Free software and fiduciary duty
Wright is known for, among other things, claiming to be Satoshi Nakamoto, the author of the original paper describing Bitcoin, and for filing numerous lawsuits within the cryptocurrency community. In the case at hand, he (in the form of his company "Tulip Trading Limited") claims to own about $4 billion in Bitcoin sitting in the blockchain — a claim that, like his others, is not universally acknowledged — but to have lost the keys giving access to that Bitcoin after his home network was broken into. It is, Wright claims, incumbent upon the maintainers of the Bitcoin network software to develop and merge a patch allowing the claimed Bitcoin to be transferred to a key that he controls.
The various Bitcoin developers, it turns out, are unconvinced by Wright's claim to that Bitcoin and even less convinced that the Bitcoin miners would accept a software update that included such a patch. Wright, allegedly backed by some deep pockets with eyes on part of a $4 billion prize, has taken 15 of these developers (and one organization) to court. The case fared poorly in in its first round, but now an appeals court has issued a ruling allowing an appeal to proceed, saying that there are issues of interest to be litigated.
At a first look, this case appears to be a warranty issue, and many observers have seen it that way. Wright is asserting that a bug in the Bitcoin system is keeping him from getting his hands on his well-earned billions, and that the maintainers of that code owe him a fix. The code in question is covered by the MIT license, which explicitly disclaims the existence of any warranty; if the court were to find that a warranty obligation exists anyway, the resulting precedent could put free-software developers at risk worldwide. It is not surprising that people are concerned.
The appeals-court ruling, though, makes no mention of warranties. The question of whether Wright is entitled to a "fix" hinges on a different issue:
The essence of Tulip’s case is that the result of all this is that the developers, having undertaken to control the software of the relevant bitcoin network, thereby have and exercise control over the property held by others (i.e. bitcoin), and that this has the result in law that they owe fiduciary duties to the true owners of that property with the result that, on the facts of this case, they are obliged to introduce a software patch along the lines described above, and help Tulip recover its property.
In other words, it is not the software license that might possibly create an obligation here. It is the control over software that manages somebody else's assets that might. Note that this ruling does not reach any conclusions regarding whether Wright's claim to the Bitcoin is valid.
In your editor's opinion, though, the court misunderstands the nature of the control that the Bitcoin network developers have:
Without the relevant password (etc.) for the bitcoin software account in Github, no one else, such as a concerned bitcoin owner, could fix the bug. If a bitcoin owner identified a bug and wrote the code to fix it, that fix could still only be implemented if the developers agreed to do so in the exercise of their de facto power. In a very real sense the owners of bitcoin, because they cannot avoid doing so, have placed their property into the care of the developers. That is, in my judgment, arguably an "entrustment".
The crucial point that has been missed here, of course, is that nobody can prevent others from applying a fix to the code — that is part of the fundamental freedom that comes with free software. If the maintainers of a given repository refuse to apply needed fixes, the community can fork the project and route around those maintainers. Wright, as the alleged creator of Bitcoin, should certainly be capable of writing this patch and convincing the mining community — which is where the real power to decide which software is run lies — that it should be applied.
Similarly, and importantly, a code fork could also happen if those maintainers were to merge a hack that somehow forced a transaction into the blockchain despite the absence of the private key controlling the Bitcoin in question, handing control of a contested resource to an actor seen by many as, at best, a scammer. Such an act would be highly likely to cause those maintainers to lose control over the software entirely. Even if Wright were to somehow win a ruling compelling the developers to apply an unwanted patch to a specific repository, the chances of that change being deployed to the network of Bitcoin miners seem small.
The appeals court, seemingly, fails to understand that aspect of how free software works and attributes a power to the maintainers of a specific repository that they do not, in fact, have; therein lies the risk from this case. If, somehow, maintenance of a body of software that is used to maintain assets owned by others — whether those assets are cryptocurrency, social-media posts, cat videos, or indeed software repositories — can be seen to create some sort of fiduciary responsibility toward the users of that software, our community's maintainer shortage will get significantly worse. Maintainership can be a thankless job as it is; the prospect of being sued for failing to write or apply a given "fix" would certainly push many maintainers over the line and out the door.
This ruling is just a preliminary allowing the case to proceed; the real trial is yet to happen. Hopefully some sense will be applied there, preferably before the defendants are bankrupted by legal fees (the newly created Bitcoin Legal Defense Fund is now handling their defense). Yes, we place trust in our maintainers, but we do so in an environment that limits just how much trust is required and gives us recourse should a maintainer fail to live up to that trust. A ruling that maintainers owe us more than they already give will not do the community — or almost anybody else — any good.
[Thanks to Paul Wise for a heads-up on this topic.]