Editor’s Note: This article is part of a four-piece symposium that examines Kishanthi Parella’s work, “Enforcing International Law Against Corporations: A Stakeholder Management Approach,” featured in Volume 65(2) of the HILJ Print Journal.
*Carla L. Reyes
Introduction
Recent attempts to enforce law in an era of decentralized digital activity have supplied some surprising results. For example, a regulator places open-source software on the list of sanctioned nationals. A settlement agreement requires the “destruction” of immutable digital assets. Digital art is targeted as unlawful offerings of investment contracts. Centralized entities that create front-end websites for decentralized exchange technology become targets of enforcement for activity they did not actually undertake. These represent just some of the many announcements of regulatory activity that permeate the news cycle, documenting attempts by governments around the world to enforce domestic and international law against actors operating through decentralized technology. Meanwhile, developers and other actors in the decentralized software community file lawsuits claiming government overreach and challenging the applicability of traditional enforcement mechanisms.
In particular, an ongoing debate exists as to the extent to which certain software constitutes an entity, and whether and to what extent existing law binds such entities. This debate offers a fertile arena in which to consider the applicability of Professor Kish Parella’s stakeholder management approach to enforcing international law against corporations in the context of alternative business governance models—namely, governance models adopted by decentralized business entities. Governments have entered an era in which many voice concerns about how to detect, prevent, and punish legal violations committed by entities operating entirely through decentralized computer code. Further, governments find themselves lacking credible tools—both in terms of the law and in terms of enforcement—to address these rising concerns systematically. If Professor Parella’s framework can be adapted to the era of decentralized entities, it might offer public law—both domestic and international—a clearer path toward legal and enforcement clarity. This short Essay considers this possibility in the context of decentralized business entities. In doing so, the Essay uncovers a surprising opportunity: stakeholder enforcement of international law in the decentralized era is more about questioning whether state legal enforcement itself upholds international law—seeking to claw back fundamental rights quietly lost to digital architecture as it developed over the last half-century.
I. Decentralized Business Entities: Disrupting Your Average Corporation
Decentralized entities operate through decentralized computer code, commonly implemented via a blockchain protocol. Many people refer to such entities as “decentralized autonomous organizations” or “DAOs.” However, not all DAOs are entities, and even when they are, only some are decentralized business entities. A full review of the varied and extensive landscape of decentralized, blockchain-based entities is beyond the scope of this short Essay. Instead, this Section discusses the subset of DAOs that best fit the object of Professor Parella’s international law enforcement framework—namely, decentralized business entities (“DBEs”). This Section first summarizes the technical aspects of DBEs and then examines their social context.
What make a business a DBE? Answering that question first requires (an extremely) brief discussion of the technology that powers DBEs—blockchain protocols and smart contracts. Initially, blockchain protocols were designed to track transactions in specific units of digital value without relying upon a single third-party intermediary to maintain account balances. Later, other blockchain protocols enabled additional software to operate in a layered technology stack. One type of software frequently layered on top of blockchain protocols are smart contracts—computer code that says “if data is received that X has occurred, execute Y.” Smart contracts, or a group of smart contracts, can be designed to functionally approximate the operations of an entity by allowing widely disperse, highly fluid, and pseudonymous individuals to coordinate productive activity. When such widely disperse, highly fluid, and pseudonymous individuals use interlocking smart contracts to coordinate a profit-seeking business, they operate a DBE—the subject of this Essay.
When do businesses choose to become DBEs? Businesses may opt to become a DBE for any number of reasons, sometimes business-related and sometimes value-related. For example, some entrepreneurs seek the benefits of extremely disperse ownership made possible by a corporation, without sacrificing the flatter governance structure of a partnership or member-managed LLC. Others want to experiment with new ways to economically incentivize production. Still others hope to democratize access to participation in major capital investments, or to democratize industries with traditionally high barriers to entry. Whatever the goal, businesses choose to become DBEs over traditional entity forms when they hope to eliminate one or more layers of management and engage in productive activity that can be highly automated. In light of the choice DBEs make to operate differently—through decentralized technology—in contrast to using more centralized and hierarchical operating mechanisms, exploring the impact of Professor Parella’s stakeholder management approach to international law enforcement in the DBE context requires considering the stakeholders that impact DBEs and how they functionally compare to corporate stakeholders.
II. Stakeholders Look Different in an Era of Decentralized Business Entities
Many DBEs functionally approximate—or, better stated, attempt to functionally improve upon—traditional corporate governance mechanisms. That said, many corporate governance functions are performed by different stakeholders than those found in traditional corporations. Professor Parella’s typology of non-state stakeholders with the power to enforce international law against corporations includes: states, consumers, employees, shareholders, insurers, financial institutions, benchmarking organizations, industry organizations, and multi-stakeholder institutions (Parella, pp. 289). In DBEs, the users represent the functional equivalent of consumers. In particular, users have the power to influence DBE approaches to social issues important to DBE communities by migrating from the services of one DBE to another, calling for what amounts to a blacklist of certain DBEs and their code, or initiating lawsuits. Smart contract developers may approximate the function of founders or employees depending upon the structure of the DBE, while protocol developers often functionally approximate employees by implementing policy choices made by the consensus of the broader stakeholder community.[1] Layer 1 consensus contributors (often referred to as nodes or miners, depending upon the blockchain protocol in question) may also fill the role of employees for DBEs operating at Layer 2 of the blockchain technology stack by simply providing core data processing services for the venture.[2]
Other corporate stakeholders have functional equivalents in certain DBEs as well. For example, some DBEs are managed through a community of individuals who hold “governance tokens.” When such governance token holders receive remuneration in proportion to their governance tokens holdings—and, importantly, not all governance tokens entitle their holders to a stream of profits—they may functionally approximate investors. Furthermore, many Layer 1 open-source protocols are related, even if only indirectly, to a foundation that funds community research and development. Such foundations loosely approximate the work that Professor Parella describes as the role of industry organizations in the realm of traditional corporations (Parella, pp. 315-17). Finally, standards organizations such as IEEE and W3C provide the same opportunities for monitoring and reputational benefits and sanctions that benchmarking organizations provide for traditional corporations (Parella, pp. 313-15).
Lastly, without needing to find a functional equivalent, three corporate stakeholders in Professor Parella’s typology directly play important stakeholder roles in the DBE context: financial institutions, multi-stakeholder initiatives, and NGOs. In addition to naming the conditions of obtaining financing more broadly, in the DBE context, financial institutions play a more basic and perhaps more significant role of gatekeeping the bridge between decentralized finance readily available to DBEs and traditional finance. It can be difficult to operate a business at scale without access to a traditional bank account, no matter how fancy the smart contracts powering the decentralized business are. In the DBE context, NGOs serve an education and advocacy role both similar and dissimilar to the corporate context. Blockchain-related NGOs, such as Coin Center, the DeFi Education Fund, and the Satoshi Action Fund, seek to educate the public about the technical mechanics of and important rights-preserving features embedded in blockchain protocols and the decentralized entities, including DBEs, operating via blockchain protocols. This represents somewhat of a departure from the role of NGOs that act largely as a mechanism of legal sanctions through litigation against corporations as discussed in Professor Parella’s framework for traditional corporations (Parella, pp. 319-21). Although blockchain-related NGOs do participate in litigation, they usually do so in defense of fundamental rights belonging to other stakeholders in the DBE context, as a mechanism for standing against government overreach that violates domestic and international legal norms. Finally, multi-stakeholder initiatives exist in the DBE context, but can be fraught with complexity and competing interests because they frequently attempt to unite an often unwieldy number and variety of stakeholders (Parella, pp. 317-19).
Table 1: Decentralized Stakeholder Enforcement Strategies [3]
| Actor | Mechanism | Incentive | Examples |
| Users | Blacklists
Migration/Exit Litigation |
Market pressure
Legal sanction |
Blacklist: LCX Hacker Migration: Hardforks Litigation: TerraForm; Sarcussi |
| Developers | Improvement Proposals
Leave project Start new, competing project Social media activism |
Reputational sanction
Community pressure Community consensus |
Core Developer Protest Exit Hardforks such as Litecoin Explain proposals via X, Reddit, Discord, Medium |
| Nodes | Voting
Social media activism |
Technical implementation Reputational Sanction |
Softfork Implementation Hardfork Implementation |
| Governance Token Holders | Voting
Social media activism Market exit |
Market pressure
Reputational sanction Financial incentive |
DASH Conversion to Business Trust Cardano Constitution Process |
| Financial Institutions | Access to TradFi
Conditions of Financing |
Financial incentive | Operation Chokepoint Operation Chokepoint 2.0 |
| Standards Organizations | Develop and standardize technical norms | Reputational benefit/sanction | IEE W3C |
| Foundations | Monitoring Protocol Development Standard Setting |
Recruitment Costs Retention Costs Reputational Benefit/Sanction |
Ethereum Foundation Cardano Foundation Solana Foundation |
| Multi-stakeholder Initiatives | Monitoring Censorship |
Reputational Benefit | Digital Chamber of Commerce |
| NGOs | Activism
Litigation Education |
Reputational Benefit Legal Enforcement |
Congressional Testimony Amicus Brief Public-Private Partnerships: Lionsgate Network |
Ultimately, then, Professor Parella’s typology of non-state stakeholders that may impact a corporation’s compliance with international law is helpful for identifying similar stakeholders in the DBE context. Importantly, the function performed by each stakeholder in the typology is more important in the DBE context than the label of the stakeholder. Indeed, further consideration of the basic challenges of enforcing international law against DBEs and the tools available to DBE stakeholders reveals that while functionally equivalent to corporate stakeholders and applying functionally similar incentive mechanisms as those used by corporate stakeholders, stakeholders of decentralized entities pursue different reputational, strategic, and organizational goals than their traditional corporate counterparts.
Notably, the obvious missing stakeholder in the decentralized entity context is the one that Professor Parella contends could be the most effective if it only chooses to act: the state (Parella, pp. 302-04). The state does not feature prominently in the decentralized entity context as a stakeholder with enforcement power. Instead, it serves as an object of enforcement focus for the stakeholders in DBEs. Although stakeholders have enforced sanctions against bad actors in the decentralized entity context, the same stakeholders just as frequently seek to protect DBE stakeholders from the loss of fundamental rights like privacy and free speech at the hands of state actors.
III. Decentralized Business Entity Stakeholders Engage in Similar Enforcement Activity for Different Ends
Traditional critiques regarding the effectiveness of international law focus on the enforcement challenge (Parella, pp. 283). As Professor Parella puts it, “how do we convince corporate leaders to comply with international law when they may not be bound to do so?” (Parella, pp. 287) Decentralized entities compound these traditional problems by further insulating the object of regulation from the reach of the state. Indeed, both states and decentralized entities are actively engaged, in the first instance, in simply determining the appropriate relationship between domestic law and computer code. Resolving those basic issues seems like a pre-requisite to determining how to apply and enforce international legal norms in a fully decentralized context. Law, policy, and DBE stakeholders simply are not yet concerned with questions of enforcing international legal norms in the decentralized era. Instead, for the moment at least, the era of decentralized entities more regularly creates space to question whether commonly accepted state action complies with core fundamental rights guaranteed by international law.
Ultimately, even though the specific actors and the mechanisms of action at their disposal differ significantly from those of traditional corporate stakeholders, they exert pressure through functionally equivalent enforcement activity. Professor Parella explains that corporate stakeholders undertake four forms of enforcement activity: direct, predicative, facilitative, and amplification (Parella, pp. 323-32), and that they do so in order “to change the: (i) preference of corporate actors to comply with international law, (ii) preferences of other corporate stakeholders to enforce international law, or both.” (Parella, pp. 323) Decentralized entity stakeholders also engage in these four forms of enforcement activity, but they do so to effect entirely different reputational, strategic and operational goals. Two very different examples of how this plays out in the era of decentralized entities can be found in DBE stakeholders’ private enforcement against the LCX exchange hacker and DBE stakeholders’ efforts to call the U.S. government to account for violation of privacy and free speech rights in the context of the Tornado Cash software.
In January 2022, the cryptocurrency exchange LCX suffered a loss of around $8 million from what is commonly referred to as a “hot” wallet. The term “wallet” refers to software that holds private keys that allow a user to transact in cryptocurrency, and a “hot wallet” refers to an Internet-connected wallet in which keys are readily accessible. Using algorithmic forensic analysis, LCX traced the stollen funds to various wallets belonging to the hacker. Once identified, monitoring entities such as Etherscan and Elliptic marked and flagged the wallets to enable further monitoring of transactions initiated from those wallets—effectively blacklisting the wallets. Further, some of the stollen funds ended up in wallets connected to technology operated by Circle Financial Services, a financial technology provider that froze the stolen funds until LCX could further recover them through additional legal process. Finally, LCX pursued legal action against the hackers in a New York District Court, serving them on-chain with the first ever NFT legal process airdrop. The media later amplified the actions of these many cryptocurrency stakeholders to recover the stolen cryptocurrency via on-chain means. The recovery of the LCX funds not only reflects an innovative combination of law and technology, but also serves as an example of Professor Parella’s stakeholder framework for enforcement of legal norms at work in a blockchain context.
Notably, the LCX exchange is a centralized entity, and not a DBE, but the example shows how such an entity used technology—both decentralized and centralized—and engaged with the stakeholders in the technology community to privately enforce laws prohibiting theft against a hacker that sought to hide legal violations behind a veil of decentralized technology.
In a separate context all together, a DBE offered individuals protection against perceived government overreach. The Tornado Cash open-source software offered a technology-enhanced path for protecting financial privacy in the digital era. The existence of the software acted as a form of predictive enforcement of international legal norms that declare privacy as a fundamental right. The software even provided a regulatory compliance tool to incentivize direct private enforcement of competing regulatory regimes. When a regulator blacklisted the software and effectively quashed the privacy-enhancing tool, NGOs produced educational reports and offered congressional testimony, users filed lawsuits, and industry organizations filed amicus briefs—all serving a facilitative function even as media amplified the issue. Although the blacklist remains in place for now, the collective effort of the DBE stakeholders led to a national debate about the extent to which the current trajectory of law upholds international legal norms that preserve the right to privacy, and invited a reevaluation of what privacy means in the decentralized digital era.
In considering why corporations obey international law, Professor Parella frames the question as “why do corporate managers comply with international law?” (Parella, pp. 332) DBEs, however, typically do not feature a board of directors or managers per se—not having them is a big part of the point of using the DBE form to coordinate productive activity. So, the question becomes: what will motivate the various DBE stakeholders to build sufficient consensus to enforce international legal norms via the enforcement mechanisms available to them? In other words, DBE stakeholders enjoy more direct input into compliance questions than their corporate stakeholder counterparts. To date, DBE stakeholders, including actors at each layer of the blockchain technology stack, are motivated to protect the fundamental rights that form the very fabric of the community and the technology the community built—sometimes to enforce law against individual bad actors, and sometimes to combat illegal enforcement of law by the state itself.
Conclusion
One of the key contributions that may emerge from applying Professor Parella’s typology of stakeholders and enforcement mechanisms to decentralized entities lies in the pervasively disruptive nature of the ethos that permeates the underlying technology. One of the core motivators for decentralized, encrypted, and open-source technology use derives from a desire to claw-back core rights from perceived government overreach. If the Tornado Cash fight is about anything, it is not money laundering. At its core, the fight over the Tornado Cash software is a fight to claw-back privacy rights that have been eroded in an era of infinite digital intermediation. Decentralized blockchain technology itself stands as a call to reclaim personal autonomy and individual freedom—key norms in international law.
In the era of decentralized entities, stakeholder mechanisms convert a decentralized entity’s alleged violation of certain domestic and international legal norms (such as the theft in the LCX hack or individual privacy in the case of the Tornado Cash software) into reputational, strategic and operational goals that incentivize stakeholders to examine whether the state complies with international law and, indeed, questions whether the legal rules themselves actually uphold international norms. The decentralized era is not about enforcing international law in a boardroom; it is about empowering users—individuals—to claw-back rights on their own terms. Ultimately, then, even as private actors work to govern decentralized entities in ways that align with international and domestic laws, decentralized entities seek to hold states themselves accountable to international legal norms. In other words, decentralized entities are intuitively flipping the script of international law enforcement through stakeholders from “provid[ing] important incentives for corporate actors to comply with international law” (Parella, pp. 340) to “empowering entities and individuals to internalize norms that states must respect.”
[1] Arvind Narayanan Et Al., Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction 171 (2016) (discussing that protocol developers “can urge the community on, but they don’t have the formal power to force people to follow them if they take the system in a technical direction that the community doesn’t like.”). [2] Id. at 68-71 (explaining the role of Simplified Payment Verification (SPV) and fully validating nodes (including miners) in blockchain protocols for validating transactions and providing data processing services). [3] Table 1 is an adaptation of Table 1: Stakeholder Enforcement Strategies in Parella, p. 322. It has been adapted to show the functional equivalence of stakeholders in the decentralized entity context to corporate stakeholders.
*Carla L. Reyes. Associate Professor of Law, Southern Methodist University Dedman School of Law; Faculty, Institute for Cryptocurrency and Contracts (IC3); Research Associate, University College London Blockchain Research Centre; Affiliated Faculty, Indiana University Bloomington Ostrom Workshop on Internet Governance and Cybersecurity.
I would like to thank Professor Kishanthi Parella for her brilliant work and the invitation to respond to it in the context of my area of expertise. I also want to thank the Harvard Journal of International Law editors for making this symposium possible.