The recent decision of the Court of Appeal in Tulip Trading Limited v van der Laan [2023] EWCA Civ 83 (a challenge to the jurisdiction of the English Courts) is interesting and controversial.
While recognising that the argument is entirely novel and would “involve a significant development of the common law”, the Court of Appeal considered it realistically arguable that software developers owe duties to bitcoin owners to help them recover control of their bitcoin after the loss of a private key. The consequence is that (unless it settles or is struck out for some reason unrelated to jurisdiction or merits) the case will now go forward to trial.
Tulip v van der Laan is the first case before the English Courts to consider the role and possible duties of bitcoin software developers. Even more intriguingly, the question of whether the governance of bitcoin is genuinely decentralised is now likely to be examined in detail at trial.
There could be profound implications for future of the bitcoin industry (and that of other digital assets) if:
(i) An English Court finds that, in reality, bitcoin is not as decentralised as it purports to be. Given that decentralised governance is arguably a core value of bitcoin, this might damage bitcoin’s attractiveness as an asset class.
(ii) Software developers owe duties (and can therefore incur personal liability) for acts or omissions in relation to software changes. This could have a chilling effect on the willingness of coders to act as software developers for cryptocurrencies (or other digital assets). Indeed, even the possibility of such liability has already given rise to a string of high-profile core developer resignations, in which “legal risks” have been cited as a reason for stepping down.
What is the case about?
The claim is brought by Dr Craig Wright through Tulip, a company, which he and his wife claim to have controlled at all relevant times.
The Defendants are said to be the core developers of four bitcoin networks: (i) the Bitcoin Satoshi Vision network; (ii) the Bitcoin Core Network; (iii) the Bitcoin Cash network; and (iv) the Bitcoin Cash ABC network (the Networks).
The Defendants are said to “control” the Networks because, although anyone can propose a change to the open-source software for each Network, the ability to commit changes (that is, make alterations to the code that goes live as protocol software) is restricted to those with commit access. Tulip alleges that the Defendants are the only people with the commit access in relation to the Networks.
Tulip claims to be the owner of bitcoin valued at around $4 billion at two addresses on the Networks. Dr Wright claims that his home office in Surrey was hacked before 2020, causing the private keys to be lost, probably stolen. Dr Wright does not know who the hackers were and has not brought any sort of case against them.
There is no allegation that the Defendants had anything to do with the alleged hack or that they did anything to increase the risk of harm. Rather, Tulip’s case against the Defendants is essentially:
(i) It would be simple for them to write a software patch that would allow Tulip to regain control of its bitcoin (by moving it to a different location, with a new private key).
(ii) The role that the Defendants have undertaken in relation to Tulip’s bitcoin and the power this gives them means that they should be recognised as a new class of fiduciary, owing fiduciary/tortious duties to the true owners of bitcoin. Their duties should extend to implementing the necessary software patch to help Tulip recover control of its bitcoin.
These assertions are disputed by the Defendants. They say they do not have anything like the power or control that Tulip alleges and, therefore, they do not owe any fiduciary/tortious duties. In particular, the Defendants say that (to the extent they are still involved in software development for the Networks) they are part of a very large and shifting group of contributors and that they do not have the power individually to force participants to accept the changes that Tulip wants. They say that if some of the miners refused, that would lead to a hard fork, resulting in the creation of additional networks rather than a resolution of the issue.
All of the Defendants are outside England. Accordingly, the context of the recent Court decisions (both at first instance and in the Court of Appeal) was a challenge to the jurisdiction of the English Courts. The question being considered, for the purpose of the jurisdictional challenge, was whether Tulip’s case was realistically arguable.
It is important to recognise that, at this stage, no English court has made any factual or legal findings as to which of Tulip’s or the Defendants’ rival factual or legal positions is correct. That will not be decided until trial.
Fiduciary duties under English law
English law has previously recognised a number of categories of fiduciary relationship, such as: trustee and beneficiary; principal and agent; solicitor and client; company directors and company; and partners and co-partners. The categories are not closed, but it is exceptional for fiduciary duties to arise other than in the settled categories.
The English law test for classifying a relationship as fiduciary is from Bristol and West Building Society v Mothew [1998] Ch 1:
“A fiduciary is someone who has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty. The principal is entitled to the single-minded loyalty of his fiduciary. This core liability has several facets. A fiduciary must act in good faith; he must not make a profit out of his trust; he must not place himself in a position where his duty and his interest may conflict; he may not act for his own benefit or the benefit of a third person without the informed consent of his principal….”
The question of whether someone has undertaken to act for another or assumed responsibility is objective and not subjective or voluntary ¬- it is irrelevant what the fiduciary may have subjectively intended.
The Court of Appeal decision
In the High Court, Falk J held that it was not realistically arguable that the facts alleged by Tulip amounted to a fiduciary relationship.
There were a number of reasons for her decision, but she appears to have been particularly influenced by the Defendants’ argument that the software developers of bitcoin were a fluctuating and unidentified body of individuals. In those circumstances, she could not identify an undertaking to act or assumption of responsibility by the Defendants given that they could not be said to owe continuing obligations to remain as developers and make future updates whenever it might be in the interests of owners for them to do so.
The Court of Appeal disagreed and unanimously upheld the appeal to Falk J’s decision. They found that it was realistically arguable that:
(i) The fact that the Defendants might choose whether or not to update the code in response to a software bug demonstrated that their role involved the exercise of authority (such authority given to them by their control of access to the source code) and is a decision-making role, effectively making decisions on behalf of all the participants in the relevant bitcoin network.
(ii) The Defendants have the practical ability to prevent anyone else from (e.g.) fixing bugs in the software, because they alone have the commit access for the bitcoin software account in GitHub. Without commit access and unless the core developers agree to it, no one else can make a change. In a very real sense, the owners have therefore entrusted their property into the care of the core developers.
(iii) Bitcoin owners have a legitimate expectation that the core developers will not exercise their authority in their own self-interest to the detriment of owners, and that they will act in good faith to use their skills to fix bugs drawn to their attention.
(iv) There may well not be a consensus among bitcoin owners, but the core developers will still make a decision as to whether to make a change or not. This demonstrates that bitcoin owners place trust in the core developers to exercise authority and make good decisions on their behalf.
(v) It does not necessarily matter that the software patch that Tulip seeks would be for its benefit alone. Trustees frequently make decisions which have the result of favouring one beneficiary over another, but that does not mean they cease to be fiduciaries as a result – therefore, even if the proposed change only benefits one owner, that does not preclude it being in accordance with a fiduciary duty.
(vi) The fact that the alleged duty was an attempt to bypass what is currently a fundamental feature of the Networks (which is that private keys are the only way to transfer the assets) was said by Falk J to be contrary to a duty of single-minded loyalty to the class. However, the developers are already arguably entrusted with decision-making for the benefit of the owners as a class even if some owners object – that loyalty (to the class) was sufficiently single minded to satisfy a fiduciary duty test.
(vii) The Defendants already undertake code updates to fulfil their ordinary role. The only real difference between the activity alleged to be required to fulfil the duty and the normal act of developers (updating code) lies in the circumstances triggering it. The fact that positive steps were required to fulfil the alleged duty was not a sound basis for saying there was no real prospect of success.
Summarising these points, the Court of Appeal considered that there was a realistic argument open to Tulip along the following lines:
“The developers of a given network are a sufficiently well-defined group to be capable of being subject to fiduciary duties. Viewed objectively the developers have undertaken a role which involves making discretionary decisions and exercising power for and on behalf of other people, in relation to property owned by those other people. That property has been entrusted into the care of the developers. The developers therefore are fiduciaries. The essence of that duty is single minded loyalty to the users of bitcoin software. The content of the duties includes a duty not to act in their own self -interest and also involves a duty to act in positive ways in certain circumstances. It may also, realistically, include a duty to act to introduce code so that an owner’s bitcoin can be transferred to safety in the circumstances alleged by Tulip.”
The tort case was not considered in any detail, but the Court of Appeal considered that the two cases were sufficiently linked that it was right also to allow the appeal on tortious duties.
Implications
The Court of Appeal recognised that the Defendants’ case was that they did not have anything like the level of control over bitcoin alleged by Tulip, but this was essentially a factual dispute which could not be resolved at an interim stage and which would require proper factual and/or expert evidence to determine.
Accordingly, one of the central issues for the trial is likely to be whether the governance of the four bitcoin Networks in this case is genuinely decentralised or whether, in fact, control over those Networks is held in the hands of a few individuals and organisations (the Defendants).
A connected contentious issue is the extent to which a hard fork might be caused by the changes which Tulip seeks. There are several aspects to this:
(i) Whether in fact a hard fork would be caused (Tulip says it would not because it says there is no mechanism among miners that could allow for a collective refusal to accept a software update);
(ii) Whether the possibility of a hard fork demonstrates that the Defendants do not have control of the relevant Network or if, indeed, it might actually provide evidence of their control. This is one of the arguments of Angela Walch of St Mary’s University Texas in her article In Code(rs) We Trust: Software Developers as Fiduciaries in Public Blockchain, which was referred to in both the First Instance and Court of Appeal decisions – essentially, that previous hard forks in Bitcoin and Ethereum showed that the core developers dealing with those situations had the power to choose which ledger should be authoritative or how to respond to a hack;
(iii) Whether the risk of a hard fork and/or the consequent possible damage to the value of bitcoin on the Networks either means that the Defendants do not owe fiduciary duties at all, or that the scope of such duties should be much more limited than Tulip contends.
Another aspect of the case that may have serious implications is the possibility that software developers could have (potentially very substantial) personal liability for their acts/omissions in relation to cryptocurrency software. There are two key points to be noted:
(i) First, the fact that the English Court has been prepared to accept jurisdiction despite none of the Defendants being resident in England or having any business activities in England. The only real connection to England was that Dr Wright was resident in England, which led Falk J to conclude that Tulip (a company incorporated in the Seychelles) was also resident in England and that the bitcoin was “within the jurisdiction” because the private keys (which were apparently stored on Cloud storage devices and nowhere else) were in England. This might be considered to be a fairly tenuous basis on which to assert jurisdiction over non-resident Defendants. However, if the English Court is prepared to exercise (effectively) “long-arm” jurisdiction in relation to cryptoassets in this way, it may become necessary for the cryptocurrency community, and particularly software developers, to engage with the possibility of claims being brought against them under English law in the English Courts, regardless of whether they have any connection with England themselves.
(ii) The Court of Appeal explicitly recognised that the Defendants might be exposed to a genuine risk of contrary judgments against them from the Courts of a different jurisdiction (perhaps on the basis that Tulip is not the true owner of the relevant bitcoin or that the Defendants’ duties under the law of a different jurisdiction required them to do something different). However, this was not considered to be a basis for saying the case was not a properly arguable case within the English Court’s jurisdiction. This could (reasonably) cause considerable concern for software developers – not only might they face substantial personal liability under English law, but they might find themselves in the impossible position of facing conflicting Court decisions from different jurisdictions as to what their duties/obligations are in a given situation.
Whatever is ultimately decided, the case will continue to loom large in the public eye given the potential ramifications are significant and may extend beyond bitcoin to other digital assets. Nevertheless, it is probably to be welcomed that the English Courts are now likely to examine whether, as a matter of fact, the governance of bitcoin is actually as decentralised as many believe and, if it is not, the legal consequences thereof. As Lord Justice Birss put it: “If the decentralised governance of bitcoin really is a myth, then in my judgment there is much to be said for the submission that bitcoin developers, while acting as developers, owe fiduciary duties to the true owners of that property”.
Lara Kuehl is a barrister practising from Selborne Chambers, London, and specialising in complex commercial, company and insolvency disputes. She advises and appears regularly in matters relating to a range of industry sectors, frequently with a technological focus. Lara also has considerable experience of claims relating to the conduct of fiduciaries such as directors and trustees.