Guest Blog: Do software developers owe a duty of care to end users?

Thanks to our friends at Ashfords for sharing this case study examining if software developers have a duty of care for end users, outlining the recent court case with Tulip. 

People working or interested in the cryptocurrency area may recall that last year Tulip Trading Limited (“Tulip”) brought a case against 16 core individual developers, arguing that they owed a duty of care to Tulip and thus must give Tulip access to 111,000 bitcoins held on the bitcoin networks that those developers were overseeing. 

The man behind Tulip is Dr. Craig Wright, who claims that he is the bitcoin inventor, Satoshi Nakamoto.

Tulip claimed that they owned the bitcoins (which were worth $4 billion in April 2021) but they could no longer access the assets since the private keys to the bitcoins had been lost due to a hack of Craig’s computer. They wanted to developers to deploy a patch that could bypass the private keys and move Tulip’s bitcoin to another address that Tulip could access. 

Tulip’s key rationale for such a request was that since the developers controlled the networks, they owed fiduciary duties (or a duty of care) to Tulip as the true owner of the asset, and thus they must protect and safeguard Tulip’s assets. 

Tulip’s claim was dismissed by the first instance judge. Falk J concluded that there was no realistic prospect of establishing that the facts pleaded amount to a breach of fiduciary tortious duty owed by the defendants to Tulip. 

Earlier this month Tulip’s appeal was granted by the Court of Appeal for the case to be tried next year. The Court did not conclude that there was a fiduciary duty in law but considered that the case raised a serious issue to be tried. 

In its assessment, the Court highlighted that the developers’ role has some elements that point towards the characteristics of fiduciary duties, such as: 

• A significant amount of control and decision making power for and on other people’s behalf in relation to their property;
• The existence of an “entrustment” in the developers; and 
• A legitimate expectation from bitcoin owners that the developers will not exercise their authority in their own self-interest to the detriment of owners and will act in good faith to fix bugs or faults in the software.

What makes this development significant is currently blockchain developers have no explicit duty of care to the end users, including owners of the cryptoassets. The hearing will examine that very position.

Some of the crucial questions expected to be discussed at the hearing are:

• Is bitcoin/cryptoasset property? The legal status of cryptoassets remains unclear under English laws. Some consider them property (albeit digital assets cannot be “possessed”) while some regard them as a token which may not be property itself. Whatever the conclusion will be, it is expected to help clarify this legal point.
• What control do developers have over the networks or the digital assets, and to what extent? This will go straight to the heart of the decentralised network concept. If the facts show that decentralised governance is merely a debunked “myth”, then it will significantly impact the treatment of digital assets and any other products underpinned by blockchain technology.
• What duty of care do the developers owe to the true owners of the digital assets (if they do indeed have the required level of control over those assets)? If the court confirms on this point, developers, and any other network participants having the same or similar level of control, may see themselves facing various tortious claims by the owners. Regulators may also step in to regulate the conduct of these individuals or the governance of the relevant networks.

Being the first of its kind, the decision of next year’s hearing is expected to shed some light onto some legal ambiguities in the digital assets and blockchain area.