By Steven Jacob, Foreign Associate
A while ago I wrote about blockchain and data protection issues in Vietnam. In that post, I discussed the Vietnamese government’s promotion of the development of blockchain technology in the country. I also pointed to certain difficulties in its adoption due to certain requirements in the existing data protection laws. While it is uncertain that the recent draft decree on personal data protection will address those issues, I don’t want to rehash those issues.
Instead, I want to discuss three different legal challenges to the adoption of blockchain in Vietnam. Issues that make its use and deployment problematic legally in a country that seems keen to develop its technology. There are two types of blockchain, public blockchain–like Bitcoin and Ethereum– which publicly distribute their ledgers through preprogrammed routines that are not controlled by any founder or company, and private blockchains which can be controlled and access to which can be restricted by the individual or company that deploys the blockchain.
Most of the legal problems with blockchain in Vietnam are involved with public blockchains as there is little control over where each block on the chain is created or stored. Private blockchains, as limited by the developer, can avoid these issues. Therefore, these issues can be eliminated through the careful anticipation of these problems and policies for preventing behaviors on the private blockchain that would put the developer in violation.
The three issues are relatively straightforward. First, in a public blockchain, once the chain is deployed and the ledger is made public there is not necessarily a controlling counterparty. Second, the duplication of the blockchain and the multiple nodes that are a feature of the technology allow for each block on the chain to be created anywhere data can be accessed and stored. This leads to questions of jurisdictional control. And related, the third issue is one of data localization, or requirements for maintaining data within a specific jurisdiction–in this case, Vietnam.
The Lack of a Counterparty
In traditional transactions, there are two or more parties involved in the exchange of goods or services. Party A agrees to provide widgets to Party B and Party B agrees to pay a specified amount of money to Party A in return. Blockchain does not have a Party A. Take Bitcoin, for example. Once Satoshi Nakamoto, whoever or whatever he/she is, deployed the Bitcoin blockchain, it became an autonomous technology. The Bitcoin ledger was reproduced across several nodes by the instructions encoded in its programming and each time someone purchased or sold a Bitcoin, the block recording that transaction in the ledger was automatically added to the chain. Bitcoin was earned through a process of mining, which involved the use of computing power to perform specific calculations. There is no depository for physical assets to back Bitcoin and its value is earned simply by the amount of money people are willing to pay for it. That means that there is technically no issuing organization. Bitcoin has no controlling government or bank or company. The mining process was in service to the blockchain rather than to a counterparty. There is no one to whom responsibility or liability can be imputed for Bitcoin. And that means that the initial Bitcoin transactions were, in essence, unilateral. Only after a miner obtained his Bitcoin could he turn around and sell what he had to a counterparty.
This is the case of most, if not all, public blockchains. Once the blockchain has been deployed, it is an amorphous and ambiguous blob floating in the public ethernet. There is no party to answer to governments or purchasers for violations of the contract, no one who can be taken to court or pay administrative fines. No counterparty.
This is a problem. In Vietnam, while it is possible to enter into a contract with a one-sided, or unilateral, obligation, it is not possible to enter into a contract without a counterparty. Obligations, as defined are “acts whereby one or more entities . . . perform . . . or refrain from performing certain acts in the interests of one or more other subjects.” By definition, then, obligations require an entity and a subject. There have to be two parties involved for an obligation to arise. In public blockchains there is only one party–though we may reach a point in the future where AI and other technologies are legally defined as an entity or person, we’re not there yet–and the law of Vietnam simply does not contemplate the possibility of a transaction between one party and an electronic ledger.
One aspect of blockchain that I didn’t address in my previous post was the idea of nodes. In public blockchains, the entire chain is duplicated to multiple nodes in various clouds or servers. Each node is updated whenever there is a new block added to the chain–there is a mechanism for each node to confirm that a new block is legitimate, but I won’t go into that here–and each block added to the chain does not necessarily have to be stored in the same place as the rest of the blockchain. This creates a double confusion as there are both multiple copies of the blockchain in different locations and multiple locations for each node. This presents a problem for governments, like Vietnam’s, who are continually trying to define the scope of their authority over everything within their boundaries, including data.
As there is no controlling counterparty in a public blockchain, even if it is deployed by a Vietnamese entity, is it governed by Vietnamese law? What if the nodes and blocks are dispersed globally? Which government has the right to regulate the blockchain? Is it the country in which the entity that deployed it is located? What if there is no identification of geography. Satoshi Nakamoto, of Bitcoin, may be one person or many persons and no one knows where he/she/they is located. The internet, and the dispersal of data that it has wrought, are borderless. How does a country like Vietnam decide how to legislate something that does not necessarily exist within its boundaries?
This is a challenge with which the Vietnamese government is regularly struggling. The cybersecurity law and its draft guiding decree, the draft personal data protection decree, and the draft e-commerce decree all contain provisions for defining when an internet-based entity is subject to Vietnam’s laws. But even then, without a controlling counterparty to respond to government requests or commands, how does that government impose its will? This is a problem for public blockchains and a major issue for a government that is keen to extend its control.
The problems with jurisdiction, and Vietnam’s efforts to respond to such problems, were reflected in the country’s 2018 cybersecurity law. In that law, the National Assembly required that data collected online from Vietnamese citizens remain within the boundaries of Vietnam. This poses a challenge to many international internet services that would like to expand their coverage to Vietnam. It also poses a direct challenge to blockchains. As a borderless technology, blockchains–especially public blockchains–are not designed to keep the data contained in their ledgers in any specific geographic location. Even if they are deployed in Vietnam, their very design is intended to utilize the international internet and thus will not be bound by a specific country’s regulations. This puts public blockchains, at a basal level, in violation of Vietnam’s existing laws. This is again complicated by the lack of a controlling counterparty to which Vietnam can appeal to and against which the government can enforce its laws.
Another issue is the proposed strategies that Vietnam has put in place for dealing with social networks and websites. Current law requires websites and social networks to comply with certain content restrictions if they desire to have access to Vietnam’s internet. There are signs that similar moves are being made in the realms of e-commerce and cybersecurity. But how does a government block a decentralized ledger from accessing the internet. The nodes are not located at any specific IP address for the government’s censors to block, there is no geographical location for them to isolate. Public blockchains, by their very democratic nature, could be viewed as a threat to centralized governments everywhere–not just Vietnam’s.
All of these issues, however, can be avoided by private or restricted-access blockchains. A company that deploys a blockchain for health or financial information can control where the nodes and blocks are stored and who has access to the chain. They are very much a controlling counterparty to the blockchain as they deployed it, control access, and regularly add blocks. It is in this realm that the government has the chance to regulate and to impose restrictions. But so far, there is little sign that blockchain-specific legislation–or even legislation that contemplates blockchains–is in the pipeline. For a government keen on technological advancement, Vietnam’s legislature is awfully slow to catch up. Companies interested in deploying private blockchains will have to make sure that their blockchains are kept within the boundaries of the country, that they maintain control of them, and that they treat the data contained within them properly. This requires the creation of monitoring and control mechanisms–something that can be legislated–and the conscious decision on the part of entities deploying blockchain to comply with the law.