Do Bitcoin developers owe fiduciary duties to Bitcoin owners?

In the latest development in the Tulip Trading proceedings (which we have previously discussed here), the Court of Appeal found (in the context of a jurisdictional challenge) that Tulip has an arguable case that Bitcoin developers owe fiduciary and/or tortious duties to Bitcoin users. The decision means that Tulip has permission to serve its claim on the defendants who are outside of the jurisdiction and the merits of the claim should now be fully pleaded and eventually heard by the English courts (likely in 2024).

Background

Tulip's case relates to Bitcoin worth USD $4.5 billion which had allegedly been subject to a hack which resulted in the deletion of the private keys needed in order to access that Bitcoin. Tulip has brought proceedings against a number of Bitcoin developers and is claiming that those developers owe Tulip fiduciary and/or tortious duties which require the developers to write a "patch" to provide Tulip with a new private key so that it can recover its lost Bitcoin. 

As it stands, the test under English law for whether a party is a fiduciary is whether it has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty. It can also be expressed by reference to reasonable expectations – is there an expectation that one party will act in the other's interest to the exclusion of their own self-interest?

Previous High Court decisions 

The Court of Appeal decision and prior court decisions related to a challenge raised by a number of the defendants regarding whether the courts of England and Wales had jurisdiction in relation to the claims (as none of the developer defendants are based in England and Wales) and whether the High Court had been right to grant Tulip permission to serve those defendants outside of the jurisdiction. There has not therefore (yet) been a full determination of the case on its merits.

In determining the jurisdictional challenges, the High Court had to decide whether Tulip's claim met the below criteria:

• there was a serious issue to be tried 
• there was a good arguable case that the claim fell within one or more of the jurisdictional gateways 
• in all the circumstances English was the appropriate forum and the Court should exercise its discretion to permit service out of the jurisdiction. 

The High Court overturned the permission to serve out of the jurisdiction on the basis that it was not seriously arguable that Bitcoin developers were fiduciaries to the owners of Bitcoin. The Judge held that she could not conclude that the Bitcoin owners had entrusted their property to the Bitcoin developers, who were "a fluctuating, and unidentified, body of developers of the software". The Judge also held that it was not arguable that the Bitcoin developers had undertaken to act in the interests of one particular owner over their own interests, or the interests of other users. 

Court of Appeal decision: Tulip has an arguable case

Tulip appealed that decision and in the latest development, the Court of Appeal has now granted Tulip's appeal against the jurisdictional challenge meaning that Tulip has permission to serve the defendants outside of the jurisdiction and its claim can proceed to be heard on its merits. 

The Court of Appeal held that the question of whether Bitcoin is decentralised such that there is not a group of developers who have control of the code and the ability to introduce a patch in the way sought by Tulip is a question of fact to be determined at trial. The Judge in the High Court should not therefore have accepted decentralisation as a fact in determining the issue. 

As to whether Bitcoin developers can owe fiduciary duties to the owners of bitcoin, the Court of Appeal held that this is a serious issue to be tried. 

On Tulip's case, the developers have control of the software on which the Bitcoin networks operate and therefore exercise authority as to what updates or developments are made to the code. In making those decisions, the developers act on behalf of the participants in the network. It was, therefore, at least arguable that the Bitcoin developers had undertaken a role which bears some resemblance to the interests of owners of Bitcoin in the way that a fiduciary would. 

The Court of Appeal accepted that it was arguable that the duty on developers included a duty not to act in their own self-interest but also a positive duty to act in the interest of other users – for example, to introduce a code to fix bugs. Such a positive duty could arguably extend to developing a patch to assist an owner in protecting their asset. Whether such a patch could be developed in practice, and whether it would be implemented by miners, are factual issues to be determined at trial. 

While the imposition of such a duty would be an extension of the categories of relationship in which fiduciary duties have been held to exist, this is a "new" area of technology, and the common law should not simply stop with the existing categories.

Impact of this decision

Tulip's case cuts to the very heart of one of the biggest questions surrounding distributed ledger technology – is it really "decentralised" and immutable, or can it in fact be controlled by a small group of developers? If a ledger cannot be updated without a consensus being established amongst the users of the network, then the answer must be "yes", it is truly decentralised. However, that conclusion would be undermined if a small number of private developers and coders were subject to fiduciary duties in relation to the users of the network, such that they could be ordered to change the code pursuant to which the network operates. If such duties are established, it would make it easier for victims of digital asset fraud to recover that asset and require a change to the code to reinstate ownership with the rightful person. 

How effective enforcement would be achieved in that situation is not yet known. In the Tulip case, if for example, the defendants were ordered to deploy a "patch" in the network code, such that Tulip would be given new keys to its Bitcoin to enable it to access, trade or cash out its Bitcoin, then unless every other user of the network agreed to the subsequent alteration to the ledger, it would create a fork in the network – with consenting users recognising Tulip's Bitcoin transactions as valid, and adding new transactions to that version of the blockchain, and with non-consenting users continuing to use the version of the ledger existing immediately prior to the patch or any transaction involving Tulip's Bitcoin (such that, on that ledger, Tulip would not be able to move or trade its Bitcoin as it would not have the keys and the patch would be ineffective). There would be no effective way for the English court, or any existing court for that matter, to force all users of the Bitcoin network to recognise any patch to the network as valid.

The case is guaranteed to continue to ignite the debate regarding the need for global regulation of digital assets and the unprecedented cross-border co-operation that would be required to ensure effective governance of a truly global and borderless financial system.