I mentioned 7 crimes above that could be charged (again only if the funds get released).
>and then search the Internet for "model jury instructions [that-crime]", and come back with the one that would invalidate this contract?
Have a look at this Yale Law Review article: Validity of Contracts Which Violate Regulatory Statutes.[1]
Say I raise investment under contract with all my investors, and I included a little provision no one reads that says I can appropriate all or part of the investment. Wouldn't you know it I absconded with their investment. My investors sue me and I file an affirmative defense of No Breach of Contract and introduce the Contract which expressly states I can appropriate my investors money as I see fit. That contract will not be enforced, are we in agreement?
If you and I enter and contract where I will buy a drugs and I pay you and you don't deliver, if I sue you to enforce the contract you agree the court won't make you give me the illegal gun right? But will the court make you give me back the money? That is not a yes or no but a maybe depending on the facts do you agree?
>that's kind of the point of the article: that the DAO was constructed in such a way to make problems like this unrecoverable.
That is the point... funds are unrecoverable all the time in real world in contract/criminal cases, but that does not absolve anyone of liability. Moreover, you can not contract away negligence or for criminal acts.
This legal theory, if true, destroys the DAO. Because the loophole in the contract wasn't fine print that nobody read, it was the entire premise upon which the contract was signed : The code IS the contract, and nothing else. If the contract now has to be enforced in court by human judges the entire DAO is worthless, and nobody should give it any respect whatsoever.
If the code is the contract, then the loophole that allowed the DAO to be drained is even more hidden than a note in the fine print: the plain code of the contract would appear to forbid it, and really careful consideration of how the code interacts with Etherium as a whole is required to spot the problem. (Even the Etherium team themselves may have missed it.)
That doesn't really save the DAO. As soon as it's open to interpretation (by human beings) whether part of the DAO is a bug or not, the point of algorithmic contracts are moot. Why not just stick with a traditional, human interpreted contract if it will come down to human decisions anyway? Your contract now has to read something like "By the way, this code is probably correct, but if there is a mistake, we have to litigate it in a human court." What is the point of the DAO now? You can get that with traditional investment instruments.
Would DAO:s then require to be released together with mathematical proofs [0], for the creators to be free from responsibility?
[0] Assuming they'd be clearly enough defined, where the proven mathematical statements have a meaningful and useful correspondence to the marketing statements.
Why do you keep using drugs and firearms in your examples? Those are the illegal parts, not the buy / sell contract.
There's nothing illegal, to my knowledge, about writing a contract that explicitly and provably says "If you push this button, the corporation will give you all of its money."
If the contract instead said "If you illegally provide drugs / firearms, the corporation will give you all of its money," - of course that's illegal.
>Why do you keep using drugs and firearms in your examples?
To use examples where people can quickly grasp the law and not focus on the facts, which have a tendency to muddy the waters. But lets dive into the muddy waters:
>There's nothing illegal, to my knowledge, about writing a contract that explicitly and provably says "If you push this button, the corporation will give you all of its money."
Say Apple Pay updates their terms tomorrow and they include a new provision that says Apple or another Apple Pay member can take all the money from all your accounts connected to Apple Pay. Like everyone does you agree to the update without reading the terms, and next thing all your money is gone. Whether or not you know it even mighty Apple Execs would be facing criminal charges with that kind of activity.
As it relates to the DAO creators, I think the big question is if they knew or should have known the software was vulnerable to the extend investments might be lost. Factually I think they knew, as I understand one of the first DAO proposals after funding was investment for the creators themselves so they could create a security framework on top of the DAO from known attacks.
> >and then search the Internet for "model jury instructions [that-crime]", and come back with the one that would invalidate this contract?
> Have a look at this Yale Law Review article: Validity of Contracts Which Violate Regulatory Statutes.[1]
You're making a circular argument there. You're assuming the contract violates some statute and reasoning from there. But the question at hand is whether someone using the contract and following its exact terms has committed a crime of any kind, or has simply executed a transaction allowed by the system.
>You're assuming the contract violates some statute and reasoning from there.
If someone solicits investment funds and those funds disappear without ever having been invested as a direct result of the person who solicited the funds, and drafted the contract, then yes we are all safe in assuming (but I actually know) at least one statute was violated. Very important that I again acknowledge that the DAO funds have not disappeared, and potentially may not.
Even if the funds disappear that does not mean any prosecutor anywhere is going to file charges either and even if they did, we don't know there would be a conviction, maybe there is a plea and the terms include no conviction.
The point is, you don't need an underlying conviction on the criminal side to prove a illegal contract on the civil side. In fact as we all know the standard is lower on the civil side, so it is easier to prove illegal contract on the civil side than proving the criminal case.
>But the question at hand is whether someone using the contract and following its exact terms has committed a crime of any kind, or has simply executed a transaction allowed by the system.
I really haven't addressed what the hacker(s) did or their potential liability anywhere in the thread, all times I have been addressing potential liability for the creators of the DAO. As to your question, whether or not it would be a lawful defense for the hacker(s) to say they were a party to a contract that permitted the taking of the other funds, I suppose it depends who the hacker(s) is(are) and what the crimes charged are. For example, if the hacker(s) are some or all of the creators of the DAO, the whole "contract let me do it" would not be a lawful defense, in fact such a defense would backfire and probably only prove their knowledge of the exploit when creating the DAO and intent in soliciting investment to the DAO. However, if the hacker was some lone wolf 16 year old kid (minor), in a criminal/delinquency setting I could see the defense maybe going somewhere depending on the charge, but it is still ~$40M so I don't really know.
He did respond and gave a clear real-world analogue to this scenario. The DAO is an investment vehicle, so he compared the use of the DAO code to abscond with the funds to the following financial contract example:
> Say I raise investment under contract with all my investors, and I included a little provision no one reads that says I can appropriate all or part of the investment. Wouldn't you know it I absconded with their investment. My investors sue me and I file an affirmative defense of No Breach of Contract and introduce the Contract which expressly states I can appropriate my investors money as I see fit. That contract will not be enforced, are we in agreement?
Personally I don't understand the people acting like "smart contracts" exist independent from an existing judicial system (or systems) just because there's computers involved. I guess the same people excited for cryptocurrency are largely the same people who don't believe in government so the whole point is to somehow be independent of any legal jurisdiction.
IANAL, but it seems to me that there are three parties in the case here:
A - the investors
B - DAO creators
C - person who executed the contract and took the money
clearly, A lost money and do have a case against B for negligence or various other items you list above. This is not the interesting question.
The interesting question is - were the actions of C:
- illegal
- can he be sued by either A or B
I get the question, but the answer is yes it is definitely possible.
Just one of the possibilities, is if C is actually the same as B. I hate to even use this example, but it is simply one of the strongest and clearest. Moreover, if the hackers were the same as the DAO creators it would only pour on the liability, it would show their knowledge that the code would let them take the investors money and intent to defraud when soliciting investors money.
Even in set of facts most likely to support the DAO let me do it Defense say a minor who bought in, found the vulnerability and exploited it as a lone wolf. Then the minor gets sued in civil court for breach of contract and invokes the old not only did the contract let him do what he did, but if it didn't the contract isn't enforceable against him anyway because he is a minor defense. At the end of the day I have a hard time believe any court would allow the minor to keep ~$40M of other investors money, even if the contract says he can, simply because I don't think there is a court that would find it unconscionable. Unconscionable contracts being a term of art for contracts the courts won't enforce, even though they are otherwise legal and valid, because it is unfair.
> contracts the courts won't enforce, even though they are otherwise legal and valid, because it is unfair.
is there some kind of common law that would indicate what sort of contract would be deemed unfair? Because a lot of contracts seems to be drafted in favour of one party, and the expense of the other, simply because of power imbalance. Employment non-compete contracts tend to have this property. What about assymptotic licensing like those of software/service EULA (e.g., where they have a clause that says they can terminate your service for whatever reason they desire).
>is there some kind of common law that would indicate what sort of contract would be deemed unfair?
The controlling law for a specific contract would come from stare decisis or the precedent as set by case law.
Your gut it on point, because although employers get away with a lot, it is one of the areas courts are likely to find contracts to be unconscionable as a natural result of the unlevel playing field between the two parties.
>Employment non-compete contracts tend to have this property.
Definitely, and it leads to very specific case law. For example, case law might be specific to a profession (say a doctor) and geography (any restriction on competition outside of 20 miles is unenforceable). Keep in mind case law is jurisdiction specific, so say a 20 mile radius non-compete against a doctor in a major city might be enforceable, but in another jurisdiction say a small town where there are only two licensed doctors, the court may very well find it would be unconscionable to enforce the non-compete because it would limit the communities access to healthcare.
>What about assymptotic licensing like those of software/service EULA (e.g., where they have a clause that says they can terminate your service for whatever reason they desire).
It is difficult to try to answer legal questions in a vacuum without a specific set of facts, but as a general rule you can certainly have a contractual right to terminate the contract. Another general rule would be the courts are more likely to provide damages than any equitable relief, meaning, say my EULA didn't include the a termination provision, then I stop providing you access to my software and you sue me. If the court agrees with you, the court's ruling is far more likely to have me pay you the monetary damages you suffered before they are to order me to continue providing you the software under the contract (though there is always exceptions and some cases the court will make a party actually perform the contract).
>and then search the Internet for "model jury instructions [that-crime]", and come back with the one that would invalidate this contract?
Have a look at this Yale Law Review article: Validity of Contracts Which Violate Regulatory Statutes.[1]
Say I raise investment under contract with all my investors, and I included a little provision no one reads that says I can appropriate all or part of the investment. Wouldn't you know it I absconded with their investment. My investors sue me and I file an affirmative defense of No Breach of Contract and introduce the Contract which expressly states I can appropriate my investors money as I see fit. That contract will not be enforced, are we in agreement?
If you and I enter and contract where I will buy a drugs and I pay you and you don't deliver, if I sue you to enforce the contract you agree the court won't make you give me the illegal gun right? But will the court make you give me back the money? That is not a yes or no but a maybe depending on the facts do you agree?
>that's kind of the point of the article: that the DAO was constructed in such a way to make problems like this unrecoverable.
That is the point... funds are unrecoverable all the time in real world in contract/criminal cases, but that does not absolve anyone of liability. Moreover, you can not contract away negligence or for criminal acts.
[1] https://www.jstor.org/stable/792459?seq=1#page_scan_tab_cont...