Smart Contract Basics — A Legal Contract Perspective

Part III: Privity

Introduction
Privity is a straight-forward legal concept for traditional contracts: the terms and
conditions of a contract are only valid for the parties that enter into the contract. You sign your
name on the line and you receive the rights (and penalties). Whereas, privity in smart contracts
restricts “knowledge and control over the contents and performance of a [smart] contract” that
“should be distributed among parties only as much as is necessary.”i Contracting parties utilizing
smart contracts have an interest in controlling access to knowledge of the terms of the agreement and
controlling its execution and performance.
Smart contracts are more complex than traditional ink-and-paper contracts because of the
transparent and collaborative design of a blockchain. Maintaining privity of contract takes on a new
meaning: protecting the parties and terms of the agreement from interference from third parties is a
priority for complex transactions contained in smart contracts. Controversy over the use of smart
contracts for more complex transactions currently revolve around privacy, confidentiality and a balance
between maintaining control and operating within a system originally designed for transparency.
I. What is Privity?
A. General Background
Privity of contract is a legal doctrine that establishes “all the rights, liabilities and responsibilities
contained in the contract only apply to the named parties or specified beneficiaries.”ii For those non-
lawyers, privity is the right to exclude other unauthorized parties from the performance and benefit of a
contract. For example, a homeowner enters into a contract with a general contractor for repairs. The
general contractor may hire subcontractors to do some work, but if the homeowner is unsatisfied with
the subcontractor’s work, he is generally unable to do so because he was only in privity of contract with
the general contractor, not the subcontractors.iii

B. Privity of Smart Contracts

Smart contracts require a more robust version of traditional privity of contract, including limiting
access to the terms of the contract from outside influence and restricting modification or infiltration of
the underlying code. Privity should be envisioned much like a gated fence, one wants to control parties
who have access inside the fence but still allow authorized parties inside. More precisely, privity relates
to the privacy and confidentiality that contracting parties expect from an exclusive contract.
Consequently, parties will not utilize smart contracts until the blockchain industry as a whole begins to
understand the need of contracting parties for privacy and ensure secure code that acts as indelibly as ink
and paper contracts.
II. Privacy versus Confidentiality
Why aren’t smart contracts used for more complex transactions? The most cited critique is the
lack of privacy and confidentiality because the entire code of a contract is publicly visible.iv Privacy and
confidentiality are not preserved under a blockchain framework, therefore making traditional privity of
contract nearly impossible. But why are privacy and confidentiality important for a contract and its
parties? And what is the difference between the two concepts?
A. Privacy
Privacy is the “right of an individual to keep [their] information from being disclosed.”v Each
party to a contract reasonably expects a certain level of privacy - they don’t expect to see their signature
and compensation amount splashed across a billboard on the highway - because they are signing a
contract just with another party. Comparatively, smart contracts are open to the entire network to inspect
(unless the parties disguise their identity to maintain privacy).
B. Confidentiality
Confidentiality is a bit more complicated; it encompasses the actual information shared between
the parties that they do not want unauthorized parties to have access to. Confidentiality is “about
controlling who has access to sensitive information,” by delegating authority to access or modify the
code the parties can secure the confidential information.vi In most smart contract codes, a set of
permissions is encoded to restrict the ability to enter the contract to a set list of authorized parties.vii
Simply put, standard smart contracts are not confidential. “Everyone can access and see all the
information that is sent to and stored in a smart contract,” including the parties involved and the amount
being transferred.viii Smart contracts can be coded to include authorization mechanisms to prevent third
parties from accessing the data within, but proper coding has been difficult thus far and has led to well-
known hacks.ix
III. Security of Smart Contracts
The 2016 “DAO Hack” as it became known, was a wake-up call for the blockchain community
and demonstrated one of the many dangers of smart contracts: human error. Despite the promise of
automatically executed contracts hosted on a secure decentralized network, someone found a single error
in the code, which had been written by another person, allowing them to steal millions in
cryptocurrency. For those not well-acquainted with the blockchain world, “DAO” refers to the
“decentralized autonomous organization,” a distributed smart contract which operated as a venture
capital fund.x
The primary goal of privity, in terms of smart contracts, is to secure the terms and information of
a smart contract from outside influence. At the moment, human error accounts for most security
breaches of smart contracts. To prevent human error from causing irreparable harm, “smart contracts

2
need to be constructed 100% right in one shot, able to withstand years of security attacks with code [one]
can’t really modify.”xi To account for privity, smart contracts must be built free of human error and with
the primary goal of excluding all non-authorized parties without fail.
IV. Maintaining Control
The second element of smart contract privity is maintaining control of the code. By restricting
unauthorized third parties from modifying the coding, a smart contract remains in privity only to the
authorized parties. Maintaining absolute control of the code can be a difficult task, though, when a code
is stored and verified on a public ledger. Furthermore, once a code is “live” on the blockchain, it is
irreversible, meaning there is no way to simply fix a mistake or update the code. In other words, the
smart contract has to be perfect in its first iteration.xii
Maintaining control of the smart contract is essential. In the DAO Hack, the only remedy to
correct for the mistake was creating a fork in the blockchain, effectively creating a “classic version” of
the blockchain with the old code and a new fork without the coding error. This solution was not simple
and likely cannot be replicated, meaning coders must initially ensure protections are in place to prevent
infiltration. In order to maintain control over the code, privity is required as a foundational element of
the coding and relationship between the parties to prevent access by third parties. Without privity
through tight control, smart contracts are vulnerable to malicious parties.
Potential Solutions
Privity remains an issue for smart contracts due to the public nature of blockchain
ledgers, continued attacks on the code underlying each smart contract, and the inability to
maintain control of the contract. However, while some commentators have deemed smart
contracts impossible to fully satisfy the need for privity, there are several proposed solutions that
aim to make smart contracts more secure, confidential and viable for discrete transactions.
A. On-Chain Encryption
Several on-chain solutions have been identified to allow for privity by including greater
privacy and confidentiality. Solutions such as cryptographic key definition functions (KDFs)
generate a new “key” for each transaction rather than using the same key that can be traced to the
holding party.xiii This allows for greater privacy, less transparency and more secure transactions.
Another on-chain solution is a confidential transaction (CT) protocol which encrypts the
actual transaction amount being exchanged between the parties in order to obfuscate the
transactions.xiv Without key portions of the transactions, it is difficult for a third party to
determine what is being exchanged between the parties and how to exploit that information.

B. “Layered” Smart Contracts

Other proposed solutions are designed to “layer” encryption or withhold information on
top of the base smart contract. These solutions utilize other layers of the contract either hosted
off or on the blockchain to conceal the identity of the parties involved, but not the information
needed for the nodes of the blockchain to execute the code. For instance, Hawk is a model of
cryptography that couples a private contract, which parties and terms remain secret, with a
public-version of the same contract that is then executed as usual.xv The private contract controls

3
the payout to the respective parties, while the public smart contract contracts the exchange of the
transaction and the recording of that transfer.xvi This allows the smart contract to operate
efficiently on a distributed blockchain network while also keeping the parties’ information
secure.

Conclusion
Security will always be a concern for parties utilizing smart contracts to automatically
execute certain transactions. While blockchain technology represents a leap forward in how
contracts can be handled between untrusting parties, smart contracts still have numerous issues to
resolve before wide spread adopting, including privity. Tune in next week for the fourth and
final article of this series, Part IV: Enforceability.

About the Author

Jared Arcari is a third year law student at Fordham University School of Law. Jared currently
serves as the president of two student organizations, the Fordham Business & Law Association
and the Entrepreneur Law Society. He is also a Notes & Articles Editor at the Fordham Journal
of Corporate and Financial Law. When he isn’t writing about blockchain-related legal issues,
Jared enjoys serving as a research assistant to prof. Bernice Grant researching entrepreneurial
topics including non-compete alternatives and improving access to capital. To contact the author,
please email him at jarcari@law.fordham.edu.
Disclaimer
Any information contained in this post is for informational purposes only. The information,
opinions and commentary contained herein does not constitute legal advice. It also does not
constitute tax advice. This post is not a complete overview or analysis of the topics presented and
may contain information that varies in different jurisdictions. The transmission of information to
the reader does not create a lawyer-client relationship. The reader should not rely upon this post
or treat it as a substitute for legal advice. The reader should consult a lawyer familiar with their
particular circumstances and licensed in the proper jurisdiction for legal advice.

i
Nick Szabo, Smart Contracts: Building Blocks for Digital
Markets (1996), http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTw
interschool2006/szabo.best.vwh.net/smart_contracts_2.html (last visited July 10, 2018).
ii
Paul Humbert, What You Need to Know about Privity of Contract, CONTRACTING EXCELLENT J. (Feb.
8, 2018), https://journal.iaccm.com/contracting-excellence-journal/-what-you-need-to-know-
about-privity-of-contract.
iii
See Logan-Baldwin vs. L.S.M. Gen. Contr., Inc., 942 N.Y.S. 2d 718 (N.Y. App. Div. 2012).
iv
See Ahmed Kosba, Ander Miller, Charalampos Papamanthou, Elaine Shi & Zikai Wen, Hawk:
The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts, INST. OF
ELECTRICAL & ELECTRONIC ENGINEERS 839, 839 (2016)
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7546538.
v
Seth Grimes, Privacy vs. Confidentiality vs. Anonymity: What you Need to Know (Apr. 14,
2017), https://breakthroughanalysis.com/2017/04/14/privacy-vs-confidentiality-vs-anonymity-
who-knows/.
vi
Michael Smolenski, Smart Contracts: Privacy vs. Confidentiality, HACKERNOON (Oct. 14, 2017),
https://hackernoon.com/smart-contracts-privacy-vs-confidentiality-645b6e9c6e5a.
vii
See id.
viii
Id.
ix
See id.
x
See Matthew Leising, The Ether Thief, BLOOMBERG LP (June 23, 2017),
https://www.bloomberg.com/features/2017-the-ether-thief/.
xi
A Short History of Smart Contract Hacks on Ethereum, New Alchemy (Feb. 7, 2018),
https://medium.com/new-alchemy/a-short-history-of-smart-contract-hacks-on-ethereum-
1a30020b5fd.
xii
See Alyssa Hertig, Trust No One: Ethereum Smart Contract Security is Advancing, COINDESK
(Nov. 3, 2017), https://www.coindesk.com/paranoia-rules-ethereum-smart-contract-security-
advancing/.
xiii
See Stuart Popejoy, Confidentiality in Private Blockchain 2 (Aug. 2016),
http://kadena.io/docs/Kadena-ConfidentialityWhitepaper-Aug2016.pdf.
xiv
See id.
xv
Kosba et. al., supra note iv, 2.
xvi
See id.