©2019. Published in Landslide, Vol. 11, No. 6, July/August 2019, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.
Blockchain revolutionaries believe that truly decentralized, distributed computing—the promise afforded by Satoshi Nakamoto’s Bitcoin and Vitalik Buterin’s Ethereum—will upend our economy, create a new Internet, and obviate the need for centralized corporations and maybe even governments. This dream of decentralization has begun to be actualized by an industry using blockchain technology to build businesses, raise money, and trade assets. But, in a decentralized world, who is liable? For the answer to that question, blockchain revolutionaries may need to look to copyright case law about decentralization in the context of peer-to-peer file sharing platforms.
Blockchain’s Promise of Decentralization
For early Internet pioneers, the Internet was supposed to be free of intermediaries. As Timothy C. May wrote in 1992, computer technology could provide “the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner.”1 May anticipated that “public-key encryption, zero-knowledge interactive proof systems, and various software protocols for interaction, authentication, and verification” would fundamentally change the nature of society, corporations, and governments, as well as intellectual property.2 But nearly three decades later, as many proponents of blockchain technology point out, the Internet has done little to diminish the presence of intermediaries in our society. Instead, major information and communication intermediaries like Google and Facebook have had an enormous impact on how billions of people see and access information across the globe.
Blockchain revolutionaries hope that blockchain will obviate the need for intermediaries. Blockchains3—simply described as distributed ledgers—blend advances in peer-to-peer network architecture, public-private key cryptography, programmable rules, and mechanisms for achieving consensus—to record tamper-resistant, publicly verifiable information in transparent databases maintained by a distributed network of computers.4 Ultimately, this means that information can be stored and shared in a manner that reduces the need for centralized control. Where intermediaries were once required to store data, blockchain-based networks can now store data across millions of individual, independent nodes. And, once data is recorded and stored on a blockchain, it becomes difficult to change or delete without the consensus of at least 51 percent of those who validate the data on the network.5
The distributed nature of blockchain technologies raises some formidable legal questions reminiscent of those raised by file-sharing technologies at the turn of the twenty-first century. Those file-sharing technologies relied on a decentralized network of participants to act “as both a supplier and consumer of informational resources.”6 These networks gained widespread popularity and notoriety for their ability to serve music and video files for free. But the decentralized nature of file-sharing sites did not afford them legal reprieve. To the contrary, the law that developed as a result of these technologies is likely to shape the liability of participants in blockchain-based decentralized networks today.
Code as Law, or Copyright Law?
Early blockchain proponents sometimes asserted that a decentralized, blockchain-based system could operate independently of national laws, regulations, and court systems.7 The origin of Bitcoin, the first application of blockchain technology that enables global peer-to-peer payments, is rooted in that ethos. In 2016, Vitalik Buterin, one of the creators of the Ethereum blockchain, opined that while “[t]raditional courts serve the very important function of figuring out what the appropriate remedy is when the parties to a dispute have no prior relationship,” a decentralized dispute resolution system could be used for blockchain-based transactions wherein “a few randomly selected judges look at each question by default, and are incentivized by the threat of a larger ‘supreme court’ contradicting them.”8
But the notion that code is law—that the code of a software protocol or its architecture “sets the terms on which life in cyberspace is experienced”—does not displace the applicability of national law and regulation.9 Indeed, secondary liability for copyright infringement has long placed limitations on the aspirations of cyber revolutionaries.10
Legal responsibility for copyright infringement is premised on the “right and ability to control” infringement, along with financial benefit.11 In an analogous way, questions of control may also help guide, in part, determinations of liability on decentralized blockchain-based networks.
Secondary Liability Applied to Distributed Technologies
Courts have applied several forms of secondary liability in peer-to-peer copyright infringement cases: inducement, contributory infringement, and vicarious liability. A party that (1) aims to satisfy a known demand for infringement, (2) shows no attempt to develop filtering tools to diminish infringing activities, and (3) makes substantial income from the infringing activities can be found liable for inducement.12 Contributory liability has been found where a party has actual or constructive knowledge of the infringing activity and “induces, causes or materially contributes to the infringing conduct of another.”13 Finally, vicarious liability exists where the party has the ability to monitor and control the direct infringer and direct financial interest in the infringer’s activities.14 Notably, vicarious liability does not necessarily require a party to have knowledge of the infringing activity. Developers of blockchain-based decentralized applications may thus wish to pay particularly close attention to prior cases that establish vicarious liability as applied to peer-to-peer networks.
Vicarious liability is an “outgrowth” of respondeat superior15—the same legal principle that holds an employer responsible for its employees’ actions—which imposes liability on “those with a sufficiently supervisory relationship to the direct infringer.”16 Courts have held that one can be liable for vicarious copyright infringement by “profiting from direct infringement while declining to exercise a right to stop or limit it.”17 That is, “vicarious liability is premised wholly on direct financial benefit and the right and ability to control infringement.”18 The Ninth Circuit in Napster set a low bar for financial benefit, holding that a “[f]inancial benefit exists where the availability of infringing material ‘acts as a “draw” for customers.’”19 And there is no bright-line rule for determining what constitutes a right and ability to control; even where an alleged secondary infringer lacks a formal, contractual ability to control a direct infringer, “a pervasive participation in the formation and direction” of the infringer has been held to constitute control.20 In the non-Internet context, an operator of a physical site could be held vicariously liable because it “patrolled” the premises, “controlled the access of customers to [a physical] area,” and “had the right to terminate vendors for any reason whatsoever and through that right had the ability to control the activities of vendors on the premises.”21 Likewise, evidence of a right and ability to control online infringement can be manifested in a variety of ways, from a party’s marketing materials and policies to the more technical aspects of a network’s architecture. For example, evidence of a right and ability to control might exist where a party has the ability to filter and control network activity, suspend accounts or prevent malicious activity, throttle the activity of those who exploit the network, or remove content posted or distributed through the online services. Proactively refusing to exercise such a right and ability does not absolve the party of liability.22
In the context of peer-to-peer networks, the right and ability to control has been found where a party merely has the “ability to block” the infringer’s access to a particular environment.23 For example, Napster’s network architecture consisted of a centralized indexing system that maintained a list of all available files and a central addressing system designed to connect the hard drives of its individual users; because of that network architecture, in the Napster case, the plaintiffs demonstrated that Napster retained the right to control a user’s access to its system, and expressly reserved the “right to refuse service and terminate accounts.”24 Because its centralized servers could be turned off, Napster possessed the right and ability to control who could transmit a search request to the Napster server, and what search results would be transmitted to the requesting user. For those reasons, the Ninth Circuit found that “Napster’s failure to police the system’s ‘premises,’ combined with a showing that Napster financially benefits from the continuing availability of infringing files on its system, [led] to the imposition of vicarious liability.”25
The notion of control may similarly serve as a useful analytical tool for examining potential liability in the context of decentralized blockchain-based networks. Blockchain-based networks can be designed such that no single party has the ability to direct or manage the entire network. For example, the Ethereum blockchain is a software protocol implemented by multiple open source software clients; each of these implementations is publicly available, and the network is currently supported by thousands of peers scattered across the globe.26 The software is open source, and, while any developer may propose improvements to the network and contribute to the network’s development, the majority of the network’s validators (often called “miners”) must collectively decide to implement a software change in order for a blockchain-based network to be updated. It is also possible for a software change accepted by less than a majority of the validators to result in a so-called “fork,” or network split, resulting in a new network implementing the software change in addition to the original network. Developers discuss software upgrades and protocol changes in a variety of formats, from technical websites (like GitHub) and social media services (like Twitter and Reddit) to in-person meetings. These disparate actors collectively support the Ethereum network, but, arguably, no single party controls the direction of the network. Some other so-called “decentralized” networks are actually controlled by an intermediary that has the ability to exercise control over network activity, such as throttling the activity of those who exploit the network or removing data distributed on the network. To the extent any of that network activity is found to be illegal, such an intermediary may be exposed to vicarious liability.
Blockchain revolutionaries should consider the impact of copyright law when considering liability in decentralized networks. The “right and ability to control” may help to define who is liable for what activities in a decentralized world.
1. Timothy C. May, The Crypto Anarchist Manifesto, in Crypto Anarchy, Cyberstates, and Pirate Utopias 61–62 (Peter Ludlow ed., 2001).
3. For the purposes of this article, “blockchain” refers to public, permissionless blockchains.
4. See Primavera De Filippi & Aaron Wright, Blockchain and the Law: The Rule of Code 174 (2018).
5. Id. at 119.
6. Id. at 17.
7. See, e.g., Mattheus Von Guttenberg, Crypto-Anarchists and Cryptoanarchists, Bitcoin Mag. (Sept. 29, 2014), https://bitcoinmagazine.com/articles/crypto-anarchists-cryptoanarchists-2-1412033787/.
8. See Decentralized Court, Reddit (Apr. 26, 2016), https://www.reddit.com/r/ethereum/comments/4gigyd/decentralized_court/.
9. See Lawrence Lessig, Code Is Law: On Liberty in Cyberspace, Harv. Mag. (Jan. 1, 2000), https://harvardmagazine.com/2000/01/code-is-law-html.
10. See MGM Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 930 (2005); see also Gershwin Publ’g Corp. v. Columbia Artists Mgmt., Inc., 443 F.2d 1159, 1162 (2d Cir. 1971) (“[O]ne may be vicariously liable if he had the right and ability to supervise the infringing activity and also has a direct financial interest in such activities.”).
11. Arista Records LLC v. Usenet.com, Inc., 633 F. Supp. 2d 124, 156 (S.D.N.Y. 2009) (discussing the three types of secondary liability claims available under the Copyright Act).
12. MGM Studios, 545 U.S. 913.
13. Gershwin, 443 F.2d at 1162 (footnote omitted).
14. Id. at 1159–60.
15. See Shapiro, Bernstein & Co. v. H.L. Green Co., 316 F.2d 304, 307 (2d Cir. 1963) (“Many of the elements which have given rise to the doctrine of respondeat superior may also be evident in factual settings other than that of a technical employer-employee relationship.” (citation omitted)).
16. MGM Studios, Inc. v. Grokster Ltd., 380 F.3d 1154, 1164 (9th Cir. 2004).
17. MGM Studios, 545 U.S. at 930.
18. Arista Records LLC v. Usenet.com, Inc., 633 F. Supp. 2d 124, 156 (S.D.N.Y. 2009).
19. A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1023 (9th Cir. 2001) (quoting Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d 259, 263–64 (9th Cir. 1996)).
20. Gershwin Publ’g Corp. v. Columbia Artists Mgmt., Inc., 443 F.2d 1159, 1163 (2d Cir. 1971).
21. Fonovisa, 76 F.3d at 262.
22. MGM Studios, Inc. v. Grokster Ltd., 380 F.3d 1154, 1166 (9th Cir. 2004).
23. Napster, 239 F.3d at 1023.
25. Id. at 1024.