,” said Zaslowsky. “You iterate, you find bugs, and you fix the bugs.”
He noted there’s an inherent tension between the misconception that smart contracts are coded perfectly and the reality that code is rarely perfect.
“That tension is going to raise issues that will challenge traditional notions of liability,” he said.
Herlihy said people are comfortable with the low risk of a vending machine transaction, but buying a house using a smart contract is another matter.
“I think you could streamline standard routine transactions where there is no complexity, nothing to be appealed, and no question of interpretation,” said Herlihy.
Even Illinois recognized the risks in some transactions. The state’s new law carved out exceptions to disallow blockchain records for consumer credit defaults, utility shutoffs or health insurance coverage changes.