Earlier this summer, myself and Tim Ryan, head of media and technology at DAC Beachcroft, delivered a webinar for the SCL entitled: NFTs Demystified: a Tech Lawyer’s Perspective.
The seminar, which you can view here [log-in required], gave a technology lawyer’s perspective on non-fungible tokens (NFT). It would, perhaps, be easy to dismiss NFTs as a silly fad but in our view, the technology that sits behind them is revolutionary and is likely here to stay.
The webinar began with the basics and we explained how NFTs are made (“minted”) and sold (“dropped”). We then focused on larger trends in the market – including an analogy to the famous Tulip Bubble in 17th century Holland. Importantly, the bulk of our session focused on the legal implications, and what NFTs mean for the cryptoasset world more generally, to include blockchain records and transactions.
The final few moments were dedicated to a short Q&A session. Although many were addressed briefly on the day, we could not cover them all so below we have tackled some of the interesting ones in writing.
Q. How does someone prove they own an NFT, and not just a copy?
It’s important to remember that NFTs are simply tokens that we can use to represent ownership of unique items. Although we’ve seen them predominantly in the context of digital artworks (such as GIFs and memes), the application of NFT technology actually extends much further.
Proving that you own a NFT is very similar to proving that you have Ethereum in your digital wallet. Ethereum (ETH) is the main cryptocurrency used for NFT transactions, and is further discussed below.
When an NFT is purchased, the ownership of that unique token (which represents the digital asset or artwork) is then transferred to the purchaser’s digital wallet, via their address. The token will prove that the purchaser’s copy of the digital file is the original. This is precisely why “right-click, save-as” of a digital asset means nothing in the context of NFTs. Saving a copy of the digital asset to your computer is like taking a photograph of a famous artwork by Damien Hirst: you may have a copy of the artwork (or whatever the “digital thing” may be), but you don’t own it.
The purchaser’s private key is proof-of-ownership of the original, and this key serves as a certificate of authenticity. The creator will also have a public key, which is a permanent part of the NFT’s history on blockchain: the creator’s public key demonstrates that the purchaser holds an original NFT. This is essential when considering the difference between an original and a counterfeit.
Q: How susceptible to fraud is the creation and sale of NFT?
As explained above, demonstrating true ownership of an NFT is embedded into the technology itself. Both the creator of the NFT and the ultimate holder (i.e. the purchaser, assignee, donee, etc) will have keys which “speak” to each other.
As technology lawyers, we’d be the first to admit that even the most secure systems online are not perfectly immune to threats of fraud or other misappropriation. Blockchain is itself an immutable ledger, and thus relatively secure in terms of verification. But, as discussed during our webinar, it is possible to trick the systems. In the same way you can, in theory, break into the National Portrait Gallery to steal a painting: though it’s unlikely you would get away scot free, it would be wrong to say it’s impossible.
Some people may struggle with the idea of blockchain being secure, especially given how decentralised it is across so many different nodes. It seems counterintuitive that a decentralised technology which involves many, many players across different computers and networks could be “secure”, but it’s secure precisely because each separate node serves as a point of truth. If an individual were to attempt to change information on the blockchain, it would essentially send out an alarm bell to other nodes.
Clearly, there are many steps in the processes involving NFTs: this includes the creation, payment, transfer, and so on. These are all points of vulnerability – but there are certain technologies being used to limit exposure to fraud. And, of course, as this is a rapidly evolving space, we expect the solutions to become more efficient and sophisticated by the day.
Q: How are the rights attaching to the NFTs recorded? For example, how is the contract for the Kings of Leon album rights linked to the NFT and the copyright transfer excluded?
During our webinar, we discussed the fact that Kings of Leon “dropped” their new album, titled When You See Yourself, in the form of a NFT. They became the first band to ever do so.
Unless a separate agreement is made between the artist and the buyer or NFT holder, the default position under intellectual property law is that copyrights to an NFT still belong to the artist. In other words: copyright arises and vests automatically in the creator, and stays with them unless transferred by legal instrument. In practice, this means that the NFT purchaser owns nothing more than a unique hash on the blockchain with a transactional record and a hyperlink to the file containing the work of art.
To put it differently, when you purchase a DVD or subscribe to a streaming platform, you purchase a licence to enjoy the media limited ways (e.g. to watch in your home on your television screen). But, you don’t own the underlying intellectual property rights: those stay with the musician or film studio in question.
Q: Where are the IP Licence terms actually incorporated into the NFT transactions?
The typical lawyer’s answer applies, here: “it depends!” The way in which IP licence terms will be incorporated into the transaction depends on how the digital asset is delivered. Most often, the smart contracts in question will have a process by which they automatically execute the transaction, and thus overlap with real world terms. In other words, they run in parallel: transactional intellectual property terms are stored on the website, and the various IP terms will often be incorporated into the marketplace website T&Cs regarding sale and transfer. These will very prescriptive about the substance.
Q: Are Terms and Conditions written somehow into a smart contract, or are they written in a digital document on the website of the business selling the NFT?
The smart contract attached to the NFT only contains metadata and conditional execution data. By way of reminder, metadata is data which describes and gives information about other data, and could include for example the name of the asset and the date of creation. Conditional execution data, also known as “conditionals” or “if-then-else”, are programming language commands for handling decisions.
The latter is the mechanism which provides for the execution of the smart contract. An example command could be stated as: “If [buyer] sends [price] by [date], transfer [artwork] to [buyer]”. Any key terms and conditions are usually listed on the marketplace website, where the NFTs are offered for sale. However, see the response to the above question – nothing prevents T&Cs for a contract to be stored in electronic form and incorporated into the metadata. That said, the legal effects of this in UK law remain untested.
Q: Is it possible to “mint” multiple NFTs from the same underlying asset?
The short answer is yes, but it is not particularly common – at least not currently. Most often, people “mint” one digital asset, and then release one correlated NFT for sale.
That said, returning to our Kings of Leon example above, three types of NFTs related to the album were actually dropped, each as part of a series called “NFT Yourself”. The first NFT was a special album package, and the second type offered a “golden ticket” to include perks like front-row seats to concerts for life. The third type provided exclusive audiovisual art. Multiple NFTs of each type were offered for sale: for example, there were six “golden ticket” NFTs made available.
Q: How do we identify a data controller in the context of a decentralised ledger? Is every node a controller?
The answer to these questions, in turn, is “carefully”, and “not necessarily.”
European privacy legislation (on which the notion of controllers and processors is founded) is based on the underlying assumption that, in relation to each personal data point, there is at least one natural or legal person – the data controller – whom data subjects can address to enforce their rights.
Blockchain ledgers, however, often seek to achieve decentralisation in replacing a unitary actor with many different players. This makes the allocation of responsibility and accountability burdensome, particularly in light of the uncertain contours of the notion of (joint)-controllership.
In a July 2019 study, the European Parliament examined the compatibility of blockchain and the EU GDPR. The Parliament identified the impossibility to pinpoint a single data controller as one of the major conflict areas between decentralised ledgers and modern day privacy laws. Another fundamental problem is the incompatibility of the notion of the blockchain integrity, against the European rights to erasure and modification under Article 16 and 17 of UK and EU GDPR.
As with increased regulatory scrutiny over cryptoassets and cryptocurrencies more generally (and in particular, from a financial services regulatory point of view), we do expect more commentary and legislative proposals from privacy and information law bodies in the near future.
Q: Why is Ethereum so popular for use the NFTs, and not one of the other blockchains? Is there any rhyme or reason, or just because?
The Ethereum blockchain is an alternative platform – and a different underlying structure – to that of Bitcoin. Ether (ETH) is the cryptocurrency of the Ethereum network.
Both Ether and bitcoin are digital currencies traded via online exchanges, and both are stored in various types of cryptocurrency wallets.
However, Ethereum took blockchain technology one step further, and utilised it not only for maintaining a decentralised payment network for cryptocurrencies, but also for storing computer code, such as the executional code discussed above. Such code is then used to power tamper-proof decentralized financial (DeFi) contracts and applications.
When considering why Ethereum is central to the NFT story, it’s useful to consider the objective of the Ethereum ecosystem more generally. On the one hand, bitcoin was primarily created to challenge national currencies: it aspires to be a medium of exchange, and a store of value. Ethereum, on the other hand, is a platform which facilitates immutable, programmatic contracts. This is a key facet to ensuring the NFT ecosystem works in practice.