Contracts in Cyberspace

You hire someone to fix your roof and (imprudently) pay him in advance. Two weeks later, you call to ask when he is going to get the job done. After three months of alternating promises and silence, you sue him, probably in small claims court.

Suing someone is a nuisance, which is why you waited three months. In cyberspace it will be even more of a nuisance. The law that applies to a dispute depends, in a complicated way, on where the parties live and where the events they are litigating over happened. A contract made online has no geographical location and the other party might live anywhere in the world. Suing someone in another state is bad enough; suing someone in another country is best left to professionals – who do not come cheap. If, as I suggested in an earlier chapter, the use of online encryption leads to a world of strong privacy, where many people do business without revealing their realspace identity, legal enforcement of contracts becomes not merely difficult but impossible. There is no way to sue someone if you do not know who he is.

Even in our realspace lives, however, there is another way of enforcing contracts, and one that is probably more important than litigation. The reason department stores make good on their “money back, no questions asked” promises, and the reason the people who mow my lawn keep doing it once a week even when I am out of town and so unable to pay them, is not the court system. Customers are unlikely to sue a department store, however unreasonable its grounds for refusing to take something back, and the people who mow my lawn are unlikely to sue me, even if I refuse to pay them for their last three weeks of work.

What enforces the contract in both cases is reputation. The department store wants to keep me as a customer and won’t if I conclude that they are not to be trusted. Not only will they lose me, they may well lose some of my friends, to whom I can be expected to complain. The people who mow my lawn do a good job at a reasonable price, such people are not easy to find, and I would be foolish to offend them by refusing to pay for their work.

When we shift our transactions from the neighborhood to the internet, legal enforcement becomes harder. Reputational enforcement, however, becomes easier. The net provides a superb set of tools for collecting and disseminating information, including information about who can or cannot be trusted.

On an informal level, this happens routinely through both Usenet and the web. Some years back, I heard that my favorite palmtop – a full-featured computer, complete with keyboard, word processor, spreadsheet, and much else, which fitted in my pocket and ran more or less forever on its rechargeable battery – was available at an absurdly low price from a discount reseller, apparently because the attempt to sell it in the U.S. market1 had failed and the company that made that attempt was dumping its stock of rebranded Psion Revos (aka Diamond Makos). I went on the web, searched for the reseller, and in the process discovered that it had been repeatedly accused of failing to live up to its service guarantees and was currently in trouble with authorities in several states. The same process works in a somewhat more organized fashion through specialist web pages – MacInTouch for Macintosh users, the Digital Camera Resource Page for consumers of digital cameras, and many more.

For a different version of reputational enforcement online, consider eBay. eBay does not sell goods; it sells the service of helping other people sell goods, via an online auction system. That raises an obvious problem. Sellers may be located anywhere – quite often outside the United States. Most transactions, although not all, involve goods of modest value, so suing for failure to deliver, especially suing someone outside the United States for failure to deliver, is rarely a practical option. With millions of buyers and sellers, each individual buyer is not likely to buy many things from any particular seller, so the seller need be only mildly concerned about his reputation with that particular buyer. Why don’t all sellers simply take the money and run?

One reason is that eBay provides extensive support for reputational enforcement. Anytime you win an eBay auction you have the option, after taking delivery, of reporting your evaluation of the transaction – whether the goods were as described and delivered in good condition, and anything else you care to add. Anytime you bid on an eBay auction, you have access to all past comments on the seller, both in summary form and, if you are sufficiently interested, in full. Successful eBay sellers generally have a record of many comments, very few of them negative.

There are, of course, ways that a sufficiently enterprising villain could try to game the system. One would be by setting up a series of bogus auctions, selling something under one name, buying it under another, and giving himself a good review. Eventually he builds up a string of glowing reviews and uses them to sell a dozen nonexistent goods for high prices, payable in advance.

It’s possible, but it isn’t cheap. eBay, after all, will be collecting its cut of each of those bogus auctions. The nominal buyers will require many different identities in order to keep the trick from being obvious, which involves additional costs. Meanwhile all the legitimate sellers have to do in order to build up their reputation is honest business as usual. And eBay itself, in order to maintain its reputation as a good place to buy and sell, attempts in various ways to prevent buyers and sellers from abusing the reputational mechanisms it has created.2 I am confident, on the basis of no inside information at all, that at least one villain has done it successfully – but there don’t seem to be enough to seriously discourage people from using eBay.

Another way a dishonest seller could try to abuse the system is by buying goods from competitors under a false name and then posting (false) negative information about the transaction. That might be worth doing in a market with only a few sellers – and for all I know it has happened. But in the typical eBay market, with many sellers as well as many buyers, defaming one competitor merely transfers the business to another.


While reputational enforcement along the lines of what eBay currently provides is adequate for many purposes, it would be useful to have systems that are harder to cheat on. Before looking at how they might work, it is worth thinking a little more about the logic of reputational enforcement. Criminal law and tort law exist, in large part, as ways of punishing bad behavior. In the case of reputational enforcement, in contrast, punishment is only an indirect consequence of actions taken for other reasons. Consider an (imaginary) example:

The news that Charley bought an expensive suit jacket at the local department store, his wife made him take it back, and they refused to return his money, gives me no reason to want to punish the store. Ever since Charley told me what he really thought of my latest book, I have regarded his misfortunes as no more than he deserves. As the story spreads, more and more people stop shopping at that particular store. The reason is not that we wish to punish them – Charley’s unfortunate habit of telling people what he really thinks has left him few friends. The reason is to protect ourselves. We too might someday buy something our wives disapproved of.

Reputational enforcement works by spreading true information about bad behavior. People who receive that information modify their actions accordingly, which imposes costs on those who have behaved badly.3 As this example suggests, one thing determining how well reputational enforcement works is the ability of interested third parties to get information about who cheated whom.

To see this, suppose we change the story a little by making Charley not merely tactless but routinely dishonest. Now when he complains that the store refused to take the jacket back even though it was in good condition, we conclude that his idea of good condition probably included multiple ink stains and a missing sleeve, due to his wife’s reaction to how he had been wasting their money – we know her too – and we continue patronizing the store.

One reason information costs are important is that if interested third parties do not know who is at fault, they do not know who to avoid future dealings with. A more subtle reason is that if third parties cannot easily find out who is at fault in a dispute, the dispute may never become public. If I accuse you of swindling me, you will of course deny it. Reasonable third parties, unable to check either side’s claims, conclude that at least one of us is a crook. They have no way of finding out which, and it is therefore prudent to avoid both. Anticipating that result, I decide to swallow my losses and try to more careful next time; complaining will only make things worse.4 So reputational enforcement requires a framework that makes it easy for interested third parties to determine who is at fault.

Such a framework exists and is used to settle intra-industry disputes in many different industries. It is called arbitration.

You and I make an agreement and specify the private arbitrator who will settle disagreements over its terms. A disagreement occurs; you demand arbitration. The arbitrator decides in your favor. If I refuse to obey the ruling, the arbitrator can make that fact public. An interested third party, typically another firm in the same industry, does not have to know the facts of the dispute to know who is at fault. All it has to know is that both of us agreed to the arbitrator and the arbitrator we agreed to says that I reneged on that agreement.5

This works well within an industry because the people involved know each other and are familiar with the industry’s institutions for settling disputes. It works less well for disputes between a firm and one of its many customers. Other customers, unless they too are part of the industry, are unlikely to know enough about the institutions to be confident about who was cheating whom. What about in cyberspace?

Very Close to Zero: Third-Party Costs in Cyberspace

You and I agree to a contract online. The contract contains the name of the arbitrator who will resolve disputes and his public key – the information necessary to check his digital signature. We both digitally sign the contract and each keeps a copy.

A dispute arises; you accuse me of failing to live up to my agreement and demand arbitration. The arbitrator rules for you and instructs me to pay you $5,000 in damages. I refuse. The arbitrator writes an account of how the case came out: he awarded damages, I refused to pay them. He digitally signs it and sends you a copy.

You now have a package – the original contract and the arbitrator’s verdict. My digital signature on the original contract proves that I agreed to that arbitrator; his digital signature on the verdict proves that I reneged on that agreement. That is all the information that an interested third party needs in order to conclude that I am not to be trusted.

You put the package on a web page, with my name all over it for the benefit of any search engines looking for information about me, and email the URL to anyone you think might want to do business with me in the future. Anyone who accesses the page can check the facts – more precisely, his computer can check the facts for him, by checking the digital signatures – in something under a second. Having done that, he knows that I am the one who reneged on the agreement. The most likely explanation is that I am dishonest. An alternative possibility is that I was fool enough to agree to a crooked arbitrator – but he probably doesn’t want to do business with fools either. Thus the technology of digital signatures makes it possible to reduce information costs to third parties to something very close to zero, making possible effective reputational enforcement online.6

Private enforcement of contracts along these lines solves the problems raised by the fact that cyberspace spans many geographical jurisdictions. The relevant law is defined not by the jurisdiction but by the private arbitrator chosen by the parties. Over time, we would expect one or more body of legal rules with regard to contracts to develop, as the Law Merchant historically did develop, with many different arbitrators or arbitration firms adopting the same or similar legal rules.7 Contracting parties could then choose arbitrators on the basis of reputation.

For small-scale transactions, you simply provide your browser with a list of acceptable arbitration firms; when you contract with another party, the software picks an arbitrator from the intersection of the two lists. If there exists no arbitrator acceptable to both parties, the software notifies both of you of the problem and you take it from there. For larger transactions, the choice of arbitrator is one of the things that the human beings negotiating the contract can bargain over.

Private enforcement also solves the problem of enforcing contracts when at least one of the parties is, and wishes to remain, anonymous. Digital signatures make it possible to combine anonymity with reputation. A computer programmer living in Russia or Iraq, where anonymity is the only way of protecting income from private or public bandits, has an online identity defined by his public key; any message signed by that public key is from him. That identity has a reputation, developed through past online transactions. The more times the programmer has demonstrated himself to be honest and competent, the more willing people will be to employ him. The reputation is valuable so the programmer has an incentive to maintain it – by keeping his contracts.8

The Reputation Market

(On Earth they) even have laws for private matters such as contracts. Really. If a man’s word isn’t any good, who would contract with him? Doesn’t he have reputation?

Manny in The Moon is a Harsh Mistress by Robert Heinlein

There is one way in which the online world I have been describing makes contract enforcement harder than in the real world. In the real world, my identity is tied to a physical body, identifiable by face, fingerprints, and the like. I do not have the option, after destroying my realspace reputation for honesty, of spinning off a new me, complete with new face, new fingerprints, and an unblemished reputation.

Online I do have that option. As long as other people are willing to deal with cyberspace personae not linked to realspace identities, I always have the option of rolling up a new public key/private key pair and going online with a new identity and a clean reputation.

It follows that reputational enforcement will only work for people who have reputations – sufficient reputational capital so that the cost of abandoning the current online persona and its reputation outweighs the gain from a single act of cheating. Someone who wants to deal anonymously in a trust-intensive industry may have to start small, building up his reputation to the point where its value is sufficient to make it rational to trust him with larger transactions. The same thing happens today in industries where enforcement is primarily through reputational mechanisms.9

The problem of spinning off new identities is not limited to cyberspace. The realspace equivalent of rolling up a new pair of keys is filing a new set of incorporation papers. Marble facing for bank buildings and expensive advertising campaigns can be seen as ways in which a new firm posts a reputational bond in order to persuade those who deal with it that they can trust it to act in a way that will preserve its reputation.10 Cyberspace personae do not have the option of marble, at least if they want to remain anonymous, but they do have the option of investing in a long series of transactions or in other costly activities, such as advertising or well-publicized charity, in order to establish a reputation that will bond their future performance.

What about entities – firms or individuals – that are not engaged in long-term dealings and so neither have a valuable reputation nor are willing to pay to acquire one? How are they to guarantee their contractual performance in this world?

One solution is to piggyback on the reputation of another entity engaged in such dealings. Suppose I am an anonymous online persona forming a contract that it might later be in my interest to break. How, absent a reputation, do I persuade the other party that I will keep my word? What is to keep me from making the contract, agreeing to an arbitrator, breaking the contract, ignoring the arbitrator’s verdict, and walking off with my gains, unconcerned by the damage to my nonexistent reputation?

I solve the problem by offering to post a performance bond with the arbitrator – in anonymous digital currency. The arbitrator is free to allocate all or part of the bond to the other party as damages for breach. This approach – taking advantage of a third party with reputation – is not purely hypothetical. Purchasers on eBay at present can supplement direct reputational enforcement with the services of an escrow agent – a trusted third party that holds the buyer’s payment until the goods have been inspected and then releases it to the seller.

This approach still depends on reputational enforcement, but this time the reputation belongs to the arbitrator. With all parties anonymous, he could simply steal bonds posted with him – but if he does, he is unlikely to stay in business very long. If I am worried about such possibilities, I can require the arbitrator to sign a contract specifying a second and independent arbitrator to deal with any conflicts between me and the first arbitrator. My signature to that agreement is worth very little, since it is backed by no reputation, but the signature of the first arbitrator to a contract binding him to accept the judgment of the second arbitrator is backed by the first arbitrator’s reputation.11

One problem may occur to some readers. I am identified online only by my digital signature. Someone who somehow gets a copy of my private key has a blank check against me, to the limit of the value of my reputation; he can sign contracts as me, collect payment, and then leave me to either fulfill the contracts or lose my reputation.

The obvious solution to this problem is to guard my private key. Another and partial solution is a mechanism for recalling compromised keys, perhaps a web site that exists to carry posts by people whose keys have been compromised, announcing that they will no longer be responsible for contracts signed with that key. When creating a reputation, I could explicitly state that my signature is only good for obligations up to some limit, or for some fixed length of time, with some stated mechanism for renewing it.


If the arguments I have offered are correct, we can expect the rise of online commerce to produce a substantial shift toward private law privately enforced by reputational mechanisms. While the shift should be strongest in cyberspace, it ought to be echoed in realspace as well. Digital signatures lower information costs to interested third parties whether the transactions being contracted over are occurring online or not. And the existence of a body of trusted online arbitrators will make contracting in advance for private arbitration more familiar and reliance on private arbitration easier for realspace as well as cyberspace transactions.

The use of reputational enforcement as an alternative to legal enforcement of contracts is not anything new; there are multiple historical examples.12 In this respect as in several others discussed later, the future might resemble the past more than the present.

Relative Prices Rule the World

When I was little, one of my favorite adults was a friend of my parents named Dorothy Brady. One reason was her habit of bringing small gifts for my sister and me when she came to visit. A more important reason was that she was always doing interesting things.

One of her projects involved apple-peeling machines – the gadgets that you stick an apple on, turn a handle, and – if all goes well – end up with a peeled, cored, and sometimes even sliced apple. The conclusion of her research – done by exploring New England museums – was that over a period of about 200 years the design stayed the same but the materials changed. The earlier you went back, the more of the machine was made of wood and the less of metal.

In real life Dorothy was an economic historian.13 In addition to giving her an excuse to poke around museums, her research provided an example of a very common pattern in economic history. How people do things depends on the relative costs of the alternatives. When metal is expensive, wood and the labor to shape it cheap, you make things mostly out of wood, and use metal only where it is essential. As steel gets less and less expensive relative to wood and labor, people shift to using more and more of it.

This chapter is about a newer example of the same logic. The technology of the internet reduces the cost of doing business with people far away – so we do more of it. It used to be that, as a practical matter, I only bought things from England when I was in England. Today buying a book from England is only marginally more trouble than buying it from the local Barnes & Noble. Routinely doing business with people far away raises the cost of settling disputes by use of the government court system, since the jurisdiction of courts is in large part based on geography.

Modern communications technology makes sharing information much easier than it used to be and encryption technology, in the form of digital signatures, does the same for verifying the shared information. You no longer have to check your informant’s reputation and biases or look over the evidence to make sure nobody has tinkered with it. One calculation tells you a verdict came from the arbitrator it says it came from; one more tells you that that arbitrator was the one I agreed to accept. I agreed to accept his verdict, he says I reneged on that agreement, case closed.

Government courts and private reputation are alternative ways of achieving the same objective – making people keep their word. The cost of using government courts has gone up. The cost of information to interested third parties – the key ingredient in private enforcement through reputation – has gone down. The predictable result is a shift away from the one means and toward the other.

Find an apple peeler in a kitchen gadget catalog. The handle might be wood – or plastic. The rest will be steel.14


1 Unfortunately, Psion has now abandoned the consumer market. If only they would license to Sony or Nokia or HTC the magic spell that made it possible for them, and only them, to build a usable keyboard into a palmtop or, better yet, a smartphone, I could have the machine of my dreams.
Update: Now I can. Planet Computers built a cell phone, the Gemini, inspired by the Psion, with a keyboard designed by the same person who designed the Psion keyboard. It looks like a Psion with a color screen, it types like a Psion and it works as a cell phone.

2 EBay both responds to complaints about fraud, sometimes by closing down accounts or calling in federal officials, and advises its customers on precautions to take before bidding.

3 For an extensive discussion of reputational enforcement, see Klein, 1997.

4 This problem was apparently responsible for recent changes in eBay’s feedback policy; buyers were being deterred from leaving negative feedback on sellers by concern that the sellers would retaliate in kind.

5 Those interested in something beyond this highly stylized account may want to look at Lisa Bernstein’s work, much of which is on arbitration.

6 The costs of the arbitration, of course, are not zero. But they are paid by the people who signed the contract, not by the interested third parties.

7 As Bruce Benson has pointed out, such a process is how the Lex Mercatoria developed in the early Middle Ages. That too was a system of private law enforced by reputational penalties in an environment where state law was inadequate for contract enforcement, due in part to legal diversity across jurisdictions. See Benson, 1998, “Evolution of Commercial Law” and “Law Merchant.” Much of the author's work is on his web page.

8 A good fictional description of the combination of anonymity with online reputation occurs early in Stiegler, 1999.

9 Stiegler, 1999, contains an entertaining illustration of this point. A central character has maintained two online personae, one, with a good reputation, for legal transactions and another, with a deliberately shady reputation, for quasilegal transactions such as purchases of stolen property. At one point in the plot, his good persona is most of the way through a profitable honest transaction when it occurs to him that it would be even more profitable if, having collected payment for his work, he failed, at the last minute, to deliver. He rejects that option on the grounds that having a persona with a good reputation has just given him the opportunity for a profitable transaction, and if he destroys that reputation it will be quite a while before he is able to get other such opportunities.

10 See, for example, Nelson (1974), Williamson (1983), Klein and Leffler (1981).

11 A cybernetic approach to resolving contractual disputes.

12 See, for instance, Faille, 2007, a review of Greif, 2006, or Friedman, 2005.

13 When I searched for her on the Web, I discovered a good deal about her that I had not known.

14 Applesource is a firm that sells both a peeler and a wide variety of apples by mail, a useful service for those of us who like to plant fruit trees and want advance information on how the fruit will taste.