Xiao Yan: What is the legal boundary of blockchain technology and its application?

Source: "Corporate Magazine" , original title "Legal Boundary of Blockchain"

Author: Xiao Sa (Bank of China Law Research Association)

Recently, regarding blockchain technology, such thinking and debate have often been triggered: How can law empower blockchain technology and its applications? In other words, what are the legal boundaries of blockchain technology and its applications?

Questions such as these are confusing, and this article will discuss them in accordance with the following logic: In the face of reality, the "currency circle" and its regulatory documents that appeared after the introduction of blockchain into China will be introduced; the innovation of the blockchain technology itself ( Also known as "chain circle"), what are the legal and regulatory legal documents; criminal compliance of blockchain technology and applications, taking the crime of refusal to perform cyber security obligations as an example.

Beware of being "cut leek"

The so-called "coin circle" refers to a group of virtual tokens that are issued by themselves for the purpose of financing and incentives, and carry out currency trading and speculation on virtual currency exchanges. The related parties involved in the "coin circle" include: coin issuers (non-states), virtual currency exchanges, speculators, investment agents, currency value maintainers, and quantitative operators. The general operating process of the "coin circle" is that the project party conducts public offerings or private placement of bitcoin to the community through the first issuance of virtual tokens (also known as ICOs), and generally recognized value of tokens in the market (in the case of private placement, the project party reluctantly sells , Ordinary people need to buy coins on behalf of investors), after that, the virtual currency is linked to the virtual currency exchange by the project party or the person who bought the currency, and then, the currency value maintainer, the quantitative trader on the currency price In terms of operations, the price of virtual currency is significantly affected by the "bear market" and "bull market" of the entire exchange and the entire global market of virtual currency transactions. It can also be said that the price of virtual currency fluctuates greatly, the virtual currency transaction pricing system is immature, and the project parties jointly trade The news created affects the price of the currency, causing many speculators to lose their money, commonly known as "cut leek".

Among them, the so-called first issuance of virtual tokens ICO refers to digital tokens (also known as tokens) issued by the project party with blockchain technology as the underlying technology for the purpose of motivating employees, financing funds, pre-sale products, and hosting services. the behavior of. Internationally, virtual tokens are divided into security tokens and utility tokens, the former for financing purposes; the latter for pre-sale of goods and services. At present, China's attitude towards financing virtual tokens is clear. According to the "Announcement on Preventing the Financing Risk of Token Issuance" (hereinafter referred to as "Token Announcement") issued by the seven central ministries and commissions on September 4, 2017, ICOs in China are An "illegal public financing practice". At the same time, for pre-sale of goods or tokens carrying services, the author believes that its essence is a virtual commodity, and our national law generally recognizes that our citizens can legally hold virtual goods.

The issuer of a coin usually refers to a foundation that is based on the concept of blockchain technology. The foundations here are often foundations registered overseas, such as Singapore and other countries. In countries where foundations are established, it is not illegal to issue virtual coins for financing, but the main purpose of the foundation after the foundation is to issue coins to finance Chinese residents. In recent years, foreign foundations have issued coins to the public in coastal areas. The "Promotion Roadshow" enticed Chinese residents to buy hype virtual currency.

"Chain Chain" Legal Regulations

Based on the fact that blockchain technology is widely used in all aspects of life services, it is also necessary to regulate it. China has successively promulgated laws and regulations such as cryptography law, network security law, and regulations for the management of blockchain information services to adjust the social order in related fields.

The "Cryptography Law", which came into effect on January 1, 2020, is the latest regulatory legal document to adjust the "blockchain" field. The "password" in this Law refers to the technologies, products and services that use specific conversion methods to encrypt and protect information, etc., and secure authentication. The use of blockchain technology to encrypt or protect the information it collects is a "password" in the legal sense, and is protected and regulated by the password law.

China implements classified management of passwords. Passwords are divided into core passwords, ordinary passwords, and commercial passwords. If blockchain technology is used to serve the "government affairs system", issues such as state secrets may be involved, and related service providers will assume a stronger obligation of confidentiality. At the same time, citizens, legal persons and other organizations can use commercial passwords to protect networks and information in accordance with the law. The State "encourages and supports" the research and application of cryptographic science and technology, protects intellectual property in the field of cryptography in accordance with law, and promotes the advancement and innovation of cryptographic science and technology.

In addition to the password law, from the perspective of the Cyber ​​Security Law, stealing information encrypted by others, illegally hacking into the password protection system of others, or using passwords to engage in illegal activities, other laws and administrative regulations of the Cyber ​​Security Law will be held accountable for their legal liabilities. From the perspective of China's criminal law, the above acts will also be suspected of crimes, which are dealt with by the crime of illegal intrusion into computer information systems, the illegal acquisition of computer information system data, and the illegal control of computer information systems.

The reference standard in the technical field is the "2018 China's Blockchain Industry White Paper" issued by the Information Center of the Ministry of Industry and Information Technology. The book systematically analyzes the development status of China's blockchain industry and the ecological composition of China's current blockchain industry. Analyzed, summarized the development characteristics of China's blockchain industry, looked forward to the important development trends of China's blockchain industry, and gave some understanding of some industry hot issues. The author was fortunate to be a contributor to the legal part of this book. By exploring "legal protection of blockchain technology innovation", "legal issues of smart contracts", "legal issues of token issuance financing", and "blockchain industry standards", Several issues outline the legal policies and standards of the blockchain industry, and summarize the national and local policies related to the blockchain industry.

Criminal compliance of blockchain technology

Generally speaking, the illegal application of blockchain technology may involve four types of behaviors: "the crime of refusing to fulfill the obligations of network security management", "the crime of helping information network criminal activities", "the crime of violating citizens' information", and "crimes that endanger public security" ".

Among them, the crime of "refusing to fulfill the obligations of network security management" and causing "dissemination of illegal information in large quantities", "lead to users' information and cause serious consequences", "cause the loss of evidence in criminal cases, serious circumstances," "other serious circumstances", etc. First, if the regulatory authority orders to take corrective measures but refuses to make corrections, he shall be sentenced to fixed-term imprisonment of not more than three years, detention or control, and shall be imposed a single fine.

Providers of network services who fail to fulfill their regulatory obligations under the law will first cause administrative violations and will be ordered to correct or receive administrative penalties. At this time, the service provider must not raise a plea for unknowingly using the law illegally; its behavior of continuing to provide services has a causal relationship with the harmful results caused by the actor's illegal use of network services, which constitutes help for illegal activities. In the case of being ordered to rectify but refusing to make corrections, the violating statutory obligations mentioned above can all become the source of the obligation of "the crime of refusing to perform the obligations of network security management".

And this distinction as "obligation" provides the possibility of criminal compliance in the "chain". First of all, the behavior of providing network services as a neutral behavior, the reason for the dispute over its penalties is nothing more than that the service itself has so much social benefits that the small risks to individuals are insignificant in the overall interest. The reason for "neutral help" should be punished is that the dangers of the sale of child obscene articles and the distribution of obscene leaflets are no longer for individuals in society and have characteristics that are prohibited by ordinary society; Once such a dangerous result appears, it will cause a serious social harm or cause irreparable losses; therefore, although the neutral behavior has a beneficial side to society, it still has to be prohibited through criminal law after the danger of prohibition appears.

The current provisions of the Criminal Law that “request to correct but refuse to correct” serve as a condition for conviction on the one hand and a condition for restricting punishment on the other hand; in fact, it is the result of a trade-off of the interests of the above antithesis. In this balancing process, the responsibility of the administrative law enforcement department is to promptly identify and order service providers to make corrections when the neutral service providers do not find that their actions have caused or are about to cause serious social harm. On the one hand, the protection of individual interests requires the interest measurement and specific discretion of administrative law enforcement agencies. There is lag and subjectivity in terms of protection, and it is easy to cause irreparable actual losses due to regulatory loopholes; on the other hand, the promotion of neutral technology As far as development is concerned, there are still many restrictions. The openings for "crime-involving" and "crime" are not clear, which limits the development of technology to a certain extent.

As mentioned above, in the punishment of neutral behavior, there is a contradiction between technological development and personal protection. In terms of the legal benefits that these criminal laws deserve to be protected by means of prohibition, once the damage occurs, it is difficult to recover; especially in cyber crime, once the actual harm occurs, it will have widespread and serious consequences and social impacts. Although the criminal law stipulates the crime of refusing to perform the obligations of network security management, the administrative law also stipulates related administrative violations, and through the close connection between the two, the level of adjustment is achieved, and the space for technological development is guaranteed to a certain extent while being prohibited. But this "check and balance" method can only be said to be an expedient measure, and it is difficult to say that the technology itself can solve the fundamental problems that may cause serious social harm. In the case of a large number of illegal information being disseminated, serious consequences caused by the leakage of user information, and serious evidence of loss of criminal cases, even if the service provider is ordered to correct or even be punished by criminal law, the illegal information has been widely disseminated before this, and the consequences are irreversible; Due to insurmountable technical problems, even though corrections are ordered to cause serious consequences, criminal law punishment will lead to the loss of technology and the loss of talents, which will greatly limit the development of related Internet technologies.

Faced with the "prisoner's dilemma" in the above chain, it is obviously difficult to adjust the governance based on administrative intervention and criminal law punishment to achieve the desired effect. Regardless of the "visible hand" or the "invisible hand", there may be a moment of failure; whether it is pre-compliance intervention or post-hoc adjustment effects, it is difficult to deepen legal adjustments that are outside the technical level. The "chain ring" order itself. And in-depth "chain" technology, the inevitable requirement for realizing the "compliance" of technology is to build the legal requirements as obligations into the "chain" technology products. Using mature blockchain technology, the above solution is not only necessary, but also possible. As long as the types of obligations provided by the administrative regulations are internalized into the services provided by the network service provider, using the feature of smart contracts "once written, must be executed", it is mandatory to require every service provided by the network service provider to be Perform the formalities written in the contract and complete the fulfillment of legal obligations.

For example, by requiring the identity information verification of the contracting party in the persistent contract code, it can easily replace the consumer's identity verification obligation that the law requires network service providers to perform; due to the privacy and immutability of blockchain technology On the one hand, it avoids forgery of identity information due to different authentication methods; on the other hand, it also solves the legal risk of personal information leakage faced by network service providers.