Proposing cybersecurity regulations for smart contracts

Abstract

ABSTRACT Smart contracts have the potential to improve many existing transactions and to enable entirely new business models. However, the technology supporting this new method of transacting is complex and the legal framework applying to it is somewhat unclear. Though theorised several decades ago, it was not until the advent of the distributed ledger technology known as blockchain that smart contracts were able to be practically implemented. This paper summarises the concept of smart contracts while providing the background and context of its development. It then distinguishes those smart contracts which are considered legally binding within the scope of US laws from those that may not have legal effect. Next, it provides an in-depth example of an exploitation of smart contracts and explores how the legal reaction to it is inadequate. To reduce the likelihood of future smart contract exploitations and to improve confidence for contracting parties, this article suggests adding explicit smart contract cybersecurity provisions to existing US legal frameworks. Specifically, I propose adapting several of the National Institute of Standards and Technology’s Federal Information Processing Standards to create minimum cybersecurity requirements for all legally binding smart contracts. I also examine the shortcomings of the Computer Fraud and Abuse Act while identifying it as a piece of legislation ripe for reform which, if done adequately, may provide a legal deterrent to would-be cyber hackers of smart contracts.