“Believe in the process”? – Privacy and cybersecurity issues served by court proceedings through NFTs | Lord Locke LLP

Recently, courts in New York and London made orders in two unrelated cases – LCX AG v $12,740 Coins[1] and D’Aloia v. Binance Holdings and others[2] – Empower claimants to offer lawsuits to anonymous defendants through non-fungible tokens (“NFTs”).

These appear to be the first known judicial decisions allowing the use of NFT services, through “airdrop“Access to defendants’ wallets on the Ethereum blockchain. Delivery of tokens by airdrop requires the sender to transfer tokens from one wallet to another party’s wallet on the blockchain, often on an unsolicited and accidental basis.

This paper considers the privacy and cybersecurity implications of influencing (and receiving) services through NFTs in this way.

Background: NFTs

Over the past 18 months, NFTs have primarily gained prominence as a medium for collectible digital assets, especially digital artwork, but the technology could have many different uses.

NFTs are uniquely identifiable packets of information stored on a blockchain (usually the Ethereum blockchain network). This information may include smart contracts (essentially lines of code that set the parameters of an NFT function) and related media such as text, image files, music or video. This media information can be stored “on-chain” (i.e. as data stored on the blockchain network itself), but is more commonly stored “off-chain”, i.e. on the traditional World Wide Web, where on-chain tokens simply act as Road signs for related media files.

Various uses of NFTs and blockchains have been explored in recent years, such as: ticketing,[3] real property ownership records[4] and authentication.[5] However, NFTs and blockchains are generally not used to transmit personal or business communications. Despite the New York and London decisions, it is unlikely that court proceedings via NFTs will become the norm anytime soon. While it is now legally and technically feasible to serve proceedings in this way (with court permission), in the foreseeable future traditional methods of service, such as post, courier or email, may Still the best to use.

That being said, there are a number of situations in which the services of NFTs may have practical and practical use in litigation:

  • For claimants who are victims of crypto-asset theft or fraud, where the identity of the defendant is unknown (other than the wallet address on the blockchain);
  • When the defendant’s wallet is not associated with a centralized exchange such as Binance or Coinbase, the identity of the defendant cannot be determined through a third-party disclosure order against the exchange.[6]
  • When timing is of the essence, such as reducing the risk that the defendant will dissipate assets.
  • When the defendant is located outside the plaintiff’s jurisdiction, service by traditional means such as mail or even through diplomatic channels can take weeks or even months.

LCX and Daloa

exist LCX and Daloathe claimants were victims of cryptocurrency theft and fraud, respectively. LCX Involved the theft of $8 million in cryptocurrency from the claimant’s wallet, and Mr. D’Aloia claimed he was the victim of a scam in which he was induced to transfer cryptocurrency to one or more unknown persons In the wallet under control, it is disguised as a website with the domain name tda-finan.com.

In each case, the plaintiffs initiated proceedings to recover the stolen cryptocurrencies and applied to the court for permission to serve proceedings on the defendants via NFTs (“service tokens”). At the time of the lawsuit, there was no way of knowing the defendant’s personal identity, nor was it possible to identify who controlled the person’s residence or place of business, other than their wallet address (in the form of a unique 42-character hexadecimal string) these wallets. Therefore, the claimant sought permission for court document services by sending service tokens to these wallets.

in the case of LCXthe service token contains a hyperlink to the applicant’s attorney’s website, which hosts the relevant court documents being served.[7] The hyperlink also contains a tracking mechanism to determine whether the defendant clicked to view the relevant document.It’s unclear from the reported decision Daloa As for how the documents were transmitted in this case.

Privacy Notice

There are two aspects of blockchain technology that are fundamentally incompatible with privacy and individual rights under the EU General Data Protection Regulation (“GDPR”) and the UK Data Protection Act 2018 (“DPA”):

  • The blockchain is a public ledger, which means that anyone in the world can view its contents; and
  • Blockchains are immutable, which means that information on the blockchain network cannot be deleted.

Check court documents: The fact that the blockchain is public means that in cases where court documents contain witness evidence and confidential or private information, airdrop services via NFTs (including when linking to documents hosted on public websites) may not be Practical, especially in the case of a ban. In theory, once the service is implemented through the blockchain, the world can understand the program.[8]

Tracking: Privacy legislation may also create difficulties in using tracking mechanisms that can confirm that defendants have received litigation services. Sites hosting hyperlinks to court documents may address this by directing users to appropriate privacy and/or cookie policies, but this needs to be considered on a case-by-case basis.

Data deletion: The immutability of data on the blockchain makes it difficult (if not impossible) to delete the contents of any NFT. Because data subjects have the right to request deletion or correction of their personal data, the inability to delete data generally violates many privacy laws, including the GDPR and the California Consumer Privacy Act (“CCPA”).This means that hosting court documents on the blockchain itself may never be feasible – so parties will need to rely on traditional internet sites to host information and/or documents (as in LCX), the blockchain token functions more like a digital road sign and does not contain any personal data itself. The fact that the defendants may be anonymous and can only be identified by reference to a wallet address is irrelevant, as privacy legislation broadly defines personal information or personal data. For example, CCPA[9] Including “unique personal identifiers” as protected information, the UK and EU GDPR also includes “identification numbers” or “online identifiers” in their definitions.[10]

In addition, some laws grant data subjects the right to request erasure of their personal data. If a data subject whose identity corresponds to (or contains) a wallet address wishes to exercise their legal right to have their personal data deleted years after the lawsuit is resolved or concluded, if the information is fully hosted on the blockchain.

Cyber ​​Security Considerations

Interacting with Airdropped Tokens: It is increasingly common for blockchain wallet owners to see malicious or spam tokens being airdropped into their wallets[11], which is essentially the Web 3.0 version of phishing. If interacted with malicious tokens, they can do anything from directing wallet owners to fraudulent websites, to executing smart contracts to wipe out the entire contents of the owner’s wallet. Therefore, parties controlling the wallet are strongly advised not to interact with airdropped NFTs or click on hyperlinks from unfamiliar sources. With this in mind, the transmission of important legal documents via airdropped NFTs is likely to be ignored by the recipient.[12] This does not matter in practice, as the doctrine of service of court documents often relies on constructive notice, much like service of documents by post or email (i.e. whether the party being served actually saw the notice and unimportant) documents, as long as the party serving them has taken the relevant steps to serve them).

If the law firm or claimant receives any subsequent tokens on the blockchain from the defendant (for example, claiming to be a read receipt or providing documentation by way of return), they are also advised not to interact with the tokens and seek the blockchain Professional help.

Creating and Sending Service Tokens: Most legal advisors and claimants (especially individuals) are unlikely to have the expertise to create NFTs without the help of professionals experienced in blockchain and crypto-asset matters. Therefore, it may be necessary to work with a trusted third-party vendor to create a service token (and a tracking mechanism if desired) and transmit it over the blockchain. It may also be necessary to create a wallet for sending service tokens. If law firms engage in activities of this nature, they will need to consider their internal IT and risk management policies, as many firms may have restrictions on crypto assets. Companies may also wish to consider the impact of creating and/or sending Service Tokens with respect to any liability they may incur as a result of conducting cryptoasset transactions, especially if the Defendant has received or received or suffered damage or loss in some way claim or suffer damage or loss. Interact with the token.

in conclusion

The prospect of court proceedings via NFTs is an exciting development in litigation, and may be appropriate (if not the only option) in certain types of litigation. However, in any given case, the parties and their legal advisors will need to carefully consider and conduct a risk analysis before jumping on the NFT service bandwagon.


[1] LCX Ag v. $1.274M CoinNo. 154644/2022, 2022 WL 3585277 (NY Sup. Ct. August 21, 2022).
[2] [2022] EWHC 1723 (middle).
[3] Seatlabs is an example of NFT based event ticketing – https://www.seatlabnft.com/
[4] For example, the Dubai Land Department has been spearheading the adoption of blockchain technology since 2017: https://dubailand.gov.ae/en/news-media/dubai-land-department-achieves-a-technical-milestone-with- Collaborate with Smart Dubai and other partners using blockchain technology/. The HM Land Registry in England and Wales has been considering blockchain technology during a similar period.
[5] Goldfinch is a decentralized trust protocol that recently created Unique ID (UID) NFTs. These are non-transferable tokens that are verified on behalf of KYC and on-chain investors: https://docs.goldfinch.finance/goldfinch/unique-identity-uid
[6] Exchanges should have KYC (“know your customer”) records on all account holders, although in practice it may take some time to get these details – at the very least, a court order may be required, and even then this data may not be available Correct, especially if the defendant is suspected of fraud.
[7] https://www.hklaw.com/en/general-pages/lcx-ag-v-doe
[8] This is in direct conflict with the procedure in England, where for example non-parties cannot access court documents until all defendants have filed Acknowledgments of Service, and even then witness evidence is usually not given to non-parties.
[9] Carl. civilization. Code § 1798.140 (West).
[10] Article 4(1) GDPR (also valid in the UK under DPA 2018).
[11] Ape-themed airdrop phishing scams are on the rise, experts warn
[12] The same is true for email services (i.e. prudent email users are better off not clicking on hyperlinks to emails they do not wish to receive), which is consistent with the restrictive approach taken by UK courts and civil proceedings to allow The person expressly agrees to the rules for delivery by email in the case of delivery by email.

Leave a Comment

Your email address will not be published.