As the digital bites settle on a turbulent 2022, Roman Kubiak discusses what he sees as the top five legal cases in the crypto and digital asset space of 2022.
Court of Appeal upholds appeal for permission by claimant seeking to sue software developers on the basis that they owe fiduciary or tortious duties to cryptocurrency hack victim.
Although strictly speaking handed down in 2023, Tulip was an appeal heard in December 2022 of a decision itself heard in March of 2022. We discussed that decision in an earlier podcast but, briefly, the earlier reported decision ([2022] EWHC 667 (Ch)) was an application by a number of the defendants to the claim challenging the court’s jurisdiction.
The claimant, Tulip Trading Limited, is a company incorporated in the Seychelles and whose CEO, Australian citizen Dr Craig Wright, had been resident in England since 2015.
Dr Wright, who according to reports has previously claimed to be the infamous Satoshi Nakomoto, the reputed founder or collective of persons who developed the Bitcoin blockchain and associated cryptotoken, claimed that his computers had been hacked and that private keys owned by Tulip allowing access to some £3 billion of Bitcoin had been stolen.
Rather than going down the more traditional (if one can yet call anything in crypto litigation “traditional”) route of seeking information from the defendants by way of Bankers Trust or Norwich Pharmacal orders, Tulip claimed that the defendants, who were the core developers and/or controllers of four Bitcoin networks, owed it fiduciary and/or tortious duties which required them to take steps to enable Tulip to regain control of the stolen Bitcoin. It further argued that they owed it equitable compensation in damages for breach of its duties.
The defendants made a number of arguments in response. Chief among those were that:
- if, which was not accepted, the developers owed a fiduciary relationship to every single owner of Bitcoin, that would “involve the imposition of extensive duties to take positive action in potential conflict with the Defendants’ duties to other owners”;
- there was a distinction between acts and omissions and that there was, therefore, no tortious duty;
- an inability to access cryptocurrency without a private key was, they argued, “fundamental to the system”;
- there was no serious issue to be tried;
- the developers were not an identifiable individual or group of individuals and, instead, “a very large, and shifting, group of contributors without an organisation or structure”, in essence a key characteristic of Bitcoin’s decentralised nature; and
- there was a disclaimer of liability in the terms of a generic licence on the basis that the software was provided “as is”.
The High Court agreed with the defendant developers that, on the case as pleaded, there was no fiduciary duty owed by them to Tulip nor a tortious duty. On that basis there was, in Mrs Justice Falk’s opinion, no serious issue to be tried which would otherwise warrant and permit the use of one of the service gateways under Practice Direction 6B of the Civil Procedure Rules. On that basis the judge set aside a previous order granting permission to serve the claim form.
Interestingly, however, Mrs Justice Falk did not rule out entirely the possibility of a fiduciary relationship arising as between software developers on the one hand and users on the other, when she commented that:
“I can see that it might be arguable that, when making software changes, developers assume some level of responsibility to ensure that they take reasonable care not to harm the interests of users, for example by introducing a malicious software bug or doing something else that compromised the security of the Network. Further, if the Defendants do control the Networks as TTL alleges, it is conceivable that some duty might be imposed to address bugs or other defects that arise in the course of operation of the system and which threaten that operation.”
Perhaps unsurprisingly, therefore, in December 2022, the Court of Appeal was tasked with revisiting this question of whether the developers owed fiduciary or tortious duties to an owner of cryptocurrency. That, in turn, would determine whether Tulip had a “serious issue” which was capable of being tried and, thus, which would allow them to effect service abroad of their substantive claim.
Giving the leading judgment, Lord Justice Birss first considered the approach to the “merits test” regarding whether or not there was a serious issue to be tried and the principles underlying that. In doing so, he concluded that applications over jurisdiction should be treated in the same way as other kinds of summary applications, namely the same legal test should apply.
He then went on to give an excellent definition of what Bitcoin is, how the technology underlying it works and its role as a cash token.
On the question of the extent to which any fiduciary or tortious duty was owed, Lord Justice Birss noted that there was already academic commentary on the point, notably “In Code(rs) we trust: Software Developers as Fiduciaries in Public Blockchains” by Angela Walch of St Mary’s University San Antonio Texas and UCL Centre for Blockchain Technologies and “Blockchain Development and Fiduciary Duty” in the Stanford Journal of Blockchain Law and Policy, 2019, Vol 2.2 pp139-188.
He summarised Tulip’s case, thus:
“the developers, having undertaken to control the software of the relevant bitcoin network, thereby have and exercise control over the property held by others (i.e. bitcoin), and that this has the result in law that they owe fiduciary duties to the true owners of that property with the result that, on the facts of this case, they are obliged to introduce a software patch along the lines described above, and help Tulip recover its property.”
He then looked at key cases including the leading case of Bristol and West Building Society v. Mothew [1998] Ch 1 which set out the legal test of who or what constitutes a fiduciary, namely “someone who has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence”. Doing so, he observed that the facts of Tulip were very new and that the “categories in which fiduciary relationships can be identified are not closed” and that an examination of the role of the developers in the present relationship was crucial.
On that assessment, he determined that:
“the role involves the exercise of authority by the developers, given to them by their control of access to the source code, and it is a decision-making role, in effect making decisions on behalf of all the participants in the relevant bitcoin network, including miners and also including the owners of the bitcoin. These features, of authority and of discretionary decision making, are common to fiduciary duties.”
Recognising that, “for Tulip’s case to succeed would involve a significant development of the common law on fiduciary duties” nonetheless, Lord Justice Birss allowed the appeal on the basis not that there was necessarily a fiduciary duty but that the case raised a “serious issue” which ought to be tried.
Perhaps the words which may strike most readers were that, “the internet is not a place where the law does not apply”.
Having now had permission to serve their claim, it will be interesting to see whether the question of the extent to which software developers owe fiduciary and tortious duties to cryptocurrency owners is determined.
