Modelling cryptocurrency for legal analysis

Article  \  5 Nov 2021

In New Zealand’s first significant cryptocurrency case, Ruscoe & Moore v Cryptopia[i], the High Court (Christchurch) found cryptocurrencies constituted personal property. The court, perhaps bravely in the context of long held common law personal property theory, accepted there were other categories of intangible property in addition to choses in action.

This case also highlighted the difficulty of conducting a legal analysis of cryptocurrency systems. They are many steps up in technological complexity compared to computer programs, digital files and databases.

 

Key points

Apart from reporting New Zealand’s first substantive court decision on the legal nature of cryptocurrencies, the objective of this article is to provide an understandable model of the blockchain technology upon which all cryptocurrencies are based. This renders a portrait of the essential elements of the blockchain platform sufficient to allow a legal analysis of cryptocurrencies and in particular whether they can constitute personal property.

The foundation elements of cryptocurrencies (with bitcoin being the pioneering currency) are (i) the structure and processing of transactions between pairs of participants, (ii) the recording of those transactions in a ‘distributed ledger’, (iii) the ledger not being simply stored and managed by a trusted intermediary such as a bank, but being stored on the computer systems of multiple participants and viewable by all, and (iv) the cryptographic protection routines which prevent any transactions on the ledger from being modified or deleted. Participants’ cryptocurrency balances are not calculated and stored as such in the distributed ledger and must be derived from all transactions in the ledger where he/she was a recipient of funds which remain unspent.

 

Ruscoe & Moore v Cryptopia

Cryptopia was a cryptocurrency exchange company located in Christchurch set up in 2014 to facilitate trading between pairs of cryptocurrencies. Cryptopia was hacked[ii] in January 2019 and lost account holder’s cryptocurrencies totalling $NZ30 million, about 15% of its total cryptofund holdings. The company was liquidated in May 2019 and the liquidators sought a judgment on the legal status of cryptocurrencies.

Did the cryptocoins in Cryptopia’s name on the various cryptocurrency blockchains constitute property which was held by it in trust for the exclusive benefit of its account holders? That is, not available to its general creditors following its liquidation. 

Cryptocurrency trades outside the exchange involved Cryptopia (not the account holder) creating transactions on the blockchain for the cryptocurrency in question. Cryptopia was the participant on each blockchain and held the relevant cryptographic private and public keys[iii] – not the account holders.

 

The Court’s reasoning

The primary issue was whether cryptocurrencies constituted property. If not the trust issue was irrelevant. Gendall J reviewed a number of authorities from other jurisdictions relating to the legal status of cryptocurrencies which unfortunately were not particularly helpful as they ultimately decided they either did not need to determine the issue or while accepting cryptocurrencies to be property – as in the English cases Armstrong v Winnington Networks[iv] and AA v Persons Unknown[v] – did not provide the sort of in-depth analysis Gendall J sought to provide a solid basis for his precedential New Zealand decision. 

Gendall J then reviewed two New Zealand cases dealing with the property status of digital data which he considered, like cryptocurrency, to be right at the boundaries of the common law concept of ‘property’. 

The first was the New Zealand Supreme Court’s 2015 decision in Dixon v R[vi] on the alleged taking of property under the computer misuse provisions of the Crimes Act. Dixon had without authority made and physically taken away a digital copy of a bar’s digital CCTV footage. While the Supreme Court acknowledged decisions in UK cases that information as such may not constitute property[vii], it decided, somewhat controversially, that a digital file of CCTV footage was more than mere information and did constitute property which could be stolen. Gendall J, having decided cryptocurrencies were digital files sought to rely at least in part on Dixon as a supporting authority for cryptocurrencies to be property. He considered that the decision in the UK case Your Response v Datateam[viii] - that database content was information and not property - was confined to the facts of that case.

Gendall J also referred to the New Zealand case Henderson v Walker[ix] where Thomas J had held that computer data was not only property per se, but was property capable of being converted. Thomas J’s reasoning was that: (i) it was possible to control and therefore possess digital files and (ii) possession required manual control. Gendall J considered this conclusion could be extended to wrongful interference with cryptocurrency or digital assets.  ‘Any person who gained access to the private key attached to cryptocoins and used it would permanently deprive the proper possessor of the cryptocoins of that property and its value’[x]

Gendall J then turned to Lord Wilberforce’s opinion in National Provincial Bank v Ainsworth[xi] that common law property is capable of expansion, contrary to the 1885 dictum of Fry LJ that personal property must be either a thing in possession or a thing in action ‘and the law knows no tertium quid between the two’[xii].  Lord Wilberforce’s proposed criteria for ascertaining if a given subject matter could constitute personal property were: was the subject matter in question (i) definable, (ii) identifiable by third parties, (iii) capable of assumption by third parties and (iv) did it have some degree of permanence.

On whether cryptocurrencies were identifiable Gendall J considered that because they were computer readable strings of characters capable of being allocated uniquely to a holder on a particular network they were clearly ‘definable’ and in large measure similar to bank recorded balances in numbered bank accounts. This similarity is somewhat tenuous. As mentioned in the blockchain outline provided below, no such parameters are recorded on cryptocurrency blockchains. Gendall J was of the view they were also identifiable by third parties because as he expressed it they clearly had a holder or owner with the power to deny access by third parties by virtue of the holder’s private key. They were capable of assumption by third parties because as Lord Bridge stated in the Privy Council case Attorney-General of Hong Kong v Nai-Keung[xiii] it would be strange indeed if things which could be freely bought and sold could not be stolen. The required degree of permanence was inherent in the blockchain methodology as the entire life history of a cryptocoin was available in the public record keeping of the blockchain and they were certainly no more risky in this regard than a balance in a bank account.

It is submitted that Gendall J’s decision that cryptofunds are personal property is correct. However, reflections on the nature of the digital files making up transactions is something of a red herring. The digital file (alleged property) versus information (no property) argument in itself is incomplete. It is what the content (represented digitally) happens to be along with its function that should be used for determining such things as property status and ownership.         

It is further submitted that looking to Henderson v Walker, with its proposition that digital files had another characteristic of personal property by being susceptible to ‘manual control’ was another red herring. For example, being able to switch a flow of electricity on or off does not mean electricity is property. And digital files transmitted over the internet are themselves simply a sequence of electronic impulses.   

 

Breaking down blockchain technology for legal analysis of cryptocurrencies

In this writer’s experience much of the literature on cryptocurrencies – such as bitcoin – is not expressed in terms of content and form to make it immediately adaptable to solve questions about the legal nature of this form of currency. Some is of course extremely technical and focussed on cryptographic mathematics while some treat cryptocurrencies as simply an analogue to electronic or digital currency. It is suggested here that focussing on cryptocurrency transactions is a particularly useful way to address cryptocurrency legal issues.

 

Bottom-up approach starting with transactions 

Cryptocurrencies, starting with Bitcoin in 2009, were devised to overcome the perceived disadvantages inherent in existing internet commerce such as the need for trusted intermediaries (eg banks), high transaction costs and merchants requiring customers’ private information. Despite the function of exchanges like Cryptopia to provide currency trading investment opportunities cryptocurrencies like Bitcoin were actually created to facilitate commercial transactions.

A cryptocurrency transaction is an internet transfer of a certain amount of ‘coins’ from one party, say Alice, to another, say Bob. The transaction initiated by Alice comprises an ‘input’ and an ‘output’. The input has two components: (i) Alice’s digital signature for unlocking an amount of her unspent cryptofunds (UTXO) and (ii) a pointer to one (or more) of her prior transactions where she was the recipient of a transfer of cryptofunds from third parties. The output of the current transaction also has two components: (i) Bob’s cryptographic address which identifies him as the recipient of the transfer and (ii) the amount of the cryptofunds he will receive. This amount will now become one of Bob’s unspent transaction outputs (UTXO) locked to his address and available for him to use in the input of one of his future spending transactions.

Alice’s digital signature for this transaction is derived from her secret ‘private key’ within the assymetric encryption system used in relation to cryptocurrencies to generate public keys from private keys using an irreversible mathematical algorithm. That is a cryptographic system where someone wanting to ‘message’ Alice, say Bob, can know and use her ‘public key’, but only Alice’s secret private key can decrypt the message.  On the other hand Bob’s address is derived from his public key. The probability of deriving Alice or Bob’s private keys from their public keys is virtually nil. Even a supercomputer unavailable to most would-be code crackers would need a lengthy and costly period of trial and error attempts.

The Alice to Bob transaction when validated is permanently recorded in a digital ledger copies of which reside on the computer systems of all participants in the relevant cryptocurrency system. Thus it is a peer-to-peer system and not a centralised one where participants interact with a hub as in bank operated digital currency transfer systems. These networked computer systems are called ‘nodes’. Each node, or at least each ‘full node’, stores an unalterable copy of all transactions conducted using that particular cryptocurrency. There is thus a multi-copy or ‘distributed ledger’ containing every transaction. A group of validated transactions, say eight, each in the form of a digital file are grouped together in a ‘block’ and all the blocks are linked together as a time sequenced chain – hence given the name, ‘blockchain’.

Blockchains are considered ‘transparent’ as all participants can view every transaction. However, they cannot identify the participants in any given transaction because they can only view the digital signatures and addresses of the transaction participants.

Each participant has an offline digital ‘wallet’ which stores the participant’s pair of cryptographic ‘keys’ to be used in their blockchain transactions. This key system of security for cryptocurrencies was derived from cryptography and in particular ‘public-key encryption’ systems where Alice’s public key, having been provided to anyone she wanted to send her a message is used to encrypt a message (by Bob) and Alice would use her mathematically related private key, from which the public key was generated, to decrypt it. The ‘digital signature’ of Alice in input (i) mentioned above, which is generated by software in her wallet, is different for every transaction she enters into, but each signature is derived from her unique and secret ‘private key’. The private key is a very large and randomly selected number which Alice must keep secret in a wallet.

Another mathematical function in the wallet software is used to derive an ‘address’ for Alice – a condensed version of her somewhat lengthy public key. Alice’s address, like Bob’s, is only used in transaction outputs.

Only transactions with the input and output data explained above are stored on the blockchain. Unlike bank accounts blockchains do not group and store participants’ transactions in accounts specific to them. Because of this blockchains also do not calculate and store participants’ account balances. However, there is a database at each node computer, separate from the blockchain, called the Unspent Transaction Output Set which does store all output transaction amounts which have not been spent and can therefore be used as inputs for future transactions by a respective transferee. This feature was provided to enable validation of transaction outputs available for the creation of new transactions without the necessity to check every single transaction in the blockchain for unspent outputs held by any particular addressee.

 

Ensuring each transaction posted to the distributed ledger is valid [xiv]

Cryptocurrencies such as Bitcoin have very sophisticated utilities to ensure transaction validity and security. When Alice generates a transaction it is sent out to all nodes on the blockchain. However, it is not immediately posted on the copy of the blockchain ledger held on each node. This is because a fraudulent node might alter the transaction output before posting so that it receives the transaction payment rather than Bob.

When the number of new transactions equals the block size (and it is blocks of transactions that are posted to the blockchain) a technique is initiated to make it pure chance as to which node does the update.  It is termed ‘proof of work’. This involves setting a mathematical puzzle to be solved by those nodes with the sufficient computing capacity to do so. These nodes are called ‘miners’ because the first node to solve the problem receives a pre-determined amount of that blockchain’s cryptocurrency. These miners are ‘searching’ not for gold, but for cryptocoins!

The puzzle is to find a number which when hashed with the block data gives an answer which falls within a set range of numbers.  Each miner computer system ‘guesses’ a number and hashes it with the block data it has received and keeps on doing this until it meets the criteria set by the puzzle[xv]. The first to do so then adds the block to its copy of the blockchain and broadcasts it to other nodes. They check the number and add the block to their copy of the blockchain. This ‘adding’ involves hashing the new block to the last block which has been added to the blockchain.     

  

Ensuring the ledger is tamper-proof

If an attempt is made at one node to alter the output of an historically recorded transaction within a block that will change the block header. Block headers are located at the start of the data files in each block and are a summary of the block contents, that is metadata. Blockchains are configured so that such an action will change the headers of all blocks in the chain which follow the tampered block up to the latest block in the chain. Other nodes will reject this tampered chain stored by the tamperer because the latest block just validated by the most recent proof of work and agreed consensually now does not match the header of latest block held on the tamperer’s copy of the blockchain.  

 

Conclusion

It is submitted that the cryptocurrency constituent that should be used to determine whether cryptofunds can constitute personal property is the unspent transaction output amounts (UTXOs) on the blockchain. The potential ‘property owner’ being identified by the address linked to each UTXO amount. The subject matter to be assessed is derived by looking at each cryptocurrency one by one, and focussing on the totality of individual amounts of currency (cryptofunds) which have been (i) received by a participant (identified by a unique cryptographically coded address) as outputs in each transaction and are as yet unspent, that is UTXOs, (ii) transferred via validated transactions and (iii) recorded in a secure distributed digital ledger accessable to all participants trading in that cryptocurrency.  

Applying Lord Wilberforce’s property criteria it seems clear that these funds (the UTXOs) certainly are (a) definable, (b) identifiable by third parties (other participants), (c) capable of assumption by third parties – normally by subsequent transactions generated by the current rightful holder, but also by a transaction initiated by someone who has stolen that holder’s private key, and (d) have permanence, because while further coins can be introduced there can be no reduction in the number of cryptocoins in a cryptocurrency system despite them being in whole or in part transferred over time from one owner to another in what might be an endless series of transactions.  

 

This article was first published in the Internet Law Bulletin 24.4.

 

[i] [2020] NZHC 728.

[ii] Presumably it would have been their ‘private key’ (to be explained later) that was taken by the hacker.

[iii] See ‘Elements of Cryptography’ below.

[iv] [2012] EWHC 10.

[v] [2019] EWHC 3556.

[vi] [2015] NZSC 147.

[vii] Such as Oxford v Moss (1979) 68 Cr. App. R. 183.

[viii] [2014] EWCA Civ 281.

[ix] [2019] NZHC 2184.

[x] This is questioned in the Analysis which follows.

[xi] National Provincial Bank v Ainsworth [1965] AC 1175 (HL) at 1247-1248.

[xii] Colonial Bank v Whinney (1885) 30 Ch D 261 (CA) at 285.  And adopted by the House of Lords on appeal.

[xiii] [1987] 1 WLR 1339 (PC) AT 1342.

[xiv] The technique described is that used with the Bitcoin system.

[xv] The puzzle-solving process may take at least 10 minutes and each miner system requires enormous computer power and thus they consume considerable quantities of electricity causing some governments to become concerned, particularly where electricity is coal generated.