Blockchain Bites: A fiduciary duty by any other name would smell just as sweet: Tulip Trading v Bitcoin Association – Technology

Michael Bacina and Jordan Markezic of the
Piper Alderman Blockchain Group bring you the latest legal,
regulatory and project updates in Blockchain and Digital Law.

A fiduciary duty by any other name would smell just as sweet:
Tulip Trading v Bitcoin Association

Key takeaways

The High Court of England and Wales (High Court) has recently
summarily dismissed a claim brought against bitcoin software
developers in Tulip Trading Ltd v Bitcoin Association For
BSV & Ors
 [2022] EWHC 667 (Ch) (TTL v Bitcoin
Association
).

The claimant – Tulip Trading Limited (Tulip) -
and by extension, its CEO, Dr Craig Wright, sought declarations
that it owned a very substantial amount of digital currency assets
as well as orders requiring the Defendants to take steps to ensure
that Tulip had access to and control of the assets, or for
equitable compensation or damages.

This serves as the first case heard by the English Courts that
considers the roles and duties of cryptocurrency software
developers, and one closely watched by others around the world.

The Justice hearing the matter, Mrs Justice Falk (Falk
J
) was not able to conclude that Tulip had any realistic
prospect of establishing that the facts pleaded amounted to a
breach of fiduciary duty owed to it by the Defendants.


This matter was an interlocutory application and still leaves
open the possibility that the English Courts could impose a
fiduciary duty upon cryptocurrency developers, but will be
persuasive precedent in the meantime.

Facts

Tulip sought declarations that it owned a very substantial
amount of digital currency assets as well as orders requiring the
Defendants to take steps to ensure that Tulip had access to and
control of the assets, or for equitable compensation or damages. In
short, The Defendants in this matter were the core developers and
who the claimant alleged controlled the software in respect of four
digital asset networks:

i) the Bitcoin Satoshi Vision Network (BSV
Network
);

ii) the Bitcoin Core Network (BTC Network);

iii) the Bitcoin Cash Network (BCH Network);
and

iv) the Bitcoin Cash ABC Network (BCABC
Network
)

NB: Together, the Defendants.

A number of the Defendants challenged the jurisdiction of the
High Court.

The overall facts of the matter are such that Tulip alleges that
BTC, BCH, and BCHABC Networks were all initially created by copying
the blockchain of a pre-existing network (BSV in 2017) but applying
different protocols and software instructions.

Tulip alleged that the relevant assets were held on the BSV
Network and have been replicated in the others through the copying
process referred to above including the period after a substantial
hack of computers located at Dr Wright’s home office in Surrey,
England.

The hack was alleged to have resulted in the loss of Dr
Wright’s private keys, that were contained in encrypted digital
wallet files, and which had not been accessed in several years,
being stolen and transactions being effected without Dr Wright (or
his spouses) approval. Digital currency worth approx £1.1
million had been taken from Dr Wright’s digital wallet.Tulip
claimed that the Defendants were the core developers of, and had
control over, various forked versions of Bitcoin, and that they had
the ability to propose amendments to the underlying source code in
order to give Tulip control over the previously stolen digital
assets. Tulip claimed that the Defendants were under tortious and
fiduciary duties that compelled them to do this.

The extent to which the developers actually had control was a
factual issue in dispute. Tulip submitted that the Defendants
controlled the networks as they were able to chose the software
updates to be promoted, and decide whether or not to implement
changes to the source code. The Defendants submitted in response
that they were part of a very large, shifting group of contributors
without any organisation or structure and that any change they were
able to make would be ineffective as miners could/would refuse to
run the updates and instead would continue to run earlier versions
of the software.

Tulip disputed this by submitting that there was no mechanism
among miners that could allow for a collective refusal to accept a
software update, and that the current consensus mechanism is
limited to the acceptance by nodes of blocks of transactions being
verified by other bodes, as opposed to relating to the protocols
that govern the network. A ‘fork’ which implemented
Tulip’s proposed changes were said to be contrary to the core
values of bitcoin, could only be created if some of the developers
refused to make the change.

Since none of the Defendants were domiciled within the
jurisdiction of the English Courts, Tulip required permission under
the Civil Procedure Rules 1998 (UK) to serve
proceedings on the Defendants outside of the jurisdiction. In May
2021, Tulip obtained permission under
the Rules to serve the Defendants on
an ex parte basis. The Defendants contested
service and sought to have the original order set aside.

Decision and reasoning

The fiduciary relationship question

In determining whether it was appropriate to impose a fiduciary
relationship between the parties – and in effect, placing
obligations on the Developers to take positive steps to re-write
source code – the Court looked to past decisions
including Bristol and West v Mathew  where the
Court noted a fiduciary will be a person who has:

undertaken to act for or on behalf of another in a
particular matter in circumstances which give rise to a
relationship of trust and confidence. The distinguishing obligation
of a fiduciary is the obligation of loyalty. The principal is
entitled to the single-minded loyalty of his fiduciary. (at
[54]-[55])

Tulip submitted that, by virtue of the Defendants having
complete control and oversight of the blockchain source code, Tulip
had entrusted the Defendants with care of their digital assets and
that Tulip was vulnerable to abuse. Tulip also submitted that the
Defendants had the power to re-write and amend the software code
running the blockchains, in effect to restore the stolen private
keys, and that this gave rise to a fiduciary relationship.

The Court found that it was difficult to see how Tulip’s
case that a fiduciary duty arose was seriously arguable, and that
Tulip did not have a realistic prospect of establishing that the
facts pleaded amounted to a breach of fiduciary duty owed by the
Defendants to Tulip.

The Court held that a imbalance of power in favour of the
Defendants, coupled with a vulnerability under that power imbalance
is only an indication of a potential fiduciary duty and not a
defining characteristic. The Court further went onto hold that
bitcoin owners could only realistically be described as entrusting
their property to a fluctuating and unidentified body of developers
of the software to the extent claimed by Tulip.

The Court held that a distinguishing factor in considering a
fiduciary duty is an obligation of undivided loyalty. Tulip was
seeking that the Defendants made code changes to benefit it alone,
as opposed to bitcoin owners generally. Importantly, the Court
noted that the changes sought by Tulip could not only disadvantage
other participants in the networks vitae a rival
claimant to the assets, but also potentially other users more
broadly.

The Court considered that other users may not agree that a
system change that allows digital assets to be accessed and
controlled without the relevant private keys accords with their
interests. The Court held that the positive steps sought to be
imposed upon the Defendants by Tulip went well beyond the nature of
the action and would likely expose the Defendants to risk.

The tortious duty question

The Court relied upon established principles in N v
Poole Borough Council 
[2020] AC 780 and Caporo
v Dickman 
[1990] 2 AC 605 to determine whether a duty of
care existed, confirming that an incremental approach ought to be
adopted based on an analogy with established categories of
liability, and whether the imposition of a duty of care would be
fair, just and reasonable.

The Court further noted that any and all losses suffered by
Tulip was purely economic, and that there were no elements present
to suggest physical harm to person or property. The effect of this,
the Court noted, was that no common law duty of care could arise in
the absence of a special relationship between the parties. Tulip
accepted that the claimed tortious duty of care is novel, but
submitted that it would amount to a permissible incremental
extension of the law.

The Court held that it had not been able to conclude the
existence of a fiduciary relationship as it was unable to found a
duty of care in respect of economic loss. The Court also rejected
arguments that the necessary special relationship existed on some
other basis such as to require the action Tulip sought.

The Court noted that the complaint was founded on failures to
act, and that what was complained of is the Defendants not taking
action to alter how the system worked to ensure that Tulip regained
control of the bitcoin following harm caused by a third party. The
Court did not consider it realistically arguable that the
imposition of such a requirement could be treated as an incremental
extension of the law, noting the economic nature of the alleged
loss.

The Court held that the duty sought to be applied to the
Defendants would be owed to a potentially unlimited class of
people; and that there would be no real restriction on the number
of claims that could be advanced against the Defendants by alleged
victims of hacks akin to the hack alleged in this matter (i.e.
where private access keys have been stolen).

The Court went further, holding that the duty was of such an
open ended scope that a Defendant would be obliged to investigate
and address any claim that a person had lost their private keys or
had them stolen.

The change of case issue

Tulip tried to amend their claim late in the piece to suggest
that the developers would be entitled to require an order from the
Court confirming ownership of assets before being required to act.
Tulip also submitted that the developers would be entitled to
payment for their work in writing and developing the software
patch. The Court later commented that this argument did not assist
Tulip, but instead undermined their case.

A change of case for jurisdiction purposes required the
‘indulgence’ of the Court, under Alliance Bank JSC
v Aquanta Corp 
[2012] EWCA Civ 1588. Such a change of
case required a formal application accompanied by a copy of the
statement of claim with the proposed amendments.

No application had been made in this case. The Court head
Tulip’s submission relying upon NML Capital Limited v
Republic of Argentina 
[2011] 3 WLR 273 that the
requirements mentioned above were not required. The Court noted the
two stage test for the possibility of quia
timet
 relief held in Vastint Leeds v Persons
Unknown 
[2019] 4 WLR 2:

i) is there a strong probability that, unless restrained by
injunction, the defendant will act in breach of the claimant’s
rights?

ii) Secondly, if the defendant did an act in contravention of the
claimant’s rights, would the harm resulting be so grave and
irreparable that, notwithstanding the grant of an immediate
interlocutory injunction (at the time of actual infringement of the
claimant’s rights) to restrain further occurrence of the acts
complained of, a remedy of damages would be inadequate? (at
[121])

Taking these principles into consideration, the Court held that
this matter was quite a long way from the sort of case
where quia timet  relief was able to be granted.
The Court noted that Tulip had neither sought relief against the
alleged hackers, nor sought interim injunctive relief where digital
assets have been lost in respect of the alleged theft and no
interim relief was sought against the Defendants at all. As a
result, Tulip’s actions were inconsistent with a material
concern about imminent harm.

The jurisdiction issue

Because Tulip’s case was being dismissed, it was not
necessary to decide the challenge to the Court’s jurisdiction,
but the Court did so in any event (in case of an appeal). This
nvolved considering the various ‘gateways’ that
jurisdiction could arise in the matter.

Tulip sought to rely on an earlier case they were involved
in, Tulip Trading Ltd v Bitcoin Association for BSV &
Ors
 [2022] EWHC 2 (Ch) (05 January 2022) (the
January 2022 matter
) which included a finding that Tulip
was a resident in England. The Court was not satisfied that this
was determinative, and decided that case wasn’t needed and in
any event didn’t have the necessary element of finality.

However, the Court held that – based on the available evidence -
it was difficult to see how Tulip could sustain loss in any other
jurisdiction than England as Tulip handled it’s accounting
there. As a result the Court found it had jurisdiction in the
matter.

Comments

This decision has been hailed as absolving software developers
in blockchain projects from liability, and if it indeed went this
far it would press back on matters such as the situation in the SEC
enforcement against the founder of Ether Delta.

However, there are important limitations, including that this
decision is interlocutory in nature, not from a final hearing, and
the Court was at pains to emphasize that the decision was fact
driven to the narrow facts (a loss of private keys and an assertion
that developers must change source code to restore the keys). Much
of the Court’s decisions and reasoning was clearly in
contemplation of an appeal, which will likely occur. THere remains
plenty of scope for Courts to impose a fiduciary or tortious duty
on developers in other circumstances.

Academics – such as Brian Choi in the Harvard Law Journal *, and
Jack Bulkin in the University of California Davis Law Review ** -
have argued for a fiduciary relationship and duties of care to be
imposed upon online service providers, and by extension software
developers.

In particular, Balkin argues that duties of care ought to be
placed upon online service providers and software developers by
virtue of the trust that end-users place in the developers and
software, and the dependence that end-users have, in these
providers and developers; a level of vulnerability that end-users
accept in reliance of digital services and the nature of sensitive
information being traded as consideration for access to digital
services.

Choi, on the other hand, notes that in recent years there have
been calls for an ad hoc imposition of fiduciary
duties upon software developers by analogy to traditional
professions such as doctors and lawyers. Choi argues that
non-professionals are subject to the prescriptive ‘reasonable
care’ standard, which is determined by reference to the
ordinary reasonable person, whereas professionals are judged under
the descriptive ‘customary care’ standard, which is
determined according to the internal norms of the professional
community. Choi argues that a realignment is required where the
practice is not a precise science but an inexact art, and thus that
there is a greater need for the exercise of professional
judgment.

We note, however, that software developers are often working as
a part of a larger team and only expressly on smaller parts of a
great whole, which is an important distinction to many
professionals, where an individual is given responsibility for
meeting certain standards.

The Tulip case is an important first step in the consideration
of the legal duties which software developers may owe, and will be
likely to be cited in future similar decisions. It will remain an
area which developers and start-ups operating in the blockchain
space will need to be careful of when they are building the tools
of the future.

* Bryan H. Choi, ‘Software as a Profession’ (2020)
33(2) Harvard Journal of Law & Technology

** Jack M. Balkin, ‘Information Fiduciaries and the First
Amendment’ (2016) 49 University of California Davis
Law Review
 1183, 1208