August 2016

Trustless Trust
Kevin Werbach
29,310 words

Distributed ledgers, also known as blockchains, could be the most consequential

development in information technology since the internet. Created to support the
Bitcoin digital currency, the blockchain is actually something deeper: A novel
solution to the age-old human problem of trust. The new architecture of “trustless
trust” makes it possible to trust the outputs of a system without trusting any actor
within it. It raises the tantalizing possibility of an economy that is simultaneously
more efficient, more fair, and more free. Its impacts will extend far beyond the
technology and finance communities that gave birth to the blockchain.
For all its potential, trustless trust faces substantial challenges and creates
significant dangers. The technologists building distributed ledger systems are ill-
equipped to answer the most important questions. These are fundamentally matters
of governance rather than computer science, and less about regulation of blockchains
than how blockchains regulate. They tie into issues that legal scholars and
philosophers have engaged with for some time. A theory of trustless trust and its
relationship to law points the way to new solutions that supplement, complement, or
substitute for legal enforcement. Surprisingly, law and the blockchain are destined
more for cooperation than conflict.

I. INTRODUCTION ...................................................................................... 1
II. UNPACKING TRUST ................................................................................ 6
A. Why Trust Matters .................................................................................... 6
B. What Trust Is ............................................................................................ 8
C. Trust Architectures ..................................................................................15
D. Trust and the Legal System......................................................................17
III. THE GREAT LEDGER IN THE SKY ......................................................... 20
A. How the Blockchain Works ......................................................................22
B. Reasons for Adoption ..............................................................................31
C. The Blockchain’s Trust Architecture .......................................................35
D. The Nature of Blockchain Trust ...............................................................39
IV. TRUSTLESS TRUST IN ACTION ............................................................. 47
A. Blockchain Applications ..........................................................................47
B. Ledgers Meet Law ....................................................................................53
C. Limitations and Dangers ..........................................................................60
V. FROM TRUST TO GOVERNANCE ........................................................... 68
A. Ghosts and the Machines .........................................................................68
B. The Social Contract .................................................................................71
C. Connecting Legal and Blockchain Trust ..................................................73
VI. CONCLUSION ......................................................................................... 77

Electronic copy available at: http://ssrn.com/abstract=2757380

 Trustless Trust
Kevin Werbach*

Доверяй, но проверяй (“trust, but verify”)

— Russian Proverb1

I. INTRODUCTION

Distributed ledgers, also known as blockchains,2 could be the most

consequential development in information technology since the internet.
Created to support the Bitcoin digital currency, the blockchain is actually
something deeper: A novel solution to the age-old human problem of trust.
Conceptually, it brings into sharper relief the variegated mechanisms of trust
and their relationships to law. Practically, it offers new pathways to supplement,
complement, or replace traditional approaches in a wide range of contexts. The
architecture of “trustless trust” raises the tantalizing possibility of an economy
that is simultaneously more efficient, more fair, and more free. It also creates
significant dangers. The impacts of trustless trust will extend far beyond the
technology and finance communities that gave birth to the blockchain. And the
legal and governance dimensions of the new trust architecture will be of
paramount importance.

* Associate Professor of Legal Studies and Business Ethics, The Wharton School,
University of Pennsylvania. Email: werbach@wharton.upenn.edu. Thanks to Dan Hunter
for collaborating to develop the ideas that gave rise to this article, and to Sarah Light and
Patrick Murck for comments on prior drafts.
1President Ronald Reagan famously used this aphorism at the signing ceremony for
the Intermediate-Range Nuclear Forces treaty with the Soviet Union in 1987. Soviet
leader Mikhail Gorbachev remarked with exasperation, “You repeat that at every
meeting.” See DAVID E. HOFFMAN, THE DEAD HAND: THE UNTOLD STORY OF THE COLD WAR
ARMS RACE AND ITS DANGEROUS LEGACY 295 (Doubleday 2009).
2 There is not yet agreement on terminology. Technically, a blockchain (sometimes
rendered as block chain) is a data storage system using sequentially signed blocks, as
described in Part III. “The blockchain” may describe the universe of blockchains (similar
to “the internet”), the subset of public blockchains, or just the public ledger for Bitcoin.
“Distributed ledger” is a more general term for the primary application of blockchains.
For simplicity, this Article will employ “blockchain” for a specific implementation, and
“the blockchain” or “distributed ledgers” interchangeably for the overall approach.

Electronic copy available at: http://ssrn.com/abstract=2757380

Trustless Trust 2

Blockchains use complex technology, but their basic function is simple: to

provide a distributed yet provably accurate record. In other words, everyone can
maintain a copy of a dynamically-updated ledger, but all those copies remain the
same, even without a central administrator or master version.3 This approach
offers two basic benefits. First, one can have confidence in transactions without
trusting the integrity of any individuals, intermediaries, or governments.
Second, the single distributed ledger replaces many private ledgers that must be
reconciled for consistency, thus reducing transaction costs.
The first practical use of the blockchain was to record financial transactions
in Bitcoin. However, any activity that makes use of a ledger can take advantage
of it. As just a sample, current blockchain-based services include academic
certificates,4 electronic medical records,5 warranty information for purchases,6
records of clinical trials,7 supply-chain verification for diamonds,8 and persistent
attribution for creators of digital works.9 And by incorporating a technique called
smart contracts, a blockchain can even function as a distributed computer,
powering network-scale applications.10 Already startups are using the blockchain

3
A detailed explanation of how the blockchain achieves this paradoxical result is
provided in Part III.
4 See Juliana Nazaré, What We Learned From Designing an Academic Certificates
System on the Blockchain, MEDIUM (June 2, 2016), https://medium.com/mit-media-
lab/what-we-learned-from-designing-an-academic-certificates-system-on-the-
blockchain-34ba5874f196#.vstmqjsoq.
5See Ariel Ekblaw et al, MedRec: Medical Record Management on the Blockchain, J.
DESIGN & SCI. (forthcoming), http://jods.mitpress.mit.edu/pub/medrec.
6 See Michael del Castillo, Deloitte Uses Facebook to Build Warranties on Bitcoin
Blockchain, COINDESK (Apr. 29, 2016, 19:50 BST), http://www.coindesk.com/deloitte-
hacked-facebook-messenger-put-warranties-blockchain/.
7 See Better with Bitcoin, ECONOMIST (May 21, 2016),
http://www.economist.com/news/science-and-technology/21699099-blockchain-
technology-could-improve-reliability-medical-trials-better.
8 See Rob Price, This London Startup Could Make Diamond Theft a Thing of the Past --
and That's Just the Start, BUSINESS INSIDER (Aug. 28, 2015, 9:13 AM),
http://www.businessinsider.com/everledger-ledger-diamonds-blockchain-tech-theft-
fraud-2015-8?r=UK&IR=T.
9 See John Biggs, Ascribe Raises $2 Million to Ensure You Get Credit For Your Art,
TECHCRUNCH (June 24, 2015), https://techcrunch.com/2015/06/24/ascribe-raises-2-
million-to-ensure-you-get-credit-for-your-art/.
10
See infra Part III(A)(3).

Electronic copy available at: http://ssrn.com/abstract=2757380

Trustless Trust 3

for Uber-like ridesharing,11 eBay-like online marketplaces,12 and Kickstarter-like

crowdfunding.13 Even well-established observers such as Goldman Sachs see tens
of billions of dollars in annual benefits from “low-hanging fruit” examples, with
more transformative opportunities on the horizon.14
As is so often the case with new technologies, early implementations of the
blockchain are over-hyped. Many startup companies and currencies will fail.
Everything won’t change; certainly not overnight. Yet the challenges distributed
ledgers can address are so large and so widespread, and the level of activity
already so extensive, that they are bound to have significant influence.15 Directly
or through consortia, virtually all of the world’s largest financial institutions are
examining blockchain technology, and venture capitalists poured over one
billion dollars into blockchain-based startups between 2013 and 2016.16
Many questions are being raised about how governments will regulate the
activities that blockchains support, such as Bitcoin. The more important
question is how blockchains regulate. Architecture is power. The physical

11 Scott Rosenberg, Can an Arcane Crypto Ledger Replace Uber, Spotify and AirBnB?,

MEDIUM (Jan. 6, 2016), https://medium.com/backchannel/can-an-arcane-crypto-ledger-

replace-uber-spotify-and-airbnb-f8ce3846d84a#.kxfspiys4; Amanda Johnson, La’Zooz:
The Decentralized Proof-of-Movement “Uber” Unveiled, COINTELEGRAPH (Oct. 19, 2014,
05:44 PM), http://cointelegraph.com/news/112758/lazooz-the-decentralized-proof-of-
movement-uber-unveiled. Bitcoin expert Andreas Antonopoulos uses the phrase
“decentralized trust.” See Andreas Antonopoulos, Bitcoin Security Model: Trust by
Computation, O’REILLY RADAR (Feb. 20, 2014), http://radar.oreilly.com/2014/02/bitcoin-
security-model-trust-by-computation.html.
12 See Paul Vigna, BitBeat: OpenBaazar Raises $1M for Its Decentralized Marketplace,
WALL. S T. J., MONEYBEAT BLOG (June 11, 2015, 9:03am ET),
http://blogs.wsj.com/moneybeat/2015/06/11/bitbeat-openbaazar-raises-1m-for-its-
decentralized-marketplace/.
13
See infra TAN 252-254.
14
See James Schneider et al, Blockchain: Putting Theory into Practice, GOLDMAN SACHS
EQUITY RESEARCH REPORT (May 24, 2016),
https://www.scribd.com/doc/313839001/Profiles-in-Innovation-May-24-2016-1.
15Amara’s Law, named for futurist Roy Amara, states that, “We tend to overestimate
the effect of a technology in the short run and underestimate the effect in the long run.”
Encyclopedia: Definition of Amara's Law, PC MAG.,
http://www.pcmag.com/encyclopedia/term/37701/amara-s-law (last visited July 5, 2016).
16Garrick Hileman, State of Blockchain Q1 2016: Blockchain Funding Overtakes Bitcoin,
COINDESK (May 11, 2016, 15:15 BST), http://www.coindesk.com/state-of-blockchain-q1-
2016/.
Trustless Trust 4

architecture of neighborhoods defines the character of communities.17 The

network architecture of broadband access shapes opportunities for innovation,
creativity, and free expression online.18 And with its distributed consensus
algorithms, the blockchain opens up powerful new possibilities in a range of
industries.19 It does so as an engine of trust.
Trust is the oil that lubricates social interactions20 and the factor that renders
the boundless complexity of the modern world tractable.21 Those who are trusted
are powerful. Systems that expand the radius of trust change societies. The
“science of association,” said Alexis de Tocqueville in Democracy in America, is
“the mother science; the progress of all the others depends on the progress of
that one.”22 The shape of trust influences both the microstructures of individual
and firm interactions, as well as the macrostructures of national economic
performance. Individuals may trust one another based on their interaction
history or family ties. However, the scope of that baseline trust is quite limited.
Expanding the radius of trust, as needed in modern society, requires a broader
framework, which I call a trust architecture.
Until now, there were two primary trust architectures: Leviathan (deference
to a central enforcement authority)23 and peer-to-peer (reliance on social norms

17 See generally JANE JACOBS, THE DEATH AND LIFE OF GREAT AMERICAN CITIES (1961)
(articulating the value of architecture to shape neighborhoods); Neal Katyal, Architecture
as Crime Control, 111 YALE L.J. 1039 (2002) (explaining how physical architecture affects
crime).
18 See Mark A. Lemley & Lawrence Lessig, The End of End-to-End: Preserving the
Architecture of the Internet in the Broadband Era, 48 UCLA L. REV. 925 (2001); Kevin
Werbach, The Architecture of Internet 2.0, RELEASE 1.0 (Feb. 19, 1999),
http://downloads.oreilly.com/radar/r1/02-99.pdf; BARBARA VAN SCHEWICK, INTERNET
ARCHITECTURE AND INNOVATION (2010).
19See Michael Casey, Blockchain Technology: Redefining Trust for a Global, Digital
Economy, LINKEDIN PULSE (June 13, 2016), https://www.linkedin.com/pulse/blockchain-
technology-redefining-trust-global-digital-michael-casey (describing the blockchain in
terms of “trust protocols”).
20 FRANCIS FUKUYAMA, TRUST: THE SOCIAL VIRTUES AND THE CREATION OF PROSPERITY
(1995).
21 NIKLAS LUHMANN, TRUST AND POWER (1979).
22 ALEXIS DE TOCQUEVILLE, DEMOCRACY IN AMERICA 492 (Harvey C. Mansfield & Delba

Winthrop trans. and eds., 2000).

23
The term “Leviathan” refers to the work of that name by the Enlightenment
philosopher Thomas Hobbes. See infra Part II(B)(2).
Trustless Trust 5

and other governance mechanisms in tightly-knit communities).24 The

blockchain offers a third: trustless trust. Secured through cryptography,
implemented through distributed consensus networks, this new paradigm makes
it possible to trust the outputs of a system without trusting any actor within it.
The name is admittedly misleading: The blockchain does not entirely eliminate
trusted intermediaries (the trustless part), nor does it capture the full spectrum
of trustworthiness (the trust part). Yet it comes close to both.
A new trust architecture has powerful implications. The theory of peer-to-
peer trust earned Elinor Ostrom a Nobel Prize and laid the groundwork for
management of important resources as commons.25 It has proven particularly
significant in the digital economy, as an approach to both network infrastructure
such as wireless spectrum and creative works such as software.26 Trustless trust
has similar potential. It exists in practice today through the blockchain, but is
under-theorized. This Article begins the process of understanding trustless trust
and its relationship to law.
There are significant un-answered questions to consider. Even if the math
works perfectly, blockchains are systems designed, implemented, and used by
humans. Subjective intent remains relevant even when expressed through
objective code. Blockchains are subject to selfish behavior, attacks, and
manipulation. The scope of legitimate practices for blockchain-based systems is
fundamentally a governance question, not a computer science one. The
challenge, therefore, is what happens when ledgers meet law? Legal structures
such as contracts, property, corporations, and judicial enforcement replace
interpersonal trust with more structured rights, expectations, and remedies. Yet
there are places the legal system cannot go, and sometimes the very
formalization that law imposes is an impediment to trust. The new trust
architecture of the blockchain could address many challenges in ways that
supplement, complement, or substitute for legal enforcement.

24
See infra Part II(B)(2); Elinor Ostrom, Beyond Markets and States: Polycentric
Governance of Complex Economic Systems, Nobel Prize Lecture (Dec. 8, 2009),
https://www.nobelprize.org/nobel_prizes/economic-
sciences/laureates/2009/ostrom_lecture.pdf. Peer-to-peer trust is my own coinage for
what Ostrom called design principles for governance of common-pool resources.
25
See Ostrom, supra note 24, at 408, 431-32 (emphasizing “the central role of trust in
coping with social dilemmas”).
26
See generally BRETT M. FRISCHMANN, INFRASTRUCTURE: THE SOCIAL VALUE OF SHARED
RESOURCES (Oxford University Press 2012) (applying Ostrom’s approach to management
of infrastructure); YOCHAI BENKLER, THE WEALTH OF NETWORKS (2006) (applying similar
concepts to “peer production” through digital networks).
Trustless Trust 6

As the first work of legal scholarship on the blockchain and trust, this Article
makes four significant contributions. First, it develops the novel concept of trust
architecture, which can be applied in many other contexts. Second, it explains
how the blockchain produces trust, making the phenomenon accessible to non-
technical scholars. Third, it identifies the benefits and limitations of the
blockchain’s trustless trust architecture. Fourth, it maps the intersections
between blockchain trust and law, showing how, surprisingly, the two
mechanisms are destined more for cooperation than opposition.
The Article proceeds as follows. Part II drills down on the meaning and
significance of trust. Part III provides a non-technical overview of blockchain
technology, and explains how it is being applied to create a new trust
architecture. Part IV examines the blockchain’s model of trustless trust,
describing both opportunities and dangers. Part V explains how law can aid in
the governance of the blockchain. Part VI concludes.

II. UNPACKING TRUST

A. Why Trust Matters

The seventeenth-century philosopher Thomas Hobbes situated trust as the

foundational force in the establishment of civilization.27 In the state of nature,
he argued, life is solitary, nasty, brutish, and short, because trust is wholly
absent. No one can benefit from transactions or personal investment of effort,
because everyone must worry that others will cheat on or steal from them. To
avoid this “war of all against all,” Hobbes imagined that civilized societies make
a one-time deal: They grant a monopoly on violence to the state. Once this takes
place, the state—Hobbes’ mythical Leviathan—can enforce private contracts and
property rights. Knowing there are penalties for breach not based on their own
power for self-help, individuals and organizations feel comfortable taking the
risks inherent in trusting relationships.
Once the frameworks of state and private power have been established, trust
remains a significant force. I may be confident I can enter into a contract, but

27 THOMAS HOBBES, LEVIATHAN, OR, THE MATTER, FORME, & POWER OF A COMMON-WEALTH
ECCLESIASTICALL AND CIVILL (1676). See also John Danaher, Blockchains and DAOs as the
Modern Leviathan, INSTITUTE FOR ETHICS AND EMERGING TECHNOLOGIES BLOG (March 31,
2016), http://ieet.org/index.php/IEET/more/Danaher20160331 (connecting Hobbes’ ideas
to the governance of blockchain-based DAOs). Hobbes did not actually use the term
“trust,” but his account is reflective of the concept as used here.
Trustless Trust 7

should I sign this contract? Should I accept a seller’s representations about the
value of this product? Should I type my credit card number into this box on my
computer screen? Whether we trust and how we trust both matter. There are few
human interactions, and fewer still business transactions, that do not in large
part depend on the qualities of trust involved.28
Two influential best-selling books around the turn of the millennium,
Francis Fukuyama’s Trust and Robert Putnam’s Bowling Alone, identified trust as
an essential factor in the success of societies. Putnam argued that the erosion of
local trust networks beyond the family, epitomized by the decline in bowling
leagues in America relative to individual bowling, was a pernicious development
explaining the growth of social pathologies.29 Fukuyama took a broader view,
comparing the performance of high-trust and low-trust societies around the
world.30 Those without strong social trust fared much worse.31 Business scholars
similarly find that companies where trust is high perform better.32
Trust as described by Putnam and Fukuyama is effectively equivalent to
social capital. It creates reserves of goodwill that lubricate social interactions,
thereby increasing the wealth of society as a whole.33 Without trust, every
interaction becomes a prisoners’ dilemma, which produces undesirable
outcomes for all involved. The difficulty lies in extending trust beyond the
narrow confines of family or small local communities. In the modern world, it is
simply not possible to limit interactions to those circles. High-trust societies
have developed cultures, social norms, and legal systems that give their citizens
the confidence to extend trust to strangers.

28 See Annette Baier, Trust and Antitrust, 96 ETHICS 231, 232 (1986) (arguing that "any
form of cooperative activity…requires the cooperators to trust one another…."); Arrow,
Gifts and Exchanges, in ALTRUISM, MORALITY, AND ECONOMIC THEORY 24 (E. Phelps ed. 1975)
(stating that "[v]irtually every commercial transaction has within itself an element of
trust.”); G. Richard Shell, Opportunism and Trust in the Negotiation of Commercial
Contracts: Toward a New Cause of Action, 44 VAND. L. REV. 221, 225-26 (1991) (observing
that “social psychologists, sociologists, economists, philosophers, and legal scholars all
have recognized that trust is central to the efficient coordination of human goals.”).
See ROBERT D. PUTNAM, BOWLING ALONE: THE COLLAPSE AND REVIVAL OF AMERICAN
29

COMMUNITY (2000).
30 See Fukuyama, supra note 20.
31 See id.
See Roger C. Mayer et al., An Integrative Model of Organizational Trust, 20 ACAD.
32

MGMT. REV. 709 (1995).

33See Fukuyama, supra note 20; Putnam, supra note 29; Frank Cross, Law and Trust,
93 GEO. L.J. 1457 (2005).
Trustless Trust 8

In a high-trust environment, there is less need for intrusive regulation and

coercive enforcement, because people are willing to act without it. Most people
are trustworthy most of the time. And when they aren’t, the combination of legal
sanctions and social pressures can deter misconduct. Trust relationships tend to
be more flexible than untrusted ones, because the parties don’t need to specify
allowable conduct in detail. That in turn improves performance.
In economic terms, trust reduces transaction costs because it frees parties
from the expenses of acquiring information and monitoring behavior of those
they transact with.34 The Coasian theory of the firm can be understood as a
response to the limitations of trust.35 The firm expands to the point at which it is
no longer efficient to organize activity through formalized hierarchy as opposed
to market transactions. Trust is the constraint on those arms-length agreements
outside the firm. Fukuyama illustrates how the high-trust environment in
countries such as the United States allowed for better economic performance.36
On the other hand, as trust frays, the door is opened to fraud and the abuses that
produced the 2008 financial crisis.37

B. What Trust Is

Once the importance of trust is established, the next question is what trust
consists of. Trust is often invoked in discussions of the blockchain, but rarely
examined. If the meaning of trust were simple and widely accepted, casual use of
the term would not be problematic. Nothing could be further from the case.
Trust is one of those, “I know it when I see it” words that, upon closer
examination, becomes maddeningly difficult to pin down.38 Over the past few

34 See Luhmann, supra note 21; ERIC POSNER, LAW AND SOCIAL NORMS 54 (2000).
Conversely, limitations on trust result in higher transaction costs. See, e.g., Fairfield,
supra note 103, at 813 (explaining how the cost of trust limits online property).
35 See Ronald H. Coase, The Nature of the Firm, 4 ECONOMICA 386 (1937).
36 See Fukuyama, supra note 20.
37See TAMAR FRANKEL, TRUST AND HONESTY: AMERICA’S BUSINESS CULTURE AT A
CROSSROAD (2006).
38 See Margaret M. Blair & Lynn A. Stout, Trust, Trustworthiness, and the Behavioral
Foundations of Corporate Law, 149 U. PENN. L. REV. 1735, 1745 (2001) (observing that
scholars use “the term ‘trust’ in different ways to mean different things”); Rebecca M.
Bratspies, Regulatory Trust, 51 ARIZ. L. REV. 575, 588-89 (2009) (noting with surprise
trust’s “continued elusiveness”); Mayer et al, supra note 32, at 709 (identifying problems
in defining the term); ROBERT C. SOLOMON & FERNANDO FLORES, BUILDING TRUST: IN
BUSINESS, POLITICS, RELATIONSHIPS, AND LIFE 20 (2001) (suggesting there is no single
paradigm case of trust); Gregory A. Bigley & Jane L. Pearce, Straining for Shared Meaning
in Organization Science: Problems of Trust and Distrust, 23 ACAD. MGMT. REV. 405 (1998).
Trustless Trust 9

decades, scholars in management, psychology, philosophy, and other fields have

developed substantial literatures on the meaning of trust.39 While not always
consistent, this scholarship sheds light on both the significance of trust and its
essential components.
All American money bears the legend, “In God We Trust.” Yet clearly there is
something more going on when a convenience store clerk accepts a dollar bill for
a Diet Coke. Bitcoin enthusiasts are fond of saying, “in proof we trust,”40 which
begs the question whether math can be trustworthy, and if so, whether trust can
be divorced entirely from human beings. It cannot. Trust is a factor in
relationships and transactions. As such, it is necessarily embedded in social
structures, business arrangements, and societal institutions. An understanding
of the blockchain’s “trustless trust” must begin with an exploration of the
human dimensions of trust.
In a widely-cited management article, Roger Mayer and his co-authors
surveyed conceptions of trust in several disciplines and proposed an integrative
definition based on two main factors: a positive expectation about the other
party and a willingness to be vulnerable.41 The first concerns how the truster
evaluates the one to be trusted. The second concerns how the truster acts in
response. A third dimension of trust is the trustworthiness of the other party.

Cognitive and Affective Trust

Fukuyama calls trust “the expectation that arises within [a] community of
regular and honest behavior based on shared norms, such as truth-telling, good
intentions, reciprocity, and competence.”42 How, though, does that expectation
arise in individuals? What produces the positive disposition that Mayer et al
describe? There is a cognitive and an affective dimension.43 In other words, trust

39Cross, supra note 33, at 1459 (“Much has been written on trust in various academic
disciplines, such as philosophy, business, psychology, political science, and law.”).
40 Dominic Frisby, In Proof We Trust, AEON (Apr. 21, 2016),
https://aeon.co/essays/how-blockchain-will-revolutionise-far-more-than-money.
41See Mayer et al, supra note 38, at 712 (“The definition of trust proposed in this
research is the willingness of a party to be vulnerable to the actions of another party
based on the expectation that the other will perform a particular action important to the
trustor, irrespective of the ability to monitor or control that other party.”).
42 Fukuyama, supra note 20, at 26.
43 See Cross, supra note 33, at 1463; J.L. Morrow, et al, The Cognitive and Affective
Antecedents of General Trust Within Cooperative Organizations, 16 J. MANAGERIAL ISSUES,
48, 50 (2004).
Trustless Trust 10

is both a rational calculation and an emotional disposition. To say that an entry

on a registry encoded on a blockchain can be trusted is both a kind of cost-
benefit statement and a normative judgment. In practice, trust almost always
involves both dimensions.44
One aspect of trust is a cognitive risk assessment: how justified is it to
depend on this person or organization?45 If I give my car keys to a valet, the
potential loss if he or she steals my car may be great, but the probability is low,
monitoring is easy, and redress (through law enforcement or insurance) will
likely make me whole. On the other hand, if I’m asked to wire my life savings to
a Nigerian prince I met by email, I had better be pretty confident about the
forthcoming reward. The cognitive dimension is reflected in Judge Richard
Posner’s formulation that trust is, “merely an imperfect substitute for
information.”46 If we knew the likelihood of future events, we wouldn’t need
anything else to decide on a rational course of action.
The legal system can facilitate cognitive trust.47 The possibility of legal
enforcement gives parties confidence they can take the risks of entering into a
relationship, such as a contract. As Frank Cross explains, “The law [] provides a
form of hedging against the risk that my trust was misplaced.”48 I am more
willing to trust a waiter with my credit card knowing that my liability to the
issuer is capped at $50 in the case of identity theft.49
While the cognitive dimension is important, it cannot represent the entirety
of trust. Otherwise trust would be nothing more than rational reliance. Yet
different people have different levels of willingness to trust. As both Putnam and
Fukuyama demonstrated, this variation extends to communities and societies as
well. The richer social interactions and more vibrant economic activity in high-
trust environments suggest that something more is involved than narrow-eyed
cost-benefit analysis.

44See Cross, supra note 33, at 1469 (observing that “any individual instance of trust
probably contains both affective and cognitive components.”).
See id. at 1466 (“Cognitive trust requires an assessment of the probability and
45

magnitude of that risk of harm.”).

46 Richard Posner, The Right of Privacy, 12 GA. L. REV. 393 (1978).
47 See Cross, supra note 33, at 1466; Luhmann, supra note 21, at 50-51.
48 Cross, supra note 33, at 1466.
49 15 U.S.C. § 1643.
Trustless Trust 11

Affective trust is the optimistic disposition toward others that operates

outside strategic motivation.50 It is an expectation of goodwill on the part of an
agent.51 Compared to cognitive trust, this form of trust is “a more complex
psychological state that is also dependent on emotional and social
influences….”52 It is the aspect of trust concerned with motives, not just
actions.53 This dimension of trust becomes important when, as is often the case,
the parties cannot precisely estimate costs and benefits. In the words of David
Lewis and Andrew Weigert, “Trust begins where prediction ends.”54
There are also normative and moral aspects to affective trust.55 It is trust as
an expression of our goodness, not simply our self-interest. Putnam says that
those who are trusting are “all-round good citizens.”56 And Fukuyama describes
trust as “a set of ethical habits and reciprocal moral obligations internalized by
members of a community.”57 To Thomas Hobbes, “to trust…another is to honour
him, [a] sign of opinion of his virtue and power….”58
The distinction between affective and cognitive trust explains another
important aspect: how trust relates to monitoring and verification. President
Reagan’s favorite Russian proverb, the epigram for this Article, is often criticized
as meaningless: “If you trust, you won’t insist on verifying, whereas if you insist

50See Cross, supra note 33, at 1464; Karen Jones, Trust as an Affective Attitude, 107
ETHICS 4, 5-6 (1996).
51 See Baier, supra note 28, at 231, 235 (“When I trust another, I depend on her good
will toward me.”).
52See Morrow et al, supra note 43, at 50. See also Larry E. Ribstein, Law v. Trust, 81
B.U. L. REV. 553, 557 (2001) (arguing for a definition of trustworthiness not based on
external constraints to honor commitments).
53 See Lawrence Becker, Trust as Noncognitive Security About Motives, 107 ETHICS 34

(1996); Tom R. Tyler, Trust and Law Abidingness: A Proactive Model of Social Regulation,
81 B. U. L. REV. 351 (2001). See also Blair & Stout, supra note 38, at 1751 (describing
“internalized trust” based on “expectations of intrinsic trustworthiness” rather than
external incentives).
54J. David Lewis & Andrew Weigert, Trust as a Social Reality, 63 SOCIAL FORCES 967
(1985).
55Andrew C. Wicks et al., The Structure of Optimal Trust: Moral and Strategic
Implications, 24 ACAD. MGMT. REV. 99, 100 (1999); Cross, supra note 33, at 1464.
56 Putnam, supra note 29, at 137.
57 Fukuyama, supra note 20, at 26. See also William Galston, Trust--But quantify--
Trust: The Social Virtues and the Creation of Prosperity by Francis Fukuyama, PUBLIC
INTEREST, Winter 1996, at 129.
58 THOMAS HOBBES, LEVIATHAN (Richard Tuck, ed., 1991) at X.27.
Trustless Trust 12

on verifying, clearly you don’t trust.”59 Yet this is not necessarily the case. Trust
is a willingness to act; it need not involve blind faith.60 If one sees trust in
cognitive, game-theoretic terms, verification may well be a good investment. In
an iterative game, for example, one may trust initially but seek verification
before trusting again. On the other hand, a desire for monitoring or verification
may be fatal to affective trust.61 If you feel the need to monitor, you probably
don’t have an optimistic disposition toward me.

Vulnerability

To trust is to be vulnerable to the one trusted.62 Even if the decision to trust

is a rational one, there is some risk it will prove a bad bet. The one being trusted
must have some discretion. According to ethicist Annette Baier, trust “is letting
other persons (natural or artificial, such as firms, nations, etc.) take care of
something the trustor cares about, where such ‘caring for’ involves some
exercise of discretionary powers.”63 And that discretion implies that the trustee
may turn out to be untrustworthy. In the words of philosopher Diego Gambetta,
“For trust to be relevant, there must be the possibility of exit, betrayal,

59 Barton Swaim, “Trust, But Verify”: An Untrustworthy Political Phrase, WASH. POST

(Mar. 11, 2016), https://www.washingtonpost.com/opinions/trust-but-verify-an-

untrustworthy-political-phrase/2016/03/11/da32fb08-db3b-11e5-891a-
4ed04f4213e8_story.html.
60 Robert Solomon and Fernando Flores argue for what they call “authentic trust,” in

which wisdom and experience temper both the naivete of affective trust and the coldness
of cognitive trust. See Solomon & Flores, supra note 38, at 54.
61 See Cross, supra note 33, at 1466 and n.43; Bigley & Pierce, supra note 38, at 411-
12.
See Mayer et al, supra note 32; Denise M. Rousseau et al., Not So Different After All:
62

A Cross-Discipline View of Trust, 23 ACAD. MGMT. REV. 393, 394 (1998); Helen
Nissenbaum, Will Security Enhance Trust Online, or Supplant It,” in TRUST AND DISTRUST IN
ORGANIZATIONS: DILEMMAS AND APPROACHES 155, 173 (Roderick M. Kramer and Karen S.
Cook, eds., 2004) (“The theories of trust I have studied differ from one another in many
ways; cutting across these differences, however, is a common theme linking trust with
vulnerability.”).
63Baier, supra note 28, at 240 (arguing that "any form of cooperative
activity…requires the cooperators to trust one another….").
Trustless Trust 13

defection.”64 Emphasizing this point, the legal scholar Gus Hurwitz pithily
defines trust as, “reliance without recourse.”65
On implication of this vulnerability is that sometimes trust is misplaced.
Trust can break down in three ways: direct violations, opportunistic behavior,
and systemic failures. Violations of trust are the clearest cases. The confidence
man who takes advantage of the mark; the Uber driver who sexually assaults a
passenger; the mechanic who charges for unnecessary work: Each takes
advantage of the trustor’s vulnerability to cause him or her harm.
Opportunism means violating the spirit but not necessarily the letter of an
agreement, by taking advantage of asymmetric information.66 The opportunist is
untrustworthy because he or she takes advantage of the trustor, rather than
exercise the necessary benevolence. Policing opportunistic behavior is a central
goal of corporate law under the contemporary mainstream theory of the firm.
Corporate governance responds to the potential for opportunism in the
principal/agent relationship between shareholders and managers.67 Courts have
used several legal doctrines to address opportunism in contractual transactions,
with mixed success.68
Finally, trust may fail, not because the parties to an arrangement are
necessarily untrustworthy, but because the environment is inimical to trust. This
is the case in countries without a robust rule of law or property rights.69 It may
also occur when relationships cross too many boundaries, whether
organizational or political. Without a common legal environment or business

64 Diego Gambetta, Can We Trust?, in TRUST: MAKING AND BREAKING COOPERATIVE

RELATIONS 218-19 (Diego Gambetta ed., 1988).

65
See Gus Hurwitz, Trust and Online Interaction, 161 U. PENN. L. REV. 1579, 1584
(2013) (noting how the loss of native trust among participants as the internet was
commercialized led to increased power of online intermediaries).
66 See Timothy J. Muris, Opportunistic Behavior and the Law of Contracts, 65 MINN. L.
REV. 521 (1981) (describing opportunistic behavior in contractual relationships, and
offering ways to deter it); Shell, supra note 28 (identifying the problem of, and responses
to, opportunism in pre-contractual negotiation); OLIVER WILLIAMSON, MARKETS AND
HIERARCHIES: ANALYSIS AND ANTITRUST IMPLICATIONS 26 (1975) (explaining opportunism in
terms of exercising self-interest through guile, based on exploitation of asymmetric
information).
67See Michael C. Jensen & William H. Meckling, Theory of the Firm: Managerial
Behavior, Agency Costs and Ownership Structure, 3 J. FIN. ECON. 305, 308 (1976).
68 See Shell, supra note 28, at 231-32, 265-66, 275.
69See HERNANDO DE SOTO, THE MYSTERY OF CAPITAL: WHY CAPITALISM TRIUMPHS IN THE
WEST AND FAILS EVERYWHERE ELSE (2000).
Trustless Trust 14

structure, the transaction costs of establishing baselines for trust may be too
great.
A common response to these impediments creates its own problems of trust.
Large private firms are able to internalize the trust environment that otherwise
would depend on public institutions or arrangements across organizational
boundaries. This makes it easier for parties to engage in trusted transactions, but
it also makes those corporate intermediaries more powerful. Eventually, as in
the 2008 financial crisis, they may become “too big to fail,” and thus part of the
problem rather than the solution to the breakdown of trust.

Trustworthiness

Trust is not the same as trustworthiness.70 One who trusts acts as though the
trusted party is trustworthy, but that may or may not be the case. Furthermore,
as Barney and Hansen observe, “trust is an attribute of a relationship between
exchange partners, trustworthiness is an attribute of individual exchange
partners.”71 Hierarchical trust architectures falter when they enable trusting
transactions without establishing trustworthiness beyond the thin level of
cognitive cost/benefit. Trustworthiness also becomes a difficult concept when
one exchange partner is a machine, or a machine-based system such as a
blockchain.
According to Mayer et al, trustworthiness has three aspects: benevolence,
ability, and integrity.72 Mirroring the optimistic expectations of the trustee, one
must endeavor to act in his or her best interests. The trustworthy actor must also
have the requisite capability. The good Samaritan is not trusted to provide the
same level of medical care as the trained medical professional (although they
must exercise a basic level of care). Finally, integrity means that the trustor
perceives that the trustee adheres to an appropriate set of principles.
Trustworthiness cannot be communicated directly. Saying, “trust me,” gives
no indication in itself that one is trustworthy. Proxies must be used instead. One
proxy for trustworthiness is familiarity. A pre-existing relationship is likely to
enhance trust,73 as are shared cultural attributes or histories.74 Homophily and

70 See Russell Hardin, Trustworthiness, 107 ETHICS 26, 28 (1996); Avner Ben-Ner and

Louis Putterman, Trusting and Trustworthiness, 81 B.U. L. REV. 523 (2001).

71 Jay B. Barney & Mark H. Hansen, Trustworthiness as a Source of Competitive
Advantage, 15 STRAT. MGT. J. 175, 176 (1994).
72 See Mayer et al, supra note 38.
73 Ben-Ner and Putterman, supra note 70.
74 Nissenbaum, supra note 62.
Trustless Trust 15

extrapolation from experience are cognitive shortcuts for trustworthiness.

Signaling mechanisms can stand in for direct experience in some cases. The
marble columns in the bank branch or the Catholic priest’s collar project
trustworthiness by association. Transparency is itself a signal that one has
nothing to hide, and also provides access to information that can be used for a
more accurate assessment of trustworthiness.
Various devices can change the risk/reward calculus to tip the balance
toward trust. Legal enforcement and insurance do not per se make anyone more
trustworthy. Like monitoring and verification, they hew much more closely to
the cognitive than the affective conception of trust. In practice, they shift the
balance to make trusting less risky and therefore more appealing. Voluntary
commitment devices (such as remedies for breach of contract) also reduce the
appeal of being untrustworthy. Finally, alignment of interests is suggestive of
trustworthiness. One may solely be pursuing self-interest, rather than exercising
benevolence, and still be deserving of trust. The one called upon to trust must
know that the other has a shared interest. So it may be useful to highlight shared
interests as a means of projecting trustworthiness.

C. Trust Architectures

Individual decisions about whether to trust are embedded in larger patterns

of trust relationships, which I call trust architectures. These are idealized types;
practical trust relationships may involve a combination. For example, in a cash
transaction, one trusts the integrity of the physical bill as non-counterfeit on a
peer-to-peer basis, but trusts that the paper is worth actual money because of
the “full faith and credit” of the United States government.
The first major trust architecture is the one Thomas Hobbes envisioned:
deference to central authority. The simplest way to expand the radius of trust is
to delegate it to powerful intermediaries.75 I don’t have to trust you to engage in
a financial exchange if we both connect through a trusted bank.76 In this

75
See Hurwitz, supra note 65, at 1580-81.
76 See UBS, BUILDING THE TRUST ENGINE 9,
https://www.ubs.com/microsites/blockchain-report/en/home/ [hereinafter Building the
Trust Engine] (“Banks arose from the need for trusted intermediaries to help people
protect and transact with their money.”); Andreas Adriano and Hunter Monroe, The
Internet of Trust, FINANCE & DEVELOPMENT, June 2016,
http://www.imf.org/external/pubs/ft/fandd/2016/06/adriano.htm (“Traditionally, the
financial industry has tried to solve the problem of creating trust by acting as a trusted
intermediary between individuals and companies who do not know each other, with
Trustless Trust 16

structure, the formal rules of the intermediaries take the place of immanent
social norms to structure transactions. The system is hierarchical because it
generally follows a hub-and-spoke model.77 Individuals trust a local
intermediary, which develops trusted relationships with its peers, and which
derives its authority from higher-level intermediaries, all the way up to the
state. The hierarchical trust architecture gives rise to a trust tradeoff, in which
users are forced to give up freedom to gain the benefits of trust.78
Hierarchical trust expands the second dimension of trust—its radius—at the
cost of limiting the others. Intermediaries are generally trusted for limited
purposes. You may believe Facebook will keep your personal information secure
from theft, but that doesn't make you confident it will be a good steward of your
privacy. And trust in the hierarchy of intermediaries tends to be highly
instrumental. You trust the bank because you think the risks to your money are
limited relative to the benefits, not because you believe in the bank’s goodwill
toward you.
The second architecture, peer-to-peer trust, is based on interpersonal
relationships and shared ethical norms: I trust you because I trust you. This is
the domain of commons regimes explored by Elinor Ostrom, Robert Ellickson,
and others, where order is achievable without law.79 Well-articulated social
norms and standards, plus concern about reputation, is enough. Because it
operates peer-to-peer within communities, this trust architecture has a
relatively small radius. You might trust a stranger peer-to-peer (the purchase at
the convenience store), but only for an unimportant transaction.

central banks and regulators backing up this trust by supervising banks and through
deposit insurance.”)
77In a seminal paper, Paul Baran, the RAND network engineer who did foundational
work on packet switching in the 1960s, distinguished two kinds of networks: centralized
and distributed. See Paul Baran, On Distributed Communications Networks, 12 IEEE
TRANSACTIONS ON COMMUNICATIONS SYSTEMS, 1 (1964). In practice, he noted, most
communications networks involve a hub-and-spoke combination of the two, which he
labeled decentralized. See id. See also Casey, supra note 19 (“A hub-and-spokes structure
emerged, with a centralized ledger managed by the central bank acting as a trust
backstop for the multitude of subordinate commercial bank ledgers, where most of
society’s monetary balances remained.”).
78See Hurwitz, supra note 75, at 1581 (arguing that, “[i]n the post-trust Internet,
intermediaries can cause real harm.”).
79See ELINOR OSTROM, GOVERNING THE COMMONS: THE EVOLUTION OF INSTITUTIONS FOR
COLLECTIVE ACTION (1990); ROBERT ELLICKSON, ORDER WITHOUT LAW: HOW NEIGHBORS SETTLE
DISPUTES (1991).
Trustless Trust 17

As Richard Shell explains, in business transactions, negotiation bridges the

gap between parties who lack interpersonal trust.80 This process may involve
low-risk confidence-building steps such as a dinner invitation or exchange of
gifts, as well as higher-risk steps including disclosures and precontractual
commitments.81 The dilemma is that these moves to build trust open parties up
to opportunistic behavior which violates trust expectations.82
The peer-to-peer trust architecture does have significant benefits. It tends to
be democratic and egalitarian, at least within the bounds of the community. It
allows interactions, even business ones, to reinforce rich interpersonal
relationships and build social capital. Its weakness is that it depends on often-
ephemeral social bonds and informal governance structures. This is what
Putnam was concerned with in his account of the deterioration of American
society. As peer-to-peer trust has frayed, law has stepped into the resulting
vacuum.

D. Trust and the Legal System

Trust and law have an ambiguous relationship. A promise lacking the

required formalities of contract law may still be sufficient to engender trust.83
Conversely, untrusting enemies may enter into legally binding transactions, if
they see mutual advantage. Yet the two domains are clearly connected. The
question, which numerous scholars have engaged, is whether law is more likely
promote or undermine trust.84
On the one hand, law may enhance confidence and channel relationships in
trust-enhancing ways. The legal system provides redress for violations of
agreements, which may give the parties additional confidence in entering into
those relationships. Legal enforcement is not perfect, but trust necessarily

80 See Shell, supra note 28, at 231-35.

81 See id. at 258-61.
82 See id. at 256-58.
83See Cross, supra note 33, at 1482 (“If all parties were truly trusting, they would feel
no need for legalized protections.”).
84 See id.; Blair & Stout, supra note 38; Claire A. Hill & Erin Ann O’Hara, A Cognitive
Theory of Trust, 84 WASH. U. L. REV. 1717 (2006); Symposium: Trust Relationships, 81 B.U.
L. REV. 321 (2001); Tom R. Tyler, Trust and Law Abidingness: A Proactive Model of Social
Regulation, 81 B.U. L. REV. 361 (2001); Sim B. Sitkin & Robert J. Bies, The Legalistic
Organization: Definitions, Dimensions, and Dilemmas, 4 ORG. SCI. 345 (1993); Douglas G.
Baird, Self-Interest and Cooperation in Long-Term Contracts, 19 J. LEGAL STUD. 583 (1989);
Neil M. Richards & Woodrow Hartzog, Taking Trust Seriously in Privacy Law, __ STAN.
TECH. L. REV. __ (forthcoming).
Trustless Trust 18

involves some risk.85 The legal enforcement mechanism may reduce the
possibility and magnitude of loss from untrustworthiness enough to induce
trust-based relationships.86 Moreover, law formalizes relationships. Knowing the
scope of expectations on both sides, and placing the entire arrangement within a
structure, can limit room for misunderstandings.87 Thus, even though legal
enforcement rests on the Leviathan of state power, law may create necessary
space for the informal arrangements of peer-to-peer trust.
On the other hand, legal enforcement may actually reduce trust.88 Critics of
the American legal system argue that the expansive use of law and lawyers
undermines social cohesion.89 The formalization that law imposes may replace
the fluidity of normal human relationships with dry commitments.90 And while
legal redress may make trust less risky, it may also stifle trust-enhancing
actions, leaving the parties worse off.91 In fact, trusting purely on a calculating
basis may not be trust at all.92 On this view, trust inures in relationships.

85 See supra Part (II)(B)(2).

86 See Cross, supra note 33, at 1484 (“By giving legal assurances of remedies for
breaches of trust, the law makes parties more likely to be both trusting (thanks to the
hedging effect of the legal remedy) and trustworthy (to avoid sanctions)”); Sim B. Sitkin,
On the Positive Effect of Legalization on Trust, 5 RES. ON NEGOTIATION IN ORG. 185, 193
(1995); Shell, supra note 28.
87 See Cross, supra note 33, at 1501-03.
88 See Ribstein, supra note 52.
89 See MARY ANN GLENDON, RIGHTS TALK: THE IMPOVERISHMENT OF SOCIAL DISCOURSE

138 (1994); PHILIP K. HOWARD, THE DEATH OF COMMON SENSE: HOW LAW IS SUFFOCATING
AMERICA (1994); ROBERT A. KAGAN, ADVERSARIAL LEGALISM: THE AMERICAN WAY OF LAW
(2001); Charles Silver & Frank B. Cross, What’s Not To Like About Being a Lawyer?, 109
YALE L.J. 1443, 1443-46 (2000) (reviewing various critiques of the legal system).
90See Cross, supra note 33, at 1483 (“Commentators increasingly blame the law and
lawyers for America’s reported diminution of trust and social capital.”); Deepak
Malhotra and J. Keith Murnighan, The Effects of Contracts on Interpersonal Trust, 47
Admin. Sci. Q. 534 (2002); Laetitia B. Mulder et al, Undermining Trust and Cooperation:
The Paradox of Sanctioning Systems in Social Dilemmas, 42 J. EXPERIMENTAL SOC. PSYCH. 147
(2006); David Charny, Nonlegal Sanctions in Commercial Relationships, 104 HARV. L. REV.
373, 426-30 (1990); Sitkin & Roth, supra note 84, at 369.
91 See Charny, supra note 90, at 428; Ribstein, supra note 52, at 581-83.
92See Oliver E. Williamson, Calculativeness, Trust, and Economic Organization, 36 J.L.
& ECON. 453, 463 (1993) (“[I]t... can be misleading to use the term ‘trust’ to describe
commercial exchange for which cost-effective safeguards have been devised in support
of more efficient exchange….”).
Trustless Trust 19

Contracts and other legal formalities may memorialize aspects of those

relationships, but they are epiphenomenal to trust.93
The legal system is particularly valuable along the cognitive dimension of
trust.94 The concern is that it crowds out the affective dimension, imposing a
hierarchical trust architecture in lieu of a peer-to-peer one.95 However, the
choice is not necessarily binary. When parties have the option, legal
enforcement through either private contractual agreement or regulation can
offer a backstop where interpersonal trust is insufficient.96 Over time, as
confidence in relationships increases thanks to legal risk-mitigation, affective
trust may expand as well.97
Both the virtue and the limitation of law as an instrument of trust is that it is
an apparatus of the state. Legal authority supersedes that of the parties. Law
arises from territorial sovereignty, which gives it a defined geographic scope. It
operates through bureaucratic mechanisms or adversarial processes, both of
which have well-understood flaws. And law must treat everyone equally, rather
than offering unlimited customization for particular parties. While each of these
offers correlative benefits, there is a gap in the possibility space. A trust
architecture that paired the stability of Leviathan with the autonomy of peer-to-
peer trust might allow for new kinds of relationships, or better configuration of
existing ones. Enter the blockchain.

93 See Fernando L. Flores & Robert C. Solomon, Rethinking Trust, 16 BUS. & PROF.

ETHICS J. 47, 50 (1997). Law and economics scholars of relational contracts emphasize the
importance of ongoing business relationships over enforcement of formal contractual
terms. See Cross, supra note 33, at 1485. On this view, contract law exists to restrain
opportunism, see supra note 66 and associated text, but business negotiations and other
relationship-enhancing activities outside the contract itself are the primary means of
achieving this goal. See Cross, supra note 33, at 1485-86; Robert W. Gordon, Macaulay,
Macneil, and the Discovery of Solidarity and Power in Contract Law, 1985 WISC. L. REV. 565,
573; Simon Deakin et al., Contract Law, Trust Relations, and Incentives for Cooperation: A
Comparative Study, in CONTRACTS, CO-OPERATION, AND COMPETITION 105 (Simon Deakin &
Jonathan Michie eds., 1997).
94 See Frankel, supra note 37, at 474 (describing the cognitive trust benefits of the
law).
95 See Mark A. Hall, Law, Medicine, and Trust, 55 STAN. L. REV. 463, 514 (2002)
(expressing concern that “trust in the system of law replaces interpersonal trust in
individuals”).
96 See Cross, supra note 33, at 1499.
97 See id. at 1508-09.
Trustless Trust 20

III. THE GREAT LEDGER IN THE SKY

In just a few years, Bitcoin and the blockchain have sparked extraordinary
excitement and activity in the technology world.98 Leading figures equate them
with nothing less than a new internet: a radically powerful open, distributed
platform that will enable a vast economy of new and enhanced digital services.99
Some say they could prevent future financial crises100 or even, “transform
business, government, and society.”101 Others suggest the blockchain heralds the

98 See, e.g., Marc Andreesen, Why Bitcoin Matters, N.Y. TIMES DEALBOOK (Jan. 21, 2014,

11:54 AM), http://dealbook.nytimes.com/2014/01/21/why-bitcoin-matters; Reid

Hoffman, Why the Block Chain Matters, WIRED, May 15, 2015; Amy Cortese, Blockchain
Technology Ushers in the “Internet of Value”, Cisco (Feb. 10, 2016),
https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1741667;
Jerry Cuomo, How Businesses And Governments Can Capitalize On Blockchain, FORBES
BRANDVOICE (Mar. 17, 2016), http://www.forbes.com/sites/ibm/2016/03/17/how-
businesses-and-governments-can-capitalize-on-blockchain/#4468fdb83a2c (calling the
blockchain a “revolutionary technology”); UK Government Chief Science Advisor,
Distributed Ledger Technology: Beyond Block Chain (2015),
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/492972/
gs-16-1-distributed-ledger-technology.pdf [hereinafter Distributed Ledger Technology],
at 4 (“In distributed ledger technology, we may be witnessing one of those potential
explosions of creative potential that catalyse exceptional levels of innovation.”);
Building the Trust Engine, supra note 76, at 5 (“Like many of our peers, we at UBS
believe the blockchain is a potentially transformative technology...”); ARVIND
NARAYANAN, ET AL, BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES 2 (Princeton University
Press 2016) (Feb. 9, 2016 draft) (“Optimists claim that Bitcoin will fundamentally alter
payments, economics, and even politics around the world.”); DON TAPSCOTT & ALEX
TAPSCOTT, BLOCKCHAIN REVOLUTION 8-9 (2016).
99See Cadie Thompson, Bitcoin Transformative as the Web, Venture Capitalist Says,
CNBC (Jan. 28, 2014), http://www.cnbc.com/2014/01/28/bitcoin-transformative-as-the-
web-venture-capitalist-says.html; Scott Rosenberg, There’s a Blockchain for That!,
BACKCHANNEL (Jan. 13, 2015), https://backchannel.com/how-bitcoins-blockchain-could-
power-an-alternate-internet-bb501855af67#.r7ilkg7m9; Peter Spence, Bitcoin Revolution
Could be the Next Internet, Says Bank of England, THE TELEGRAPH (Feb. 25, 2015, 3:47pm
GMT), http://www.telegraph.co.uk/finance/currency/11434904/Bitcoin-revolution-
could-be-the-next-internet-says-Bank-of-England.html; Daniel Folkinshteyn, Mark
Lennon & Tim Reilly, A Tale of Twin Tech: Bitcoin and the WWW, 10 J. STRATEGIC & INT’L
STUD. 82 (2015).
100See Editorial Board, Bring on the Blockchain Future, BLOOMBERG VIEW (June 6, 2016,
10:05 AM EDT), http://www.bloomberg.com/view/articles/2016-06-06/bring-on-the-
blockchain-future (“The blockchain really could change the world….”).
101Don Tapscott and Alex Tapscott, The Impact of the Blockchain Goes Beyond
Financial Services, HARV. BUS. REV. (May 10, 2016), https://hbr.org/2016/05/the-impact-
Trustless Trust 21

rise of a new form of law.102 For libertarians, these technologies represent

economic activity outside the bounds of sovereign state control. For
progressives, they promise to undermine entrenched private power. For others,
they are simply a potentially huge opportunity to make money or solve
problems.
The magic of distributed ledgers is to make certain activities trustworthy
without the need to trust anyone in particular.103 Blockchain proponents argue
that as a result, costly mechanisms of intermediation and legal enforcement can
be dispensed with. Instead of trusting banks and courts and governments, they
suggest, we can trust math and computation, in the form of open-source
cryptographic protocols. If they are even slightly correct, the potential is
extraordinary, because so many things depend on trust.
The blockchain ecosystem is still fledgling, but is evolving rapidly. The
underlying technology was first outlined in 2008 as part of the Bitcoin digital
currency.104 Initially it was of interest primarily to the “cypherpunk” and
financial cryptography communities.105 Over the past five years, not only has the
value of Bitcoin in circulation spiked to billions of dollars, but a large community
of developers, entrepreneurs, investors, and major corporations has sprung up
around distributed ledgers.106 New systems are going far beyond digital cash.
New infrastructure is making it easier to develop powerful applications. And
governments are mobilizing to understand the legal and regulatory issues. Even

of-the-blockchain-goes-beyond-financial-services. Going even further, Skype co-

founder Jaan Tallinn believes the blockchain can be used to overcome the tragedy of the
commons and solve some of humanities greatest challenges. See Rebecca Burn-
Callander, Skype Inventor Jaan Tallinn Wants to Use Bitcoin Technology to Save the World,
TELEGRAPH (June 20, 2016, 6:40pm),
http://www.telegraph.co.uk/business/2016/06/20/skype-inventor-jaan-tallinn-wants-to-
use-bitcoin-technology-to-s/.
102See Aaron Wright & Primavera De Filippi, Decentralized Blockchain Technology and
the Rise of Lex Cryptographia, available at
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2580664 (2015); Michael
Abramowicz, Cryptocurrency-Based Law, 58 ARIZ. L. REV. 359 (2016).
103
See Joshua Fairfield, BitProperty, 88 S. Cal. L. Rev. 805, 814 (2015) (“Bitcoin
creates a manipulation-resistant solution to the problem of trust—a way of providing
verification without centralization and its attendant risks and costs.”).
104 Satoshi Nakamoto, Bitcoin: A Peer-To-Peer Electronic Cash System 8 (2008),
https://bitcoin.org/bitcoin.pdf. Digital currencies such as Bitcoin that are based on
encryption techniques are often referred to as cryptocurrencies.
105 See Narayanan et al, supra note 98, at 201.
106 See Hileman, supra note 16; Tapscott & Tapscott, supra note 98, at 8-9.
Trustless Trust 22

if Bitcoin fails spectacularly, the impact of the blockchain will be felt in industry
after industry.
It all starts with the humble ledger.

A. How the Blockchain Works

Distributed Ledgers

A ledger is a record of accounts. Perhaps the most familiar ledgers are those
used for double-entry bookkeeping, the foundation of accounting. However,
ledgers are not limited to recording debits and credits for corporate balance
sheets. Real estate markets could not exist without land title registries.
Democracy requires ledgers tallying votes. Copyright depends on both public
and private records tracking the registration and assignment of rights. The
modern firm depends on ledgers not just for its financials, but for the
relationships among its internal agents and external partners, as well as its
supply chain, back-office, and customer-facing activities. And these are just a
few examples. Sociologists such as Max Weber and Werner Sombart argue that
double-entry bookkeeping was the foundation of modern capitalism. In Weber’s
words, “the most general presupposition for the existence of this present-day
capitalism is that of rational capital accounting...."107
One of the reasons ledgers are so powerful is that they are foundational
infrastructure for keeping track of things.108 By establishing a reliable record of
ownership and asset flows, they strengthen property rights. They also allow such
rights to be subdivided and transacted in increasingly sophisticated ways. And
by tracking rights and obligations, they also support potentially complex
contractual agreements. Standards such as Generally Accepted Accounting
Principles (GAAP) can be adopted on top of the ledgers, and then

107 MAX WEBER, GENERAL ECONOMIC HISTORY 276 (Trans. Frank H Knight, 1927). See
also WERNER SOMBART, DER MODERNE KAPITALISMUS 23 (1916) (“capitalism and double
entry bookkeeping are absolutely indissociable; their relationship to each other is that of
form to content”). See also Quinn DuPont and Bill Maurer, Ledgers and Law in the
Blockchain, KING’S REVIEW (June 23, 2016),
http://kingsreview.co.uk/magazine/blog/2015/06/23/ledgers-and-law-in-the-blockchain/
(detailing the significance of ledgers and the implications for the blockchain). Going
back even further, many of the earliest surviving written documents from antiquity, in
Mesopotamian cuneiform, are ledgers of commercial transactions. See HANS J. NISSEN,
PETER DAMEROW, AND ROBERT K. ENGLUND, ARCHAIC BOOKKEEPING: EARLY WRITING AND
TECHNIQUES OF ECONOMIC ADMINISTRATION IN THE ANCIENT NEAR EAST (Univ. of Chicago
Press 1993).
108 See Frisby, supra note 40.
Trustless Trust 23

auditing/reporting requirements, internal controls, and more can be further

layered on top. As record-keeping migrated from paper to standalone computers
to digital networks, the scope of ledgers increased.
A blockchain is a kind of distributed ledger.109 Any participant in the network
can maintain an instantiation of the ledger. The key is that all those copies are
the same. Venture capitalist Albert Wenger of Union Square Ventures calls
blockchains logically centralized (there is only one ledger) but organizationally
decentralized (many entities maintain copies of that ledger).110 Nodes in a
blockchain system are in constant communication to remain synchronized.
Maintaining that synchronization, called consensus, is the hard part, because
there is no canonical master copy.
Centralized ledgers have their own difficulties. If one node keeps the master
ledger (as with the internet’s domain name system, based on a “root servers”), it
becomes a single point of failure for the system. And users of any other node
can’t be certain the information they see is accurate. If, on the other hand, each
organization keeps its own ledger (as with most corporate financial records),
every transaction is recorded independently at least twice. Whenever, for
example, a company pays a vendor or a bank cashes a check from another bank’s
customer, their ledgers must be synchronized after the fact through a process of
reconciliation. This introduces complexity, delay and possibilities for error. Until
the blockchain came along, these difficulties were thought to be necessary evils.

Nakamoto Consensus

The blockchain was first described in a paper published online in late 2008 by
someone (or some group) using the pseudonym Satoshi Nakamoto.111 It was

109 See UK Government Chief Science Advisor, supra note 98; PAUL VIGNA & MICHAEL

J. CASEY, THE AGE OF CRYPTOCURRENCY: HOW BITCOIN AND DIGITAL MONEY ARE CHALLENGING
THE GLOBAL ECONOMIC ORDER 124 (2015). Not all distributed ledgers are structured as
blockchains. For example, the Corda system for financial agreements between regulated
banks uses a different data structure. See Richard Gendal Brown, Introducing R3
Corda(TM): A Distributed Ledger Designed for Financial Services, Richard Gendal Brown
blog (April 5, 2016), https://gendal.me/2016/04/05/introducing-r3-corda-a-distributed-
ledger-designed-for-financial-services/. Blockchains are the most common approach,
especially for public (“permissionless”) systems, so that is the term used here.
110 Albert Wenger, Bitcoin: Clarifying the Foundational Innovation of the Blockchain,
Continuations (Dec. 15, 2014), http://continuations.com/post/105272022635/bitcoin-
clarifying-the-foundational-innovation-of.
111Nakamoto, supra note 104. Nakamoto’s identity has never been conclusively
revealed.
Trustless Trust 24

titled, “Bitcoin: A Peer-To-Peer Electronic Cash System.” Many of the concepts

and techniques described in Nakamoto’s paper were familiar to cryptographers,
but the system was implemented in a novel and elegant way. As the title
suggests, Bitcoin is a digital currency (also known as a cryptocurrency), designed
to function as a bearer instrument similar to cash. Nakamoto’s system was
implemented in open source software in 2009, and Bitcoins have been available
ever since. At the time of this writing, one Bitcoin can be traded for
approximately $600 on major exchanges.112 The total value of Bitcoins in
circulation exceeds $9 billion.113
The initial interest in Bitcoin focused on its status as a currency not issued
by any territorial government. Currency transactions are heavily regulated to
address concerns about fraud, money laundering, capital flight, currency
manipulation, terrorist financing, illegal activities, and more.114 Bitcoin raised
the tantalizing prospect (for some) of money neither issued nor regulated by any
government. It could be a means to democratize and improve efficiency of the
global financial system.115 Or it could be a haven for lawlessness, consumer
abuses, and financial speculation.116 Most of the legal scholarship on Bitcoin has
thus concentrated on whether and how it might be regulated.117

112 Bitcoin Price (USD), Coinbase, https://www.coinbase.com/charts?locale=en (last

visited July 5, 2016). The price has fluctuated dramatically since 2009, although Bitcoin
price volatility appears to be decreasing.
113See Stephanie Yang, Is Bitcoin Becoming More Stable Than Gold?, WALL ST. J.
MONEYBEAT (Apr. 19, 2016, 10:09AM ET), http://blogs.wsj.com/moneybeat/2016/04/19/is-
bitcoin-becoming-more-stable-than-gold/.
114See U.S. Gov’t Accountability Office, Gao-14-496, VIRTUAL CURRENCIES: EMERGING
REGULATORY, LAW ENFORCEMENT, AND CONSUMER PROTECTION CHALLENGES 23 (2014); Jerry
Brito & Andrea Castillo, BITCOIN: A PRIMER FOR POLICYMAKERS 14–15 (2013).
115 These two benefits—democratization and efficiency—are often in conflict.
Incumbent financial institutions are excited about Bitcoin and blockchains as a cheaper
and more robust way to operate their businesses. Hence the proliferation of consortia
such as R3 CEV, which develops standards and reference designs for distributed ledgers
in financial services. See infra note 181. On the other hand, non-traditional actors
envision a world in which anyone can become a bank and transactions are nearly
costless, undermining the power and revenue sources of the incumbents.
See David Yermack, IS BITCOIN A REAL CURRENCY? AN ECONOMIC APPRAISAL, Nat’l
116

Bureau of Econ. Research, No. w19747 (2013).

117
See Kevin V. Tu & Michael W. Meredith, Rethinking Virtual Currency Regulation in
the Bitcoin Age, 90 WASH. L. REV. 271 (2015); Jerry Brito et al, Bitcoin Financial Regulation:
Securities, Derivatives, Prediction Markets & Gambling, 16 COLUM. SCI. & TECH. L. REV. 144
(2015); Andres Guadamuz & Chris Marsden, Blockchains and Bitcoin: Regulatory
Trustless Trust 25

There remain many important questions about Bitcoin’s economic and legal
viability as a currency. The greater significance of Nakamoto’s invention,
however, lies in the architecture of distributed ledgers needed to make Bitcoin a
reality.118 And the most fundamental question for legal scholars is how those
ledgers may themselves usurp the roles of state-backed law.
At the heart of Bitcoin is a set of protocols often called Nakamoto
Consensus.119 Consensus means that participants in a network have confidence
that what they see on their ledgers is accurate and consistent.120 Without a
robust means of ensuring consensus, any Bitcoin participant could, for example,
spend the same Bitcoins multiple times (known as the double-spend problem),
or claim it had more currency than it really did. The trouble with most
approaches to consensus on digital systems is that it’s easy to create a nearly

Response, FIRST MONDAY, vol. 20, no. 12 (Dec. 7, 2015),

http://firstmonday.org/ojs/index.php/fm/article/view/6198/5163; Carla L. Reyes, Moving
Beyond Bitcoin to an Endogenous Theory of Decentralized Ledger Technology Regulation: An
Initial Proposal, 61 VILL. L. REV. 191 (2016); Paul H. Farmer, Speculative Tech: The Bitcoin
Legal Quagmire and the Need for Legal Innovation, 9 J. BUS. & TECH. L. 85 (2014); Stephen
T. Middlebrook & Sarah Jane Hughes, Regulating Cryptocurrencies in the United States:
Current Issues and Future Directions, 40 WM. MITCHELL L. REV. 813 (2014); Nikolei M.
Kaplanov, Nerdy Money: Bitcoin, the Private Digital Currency, and the Case Against Its
Regulation, 25 LOY. CONSUMER L. REV. 111 (2012); Wright & De Filippi, supra note 102;
Trevor I. Kiviat, Beyond Bitcoin: Issues in Regulating Blockchain Transactions, 65 DUKE L.J.
569 (2015); Ruoke Yang, When is Bitcoin a Security Under U.S. Securities Law?, 18 J.L.
TECH. & POL’Y 99 (2013); Joshua Doguet, The Nature of the Form: Legal and Regulatory
Issues Surrounding the Bitcoin Digital Currency System, 73 LA. L. REV. 1119 (2013); Danton
Bryans, Note, Bitcoin and Money Laundering: Mining for an Effective Solution, 89 IND. L.J.
441 (2014).
118
It is not clear that Nakamoto himself recognized this. His foundational paper was
clearly focused on the narrower challenge of decentralized currency. See Nakamoto,
supra note 104.
119See Joseph Bonneau et al, Research Perspectives and Challenges for Bitcoin and
Cryptocurrencies, in Proceedings of the 36th IEEE Symposium on Security and Privacy,
http://www.jbonneau.com/doc/BMCNKF15-IEEESP-bitcoin.pdf, at 3. More formally,
Nakamoto consensus is an anonymous probabilistic protocol for Byzantine Fault
Tolerance. See Nick Szabo, The Dawn of Trustworthy Computing, UNENUMERATED (Dec. 11,
2014), http://unenumerated.blogspot.com/2014/12/the-dawn-of-trustworthy-
computing.html.
120 For a more detailed discussion of the importance of consensus, see Casey
Kuhlman, What Are Ecosystem Applications, ERIS INDUSTRIES BLOG (June 5, 2016),
https://db.erisindustries.com/eris/2016/06/05/ecosystem-applications/ (“The problem
that blockchain technology solves is not electronic P2P cash, nor is it settlement latency,
it is the problem of attribution and ordering of inbound events….”).
Trustless Trust 26

infinite number of fake network nodes (known as a Sybil attack).121 Even if most
real users are honest, an attacker can create enough nodes to dominate the
network and impose its own false consensus on the system. This challenge is
well-known in cryptography and referred to as the Byzantine Generals
Problem.122 Until Bitcoin, it had no scalable solutions.
Nakamoto’s answer cleverly combined cryptographic techniques with an
insight from game theory.123 The basic approach is called a Byzantine Fault
Tolerant protocol. Instead of trusting an individual actor, you trust a network of
actors, who express themselves through voting.124 In Nakamoto’s version, these
actors engage in a process known as mining, through which they validate and
establish consensus over chunks of Bitcoin transactions.125 Every full node sees
every transaction, and there is only one consensus ledger mirrored across every
machine on the network. Even if some of the miners are untrustworthy, the
system holds so long as the majority is honest.
The major limitation of such a protocol is the possibility of Sybil attacks: If
it’s easy and rewarding to be untrustworthy, someone probably will be. Hence
the second cryptographic technique in Bitcoin: proof of work.126 Proof of work

121 See John R. Douceur, The Sybil Attack, IPTPS ’01 Revised Papers from the First
International Workshop on Peer-to-Peer Systems 251 (2002),
http://nakamotoinstitute.org/static/docs/the-sybil-attack.pdf
122 See Leslie Lamport, Robert Shostak, & Marshall Pesce, The Byzantine Generals
Problem, 4.3 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS 382 (1982). The
name refers to a hypothetical scenario where a group of generals from the Byzantine
Empire are surrounding a city, but cannot effectively coordinate their actions.
123 Others described similar approaches in the same time frame, although none
achieved consensus in as robust a way. For example, cryptographer Nick Szabo, a strong
candidate as the real Satoshi Nakamoto, propounded a system called BitGold. Nick
Szabo, Liar-Resistant Government, UNENUMERATED (May 7, 2009)
http://unenumerated.blogspot.com/2009/05/liar-resistant-government.html.
124 This approach is analogous to the republican form of government epitomized by
the United States. Instead of empowering a king, power is decentralized to the people,
who express it through voting. To mediate the potential for factionalism and mob rule,
voters exercise power indirectly, by electing representatives.
125 Bitcoin: The Magic of Mining, ECONOMIST, Jan. 10, 2015, at 58,
http://www.economist.com/node/2163812; ANDREAS M. ANTONOPOULOS, MASTERING
BITCOIN: UNLOCKING DIGITAL CRYPTOCURRENCIES (2014). See also Kevin Werbach, Bitcoin is
Gamification, MEDIUM, (Aug. 5, 2014), https://medium.com/@kwerb/bitcoin-is-
gamification-e85c6a6eea22 (explaining the significance of the motivational system to
Bitcoin).
126See Narayanan et al, supra note 98, at 266. Not every blockchain implements proof
of work in the same manner as Bitcoin. For example, Ethereum uses a modified
Trustless Trust 27

makes voting costly. Bitcoin’s proof of work system requires miners to solve
cryptographic puzzles involving one-way functions known as hashes.127 Votes
require massive and growing computing power, which is sufficiently expensive
to deter Sybil attacks.128 The benefits of cheating are less than the costs.
Nakamoto Consensus affirms the integrity both of each individual
transaction, and of the ledger as a whole. It does so by aggregating together
transactions into blocks.129 The proof of work system is tuned dynamically to
generate a valid solution to the hashing puzzle for a block roughly once every
ten minutes.130 Each block thus validated is cryptographically signed with the
hash of the prior block, creating an immutable chain of sequential blocks. The
longest chain of blocks represents the consensus state of the system.131 Only an
attacker with a majority of total computing power in the entire network (known
as a 51-percent attack) can “fork” the longest chain with a fraudulent block.132

algorithm so that miners do not gain an advantage from using custom chips, known as
ASICs. Other distributed ledger platforms such as Ripple and Tendermint do not employ
proof of work at all, but instead implement alternate mechanisms to achieve the same
goal. See Bonneau et al, supra note 119. It remains to be seen whether these other
consensus protocols are as successful as Bitcoin’s proof of work. See id.
127 A hash function takes some input string (such as a document file) and turns it
into an output string—the hash—with a specified length. Although in theory multiple
input strings could map to the same hash, cryptographic hash spaces are sufficiently
large that such “collisions” are infinitesimally rare. It is easy to compute the hash
function of any file. An input string will produce the same output string every time.
However, there is no known way to go from a hash back to the original other than trial
and error. See Narayanan et al, supra note 98, at 23-24. Miners must attempt truly vast
numbers of hashes to find the one that produced the specified output. See id. at 61-68.
128
The Bitcoin network today is thousands of times more powerful than the world’s
500 most powerful supercomputers combined. See Laura Shin, Bitcoin Production Will
Drop By Half In July, How Will That Affect The Price?, FORBES (May 24, 2016, 7:30am),
http://www.forbes.com/sites/laurashin/2016/05/24/bitcoin-production-will-drop-by-
half-in-july-how-will-that-affect-the-price/#46f73a5499e1. The computing power
involved is so vast that it raises concerns about the environmental impacts of the
electricity required to power and cool the data centers involved. See Tapscott &
Tapscott, supra note 98, at 259-63.
129 See Narayanan et al, supra note 98, at 88-90
130 See id. at 65.
131 See id. at 59. More precisely, it is the chain with the most proof of work.
132
Some research suggests an attacker with one-third of the mining power could
disrupt the network. However, this still represents an extremely high threshold.
Trustless Trust 28

A public blockchain such as Bitcoin’s records all transactions on the network,

and is totally transparent to all participants.133 Not only are the contents of the
Bitcoin blockchain available to all, but the software involved is open source and
freely available.134 Bitcoin is also designed to be censorship and tamper-
resistant. There is no central control point or network that a government could
manipulate or block. And once a transaction is recorded, it cannot be changed.
User A could send some Bitcoin to user B, and then user B could send some or all
of it back, but there is no way for user A, the miners, or anyone else to reverse
the initial transfer.135 These features suggest an inherent openness and
decentralization more like the early internet than today’s more-controlled
environment.136 They seem to fulfill the dreams of some internet pioneers for a
technology space that was not, in Lawrence Lessig’s terminology, regulable.137
The final key piece of Nakamoto Consensus is the game-theoretic or
psychological dimension: Why will miners bother? Proof of work is expensive,
literally: It requires expensive computing hardware and even more expensive
electricity at scale. Miners won’t be incentivized sufficiently out of altruism.
Nakamoto’s solution was supremely elegant. The miner who successfully
validates a block receives a reward in a valuable currency: Bitcoin. This solves
several problems, including how currency enters the money supply without a

133 Users are identified on the blockchain through digital signatures, so the real-
world identity of the parties to a transaction may be impossible to determine. For those
desiring further anonymity, there are ways to break up transactions in order to obscure
large transfers.
134 Alec Liu, Who’s Building Bitcoin? An Inside Look at Bitcoin's Open Source
Development, MOTHERBOARD (May 7, 2013, 12:20pm EST),
http://motherboard.vice.com/blog/whos-building-bitcoin-an-inside-look-at-bitcoins-
open-source-development.
135 The Bitcoin system records transactions, not asset holdings. This makes it
difficult to “walk back” account balances even if a majority of miners change their
Bitcoin software to unwind the validation of a particular block. Some other
cryptocurrency platforms are easier to “hard fork” so as to revert prior transactions. The
Ethereum community did so in July 2016 to address the theft of currency from a
crowdfunding platform called The DAO. See infra TAN 320-321. Such steps are
controversial, because they call into question the censorship resistance and immutability
of public blockchains.
136See Andreessen, supra note 98; Morgen E. Peck, The Future of the Web Looks a Lot
Like Bitcoin, IEEE SPECTRUM (July 1, 2015),
http://spectrum.ieee.org/computing/networks/the-future-of-the-web-looks-a-lot-like-
bitcoin.
137Lawrence Lessig, Deja Vú All Over Again: Thinking Through Law & Code, Again,
VIMEO, https://vimeo.com/148665401.
Trustless Trust 29

central bank. New Bitcoins are only created through the reward mechanism, at a
rate that declines over time.138 Miners thus act purely out of self-interest, but in
doing so, they fulfill a socially beneficial role.
Bitcoins are thus both the output and input of the system. One could equally
well describe Bitcoin as a trust infrastructure designed to support a digital
currency, or a digital currency designed to support a trust infrastructure. While
the Bitcoin currency remains a substantial area of activity, non-currency
applications of distributed ledgers (sometimes called Bitcoin 2.0) are growing
rapidly.139 According to the research and publishing firm CoinDesk, venture
capital investments in blockchain startups exceeded those of Bitcoin-focused
startups for the first time in the first quarter of 2016.140
Some of the blockchain companies use the Bitcoin ledger and proof of work
system, but add additional functionality through a variety of mechanisms.
Others create separate blockchains using variations of Nakamoto Consensus or
different distributed consensus protocols.141 While the Bitcoin blockchain is
open to all, some of the others are “permissioned,” meaning that only
authorized users or organizations can participate.142 The Bitcoin blockchain
remains the most popular, with the most valuable currency, but there is no

138 Hence the analogy to mining for previous resources in the physical world.
Eventually the block rewards will drop to zero. At that point the number of Bitcoins in
circulation will be fixed at 21 million. Nakamoto envisioned that voluntary transaction
fees paid to miners by those seeking validation would gradually replace the rewards as
adoption of the Bitcoin system grew. This remains to be seen.
139 See Jon Evans, Bitcoin 2.0: Sidechains And Ethereum And Zerocash, Oh My!,
TECHCRUNCH (Oct. 25, 2015), https://techcrunch.com/2014/10/25/bitcoin-2-0-sidechains-
and-zerocash-and-ethereum-oh-my/.
140 Olga Kharif, Blockchain Goes Beyond Crypto-Currency, BLOOMBERG BUSINESSWEEK,
(May 19, 2016, 2:17pm EDT), http://www.bloomberg.com/news/articles/2016-05-
19/built-for-bitcoin-blockchain-goes-beyond-crypto-currency
141 See Antonopoulos, supra note 125, at 221-23.
142 See Tim Swanson, Consensus-As-a-Service: a Brief Report on the Emergence of
Permissioned, Distributed Ledger Systems (Apr. 6, 2015),
http://www.ofnumbers.com/wp-content/uploads/2015/04/Permissioned-distributed-
ledgers.pdf. Richard Gendal Brown of the financial industry blockchain consortium R3
ECV maps consensus along two dimensions: whom you trust, and what you trust them
about. See Richard Gendal Brown, A Simple Model to Make Sense of the Proliferation of
Distributed Ledger, Smart Contract and Cryptocurrency Projects, RICHARD GENDAL BROWN
Blog (Dec. 19, 2014), https://gendal.me/2014/12/19/a-simple-model-to-make-sense-of-
the-proliferation-of-distributed-ledger-smart-contract-and-cryptocurrency-projects/.
Trustless Trust 30

guarantee it will remain so indefinitely. Ultimately, the idea of distributed

ledgers will be more significant than Bitcoin.

Smart Contracts and Beyond

Distributed ledgers are active, not passive. In other words, they do not
simply record information passed to them. They are part of a consensus system,
so they must ensure that recorded transactions are actually completed to match
the consensus.143 For Bitcoin, that means the system self-enforces financial
transfers.144 I can’t initiate a transaction promising to send you Bitcoin and then
renege; the synchronization that reconciles and completes the transfer is part of
the process. This mechanism is known as a smart contract.145 Both the
specification of rights and obligations, and the execution of that contractual
agreement, occur through the platform.
The idea of smart contracts was introduced independently from blockchains,
and well before Bitcoin was developed.146 Its practical relevance was limited,
however, until Nakamoto’s synthesis. Bitcoin takes advantage of smart contracts
to execute transactions, and smart contracts take advantage of Bitcoin’s
distributed ledger to operate with autonomy.
The Bitcoin protocol allows for very limited smart contracts. It was designed
explicitly for a currency, so it only needed the functionality necessary to support
financial transactions. Adding richer programming capabilities to blockchain
transactions adds security risks and various other complexities. On the other
hand, a smart contract engine on the blockchain creates enticing possibilities. In

143
Bitcoin actually uses a scripting language for transactions, meaning that every
transfer is actually running software code on the blockchain. See Narayanan et al, supra
note 98, at 79-88 (describing the Bitcoin scripting language and some applications
beyond basic cash transfers).
144 To be precise, the blockchain records challenges and responses that either create

or destroy Bitcoins, rather than transfers of discrete tokens as such. See Narayanan et al,
supra note 98, at 75-76.
145See Nick Szabo, Formalizing and Securing Relationships on Public Networks, 2 FIRST
MONDAY (1997), http://ojphi.org/ojs/index.php/fm/article/view/548; TIM SWANSON, GREAT
CHAIN OF NUMBERS: A GUIDE TO SMART CONTRACTS, SMART PROPERTY AND TRUSTLESS ASSET
MANAGEMENT 67 (2014); Nick Szabo, The Idea of Smart Contracts (1997),
http://szabo.best.vwh.net/smart_contracts_idea.html; Wright & De Filippi, supra note
102, at 24-26.
146 See Szabo, supra note 145.
Trustless Trust 31

technical terms, smart contracts are essentially autonomous software agents.147

With smart contracts, a distributed ledger becomes functionally a distributed
computer. The same consensus algorithms that allow each node to have an
identical copy of the ledger allow it to perform identical computations.
Newer blockchain platforms remove Bitcoin’s limitations on smart contracts.
The most prominent is Ethereum, which launched in 2015.148 Ethereum offers a
Turing-complete programming language, meaning that in theory, any
application that runs on a conventional computer can be executed on the
distributed computer of its consensus network.149 Ethereum is designed as a
complete smart contract platform, including development tools and a browser. It
makes it relatively easy for developers to code new kinds of applications on top,
just as the web and various infrastructure tools such as application servers were
the foundation for Google, Amazon, and eBay. Ether, Ethereum’s
cryptocurrency, is now easily the second most valuable after Bitcoin.150

B. Reasons for Adoption

If distributed ledgers did not solve real-world problems, trustless trust would
be of interest only to cryptographers or philosophers. While some adoption is
driven by ideological desire to circumvent state control, the entrepreneurs,
established corporations, major financial institutions, and governments
investigating the blockchain today are pursuing tangible benefits. The two

147 See Vitalik Buterin, A Next-Generation Smart Contract and Decentralized

Application Platform, GITHUB, https://github.com/ethereum/wiki/wiki/White-Paper.
148 See id.; D.J. Pangburn, The Humans Who Dream of Companies That Won't Need Us,
FAST COMPANY (June 19, 2015), http://www.fastcompany.com/3047462/the-humans-
who-dream-of-companies-that-wont-need-them; Jim Epstein, Here Comes Ethereum, an
Information Technology Dreamed Up By a Wunderkind 19-Year-Old That Could One Day
Transform Law, Finance, and Civil Society, REASON.COM (Mar. 19, 2015),
http://reason.com/blog/2015/03/19/here-comes-ethereum-an-information-techn; Tina
Amirtha, Meet Ether, the Bitcoin-Like Cryptocurrency That could Power the Internet of
Things, FAST COMPANY (May 21, 2015), http://www.fastcompany.com/3046385/meet-
ether-the-bitcoin-like-cryptocurrency-that-could-power-the-internet-of-things.
149 The overhead of distributed consensus means that such applications may run far
slower than on a single computer or a cloud computing platform such as Amazon Web
Services.
150 Nathaniel Popper, Ethereum, a Virtual Currency, Enables Transactions That Rival
Bitcoin’s, N.Y. TIMES DEALBOOK (Mar. 27, 2016),
http://www.nytimes.com/2016/03/28/business/dealbook/ethereum-a-virtual-currency-
enables-transactions-that-rival-bitcoins.html?_r=1.
Trustless Trust 32

primary value propositions for trustless trust are situations involving

untrustworthy actors, and the potential for greater speed and efficiency.

Untrustworthy Actors

Trusting imposes risk. There is always the danger that one you trust turns
out to be untrustworthy. Investors in Bernie Madoff’s Ponzi scheme lost their
money because they trusted the wrong investment manager. Law, regulation,
and insurance are all mechanisms to limit such risks. The Madoff scenario is the
exception rather than the rule, at least in the United States.
For those at the mercy of loan sharks, payday lenders, or extortionate money
transfer agents, however, the blockchain offers an appealing alternative. In
countries without a strong adherence to the rule of law, the government itself
may not be trustworthy. In such cases, the availability of a financial
infrastructure that doesn’t rely at its root on sovereign authority is a powerful
opportunity.151 And the unbanked may not have access to trusted financial
institutions at all. The blockchain as a trust platform requires only an internet
connection and a computer, so it can go all sorts of places where the current
financial system does not.152
It is ironic to consider the blockchain as a tool to combat bad actors, given
the somewhat unsavory reputation of Bitcoin. One obvious use for a global
currency outside the control of governments and the banking system is illicit
activity. The Bitcoin-based marketplace Silk Road, which was used primarily for
transactions involving drugs and other contraband, is the most spectacular
example.153 In addition, because Bitcoin doesn’t require any proof of real-world
identity, it can evade anti-money laundering (AML) controls and Know Your

151 See Abramowicz, supra note 102, at 365 (describing the potential of
“cryptocurrency-based law” where traditional legal regimes break down). This is not just
an issue for the developing world. Lawrence Lessig, who argues that the current
campaign finance system in the United States undermines democracy, advocated for the
blockchain at a recent conference by stating, “We need technology to eliminate the need
for trust in a world wrecked by corruption.” Lessig, supra note 137.
152Using the blockchain as a bank end, consumer-facing virtual wallet and financial
application providers can lower the cost and complexity for users even further. The
tradeoff is those intermediaries must be trusted in the same manner as traditional banks,
but this just puts the unbanked on an equal footing to most of the world.
153See Joshuah Bearman, The Rise and Fall of Silk Road: Part I, WIRED (Apr. 2015),
http://www.wired.com/2015/04/silk-road-1; Joshuah Bearman, The Rise and Fall of Silk
Road: Part II, WIRED (May 2015), http://www.wired.com/2015/05/silk-road-2.
Trustless Trust 33

Customer (KYC) regulations designed to prevent terrorism financing and other

illicit activity.154
Just because the blockchain may empower bad actors doesn’t mean that it
will. Despite significant price fluctuations, users continue to show faith in
Bitcoin as a currency, with more legitimate businesses accepting it every year.
Regulators are developing rules to ensure that Bitcoin service providers take
responsibility for their users. For example, the state of New York now requires
firms providing Bitcoin-based financial services to obtain a “BitLicense” which
requires them to obtain customer information.155 Developers are creating
identity layers that can operate on top of Bitcoin for regulatory compliance.156
Furthermore, the blockchain is broader that Bitcoin. Permissioned chains can
be designed to comply with AML/KYC requirements and other law enforcement
obligations. In fact, they may actually prove to be an important mechanism to
combat money laundering. A May 2016 Goldman Sachs report suggests that
storing account and payment information on a blockchain could improve data
quality and reduce compliance costs, saving three to five billion dollars annually
in AML expenses.157
It bears noting that one reason Bitcoin appeared when it did, and generated
such great interest, was the global financial crisis beginning in 2008.158 When
customers of large respected institutions such as Fannie Mae, Lehman Brothers,
and AIG found themselves in the same position as Madoff’s victims, partly due
to decisions of the U.S. government, it created uncertainty about whether any
actor in the financial system could really be trusted. Cypherpunks have been
exploring digital cash and other encryption-based mechanisms for trust for
decades.159 These ideas didn’t take hold previously, although some were
foundations for Bitcoin. In addition to the technical merits of Nakamoto’s

154 See Narayanan et al, supra note 98, at 207-09.

155 See Michael J. Casey, NY Financial Regulator Lawsky Releases Final BitLicense Rules
for Bitcoin Firms, WALL ST. J (June 3, 2015, 6:48pm ET), http://www.wsj.com/articles/ny-
financial-regulator-lawsky-releases-final-bitlicense-rules-for-bitcoin-firms-
1433345396.
156
See Kyle Torpey, BIP 75 Simplifies Bitcoin Wallets for the Everyday User, BITCOIN
MAGAZINE, April 28, 2016 03:16pm, https://bitcoinmagazine.com/articles/bip-simplifies-
bitcoin-wallets-for-the-everyday-user-1461856604.
157 See Schneider et al, supra note 14.
158 See Maria Bustillos, The Bitcoin Boom, NEW YORKER (Apr. 1, 2013),
http://www.newyorker.com/tech/elements/the-bitcoin-boom.
159 See Narayanan et al, supra note 98, at 3-21.
Trustless Trust 34

solution, it emerged in a world whose trust in institutions and governments was

deeply shaken.

Speed and Transaction Costs

The second appealing aspect of the blockchain’s trustless trust model is its
potential for speed and efficiency. At first glance, this sounds odd. Bitcoin
validates a block every ten minutes, and currently has a limit of seven
transactions per second. This is quite a small number: The Visa credit card
network handles up to 10,000 transactions in the same period.160 The overhead
of synchronizing the distributed ledger is so great that, according to one
estimate by cryptographer Nick Szabo, the process operates 10,000 times slower
than a conventional computer.161
Yet there is a hidden advantage of removing the need to trust the specific
actors you interact with. Trust is not transitive. I may trust my bank, but that
doesn’t mean I trust yours. For me to cash your check, our banks must enter into
their own trust relationship. With many thousands of financial institutions
processing billions of transactions across hundreds of jurisdictions, this pairwise
structure quickly bogs down. Or more accurately, it works only with huge
inefficiencies and transaction costs.
Much of the time, transaction costs become further value-extraction
opportunities for the trusted actors. Hence the massive revenues for providers of
remittances and credit cards.162 The complexity of reconciling transactions

160 Timothy B. Lee, Bitcoin Needs to Scale by a Factor of 1000 to Compete with Visa.
Here’s How to Do it, WASH. POST THE SWITCH BLOG (Nov. 12, 2013),
https://www.washingtonpost.com/news/the-switch/wp/2013/11/12/bitcoin-needs-to-
scale-by-a-factor-of-1000-to-compete-with-visa-heres-how-to-do-it/. New technologies
may greatly increase the speed of the Bitcoin transaction network. See Romain Dillet,
Blockchain Open Sources Thunder Network, Paving the Way for Instant Bitcoin Transactions,
TECHCRUNCH (May 16, 2016), https://techcrunch.com/2016/05/16/blockchain-open-
sources-thunder-network-paving-the-way-for-instant-bitcoin-transactions/.
161See Nick Szabo, The Dawn of Trustworthy Computing, UNENUMERATED (Dec. 11,
2014), http://unenumerated.blogspot.com/2014/12/the-dawn-of-trustworthy-
computing.html.
162The remittance market generates $38 billion in annual fees worldwide. See
Tapscott & Tapscott, supra note 98, at 183
Trustless Trust 35

between many interconnected trusted parties adds delay to the process. Stock
trades, for example, typically settle after three days (a standard known as T+3).163
In essence, the traditional trust model of the financial system and the
blockchain model both create decentralized ledgers. In the traditional system,
every node is individually responsible for keeping its ledger in sync with the
virtual consensus, but it only has visibility (limited at that) into its direct
partners. With the blockchain, every block added reconciles its transactions
across the entire system. It effectively parallelizes what is otherwise a collection
of serial processes. Each individual transaction takes much longer to be
recorded, but the global state of the system is updated more rapidly. And
because this occurs through one synchronized process, rather than a potentially
large number of separate transactions, costs may be significantly lower.164
Goldman Sachs estimates that the blockchain could save $11-$12 billion
annually in settlement and reconciliation costs for securities transactions.165
Bitcoin and other blockchain-based systems do face significant scaling
challenges. The Bitcoin development community is engaged in debates about
mechanisms such as increasing the size of each block to improve performance.166
By contrast, the existing financial system has been optimized over an extended
period for robust operation at massive scale. Predictions that the blockchain will
soon sweep away the banking system as we know it are thus exaggerated.
However, the potential for faster and more efficient reconciliation is a key
reason major established financial institutions are actively exploring
permissioned blockchains.

C. The Blockchain’s Trust Architecture

The concept of trust is central to Bitcoin and blockchains.167 The Economist

even titled its cover story on the phenomenon, “The Trust Machine.”168 The

163 See John McCrank, Settlement Time for U.S. Trades Closer to Being Shortened,
REUTERS (Apr. 23, 2014, 9:03am EDT), http://www.reuters.com/article/us-markets-
clearing-dtcc-idUSBREA3M10920140423.
164 See Building the Trust Engine, supra note 98, at 9, 18.
165 See Schneider et al, supra note 14, at 5.
166 See Narayanan et al, supra note 98, at 98.
167 See Jason Leibowitz, Blockchain’s Big Innovation is Trust, Not Money, COINDESK
(May 21, 2016), http://www.coindesk.com/blockchain-innovation-trust-money/ (“Trust
is the key element of blockchain technology.”); Frisby, supra note 108; Kevin Maney,
Trust and Verify: The Coming Blockchain Revolution, NEWSWEEK (May 23, 2016),
http://www.newsweek.com/2016/06/03/blockchain-technology-will-remake-global-
Trustless Trust 36

cumbersome apparatus of mining and consensus exists so that users will have
confidence the transactions recorded on a distributed ledger are accurate. The
domains where the blockchain operates, staring with finance, are those in which
a heightened level of trust is important for transactions to occur. Anyone who
exchanges traditional currency for Bitcoin, or accepts as valid an entry on a
blockchain registry, is manifesting trust. And that trust is what, at least in
theory, makes the blockchain an alternative to legal enforcement.
One dimension of blockchain trust is the virtual nature of the interactions.
You can’t see a Bitcoin; it’s just an entry on a distributed ledger.169 Yet that is
hardly unique in today’s world.170 We accept that our bank accounts represent
actual money and our stock purchases represent real equity even though we view
them electronically. Intellectual property rights such as copyright, trademarks,
and patents are valuable sources of competitive advantage, and alienable assets
in themselves. Furthermore, this is a standard issue with all online
interactions.171
A second dimension of trust is the belief that each unit of the currency in
fact represents a unique asset, which may fluctuate in value but will remain
useful as a medium of exchange. Bitcoin users must be sufficiently comfortable
that the currency overcomes the technical threats such as double-spend and
Sybil attacks.172 If like most ordinary consumers they rely on a digital wallet
service or other intermediaries to hold their Bitcoin, they must be confident
their accounts are secure, much like a traditional bank. And they must have
confidence the entire Bitcoin infrastructure won’t collapse due to cyber-attacks,
flaws in the protocol, miners no longer validating blocks, or some other failure.
When Bitcoin first entered the wild in 2009, few were enterprising enough to
rely on it as money. Over time, confidence has grown. For a period in spring

financial-system-462537.html?piano_t=1; Tapscott & Tapscott, supra note 98, at 4-6,

10-11.
168 The Trust Machine, ECONOMIST (Oct. 31, 2015),
http://www.economist.com/news/leaders/21677198-technology-behind-bitcoin-could-
transform-how-economy-works-trust-machine. See also Adriano and Monroe, supra note
76 (using a similar label for the blockchain).
169 In fact, the ledger records transactions rather than actual bitcoins. See Narayanan
et al, supra note 98, at 75-76.
170 See Josh Fairfield, Virtual Property, 85 B.U. L. REV. 1047 (2005).
171 See Nissenbaum, supra note 74, at 162-63.
172 See supra TAN 119-121.
Trustless Trust 37

2016, Bitcoin was more stable in price than gold,173 and following the United
Kingdom’s vote to exit the European Union, it was more stable than the British
Pound.174
Yet there is an odd aspect here. Trust is a transitive verb. Who or what are
Bitcoin users trusting? Not only are banks removed from the process, but so are
governments. When I buy a grande latte macchiato at Starbucks and give the
cashier a five-dollar bill, we’re both trusting that the bill is worth more than the
negligible value of the paper. The value of the bill ultimately derives from the
“full faith and credit” of the United States of America. Bitcoin removes even that
backstop. It substitutes an ecology of miners and other nodes hosting
synchronized copies of the blockchain, but critically, I need trust none of them.
Bitcoin is a solution to the Byzantine Generals Problem in cryptography, which
postulates that any node may be untrustworthy.175
To accept a blockchain transaction as valid is to trust the system it’s based
on, without trusting any participant in it.176 The very first line of Nakamoto’s
paper makes this point: “Commerce on the Internet has come to rely almost
exclusively on financial institutions serving as trusted third parties to process
electronic payments.”177 Bitcoin was a way to remove those trusted third parties
from the equation, without losing the confidence they provided.
Venture capitalist and LinkedIn founder Reid Hoffman labeled this
arrangement, “trustless trust.”178 The phrase has caught on.179 Though it sounds

173 See Yang, supra note 113.

174
See Andrew Griffin, Pound Sterling Becomes More Unstable Than Bitcoin Following
Brexit, INDEPENDENT (July 10, 2016),
http://www.independent.co.uk/news/business/news/brexit-pound-sterling-bitcoin-
prices-unstable-volatile-exchange-referendum-a7129311.html.
175 See supra note 122.
See Szabo, supra note 161 (“Trust-minimized code means you can trust the code
176

without trusting the owners of any particular remote computer.”).

177 Nakamoto, supra note 104, at 1.
178 Reid Hoffman, The Future of the Bitcoin Ecosystem and “Trustless Trust” – Why I
Invested in Blockstream, LINKEDIN (Nov. 17, 2014),
https://www.linkedin.com/pulse/20141117154558-1213-the-future-of-the-bitcoin-
ecosystem-and-trustless-trust-why-i-invested-in-blockstream. A variant is “transfer of
trust in a trustless world.” See Mohit Kaushal and Sheel Tyle, The Blockchain: What It Is
and Why It Matters, BROOKINGS TECHTANK (Jan. 13, 2015, 7:30am),
http://www.brookings.edu/blogs/techtank/posts/2015/01/13-blockchain-innovation-
kaushal.
Trustless Trust 38

like an oxymoron, both sides are essential. If Bitcoin and the blockchain did not
inspire trust, they would fail. Yet if they achieved trust by proxy through
governments or large intermediaries, they wouldn’t significantly differ from the
status quo. Trustless trust is more than just a new way to handle transactions; it
is a trust architecture that differs in important ways from the established
alternatives.
Broadly speaking, the Leviathan approach, with its reliance on coercive state
power, is most appealing where the financial or other tangible risks are large
relative to the interpersonal ones. Conversely, peer-to-peer trust is appealing in
contexts where social norms are important. This division does not entirely map
to corporate vs. individual or community interactions. For example, open source
software communities may involve large companies and significant financial
activity, yet remain largely governed through peer-to-peer trust.180 And in some
countries, business transactions are heavily bound up with interpersonal
commitments, with fear of loss of face as a significant impetus to performance.
In others, a deal is just a deal, and a breach of contract is just a calculation about
expected values. As a general matter, though, Leviathan trust can feel like
overkill where personal relationships are prominent. Peer-to-peer trust may lack
sufficient enforcement certainty where they are not.
Trustless trust sits somewhere in the middle. It offers confidence through an
inherently impersonal mechanism: the blockchain. Cryptographic enforcement
through decentralized proof of work is even more distant from human
relationships than legal enforcement through the courts. However trustless trust
is radically decentralized. Any individual or small organization can avail
themselves of the benefits of the shared ledger or create smart contracts. There
is no sharp division between using the blockchain to record financial derivatives
and using it to store recipes. Blockchain applications range from micro-
transactions among Internet of Things devices to massive financial transactions
between banks. And because it has no necessary geographic or national
foundations, the blockchain can apply across boundaries in ways that law may
struggle to.
With trustless trust, miners are trustworthy for the benefit of the block
reward, the costs of proof of work, and their inability to undermine legitimate
consensus unless they have a majority of the mining power. Private blockchain

179 See Jalak Jobanputra, How the Blockchain Can Unshackle the World, COINDESK (April

23, 2016, 15:20 BST), http://www.coindesk.com/blockchain-can-unshackle-us/ ("This is

why the concept is often referred to as 'trustless trust'.").
180
See Benkler, supra note 26.
Trustless Trust 39

participants are trustworthy because of pre-existing relationships or obligations.

Members of the R3 consortium of major financial institutions developing
distributed ledger technology have the same trustworthiness profile for
transactions on a blockchain as over traditional systems.181 The only difference is
the absence of intermediaries (such as the SWIFT network for interbank
payments) who must also be trustworthy.
The blockchain’s trust architecture thus overlaps significantly, but not
entirely, with existing structures. It offers a new option when either the central
authorities of Leviathan trust or the ineffable social norms of peer-to-peer trust
prove insufficient.

D. The Nature of Blockchain Trust

Trustless trust has three main attributes: It is distributed,182 immutable, and

algorithmic.183 These aspects help define the kinds of applications best suited to
the blockchain.

Distributed

The blockchain replaces trust in individuals or institutions with trust across

a system as a whole.184 Trust in the conventional financial system means faith in
individual actors such as banks or regulators. With the blockchain, by contrast,
no distinct party—not miners, those running blockchain nodes, creators of the
code, nor users—is necessarily trusted.185 Every single full Bitcoin node has a

181 R3 CEV is a coalition of over 50 of the largest global financial institutions to

analyze and create distributed ledger solutions for financial services. See About R3,
http://r3cev.com/about/.
182 Here I follow Paul Baran’s terminology, distinguishing fully mesh-like
“distributed” systems from hub-and-spoke “decentralized” ones. See Baran, supra note
77, at 1.
183R3’s Richard Gendal Brown offers a broadly similar list. See Brown, Introducing
Corda, supra note 109.
184 As Wright and de Filippi state, “Trust [on the blockchain] does not rest with the
organization, but rather within the security and auditability of the underlying code….”
Wright & De Filippi, supra note 102, at 16. See also Leibowitz, supra note 167 (“If each
participant in the transaction trusts the blockchain itself then they don’t need to directly
trust each other.”
185Permissionless ledgers such as Bitcoin are the extreme case of decentralization.
Permissioned blockchains and non-blockchain distributed ledgers may employ
hierarchical relationships to improve performance. However, these still tend to be
Trustless Trust 40

complete and accurate copy of the blockchain; there are no administrative nodes
or hierarchical relationships.186 Everyone has access to the same software. So
long as they do not control a large percentage of the mining power, no
untrustworthy actors can undermine the integrity of the system. That is the
“trustless” dimension of the blockchain.
This diffuse form of trust is not entirely orthogonal to traditional
conceptions. In Fukuyama’s analysis, trust is an expectation which arises within
communities of shared norms.187 Trust is not merely a disposition between
distinct parties; it is a collective state of a system. The basis of Fukuyama’s
argument, as well as Putnam’s research on social capital, is that societies vary
(between themselves and over time) on the strength of trust relationships they
support.188 High-trust societies develop powerful private firms and government
institutions because of their strong bedrock of interpersonal trust, not the other
way around. Centralized trust in specific transactions depends on a more
distributed baseline trust as an expression of social norms. In the same way, a
centralized relationship such as a digital wallet provider holding a customer’s
Bitcoin can be built on top of the distributed computational activity of the
blockchain.
As noted earlier, though the blockchain is physically distributed, it functions
as a logically centralized record.189 Nakamoto consensus means that there is one
unique and valid version of each transaction, even though that transaction is
recorded in many copies of the ledger. With traditional trust architectures,
because multiple entities maintain their own copies of the ledger, the system is
optimized not for uniqueness but for reconciliation.

considerably farther in the direction of fully distributed systems than the traditional
networks they replace.
186
In practice, Bitcoin isn’t quite perfectly decentralized. Miners generally adopt
code updates issued by the Bitcoin’s core developers, and the Bitcoin Foundation works
to promote standardization. See Jon Matonis, Bitcoin Foundation Launches to Drive
Bitcoin's Advancement, FORBES (Sept. 27, 2012, 6:55am),
http://www.forbes.com/sites/jonmatonis/2012/09/27/bitcoin-foundation-launches-to-
drive-bitcoins-advancement/#37536b416bc9. The Bitcoin blockchain also incorporates
“checkpoints” that are added manually, not through the decentralized mining process.
187 See Fukuyama, supra note 20.
188 See id.
189 See Wenger, supra note 110.
Trustless Trust 41

Immutable

Second, the blockchain enforces trust through immutability. A bank balance

today is just a set of numbers in a database stored in the bank’s data centers.190
In theory, someone with the proper authorization could go in and move money
from one account to another. That typically doesn’t happen. Banks enforce
security measures, internal controls, and reconciliation processes to flag
unauthorized transactions. These systems work well, the vast majority of the
time. Though not always.191 And many other records are less secure. The variety
of valuable materials stored in databases or registries is nearly endless: Identity
information, property interests, business data, sales figures…. To trust that the
information currently displayed is the information originally recorded, one must
trust the goodwill and procedures of each intermediary. And one must trust that
nothing was changed in transit.192
On the blockchain, by contrast, it is impossible to alter a recorded value if
the network is functioning as intended.193 The Bitcoin mining process validates
all the transactions in a block every ten minutes.194 Every valid block is signed
with a hash of the prior block, and added to the chain.195 The blockchain is the
longest sequence of blocks. Changing anything prior to the current block means
splitting the entire chain back to that point. Because every block is linked in a
specific sequence, such an action will be rejected without a majority of total
mining power (a 51% attack).196 One can therefore be confident, based on
mathematical proofs, that what is recorded on the blockchain has not been

190 With suitable backups, of course, in the event of data loss.

191 See Jim Finkle, Bangladesh Bank hackers compromised SWIFT software, warning
issued, REUTERS (Apr. 25, 2016 11:06AM EDT), http://www.reuters.com/article/us-usa-
nyfed-bangladesh-malware-exclusiv-idUSKCN0XM0DR.
192 In some countries, government censorship or infiltration of private systems is a
regular occurrence. And following the Snowden revelations, concerns about government
actors tracing or interfering with data flows have grown in non-authoritarian countries
as well.
193
A system-wide software update, known as a hard fork, could be used to roll back
transactions for those who adopt it. See infra TAN 317-320 . However, this is a rare and
difficult occurrence, especially for a transaction-based system such as Bitcoin. Also, a
private blockchain can be designed for non-immutable transactions.
Other blockchains may use slightly different processes, but with the same
194

outcome.
195 See Narayanan et al, supra note 98, at 32.
196 See id. at 71-72.
Trustless Trust 42

altered. Even a subsequent transaction for the same account does not eliminate
the record of the old one.197
Blockchain trust is immutable in a probabilistic sense.198 Distinguishing
untrustworthy chains from the consensus is not an all-or-nothing decision. The
more subsequent blocks added following the one in question, the higher the
likelihood the transaction is accurate.199 Over time, therefore, trust in prior
transactions increases. Blockchain trust is thus not instantaneous.200 A new
block is verified on the Bitcoin blockchain every ten minutes. There may also be
delays adding a transaction to a block. Each block has a fixed size, so some
transactions must wait until the next block.201 Trust on the blockchain arises
after the fact; perhaps long after the fact.
The requisite confidence level (and thus delay) to accept a block as valid
depends on the risk profile of the activity. Someone with little at stake will
prioritize speed over small incremental robustness, while one engaged in a large,
important transaction will be willing to wait. In theory, the benefit of
probabilistic trust is that anyone can decide the level of assurance they want, by
tolerating additional delay. In practice, it’s not so simple.202 Users and even
businesses may not be able to judge how much confidence they need relative to
how much delay.

197Sending Bitcoin to someone does not actually mean removing assets from an
account. It involves destroying some existing coins, creating new ones, and then adding
a new transaction, not altering the prior records. See Narayanan et al, supra note 98, at
75-76.
198 See Vitalik Buterin, On Settlement Finality, ETHEREUM BLOG (May 9, 2016),
https://blog.ethereum.org/2016/05/09/on-settlement-finality/. Probabilistic trust is not
limited to blockchain. Google is rolling out a trust score for Android based on multiple
factors, to replace passwords. See Ashley Carman, Google Could Replace Some Passwords
with a ‘Trust Score’ by the End of the Year, VERGE (May 23, 201, 4:41pm),
http://www.theverge.com/2016/5/23/11749938/google-android-password-trust-score-
api-io.
199 See Buterin, supra note 198.
200See Abramowicz, supra note 102, at 375 (“[T]he possibility that someone might
make two such transfers simultaneously means that instant confirmation is
impossible.”).
201 See supra TAN 160.
202 A transaction six blocks deep is generally considered immutable, although this is
just an arbitrary convention. See Antonopoulos, supra note 125, at 211; Bonneau et al,
supra note 119 (noting that the six-block convention “originates from the reference
client and is not based on any analysis of the probability of deep forks.”).
Trustless Trust 43

Immutability is not always beneficial for trust. It can provide a false

confidence. The blockchain guarantees that a transaction was recorded
accurately and only once; it does not guarantee whether the person making that
transaction is the rightful owner of the relevant private key, or other factors.
And sometimes a more trustworthy relationship can benefit from the ability to
alter prior commitments. As relational contracts theory emphasizes, contracts
may be dynamic arrangements that necessarily contemplate renegotiation to
better address mutual needs.203 If a relationship evolves over time, knowing that
prior commitments are set in stone may not always maximize mutual trust. And
when government is involved, immutability may mean systems resistant to
legitimate political authority.204

Algorithmic

Finally, blockchain trust is algorithmic. Computer security expert Andreas

Antonopoulos, author of the book Mastering Bitcoin, calls it, “trust-by-
computation”205 To accept a blockchain as valid is not to trust any human. It is to
trust cryptography, the protocols, or the outputs of the mining process,
depending on how you look at it. The algorithms of Bitcoin and Ethereum are
open source, and their ledgers are transparent, which further reinforces their
trustworthiness.206 The algorithms of the blockchain are not hidden like those of

203 See supra note 93.

204
Ethereum developer Vlad Zamfir uses the example of governments placing land
title registries and other public systems on the blockchain:
As a policy tool, the blockchain provides something that is very reliable, and will
execute exactly the way you specified it. But it is also potentially autonomous,
which means that it can survive your government. And it also means that your
people might be stuck with it.
Morgen E. Peck, Ethereum Developer Explores the Dark Side of Bitcoin-Inspired
Technology, IEEE SPECTRUM (May 19, 2016, 15:00 GMT),
http://spectrum.ieee.org/computing/networks/ethereum-developer-explores-the-dark-
side-of-bitcoininspired-technology.
205Andreas Antonopoulos, Bitcoin Security Model: Trust by Computation, O’REILLY
RADAR (Feb. 20, 2014), http://radar.oreilly.com/2014/02/bitcoin-security-model-trust-by-
computation.html
206 See Bill Maurer, Taylor C. Nelms, and Lana Swartz, “When Perhaps the Real
Problem is Money Itself!”: The Practical Materiality of Bitcoin, 23 SOCIAL SEMIOTICS 261, 263
(2013). Open source software means that any interested expert can verify the integrity of
the code and help to identify vulnerabilities. A common mantra in the open source
community, coined by Eric Raymond, is that, “with many eyeballs, all bugs are shallow.”
Trustless Trust 44

Google or Facebook; they are available for inspection by all participants in the
ecosystem.
Algorithmic trust can incorporate human decision-makers. One example
built into Bitcoin is multisig, short for multiple signatures.207 In a basic Bitcoin
transaction, the recipient of the currency must provide his or her private key to
receive the funds. Multisig allows the sender to specify that some fraction of a
larger number of keys are required. The most common multisig arrangement is
to require confirmation by two keys out of three. This allows for a simple
arbitration process. If both parties agree, their keys are sufficient to consummate
the transaction. If they disagree, the holder of the third key breaks the tie. That
third key-holder would typically be a neutral party selected in advance for such a
situation. Multisig thus allows the blockchain to connect with human-based
trust, because an arbitrator can break the tie between adversarial parties.

But is it Trust?

Blockchain trust fits awkwardly into the established definitions of what

constitutes trust. The two key attributes of trust framed by Mayer et al are
vulnerability and optimistic disposition.208 In terms of vulnerability, the Bitcoin
infrastructure may fail due to a 51% attack, a denial of service attack, or some
other technical means. These threats, while real, are relatively circumscribed.
Most of the other concerns about the viability of Bitcoin, such as transaction
capacity, currency value fluctuation, loss of private keys, and the cumbersome
nature of the consensus process, are matters of convenience or efficiency, not
vulnerability of the platform itself.
The vulnerability inherent in trust is interpersonal; it manifests itself in
relationships.209 In trusting you, I am knowingly taking a risk. That puts me at a
disadvantage. I’m only willing to do so if I overcome the (perhaps very rational)
fear that you’re a bad actor. That’s the second formal dimension of trust:
optimism about others. Trust, in Russell Hardin’s words, encapsulates
interest.210 It’s a shorthand for my belief that you’ll take my interests into

See HAROLD F. TIPTON AND MICKY KRAUSE, INFORMATION SECURITY MANAGEMENT HANDBOOK,
5th Ed. 1533 (CRC Press 2003).
207 See Antonopoulos, supra note 125, at 129.
208 See Mayer et al, supra note 38.
209 Fernando Flores and Robert C. Solomon, Creating Trust, 8 BUS. ETHICS Q. 205
(1998).
210 RUSSELL HARDIN, TRUST AND TRUSTWORTHINESS (2004).
Trustless Trust 45

account, not just your own. When you don’t take advantage me, and reward my
trust, our relationship is strengthened.
There is nothing quite like that in the blockchain’s concept of trustless trust.
A purchaser of a diamond which has its provenance inscribed on the blockchain
is no longer trusting in the seller’s goodwill. Nor are they trusting in the
goodwill of the verification service provider and the miner validating the blocks
recording the transactions. The records of sale are immutable. One assumes
miners are but ruthless profit-maximizers, some of them unscrupulous. Yet one
still trusts the accuracy of the records stored on the distributed ledger.
Philosophers of trust generally argue that machines cannot be trusted.211 The
argument is not that machines are unreliable. To the contrary, they may be
considerably more reliable than the humans they replace. Machines do not have
a will. And trust is a manifestation of the goodwill of the one being trusted.212
Perhaps the idea of, to use The Economist’s term, a “trust machine,”213 is a bit of
an oxymoron.
Satoshi Nakamoto recognized that the blockchain is in some ways an
alternative to trust, rather than a creator of it. In a discussion group post before
he disappeared, Nakamoto stated that Bitcoin is “completely decentralized, with
no central server or trusted parties, because everything is based on crypto proof
instead of trust [emphasis added].”214 He went on state that, “The root problem
with conventional currency is all the trust that's required to make it work.”215 In
some ways, therefore, the blockchain is not a new form of trust, but an
alternative to it. If Judge Posner is right that trust is a substitute for
information,216 perhaps the blockchain is a substitute for that substitute.
Or perhaps there is something deeper going on. The blockchain does remove
the need for confidence in any identifiable actor. Yet it is still trustful. Those
who rely on distributed ledgers are not just making a rational calculation; a
degree of faith is required. In these early days for the blockchain, that faith
derives from the lack of longitudinal evidence that any distributed ledger does,

211 See Jones, supra note 50.

212 See id.
213
See supra note 168.
214 Satoshi Nakamoto, Bitcoin Open Source Implementation of P2P Currency, SATOSHI
NAKAMOTO INSTITUTE (Feb. 11, 2009),
http://satoshi.nakamotoinstitute.org/posts/p2pfoundation/1/.
215 See id.
216
See Posner, supra note 46.
Trustless Trust 46

in fact, work as intended in the real world. Even once there is a track record,
there are too many points of instability to model risk with certainty. Transaction
capacity may fail to scale sufficiently, rewards may be insufficient to attract
miners, mining may become too consolidated, and previously unknown attack
vectors may be developed, to name just a few possibilities. Such risks are true
vulnerabilities: there is no recourse mechanism built into the blockchain.217
The blockchain is a foundation for trusted relationships because standing
behind it, more than it seems, are people.218 As Circle co-founder Sean Neville
noted, “Cryptography and software could replace the gatekeepers, but that
doesn’t mean we don’t have trust in human beings at all.”219 The blockchain is in
some sense “just” a global distributed computer. In other ways, it is a collective
entity—like firms and communal organizations—that can engender both
cognitive and affective trust.
While it may not be meaningful to talk of benevolence in connection with
the blockchain, the other two elements of trustworthiness—ability and
integrity—are operative.220 One can have confidence that the blockchain can
deliver on its commitments. And can believe believes in the values instantiated
in its software. A distributed ledger, whether Bitcoin, Ethereum, or some other
platform, reflects an evolving set of design choices. Nakamoto Consensus, for
example, relies on assumptions about incentive structures for miners. And
Bitcoin adopts a pseudonymous identity approach, rather than strict anonymity
or real names. Such decisions are themselves made on some principled, non-
arbitrary basis.
The trustworthiness of the blockchain is not guaranteed. But that is the
point. So long as there is rational option not to trust, the affirmative choice is
meaningful.

217
See supra notes 62-65 and accompanying text.
218 See infra Part (V)(B)(1).
219 Pete Rizzo, Circle Execs: The DAO Proves Blockchains Require Trust, COINDESK (June
22, 2016, 3:09 BST), http://www.coindesk.com/circle-execs-dao-proves-blockchains-
trust/.
220
See supra Part (III)(B)(3).
Trustless Trust 47

IV. TRUSTLESS TRUST IN ACTION

The combination of distributed ledgers to record transactions, consensus
mechanisms to verify their accuracy, and smart contracts to build applications
provide the foundations for virtually any functionality on the blockchain.221 It is
early. Much of the blockchain economy is still more concept than reality. Even
the limited experiments, however, point to very large opportunities. Equally
significant, the blockchain is beginning to occupy the same turf as the legal
system. The real-world examples show the potential of trustless trust. They also
demonstrate its dangers.

A. Blockchain Applications

There are three major areas in which the blockchain has begun to take root:
finance, proof-as-a-service, and decentralized applications.

Finance

The initial wave of blockchain applications were mostly financial in nature.

Bitcoin was designed as a currency, and lent itself most easily to other kinds of
financial applications. The concept of a ledger is familiar in the financial world.
And the transaction costs of modern financial transactions offer inviting targets
to attack with blockchain technology.
Some blockchain financial applications mirror existing systems. Digital
wallet providers such as Coinbase and Circle make it easy for users to store,
transfer, or makes purchases using Bitcoin.222 These systems hide the complexity
of the blockchain and digital signatures from users, allowing them to transact in
a manner similar to Paypal and other existing systems. On the business-to-
business side, Ripple offers banks and other financial institutions a system that
uses a distributed ledger to reduce the costs and inefficiencies of cross-border
payments.223 Some envision that individuals or organizations could create their

221 See Wright & De Filippi, supra note 102, at 16 (“By facilitating coordination and
trust, a blockchain enables new forms of collective action that have the potential to
bypass existing governance failures.”).
222See Davey Alba, This Digital Wallet Could Finally Get You Into Bitcoin, WIRED, (Apr.
30, 2015 12:44pm), http://www.wired.com/2015/04/circle-bitcoin-digital-wallet/.
223 See David Meyer, More Banks Are Trying Out Blockchains for Fund Transfers,
FORTUNE (June 23, 2016, 4:10am EDT), http://fortune.com/2016/06/23/ripple-blockchain-
banks/.
Trustless Trust 48

own cryptocurrency-backed financial instruments, and decentralized exchanges

could take the place of today’s stock markets.224
Perhaps the biggest opportunity to go beyond existing financial systems is
the realm of the unbanked. Billions of people in the developing world, as well as
poor areas in the developed world, lack full access to the modern digital financial
system. They are either in areas that have no banking infrastructure, or are
forced to use less-efficient and more-expensive mechanisms such as check
cashing companies or money transfer services.
The blockchain has the potential to democratize access to the financial
system. People who otherwise would not have access to banks could more easily
receive and make electronic payments, avoiding the difficulty and high fees of
existing options.225 Mobile payments solutions have already taken off in some of
these areas, notably MPesa in Kenya, but these still require participation by
banks.226 And sending payments between institutions or across borders is a
significant hurdle. Blockchain-based solutions may be a significantly easier
alternative for direct financial inclusion as well as humanitarian aid
disbursement and other applications.227
A related opportunity is remittances. Individuals working abroad send back
significant sums to their families, comprising a major share of the gross
domestic product of many developing countries.228 Yet because of limited
financial services infrastructure in the developing world, the process is

224 See Wright & De Filippi, supra note 102, at 26-28.

225 Cathy Reisenwitz, Smart Property’s Promise for the Poor, BITCOIN MAG. (Jan. 27,
2014, 7:48pm), https://bitcoinmagazine.com/9702/smart-propertys-promise-poor/; Mark
S. Miller & Marc Stigler, THE DIGITAL PATH: SMART CONTRACTS AND THE THIRD WORLD,
http://www.erights.org/talks/pisa/paper/index.html; Susan Athey, 5 Ways Digital
Currencies Will Change the World, WORLD ECON. FORUM AGENDA BLOG (Jan. 22, 2015),
https://agenda.weforum.org/2015/01/5-ways-digital-currencies-will-change-the-world/.
226 See Why Does Kenya Lead the World in Mobile Money?, Economist (May 27, 2013,
23:50), http://www.economist.com/blogs/economist-explains/2013/05/economist-
explains-18.
227 See Connie M. Gallippi, Can Bitcoin Revolutionize Global Aid and Philanthropy?,
HIVE (Sept. 22, 2015), http://hivedata.com/blog/can-bitcoin-revolutionize-global-aid-
and-philanthropy/; Lorelei Kelly and Matthew McKibbin, Let’s Make Bitcoin the Biggest
Humanitarian Tool the World Has Ever Seen, TECHCRUNCH (Nov. 28, 2014),
https://techcrunch.com/2014/11/28/lets-make-bitcoin-the-biggest-humanitarian-tool-
the-world-has-ever-seen/.
228 Mark Scott, Remittances at the Click of a Smartphone Button, N.Y. TIMES BITS BLOG
(June 7, 2015, 9:00 AM), http://bits.blogs.nytimes.com/2015/06/07/remittances-at-the-
click-of-asmartphone-button.
Trustless Trust 49

extremely inefficient and features high transaction costs. Abra is an example of a

startup building a remittances solution on the blockchain, thus circumventing
these inefficiencies.229 The system allows cash to be withdrawn in local currency
through a network of tellers, initially in the Philippines.

Proof-as-a-Service

Beyond the financial applications, the core capability the blockchain

provides is reliable validation. Blockchain analyst William Mougayar
distinguishes two kinds of applications: Proof-in-a-Service and Proof-as-a-
Service.230 The former builds more complex functionality, such as registries and
smart contracts, on top of the basic proof capability. The latter offers
verification itself as a valuable service.
The most basic examples of proof-as-a-service are startups such as
OriginStamp, which offers trusted timestamping,231 and Proof of Existence,
which verifies that a file in fact existed at a given time.232 Such functionality is
often important in legal contexts. For example, did a creator express an idea,
giving rise to copyright, before a challenger? Or was an insurance contract
signed at the time of a loss? Legal mechanisms such as notaries and government
registries are used to address this need, but they are costly, bureaucratic, and
subject to error.233 The blockchain offers the potential for robust global, real-
time proof services without such overhead.
A more dynamic form of proof is provenance: Tracing the flow of goods
through supply chains and purchases.234 Trusted movement across such steps is
important both for economic reasons and ethical ones. Firms want to know they
are getting what they paid for, and they may want to know they aren’t getting
illegally-logged timber, shoes made with child labor, or conflict diamonds.

229See Stan Higgins, Bitcoin Startup Abra Moves to Launch Mobile Remittance App,
COINDESK (Oct. 22, 2015, 16:00 BST), http://www.coindesk.com/bitcoin-startup-abra-
moves-to-launch-mobile-remittance-app/.
230 See WILLIAM MOUGAYAR, THE BUSINESS BLOCKCHAIN 35-36 (2016).
231 http://www.originstamp.org
232 https://www.proofofexistence.com.
233
See Tapscott & Tapscott, supra note 98.
234 See Nicole Kobie, Blockchain Could Track Your Fish Supper from Boat to Plate,
WIRED (Nov. 24, 2015), http://www.wired.co.uk/article/jessi-baker-wired-retail-2015.
Trustless Trust 50

Several startups are focused on this opportunity either for particular goods or
generally.235
More broadly, proof-as-a-service can validate any resource. This potentially
makes the blockchain into the authoritative registry for anything.236 IBM and
Samsung envision the blockchain powering the Internet of Things, the coming
world of trillions of networked sensors on virtually every device.237 Even
governments are recognizing they may be better off maintaining registries in a
distributed ledger than in a centralized database. The state of Delaware
announced in May 2016 that it was partnering with startup Symbiont to migrate
the state’s internal recordkeeping for Delaware-domiciled companies to the
blockchain.238
Land titles are an example of how blockchain-based registries might do more
than just improve efficiency. Countries such as the United States have well-
developed systems for registration of land titles, going back to the 19th century
or earlier. Recording of deeds means that land owners can use, sell, or subdivide
their property with confidence, or can use it as collateral on loans. The Peruvian
economist Hernando de Soto argues that the absence of well-functioning land
registration systems in the developing world is a major impediment to economic

235 These include Fluent, see Stan Higgins, Supply Chain Startup Fluent Raises $1.65
Million in Seed Funding, COINDESK (May 10, 2016, 13:44 BST),
http://www.coindesk.com/supply-chain-startup-raises-1-65m-seed-funding/ (supply
chain verification); Verisart, see Mike Butcher, Verisart Plans to Use the Blockchain to
Verify the Authenticity of Artworks, TECHCRUNCH (July 7, 2015),
http://techcrunch.com/2015/07/07/verisart-plans-to-use-the-blockchain-to-verify-the-
authencity-of-artworks/ (artwork); Everledger, see supra note 8 (diamonds); and Ascribe,
see supra note 9 (attribution for content creators).
236 See Fairfield, supra note 103, at 809 (“Trustless ledgers offer the potential to
significantly address one of the great inefficiencies of modern property: its reliance on
expensive, inaccurate, hard-to-access, hard-to-search, and insecure ledgers of all
stripes.”); Abramowicz, supra note 102, at 372 (“Thus, in principle, a block chain can be
an authoritative, chronologically ordered record of any type of legal decision.”).
237 Paul Brody & Veena Pureswaran, DEVICE DEMOCRACY : SAVING THE FUTURE OF THE
INTERNET OF THINGS (2015). Colin Barker, Is Blockchain the Key to the Internet of Things?
IBM and Samsung Think it Might Just Be, ZDNET (Jan. 21, 2015),
http://www.zdnet.com/article/is-blockchain-the-key-to-the-internet-of-things-ibm-
and-samsung-think-it-might-just-be/#!.
238Stephen Joyce & Gregory Roberts, Delaware Introduces Blockchain Initiative,
BLOOMBERG BNA (May 4, 2016), http://www.bna.com/delaware-introduces-blockchain-
n57982070625/.
Trustless Trust 51

development.239 Initiatives are underway in various parts of the world to use the
blockchain as a solution.240
Finally, proof-as-a-service can be the foundation for smart property.241 This
is the concept that physical assets could maintain a record of their own access
and use rights, which could be updated dynamically. A car-sharing service such
as Zipcar, for example, could automatically transfer access rights, as well as
insurance, repossession rules, and other aspects upon presentation of a digital
signature. Property rights in digital assets such as intellectual property are
nothing new, but the blockchain might change the ways such rights can be
practically established and used.242

Decentralized Applications

The last set of blockchain uses is the most far-reaching. Systems in the
category Mougayar labels proof-in-a-service are more generally known as
decentralized applications, or DApps.243 If smart contracts turn the blockchain
into a distributed computer, DApps are the interactive services that run on that
computer. Because Bitcoin originally focused on currency transactions and
offered limited smart contract capabilities, it took time for the DApp market to
develop. Ethereum’s ability to function as an application server and
development environment for decentralized applications has catalyzed activity
since the latter part of 2015.244
As with the financial uses of the blockchain, many decentralized applications
mimic existing centralized applications. Stroj provides decentralized cloud

239 See De Soto, supra note 69.

240 Laura Shin, Republic of Georgia to Pilot Land Titling on Blockchain with Economist
Hernando De Soto, BitFury, FORBES (Apr. 21, 2016, 6:00pm),
http://www.forbes.com/sites/laurashin/2016/04/21/republic-of-georgia-to-pilot-land-
titling-on-blockchain-with-economist-hernando-de-soto-bitfury/#5a2979f36550; Roger
Aitken, Bitland’s African Blockchain Initiative Putting Land on the Ledger, FORBES, (Apr. 5,
2016, 2:44pm), http://www.forbes.com/sites/rogeraitken/2016/04/05/bitlands-african-
blockchain-initiative-putting-land-on-the-ledger/#59ee9ab11029
241 See Szabo, supra note 145.
242 See Fairfield, supra note 103, at 834-38.
243 Michael Gord, How Decentralized Applications Could Bring the Blockchain to New
Industries, BITCOIN MAG. (Feb. 13, 2016, 12:44AM),
https://bitcoinmagazine.com/articles/how-decentralized-applications-could-bring-the-
blockchain-to-new-industries-1455324259.
244One site lists 245 decentralized application projects at various stages of
development as of July 2016. STATE OF THE DAPPS, http://dapps.ethercasts.com/.
Trustless Trust 52

storage, comparable to Dropbox or Apple’s iCloud;245 Decent provides

decentralized content dissemination, similar to blogging and music distribution
services;246 La’Zooz supports decentralized ridesharing, comparable to Uber or
Lyft;247 OpenBazaar is a decentralized e-commerce marketplace, along the lines
of eBay but built on top of Bitcoin.248
Other DApps are more novel. For example, Goldman Sachs suggests that the
blockchain might facilitate distributed markets for electricity.249 Users could sell
excess power generated through rooftop solar cells to local utilities. Such
transactions are limited today due to the overhead of managing the volume of
potential transactions among large numbers of individual customers and electric
utilities.250 A distributed ledger could track those transactions without the
overhead of a central system. Goldman Sachs estimates this market opportunity
at $2.5-$7 billion annually.251
One of the most ambitious categories of decentralized applications is a
distributed autonomous organization, or DAO.252 A DAO is business firm,
conceived as a nexus of contracts, built entirely in software. The standard
corporate arrangements of equity, debt, and corporate governance can be
encoded as a series of smart contracts. Investors in a DAO would contribute
funds in the form of a cryptocurrency such as Bitcoin. The distributed
application would handle payment of salaries, dividends, proxy votes, and so
forth.

245Storj, the New Decentralized Cloud Storage Platform Goes Live, NEWSBTC (Apr. 10,
2016, 4:30pm), http://www.newsbtc.com/2016/04/10/storj-new-decentralized-cloud-
storage-platform-goes-live/
246 http://decent.ch/.
247 See supra note 11.
248 See supra note 12.
249 See Schneider et al, supra note 14, at 4.
250
A trial program of this sort is underway in Brooklyn, New York. See Aviva Rutkin,
Blockchain-Based Microgrid Gives Power to Consumers in New Nork, NEW SCIENTIST (March
9, 2016), https://www.newscientist.com/article/2079845-blockchain-based-microgrid-
gives-power-to-consumers-in-new-york/.
251
See Schneider et al, supra note 14.
252See Vitalik Buterin, Bootstrapping A Decentralized Autonomous Corporation: Part I,
BITCOIN MAG. (Sept. 19, 2013), https://bitcoinmagazine.com/7050/bootstrapping-a-
decentralized-autonomous-corporation-part-i/; MELANIE SWAN, BLOCKCHAIN: BLUEPRINT
FOR A NEW ECONOMY (2015). Wright & De Filippi, supra note 102, at 17, 31-32.
Trustless Trust 53

The idea sounds like science fiction, but it is very real. A small group of
German programmers created a crowdfunding platform called “The DAO” based
on Ethereum and launched it in May 2016.253 The DAO is designed to provide
Ether (the Ethereum cryptocurrency) to projects selected by a vote of its
contributors. In just a few weeks, the equivalent of over $150 million in Ether
was pledged to the DAO to use for crowdfunding.254 The legal status of this
virtual corporation as well as that of its investors, developers, and beneficiaries,
is an open question.255
The explosion of decentralized applications, like the explosion of Web
applications in the late 1990s, is producing a wealth of experimentation and
innovation. Some of the most ambitious early Web startups, such as Webvan
and Kozmo.com, failed spectacularly as well. So long as the basic rationales for
distributed systems are valid, firms that solve real problems in a technically and
economically feasible way will eventually succeed.

B. Ledgers Meet Law

Discussions of the law and the blockchain generally concentrate on whether

and how governments will regulate.256 Indeed, there are a great many garden-
variety legal questions to address. Finance in particular is a heavily regulated
sector in the U.S. and internationally. Public policy considerations such as
prevention of money-laundering do not disappear in the face of elegant
cryptography. Conversely, there are good arguments for giving the blockchain

253Christoph Jentzsch, DECENTRALIZED AUTONOMOUS ORGANIZATION TO AUTOMATE

GOVERNANCE, https://download.slock.it/public/DAO/WhitePaper.pdf (last visited July 5,
2016).
254Nathaniel Popper, A Venture Fund with Plenty of Capital, But No Capitalist, N.Y.
TIMES (May 21, 2016), http://www.nytimes.com/2016/05/22/business/dealbook/crypto-
ether-bitcoin-currency.html?_r=0.
255 See Shawn Bayern, Of Bitcoins, Independently Wealthy Software, and the Zero-
Member LLC, 108 Nw. U. L. Rev. 1483 (2014); Tanaya Macheel, The DAO Might Be
Groundbreaking, But is it Legal?, A M. BANKER (May 19, 2016),
http://www.americanbanker.com/news/bank-technology/the-dao-might-be-
groundbreaking-but-is-it-legal-1081084-1.html; Peter Van Valkenburgh, DAOs: the
Internet is Weird Again, and These are the Regulatory Issues, COINCENTER (June 2, 2016),
https://coincenter.org/entry/daos-the-internet-is-weird-again-and-these-are-the-
regulatory-issues
256 See supra note 117.
Trustless Trust 54

space to develop and recognizing its potential for self-regulation.257 Without

belittling such issues, my focus is different: what the blockchain means for law.

Blockchain as Supplement

Where the existing trust architecture is generally functional, the blockchain

can operate as an additional layer subject to established legal rules. In such
situations, the primary value proposition of the distributed ledger is the speed
and efficiency gain of a single shared data record.258 The blockchain replaces the
error-prone messaging structures between participants, but does not seek to up-
end industry structure.259
For example, in the United States, there are well-developed legal rules and
established practices around real estate transactions. Title insurance is used to
protect buyers against defects in land titles. The combination of formal rules and
solid norms produces a strong environment of trust. However, there are
significant inefficiencies in the system. Title insurance is still largely based on
paper records, which must be exchanged among multiple parties. Goldman Sachs
estimates moving to distributed ledgers could reduce title insurance costs in the
United States by two to four billion dollars annually, thanks to improved
efficiency and reduced risk.260
In this scenario, the existing legal obligations and centralized business
arrangements bear the primary trust burden for the transaction. The blockchain
steps in as a potentially superior record-keeping mechanism. Trust in the
integrity of the data on the shared ledger is sufficient. The buyer’s trust
relationships with the seller and various intermediaries such as banks and
brokers remain unchanged. Systemic concerns about the technical viability of
distributed ledgers remain relevant as trust considerations.261 The other
concerns and limitations of the blockchain as a trust infrastructure are less
relevant, because the shared ledger is not attempting to supplant legal recourse.
Another example is Corda, a project of the R3 financial industry consortium.
It uses distributed ledger technology to manage agreements between financial

257
See Wright & De Filippi, supra note 102.
258 See supra Part III(B)(2).
259 Cf. Building the Trust Engine, supra note 98, at 8 (“Instead of making them
superfluous, the blockchain may very well make banks better at what they do.”).
260 See Schneider et al, supra note 14, at 4-5.
261 See supra Part IV(C)(2).
Trustless Trust 55

institutions, involving cash, securities, or derivatives. As R3’s Richard Gendal

Brown explained in a blog post describing Corda:
The financial industry is pretty much defined by the agreements that
exist between its firms and these firms share a common problem: the
agreement is typically recorded by both parties, in different systems and
very large amounts of cost are caused by the need to fix things when
these different systems end up believing different things.262
Corda employs a distributed ledger to maintain a shared record of the web of
financial agreements among banks. Because it is designed to supplement the
current legal structure, only identified institutions can participate in the
network.263 The data structure for recording transactions is actually not a
blockchain and does not use proof of work, although it employs the basic
distributed consensus approach the Nakamoto outlined.264 The system explicitly
invites in regulators, who can operate “supervisory observer nodes” with access
to real-time information about transactions.265 This is an important point. If
designed to facilitate regulatory oversight, rather than to exclude government as
with the original Bitcoin protocols, blockchain-based systems can actually
support more effective regulation. The real-time transparency of the shared
ledger could allow regulators to identify and respond to problems before the
consequences become dire.266 Or they could even build compliance mechanisms
directly into the system.267
With supplementary distributed ledgers, all the work of establishing trust
has already been done. The blockchain is used solely to protect the integrity of
data on the shared ledger. This is the least ambitious mode of applying the
blockchain, and they the least transformative. It is likely to be most comfortable
for regulators and other government actors, because it does not ask them to
change their roles or rules substantially. The risks are lower, but the benefits are
concomitantly more limited. The blockchain as a supplement to existing legal
regimes can promote efficiency and reduce transaction costs, but is unlikely to
transform industry structures or produce breakthrough innovations.

262 See Brown, Introducing Corda, supra note 109.

263 See id.
264 See id.
265 See id.
266 See Building the Trust Engine, supra note 98, at 24 (“In a blockchain-based
system, where transactions are immediate and the ledger public, regulators could have a
real-time view of what is transpiring in the system at all times.”).
267 See id. at 25.
Trustless Trust 56

Blockchain as Complement

A second class of applications involves situations where trust based on the

legal system is breaking down or insufficient. Distributed ledgers can
complement and extend the existing trust architecture. Often the problem in the
current environment is that centralized arrangements cannot scale effectively
enough, preventing desirable solutions. Where the blockchain powers new
markets, it often does so in ways that are complementary to existing legal
arrangements.
Consider the challenge of orphan works under copyright law.268 These are
works whose rights-holders cannot be located. Those who wish to use them, for
example, documentary filmmakers wishing to incorporate archival footage, can’t
negotiate a license even if they wanted to. Orphan works are thus in legal limbo.
The risk of statutory damages for copyright infringement is a severe threat that
scares away potential users of the material, even though in some cases it might
actually be in the public domain. The marketplace envisioned by copyright law,
in which authors can control and monetize their output, fails to develop.
Orphan works are a good opportunity to use a shared registry to create a new
market.269 A blockchain-based registry would be available to all and would not
give excessive gatekeeper power to any intermediary. Smart contracts could be
used to ensure that those who use orphan works pay licensing fees to legitimate
rights-holders who come forward (most likely vetted by an arbitration
mechanism). The distributed ledger here wouldn’t take the place of standard
copyright law, but it would extend it in a direction that it cannot easily go
today.270
A more ambitious version of a similar idea is to give artists and other content
creators persistent control over rights associated with their creations. Today,
digital rights management systems are controlled by intermediaries and
distributors, not the creators themselves. As a result, many artists have
difficulty receiving sufficient compensation. Initiatives are underway to
decentralize control over digital rights using distributed ledgers, giving power

268See Jerry Brito & Bridget Dooling, An Orphan Works Affirmative Defense to
Copyright Infringement Actions, 12 MICH. TELECOMM. & TECH. L. REV. 75 (2005).
269
See Patrick Murck, Waste Content: Rebalancing Copyright Law to Enable Markets of
Abundance, 16 ALB. L.J. SCI. & TECH. 383, 416-17 (2006).
270
Similarly, the blockchain could be used to create unique digital assets that allow
for a digital version of copyright’s longstanding first sale doctrine. See Patrick Murck,
The True Value of Bitcoin, CATO UNBOUND, July 31, 2013, http://www.cato-
unbound.org/2013/07/31/patrick-murck/true-value-bitcoin.
Trustless Trust 57

back to artists, including Ujo Music, PeerTracks, and the Open Music
Initiative.271
These ventures still face the challenge of entrenched power dynamics. Even
if artists have the technical capacity to control their output, they may not have
the practical ability to do without the marketing and distribution power of the
music industry. In all likelihood, a limited segment of artists will be sufficiently
big but sufficiently small to take advantage of distributed rights platforms, but
this would still be an advance over the current artist-hostile system.
As with the supplemental applications, these blockchain-based solutions
leave conventional law (in this case, the copyright system) in place. However,
they extend it to new applications that are untenable through existing trust
architectures. As a result, there may need to be mappings between the apparatus
of legal enforcement and the technical framework of distributed ledgers.
The blockchain can also provide alternative solutions for trusted exchanges
when legal authorities refuse to give their sanction. When the government of
Buenos Aires in Argentina blocked credit card companies from accepting Uber
ride-sharing transactions, the company switched to a debit card transacting in
Bitcoin.272 This example resembles Silk Road and other uses of Bitcoin for illegal
activity.273 The difference is that the underlying activity is not per se illegal,
merely subject to a regulatory dispute. The cryptocurrency gives Uber leverage
against the Buenos Aires government, by establishing a trusted payment option

271 See Gideon Gottfried, How “the Blockchain” Could Actually Change the Music
Industry, BILLBOARD (Aug. 5, 2015),
http://www.billboard.com/articles/business/6655915/how-the-blockchain-could-
actually-change-the-music-industry; Ian Allison, Imogen Heap Shows How Smart Music
Contracts Work Using Ethereum, INT’L BUS. TIMES (Oct. 4, 2015, 7:51 BST),
http://www.ibtimes.co.uk/imogen-heap-shows-how-music-smart-contracts-work-using-
ethereum-1522331; Malcolm Gay, Can Major Initiative Led by Berklee Solve Music-Rights
Problems?, BOSTON GLOBE, June 13, 2016,
https://www.bostonglobe.com/arts/music/2016/06/12/berklee-lead-musical-rights-
initiative/aXBXC8adJgXE4IRRt8dcKO/story.html.
272
See Joel Valenzuela, Uber Switches to Bitcoin in Argentina After Govt Blocks Uber
Credit Cards, COINTELEGRAPH (July 6, 2016, 11:40am),
http://cointelegraph.com/news/uber-switches-to-bitcoin-in-argentina-after-govt-
blocks-uber-credit-cards.
273
See supra note 153.
Trustless Trust 58

outside traditional centralized channels.274 As with the orphan works example,

blockchain trust potentially shifts the legal power dynamics.

Blockchain as Substitute

The final category of blockchain legal applications involves no backstop of

traditional legal enforcement. Blockchain applications for the developing world,
such as financial inclusion and land title initiatives,275 will generally fall into this
category. So might fully automated, global systems such as The DAO.276 Here,
trustless trust attempts to fully subsume the role of the legal system.
These examples resemble the vision of 1990s cyberlaw experts that digital
communities would define their own rules, free from state involvement.277 In
fact, Aaron Wright and Primavera de Filippi draw a direct connection between
the blockchain’s “Lex Cryptographica” and the “Lex Informatica” of software
code.278 They argue that the blockchain “could make it easier for citizens to
create custom legal systems, where people are free to choose and to implement
their own rules within their own techno-legal frameworks.”279
The experience of the past twenty years suggests that governments and
powerful private institutions will not so easily be disintermediated.280 Where

274
The Buenos Aires government couldn’t block the Uber riders from using the
distributed Bitcoin network. However, it could probably issue an order against the Swiss
firm, Xapo, that provides the debit cards which translate between Bitcoin and the local
currency. See Valenzuela, supra note 272.
275 See supra Part IV(A)(1).
276
See supra TAN 252-254.
277
See David R. Johnson & David G. Post, Law and Borders: The Rise of Law in
Cyberspace, 48 STAN. L. REV. 1367 (1996).
278Wright & De Filippi, supra note 102, at 44-47. See generally Joel Reidenberg, Lex
Informatica: The Formulation of Information Policy Rules through Technology, 76 TEXAS L.
REV. 553 (1997) (developing the concept of Lex Informatica by analogy to the historical
Lex Mercatoria).
279 Wright & De Filippi, supra note 102, at 40.
280 See generally Kevin Werbach, The Song Remains the Same: What Cyberlaw Might
Teach the Next Internet Economy, __ FLA. L. REV. __ (forthcoming 2017) (detailing how the
vision of unregulated digital spaces failed); JACK GOLDSMITH & TIM WU, WHO CONTROLS
THE INTERNET? ILLUSIONS OF A BORDERLESS WORLD (2006) (showing how governments
successfully imposed controls on online activity).
Wright & De Filippi acknowledge this fact. See Wright & De Filippi, supra note 102,
at 49. They suggest the blockchain might dramatically expand the scope of regulation by
code relative to other regulatory modalities. See id. at 50. While this could be the case,
Trustless Trust 59

they had a strong desire to regulate online activity, they found ways to do so. A
similar pattern seems likely for activity on the blockchain: Where the stakes are
high enough, governments will not simply defer their authority. Even when
transactions are entirely digital, peer-to-peer, cross-border, and
cryptographically secured, providers on the network can be identified and
subject to territorial legal obligations.281 Moreover, outside of activity that is
illegal or in need of extreme security, the incentives are lacking for most users to
adopt custom legal systems where the existing ones are functional.282 And as the
creators of The DAO discovered, taking the place of law is not as easy as it may
seem.283
On the other hand, where there is no viable rule of law in place, the
blockchain trust architecture may operate as a stand-in. In these scenarios a
traditional legal trust architecture is not an option. This is, in a sense, the

the fact that the distributed ledgers provide the capability to develop customized
extralegal rule-sets does not mean they will be. Given the experience of the past twenty
years, the burden is on those arguing the outcome will be different this time. It bears
noting that while distributed ledgers based on Nakamoto Consensus are new, smart
contracts and digital currencies are not. Nick Szabo described the mechanism for private
regulation by smart contract in the 1990s. See Szabo, supra note 145. There has not,
however, been widespread adoption of cryptographically-based private law.
281See Goldsmith & Wu, supra note 280. For further validation, just ask the creators
of Grokster, Kazaa, and Streamcast, the decentralized file-sharing services that were
shut down when the U.S. Supreme Court declared them liable for contributory copyright
infringement. See MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 (2005). The courts
cannot entirely prevent distribution or use of open-source peer-to-peer software, but
they can impose liability on companies making money from that software. There is an
important difference between fringe activities of bands of users, and substantial markets
that can scale for the mainstream.
282 There are similar problems with Josh Fairfield’s appealing argument that smart
contracts could be used to create intelligent agents that autonomously negotiate terms
of service with online sites, thus shifting the balance of power back to users. See Josh
Fairfield, Smart Contracts, Bitcoin Bots, and Consumer Protection, 71 WASH. & LEE L. REV.
ONLINE 36 (2014), http://scholarlycommons.law.wlu.edu/wlulr-online/vol71/iss2/3. Why
would service providers budge? They still hold all the cards, even if users have the
technical ability now to request different terms. The dynamics would only change if
courts reversed twenty years of precedent and declared clickwraps invalid without
evidence of active consideration by the user or her software agent, which seems unlikely.
And while some sophisticated users may employ the new technology of the blockchain to
wrest control from intermediaries, most users will choose convenience and familiarity
instead, as they always do.
283
See infra Part (IV)(C)(4).
Trustless Trust 60

original distributed ledger application, focused on generating trust from a

foundation of mutual distrust (the Byzantine Generals Problem). In addition to
public services such as land titles, humanitarian aid is often delivered in
environments lacking legal enforcement, leading to substantial fraud and
inefficiencies.284 The blockchain could offer an alternative.

C. Limitations and Dangers

What could possibly go wrong with trustless trust? Quite a lot.

Trust vs. Reliance

Trust is more than reliance.285 Decentralized ledger technology gives users

confidence they can store and transact with valuable assets. However, that is not
the same thing as finding a person or institution to be trustworthy.286 Trust is a
richer concept than confidence in a result. It is inextricably tied up with social
dynamics. By seeking to replace reliance on people, companies, and
governments with reliance on software code and cryptography, the blockchain at
some level produces the opposite of trust.
Ironically, the very safety of distributed ledgers limits their value as trust
instruments. Trust, as previously discussed, involves vulnerability. Up to a point,
trust is correlated with risk. The one trusting must make a judgment that the
counterparty is trustworthy. The function of enforcing agreements, while
relevant to trust, is not itself sufficient to establish trust. According to Ko
Kuwabura, “contractual enforcement creates too little risk to cultivate
perceptions of trust and trustworthiness.”287 Someone may sign a contract with a
party they don’t trust because they believe the legal system protects them from

284
See Tapscott & Tapscott, supra note 98, at 188-92.
285 See supra TAN 50.
286
Agreement does not necessarily presume trust. An insight of game theory is that
even non-communicating parties may converge on common points by independently
choosing the most likely or familiar option. See THOMAS C. SCHELLING, THE STRATEGY OF
CONFLICT (Harvard University Press 1960). The creators of both smart contracts and
Ethereum make reference to these Schelling Points. See Szabo, supra note 145; Vitalik
Buterin, SchellingCoin: A Minimal-Trust Universal Data Feed, ETHEREUM BLOG (March 28,
2014), https://blog.ethereum.org/2014/03/28/schellingcoin-a-minimal-trust-universal-
data-feed/.
287 Ko Kuwabara, Do Reputation Systems Undermine Trust? Divergent Effects of
Enforcement Type on Generalized Trust and Trustworthiness, 120 AM. J. SOCIOLOGY 1390,
1397 (2015).
Trustless Trust 61

misconduct or breach. That doesn’t make them trust the counterparty any more.
In fact, mandatory mechanisms that guarantee enforcement may actually reduce
trust, rather than enhancing it.288
Philosophers of trust emphasize this dimension. Karen Jones says that trust
is not an expectation of performance, but an expectation about the goodwill of
the one considered trustworthy.289 Trust, she argues, means “that the one
trusted will be directly and favorably moved by the thought that someone is
counting on her.”290 A blockchain cannot be “favorably moved.”291 The danger
here is that reliability doesn’t necessarily produce the full benefits of trust.
Confidence is performance isn’t the same thing as a true relationship. It doesn’t
necessarily produce spillovers into other activities, the kind of thick social
capital that Fukuyama and Putnam emphasized.

Systemic Risks

Blockchain-based systems are not invulnerable. There are several ways that
trust in distributed ledgers may prove unjustified. The nature and magnitude of
these risks vary, so they should be considered separately. Moreover, different
levels of security and robustness are needed depending on the application. A
bank will be more concerned about certain risks than a merchant engaged in a
small-value consumer transaction. Medical records on the blockchain will have
different risk profiles than supply chain records for diamonds. Such variation is
not unique to the blockchain; it is part of trust and security with existing
centralized systems. Given the novelty of distributed ledgers, though, it will take
some time to sort out the appropriate security models.
At the most general level, distributed ledgers depend on modern
cryptographic techniques, including secure hashing algorithms and elliptic curve
cryptography. Basic vulnerabilities in these mechanisms cannot be ruled out,
especially with advances in computing power. If such flaws exist, however, they
will apply at least as strongly to the existing online transactional systems, which
rely on the same cryptography. A more likely danger is flawed implementation of

288See Ribstein, supra note 52, at 555 (“[M]andatory rules to increase trust, in any
form, may have precisely the opposite effect.”)
289 Jones, supra note 50, at 8.
290 Id.
291 Phillip Pettit made a similar argument about electronic commerce. One might rely
on eBay sellers to deliver the specified goods, he stated, but this is not the same thing as
trusting them. See Phillip Pettit, Trust, Reliance and the Internet, http://analyse-und-
kritik.net/2004-1/AK_Pettit_2004.pdf
Trustless Trust 62

cryptographic techniques, such as reliance on random number generators that

are not actually random. Blockchain technology, like any system built on
computer code, is not perfect. There have been significant bugs discovered in the
open source Bitcoin code, although they were addressed prior to any lasting
damage.292
Bitcoin’s trust architecture has some explicit limitations. Nakamoto’s
solution to the Byzantine Generals Problems is remarkably robust, but it can be
overcome by a 51% attack.293 If someone controls more than half of the mining
power in the network, they can validate blocks of their choosing, even if they
involve double-spending. Bitcoin relies on the difficult of amalgamating such
enormous processing power. Today, that would be equivalent to several hundred
of the world’s fastest supercomputers, running non-stop.
Nonetheless, because most mining is now handled through pools in which
many participants aggregate their activity, it is not inconceivable that a pool
could cross the threshold.294 The danger of a 51% attack increases when mining
network power decreases.295 That tends to occur when the price of Bitcoin falls,
reducing the incentives for miners, or at the “halving” points when the
algorithm automatically reduces the award to slow the flow of new currency into
the system.296 Permissioned blockchains, which have an additional layer of
centralized trust over the participants in the network, may not need to worry
about 51% attacks, but they face more of the traditional information security
concerns.

292See Buterin, supra note 198 (listing three occasions when the Bitcoin blockchain
was forked due to bugs that allowed double-spending or other attacks).
293
While the 51% attack is the most widely-discussed scenario, security researchers
have identified several other potential attack vectors against Bitcoin. See Bonneau et al,
supra note 119, at 7-9.
294See Jon Matonis, The Bitcoin Mining Arms Race: GHash.io and the 51% Issue,
COINDESK (July 17, 2014, 16:20 BST), http://www.coindesk.com/bitcoin-mining-detente-
ghash-io-51-issue/.
295
More generally, public blockchains must maintain sufficient scale and network
effects to remain viable. See Fairfield, supra note 103, at 823-24.
296
See Fredrick Reese, As Bitcoin Halving Approaches, 51% Attack Question Resurfaces,
COINDESK (July 6, 2016, 12:50 BST), http://www.coindesk.com/ahead-bitcoin-halving-51-
attack-risks-reappear/ (describing concerns about a 51% attack after the halving in July
2016). Adjusting to the expected scarcity, the price of Bitcoin tends to increase around
these halving points, but equilibrium is not guaranteed. Other blockchains do not
necessarily use the halving mechanism, but all those employing proof of work face the
concern about incentives when the price of the cryptocurrency falls.
Trustless Trust 63

Bitcoin also depends on its built-in incentive structures to ensure a sufficient

level of mining activity. Miners validating transactions are what makes a
distributed ledger trustworthy. Their economic return depends on the expense of
processing (which is increasingly dominated by the cost of electricity), the
exchange rate of Bitcoin or whatever cryptocurrency they earn, and the level of
rewards. Also, the level of mining is affected by fluctuations in the price of
Bitcoin. This is one reason some blockchain platforms such as Ripple use
alternate consensus approaches that don’t involve mining rewards,297 and
Ethereum plans to migrate to an alternate approach called proof of stake.298
However, these techniques have their own limitations, and are unproven.
The Bitcoin network has been operation since 2009. It has not suffered a
catastrophic security failure despite an aggregate currency value in the billions
of dollars, suggesting an impressive degree of robustness. Then again, the
stability of the Bitcoin architecture has not been rigorously proven. And as
circumstances change, there is no guarantee it will continue. According to a
group of leading researchers in 2015, “[w]e do not yet have sufficient
understanding to conclude with confidence that Bitcoin will continue to work
well in practice….”
There are now many blockchain systems in addition to Bitcoin, which may be
more or less secure, not to mention complex mechanisms to connect those other
blockchains to the Bitcoin blockchain.299 Any of these may be points of failure.
Counter-intuitively, public blockchains, which allow anyone to participate and
view all transactions, are in some ways more secure than private ones, because
any attacks are out in the open. Public blockchains are designed specifically to
minimize the power of any small group of actors to engage in nefarious
activities.
The good news for major public blockchain platforms such as Bitcoin and
Ethereum is that, like other prominent open source projects such as Linux, they
have the benefit of large developer communities that search for and address
vulnerabilities.300 Sophisticated private platforms such as Digital Asset Holdings,

297 See supra note 126.

298 See Vlad Zamfir, Introducing Casper “the Friendly Ghost,” ETHEREUM BLOG (Aug. 1,
2015), https://blog.ethereum.org/2015/08/01/introducing-casper-friendly-ghost/.
299 See Adam Back et al., Enabling Blockchain Innovations Through Pegged

Sidechains 7 (2014), http://www.blockstream.com/sidechains.pdf.

300
The software code that Bitcoin nodes run to engage in the mining process is free
and open source. The mining activity they engage in, however, requires expensive
computing power and may involve proprietary software to distribute work among
machines.
Trustless Trust 64

with support from the same major financial institutions that manage global
securities markets,301 can be expected to exercise similar levels of care to existing
financial systems. Some blockchain implementations likely will have basic
vulnerabilities, but there is reason for optimism about the most prominent ones.

Intermediaries and Not-So-Smart Contracts

Even though the integrity of the distributed ledger is a purely mathematical

phenomenon, that is only one aspect of the blockchain trust system.302 The
software layer that translates distributed consensus into applications and
services gives the blockchain its transformative power, but it also creates risks
and challenges that no fancy math can overcome.303
The first concern at the software layer is that even when value is encoded in
decentralized systems, the access points may be through centralized
intermediaries. For example, an individual who stores Bitcoin with a consumer-
oriented wallet service such as Circle or Coinbase must trust that provider in the
same manner as a bank.304 In 2015, the most prominent Bitcoin exchange, Mt.
Gox, collapsed after hackers were able to steal a significant amount of
currency.305 This points up the need to regulate certain central providers that

301
See Edward Robinson and Matthew Leising, Blythe Masters Tells Banks the
Blockchain Changes Everything, BLOOMBERG MARKETS (Aug. 31, 2015),
http://www.bloomberg.com/news/features/2015-09-01/blythe-masters-tells-banks-the-
blockchain-changes-everything.
302 See supra TAN 218.
303 Sean Neville, co-founder of the Bitcoin payments platform Circle, distinguishes
trust in the data on a blockchain from trust in the governance of software connected to
it. See Sean Neville, Trust, Trolleys, Infrastructure: Indirect DAO Thoughts, MEDIUM (June
22, 2016), https://medium.com/@psneville/trust-trolleys-infrastructure-indirect-dao-
thoughts-746e35a8fbca#.i1rekwe48.
304 There is widespread agreement that such services should be subject to some
financial and consumer protection regulations, much as non-bank consumer online
payment services such as Paypal are today. Circle was the first company to be granted a
“BitLicense” under new New York state regulations for cryptocurrency transmitters. See
Paul Vigna, Circle Gets First ‘BitLicense,’ Releases Circle Pay, New Service, WALL ST. J.
MONEYBEAT (Sept. 22, 201, 12:00am ET),
http://blogs.wsj.com/moneybeat/2015/09/22/circle-gets-first-bitlicense-releases-
circlepay-new-service/.
305 See Amir Mizroch, Large Bitcoin Exchange Halts Trading After Hack, WALL ST.

J.: DIGITS BLOG (Jan. 6, 2015, 4:13 AM), http://blogs.wsj.com/digits/2015/01/06/large-

bitcoin-exchange-haltstrading-after-hack; Robert McMillan, The Inside Story of Mt. Gox,
Bitcoin's $460 Million Disaster, WIRED (March 3, 2014),
http://www.wired.com/2014/03/bitcoin-exchange/.
Trustless Trust 65

occupy parallel space to conventional financial institutions, although the form

of regulation need not be identical.
The second and perhaps more worrisome trust vulnerability on top of the
blockchain lies in the smart contract code that implements transactions. The
Bitcoin scripting language is intentionally quite limited, in order to prevent
flawed or malicious scripts.306 Ethereum and other general-purpose blockchain
platforms, however, offer full-blown application functionality through their
smart contract systems. A smart contract can have errors and security flaws, like
any other software code. And indeed, vulnerabilities have already been identified
in high-profile Ethereum smart contracts.307 Errors or security exploits in smart
contracts are particularly dangerous because the blockchain directly carries
value or rights to assets.
Like other contracts, smart contracts are generally incomplete. That is to say,
the parties cannot envision and contract for every possible future state of the
world.308 Even if they could, they would have incentives to leave open the
possibility for mutually desirable contract modification. Difficulties in reducing
human-language agreements to formal machine-readable code magnify the
incompleteness of smart contracts.309 Even if a blockchain platform has a Turing-
complete scripting language that can in theory handle any transaction, actually
implementing transactions as the parties intend is a much tougher challenge. In
fact, it is formally impossible to be certain that the digital code of a smart
contract matches the subjective intent of the parties.310
Ambiguities in contracts are nothing new, of course. Contract law exists in
large part to address disputes when parties disagree about performance or
breach.311 Yet therein lies a critical difference. The blockchain does not only

306
See Antonopoulos, supra note 125, at 123.
307 See Zikai Alex Wen and Andrew Miller, Scanning Live Ethereum Contracts for the
“Unchecked-Send” Bug, HACKING, DISTRIBUTED (June 16, 2016, 1:15PM),
http://hackingdistributed.com/2016/06/16/scanning-live-ethereum-contracts-for-bugs/.
308See Sanford J. Grossman & Oliver D. Hart, The Costs and Benefits of Ownership: A
Theory of Vertical and Lateral Integration, 94 J. POLITICAL ECON. 691 (1986); Herbert
Simon, A Behavioral Model of Rational Choice, in MODELS OF MAN, SOCIAL AND RATIONAL:
MATHEMATICAL ESSAYS ON RATIONAL HUMAN BEHAVIOR IN A SOCIAL SETTING (Wiley 1957).
309 See Kevin Werbach and Nico Cornell, Dumb Contracts (forthcoming).
310See Vitalik Buterin, Thinking About Smart Contract Security, ETHEREUM BLOG, (June
19, 2016), https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/.
311See Stephen Palley, Smart Contracts, Performance, and Trust, MEDIUM (May 28,
2016), https://medium.com/@palleylaw/smart-contracts-performance-and-trust-
4470792728bb#.28hswnrqd.
Trustless Trust 66

record smart contracts; it executes them. By itself, the blockchain removes the
opportunity for the courts to offer redress to aggrieved parties.312

The DAO of Blockchain Failures

All these risks came together in the June 2016 attack on The DAO, the
Ethereum-based distributed crowdfunding system. Someone exploited a
vulnerability in The DAO’s code, which enabled them to siphon off currency to
their own account. Roughly one-third of all the Ether deposited with The DAO,
worth $70 million at the time, was subject to the attack.313 Because of the way
The DAO was set up, the attacker couldn’t spend or transfer that Ether for
approximately a month. In response to the attack, the developers of Ethereum
quickly created a software update to permanently quarantine the stolen Ether,
while the community considered next steps.314 However, that update itself
created security vulnerabilities, so it was rolled back.315
The DAO styles itself as a distributed system. In theory, no one is in charge;
not even the software developers who wrote the code.316 Therefore, unlike an
attack on a centralized site, there is no direct way to return the stolen currency.
After all, blockchain transactions are immutable.317 Any further action requires
significant collective action. That brings to the fore the practical problems of

312
See James Grimmelmann and Arvind Narayanan, The Blockchain Gang, SLATE (Feb.
16, 2016, 10:05am),
http://www.slate.com/articles/technology/future_tense/2016/02/bitcoin_s_blockchain_te
chnology_won_t_change_everything.html (“Block chains are the hardest property
technology ever made…. But they’re so hard they’re brittle.”).
313 Nathaniel Popper, A Hacking of More Than $50 Million Dashes Hopes in the World
of Virtual Currency, N.Y. TIMES DEALBOOK (June 17, 2016),
http://www.nytimes.com/2016/06/18/business/dealbook/hacker-may-have-removed-
more-than-50-million-from-experimental-cybercurrency-project.html?_r=2; Michael del
Castillo, The DAO Attacked: Code Issue Leads to $60 Million Ether Theft, COINDESK (June
17, 2016, 14:00 BST), http://www.coindesk.com/dao-attacked-code-issue-leads-60-
million-ether-theft/.
314Vitalik Buterin, CRITICAL UPDATE Re: DAO Vulnerability, ETHEREUM BLOG (June
17, 2016), https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/.
315See Michael del Castillo, New Vulnerability May Prevent Ethereum Soft Fork,
COINDESK (June 28, 2016), http://www.coindesk.com/ethereum-vulnerability-may-
prevent-soft-fork/.
316
This is separate from the pragmatic question of whether, if a lawsuit is filed, some
party or parties can be held legally accountable.
317 See supra Part (III)(D)(2).
Trustless Trust 67

sufficient adoption, and the governance questions about what changes the
community should adopt.
In the end, Ethereum opted for a “hard fork” to return the stolen Ether.318
The Ethereum Foundation, which maintains the open source code for the
platform, provided a software update to miners. For those running the new
software, the DAO hack never happened; their blockchains did not recognize the
currency transfers.
The move was not without controversy.319 It meant that Ethereum
transactions were not truly immutable, or immune from centralized
interference. It also raised concerns about what might happen when
governments or other central authorities became concerned about records stored
on distributed ledgers.320 While the Bitcoin blockchain has executed hard forks in
the past, those were technical fixes to double-spending bugs that undermined
the integrity of the distributed ledger.321 The Ethereum hard fork retroactively
invalidated otherwise technically legitimate transactions.
A hard fork creates two incompatible chains.322 Miners running the old
software show the DAO funds in the attacker’s account; miners running the new
software do not. In all other respects, however, the blockchains were identical at
the time of the fork. Other than the Ether in question, the two blockchains
showed the same users with the same accounts.
The assumption was that the pre-fork blockchain would wither away as
miners abandoned it and ceased to engage in proof of work. That did not

318
See Paul Vigna, Ethereum Gets Its Hard Fork, and the ‘Truth’ Gets Tested, WALL. ST.
J. MONEYBEAT BLOG (Jul 20, 2016 10:56 am ET),
http://blogs.wsj.com/moneybeat/2016/07/20/ethereum-gets-its-hard-fork-and-the-
truth-gets-tested/.
319
See Stan Higgins, Will Ethereum Hard Fork? DAO Attack Prompts Heated Debate,
COINDESK (June 17, 2016, 16:18 BST), http://www.coindesk.com/will-ethereum-hard-
fork/; Michael del Castillo Specter of Ethereum Hard Fork Worries Australian Banking
Group, COINDESK (June 29, 2016, 17:10 BST), http://www.coindesk.com/spectre-
ethereum-hardfork-worries-anz-banking-group/
320 Ethereum is a public blockchain, like Bitcoin. Permissioned blockchains do not
provide the same assurance of non-interference, because access is limited to identified
parties.
321 See Buterin, supra note 198.
322
Miners of one chain do not recognize the validity of blocks mined by the other
clients, and vice versa, even though they may otherwise use exactly the same protocols.
See Bonneau et al, supra note 119, at 10.
Trustless Trust 68

happen. A small but growing group of miners kept running the old software,323
evidently dissatisfied with the Ethereum Foundation’s willingness to break the
ledger’s immutability. A group of developers announced their intent to manage
the software going forward, under the name “Ethereum Classic” (ETC). And
some cryptocurrency exchanges began accepting ETC alongside the “new” post-
DAO Ether (ETH). This odd situation created new security and double-spending
risks. It also provoked reassessment of Ethereum’s potential as the dominant
blockchain-based application platform. One or the other of the Ethereum chains
might eventually die out, but even if that happens, the Ethereum hard fork offers
a cautionary note.
To a legal scholar, the whole incident is a classic example of rules vs.
standards.324 The DAO offered the promise of a deterministic system with no
messy case-by-case decision-making. Then along came a compelling reason to
fudge the rules. Whether or not the Ethereum Foundation made the right call,
the is that the controversy raised questions that could not be answered within
the framework of the blockchain. They required appeal to some higher-level
principles. The viability of trustless trust is ultimately a matter of governance.

V. FROM TRUST TO GOVERNANCE

Trustless trust will not succeed based on technology alone. As the DAO
debacle illustrates, Nakamoto Consensus is a necessary but not sufficient
foundation for blockchain-based systems in the real world. Governance
mechanisms are needed because even trustless trust depends on humans to a
surprising extent. Organizing those humans is at bottom a political process. And
law has a valuable role to play.

A. Ghosts and the Machines

The blockchain’s algorithmic architecture does not eliminate the role of

humans in fostering trust. The proof of work systems behind the major
blockchain platforms depend on miners, responding to economic incentives, in

323
See Paul Vigna, The Great Digital-Currency Debate: ‘New’ Ethereum vs. Ethereum
‘Classic’, WALL ST. J. MONEYBEAT BLOG (Aug 1, 2016, 12:19 pm ET),
http://blogs.wsj.com/moneybeat/2016/08/01/the-great-digital-currency-debate-new-
ethereum-vs-ethereum-classic/.
324
See generally Louis Kaplow, Rules versus Standards: An Economic Analysis, 42 DUKE
L.J. 557 (1992).
Trustless Trust 69

order to validate transactions.325 Decisions about investment in blockchain

hardware and software, as well as whether to accept cryptocurrencies in lieu of
traditional money, are also made by humans rather than machines. Even The
DAO, which is the epitome of an automated, leaderless software-based
organization, has explicit roles for humans to serve as “contractors” and
“curators” to authorize certain actions.326 This is an important point, because
human systems are more easily subject to legal enforcement than software code.
Governments cannot directly regulate algorithms, but they can regulate
individuals and organizations designing or implementing those algorithms.
Nakamoto developed Bitcoin in response to the breakdown of trust in the
2008 financial crisis.327 When centralized systems, whether financial or
otherwise, function poorly, decentralized alternatives become relatively more
appealing. The relationship, however, is not static. Major financial institutions
are now embracing permissioned blockchains as a means to improve their
performance, even as they continue to reject Bitcoin as a wholly distributed
alternative to banks.328 The technology and systems around distributed ledgers
will continue to evolve, but so will the other systems they compete with.
A subtler reason for the persistence of human involvement in the trust
architecture of the blockchain is the impossibility of eradicating subjectivity.
Machines talk in ones and zeroes. They follow formal rules embedded in their
programming. Despite the extraordinary gains in machine learning performance
in narrowly-defined tasks such as speech recognition, the dream of a general-
purpose artificial intelligence remains far off. As a result, smart contracts
cannot be entirely understood by machines.329 The more freedom there is to
define the terms of the transaction—and with systems such as Ethereum, that
freedom is nearly absolute—the harder it is to be confident the system will
perform as expected without expert human intervention.
Even when smart contracts are used for automatic enforcement of
transactions, there is sometimes still a need for manual intervention. The DAO
attack provided a perfect illustration. The attacker exploited a bug to drain a
substantial amount of currency away from users into its own account. By all

325 See supra note 125

326 Stephan Tual, On DAO Contractors and Curators, SLOCK.IT (Apr. 9, 2016),
https://blog.slock.it/on-contractors-and-curators-2fb9238b2553#.8wneaxn30
327 See supra note 158.
328 See Building the Trust engine, supra note 98 (explaining how traditional financial
institutions such as UBS are embracing the blockchain).
329 See Werbach and Cornell, supra note 309.
Trustless Trust 70

colloquial definitions, this was a case of theft. From the perspective of the users
whose funds were taken, it was no different than someone exploiting a bug to
steal money stored with a centralized crowdfunding funding site such as
Kickstarter, or a bank. There are, however, two important differences with a
shared ledgers system such as The DAO. The first is that no administrator can
simply transfer the money back from one account to others, as they could with a
centralized service. The second is that one could argue no theft has occurred.
The attacker took advantage of functionality in The DAO’s code to create
valid smart contracts transferring the funds. Under The DAO’s terms of service,
functionality of the code expressly supersedes any human-readable terms:
[T]o the extent you believe there to be any conflict or discrepancy
between the descriptions offered here and the functionality of The DAO’s
code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s
code controls and sets forth all terms of The DAO Creation.330
From a purely mechanical standpoint, there is no way to distinguish the
transfer of funds into a special “child DAO” account with depositor consent
(perhaps to crowdfund a project) from the same transfer initiated against their
will. There is similarly no way to determine whether the recursive call
functionality the attacker exploited was an intentional feature or a careless bug
in The DAO’s software, without asking the developers. This is not a situation
unique to The DAO. As Ethereum creator Vitalik Buterin put it, “the very
definition of smart contract theft or loss, is fundamentally about differences
between implementation and intent.”331 Intent is inherently a property of the
mind, not a written contract or its software expression. It is the sort of thing
courts attempt to tease out all the time. They marshal evidence but ultimately
rely on judges and juries to determine the expressed intent of the parties.
Without such human-based dispute resolution mechanisms, smart contracts
on the blockchain will sometimes execute in ways that are inconsistent with the
desire of the parties. Given the extraordinary scope of activity that could be tied
into distributed ledgers, this is potentially a very worrisome proposition. The

330 Explanation of Terms and Disclaimer, THE DAO,

https://daohub.org/explainer.html. See also DAOs, Hacks and the Law, MEDIUM (June 17,
2016), https://medium.com/@Swarm/daos-hacks-and-the-law-
eb6a33808e3e#.vy0qr1pgf (explaining the significance of this provision). An anonymous
post, allegedly by the attacker by probably a hoax, made the case that its actions were
consistent with the terms of The DAO, and therefore legitimate. The author threatened
legal action if the diverted Ether were returned to its original owners. See An Open Letter,
PASTEBIN (June 18, 2016), http://pastebin.com/CcGUBgDG.
331 Buterin, Thinking About Smart Contract Security, supra note 310.
Trustless Trust 71

issue is not just financial loss as with The DAO. Blockchain registries will control
many physical assets and systems. Widespread failures of smart contracts to
achieve their intended results could not only undermine trust in the blockchain,
they could produce the kinds of damage anticipated (but largely unrealized) from
the Y2K bug in the year 2000.

B. The Social Contract

For all the technical wizardry of Nakamoto Consensus and Turing-complete

smart contracts, the essential questions the blockchain raises are quite familiar.
They date back directly to Enlightenment figures such as Thomas Hobbes and
John Locke, with precursors back to ancient times.
In fact, Vlad Zamfir, a key developer at the Ethereum Foundation, advocated
for the proposed hard fork in explicitly Lockean terms: “The Ethereum
community has an implicit, constantly evolving social contract that describes
which changes to the Ethereum protocol and platform it would consider
adopting.”332 The great danger, he warned, was to “put[] the platform at risk of
being gamed by motivated parties.”333 This was also a paramount concern of the
Framers of the U.S. Constitution.334 Their response was to institutionalize formal
systems, such as checks and balances, a bicameral legislature, and separation of
powers, as a dynamic counterweight to majoritarianism.335
Nakamoto Consensus and similar systems overcome the tyranny of the
majority by making majorities prohibitively difficult to achieve. Having more
than fifty percent of the mining power in the network is considered an
existential threat, because the majority can impose its will without constraint.336
In the internet technical community, the roots of this view can been seen in the
mantra of the Internet Engineering Task Force (IETF), as stated by MIT
researcher David Clark: “We reject: kings, presidents and voting. We believe in:

332
Vlad Zamfir, Dear Ethereum Community, MEDIUM (July 7, 2016),
https://medium.com/@Vlad_Zamfir/dear-ethereum-community-
acfa99a037c4#.m7f6k44ap.
333
Id.
334
See, e.g., The Federalist No. 10, at 77 (James Madison) (Clinton Rossiter ed., 1961)
(describing factions as “mortal diseases under which popular governments have
everywhere perished….”).
335
Ethereum has not gone down this path. See infra note 342 and accompanying text.
336
See supra TAN 293.
Trustless Trust 72

rough consensus and running code.”337 Clark expressly included voting as

something to be avoided.
The governance dilemma is how to legitimize action, if not by majorities.
Modern democracies incorporate counter-majoritarian safeguards, but only as
qualifiers to the primary expression of popular will. Nakamoto appropriately
started with the cryptographer’s assumption that any agent could be
untrustworthy. Yet society is based on the supposition that most people are
trustworthy most of the time. Trust is the bridge between these views.
Governance systems are the instantiation of that trust. Much of Elinor Ostrom’s
work, for example, involved identifying governance principles for peer-to-peer
trust.338
David Clark’s appropriately vague “rough consensus and running code”
perfectly captured a viable governance approach for the IETF at the time.339 As
the internet became more global and more commercial, new mechanisms were
needed.340 This has resulted in a long struggle over internet governance.341 The
communities around the blockchain face the same challenge. Their solutions are
unlikely to be the same, and success is not guaranteed. Zamfir, for example,
rejected any formal mechanisms to implement Ethereum’s social contract: “It is
paramount that the social governance process, rules, or principles that govern
hard forks do not become institutionalized….”342 Ethereum leader Vitalik Buterin

337
See Andrew L. Russell, "Rough Consensus and Running Code" and the Internet-OSI
Standards War, IEEE ANNALS OF THE HISTORY OF COMPUTING 28(3), at 48, 48 (2006).
338
See Ostrom, supra note 24.
339
See Hurwitz, supra note 75, at 1580 (“The Internet’s early architecture was built
on a foundation of trust.”) Cf. A. Michael Froomkin, Habermas@discourse.net: Toward a
Critical Theory of Democracy, 116 HARV. L. REV. 749 (2003) (analyzing the internet
standards process as a rare example of a discourse achieving political legitimacy under
Jurgen Habermas’ theory of justice).
340
See Marjory S. Blumenthal & David D. Clark, Rethinking the Design of the Internet:
The End-to End Arguments vs. the Brave New World, 1 ACM TRANSACTIONS ON INTERNET
TECH.. 70, 93 (2001) (lamenting the loss of the simple trust model of the early internet).
341
See MILTON MUELLER, NETWORKS AND STATES: THE GLOBAL POLITICS OF INTERNET
GOVERNANCE (2010); LAURA DENARDIS, THE GLOBAL WAR FOR INTERNET GOVERNANCE (2014).
342
Zamfir, supra note 332. The developments organizations for Bitcoin have
generally not taken so extreme a view.
Trustless Trust 73

is fond of futarchy, an exotic idea from economist Robin Hanson, in which

voting occurs though prediction markets.343
Whether radically distributed governance approaches of this sort are viable
for Ethereum or other blockchain platforms remains to be seen. Online
communities have long served as laboratories for governance techniques.344 The
difference is that blockchain platforms aim to be the trust infrastructure for
much more than those communities. Ethereum developers and miners may be
comfortable with futarchy, but established organizations such as J.P. Morgan,
Wal-Mart, Apple, and the U.S. Government, not to mention countless technically
unsophisticated consumers and small businesses, are a different story.345 As with
the move from the close-knit technical community of the IETF to the larger
world of business and state actors for internet governance, the trust that
established the network is insufficient to support it at scale.346

C. Connecting Legal and Blockchain Trust

One way for the blockchain to achieve that higher-level trust is, perhaps
surprisingly, through the legal system. There are several mechanisms to
hybridize the blockchain’s distributed, algorithmic trust structures with the
human-interpreted, state-backed institutions of law. In some contexts, no legal
involvement will be needed. In others, where the blockchain is purely
supplemental, existing legal arrangements function normally without any
special integration. In many cases, however, affirmative steps must be taken to
combine the best aspects of distributed ledgers and centralized law.
The simplest way to make systems based on the blockchain operate more like
conventional legal arrangements is through voluntary approaches. Smart
contracts, for example, can be built from templates for contractual primitives

343
See Robin Hanson, Shall We Vote on Values, But Bet on Beliefs?, 21 J. POLITICAL
PHIL. 151 (2013) (describing futarchy); Vitalik Buterin, An Introduction to Futarchy,
ETHEREUM BLOG (Aug. 21, 2014), https://blog.ethereum.org/2014/08/21/introduction-
futarchy/ (explaining possible applications of futarchy to Ethereum).
344
See Jim Harper, Why Bitcoin Governance is a Competition (And That's a Good Thing),
COINDESK, February 12, 2016 16:17 BST, http://www.coindesk.com/bitcoin-governance-
as-competition/.
345
There is also the problem that technologists sometimes wish to divest themselves
of ethical responsibility for their creations. See Peck, supra note 204 (quoting Vlad
Zamfir) (“Generally, people don’t feel responsible. There’s a lot of feeling that we’re just
producing general-purpose tools and it’s not up to us what people do with them.”).
346
See Mueller, supra note 341; Hurwitz, supra note 75.
Trustless Trust 74

that have been designed with input from legal expert. A group called
CommonAccord and the British financial institution Barclays are developing
such smart contract modules.347 After the smart contracts are created, lawyers,
could have a role in reviewing terms. Legal code audits could be implemented
analogous to the security audits widely used by firms engaged in software
development. The skills required of lawyers would have to change, becoming
more like legal engineering.348
Substantively, most smart contract frameworks already incorporate the
ability to seek human input. Many smart contracts will need to interface with the
outside world. For example, a call option to buy a security at a certain price can
be executed algorithmically on the blockchain, with payment in Bitcoin or
another cryptocurrency. The blockchain, however, does not know stock prices.
That information must be provided to the smart contract through an external
connection, either to an automated data source or a human arbiter. Those
external sources are called oracles.349
As Wright and De Filippi point out, oracles could be extended to dispute
resolution by courts or private actors.350 More generally, smart contracts could by
default incorporate arbitration mechanisms or rollback provisions. Using
multisig, these provisions could be made difficulty to trigger if desired, serving
as a backstop in extraordinary cases such as the DAO attack. Or they could be

347See Bailey Reutzel, BNP Paribas Works with Blockchain Startup to Open Source Law,
COINDESK (May 5, 2016, 16:28 BST), http://www.coindesk.com/commonaccord-legal-
smart-contracts-prove-beneficial-one-bank-veritcal/; Ian Allison, Barclays’ Smart
Contract Templates Stars in First Ever Public Demo of R3's Corda Platform, INT’L. BUS. TIMES
(Apr. 18, 2016, 15:45 BST), http://www.ibtimes.co.uk/barclays-smart-contract-
templates-heralds-first-ever-public-demo-r3s-corda-platform-1555329.
348 Or perhaps creating a new niche for legal hackers. Following the DAO attack,
security expert Robert Graham suggested that, “in the past, people hired lawyers to
review complicated contracts. In the future, they'll need to hire hackers. After a contract
is signed, I'm now motivated to hire a very good hacker that will keep reading the code
until they can find some hack to my advantage.” Robert Graham, Ethereum/TheDAO
attack Simplified, ERRATA SECURITY (June 18, 2016),
http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2wGDOYrKV5.
349 See Smart Oracles: A Simple, Powerful Approach to Smart Contracts (July 17, 2014),
https://github.com/codius/codius/wiki/Smart-Oracles:-A-Simple,-Powerful-Approach-
to-Smart-Contracts. A prediction market such as Augur could also function as a
distributed oracle. See Pete Rizzo, Augur Bets on Bright Future for Blockchain Prediction
Markets, COINDESK (March 1, 2015, 13:30 BST), http://www.coindesk.com/augur-future-
blockchain-prediction-market/.
350 See Wright & De Filippi, supra note 102, at 50.
Trustless Trust 75

used to create a regular outlet for private dispute resolution, the way so many
business-to-consumer form contracts today push disputes into arbitration.
The distributed nature of the blockchain may call for new enforcement
mechanisms that are themselves distributed.351 For example, new international
arbitration networks might need to be developed that were tuned to the needs of
blockchain disputes, much as the World Intellectual Property Organization
created the Uniform Dispute Resolution Process (UDRP) to handle trademark
disputes over internet domain names.352 Because arbitration decisions could in
some cases be directly executed on the blockchain, and would apply on a peer-
to-peer basis, however, blockchain arbitration systems would be different than
any current example.353 Andreas Antonopoulos and Pamela Morgan proposed a
decentralized arbitration and mediation network (DAMN) for funding to The
DAO in late May 2016.354
Any of these voluntary mechanisms could be baked into blockchain
applications, or even in some cases legally mandated. The full range of
incentives and governance mechanisms could be used to encourage compliance
with desirable approaches. Furthermore, just as the Federal Arbitration Act
directs courts to accept private arbitration decisions when fraud is not involved,
legislation could create similar legal force for appropriately designed blockchain
dispute resolution systems.355

351Ethereum creator Vitalik Buterin has speculated about a regime of “decentralized

courts” to resolve disputes. See Vitalik Buterin, Decentralized Court, REDDIT /R/ETHERIUM,
https://www.reddit.com/r/ethereum/comments/4gigyd/decentralized_court/ (last visited
July 6, 2016); Izabella Kaminska, Decentralised Courts and Blockchains, FT ALPHAVILLE
(Apr. 29, 2016), http://ftalphaville.ft.com/2016/04/29/2160502/decentralised-courts-
and-blockchains/.
352See Luke A. Walker, ICANN's Uniform Domain Name Dispute Resolution Policy, 15
BERKELEY TECH L.J. 289 (2000).
353 See Abramowicz, supra note 102, at 405.
354See Michael del Castillo, Lawyers Be DAMNed: Andreas Antonopoulos Takes Aim at
Arbitration With DAO Proposal, COINDESK (May 26, 2016, 23:57 BST),
http://www.coindesk.com/damned-dao-andreas-antonopoulos-third-key/. It is based on
the New York Convention, under which 65 countries agreed their courts would enforce
decisions of recognized arbitrators.
The tradeoff of an arbitration regime is that it reintroduces intermediation to the
decentralized blockchain environment. See Grimmelmann and Narayanan, supra note
312 (“[A]n arbitrator who can give you back your car is also an arbitrator who can take
your car away from you. He’s an intermediary of precisely the sort the block chain was
supposed to eliminate.”).
355 Federal Arbitration Act, 9 U.S.C. §§ 1–16 (2012).
Trustless Trust 76

The next form of hybrid legal and blockchain trust involves directly mapping
machine-readable smart contracts to human-readable written contracts. Eris
Industries, a smart contract startup, has developed what it calls Dual Integration
to link human and machine contracts.356 With this approach, the human and
smart contracts explicitly reference one another through digital signatures. In
contrast to The DAO terms of service, which privileged the algorithmic contract
over the human-readable explanations,357 this approach makes each dependent
on the other. A court or other decision-maker can use the conventional contract
to understand the intent of the smart contract, which handles execution of the
agreement.358
Every smart contract will not require a bespoke human-negotiated contract
alongside it. As with the contract system today, forms will be widespread for
business-to-consumer and low-value agreements. In many cases, the costs of
dispute resolution will so far exceed the potential recovery that “quick-and-
dirty” reliance on the naïve actions of machines will be sufficient. Regulation of
intermediaries such as registries may obviate the need to specify legal terms for
every associated smart contract. As blockchain-based systems become more
familiar, a combination of customer, common law, and model legislation is likely
to develop to address common situations.
The final form of legal integration with the blockchain involves legislative
action to recognize distributed ledgers. The Governor of Delaware, for example,
has proposed that Delaware corporations be able to issue shares of stock

356 Putting the Contracts in Smart Contracts, ERIS:LEGAL,

https://erisindustries.com/components/erislegal/. A pre-blockchain antecedent was Ian
Grigg’s concept of Ricardian contracts. Ricardian contracts are financial instruments
that incorporate their legal terms into the same digital package as the security itself. See
Ian Grigg, The Ricardian Contract, Proceedings of the First IEEE Workshop on Electronic
Contracting (2004).
357 See supra note 330.
358
In the wake of the DAO attack, researchers have proposed technical mechanisms
tantamount to recission of smart contracts, without necessarily involving judicial actors.
See, e.g., Ittay Eyal and Emin Gun Sirer, A Decentralized Escape Hatch for DAOs, HACKING,
DISTRIBUTED (July 11, 2016, 2:42pm), hackingdistributed.com/2016/07/11/decentralized-
escape-hatches-for-smart-contracts/. (proposing an “escape hatch” mechanism in which
all transactions would be buffered and subject to reversion based on a crowdsourcing
mechanism); Bill Marino and Ari Juels, Setting Standards for Altering and Undoing Smart
Contracts, Int’l Symposium on Rules & Rule Markup Languages for the Semantic Web
(Springer 2016) (detailing scenarios for modifying or rescinding smart contracts).
Trustless Trust 77

registered on the blockchain.359 Vermont is considering legislation to make

blockchain records admissible as evidence in court.360 And France issued a ruling
authorizing debt-based crowdfunding recorded on the blockchain.361
How successful these various approaches to law and the blockchain will be is
far from clear. There will be more failures like the Mt. Gox collapse, the Silk
Road takedown, and the DAO attack. Some governments will try to stifle the
blockchain or force it into ill-fitting legal regimes. Developers and entrepreneurs
will employ the powerful general-purpose capabilities of smart contracts in
unpredictable ways. All this uncertainty means the dividing lines between old
and new trust architectures will be fluid. Governance mechanisms and hybrids of
code and law are the ways forward, but most of the details remain to be worked
out. If they can be, the door is open to solving a wide variety of economically and
socially significant problems in new ways.

VI. CONCLUSION

The Russian cognate of the proverb, “the pen is mightier than the sword” is
the far more colorful, “what is written with a pen cannot be hacked away with an
axe.” The Russian version has a subtly different meaning. It is not chiefly about
the power of the press, or free expression.362 The point instead is that some
expressions are indelible, despite the vigorous efforts of others to destroy them.
A more modern formulation might be, “what is trusted cannot be undermined by
the untrustworthy, or those with power.” That would also describe the ideal of
the blockchain as a trust architecture.

359 Marco A. Santori, Governor Jack Markell Announces Delaware Blockchain Initiative,
GLOBAL DELAWARE BLOG (June 10, 2016),
http://global.blogs.delaware.gov/2016/06/10/delaware-to-create-distributed-ledger-
based-share-ownership-structure-as-part-of-blockchain-initiative/.
360 Stan Higgins, Vermont is Close to Passing a Law That Would Make Blockchain
Records Admissible in Court, COINDESK (May 17, 2016, 18:19 BST),
http://www.coindesk.com/vermont-blockchain-timestamps-approval/.
361 Diana Ngo, France Issues New Ruling for Mini-Bonds Trading on Blockchain
Platforms, BTCMANAGER.COM (May 12, 2016, 16:56),
https://btcmanager.com/news/finance/france-issues-new-ruling-for-mini-bonds-
trading-on-blockchain-platforms/.
362Respect for both has been far more limited throughout the history of Russia than
in the west.
Trustless Trust 78

These are still early days for the blockchain. Satoshi Nakamoto’s Bitcoin
white paper was published less than a decade ago, and Ethereum just launched
in 2015. Even if the grandiose predictions about transforming finance,
government, commerce, and more prove ill-advised, the blockchain has already
produced important discoveries in De Tocqueville’s “science of association”363
Its potential is far greater. Like the internet, the blockchain is a foundational
technology, whose impacts could reach into every corner of the world. To move
forward, though, law and distributed ledgers need each other.
How the story plays out is a matter of trust.

363
See supra note 22.