Just before the 2016 Memorial Day holiday weekend in the United States, which falls at the end of May, news outlets reported that the bipartisan effort to revolutionize the regulation of cryptography in the United States was sewed up in its hammock and tossed overboard. Senators Richard Burr and Dianne Feinstein, a Republican and Democrat respectively, sponsored a bill which began circulating within the Senate Intelligence Committee earlier in the year. The Compliance with Court Orders Act of 2016 (“CCOA”), which was met with absolute disdain by cryptographers and could not garner the support of the White House, may have constructively prohibited cryptography in the United States.
Notably for financial technology (“FinTech”) fans and blockchain backers, this sweeping legislative prohibition on the use of cryptography could have seriously threatened the viability of blockchain as a disruptive technology in the United States. According to the draft text of the CCOA, the purpose of the legislation was to require covered entities to provide data in an intelligible format to a government pursuant to a court order. “Covered entities” was defined to include “any person who provides a product or method to facilitate a communication or the processing or storage of data.” All persons receiving a court order requesting information and data would have been required to provide, in a timely manner, intelligible data or technical assistance with making such information and data intelligible. Venders of products, services, applications, and software would have been required to ensure that any of the same could comply with such an order by designing into each an exceptional third-party access mechanism, i.e., a master decryption key. In short, it appeared that the reach of the CCOA was intended to be quite broad, and it would have encroached upon a substantial market of electronic communication and storage services.
More specifically, while primarily drafted in response to the public dispute between the U.S. Department of Justice and Apple, Inc., the impact of the CCOA could have spread far beyond the consumer electronics industry to any industry which relies on the integrity of cryptography. Significantly, financial transactions effected through the internet using the blockchain protocol depend on robust encryption to garner the support and trust of customers. Without such encryption, blockchain almost certainly would not be the paradigmatic example of the FinTech revolution that it is.
Blockchain is a “distributed ledger technology.” In the financial industry, for example, the purpose of blockchain is, in part, to provide a verifiable means to keep track of ownership and transactions in a particular asset. Traditionally, a highly regulated and therefore presumptively trusted intermediary performs this function. The disruptive idea behind blockchain is that a trusted third-party interposed between transacting parties is no longer necessary to verify transactions if every party has a copy of the ledger and such ledger is tamper-proof. To ensure the veracity of the distributed ledger, blockchain relies on asymmetric encryption, which is a public key cryptography protocol. If the encryption of blockchain cannot be trusted, then the ledger is a failure.
It remains an open question whether blockchain would have been regulated by the CCOA; however, the draft text did raise the issue. By definition, blockchain is a product or service which would store data in an unintelligible format. The data that blockchain encrypts pertains to communications between identifiable parties. It would then store such data because, of course, that is the purpose of a ledger. Because blockchain is an encrypted communication and data storage protocol, it and similar protocols may have been forced to alter their encryption processes to comply with the CCOA.
For now, FinTech innovators in the United States remain free to use robust and proven encryption algorithms in their blockchain implementations. However, in light of the San Bernardino tragedy, America’s legislative bodies will likely continue to grapple with Justice Douglas’s famous retort to the Bank Secrecy Act, whether “America is so possessed with evil that we must level all constitutional barriers to give our civil authorities the tools to catch criminals.” The CCOA certainly seemed embodied with the same legislative spirit as the Bank Secrecy Act, and the threat of terrorism remains real. Accordingly, blockchain will continue to face threats at the cross-roads of innovation and regulation.