Posts

Why Blockchain Matters to In-House Lawyers

Today, news reports, academic articles, and corporate reports are flush with mentions of “blockchain,” “Bitcoin,” and “distributed ledger technology.” At first glance, many readers see the discussion as hype, generating a great deal of actionless attention, curiosity, and investment opportunities. However, on another level, some of the conversation regards developments in technology that may specifically shape or impact a company’s contract or legal risk profile – even for those companies that don’t have or deal in Bitcoin.

Blockchain technology is expected to have a broad and sweeping impact across industries worldwide, with one commentator identifying a financial impact of over $176 billion in the next several years. It is envisioned that countless companies (whether suspecting or unsuspecting) will deploy or utilize the technology in their businesses. This may happen in the form of an internally developed or deployed technology or system, through dealings with governments or government agencies, or by way of transactions with technology vendors or service providers, among others.

At a very high and general level, blockchain is a recently developed distributed ledger (or database) technology that facilitates secure records of transactions over time by electronically distributing and maintaining tens, hundreds, or thousands of identical, immutable, highly secure digital copies of the transaction record. Each of these copies is distributed to and held by a different computer node or site participating in the ledger. Blockchain is one kind of distributed ledger technology, and there are many different platforms for blockchain. Bitcoin is a form of cryptocurrency whose foundation is based on one of the blockchain platforms. (Numerous detailed explanations of blockchain and distributed ledger technology are available online, including the video, Ever wonder how Bitcoin (and other cryptocurrencies) actually work?, and a UK Government report on distributed ledger technology.)

Many sets of records that are maintained in an Excel spreadsheet, a company or vendor database, or government files, whether or not currently stored or maintained in the cloud, may be suitable for blockchain. A few examples include real estate purchase and sale transactions, shipping records, banking and financial transactions, inventory management, consumer auto-pay and auto-withdrawal transactions, product manufacturing, and customer subscription transactions.

Attorneys and contract professionals supporting companies’ encounters with blockchain technology should consider the following, among others:

  • Open Source Software. Currently, numerous distributed ledger technologies (including blockchain) are built using open source software. The Bitcoin program is distributed under the MIT License, aspects of Ethereum (another blockchain-based cryptocurrency) use the GNU General Public License, and OpenChain (another distributed ledger technology) is based on the Apache 2.0 license. Open source software licenses include many unique terms (and omit many standard commercial software licensing terms), and may, for example, dictate subsequent use and distribution of the software, as well as of company proprietary code related to the open source software.
  • New Software. Because distributed ledger technology like blockchain is new, in many cases the software underpinning the technology is not as well-tested and presents a notable possibility of serious errors and glitches. Consequently, traditional contractual recourses and remedies for software errors and bugs may not be wholly meaningful, when applied to blockchain, and typical software project deployment schedules and timelines may be difficult to adhere to.
  • Privacy. While one of the potential benefits of blockchain is stronger data security safeguards against loss, destruction, and unauthorized alteration of data and records, the nature of a distributed ledger is that the tens, hundreds, or thousands of ledger participants will have exact duplicates of the digital data and records. Even if the parties to a particular transaction do not consider the transaction record in the ledger to be confidential, it is possible that the underlying record data (especially if health, medical, or financial data) may be a material concern.
  • Technology Contracting. Blockchain is a technology, with its own open (as noted above) or proprietary platforms, software, and systems. Contracts for, or to use, blockchain technology, just as other company contracts for technology, are key vehicles to establish critical rights and obligations regarding representations and warranties, indemnities, limitations of liability, and intellectual property.
  • Bitcoin. Many companies will not typically have or deal in Bitcoin or other cryptocurrencies. The legal and regulatory landscape applicable to cryptocurrency is nascent and exceptionally dynamic and varies across U.S. and non-U.S. jurisdictions (and is beyond the scope of this post). Even for companies that merely or only occasionally transact business in cryptocurrency (and don’t issue, exchange, or administer cryptocurrency), potential issues can include how cryptocurrencies are treated and taxed (different legal authorities consider them to be “currencies,” “commodities,” or “property”), whether corporate insurance provides coverage or protection for cryptocurrency transactions, and whether the use of cryptocurrency is even legal.

Blockchain is an algorithm-intensive, complex technology that may provide great benefits, efficiencies, and cost savings to its users. While this post does not speak to many of its features, including smart contracts, permissioned versus unpermissioned ledgers, and cryptocurrency mining, hopefully it provides a “bit” of useful information.

 

How to Negotiate Your IT/Tech NDA Faster (or, Living with a Suboptimal NDA)

Recently I found myself watching a past episode of HBO’s award-winning tech comedy series, Silicon Valley. If you’ve never watched it, it’s about a Silicon Valley tech start-up and its struggles, successes, and missteps. Although at times the show can be a bit gratuitous, part of its interest derives from the proximity – at least on some conceptual level – of many of its plot lines to reality.

Because I routinely help clients with non-disclosure agreements (NDAs) and related issues, I cringed watching the “Runaway Devaluation” episode from the second season. In this episode, the start-up (a data compression company called Pied Piper) is invited to an initial meeting with a potential funding source (Branscomb Ventures), which has already invested in a competing compression company, Endframe. Shortly after the meeting begins, the Pied Piper team begins sharing critical details of how its data compression technology is built and works. Later, realizing that Branscomb’s intention for the meeting was only to gather these details for the improvement of Endframe’s products, Pied Piper storms out of the meeting.

While it appears there was no NDA between Pied Piper and Branscomb Ventures covering the meeting’s discussions, in reality it is routine for parties to potential IT and technology transactions to put an NDA in place. Vendors, customers, and others in the IT/technology industry generally understand the need to protect their trade secrets and other valuable information when sharing them to evaluate potential relationships with vendors who provide software, hosting, outsourcing, professional technology services, and data breach investigation and remediation services. Among typical participating parties, the need to put in place an NDA is rarely disputed, and many NDA terms and conditions are quite common.

That said, NDA negotiations can nonetheless become time-consuming or contentious. Whether based on a party’s bad experience in a previous situation, defensive or offensive tendencies, or need to avoid deviations from company policies, otherwise common NDA terms can lead to uncommonly protracted negotiations. For a vendor looking to sell to a new customer, lengthy or difficult NDA negotiations can cause the potential customer to view the vendor as being difficult to deal with, or, worse, to drop the vendor from consideration entirely. For a customer wanting to urgently find a vendor to provide services to address a data breach, time to negotiate an NDA is not a luxury.

Even with NDAs, though, there are ways to speed up the negotiations – which, additionally or alternatively, can also provide mitigations to living with a less-than-desirable NDA. The following steps are a few that may allow an NDA party to get comfortable with otherwise problematic NDA terms in a specific case. (Importantly, these measures should not be implemented if contrary to a contractual obligation or law, nor should they replace sound judgment and risk management.)

For a disclosing party that:

(1) After discussions start, is concerned that the receiving party may not handle or treat its confidential information in way that is satisfactory (or that the NDA’s confidentiality terms are not optimal), the disclosing party can do as Pied Piper did and cease providing any more information. (Though, this may stifle productive business discussions, and the party should attempt to put a retroactive NDA in place.)

(2) Believes that the confidentiality terms are not ideal or has concerns about the receiving party’s handling or treatment of its confidential information, the disclosing party can proactively intentionally limit disclosure to only its least sensitive information. (This step, too, may hamper meaningful discussions between the parties.)

(3) Is concerned that the duration of the NDA may cover discussions too far in the future to be appropriately covered under the NDA, the disclosing party can terminate the NDA after the then-presently contemplated discussions.

(4) Has concerns about the information protections provided by the NDA or the receiving party, the disclosing party can conspicuously mark all information disclosed as “CONFIDENTIAL” – that is, even if the NDA doesn’t require it. And, after disclosing confidential information orally, the disclosing party can follow each such disclosure with a written notice expressly identifying the orally disclosed information as “CONFIDENTIAL.”)

For a receiving party that:

(1) Has concerns about its ability to fully adhere to the NDA’s limitations on use and disclosure of the disclosing party’s information, the receiving party can actively limit the number of its personnel who see or have access to the information.

(2) Is concerned about its risk of non-compliance with the NDA’s confidentiality terms, the receiving party can consciously limit the number of copies it makes of the disclosing party’s information (including copies in the form of email attachments). (This assumes copying is permitted.)

(3) Has concerns that it may struggle to meet the NDA’s limitations on disclosure and use of the disclosing party’s information, the receiving party can immediately destroy (or return) the information once it is no longer needed.

As for Pied Piper, it turns out that Endframe did indeed improve its products using Pied Piper’s technology. However, whether due to the lack of an NDA – or, more likely, the constraints of a ten-episode television season for Silicon Valley – Pied Piper was forced to take other, non-legal actions to advance its interests.