TY - JOUR AU - Collins,, Justine AB - Abstract Blockchain technology allows the creation of distributed ledgers. These distribute control among the players rather than requiring a centralized database, and so can reduce costs and speed-up transactions. However, when it is used for assets which exist outside the blockchain itself, an unmodified adoption of the technology would bypass legal and regulatory requirements which, for these kinds of assets, cannot be bypassed without fundamental change to the law. Building those requirements into any blockchain-based system introduces features which are not necessary for performing its core functions, and we call these ‘legal impurities’. The most important legal impurities required are those relating to identification of the parties, and introducing the ability of a trusted third party to make modifications to the ledger. Not only does introducing these legal impurities make fundamental changes to the concept behind blockchain, but it is also essential that they are implemented in ways which do not threaten the integrity of the blockchain as evidence. This article has been produced by members of the Microsoft Cloud Computing Research Centre, a collaboration between the Cloud Legal Project, Centre for Commercial Law Studies, Queen Mary University of London and the Computer Laboratory, University of Cambridge. The authors are grateful to members of the MCCRC team and to attendees at the fourth Annual MCCRC Symposium (Windsor, September 2017) for helpful comments and to Microsoft for the generous financial support that has made this project possible. Responsibility for views expressed, however, remain with the authors. INTRODUCTION The blockchain technology underpinning the BitCoin system has attracted great interest. Current centralized systems for registering and transferring assets, such as the international banking system, are expensive and inflexible. In contrast, a mechanism for registration and transfer which distributes control among the players both has the potential to reduce infrastructure costs by using existing infrastructure, and bypasses the commercial and regulatory controls which are, inevitably, obstacles to innovation. In this article we do not intend to explain the working of the technology, except where this is necessary to understand the legal issues.1 Instead we will focus on how blockchain technology interacts with law, when it is used for assets that exist outside the blockchain itself (see ‘Purity and Impurity’ section). To be useful here, the technology cannot (as BitCoin does) refuse to take any account of external legal requirements. As we will see, building those requirements into any blockchain-based system introduces features which are not necessary for performing its core functions. Most importantly, given that the primary legal function which blockchain performs is to provide reliable evidence, those new features need to be implemented in ways which do not threaten the integrity of that evidence. A brief word on terminology is appropriate here. In the main, we use the term ‘distributed ledger’ to describe a system for asset registration and transfer which is not centralized but where copies of the ledger are controlled by participants. Occasionally we use the term ‘blockchain’, usually as a synonym to avoid repetition unless the context makes it clear that we are, for example, discussing the BitCoin blockchain. The ledger is usually seen as a record of ownership, but as we will point out, it will also record important attributes which are relevant to ownership but do not necessarily evidence ownership. In any event, the legal concept of ownership is immensely complicated, varying substantially between different classes of property and from country to country. To avoid potential confusion we use the term ‘entitlement’, which we hope captures the wider range of legal interests that might be recorded in a ledger. We also largely avoid the term ‘property’, unless referring to law which is property specific, because this too is a complex concept which differs between national laws. Instead we adopt the more neutral term ‘asset’. We also make reference to ‘smart contracts’, which are unfortunately named because they are not necessarily contracts in legal terms. A smart contract is a piece of computer code which forms part of the blockchain or distributed ledger, and is unalterable without detection in the same way that transaction records are unalterable (see ‘The evidential role of ledgers’ section). The smart contract code is triggered by some objective signal, such as the arrival of a particular calendar date, and then executes a transaction on the ledger (typically, making a payment). From a legal perspective, smart contracts are primarily mechanisms for effecting contractual obligations. PURITY AND IMPURITY The blockchain technology used for BitCoin is of theoretical interest to lawyers because it might be described as a technologically ‘pure’ system for recording entitlements to assets and undertaking transactions relating to those assets. By technological purity we mean that the technology does not incorporate any features which go beyond the minimum necessary to perform these functions,2 and thus takes no account of any demands which the law might make to interfere and restrict or reverse a transaction. The reasons why the BitCoin system can exhibit this level of technological purity derive from two fundamental characteristics. First, the asset (BitCoin) exists only as an artefact of the system. It is a pure technological construct, which has value only to the extent that individuals are prepared to pay currently registered holders of BitCoins for transfer of the entitlement. If for some reason the system ceased to operate, all the assets would just disappear and holders would have no legal claim upon any person. If the encryption technology used had a flaw, so that unlimited BitCoins could be created, the value of each BitCoin would plummet to zero. Within the walled garden of the system, the law has no role to play.3 Secondly, the distributed ledger which records entitlements and transactions (the blockchain) is the sole source of rights over the asset, ie the BitCoin. Because the ledger is not under the control of any particular person, there is no route by which the law can effectively intervene to change records of entitlement or undo a transaction. For example, a court might order the current holder of a BitCoin not to transfer it to any other person, though because holders are identified only by self-chosen pseudonyms enforcing such an order is clearly problematic. And if the holder transferred the BitCoin despite the order, all that could be done is to seek a further court order against the transferee requiring the BitCoin to be transferred back, which is equally problematic to enforce. This means that in practice a transferor and a transferee do not need to worry about third-party claims which might affect their transaction. The BitCoin system has deliberately been designed so that transactions in assets can take place without any prior relationship between the parties or knowledge of each other’s identity. Each party simply relies on the ledger records to establish the entitlement of the other. Any transaction is effected solely by changing the ledger, which can only occur if the currently recorded holder authorizes the change using the private key that corresponds to the public key recorded in the ledger, and the ledger is the definitive record of rights. So long as an asset is purely an artefact of the ledger technology, a technological system which ignores legal demands can work very effectively. Using distributed ledger technology for off-chain assets is a very different state of affairs, however. This is because the existence of and rights in such assets are not determined solely by the ledger. It is easiest to understand why if we take two examples of off-chain asset. Some assets have a physical existence, so we can describe them as tangible assets. The most solid of such assets is land, and there are already schemes in existence to undertake the registration of rights over land using blockchain technology (see ‘The evidential role of ledgers’ section). However, it should be immediately obvious that it is not possible to capture all the rights over land in a register—as a simple example, the right of a lawful occupier of land to eject a trespasser derives from the fact of lawful occupation, not from the registration of such occupation (if the right to occupy is even registered at all4). Intangible assets are creations of law, sometimes the private law of contract (eg debts) and other times through express legislation (eg carbon credits5). Company shares are a mixture of both.6 Under section 127 of the UK Companies Act 2006 the register of shareholders is only prima facie evidence of a shareholder’s entitlement, which means that extrinsic evidence can be used to show the existence of rights other than those apparently deriving from the register. Both tangible and intangible assets have a legal existence outside the ledger, even if the ledger is used as a record of transactions and rights in the assets. These assets would continue to exist even if the ledger were destroyed, whereas if all copies of the BitCoin blockchain were deleted then all BitCoins would cease to exist. This means that any distributed ledger system used to record entitlements in off-chain assets and enable transactions in those entitlements needs to be designed, so as to include functionality which is only necessary because law or regulation demands that functionality. We term such functionalities legal impurities, and can analyse them into two broad categories: Legal requirements for the holder of an entitlement to an asset, or for the parties to a transaction, to be identified. The names of shareholders are normally required to be registered,7 as are owners of land.8 Identification may also be required by laws not dealing with registers, such as money laundering controls.9 Legal requirements that third parties should be able to interfere in ledger transactions. These are of two kinds: Because of the possibility of acquiring and disposing of rights over assets outside a ledger transaction, the ledger may need to be modified (rectified) to record these off-ledger acquisitions of rights. As an example, a creditor can take security over shares by means of a pledge or mortgage, in many cases doing so in a form which does not require registration on the shareholder register.10 Rights to use land can be acquired through simple contract, though some categories of right will need to be registered to be enforceable against third parties who acquire the land without notice of the right.11 For some classes of asset a third party to the transaction may need the power to exercise some form of control over that transaction. Examples might include the requirement for a corporation to manage and control its register of shareholders,12 and obligations to delay or prevent financial transactions under money laundering regulations.13 These kinds of legal requirement are not easily compatible with the unfettered distribution to participants of management and control which is used in the BitCoin blockchain technology. Thus, although the block chain technology used in the BitCoin system has been proposed as a system for recording rights in off-chain assets and undertaking transactions in them, the necessity to include legal impurities makes doing so more challenging. The aim of this article is to identify the main challenges and suggest how they might be dealt with if distributed ledger systems were adopted. EVIDENCE AND CONTROL The evidential role of ledgers At heart, the main function of any distributed ledger system is to provide evidence about assets, participants and transactions between participants. That evidence falls into two broad categories. The first category is evidence about attributes. Lawyers often conceptualize this as evidence of identity,14 but unpacking the concept of identity we can see that all identity evidence is actually about some attribute of a person or object. Thus: For a natural or legal person these attributes include matters such as the issue of an identity document by some third person; that a third-party attests to some attribute such as the name by which the participant is known, the participant’s creditworthiness, their reputation; that a third party has awarded some qualification (doctor, lawyer), etc. For an asset there is a wide range of attributes depending on the type of asset. Pharmaceuticals have been proposed as suitable tangible assets where blockchain technology could be used to record attributes,15 and in particular to avoid counterfeiting by attesting their origin from the manufacturer and their passage through the supply chain. For an intangible asset such as a corporate bond the attributes would include the identity of the issuer, value of principal, interest payable, redemption date, etc. The second category is evidence about entitlement and the history of entitlement. For an on-chain asset, this is no more nor less than the entitlement of a participant to dispose of the object to another (and possibly the entitlement of other participants to prevent disposal, eg some person with a security right over the asset which is recorded in a smart contract). However, for an off-chain asset evidence of entitlement is more complex: For a physical moveable such as a motor vehicle the most important entitlement is that to possession and disposal of ownership, paralleling the entitlements in the BitCoin system. However, if those entitlements were to be exercisable solely by means of ledger transactions, then a very substantial change to the law would be needed. Currently, rights of ownership derive from the previous owner’s agreement to transfer those rights, and there is no prescribed form such a transfer must take. Typically, ownership is transferred by handing over possession in return for payment, neither of which requires recording to be legally effective. Security rights over physical moveables can be created by simple agreement (though they might not be valid against a person without notice of the agreement, or against a consumer if not in the required form), or even by simply handing over possession (a pledge). For an object whose ownership and right of disposal is legally defined by a third-party register, such as registered land, the entitlement recorded in the ledger would be the entitlement to require a change to the register entry. It is worth noting that in the current system of registered land for England and Wales, it is not only the registered landowner who has the entitlement to demand changes to the register. A wide range of third parties, such as local authorities taking security for deferred charges for residential care,16 is entitled by law to require modification of the register entry. The BitCoin style of blockchain technology only enables changes to the register to be made by the relevant person whose private key is recorded in the blockchain as owner of the BitCoin, and so use of that style of blockchain would prevent third-party registrations and again require a fundamental change to the law. These legal impurities lead us to the conclusion that using distributed ledgers to evidence entitlements for most movable and immovable assets is unlikely to happen in the immediate future, primarily because of the mismatch with the current legal mechanisms for transferring ownership or registering third-party rights. Although there have been several announcements of plans to introduce distributed ledger systems for land registration—in May 2015, a Texas-based company, Factom,17 promised to build a land registry system in Honduras, and later this was followed by Bitland18 in Ghana and Ubitquity19 in the USA—most of these schemes have stalled. The motivation for most of these schemes appears to be to achieve disintermediation and to prevent fraud,20 and there are thus vested interests opposed to such schemes. However, the project for the Republic of Georgia has gone live,21 and near-neighbour Ukraine is aiming to follow suit.22 There is, though, a clear role for distributed ledgers to evidence the essential attributes of that minority of movable assets whose ownership and provenance needs to be recorded throughout their life cycle—examples might be medical equipment and drugs, or parts for commercial aircraft. This section of the article will, therefore, concentrate mainly on intangible assets. The legal existence of those assets is based on claims against third parties (which need to be recorded somewhere in order to evidence the existence of the claim and enable the asset to be traded). Here, the thorny issues arising from physical possession cannot arise. Distributed ledger technology only allows transactions in objects and creation of controls by participants whose entitlement is recorded on the ledger/blockchain. Possession of public key infrastructure (PKI) keys is what produces this evidence. Each transaction on the ledger is signed by the parties using their private keys, and each private key is linked to a unique public key which is recorded with the transaction (this linkage is usually described as a digital signature). Thus, any entitlement stated on the register can only be exercised by the person who holds the relevant private key, and the holding of this private key can be checked by using the public key to decrypt a message signed with the private key. This enables the holder of the private key to prove their ability to exercise the entitlement, and thus enter into a transaction to dispose of that entitlement. PKI technology is far from new,23 and the mathematical assumptions on which it depends have been extensively tested without any underlying flaws being found so far. What this means is that it is possible to produce evidence about the likelihood that a transaction authenticated by means of a public key could have been made by a person other than the private key holder, and that likelihood can be decreased by using a longer public key. However, the availability and affordability of computing power is still increasing in accordance with Moore’s Law,24 doubling approximately every 18 months, and so a key length which is secure today will cease to be so within a finite number of years.25 In practice, a currently secure digital signature is treated by technologists as near-definitive proof that the transaction was signed by the private key holder, and greatly exceeds the legal standards of proof on the balance of probabilities (for civil cases) and beyond reasonable doubt (for criminal cases). Blockchain technology also creates the possibility of adding control elements in the form of code, usually described as smart contracts, which can build in future transactions or restrictions on transactions in a way which is automatically executed by the technology, through modification of the ledger/blockchain by the code if the triggering event occurs,26 without further action by any participant. Smart contracts are signed by the parties with their private PKI keys, and are therefore, evidence of any limitations on the entitlement of the current holder of the asset.27 Long-term evidential value In the short term, distributed ledger systems produce evidence of entitlement and attributes which are of even higher evidential value than signed paper documents. This works very well for an asset like BitCoin, which is likely to be transferred to another within a comparatively short period of time. The long-term history of entitlement in a BitCoin is largely irrelevant, and is indeed often discarded from working copies of the blockchain to improve computational efficiency. The history is unimportant unless competing copies of the blockchain come into existence28 because only the current holder of a BitCoin can dispose of it, and there is no mechanism for undoing transactions and transferring ownership back to a previous owner. But off-chain assets may remain in the same ownership for decades. This raises the question whether it is possible after, say, 20 years to ‘forge’ a block way back in the history of the ledger so as to indicate that a different person is entitled to dispose of the asset. A block is an aggregation of transactions which is then ‘hashed’. A hash function takes a document (in this case the aggregated transactions) and applies a mathematical function to produce a number, termed the message digest or the hash value.29 It is highly unlikely that two documents will produce the same message digest, and for hash functions used in practice30 the probability of this occurring can be demonstrated to be so low that it is computationally infeasible, given a particular message digest, to devise a different document which produces the same message digest.31 Unfortunately, computational infeasibility diminishes over time, as available computing power increases. Hash functions which a mere 10 years ago were secure enough to prove that a document was not forged are now likely to be less so.32 This opens up the possibility that a forged historical transaction could be inserted into a single copy of a distributed ledger,33 and then used to dispose of the asset to an innocent third party. The most obvious way to avoid this happening is for a purchaser of an asset not to rely on a single copy of the ledger, but to check that the transaction exists in multiple copies. This might be sufficient to make such a forgery not worth the effort. However, any attempted forgery would threaten the evidential value of the entire system because of the risk that the forged copy of the ledger would propagate across the network, and so this problem needs at least to be considered when designing distributed ledger systems for high-value assets which are held over long periods of time. INTRODUCING LEGAL IMPURITIES As explained in the ‘Purity and Impurity’ section, the fact that off-chain assets have a legal existence outside the distributed ledger means that any system for registering and transferring entitlements in those assets cannot be designed to perform only the minimum set of functions which would achieve those ends. Instead, there are two main types of legal impurity which an off-chain asset distributed ledger system would need to consider and perhaps build in. However, building in legal impurities is not as simple as might at first be thought. The functionalities required in order to comply with the law’s requirements all have the potential to compromise the evidential value of the ledger or reduce its attractiveness to potential users. A ledger which is not definitive evidence of entitlement and transfer is clearly less useful than would be desirable, and an unattractive ledger system is, well, unattractive. Identity disclosure Distributed ledger systems for on-chain assets have no functional need for any participant to be identified, other than perhaps the issuer of the asset.34 Holders of entitlements are identified on the ledger by means of their PKI public key, and assets can only be disposed of via a transaction which is signed with the private key that matches the public key, thus ensuring that no person other than the possessor of the private key can dispose of an asset. The transaction is also signed by the transferee, using the transferee’s private key, and the transferee’s public key is registered as the key of the new holder of the entitlement. Nothing further is needed, because the physical-world identity of each participant is irrelevant to undertaking ledger transactions—a purchaser need only deal with the holder of the appropriate private key, irrespective of who they might be. This is how the BitCoin system is able to achieve a degree of anonymity35 for its participants; they are identified on the system by means of a self-chosen pseudonym linked to their public key, though it is in fact the public key which actually identifies them to the system, rather than the pseudonym. For off-chain assets, however, there are commonly legal requirements for participants to be identified to some extent. We have already noted that company law requires the register of shares to record the identity of shareholders,36 as do laws relating to registered land.37 More widely, where the distributed ledger system is designed for substantial financial transactions or the disposal of high-value assets, money laundering controls are likely to be applicable. These controls require a high level of participant identification. A detailed examination of anti-money laundering controls would be far too lengthy to be included here, but for our purposes it is sufficient to note the two main elements of these controls which need to be incorporated into distributed ledger design for off-chain assets: Know Your Customer (KYC) obligations. Institutions which act as intermediaries for financial transactions, such as banks, law firms and accountants, are obliged to confirm the physical-world identity of their customers before undertaking transactions on their behalf.38 Although in theory a distributed ledger system disintermediates such institutions, enabling transactions to be undertaken directly between holder and transferee, in practice intermediaries are likely to continue to play an important role. Shares will be traded via stock exchanges, if only to establish their market value, and few will purchase land without the involvement of a lawyer. Customer Due Diligence (CDD) obligations. Financial intermediaries are required to monitor business transactions undertaken by the customer39 and report suspicious transactions to an appropriate authority.40 In doing so, they have to take into consideration a range of risk factors related to the customer, product, service, transaction or delivery channel, as well as geographical risk factors.41 The potential impact of cryptocurrencies on money laundering controls has already been recognized. In 2016, the European Commission published a roadmap of its proposal for a ‘restrictions on payments in cash’ initiative.42 Early in 2017 the People’s Bank of China conducted on-site examinations of BitCoin exchangers in China and required the latter to comply with anti-money laundering rules.43 Both KYC and CDD are dependent on identification of participants. This raises two difficult questions: How is identity to be evidenced in the system? If a participant were required to identify themselves to every intermediary institution involved in a transaction, transactions would take weeks rather than seconds. Fortunately most anti-money laundering laws and regulations recognize this problem, and allow an institution to rely on physical-world identification undertaken by another, trustworthy institution.44 How is commercial confidentiality and privacy to be maintained? If identity is recorded in a distributed ledger which follows the BitCoin model, that information becomes available to all participants in the system because each has access to full copies of the ledger. Transactions which ought to have remained commercially confidential will be public. The issues of maintaining privacy and commercial confidentiality will need to be dealt with if the system is to be attractive to potential participants, and are indeed already being addressed in some applications.45 Two possible solutions have so far been proposed to these problems. KYC distributed ledgers In August 2016, Deloitte and the World Economic Forum (WEF) released a report about their joint research, which looks at how blockchain can reshape financial services.46 This report proposes a new global payment model which uses distributed ledger technology, as illustrated below. As can be seen, KYC requirements apply at various stages of each payment transaction. Open in new tabDownload slide Source: World Economic Forum Open in new tabDownload slide Source: World Economic Forum In this model, the sender’s bank or money transfer operator conducts KYC either (i) through traditional procedures in the case of its own clients, or (ii) by accessing a digital identity profile to establish trust in the identity of other participants, such as the recipient of the transfer. Transfers are initiated by triggering a smart contract on the ledger, which creates the obligation to transfer funds between sender and beneficiary while a liquidity provider facilitates the currency exchange via another ledger transaction. It is envisaged that this smart contract will perform at least two anti-money laundering functions: It will undertake automated KYC checking for the participants to the transaction. This is not explained in any detail, but the report implies that participants will have access to this information held on one or more separate distributed ledgers, controlled by trusted institutions.47 It will be able to send specific money laundering alerts to regulators. The report is only a high-level description of a hypothetical system and so does not offer any more detail about alerts. However, it is clear that regulators will need to play a major role in the design of this component of the system. A further money laundering control is that the transaction history of all payments is recorded on the distributed ledger and thus available for continuous regulatory review.48 It is worth noting that in order to accommodate the legal impurity of participant identification without threatening confidentiality and privacy, it is necessary to operate multiple ledgers. Identification (KYC) information clearly needs to be held on a private, rather than a public ledger, and access to that information limited to the trusted institutions who participate in the network. Because the interchange of information is controlled by smart contracts which are designed, inter alia, to meet regulatory requirements, many aspects of the design and implementation of such a system would need to be approved by one or more regulators. A further difficulty in sharing KYC data is that it requires all system participants with access to that data to trust each other, both in terms of preserving confidentiality and security and not using the data for the recipient’s own business purposes. KYC data sharing between financial institutions already happens, according to a Deloitte report which notes that 1125 banks are sharing KYC documentation through a KYC Registry established by SWIFT, the international financial data transfer institution. However, this only represents 16 per cent of the 7000 banks in the SWIFT network.49 Limiting participation on the basis of trustworthiness is essential to make the system work, but at the same time reduces its reach and utility. Self-sovereign identity A second possibility which has been proposed is to use distributed ledger technology to place identification data under the control of the person whom that data identifies. This concept has been termed self-sovereign identity.50 The foundational assumption is that no centralized entity should have control of the identity of an individual, but rather that individuals should own and be in control of their own online identity. No organization should be able to take this control away from the identity owner. In the digital world, it is the natural evolution of online identity mechanisms.51 The decentralized nature of distributed ledger technology is said to be the ‘breakthrough that makes this possible’.52 Distributed ledger technology allows peer-to-peer sharing of encrypted identity claims and distributed key management to enable the creation of a self-sovereign identity. While there is no consensus on the precise definition of the concept, Allen contends that it must allow ordinary users to make claims, which could include personally identifying information or facts about personal capability or group membership.53 Because the core of the self-sovereign identity is the protection of the individual, and a pushback against an increasing surveillance economy, Allen proposes that any self-sovereign identity must meet the following principles: independent existence of the users; users must control their identities; users must have access to their own data; systems and algorithms must be transparent; identities must be persistent; portability of identities; interoperability of identities; users must consent to the use of identity; disclosure of claims must be minimized; and the rights of users must be protected.54 Currently, there are two services which are developing self-sovereign identity using distributed ledger technology: the Sovrin Foundation, which uses a public permissioned model powered by Evernym; and uPort, which uses a permissionless model powered by Ethereum.55 The choice of model may have an effect on each model’s interaction with the law. Each model balances differently the competing objectives of privacy and accountability. While the permissionless model may assure greater privacy, the public permissioned model is more likely to facilitate reliable evidence of identity. Sovrin Foundation Sovrin is an open source identity network that uses a public permissioned ledger, which is a hybrid model of distributed ledgers. The public aspect enables the ledger to be accessible to anyone. The architecture of the ledger enables stewards, trusted institutions who have entered into a Steward Agreement with Sovrin Foundation and who validate identity transactions,56 to operate as validator nodes on the network. The individuals in the network are termed ‘identity owners’, and have also entered into an agreement with the Sovrin Foundation.57 The Sovrin Trust Framework outlines the principles to guide the actors in the network, and enshrines the independence and self-sovereignty of the identity.58 A Sovrin identity is a collection of claims, proofs, identifiers and disclosures.59 Identifiers are cryptonyms, which have an associated verification key and a signing key to enable identity to be disclosed cryptographically, and may be stored on the Sovrin ledger or on a private ledger accessible to the identity owner. Claims about the identity owner (eg employment history) can be made by the identity owner or a third party, and are digitally signed to assure their origin. Verifiable claims are digitally signed by a third party to attest their truth.60 Within a transaction an identity owner may choose specific identifiers or claims to be disclosed to another party. Disclosure proofs allow these claims to be used without disclosing other information about the subject.61 Control by the identity owner is maintained by means of consent receipts, which are receipt records from the other party which promise that the identity owner’s data will only be used in a specified way;62 these promises are likely to be legally enforceable as contracts or under some equivalent legal basis, dependent upon the applicable law in question. uPort uPort is a permissionless model powered by Ethereum.63 It consists of three main components: smart contracts, developer libraries and a mobile app which creates a private key for the user and via which user transactions are signed. Ethereum smart contracts form the core of the identity. The mechanism is founded on three smart contracts offered by the Ethereum blockchain: a controller contract; a proxy contract; and an application contract. When a user signs, they send the transaction through the Proxy Contract via the Controller contract. The Controller contract acts solely as a backup recovery mechanism in the event of loss of the private key. The Proxy Contract address is thus the interacting entity, and introduces a layer of indirection between the user’s private key, which is stored on the mobile device, and the application smart contract.64 After going through the Proxy Contract, the signed transaction goes to the Application Contract which executes it. The system allows users to send attestations, which as in the Sovrin system can be signed attestations by third parties or self-assertions, though it does not appear to allow the user to retain control of the use made of those attestations. Trust and identity Self-sovereign identity models focus on reputation as a source of trust. Noveck states that ‘trust is formed through iterative interaction that gives rise to shared values and norms. Identity – specifically reputation – is a marker of this trust’.65 Thus, the reputation which is built through interactions with others is integral to online identity. In the Sovrin model, the Trust Framework acknowledges the creation of diffuse trust,66 that power shall not be concentrated in any one individual, and a web of trust,67 enabling peer-to-peer trust networks. Furthermore, the development of trust marks by Sovrin is an attempt to generate reputational value for identities. Similarly, in the uPort model, there is an expectation that the identity created would be as a result of various interactions and attestations by third parties to create a reputation. Noveck opines that ‘much more so than in offline space, online identity is explicitly socially constructed’.68 But this raises the question, how can a reputation be established without third parties attesting to that reputation? According to Parra-Moyano,69 authentication by a trusted third party is a logical necessity because an identity owner cannot validly assert its own identity. This then raises the question, who will attest to the identity of the third party,70 but this is a problem which has already been solved for digital signatures by means of the ‘web of trust’ mechanism through which certification authorities identify each other.71 In the Sovrin network, stewards perform a validating role. They operate the validator nodes72 and are trusted organizations appointed by the Sovrin Foundation Board of Trustees. Thus, if the Sovrin network is trusted, its stewards are also trusted and vice versa. Furthermore, claims made by an individual about their identity can be verified by a trusted third party like a government agency or a bank. This means that trust is placed in the stewards, the validators, rather than solely in the technology and identity owners. The fact that the identity ledger still allows for public access ensures transparency. In this way the Sovrin Foundation attempts to balance the two competing objectives of engendering trust while still assuring decentralization. Additionally, the contracts binding the stewards to the Sovrin Foundation73 and the identity owners to the Sovrin Foundation74 aim to provide a further level of trust, similar to the physical world trust engendered by a contract. Identity and evidence A reliable digital identity is necessarily based on attestations from third parties who are trusted by the person relying on their attestations. For private transactions such as making a purchase, it is up to the individual to decide what level of identification, and thus trustworthiness of evidence, they require. Reputation derived from transactions with others75 might be sufficient. But where the identification requirement is imposed by law, it is unsafe for a regulated entity to make decisions about this matter purely to its own satisfaction, because of the risk of a regulatory finding that insufficiently reliable identity evidence was taken. Thus, the UK recommendations on identification for anti-money laundering KYC purposes76 are, in effect, treated by financial intermediaries as if they were binding regulations. This means that distributed ledger systems where such regulation applies will need to establish identification standards, based on the regulation or discussions with regulators, otherwise those subject to regulation will not wish to use them. Third-party interference with the ledger In a technologically pure distributed ledger system the only person who has the power to dispose of entitlement to an asset is the holder of the PKI private key relating to that entitlement. This is the only way in which the ledger can be altered (or more accurately, updated with a new entry which substitutes the transferee for the transferor as holder of the entitlement). No other member of the system has the ability to prevent or delay such a transaction. But where the ledger records entitlements to off-chain assets, the PKI private key holder cannot be allowed sole control over that ledger entry. There are at least two situations where the law requires that a third party should have the power to delay, prevent or reverse a ledger transaction. Rectification of ledgers The first situation arises where rights over an asset have been acquired or modified in favour of a third party other than by means of a ledger transaction. The simplest example is the registration of a charge or notice relating to land (see ‘Introduction’). If the registered owner has agreed to this, for example, by securing a loan on the land, then this is simply a matter of recording a transaction signed digitally by both parties. But some rights, eg a right of way acquired through prescription, may be acquired adversarially rather than by agreement with the landowner, and so the ledger needs some way of allowing such a third party to register their interest. In a traditional registration system, this is done by giving notice to the registry, which is the only body that can modify the register. This suggests that in any off-chain asset distributed ledger, there needs also to be at least one ‘super-user’ who is a trusted person and who has the power to modify the ledger, in addition to the person registered as being the proprietor of the entitlement. The rectification problem also occurs for assets other than land, both tangible and intangible, because rights over those assets can be acquired other than through ledger transactions. Thus ownership of a motor vehicle is acquired simply through an agreement to transfer ownership, usually in the form of payment against handing over possession, and the new owner would need to be able to register that right if the previous owner fails to co-operate by undertaking a ledger transaction, unless the law is changed to prevent ownership being acquired in this way. Transactions in intangible assets such as shares which have been procured by misrepresentation or fraud can be avoided, and consequently ownership in those shares will need to be transferred back to the original owner.77 In Armstrong DLW GmbH v Winnington Networks Ltd,78 where a fraudster procured the transfer of registered carbon credits from the claimant to the defendant and took the proceeds, the court held that these carbon credits were a species of intangible property.79 Because the credits were individually identifiable, their ownership had never passed to the defendant,80 and thus they were ordered to be retransferred. A common reason that a ledger will need to be modified is where a court decides that a transaction should be reversed. This is because of the legal understanding of how ownership passes. Ownership is, for the purposes of this discussion, the entitlement to dispose of an asset, but an involuntary disposal has no legal effect. Thus, a thief cannot usually transfer ownership of a stolen asset. If the register records a transaction signed by the transferor, then the disposal is clearly not involuntary, but the register will still need rectifying if the transfer was procured by fraud, mistake or misrepresentation and a court decides that ownership should be re-transferred. The differential effects of these vitiating factors on ownership are complex; in some cases ownership never transfers, irrespective of what any register might say, whilst in others it transfers but is retransferred automatically when the transferor gives notice to rescind the transfer, or finally the retransfer may only occur as a result of the judgment of a court.81 Fortunately, the law seems likely to preserve the rights of innocent third parties who have relied on the truth of a ledger entry, as in the case of Norwich and Peterborough Building Society v Steed.82 Here, the transfer of land was procured by fraud, and the transfer was registered at the Land Registry. The court ordered that the land be retransferred to the original owner, but subject to the mortgage which had been granted and registered in good faith by the appellant. It seems likely that this approach would be taken in judgments relating to other types of registered asset.83 Delaying or preventing transactions The international system of money laundering controls is based on the concept that gatekeeper participants (financial institutions, lawyers, accountants, etc) should monitor the transactions in which they are involved and report suspicious transactions to the money laundering authorities. To achieve this, identification of transaction participants is necessary as we noted in ‘KYC distributed ledgers’ section. But in addition, the system also requires that money laundering authorities should have the power to delay or prohibit reported transactions from going ahead. This follows from the reporting obligations already noted in relation to suspicious transactions.84 Once a report has been made, the reporting entity has to follow any instructions given by the money laundering authority, which can include delaying the transaction or refusing to carry it out.85 A distributed ledger system will only enable the current controls to be implemented if either: The registered holder of an entitlement is unable to dispose of it directly, but has to request a regulated intermediary to effect the transaction. This would be, in effect, a replication of the current system of bank transfers and stock exchanges, with the distributed ledger merely substituting for current database systems. Regulated intermediaries have the power to delay or prevent transactions initiated directly by the holder, most likely through a smart contract which seeks their digitally signed approval for each transaction (or, if the technology itself is used to identify suspect transactions, for those transactions so identified). Again, though, this would entrench the role of intermediaries in the system—this would be highly desirable from an intermediary perspective, but would add system complexity and reduce any distributed ledger system’s attractiveness as an alternative to current financial systems. Alternatively money laundering authorities could be given the ability to delay transactions directly, rather than relying on intermediaries to do so on their behalf as is currently the case. The reason the obligation is placed on intermediaries is that they are the gatekeepers to existing financial systems. If the use of distributed ledger removes that gatekeeper role from intermediaries, it is illogical to require them to do more than report suspicious activities to the authority whilst leaving the decision about how to act to the authority itself. Whichever option were adopted, a system which delayed transactions might well be incompatible with commercial requirements, for example, in markets where high-frequency trading may be a key feature. A final important characteristic of the current system of money laundering controls is that delaying or prohibiting transactions should occur in secret, so far as transaction participants are concerned. Current financial systems make it comparatively easy to do this, because their complexity and the number of participants required to effect each transaction makes it possible for an intermediary to assert unexpected technical or operational failures on the part of some other player as an explanation. In a distributed ledger system, the only reason for delay would be that some authorized person had interfered in the transaction. Achieving these controls is clearly a mixed problem of law, trust and system design. Because the current gatekeepers lose their gatekeeping role, collective agreement will be needed about who should exercise oversight and control. This agreement will need to be transnational too, because money laundering is particularly likely in cross-border transactions, and this raises complex issues of trust between national regulators. And finally, any solution will need to be technically feasible, and built into the distributed ledger system. There has so far been little published thinking on this issue, and the likely shape of any solution cannot yet be predicted. Who and how? Ledger rectification A distributed ledger system which allows all and sundry to modify the ledger by merely asserting a claim over an asset is highly unsatisfactory from an evidential perspective. The existence of recorded claims would be likely to prevent the owner of an asset entitlement from disposing of that entitlement until the claim had been disputed successfully and the ledger rectified. And we have already seen that ledger rectification requires some third party to have superuser rights to change ledger entries, so it would seem sensible to limit the registration claims to those which have been reviewed and accepted by the superuser. This raises the Who? question. Clearly the superuser has to be a trusted person, and therefore, has at least to be identified in order to be trusted. When deciding whether to register third party claims the superuser will be acting quasi-judicial, and therefore, needs to be sufficiently independent from transactions in the registered assets to be trusted by system participants. What this tells us is that there are constraints on how the Who? question can be decided by system designers, and these will differ depending on the nature of the assets recorded on the ledger. As examples: Land registration is accepted as a governmental function, and current land registrars already perform these superuser functions. Legislation will be necessary to set up any distributed ledger system of land registration, and is likely to incorporate some equivalent to the registrar and define the powers and duties of that role. Where the asset is an intangible claim against some person, it will sometimes be appropriate for that person to take on the superuser role. Company shares are a claim against the company. Under most national company laws, the company itself acts as registrar (or outsources the role to a specialist) by recording changes of ownership, though not normally third party claims such as mortgages, and rectifying the register if required. Although shares are claims against the company, the company is in most cases sufficiently disinterested in disputes over registration86 for it to undertake the superuser role. However, if the subject of an intangible claim cannot be trusted to be disinterested in registering third-party claims, as might be the case for a distributed ledger recording corporate debts,87 then an independent outsider will need to be found to take on the superuser function. Professional services firms such as accountants are likely to be acceptable to participants in the ledger system. The How? question is easier to answer. Rectification by altering the record in the blockchain is technically impossible, because the alteration would invalidate the hash of the block containing the record, and also the hashes of all subsequent blocks. Thus, the entire blockchain would cease to be reliable, including all the unaltered records. In a distributed ledger system there are multiple copies of the ledger, and so even if the reliability problem did not exist there would still be the difficulty of propagating the modified copy across the network to replace all other copies. Rectification can, therefore, only be achieved by recording a new transaction in the ledger which reverses the transaction to be modified. If, for example, a transfer of shares had been procured through misrepresentation and a court ordered rescission of the transfer, this would be achieved by a transaction which transferred ownership from the current holder to the original holder, signed digitally by the superuser. This approach to rectification maintains the reliability of the ledger as a source of evidence. The change to the ledger is visible, so that the history of the asset and transactions in it is shown accurately, and the technological proof of the ledger’s reliability as evidence remains unimpaired. Delay or prevention Under the current money laundering system the duty to delay or prevent transactions, following the instructions of the regulator, is placed on financial intermediaries. In a distributed ledger system, this function should be transferred directly to the regulator, if only for reasons of efficiency. It is worth noting that this issue of delay is not unique to the financial sector. Distributed ledger technology is being trialled in other regulated sectors such as energy supply,88 and there is likely to be a need for the regulator in those sectors to have some level of control over the ledger. As an example, an energy regulator might need to delay execution of a smart contract that would feed in stored energy, in order to manage the load on the power grid. How such delay or prevention should be effected seems to be primarily a matter of system design rather than law. The solution might be as simple as attaching a smart contract to every ledger entry, which can be activated by the regulator using its private PKI key. However, there are two matters (at least) which the relevant regulation would need to deal with: The powers of the regulator would need to be clearly defined in order to maintain trust in the system. Trust also requires those powers to be exercised only in accordance with the regulation, and so reporting on their use and, possibly, independent auditing of the regulator’s decisions might be desirable. The current position in anti-money laundering regulation that decisions to delay or prevent transfers should be kept secret from the parties involved seems incompatible with transparency, and may be practically impossible in any case. Because the ledger will be visible to all parties, the only plausible reason for ‘invisible’ delay in transactions would be that the regulator has used its powers to interfere. Evidential effects Giving a third-party control over ledger records does not impair the evidential effectiveness of the ledger if that third-party’s actions are recorded in the ledger and visible to all participants. However, it does reduce the effectiveness of the ledger as evidence of the extent of an entitlement to an asset. This is because the recorded owner of the entitlement no longer has the unfettered power to transact that entitlement as the transaction might be delayed or prevented by some superuser, or later reversed. Secrecy about a third-party’s actions, such as that required by current money laundering controls, is a serious evidential problem. The ledger can no longer be trusted at all, because it does not now record all the actions taken in respect of an entitlement. This particular legal impurity may not, therefore, survive a move to use of distributed ledger technology. CONCLUSION The most radical approach to encourage the adoption of this technology as widely as possible would be to ‘purify’ the law so as to allow distributed ledger systems to work most efficiently. The effects on society would be dramatic. To pick just three examples from those discussed above: The detection and prevention of money laundering or terrorist financing would become vastly more difficult, and perhaps practically impossible. Informal disposal of registered physical assets, such as motor vehicles, for payment against transfer of possession would become impossible. Losses suffered through fraud relating to registered assets would always fall on the person defrauded, with no effective way of placing the loss on the recipient of the asset. Society is unlikely to be keen on such radical changes merely to encourage new technology. In addition, this approach would result in fundamental differences in the meaning of ownership, depending on whether the assets were or were not held on a distributed ledger. There are serious theoretical objections to creating such differences of legal regime,89 though these are outside the scope of this article. It seems, therefore, as if we will need to incorporate a wide range of legal impurities into the technical workings of distributed ledger systems. From a technological perspective this might seem undesirable, as law is imprecise and context dependent and is thus hard to build into technological systems that aim at exactitude. But the law’s mismatch with technology is because it aims to regulate human interactions, which are themselves imprecise and context dependent. Distributed ledger technology is a tool to achieve human needs, and must therefore, give way to the known failings of humans. Footnotes 1 Readers unfamiliar with the workings of blockchain and distributed ledger technology are directed to Jean Bacon and others, ‘Blockchain Demystified’, accessed 1 March 2018. 2 However, when it comes to the creation of assets (BitCoin) via the mining process, things are very different. The proof of work element is far more computationally intensive than is legally necessary to create a block, and this is an intentional part of the system. Block creators are, currently, rewarded by the creation of a new BitCoin, and if it were easy to create a block then the number of BitCoins would increase rapidly, with the result that the value of each BitCoin would decrease. To prevent this, the technology makes block creation increasingly difficult (so much so that it has been argued that the value of a newly created BitCoin is likely to be roughly equal to the total computing resources expended by all those miners who were competing to do so—‘… in the long run it costs a bitcoin to make a bitcoin’. Tim Swanson, ‘Consensus-As-a-Service: a Brief Report on the Emergence of Permissioned, Distributed Ledger Systems’ (6 April 2015) 51 accessed 1 March 2018). For modeling of costs see Luisianna Cocco and Michele Marchesi, ‘Modeling and Simulation of the Economics of Mining in the Bitcoin Market’ (2016) 11(10) PLoS ONE.  It is important to note that the BitCoin mining process is not, as is sometimes asserted, essential to validating block creation. For example, the Ripple cryptocurrency technology selects a subset of its approximately 200 trusted validators to achieve consensus that a block has been created, working on the assumption that they will not collude to defraud the participants in a transaction—Matt Hancock and Ed Vaizey, ‘Distributed Ledger Technology: Beyond Block Chain’ (2016) UK Government Office for Science 18 accessed 1 March 2018. 3 Of course, the law is definitely interested in transactions outside the walled garden which are in part concluded within, such as using BitCoins to purchase illicit drugs—see eg ‘Shedding Light on the Dark Web’ (The Economist, 16 July 2016) accessed 1 March 2018. 4 For example, under English law, the occupier of a house under a 1-week holiday rental has this right, and there are currently no legal requirements for such lettings to be registered. 5 UK Carbon Accounting Regulations SI 2009/1257 reg 9 requires there to be a register of carbon credits. 6 A share is given the status of personal property by the UK Companies Act 2006 s 541, and so general property law confers rights on the shareholder. The rights over a company’s assets and to participate in decision-making are conferred by the Companies Act, and elaborated by the company’s constitution which has the effect of a covenant between all the members and the company—s 33. Additional restrictions or obligations in respect of shares can be created and extinguished by contract, eg obligations about the disposition of shares set out in a shareholders’ agreement—for a discussion of the relationship between such agreements and the company’s constitution see Michael J Duffy, ‘Shareholders Agreements and Shareholders' Remedies: Contract Versus Statute’ (2008) 20(2) Bond Law Review art 2. 7 For example, UK Companies Act 2006 s 113(2) requires names and addresses to be recorded on the register. 8 UK Land Registration Act 2002 s 27. 9 See discussion in ‘Identity disclosure’ section. 10 For a brief overview and explanation of the reasons for taking non-registered security over shares see Michael Rutstein, Laurent Assaya and Christian Staps, ‘I Pledge To Thee My Shares: Taking Share Security in England, France and Germany’ (2009) CR and I 253–55. 11 UK Land Registration Act 2007 ss 27(2) and (3) sets out a list of those transactions which must be registered. Notice of non-registrable dispositions may be given by making a filing on the register—ss 32–47. 12 UK Companies Act 2006 Pt 8. 13 See ‘Third-party interference with the ledger’ section. 14 See eg Chris Reed, ‘What is a Signature?’, 2000 (3) Journal of Information, Law and Technology (JILT). accessed 1 March 2018. 15 See eg Matthias Mettler, ‘Blockchain Technology in Healthcare – The Revolution Starts Here’ Proceedings of the 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom). 16 Care and Support (Deferred Payment) Regulations SI 2014/2671 reg 4. 17 Stan Higgins, ‘Republic Of Georgia To Develop Blockchain Land Registry’ accessed 1 March 2018. Also see ‘Factom - Making The World′s Systems Honest' (Factom.com, 2017) accessed 1 March 2018. 18 ‘BITLAND’ (Landing.bitland.world, 22 April 2016) accessed 1 March 2018. 19 ‘UBITQUITY - The First Blockchain-Secured Platform for Real Estate Recordkeeping | Changing the World… One Block at a Time.’ (Ubitquity.io, 2017) accessed 1 March 2018. 20 Ragnar Lifthrasir, ‘What is Blockchain and How Does It Apply to Real Estate?’, accessed 1 March 2018. 21 Giulio Prisco, ‘Bitfury, Republic of Georgia Push Ahead With Blockchain Land-Titling Project’ 8 February 2017 accessed 1 March 2018. 22 Gertrude Chavez-Dreyfuss, ‘Ukraine Launches Big Blockchain Deal With Tech Firm Bitfury’ 13 April 2017 accessed 1 March 2018. 23 Originating in Ronald L. Rivest, Adi Shamir and Leonard M Adleman, ‘A Method of Obtaining Digital Signatures and Public Key Cryptosystems’ (1978) 21 Communications of the ACM, 120. 24 ‘Moore's law’ accessed 1 March 2018. 25 In the mid-1980s there were few owners of computing technology which could check more than one potential key per microsecond, operating 24 h a day, which meant that to break a PKI key of 256 bit length would on average take longer than the expected lifetime of the universe—Beckett, Introduction to Cryptology (Blackwell Scientific Publications 1988) Ch 9. The most recent 2015 recommendation from the US National Institute for Science and Technology (NIST) is that key lengths below 2048 bits are no longer considered secure—NIST, Recommendation for Key Management Part 3: Application-Specific Key Management Guidance (Special Publication 800–57 Pt 3 Rev 1, January 2015) 11–13 accessed 1 March 2018. 26 As an example, a security interest in shares might take the form of a smart contract under which the entitlement is automatically transferred to the lender unless repayment is made by a particular date. The triggering event would be the passing of the specified date without a repayment transaction being recorded on the ledger. 27 In the example in (n 25) the entitlement to the shares could still be transferred to a third party, but this would not prevent the smart contract transferring entitlement to the lender if the loan were not repaid on time. 28 This is known as forking the chain, and all distributed ledger systems incorporate mechanisms for resolving forks in a comparatively short space of time. However, these mechanisms are not infallible—see Simon Barber and others, ‘Bitter to Better — How to Make Bitcoin a Better Currency’, International Conference on Financial Cryptography and Data Security FC 2012: Financial Cryptography and Data Security (Springer 2012) 399, 404–05 - and the forking problem clearly needs to be managed reliably in any ledger system for off-chain assets, particularly high-value assets. 29 Readers may find a non-mathematical analogy helpful. Imagine that we take a text document and produce a message digest which consists of every 1000th character. The likelihood that two documents would produce the same message digest is clearly very low, and a forger who wished to produce a meaningful document with the same message digest would have a hard task. Hash functions treat the document as a series of numbers, and process them mathematically to produce a smaller number. This both enables the process to be computerized, and also makes the creation of forgeries much more difficult. 30 See NIST, Secure Hash Standard (SHS) (FIPS PUB 180–84, August 2015) accessed 1 March 2018. 31 See NIST, Recommendation for Applications Using Approved Hash Algorithms (Special Publication 800-107 Revision 1, August 2012) 6–9 accessed 1 March 2018. 32 For a discussion of weaknesses identified in the SHA-1 hash algorithm in 2006 see William E Burr, ‘Cryptographic Hash Standards – where do we go from here?’ (2006) IEEE Security and Privacy 88. 33 The forged transaction would be aggregated with other data, which might well be nonsense as it would never be examined during a transaction relating to that asset, to produce a block with the same hash as a block already incorporated in the ledger. It would then be a simple editing task to substitute these two blocks. So far as we can discover no work has been done to assess the difficulty of such a task, so all that can be said is that it might be worthwhile if the asset value were high, as in the case of land. 34 For example, a purchaser of shares is likely to want to know the identity of the company in question. 35 Because the entire history of BitCoin transactions is recorded in the blockchain, then even if participants generate a new public/private key pair for each transaction it is possible to use techniques such as context discovery and flow analysis to discover more information about participants than is disclosed in the blockchain—Fergal Reid and Martin Harrigan, ‘An Analysis of Anonymity in the Bitcoin System’ in Security and Privacy in Social Networks (Springer 2013) 197. In the online world there is no possibility of absolute anonymity—see Sara Nogueira Silva and Chris Reed, ‘You Can’t Always Get What You Want: Relative Anonymity in Cyberspace’ (2015) 12(1) scripted 35 accessed 1 March 2018. 36 See n 6. 37 See n 7. 38 See eg EU Fourth Anti-Money Laundering Directive, Directive 2015/849 OJ L141/73, 5 June 2015, arts 2.1 and 13(1)(a)–(c). 39 ibid art 13(d). 40 ibid arts 33 and 34. 41 Non-exhaustive lists of lower and higher risk factors are provided, respectively in ibid, Annex II and III. 42 Communication to the Council and the Parliament on an Action Plan to further step up the fight against the financing of terrorism (COM (2016) 50, 2 February 2016); for implications see the January 2017 Inception Impact Assessment, accessed 1 March 2018. 43 BitCoin trading platforms were found to be operating outside of anti-money laundering rules, which is a major concern of the central bank—see accessed 1 March 2018. 44 For example, EU Fourth Anti-Money Laundering Directive (n 37) art s 25–29. 45 For the finance sector, The ledger, see eg accessed 1 March 2018. 46 WEF, ‘The Future of Financial Infrastructure: An Ambitious Look At How Blockchain Can Reshape Financial Services’ (2016) accessed 1 March 2018. 47 ibid 53. 48 ibid 46–55. 49 Deloitte, ‘Blockchain Applications in Banking’ (2016) accessed 1 March 2018. 50 Christopher Allen, ′The Path to Self-Sovereign Identity′ (Life with Alacrity, 25 April 2016) accessed 1 March 2018. 51 Andrew Tobin and Drummond Reed, The Inevitable Rise of Self-Sovereign Identity (Sovrin Foundation White Paper September 2016, updated March 2017) accessed 1 March 2018, 6–9. 52 ibid 9. 53 Allen (n 50). 54 ibid. 55 Note that both of these services have not fully launched, and the documents on which this analysis is based are provisional frameworks and white papers which may be subject to further development. 56 Sovrin Founding Steward Agreement Public Review Draft 02, s 3. 57 Sovrin Identity Owner Agreement Public Review Draft 02, s 3. 58 Sovrin Provisional Trust Framework Public Review Draft 02, s 2.1. 59 Phillip J Windley, ‘How Sovrin Works’ (Sovrin Foundation 2016) accessed 1 March 2018. 60 ibid 4–5. 61 ibid 5—6. 62 ibid 7–8. 63 uPort: A Platform for Self-Sovereign Identity (Draft White Paper, February 2017) accessed 1 March 2018. 64 ibid. 65 Beth Simone Noveck, ‘Trademark Law and the Social Construction of Trust: Creating the Legal Framework for Online Identity’ (2005) 83 Washington University Law Quarterly 1733, 1772. 66 See n 58, s 2.3. 67 ibid, s 2.4. 68 Beth Simone Noveck, ‘Trademark Law and the Social Construction of Trust: Creating the Legal Framework for Online Identity’ [2005] 83 Washington University Law Quarterly 1733. 69 José Parra-Moyano, ‘About the Continuity and Origin of Identity in Distributed Ledgers: Learning from Russel's Paradox’ (1 October 2016) accessed 1 March 2018. 70 ‘… a validating instance can only inscribe in the distributed ledger the identity of those entities that cannot be created in the ledger and that need a token to represent them, since otherwise the validating instance would be granting a token an identity that that token already has. In such a case, the validating instance would be redundant. However, since such a validating instance cannot be created within a distributed ledger (because it must interact with the ecosystem that exists outside the ledger), if it is to be able to participate in the ledger, the instance will have to verify itself, which leads to a logical contradiction.’ ibid 8. 71 See Tyrone Grandison and Morris Sloman, ‘A Survey of Trust in Internet Applications’ (2000) 3.4 IEEE Communications Surveys and Tutorials 2. 72 See n 56, s 3.1 73 ibid. 74 See n 57. 75 As in, eg, the eBay feedback system. 76 UK Joint Money Laundering Steering Group, Money Laundering/ Combating Terrorist Financing (2017 REVISED VERSION) GUIDANCE FOR THE UK FINANCIAL SECTOR PART II: SECTORAL GUIDANCE, App 1. 77 For example, Erlson Precision Holdings Ltd v Hampson Industries PLC [2011] EWHC 1137. 78 [2012] EWHC 10 (Ch). 79 Applying the principles in National Provincial Bank Ltd v Hastings Car Mart Ltd [1965] AC 1175, 50. 80 The defendant would have acquired good title if the purchase had been made in good faith, but the defendant’s failure to conduct proper money laundering KYC checks on the identity of the fraudster (see ‘KYC distributed ledgers’) was sufficient to give constructive notice of the fraudster’s lack of authorization to dispose of the property, and thus prevented ownership from passing. 81 For a detailed examination of the complexities see Janet O’Sullivan, ‘Rescission as a Self-Help Remedy: a Critical Analysis’ (2000) Cambridge Law Journal 509. 82 [1993] Ch 116. 83 Strictly, the court found that it had no discretion under the statute to order rectification as against the mortgagor. However, it is clear from the judgment of Scott LJ that, had there been such discretion, it would have been exercised so that the loss did not fall on the innocent mortgagor. 84 See n 39. 85 See eg EU Fourth Anti-Money Laundering Directive (n 37) art 35. 86 The claims embodied in a share are, at least in part, created by legislation, and so the company registrar cannot change the content of these claims. The register merely records which person is entitled to the benefit of that claim, and as between share owners and claimants of rights over shares the company has no interest to conflict with acting as superuser. 87 For example, the corporation might have trading relationships with some debtors, or a debtor might own sufficient shares to give it a say in the appointment of company officers, and either of these could lead other debtors to distrust that the company would act independently when determining whether the ledger should be rectified. 88 Michael Merz, ‘Potential of the Blockchain Technology in Energy Trading’, in Burgwinkel (ed), Blockchain Technology: Introduction for Business and IT Managers (de Gruyter 2016) 2. 89 See Chris Reed, ‘Online and Offline Equivalence: Aspiration and Achievement’, (2010) 18 International Journal of Law and Information Technology 248. Author notes Advocate, High Court of Karnataka, India and Legal Consultant, Centre for Internet and Society, Bangalore. E-mail: mahesh.rgnul@gmail.com LLM Candidate in International Laws, Beijing Foreign Studies University, LLM in Banking and Finance law, University of London, Queen Mary. E-mail: shuhui.ruan@yahoo.com Adjunct Tutor at University of the West Indies, Mona Campus, Jamaica and Associate at Hart Muirhead Fatta. E-mail: justineanncollins@gmail.com © The Author(s) (2018). Published by Oxford University Press. All rights reserved. For permissions, please email: journals.permissions@oup.com. This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/about_us/legal/notices) TI - Beyond BitCoin—legal impurities and off-chain assets JF - International Journal of Law and Information Technology DO - 10.1093/ijlit/eay006 DA - 2018-06-01 UR - https://www.deepdyve.com/lp/oxford-university-press/beyond-bitcoin-legal-impurities-and-off-chain-assets-N0krGVA1RC SP - 160 VL - 26 IS - 2 DP - DeepDyve ER -