DOKK Library

Bone Crusher 2.0: The Fourth Annual Greg Lastowka Memorial Lecture

Authors James Grimmelmann

License CC-BY-4.0

Plaintext
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                     11/11/19 6:43 PM




                  BONE CRUSHER 2.0:
      THE FOURTH ANNUAL GREG LASTOWKA MEMORIAL
                      LECTURE

                              James Grimmelmann *

    Colleagues, family, and friends of Greg, thank you for braving the
weather. His memory means so much to all of us. I want to talk a bit
about some of the things that Greg might have said about the Internet
today, and to help keep alive the spirit of serious play that animated his
work.
    Greg’s most famous article is The Laws of the Virtual Worlds, which
he wrote with Dan Hunter in 2003.1 It has more than ten thousand
downloads from SSRN. That’s a stunning number. It is roughly the
350th most downloaded article of all time on the site. It has thirty-
seven citations just on SSRN,2 which is about the same the total
number of citations I have for all of my papers there. It is a tremendous
article: it saw the future.
    Greg and Dan wrote about multiplayer games, like Ultima Online
and Everquest, but with a very serious eye. They argued that these
aren’t just games: what happens in them matters to real people who
live in the real world. Already in 2003, people were going online to other
spaces; Greg and Dan saw that these other spaces were going to
generate disputes raising serious legal questions. People were going to
have free-speech arguments over what they would be allowed to say.
They were going to have property disputes over virtual items. They
would have all kinds of legal disputes. To quote from the article itself:
“When virtual-world lawsuits arise, as they inevitably will, it will not be
a sufficient answer to say, ‘It’s just a game.’ Nor can the wizards who
create and maintain the worlds simply assert that they can do as they


    * Professor of Law, Cornell Tech and Cornell Law School. My thanks to Aislinn
Black, Michael Carrier, Carol Lastowka, and Jan Ellen Lewis. This essay may be freely
reused under the terms of the Creative Commons Attribution 4.0 International license,
https://creativecommons.org/licenses/by/4.0.
   1. F. Gregory Lastowka & Dan Hunter, The Laws of the Virtual Worlds, 92 CALIF. L.
REV. 1 (2004) [hereinafter Laws of the Virtual Worlds], https://papers.ssrn.com/sol3/
papers.cfm?abstract_id=402860.
   2. Id.


                                        843
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                   11/11/19 6:43 PM




844             RUTGERS UNIVERSITY LAW REVIEW [Vol. 71:843


wish.”3 “Wizards” here is a metaphor for the people and companies who
run these virtual worlds. They’re responsible for the code; they decide
when to ban a user or close an account. Greg and Dan believed that
these aren’t just games, so that it shouldn’t just be that the person with
their finger on the power button gets to say what happens. Real people
have real interests in these spaces.
    Greg expanded on virtual worlds in his book, Virtual Justice.4 It
remains the definitive work on virtual world law. For people like me
who write in the field, Virtual Justice remains the summation of what
the issues were and what matters in legal thinking about them. It holds
up remarkably well, as I discovered when I had the pleasure of
rereading substantial chunks of it to prepare this lecture. It is still just
a wonderful book, delightfully clear on issues from copyright to hacking.
One passage I particularly like gives a perfect response to the, “oh, it’s
just a game; we shouldn’t care,” objection.

     Not everyone will want to own a virtual castle in the future, just
     as not everyone today wants to visit Disney World, attend a
     NASCAR race, collect baseball cards, ride horses, or purchase a
     luxury handbag. But even if we think that owners of horses and
     handbags are spending money on things we would not purchase,
     we do not think of them as people without legal rights. Is there
     any reason we should think differently about the rights of those
     who invest time, money, and creative energy in virtual worlds?5

Again, we see the same continuity between what people do in offline
spaces and what they do in online spaces. They are different in lots of
ways, but in the ways that really matter, they are very closely
connected.
    A third piece of Greg’s that I personally like is not the most famous
or well-known. It’s the piece that he and Dan wrote for the first State of
Play conference (at which Greg and Dan were quite rightly regarded
somewhere between royalty and rockstars), called Virtual Crimes.6
It is a beautifully succinct paper about what should be considered a
crime in a virtual space. Here the game metaphor is important. There
are in-game swords in worlds like Ultima Online. If our characters wind
up fighting each other, and I bop you over the head with a sword and

   3. Id. at 72.
   4. GREG LASTOWKA, VIRTUAL JUSTICE: THE NEW LAWS OF ONLINE WORLDS (2010)
[hereinafter VIRTUAL JUSTICE].
   5. Id. at 27.
   6. F. Gregory Lastowka & Dan Hunter, Virtual Crimes, 49 N.Y. L. SCH. L. REV. 293
(2004) [hereinafter Virtual Crimes].
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                      11/11/19 6:43 PM




2019]                          BONE CRUSHER 2.0                                    845


your character in the game falls over, should we regard it as real-life
murder and send you—not your character, but you, the real-life flesh-
and-blood person—to prison? Greg and Dan persuasively argued no,
because “the representations of villainy that occur in interactive games
are generally understood as speech and nothing more.”7
    In Virtual Crimes, Greg and Dan also posed a trickier problem
inspired by the journalist Julian Dibbell. He spent a year trying to
support himself playing Ultima Online. He played a character who tried
to accumulate virtual items, like axes and maces, which he would then
sell to other players for real money.8 Dan and Greg picked up on a
charming anecdote in Dibbell’s story, an incident in which another
character asked him if he wanted to buy a rare and extremely valuable
in-game weapon called a Bone Crusher mace.9 While checking the price,
Dibbell realized that the Bone Crusher was almost certainly stolen. The
seller had tricked another player who had one into unlocking his front
door, and had then taken the mace before the startled victim could
react.10
    Greg and Dan playfully asked whether this should be considered
receipt of stolen property—a real theft with real-world consequences.11
They drew a smart and surprising analogy to other kinds of virtual
property, such as domain names like UltimaOnline.com or Google.com,
which now are commonly recognized as property.12 They observed that
treating a domain name as:

     [A] property interest may seem like a social fiction. But, if a
     domain name can . . . be “stolen,” . . . it follows logically that a
     Bone Crusher . . . —a similar artifact at the intersection of
     software, databases, and networks—should be equally capable
     of being “stolen.”13

The Bone Crusher is just as real as a domain name is. It may even be
more real because you can actually see what a Bone Crusher looks like.



   7. Id. at 297.
   8. Id. at 299–300.
   9. Id. at 301–02. For the short version of the story, see Julian Dibbell, Den of
Thieves!, PLAY MONEY (Aug. 6, 2003, 12:56 PM), http://www.juliandibbell.com/playmoney/
2003_08_01_playmoney_archive.html#106019981622479993, and for the long version, see
JULIAN DIBBELL, PLAY MONEY: OR, HOW I QUIT MY DAY JOB AND MADE MILLIONS
TRADING VIRTUAL LOOT 167–70 (2006).
  10. DIBBELL, supra note 9, at 168–69.
  11. Virtual Crimes, supra note 6, at 301.
  12. See Kremen v. Cohen, 337 F.3d 1024, 1030 (9th Cir. 2003).
  13. Virtual Crimes, supra note 6, at 304.
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                       11/11/19 6:43 PM




846             RUTGERS UNIVERSITY LAW REVIEW [Vol. 71:843


    Then, in a wonderful twist, Greg and Dan turned around and
wrote: “But we are skeptical that Julian Dibbell could be prosecuted for
fencing stolen property. . . . Ultima Online is styled as a game where
Bone Crusher maces are designed to be stolen.”14 The rules of Ultima
Online allow you to take other characters’ virtual items in certain
circumstances.15 If you’re playing football and you pick up the ball on a
fumble, you don’t have a legal obligation to return it to the other team.
That’s not how the game works. Theft laws don’t apply in the same way
on the football field, just like they don’t apply in Ultima Online the
same way they apply here.16
    I want to pause here to pull out three big ideas from Greg’s
virtual-world work. (And that’s just a small part of what he worked on.
Greg also wrote wonderful pieces on attribution and on search.)17 First,
virtual worlds are real places. They may not exist in our physical world,
but they are real communities. Real people spend real time together in
them. That is the lesson from The Laws of the Virtual Worlds.18
Second, as Greg observed in Virtual Justice, communities need laws.
These spaces aren’t entirely hands-off free-for-alls. There are rules.
People can do harmful things to each other, and we need some rules of
conduct to guide them.19 Third, as Greg and Dan pointed out in Virtual
Crimes, those laws cannot be the same as the ones we use for offline
conduct. Laws must reflect reality, which in this case means virtual
reality.20
    Now jump ahead fifteen years to some of today’s strangest and
weirdest forms of online property. I would like to ask what Greg might
say about these updated Bone Crushers. I will start with a story about
something called “The DAO,” which is short for “decentralized
autonomous organization”: a network of people who pool some resources
for a common purpose and then act together, a bit like a corporation
or another association.21 The difference is that a DAO is not a legal


  14. Id.
  15. Laws of the Virtual Words, supra note 1, at 32–33.
  16. See Virtual Crimes, supra note 6, at 305.
  17. See, e.g., Greg Lastowka, Digital Attribution: Copyright and the Right to Credit,
87 B.U. L. REV. 41, 44 (2007); Greg Lastowka, Google’s Law, 73 BROOK. L. REV. 1327,
1327–29 (2008); Greg Lastowka, The Trademark Function of Authorship, 85 B.U. L. REV.
1171, 1175 (2005).
  18. Laws of the Virtual Worlds, supra note 1, at 7.
  19. VIRTUAL JUSTICE, supra note 4, at 84, 90, 96–97.
  20. Virtual Crimes, supra note 6, at 297, 309
  21. See Matthew Leising, The Ether Thief, BLOOMBERG (June 13, 2017), https://
www.bloomberg.com/features/2017-the-ether-thief/; Dino Mark et al., A Call for a
Temporary Moratorium on the DAO, HACKING, DISTRIBUTED (May 27, 2016, 1:35 PM),
http://hackingdistributed.com/2016/05/27/dao-call-for-moratorium/.
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                       11/11/19 6:43 PM




2019]                          BONE CRUSHER 2.0                                     847


entity—it doesn’t have a board that meets in person to make important
decisions and is held accountable by corporate law. Instead, the
collective commitments of a DAO’s members are enforced automatically
by software running on computers (more on how this works in a
moment).22
     That’s what a DAO is. The DAO is a specific example of one: indeed,
it was the first and most famous, and perhaps the only true example of
a DAO so far.23 With the confidence of true pioneers, its creators
decided to take the name for themselves. In April 2016, they announced
that were going to implement it on the Ethereum blockchain (again,
more on what this is in a moment).24 It was a kind of online venture
capital fund. Everyone who put in money would have the right to vote
on what projects it would fund, to withdraw their money if they didn’t
agree with the funding decisions, and to share in the profits if those
investments returned money.25
     The pitch worked. Over eleven thousand people invested virtual
property into The DAO, and if you take the valuation at face value, it
added up to $150 million.26 That’s a huge investment. Most startup
founders’ jaws would have dropped if you told them they could get that
kind of money. But then in June 2016, before The DAO had funded a
single project, an anonymous trickster found a bug in the software they
were using and drained over $50 million worth of the assets.27
     If this were a company’s bank account and someone took $50
million from it, that would be an open-and-shut violation of the
Computer Fraud and Abuse Act, to say nothing of theft under state law.
But there is also an argument that these assets were “designed to be
stolen” in the same way that the Bone Crusher was. It sounds silly at
first because the Bone Crusher was in a “game,” whereas The DAO was
presented as a serious investment proposal. However, if you look at the
legal terms that The DAO’s creators said governed it, it seems like they
take exactly this position:

  22. See generally U.S. SEC. & EXCH. COMM’N, RELEASE NO. 81207, REPORT
OF INVESTIGATION PURSUANT TO SECTION 21(A) OF THE SECURITIES EXCHANGE ACT OF
1934: THE DAO 3 (2017).
  23. See id. at 4 (describing The DAO).
  24. Id.
  25. See Mark et al., supra note 21.
  26. Joon Ian Wong & Ian Kar, Everything You Need to Know About the Ethereum
“Hard Fork,” Quartz (July 18, 2016), https://qz.com/730004/everything-you-need-to-know-
about-the-ethereum-hard-fork/.
  27. See Leising, supra note 21; see also Matt Levine, Blockchain Company’s Smart
Contracts Were Dumb, BLOOMBERG OPINION (June 17, 2016, 5:46 PM), https://
www.bloomberg.com/opinion/articles/2016-06-17/blockchain-company-s-smart-contracts-
were-dumb.
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                         11/11/19 6:43 PM




848             RUTGERS UNIVERSITY LAW REVIEW [Vol. 71:843


     The terms of The DAO Creation are set forth in the smart
     contract code existing on the Ethereum blockchain at
     0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in
     this explanation of terms or in any other document or
     communication may modify or add any additional obligations or
     guarantees beyond those set forth in The DAO’s code.28

In other words, whatever The DAO’s code says you can do, you can do.
The terms make zero promises otherwise. The software is online and
open source: anyone can read it. If you put your money in, it will be
governed by whatever the software does. If the software has a feature
that lets someone drain off all the assets, so be it—if that’s not what you
wanted or expected, you should have read the code more carefully. You
put yourself at risk when you signed up to use buggy code.29
    I should at this point explain a bit more about how this
smart-contract code actually governed people’s rights and
responsibilities. The usual metaphor is a vending machine with some
software inside it.30 When you put in some coins, it will say, “Make
selection.” Then, when you punch some numbers on the keypad, it will
either say, “Insufficient credit,” or dispense you a bag of Doritos.
    The vending machine and its software are carrying a contract for
the sale of goods. Think of a store with a clerk behind the counter. If
you give him $1.50, he gives you your chips. That is also a sales
contract: you are the buyer of a bag of Doritos. The vending machine
automates that contract: there is no other person involved. It just uses
software which responds to events. If six quarters have been inserted
and the user has punched in C8, it will dispense one bag of Doritos from
C8. You don’t need lawyers or judges. The vending machine takes a
legal exchange and automates it.
    The DAO’s smart contract is just a much more complicated version
of the vending machine. It’s a piece of software that is capable of
receiving input and acting accordingly. An input might say, in effect, “I
am a participant, here is my proof of the shares I hold, and I want to

   28. The original is no longer online, but it is archived by the Wayback Machine.
Terms, Explanation of Terms and Disclaimer, WAYBACK MACHINE (May 1, 2016), https://
web.archive.org/web/20160501124801/https://daohub.org/explainer.html.
   29. In fact, some people in addition to the hacker did read the code closely. Computer
scientists started sounding the alarm as the investments took off; their warnings were a
mixture of unheeded and too late. See, e.g., Mark et al., supra note 21.
   30. See Nick Szabo, Smart Contracts: Building Blocks for Digital Markets (1996),
http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/
LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html. See generally Kevin
Werbach & Nicolas Cornell, Contracts Ex Machina, 67 DUKE L.J. 313, 323–24, 348–49,
362–64 (2017).
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                    11/11/19 6:43 PM




2019]                          BONE CRUSHER 2.0                                  849


vote yes on this proposal.” If enough participants holding enough shares
vote yes, The DAO contract automatically provides funding to the
person whose proposal was being voted on. The DAO was basically an
attempt to code up all of the voting rules and payout rules for a venture
capital fund. It’s complicated, but not too complicated: it’s a vending
machine that dispenses investments in projects instead of Doritos.
    You might reasonably ask, “Whose computer is this running on?”
This was a regular concern of Greg’s. The wizards in virtual worlds
have their power because they ultimately control the servers on which
the world runs.31 That person could just change the code or take the
computer away and then the whole thing goes down. No one person
controlled The DAO’s computer in that way because The DAO’s smart
contract ran on a blockchain—in fact, on a particular blockchain called
the Ethereum blockchain. These aren’t physical wooden blocks and
metal chains. Instead, they’re systems for coordinating thousands of
computers around the world.32 Everyone who takes part in the
blockchain has their own copy, and they are collectively responsible for
the smart contracts (like The DAO) that run on it. They each keep track
of what the contact is doing. Every time someone invests or exercises a
vote, that’s the equivalent of putting money into the vending machine
or pushing a button. Everyone who is running the blockchain sees that
update: for example, an announcement that this amount has been
deposited. And they all agree that, under the contract’s code, if X event
happens, it will dispense Y funds. It’s all based on consensus, and there
are complicated rules (not worth getting into here) to ensure that every
participant in the blockchain agrees on the contract’s output. A
blockchain is a collectively agreed-upon record of transaction. In the
case of a smart contract, those transactions correspond to executing
parts of a program’s code; in the case of The DAO, that program takes
investments, records votes, and dispenses funds.33
    When I say that a trickster found a way to drain The DAO, what I
mean is that they found a way to send a message to The DAO’s contract
which resulted in funds going not to an actual investment proposal but



  31. See generally James Grimmelmann, Anarchy, Status Updates, and Utopia, 35
PACE L. REV. 135, 138 (2014).
  32. For a lucid explanation of blockchains, see generally ARVIND NARAYANAN ET AL.,
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES 11–12 (2016). For a detailed description of
Ethereum, see ANDREAS M. ANTONOPOULOS & GAVIN WOOD, MASTERING ETHEREUM
(2018).
  33. U.S. SEC. & EXCH. COMM’N, RELEASE NO. 81207, REPORT OF INVESTIGATION
PURSUANT TO SECTION 21(A) OF THE SECURITIES EXCHANGE ACT OF 1934: THE DAO 4–10
(2017), https://www.sec.gov/litigation/investreport/34-81207.pdf.
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                      11/11/19 6:43 PM




850             RUTGERS UNIVERSITY LAW REVIEW [Vol. 71:843


instead to a private account controlled by the anonymous trickster.34
Because everyone who is running the Ethereum blockchain agrees on
what happens when this program gets this message, everyone agreed
that, oh yes, according to this line of code here, when this happens,
these funds go to that account and they can do whatever they want with
it. Indeed, The DAO was backed up by a real-world legal contract that
purported to say, “this is fine.”
     It is time to ask some questions about The DAO hack and to
consider how Greg might have answered them. The most obvious
question is whether what the trickster did really was allowed. But as
soon as you start to ask that question, it becomes clear that there are
two different ways to put it. You can ask whether the trickster violated
the rules of Ethereum: did they do something that the code actually
allowed, or did they in some sense hack the system? Or you can ask
whether they violated the law: did they do something against securities
law, or theft law, etc.? One of the things I take from Greg’s work is that
these are not the same question. The rules of a virtual world might not
be the same as the legal rules of the offline world. In fact, they’re
usually not.
     There is one more twist to the story. The Ethereum community of
people who ran the blockchain on which The DAO contract was run
collectively decided that they were going to cancel The DAO and call the
whole thing off.35 They all modified their Ethereum software so that it
was as though The DAO contract and The DAO hack never happened.
They agreed to recognize as valid any transaction by which anyone who
had ever put funds into The DAO could get a full refund and get back
the funds they invested. They were just going to ignore what The DAO
smart contract said and let the investors get refunds.36 They collectively
changed their blockchain to say, in effect, “Nobody invested; no money
was stolen.” We could call this justice: giving defrauded investors back
what they invested. Or we could call this theft: someone who followed
the rules and used the software as it was written had $50 million worth
of assets taken away in an instant. So which is it?
     Let’s go back to Greg’s three big points and try to predict what he
might have said about The DAO hack and the community’s response.


  34. See Phil Daian, Analysis of the DAO Exploit, HACKING, DISTRIBUTED (June 18,
2016, 1:11 AM), http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/.
  35. I.e., not just the investors in The DAO and the trickster, but everybody who was
using the Ethereum system for smart contracts of all kinds.
  36. See Wong & Kar, supra note 26; Michael del Castillo, Ethereum Executes
Blockchain Hard Fork to Return DAO Funds, COINDESK (July 20, 2016, 3:25 PM), https://
www.coindesk.com/ethereum-executes-blockchain-hard-fork-return-dao-investor-funds.
02_GRIMMELMANN.DOCX (DO NOT DELETE)                            11/11/19 6:43 PM




2019]                          BONE CRUSHER 2.0                          851


Bone Crusher 2.0 has higher stakes than Bone Crusher 1.0 did, but the
issues are very much the same.
    First, Greg argued that virtual worlds are real places, filled with
real people doing real things that matter. He was right, and this is
exactly the case with The DAO. However you resolve it, something like
The DAO is going to affect thousands of people and tens of millions of
dollars. You can’t just wave your hand and say, “It doesn’t matter, it’s
just a game.” People take it seriously. The legal system has to as well.
    Second, Greg said that these spaces need laws. Wherever human
endeavors take us, law comes along for the ride. People need rules to
tell them what is permissible. This isn’t a dispute over whether
Ethereum is a wholly lawless space; it’s not and never has been.
Instead, it’s about which rules apply. One side might say that The DAO
disputes should be governed by United States law. The DAO was an
unregistered securities offering: it was presented to investors with the
promise of profit based on others’ effort. We have investor protections:
people can get their money back if they were defrauded. Or, The DAO
hack was a violation of the Computer Fraud and Abuse Act.37 If we can
find the perpetrator, that person ought to be prosecuted and jailed.
    The alternative point of view is that the only rules that matter to
The DAO are the ones embodied in its smart contract. Whatever the
smart-contract code does, those are the rules. People knew exactly what
they were getting into. When they transferred their assets to a contract
controlled by The DAO’s code, they deliberately assumed the risk that
there was a bug in that code. Perhaps that was a bad decision in
hindsight, but if you are trying to create a world that has the clarity
and predictability of computer code, people need to live with the
consequences of such decisions. That world is one in which you can say,
“There is no uncertainty about this contract: I know exactly what it will
do.” Next time, investors will be more careful: they’ll read the code with
a sharper eye. This is not a defense of the complete vision of a smart-
contract future. It may or may not be right. I just want to say that it is
a genuine alternative vision of what kinds of rules should apply to The
DAO. Both of these are plausible views about what rules are
appropriate for virtual communities.
    As for Greg’s third point—that laws for virtual communities must
reflect their virtual realities—let’s go back to the Bone Crusher. That
mace really is property, but maybe what counts as “stealing” it isn’t the
same as what counts as stealing offline. Similarly, The DAO tokens—
the shares you receive for your investment—are property. They are the


  37.   18 U.S.C. § 1030 (2012).
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                   11/11/19 6:43 PM




852             RUTGERS UNIVERSITY LAW REVIEW [Vol. 71:843


kinds of things that could be stolen. If somebody broke into my
computer and used my private key to transfer away my assets by
pretending to be me, that would be computer misuse and they should be
prosecuted for theft.
    But maybe that’s not the same kind of case as when somebody plays
by the rules of Ethereum and sends messages allowed by the system in
a way that makes a smart contract do the thing it was programmed to
do. Just as Ultima Online draws a line between “playing” and
“cheating” around the Bone Crusher, maybe Ethereum has some
similar line between “contracting” and “cheating” around The DAO.
    Virtual Justice opens with a wonderful metaphor about castles.
Greg contrasts actual historical castles with virtual castles to make the
point that this is not just a conversation about what is real, but also
about who holds the power.38 This is in fact one of the biggest running
themes in virtual-worlds scholarship: who is in charge?39
    Can the person who runs the game or virtual world just make
whatever rules they want? The DAO’s legal contract gives one answer:
it says your rights are defined by the code. You have no other rights
beyond that. You cannot sue offline for what happens in the blockchain
space. That sounds an awful lot like the terms of service that companies
have for their online spaces, like the terms of service you have to
“agree” to when you sign up for a Facebook account or a World of
Warcraft account.
    So let us go back to Greg’s writings again. Here is another pair of
quotes from Virtual Justice:

        In essence, the contractual rules of the average virtual world
     are not designed as mechanisms of governance but as defensive
     measures to protect virtual world owners.

     ....

      . . . [I]t seems desirable to place limits on the contract’s ability
     to set governance rules, at least given the current shape of these
     agreements.40

The terms of service aren’t like a constitution that says, “You can do
this, you can’t do that, and here’s the assembly where all the users get
to decide what the laws will be.” Instead, they say, “You cannot sue us

  38. VIRTUAL JUSTICE, supra note 4, at 1–8.
  39. See, e.g., Joshua A.T. Fairfield, The God Paradox, 89 B.U. L. REV. 1017, 1019
(2009).
  40. VIRTUAL JUSTICE, supra note 4, at 94, 96.
02_GRIMMELMANN.DOCX (DO NOT DELETE)                                          11/11/19 6:43 PM




2019]                          BONE CRUSHER 2.0                                        853


for anything ever under any circumstances no matter what. You can
never claim damages no matter what we do to you. We can cancel your
account at any time we want or take away all your assets for any reason
or no reason. Do not bother us in court. Also, if you sue us, we’ll
arbitrate.”41 Greg’s response is that exculpating the company from all
responsibilities is not actually a healthy way to figure out what the
rules are in a virtual space or to create a functioning governance
system.42
    So think again about the “fork” by which the Ethereum community
decided it was going to take back The DAO funds from the trickster and
give them back to investors. Not everyone agreed. About 90% of the
Ethereum voting population decided to undo The DAO, but the other
10% said, in effect, “Rules are rules, and it’s unfair to change them now.
We need to have stability and clarity so everybody knows what the
rules are and can rely on them.” This split is why it is called a fork.
There are now two Ethereum blockchains. One of them, which goes by
the name Ethereum, is the regular Ethereum 90% of users agree with,
in which the The DAO never happened. The other version, called
Ethereum Classic, is a version in which The DAO did happen and the
trickster kept the funds.43
    You can pick which community you want to participate in. If “rules
are rules” is important to you, you can go with Ethereum Classic. This
is not a complete answer to your concerns because Ethereum is worth a
lot more than Ethereum Classic.44 More people are using the Ethereum
blockchain than the Ethereum Classic blockchain, which makes assets
in Ethereum worth more. So if you want to use the Ethereum Classic
rules and let the trickster keep the funds, you are stuck with the
blockchain that is just you and a few others. It is like you are still living
in Ultima Online when one hundred times as many people have gone to
World of Warcraft. But you are still taking part in a virtual world with
the same rules you signed up for.
    This gives a new perspective on whether it was fair for Ethereum to
undo The DAO. If you think that the rules of The DAO were whatever


   41. See Terms, supra note 28.
   42. VIRTUAL JUSTICE, supra note 4, at 96. For more, see Nicolas Suzor, The Role of the
Rule of Law in Virtual Communities, 25 BERKELEY TECH. L.J. 1818, 1863–65 (2010).
   43. See Wong & Kar, supra note 26; Aaron van Wirdum, Rejecting Today’s Hard Fork,
the Ethereum Classic Project Continues on the Original Chain: Here’s Why, BITCOIN MAG.
(July 20, 2016, 2:20 PM), https://bitcoinmagazine.com/articles/rejecting-today-s-hard-fork-
the-ethereum-classic-project-continues-on-the-original-chain-here-s-why-1469038808/.
   44. Ethereum (ETH), COINGECKO, https://www.coingecko.com/en/coins/ethereum/
(last visited Apr. 12, 2019); Ethereum Classic (ETC), COINGECKO, https://www.coin
gecko.com/en/coins/ethereum-classic (last visited Apr. 12, 2019).
02_GRIMMELMANN.DOCX (DO NOT DELETE)                         11/11/19 6:43 PM




854             RUTGERS UNIVERSITY LAW REVIEW [Vol. 71:843


its contract allowed, then yes, it was unfair for Ethereum to change
those rules and confiscate the funds the trickster drained. But if you
have to ask me whether it is better for 90% of the Ethereum community
to make this decision or for one virtual-world wizard to make this
decision unilaterally, then I have to go with the Ethereum community.
The confiscation seems more legitimate in a world where so much of the
community united behind the decision. I don’t know if that definitely
makes it the right answer, but I should hope that makes it more
palatable to the disappointed minority who disagree.
    Also, if the Ethereum community itself is capable of doing this, it
takes some of the pressure off the Securities and Exchange Commission
and other real-world enforcers. The community can sort some things out
internally and keep well-meaning participants from being too badly
burned. If you look at The DAO hack from this perspective, it might
even seem like a step forward in governance for virtual spaces—a real
step towards a community of users making rules for itself. That could
be an improvement over one game-development company, or one social
network, unilaterally setting rules for everyone.
    We are finding ways of building new and interesting participatory
communities in online spaces—even if they have come in some
surprising forms. I think that is something Greg would have been
excited about.
02_GRIMMELMANN.DOCX (DO NOT DELETE)               11/11/19 6:43 PM




2019]                          BONE CRUSHER 2.0             855