Many wallets and platforms like Coinbase provide services to Bitcoin and other cryptocurrency customers. Typically a service provider requires customers to agree to the provider’s standard terms of service. And typically individual and small business customers lack leverage to negotiate these terms.
However, some customers do have leverage. Customers may have leverage because they bring a large volume of business to the provider, or they have teamed up with other customers to negotiate as a group. Alternatively they possess the patience to shop among service providers to find the most favorable legal terms.
Technology services providers are known for being vague about what services they are providing the customer. Some Bitcoin service providers are equally vague. For example Coinbase’s standard User Agreement says, “Coinbase securely stores 100% of all bitcoin associated with your Coinbase Account in a combination of online and offline storage.” However, the agreement itself does not define “storage.”
It may be that here “storage” means Coinbase is managing the credentials that control the credit of bitcoin to the address pertaining to customer in the Bitcoin blockchain. But Coinbase’s Agreement does not say that. Further, it does not say the customer is entitled to those credentials and any value associated with them. It does not say that the Blockchain address belongs to customer.
What does the User Agreement say that the customer is entitled to? The User Agreement does little more than imply that all the customer is entitled to (at most) “FEES PAID TO COINBASE BY YOU IN THE PRECEDING THREE (3) MONTHS.” See Section 9.1. That’s it.
Coinbase’s User Agreement seems to say nothing about the customer being able to obtain the customer’s blockchain credentials or the blockchain credit pertaining to the customer. Maybe that is because the customer is not entitled to those things. But if that is the case, I’ll bet many customers would be surprised. The customer may think he has 10 bitcoin, but in fact all he has is the right to obtain from Coinbase a return the past three months of fees (at most). Those fees could be worth much less than 10 bitcoin.
Service providers often insist on a “Force Majeure” clause in their agreements. And that may be fair as far as the customer is concerned.
“Force Majeure” means superior force. Typically a Force Majeure clause says the service provider is excused from performing services in the face of a superior force such as war, natural disaster and the like.
However, the customer prefers that the Force Majeure clause not allow the provider simply to close shop in the event of adversity. For example if the customer is a merchant, and the service provider ceases operation on account of an earthquake, then the customer is in a lurch. So the customer wishes for the provider to work to overcome the adversity.
The customer might insist that the agreement provide:
Adversaries to the customer might try any number of legal means to get the information from service provider. They might try a civil subpoena, a tax summons, a police raid or a grand jury subpoena. An official order demanding information might issue from most any legal jurisdiction in the world (e.g., Uganda or Canada), regardless of the geographic location of the customer or the service provider.
The legal validity of a subpoena or other demand for information can be open to dispute. It is possible that an adversary would issue a subpoena that is unjustified or overly-broad. What is worse, sometimes Internet service providers (especially smaller ones that lack a large legal staff) can be overly generous in responding to a subpoena and turn over more information than is required. (See Theofel vs. Farey-Jones, 341 F.3d 978, 981 (9th Cir. 2003), in which an ISP disclosed too much of a business customer’s email to the customer’s lawsuit opponent.)
Accordingly, a customer desires terms like these: If someone makes a legal demand for records about the customer, then . . .
Similarly customer desires that service provider enter a non-disclosure agreement (“NDA”). Under common NDA terms the service provider would not disclose or use customer records without permission (except as required by law). The customer does not want the service provider to give customer’s information to customer’s competitors. Neither does the customer want service provider itself to use customer’s trading data to compete with customer.
Just as a customer is reluctant to let adversaries access the customer’s information held by the service provider, the customer desires assurance that the customer itself can access its own information and details about how transactions are processed.
A customer desires an agreement that under no circumstances will service provider:
Sometimes technology service providers take the position that in a dispute with the customer, the provider can withhold data or deny service. For example the vendor of a cloud-based electronic patient record recently denied a medical practice in Maine access to its own patient records!
But from the perspective of the customer, the service provider holds unfair advantage if it can hold data hostage in the event of a dispute. The customer argues that if there is a dispute the service provider should not hold data hostage; instead, service provider can sue the customer and enforce the results of the lawsuit through normal legal procedures.
The customer may have both a commercial need and an ethical need to access its records. What would be an example of an “ethical” need for records? Suppose the customer was a law firm. The law firm might be controlling bitcoin on behalf of a client in settlement of a dispute. The law firm is obligated under its professional code of ethics to ensure it has access to the relevant records.
What’s more the customer may need assurance that the customer’s auditors can confirm and understand transactions. Relevant auditors might include financial auditors, tax auditors and security/internal control auditors. Hence the customer might insist that the service provider:
For its part, service provider might insist that it be compensated if its staff must spend time responding to audit requests.
In regards to the security/internal control auditors looking out for the interests of customers: the service provider may find it is impractical to respond to all customer audit requests one-by-one. Therefore the service provider might itself hire a single auditor to conduct an audit for the benefit of all of its customers under a standard like Statement on Standards for Attestation Engagements (SSAE) No. 16 published by the American Institute of Certified Public Accountants (AICPA).
If I’ve made any mistakes, please let me know so I can correct myself.
By: Benjamin Wright
[The foregoing is not legal advice for any particular situation. If you need legal advice, you should retain and consult a lawyer.]
Related:
However, some customers do have leverage. Customers may have leverage because they bring a large volume of business to the provider, or they have teamed up with other customers to negotiate as a group. Alternatively they possess the patience to shop among service providers to find the most favorable legal terms.
What Terms Protect the Customer’s Interest?
The following are some (not all) of the terms that customers may desire but that are not commonly offered to small customers:1. A Clear Statement of What Services Are Being Provided to the Customer
Technology services providers are known for being vague about what services they are providing the customer. Some Bitcoin service providers are equally vague. For example Coinbase’s standard User Agreement says, “Coinbase securely stores 100% of all bitcoin associated with your Coinbase Account in a combination of online and offline storage.” However, the agreement itself does not define “storage.”
Legally, what does "storage" of bitcoin entail? |
What does the User Agreement say that the customer is entitled to? The User Agreement does little more than imply that all the customer is entitled to (at most) “FEES PAID TO COINBASE BY YOU IN THE PRECEDING THREE (3) MONTHS.” See Section 9.1. That’s it.
Coinbase’s User Agreement seems to say nothing about the customer being able to obtain the customer’s blockchain credentials or the blockchain credit pertaining to the customer. Maybe that is because the customer is not entitled to those things. But if that is the case, I’ll bet many customers would be surprised. The customer may think he has 10 bitcoin, but in fact all he has is the right to obtain from Coinbase a return the past three months of fees (at most). Those fees could be worth much less than 10 bitcoin.
2. Effort to Overcome Force Majeure
Service providers often insist on a “Force Majeure” clause in their agreements. And that may be fair as far as the customer is concerned.
What if fire strikes? |
The customer might insist that the agreement provide:
- the service provider will promptly notify the customer of the force majeure event and then regularly update the customer about the status of the event; and
- the service provider will use commercially-reasonable efforts to overcome the event. (In other words the provider will take reasonable disaster recovery measures and will strive to return to normal service quickly.)
3. Response to Subpoena or Court Order for Information
The service provider holds sensitive information about the customer. That information might include address data, transaction history, blockchain credentials, investment details and more. The information might be relevant to divorce, tax collection, private lawsuits, bill collection, child support obligations and many other disputes.Adversaries to the customer might try any number of legal means to get the information from service provider. They might try a civil subpoena, a tax summons, a police raid or a grand jury subpoena. An official order demanding information might issue from most any legal jurisdiction in the world (e.g., Uganda or Canada), regardless of the geographic location of the customer or the service provider.
The legal validity of a subpoena or other demand for information can be open to dispute. It is possible that an adversary would issue a subpoena that is unjustified or overly-broad. What is worse, sometimes Internet service providers (especially smaller ones that lack a large legal staff) can be overly generous in responding to a subpoena and turn over more information than is required. (See Theofel vs. Farey-Jones, 341 F.3d 978, 981 (9th Cir. 2003), in which an ISP disclosed too much of a business customer’s email to the customer’s lawsuit opponent.)
Accordingly, a customer desires terms like these: If someone makes a legal demand for records about the customer, then . . .
- service provider will promptly give a copy of the demand to the customer. (Under rare circumstances the service provider is forbidden by law from informing the customer that US law enforcement is seeking information about the customer.)
- service provider will wait to comply with the demand until the applicable deadline. Often a subpoena will give the service provider, say, two weeks to comply. If the service provider waits to the end of the two weeks, that gives the customer time to study the subpoena and react to it. The customer might for instance believe the subpoena is invalid or overly-broad; so the customer might appeal to a court to “quash” the subpoena or reduce its scope. (See details about quashing a subpoena in a US court.)
Similarly customer desires that service provider enter a non-disclosure agreement (“NDA”). Under common NDA terms the service provider would not disclose or use customer records without permission (except as required by law). The customer does not want the service provider to give customer’s information to customer’s competitors. Neither does the customer want service provider itself to use customer’s trading data to compete with customer.
4. Cooperation with Audits, Investigations or Requests for Information
Just as a customer is reluctant to let adversaries access the customer’s information held by the service provider, the customer desires assurance that the customer itself can access its own information and details about how transactions are processed.
A customer desires an agreement that under no circumstances will service provider:
- place a lien on customer’s data [A lien is a legal measure that impairs a person's freedom to sell or transfer its property, such as its data.]; or
- deny customer access to his/her data.
Sometimes technology service providers take the position that in a dispute with the customer, the provider can withhold data or deny service. For example the vendor of a cloud-based electronic patient record recently denied a medical practice in Maine access to its own patient records!
But from the perspective of the customer, the service provider holds unfair advantage if it can hold data hostage in the event of a dispute. The customer argues that if there is a dispute the service provider should not hold data hostage; instead, service provider can sue the customer and enforce the results of the lawsuit through normal legal procedures.
The customer may have both a commercial need and an ethical need to access its records. What would be an example of an “ethical” need for records? Suppose the customer was a law firm. The law firm might be controlling bitcoin on behalf of a client in settlement of a dispute. The law firm is obligated under its professional code of ethics to ensure it has access to the relevant records.
What’s more the customer may need assurance that the customer’s auditors can confirm and understand transactions. Relevant auditors might include financial auditors, tax auditors and security/internal control auditors. Hence the customer might insist that the service provider:
- maintain adequate documentation about how its system works; and
- cooperate with customer’s auditors.
For its part, service provider might insist that it be compensated if its staff must spend time responding to audit requests.
In regards to the security/internal control auditors looking out for the interests of customers: the service provider may find it is impractical to respond to all customer audit requests one-by-one. Therefore the service provider might itself hire a single auditor to conduct an audit for the benefit of all of its customers under a standard like Statement on Standards for Attestation Engagements (SSAE) No. 16 published by the American Institute of Certified Public Accountants (AICPA).
These Ideas Apply Beyond Cryptocurrencies.
The foregoing terms are not unique to Bitcoin. They might serve the needs of customers of many kinds of technology and e-commerce services.If I’ve made any mistakes, please let me know so I can correct myself.
By: Benjamin Wright
[The foregoing is not legal advice for any particular situation. If you need legal advice, you should retain and consult a lawyer.]
Related:
- How to interpret a contract for payment by Bitcoin.
- How to Address Block Chain Legal Liability
No comments:
Post a Comment