Hacker News new | past | comments | ask | show | jobs | submit login
What do you legally “own” with Bitcoin? A short introduction to krypto-property (prestonbyrne.com)
64 points by sergeant3 on Nov 24, 2018 | hide | past | favorite | 34 comments

> Unlike physical goods which can only exist in one place at one time, it is conceivable that with a powerful enough computer, the solution could be found entirely honestly by a third party simply doing some math and stumbling upon the answer at random, or by asking the right questions and exploiting some as-yet-undiscovered weakness in the implementation.

This really isn't hypothetical - a multitude of poorly designed and implemented key generation algorithms (brain wallets being one of the worst examples) have made it computationally feasible to find private keys. I have the private key for 13Yk7NTC64VEfrBL9KE2NNHDrorcJ3SQbz, which currently holds a few thousand dollars worth of Bitcoin (and various forks). I found it by using an algorithm to generate many candidate keys and checking whether they'd been used. I've previously found much more substantial amounts, and in some cases have been able to track down the rightful owner.

As far as I'm concerned, finding a key through clever use of computing power does not entitle one to use it from an ethical standpoint. Legally... well, I've talked to quite a few lawyers about it. There is no agreement on the answer, and as the article mentions, it's unclear who would have jurisdiction.

I had to do a lot of research to understand this in a technical sense. (I haven't read the article OP linked.)

I found the answer really interesting: with bitcoin, what you actually own in a technical sense is the cryptographic signature of an output of a previous transaction on the blockchain. "Owning 10 bitcoin" is intrinsically identical to "owning the cryptographic keys to a previous transaction whose value was 10 bitcoin, proving you were the recipient and can therefore initiate a new transaction with the previous transaction's output as an input, thus paying 10 bitcoin to someone else."

The system doesn't really considers ownership. All participants could, individually but all, simply follow the rule (R):

"this 'address' (x) actually won't spend anything, ever".

Since participants are actually free to move into that rule, that x "owner" (person X) never owned btc.

Person X can't say he was "disowned"/"robbed"/"stolen". Each participants is free to do whatever they want with their computers (they could, individually, even shut it down completely - so everyone could actually shut it down at the same time and no one ever come back).

If Person X is to "actually own" bitcoins, then he (or someone) owns every participants computers, so this owner could state (or enforce) the rule "you shall not move into rule R" (because you would be disowning person X without X's permission, which would be aggression and be unjust).

So knowing a private key "just happens" to interact with each blockchain on the participants computers. They "just happen" to not ignore that information, and interact to it in a certain way. We, in practice, consider the filters the participants decides to apply as having the effect of simulating ownership. But Bitcoins are not actually owned by anyone.

This is potentially semantics, but arguably 'Bitcoin' (or at least the specific bitcoin you claim to 'own') is defined by the set of rules. Thus if someone adds another rule, they are not using the same 'Bitcoin' any more. In that sense you still control it, even if everyone moves to the 'new Bitcoin', though it will now be worthless.

This does happen in practise, it is what is known as a 'fork', and things can get complicated, because generally when the rules change most people will be able to control addresses on both sides of the fork, and more confusingly, it may be possible to 'transplant' transactions from one fork to another (i.e. if you start a transfer from address A to address B on one set of the rules, anyone can also initiate the same transfer on the other set).

Another point, more specific to the example you gave, is that within the rules of bitcoin, the 'miners' who verify the transactions with a proof of work are free to choose which transactions they include. If a sufficient percentage of them choose not to include transactions from a particular address, then it becomes much slower and/or more expensive to transfer anything out of them.

>Unlike physical goods which can only exist in one place at one time, it is conceivable that with a powerful enough computer, the solution could be found entirely honestly by a third party simply doing some math and stumbling upon the answer at random, or by asking the right questions and exploiting some as-yet-undiscovered weakness in the implementation.

This seems fanciful, but there are in fact UTXOs which could be "owned" by multiple people without explicitly sharing the key. For example, Peter Todd created an UTXO that you spend by proving that a sha1 collision (any collision) exists [1]. Two parties could thus acquire ownership independently.

[1] https://bitcointalk.org/index.php?topic=293382.0

Following the context set by article, it's worth noting that it would be far more accurate to not use the word "owned" in your sentence - you could say such UTXOs are controlled by multiple people without explicitly sharing the key, two parties can acquire control independently, but, as the article describes, that's not exactly the same as the legal concept of ownership.

Bingo. This is the sort of scenario for which the courts don't currently have rules to decide to whom the coins (qua krypto-property) should belong.

The entire point of such a transaction is that the courts _do not_ decide it.

The construction was specifically designed such that the person who figures out the hash collision is the owner.

The courts having rules to decide whom the coins belong is meaningless in that context.

Who owns a Barbie doll? Is it Mummy, Daddy or the child? It's not a matter for courts to decide because the question is meaningless.

Ownership is a legal concept, and thus it's up to the legal system to decide if "the person who figures out the hash collision is the owner", or if in certain cases it's not.

Yes, it may be hard to enforce a judgement, especially if the other party can't be identified or located. However, if the other party is reachable, then the courts can certainly force that person to, for example, reverse the transactions, or compensate the rightful owner (as determined by courts, not the algorithms), or have their stuff and liberty taken away by angry armed men.

The process was designed so that the person who figures out the hash collision has full de-facto control, but the designers of a cryptocurrency have no say in what the rules for legal ownership are, that's up to the legislators - and just as for many existing (including physical things) having full control does not imply ownership, i.e. the right to freely act with that thing without it being forcibly taken away, and the right to have your property protected by the state if someone (including someone who has the key) takes your property.

The users of a cryptocurrency are able to ignore the 'legal ownership' rules, though - they implicitly opt-in by using the system.

This is the key distinction between actually using _Bitcoin_ (i.e. running a full node and creating transactions), and using custodial Bitcoin (outsourcing it all to a third party using legal constructs).

If you're saying that the users of the cryptocurrency can't opt-out of the legal system - sure, no-one can opt out against men with guns (in practice what ends up happening is everyone hiding under pseudonyms and introducing a whole bunch of friction in an attempt to do it anyway).

I suppose my comment is intended to illustrate that this is all a sort of shell game played by non-participants.

Essentially, lawyers trying to glue themselves onto and extract consulting fees or whatever from a system which does not require them.

Repeated again for the sake of clarity - if men with guns ultimately decide transactions on the blockchain, the entire system is pointless. We can just delete it. We don't need the horrendously expensive resolution mechanism of PoW in that case, because there's already a resolution mechanism, that of men with guns.

> The construction was specifically designed such that the person who figures out the hash collision is the owner... It's not a matter for courts to decide

Anything is a matter for the courts to decide. Look up Popov v. Hayashi, where the courts tried to sort out who owned the ball that was Barry Bonds' 73rd home run. 2 guys caught it at more or less the same time. There was a dispute. The courts applied equitable principles to determine how ownership should be divided. The day will come when someone needs to make a similar call in relation to BTC.

In the specific situation of petertodd's transaction, the blockchain will resolve the first solution as the owner.

There is actually a technical flaw in those transactions in that a miner that is aware would just rewrite the receive address to their own as there's no signature.

But ultimately a confirmation will hit the chain and transfer ownership of the UTXO.

It's already a solved problem. This is literally the entire point of Bitcoin - decentralized consensus without need for trusted third parties.

Courts cannot move Bitcoin from address A to B. They simply do not have the power. They can muscle in and lock people in boxes and stuff but the actual coins cannot be seized because of the nature of the system.

Sure, courts cannot freely move Bitcoin from address A to B, but that's not really relevant. The relevant part of ownership in this context is whether moving Bitcoin from address A to B was legal, i.e. did you have the ("ownership") right to act with that Bitcoin? And the answer sometimes may be "no", even if you had the key (which you obviously did, if you made the transaction); the question "whether that transaction was fraudulent, did you commit a crime by making it" depends on who legally owned these Bitcoin, not on who knew the keys.

And in many cases courts can move Bitcoin, and have done so - hardware can be seized, people forced to reveal passwords, and Bitcoin transactions executed. For example, see the multiple auctions of seized Bitcoin by U.S. Marshals Service. They can't be guaranteed to succeed, but that's nothing new (it's not like stolen goods or cash always get recovered), and they certainly can try.

If someone steals something edible and eats it, courts also can't return that thing back to the owner, it doesn't mean that edible things are owned by whoever eats them. In both such cases, the courts can order (and, as much as possible, force) the culprit to compensate the rightful owner - but it matters who the rightful owner (in the opinion of the court) is, so it is meaningful to debate who owned it.

I think they do. Ownership can for instance be agreed upon by regular contracts, completely orthogonal to who controls some keys. (Your accountant might, for instance.)

This looks a lot like bearer-bonds to me. Anyone knowing ("bearing") the key and having the means to use it is effectively the owner, except that ownership can be copied because digital. Pretty dangerous...

Perhaps the legal response here should be dismissal.

The lawyer in this article asserts that "Bitcoin is most assuredly not a bearer asset or chattel, though."

It may technically have similar properties as bearer assets, but legally it's different. A bearer instrument is a document which is an explicit legal contract granting certain legal rights. A Bitcoin private key is not a document or a contract (an implicit contract as in "the system works this way, you can look at the description and everybody should know that" doesn't count), it's just some numbers, so it does not fulfil the criteria of laws about bearer assets. And if it did match these criteria, that would not be a good thing, since there are all kinds of prohibitions and restrictions on bearer assets due to their potential usage in money laundering. So while it is very similar to bearer assets regarding de facto control, it's not similar to bearer assets regarding de jure ownership.

> The lawyer in this article asserts that

Has this been tested in court? Lawyers say all kinds of things, but the set of proven-correct things they say is smaller than the set of all things they say.

The main point of this article is that there is nothing in current case law regarding the concept of cryptocurrency ownership, these questions have never been raised in courts yet, so all we can do to evaluate what's likely to happen is to apply analogies from the existing case law regarding non-crypto intangible assets, from which this article cites quite interesting cases.

I'm with you, it feels like with bitcoin, possession is 10/10ths of the law.

""" What hasn’t happened yet, and what invariably will happen as more and more cases hit the courts, is that someone will ask the question, “what property classification do we apply to Bitcoin – WTF is it that Bob actually owns?” """

Well - this question has been asked for taxation purposes. In particular it was answered by a Polish court in http://orzeczenia.nsa.gov.pl/doc/C8296DC8B9 - and the courts answer is that it is a 'prawo majątkowe' (google translate suggests "property law" - but I am not a lawyer - and it probably is not just 'property'), and that it is not money nor financial instrument.

It seems over thought. Blockchain is essentially a ledger (don’t even worry about the distributed part), and the bitcoin associated with a public address (wallet) is accessible to the holder(s) of the private key of the address. In my mind there is digital access to a digital account, while in theory the account is immutable and transactions on the ledger are immutable (ie no need to worry about double spend in this system) access can be lost or stolen.

That’s it! Ownership, like its suggested by the lawyer...well like all things in law: “it depends” and what it depends on are the facts as applied to ownership laws of local jurisdiction

Bitcoin in essence is not digital. If we could remember as good as hard-drivers, calculate as fast and consistently as CPUs, and perhaps communicate as efficiently as bits travel over the internet, Bitcoin would run in our minds only. And it would run for real.

Therefore, the only actually physical attachment it must have is ourselves, our minds, and (any) communication channels.

Bitcoin being mental before digital (I see digitization as just making it more practical), we surround the "owning question": do we own other peoples bodys or minds? Nope, we don't.

So Bitcoin is not, even remotely, private property.

One section of this article is fairly accurate - a custodial holder of an asset (e.g. a bitcoin exchange) doesn't "own" the asset.

They have a contractual liability to the actual owner completely irrespective of any on-chain activity. It's not really even a "Bitcoin". The customer doesn't care whether they get the same Bitcoin back - they just want A Bitcoin and a legal agreement was specifically entered in to for safekeeping.

Outside of that, the majority of the article seems like someone external to a system trying to muscle their way in and exert authority over the participants in that system.

There already exists a mechanism to determine ownership in Bitcoin (e.g. "physical" Bitcoin, the cryptographic system).

A UTXO requires a puzzle to be solved in order for it to be released. This puzzle may or may not require the input of multiple parties.

The participants in that system accept this basis.

A court _cannot_ force a Bitcoin holder to give up their key except in specific cases with naive/bad key management. It is actually impossible to seize. Cooperation is required.

People can be locked in boxes, but a sole owner of a private key is the owner a priori because no legal title is required in order for them to maintain sole use.

It's literally the entire point of the system - if you revert to Men With Guns as the dispute mechanism then you may as well scrap the whole thing and use traditional banking.

The best analogy for cryptocurrency is combination locks. Imagine an anonymous public box, locked by a combination lock. This is the "address". The owner just has exclusive knowledge of correct combination("security by obscurity") but he doesn't have anything else to prove ownership.

That's not "security by obscurity". Security by obscurity is relying on keeping the working of the combination lock secret. All cryptography depends on keeping some information secret, it's just that in good cryptography what is kept secret is relatively small and well-defined (and hard to guess).

Its exactly this. All the "ownership" information is behind a secret number. If you know/guess/steal the number you have ownership. If you have the entire blockchain you can bruteforce checking millions of hash inputs for any matching addresses in the blockchain and empty them all of coins. There is nothing stopping this and it will become viable as devices will be built to bruteforce random wallets or use a variant of rainbow tables to speed it up.

I think you underestimate the resources needed to do this. There is literally not enough energy or matter in the universe to enumerate all the possible wallet private keys. 'rainbow tables' are not useful here (they save you from having to do this impossible task more than once...). You can attack private keys which have not been generated properly, such that there is a sufficiently small number of candidates (broken or malicious RNG usage or deriving the private key directly from a user-created password), but a general brute-force attack on even a random well-created wallet is utterly infeasible.

Now, securing the storage of the private key is a much more difficult problem, and the fact that it is so easy to lose access to your funds (by losing the storage medium it is stored on without having backups) or have them stolen (through phishing, viruses, etc) is a legitimate criticism of bitcoin, at least for the general user who is ill-equipped to deal with a piece of data which is worth so much but both must be secret and cannot be lost.

Why does the question of ownability even arise?

In my mind the purpose of property rights is to resolve conflicts over scarce resources. So what is the conflict with Bitcoin?

Conflicts such as government arresting you for "owning cryptos". Or not reporting you "own cryptos".

But it's also pretty far from other known forms of money. It's certainly an opportunity for new philosophical/economical insights.

bitcoins introduce an artificial scarcity with its mining algorithm (there's only so much bitcoins out there)

The people (all people) own all of the bitcoins. Usability and control is delagated by control of the private key.

What does "Is that legal" actually _mean_ in this context?

It's clearly not _illegal_ for me to own a private key.

Bitcoin users generally accept that if they lose sole access to their keys, they lose sole access to their funds. It's an opt-in system.

The fact that such opt-in systems may be rendered impossible due to the application of force is a tremendous flaw in the legal system; it's not otherwise an interesting question.

If I post this comment and claim it's public domain, and some legalistic construct pops through a side channel and claims that in my jurisdiction public domain doesn't exist; clearly my personal attribution takes precedence.

> It's clearly not _illegal_ for me to own a private key.

How is that clearly true? Under the computer-fraud-and-abuse act, it's probably illegal for you to own information on my server I don't intend you to own (if you got it from my server at least).

If I worked at a certificate authority and stole the signing key they used, quit, and began minting certificates, I can assure you I would be prosecuted and found guilty (both for damage to the company, for stealing company property, violating my contract, and probably a CFAA violation to boot).

There are plenty of numbers that you can't legally have on your computer under certain circumstances [0].

All of this relates to "the color of bits"[1], which is to say what's legal and not legal depends on more than just the number. If you steal someone's private key, that's probably illegal. If you are given it or derive it by chance, it's possibly legal. If you use it to steal their bitcoin, even if derived by chance, that's probably illegal (the law doesn't really care about the details of bitcoin, it's still a thing of value that's owned by an individual).

The law doesn't care that all those bits are the same; some of them are legal, some of them are not, and we as technical people don't like that.

> claim it's public domain, and some legalistic construct pops through a side channel and claims that in my jurisdiction public domain doesn't exist; clearly my personal attribution takes precedence.

That also doesn't seem clear to me. In reality, no one will care enough for it to be an issue, but it seems legally arguable.

I would like to again refer you to the second post I linked. As a technical person, you don't want to think about how arbitrary and situational the law is, especially in technical issues that seem like they should be clearcut. The reality is much more complicated.

[0]: https://en.wikipedia.org/wiki/Illegal_number

[1]: http://ansuz.sooke.bc.ca/entry/23

In this context, "is this legal" refers to what actions with a key you know are permissible, depending on how you obtained that key. There may be things that you are physically able to do with it but are legally not allowed to, just as there may things you would be legally allowed to do, but may lack the capacity (if, for example, you've forgotten some passphrase). Control and ownership are two very different things in this regard.

Bitcoin users generally accept that if they lose sole access to their keys, they lose sole control of their funds, but not ownership.

For example, if I (for whatever reason) put a private key on a sheet of paper on my desk, and somebody sees that key, then I have lost effective control of that cryptocurrency, but not ownership; if that person would use that knowledge to deprive me of that currency, I would be entitled to have the court send angry armed men to extract compensation for that. It's quite comparable to the scenario where I have gold coins on my desk, and someone manages to take them - they have gained control of the coins, the physical reality enforces a rule where whoever holds the coins can hand them to others in exchange for goods and services (just as mathematical reality enforces a rule where whoever knows the private key can authorize Bitcoin transactions), but gaining control does not necessarily imply gaining ownership. Just as if a rich man gives their accountant the access codes to their electronic banking, and the keys to their safe, it does not mean that the accountant is legally free to do whatever they want with that money (even in the absence of a specific contract) - they have been given control, but not the ownership.

And, of course, simply using Bitcoin does not constitute opting out of the common property rights. You could opt out by a specific contract, but simply being aware "that if they lose sole access to their keys, they lose sole access to their funds" does not mean waiving your legal rights for redress if your funds get taken (though it might be difficult to find the culprit), just as being aware of all the risks involved by drunkenly waving around a bag with gold coins in a seedy alley does not mean waiving your rights for redress if these coins get taken.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact