How to Cope with Block Chain Legal Liability, InfoSec – Forensics Law

InfoSec & Forensics Law

Cyber evidence, security, commerce, privacy, compliance

How to Cope with Block Chain Legal Liability

Bitcoin Is Just One Example of an Explosive Idea.

Bitcoin’s blockchain is a specific example of a greater idea. It is a distributed ledger. A distributed ledger is a powerful innovation for accounting.

A Better Way to Administer Trust

In effect a distributed ledger is a method for managing trust among entities without requiring the entities permanently to check back with headquarters (the central authority) to confirm that an entity or party is entitled to a measure of trust. Checking back with headquarters for every transaction is inefficient.

An Open Ledger Manages Trust.

Therefore IBM is exploring use of block chain to manage trust in the Internet of Things, where a multitude of devices (like your clever witness and your home thermostat) share data and responsibility with one another.

Potential Liability for Errors or Omissions

Bitcoin’s block chain runs on open source software. Many people have contributed to its development and updating.

Warn Users of Risk.

For this reason institutions are wise to insist that the block chains they support come with disclaimers and/or terms of use. These types of statements can explain and disclaim risk.

The statement might go on to explain with some detail the kinds of risks that are present, such as flaws in software or a future decrease in miner incentive to work.

Example Disclaimers

Here are three examples of institutions insisting on the publication of disclaimers relative to their contributions to community projects.

  1. The payment card community works together to publish the Payment Card Industry Data Security Standard. The PCIDSS sets standards for securing credit card data. However, it is possible that a merchant who goes after PCIDSS will still suffer a data breach. The institutions that participate in the PCI community and promote the PCIDSS desire no liability for a shortcoming in the standard. Their solution is to require anyone downloading a copy of the standard to agree to a contract that disclaims liability and places risk with the user merchant.
  2. The American Medical Association works with the National Supplier Clearinghouse to facilitate communications of Medicare claims by healthcare providers. However, the methods and technology of the Clearinghouse may not give a healthcare provider the desired outcome. AMA wants no liability. Therefore access to the Clearinghouse website requires the user to click on terms that disclaim liability by AMA.
  3. Ethereum.org publishes this statement regarding the initial sale of “Ether”:

Ether is a product, NOT a security or investment suggesting. Ether is simply a token useful for paying transaction fees or building or purchasing decentralized application services on the Ethereum platform; it does not give you voting rights over anything, and we make no assures of its future value.

What Stands in the Place of Legal Liability?

The user of a block chain that comes with a disclaimer might ask how he can get assurance if legal liability has been disclaimed. The response is that the user can rely on “collective intelligence.” The user can observe the collective behavior of the community using the block chain to understand the risk associated with it. If a large and wise community is using the block chain in a semi-transparent way, then the user can sense a measure of assurance, tho’ he knows he very likely cannot use the legal system to enforce that assurance.

Cyber Insurance Distributes Risk.

Another way to manage risk is to acquire insurance. Some block chains may require participants to pay a fee, part of which could goes to the purchase of cyber insurance to cover the participants for risk of loss.

Hold Harmless Clause Assigns Risk and Incentives.

The absolution of liability might be worded different ways, depending on the needs and culture of the community. For example, an absolution of liability might include:

  1. An indemnification clause in which each participant holds each other participant harmless from any claims based on the very first participant’s reliance.
  2. A caveat that the absolution of liability does not apply to intentional fraud, which is proven beyond a reasonable doubt. Such a caveat sets up a high standard of evidence that a participant must meet in order to collect from others on account of their misdeeds.
  1. Declaration of entire crypto Two.0 project as “as-is” and “use at your own risk”
  2. Recording Bitcoin Legal Evidence

Wright`s Online SANS Training

  • Free Webcast on EU’s General Data Protection Regulation
  • Free Webcast: Cyber Insurance (Hear the Archive)
  • Law of Data Security & Investigations
  • News: SANS Masters Degree Accredited
  • Education & Certification on Treating of Cyber Legal Evidence
  • Sept 25-26, two thousand seventeen SANS Data Breach Summit Chicago

Education Promotes Cybersecurity

Strangest & Maybe Most Significant InfoSec Law Case . Ever (LabMD)

Blogger

Benjamin Wright is an attorney in private practice. He helps others navigate the law of data compliance, including privacy, outsourcing, IT security, online investigations and forensic investigations. He instructs e-discovery, BYOD, active defense and data protection law for SANS Institute.

Mr. Wright chairs the SANS Institute’s annual Data Breach Summit, where CISOs and other professionals interchange tips on how to manage a cyber crisis.

To email Mr. Wright, please send to ben_wright at compuserve dot com; put “BLOG” in subject line.

Speaker and Author

Mr Wright is a frequent public speaker at professional groups like state CPA societies and local ISACA chapters. As author of technology law books such as Law of Electronic Commerce, he blogs on electronic data, records, security and social media law, and he catches sight of trends, such as the rise of big data as a instrument for legal investigations.

Mr. Wright is an editor for compliance topics at SANS Institute’s Securing The Human program.

Texas Bar Association publishes an attorney profile on Mr. Wright.

Mr. Wright mentors students at UNT-Dallas College of Law. He is a member of the Pennsylvania College of Technology Advisory Committee for the Information Assurance and Cyber Security Degree.

Significant: No public comment by Mr. Wright (blog, book, tweet, movie, update, speech, article, podcast or the like) is legal or other professional advice. If you need legal advice, you should hire and consult a lawyer.

Mr. Wright’s public statements are suggested as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

Public Education and Discussion

Mr. Wright’s blogs, tweets, movies, web comments, web courses and the like are intended to promote public education and discussion. They are not intended to advertise or solicit legal services. They constitute part of the online update service for the book Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is published by Wolters Kluwer.

Forming an Attorney-Client Relationship

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly, formally agree that the relationship is being formed. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchange of private messages with Mr. Wright does not, by itself, create an attorney-client relationship.

Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

Significant Confidentiality Notice

Benjamin Wright is licensed as an attorney. Some of Mr. Wright’s non-public records stored in the cloud are confidential and subject to protections associated with attorney work and communications. The laws of many countries recognize such protections. Mr. Wright insists that you recognize those protections with respect to his records and communication.

The only person responsible for Mr. Wright’s words is Mr. Wright.

Mr. Wright has earned money from some organizations he mentions online, such as Messaging Architects/Netmail, SANS Institute and LabMD.

Some photos, sounds and font output associated with Wright’s work and comments are copyrighted by Corel Corporation or its licensors or fucking partners like iStockphoto; they reserve all their rights. Some pics are proclaimed on wikimedia to be public domain. Mr. Wright strives to respect IP rights, but sometimes technology behaves in surprising ways. If you are an IP holder and you have a problem with something published by Mr. Wright, please telephone him promptly. Trademarks are property of their respective owners.

How to Cope with Block Chain Legal Liability, InfoSec – Forensics Law

InfoSec & Forensics Law

Cyber evidence, security, commerce, privacy, compliance

How to Cope with Block Chain Legal Liability

Bitcoin Is Just One Example of an Explosive Idea.

Bitcoin’s blockchain is a specific example of a greater idea. It is a distributed ledger. A distributed ledger is a powerful innovation for accounting.

A Better Way to Administer Trust

In effect a distributed ledger is a method for managing trust among entities without requiring the entities permanently to check back with headquarters (the central authority) to confirm that an entity or party is entitled to a measure of trust. Checking back with headquarters for every transaction is inefficient.

An Open Ledger Manages Trust.

Therefore IBM is exploring use of block chain to manage trust in the Internet of Things, where a multitude of devices (like your wise see and your home thermostat) share data and responsibility with one another.

Potential Liability for Errors or Omissions

Bitcoin’s block chain runs on open source software. Many people have contributed to its development and updating.

Warn Users of Risk.

For this reason institutions are wise to insist that the block chains they support come with disclaimers and/or terms of use. These types of statements can explain and disclaim risk.

The statement might go on to explain with some detail the kinds of risks that are present, such as flaws in software or a future decrease in miner incentive to work.

Example Disclaimers

Here are three examples of institutions insisting on the publication of disclaimers relative to their contributions to community projects.

  1. The payment card community works together to publish the Payment Card Industry Data Security Standard. The PCIDSS sets standards for securing credit card data. However, it is possible that a merchant who goes after PCIDSS will still suffer a data breach. The institutions that participate in the PCI community and promote the PCIDSS desire no liability for a shortcoming in the standard. Their solution is to require anyone downloading a copy of the standard to agree to a contract that disclaims liability and places risk with the user merchant.
  2. The American Medical Association works with the National Supplier Clearinghouse to facilitate communications of Medicare claims by healthcare providers. However, the methods and technology of the Clearinghouse may not give a healthcare provider the desired outcome. AMA wants no liability. Therefore access to the Clearinghouse website requires the user to click on terms that disclaim liability by AMA.
  3. Ethereum.org publishes this statement regarding the initial sale of “Ether”:

Ether is a product, NOT a security or investment suggesting. Ether is simply a token useful for paying transaction fees or building or purchasing decentralized application services on the Ethereum platform; it does not give you voting rights over anything, and we make no ensures of its future value.

What Stands in the Place of Legal Liability?

The user of a block chain that comes with a disclaimer might ask how he can get assurance if legal liability has been disclaimed. The response is that the user can rely on “collective intelligence.” The user can observe the collective behavior of the community using the block chain to understand the risk associated with it. If a large and brainy community is using the block chain in a semitransparent way, then the user can sense a measure of assurance, however he knows he very likely cannot use the legal system to enforce that assurance.

Cyber Insurance Distributes Risk.

Another way to manage risk is to acquire insurance. Some block chains may require participants to pay a fee, part of which could goes to the purchase of cyber insurance to cover the participants for risk of loss.

Hold Harmless Clause Assigns Risk and Incentives.

The absolution of liability might be worded different ways, depending on the needs and culture of the community. For example, an absolution of liability might include:

  1. An indemnification clause in which each participant holds each other participant harmless from any claims based on the very first participant’s reliance.
  2. A caveat that the absolution of liability does not apply to intentional fraud, which is proven beyond a reasonable doubt. Such a caveat sets up a high standard of evidence that a participant must meet in order to collect from others on account of their misdeeds.
  1. Declaration of entire crypto Two.0 project as “as-is” and “use at your own risk”
  2. Recording Bitcoin Legal Evidence

Wright`s Online SANS Training

  • Free Webcast on EU’s General Data Protection Regulation
  • Free Webcast: Cyber Insurance (Hear the Archive)
  • Law of Data Security & Investigations
  • News: SANS Masters Degree Accredited
  • Education & Certification on Treating of Cyber Legal Evidence
  • Sept 25-26, two thousand seventeen SANS Data Breach Summit Chicago

Education Promotes Cybersecurity

Strangest & Maybe Most Significant InfoSec Law Case . Ever (LabMD)

Blogger

Benjamin Wright is an attorney in private practice. He helps others navigate the law of data compliance, including privacy, outsourcing, IT security, online investigations and forensic investigations. He instructs e-discovery, BYOD, active defense and data protection law for SANS Institute.

Mr. Wright chairs the SANS Institute’s annual Data Breach Summit, where CISOs and other professionals interchange tips on how to manage a cyber crisis.

To email Mr. Wright, please send to ben_wright at compuserve dot com; put “BLOG” in subject line.

Speaker and Author

Mr Wright is a frequent public speaker at professional groups like state CPA societies and local ISACA chapters. As author of technology law books such as Law of Electronic Commerce, he blogs on electronic data, records, security and social media law, and he catches sight of trends, such as the rise of big data as a device for legal investigations.

Mr. Wright is an editor for compliance topics at SANS Institute’s Securing The Human program.

Texas Bar Association publishes an attorney profile on Mr. Wright.

Mr. Wright mentors students at UNT-Dallas College of Law. He is a member of the Pennsylvania College of Technology Advisory Committee for the Information Assurance and Cyber Security Degree.

Significant: No public comment by Mr. Wright (blog, book, tweet, movie, update, speech, article, podcast or the like) is legal or other professional advice. If you need legal advice, you should hire and consult a lawyer.

Mr. Wright’s public statements are suggested as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

Public Education and Discussion

Mr. Wright’s blogs, tweets, movies, web comments, web courses and the like are intended to promote public education and discussion. They are not intended to advertise or solicit legal services. They constitute part of the online update service for the book Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is published by Wolters Kluwer.

Forming an Attorney-Client Relationship

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly, formally agree that the relationship is being formed. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchange of private messages with Mr. Wright does not, by itself, create an attorney-client relationship.

Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

Significant Confidentiality Notice

Benjamin Wright is licensed as an attorney. Some of Mr. Wright’s non-public records stored in the cloud are confidential and subject to protections associated with attorney work and communications. The laws of many countries recognize such protections. Mr. Wright insists that you recognize those protections with respect to his records and communication.

The only person responsible for Mr. Wright’s words is Mr. Wright.

Mr. Wright has earned money from some organizations he mentions online, such as Messaging Architects/Netmail, SANS Institute and LabMD.

Some photos, sounds and font output associated with Wright’s work and comments are copyrighted by Corel Corporation or its licensors or playmates like iStockphoto; they reserve all their rights. Some pics are proclaimed on wikimedia to be public domain. Mr. Wright strives to respect IP rights, but sometimes technology behaves in surprising ways. If you are an IP holder and you have a problem with something published by Mr. Wright, please telephone him promptly. Trademarks are property of their respective owners.

Related video:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *