Is the smart money on ‘smart contracts’?

Law student Tanzeel ur Rehman considers some of the drawbacks of self-executing agreements

Hegestratos, unlike the many trailblazing Ancient Greek philosophers, was a pioneering fraudster.

In one of the earliest recorded incidents of financial fraud (c.300 B.C.), this corn merchant had taken out a large insurance policy (known as bottomry) and attempted to swindle the insurers by sinking his ship along with the crew. Down on his luck, he was caught in the act, and drowned while trying to escape the wrath of his intended scapegoats. These bottomry bonds, an offshoot of the ancient Code of Hammurabi, were also the earliest known forms of insurance contracts, where merchants could take out loans to finance a voyage by pledging their large vessels as collateral.

Today, the insurance world is a multi-trillion-dollar industry. The market in the UK is the largest in Europe and fourth largest in the world. Be it the minor ‘fender-benders’ or any other ‘named perils’, insurance policies have got you covered.

Discussions are picking pace regarding the role of technology in this rapidly growing industry. The concept of ‘InsurTech’ is gaining momentum. Proponents believe that the use of ‘smart contracts’ and blockchain/distributed ledger technologies (DLTs) could revolutionise the insurance market. Last year, the European Insurance and Occupational Pensions Authority (EIOPA) published a discussion paper which highlights the potential benefits of these technologies.

However, there is a dearth of research regarding the possible downside of smart contracts. Smart contracts are touted to be one of the most groundbreaking innovations of our times. If that is the case, then surely smart contracts have the potential of undesirable consequences as well (See the ‘Pathetic dot theory’ in Professor Lawrence Lessig’s Code: And Other Laws of Cyberspace). The exaggerated optimism surrounding smart contracts overlooks the fact that these could possibly pave way for, hitherto unknown ways of transacting unlawfully.

This is partly because there is emphasis on a more generalised, and less technical understanding of these technologies. As Andrés Guadamuz explains in his 2019 paper, “smart contracts are not contracts” and that “for all intents and purposes they should not be”. Smart contracts are in fact self-executing code that, unlike traditional contracts, may or may not be of a binding nature. An article published on this website points out that “self-executing agreements written in code are not a panacea to businesses’ and individuals’ contracting woes”.

Smart contracts have unique vulnerabilities such as performance issues, security threats and privacy concerns. The performance issues that have been highlighted by tech experts include inter-alia throughput bottlenecks, limited scalability, and transactions latency. The security concerns relating to smart contracts are also well-founded. The Decentralised Autonomous Organisation (DAO) attack that exploited a re-entrancy vulnerability to steal around two million Ether from a smart contract, serves as an eye-opener. The attack on SmartBillions — a decentralised and transparent lottery system, exhibits how blockchain ‘hashes’ could be manipulated. These attacks show that DLTs are vulnerable to re-entrancy and event-ordering manipulations.

Another challenge that smart contracts face is compliance with data protection rules. For example, the European General Data Protection Regulation (GDPR) stipulates that citizens have a “right to be forgotten” which is inconsistent with the immutable nature of blockchain-enabled smart contracts. Research reveals that even where a smart contract becomes a legal contract, it may not be between the data subject and the controller. Furthermore, consent has limited value here, as under the EU data protection regime, the data subject must be able to revoke consent, which becomes impossible when data processing cannot be halted at the request of the data subject.

Moreover, Article 22(3) of GDPR requires that data controllers ensure measures including a right to human intervention. Uncertainties and controversies regarding the scope of this obligation, remain a relevant theme. Compliance with these regulations implies that the smart contracts’ “trustless” framework will regress to a third-party trusted network, losing its essence.

Another dimension of the third-party interference in smart contracts is the use of “off-chain” resources (or Oracles). Smart contracts require receiving off-chain information, at pre-determined intervals, from resources which are not on the blockchain. The potential issues linked to this may be the inability to push out the necessary information or provide incorrect data. Moreover, this could also facilitate blockchain nodes to be hacked or misused to report erroneous data that will be logged on the blockchain in an immutable manner.

Smart contracts also have the potential of opening the floodgates to a new class of “collusive agreements”. DLTs are poised to challenge antitrust enforcement by employing illegal practices and circumventing rules more efficiently through smart contracts. Blockchain as a medium to facilitate anticompetitive practices will pose interesting questions pertinent to §.1 of the Sherman Act (in the American context), §.2(1) of the Competition Act (in the British context) and Article 101(1) of the TFEU (in the European context). Smart contracts could assist companies in a “conscious commitment to a common scheme” (Monsanto v Spray-Rite Serv. Corp.). Smart contracts could also turn into ‘concerted practices’ between companies by “coordination between undertakings which,…knowingly substitutes practical cooperation between them for the risks of competition” (Imperial Chemical Industries Ltd v Commission of EC).

In the insurance industry, a mutual lack of trust between actors is a huge challenge. One cannot blame them, taking into account the long-standing and shady history of enterprising crooks like Hegestratos. Whether the grandiose claims of ‘trustlessness’ and ‘transparency’, dubbed as the hallmarks of smart contracts, will provide the desirable solutions, remains to be seen. In 2020, investments into technology-enabled insurance solutions stood at a staggering €6 billion and the amount invested is expected to increase exponentially. When critically analysing the potential vulnerabilities and drawbacks of these technologies, a burning question could (or should) be, whether the smart money is on the ‘smart contracts’?

Tanzeel ur Rehman is a second year law student at the University of Sindh, Pakistan.