Blockchains reduce the need for “trust” in legal transactions. From a legal perspective, trust has some specific meanings with respect to custody, control, and transactional risk. It can be accurately defined as “reliance on assurance of others to reduce transactional risk.” Blockchains radically shift the economics of providing transactional assurances.

For example, blockchains reduce the cost and complexity of obtaining assurances of asset ownership and control. Blockchain offers a cheaper and more reliable mechanism of creating, storing, and proving evidence.

Commercial and financial legal processes currently rely on numerous systems to reduce overall transactional risk and give people enough confidence to transact. A critical legal inquiry regarding any kind of property is, who owned title, when, and what is the transactional history? In asset transactions, property registries provide custodial and financial histories. To risk buying an item or making a loan secured by property, a buyer or creditor must be able to verify that the person purporting to own the property really does have title, and that there are no other enforceable inconsistent claims.

For high-value, complex transactions, this means obtaining assurances of (1) proof of authoritative title to an asset (title is clean and untampered), and (2) proof that the proof of title is reliable (the source of assurance (1) is clean and untampered). Underpinning it all is property law. Rules of property law apply whether the object in question is a house, a retail installment contract, or a digital token. Critical to property law is the concept of title, or ownership of property.

Legal systems have developed multiple property registries and custodial systems to manage information and give buyers, lenders, and invested parties the ability to verify whether a specific deal represents an enforceable obligation. Financial market infrastructure spends tremendous sums to maintain structures that provide assurances of things like chain of custody and title.

Registries. Creditors and other interested parties file notices with deeds registries, secretaries of state, departments of motor vehicles, and places a creditor checks for notice of an adverse interest. Common examples are land registries and, in the United States, the U.C.C.-1 filing registry within a state. The registry record is deemed authoritative for legal enforcement of contracts, and insurers, lenders, buyers, and sellers rely on it equally to track rights and obligations. The records produced by central property registries supply chain of title and custody details.

Registries like these developed out of need: without a reliable system for registering, or “perfecting,” one’s interest in property, market confidence in buying, selling, and lending is disincentivized. Functional registries make functional markets.

Custody and Control of Intangibles. Second-and-third order monetization of a value stream often involves intangible property. For example, financial products leverage contract rights and obligations to create additional assets and revenue streams like securities and derivatives. In pre-internet commerce, custody and control of intangible assets were proved by “possession”; a lender holding a note as a security pledge against a loan might actually take possession of the note. It is impractical to run valuable paper instruments from holder to holder in real time, so the notes were placed with a trusted third party who acted as intermediary, for example, holding the notes in custodial trust, matching and settling promises to pay. The market assigned possessory rights to custodial agents who held assets “in trust” and maintained their chain of title so deals were free to flow without paper slowing them down.

Electronic Contracts. With the advent of electronic contracts, the law evolved a new method of perfecting a security interest in digital originals of notes and chattel paper. The key, when vaulting an electronic contract, is to prevent multiple copies that might result in adverse claims, or “double spends” of the same obligation. Sounds familiar!

Electronic contracting laws like Uniform Electronic Transactions Act (UETA) established standards for vaulting and proving custody and control of digital assets. The UETA drafters, however, noted that their recommendations were based on late-20th-century technological capabilities to establish “control.” UETA’s custodial “control” requirements substitute for possession to perfect electronic contracts in the absence of a unique digital “token” to represent a contract. The drafters looked to the market to develop better systems of digital asset control.

Where Blockchain Comes In

A better property registry. Blockchain gives us a decentralized, tamper-evident record of what happened and when with respect to data stored in specific tokens. This tamper-evident ledger means less reliance on central authorities to prove the integrity of assets. A blockchain-based property registry proves its own transactional history.

Assets that prove their own chain of custody. Blockchain-based data objects can represent any number of property types extrinsic to the blockchain, as well as assets that are native to digital technology, e.g., tokens. A blockchain-native asset represented by a token is inherently and immutably tied to its transaction history. This means assets stored in a blockchain can prove their own titles, chains of custody, and transactional records.

Blockchains can get chain of custody right. Without structures that prove chain of custody, the lack of reliable proof structures has a chilling effect on legitimate commerce. Blockchain offers a low-cost way to scale legal infrastructure and build commercial rails on the bedrock of rule of law.

Poorly controlled legal proof structures are also a problem with existing custodial systems. For example, after the 2008 recession, we learned of multiple frauds in the system of keeping chain of custody of loan records. Many assets were so poorly tracked that when it came time to enforce legal rights, creditors were left holding assets with chains of custody any lawyer could challenge to defeat the creditor’s claim. Blockchain storage of contract assets solves this problem, ab initio.

Blockchain proof of title, custody, and transaction history reduces the need to rely on external assurances. This opens economic potential wherever there was previously a lack of reliable legal infrastructure. Along the way, blockchain will shed light upon, and drive the transition to, more efficient methods of proof in digital infrastructure.

Nina Kilbride

Introduction

On October 17, 2018, the Cannabis Act came into force in Canada, establishing a comprehensive legislative scheme governing the licensing, production, distribution, and sale of cannabis and related products for recreational use. Canada’s nascent recreational cannabis industry has faced its share of growing pains, but there is reason for optimism moving forward. Statistics Canada estimates that the illicit market for cannabis was worth approximately CDN$5 – $6 billion (US$3.79 – $4.55 billion) in 2015, while a 2018 Deloitte report suggests that the total Canadian cannabis market could generate up to CDN$7.17 billion (US$5.44 billion) in sales in 2019. If the sales figures forecast by the Deloitte report are achieved, that would put the cannabis market on the same footing as both the Canadian wine industry and the Canadian spirits industry.

Excitement surrounding legalization has led to a flurry of capital markets activity in Canada, resulting in billion dollar market capitalizations for several Canadian cannabis companies traded on the Toronto Stock Exchange (“TSX”), as well as the one Canadian cannabis company that currently trades solely on the NASDAQ.

Investor optimism is not fueled exclusively by the market potential that exists within Canada’s borders; rather, international opportunities represent a significant growth target. A 2018 report published by CIBC suggests that the global cannabis market could reach approximately CDN$25 – $30 billion (US$18.96 – $22.75 billion) in 2020. The U.S. could play a significant role in the global cannabis economy, as a study conducted by the Brightfield Group estimates that Canada and the U.S. will account for more than 86% of global cannabis sales in 2021.

Although cannabis is currently legal for recreational use in ten U.S. states and for medical use in 33 states and the District of Columbia, cannabis remains a Schedule 1 narcotic under the U.S. federal Controlled Substances Act. This classification has prevented Canadian cannabis companies from entering the U.S. market. Although cannabis may be exported from Canada for medical or scientific purposes under the Cannabis Act, an export permit may be refused if such exportation would contravene the laws of the country of import, or if such exportation would not comply with the permit for importation issued by a competent authority of the country of import.

Notwithstanding these obstacles, enthusiasm regarding the U.S. market was on full display when Tilray Inc.’s shares jumped 28.95% on the same day it was reported that the Canadian cannabis producer had received approval from the U.S. Drug Enforcement Agency to export cannabis to California for a clinical trial.

What does this mean for U.S. cannabis companies?

U.S. stock exchanges are regulated by federal legislation and, as a result, you will not find any pure play U.S. cannabis companies listed on the major American stock exchanges. Similarly, the TSX and its affiliated TSX Venture have taken the position that companies with operations or investments in the U.S. cannabis industry will be in violation of the listing requirements of their exchanges and thus subject to de-listing.

However, Canada’s more junior exchange, the Canadian Securities Exchange (the “CSE”), has welcomed Canadian and U.S. cannabis companies alike, listing 116 companies that operate in the cannabis industry, as of the date of this writing. Rather than prohibiting issuers with ties to the U.S. cannabis industry, the CSE has taken a disclosure-based approach, requiring its issuers to disclose the extent of its activities in the U.S. and the risk that its activities present from a U.S. legal standpoint.

Investor response to CSE listed cannabis companies has been extremely positive, with investors showing a particular appetite for companies offering exposure to the U.S. cannabis market. While historically being considered a “third-tier” Canadian stock exchange, the CSE is gaining notoriety, attracting industry-leading U.S. cannabis companies that have been denied access to more traditional exchanges.

For example, in May 2018, MedMen Enterprises Inc., a leading cannabis retailer in the U.S., began trading on the CSE at an implied value in excess of US$1.6 billion and on November 16, 2018, filed to raise CDN$75 million (US$56.88 million) via bought deal.  In October 2018, Curaleaf Holdings Inc., a vertically integrated cannabis cultivator and retailer, closed a private placement on the CSE which raised approximately US$400 million, implying a valuation close to US$4 billion. The most recent debut on the CSE was that of Acreage Holdings, a multi-state cannabis producer that boasts former House Speaker John Boehner and former Canadian Prime Minister Brian Mulroney as board members. Acreage Holdings began trading on the CSE on November 15, 2018, shortly after raising US$314 million in a private placement, implying an enterprise value of approximately US$2.1 billion.

How are U.S. cannabis companies becoming listed?

The most popular approach to listing on the CSE  by far is the reverse takeover, or “RTO”. RTOs involve the entity acquiring a publicly-listed shell or dormant company to pursue listing. RTOs are typically completed by way of a statutory amalgamation or arrangement and may require approval of each company’s shareholders, depending on the structure of the transaction and constating documents of the companies.

Compared to an IPO, RTOs are generally less time consuming and expensive and do not necessarily need to be accompanied by a concurrent equity financing—although MedMen, CuraLeaf and Acreage Holdings each completed private placements connected to their respective RTOs.

Another primary driver of expediency in RTOs is that they do not require regulatory review by securities regulators, and rather only require approval of the stock exchange. While a document with prospectus-level disclosure is still a requirement, eliminating the review of the securities regulators is one less obstacle to face in an RTO process.

Looking forward

There has been growing support to amend federal cannabis laws in the U.S. On June 7, 2018, Senators Cory Gardner and Elizabeth Warren introduced the Strengthening the Tenth Amendment Through Entrusting States (STATES) Act in Congress, which would amend the Controlled Substances Act to make it impossible to prosecute individuals and corporations who are in compliance with U.S. state laws on cannabis. A companion bill was introduced on the same day in the House of Representatives by Representatitives Earl Blumenauer and David Joyce.

The STATES Act would not remove cannabis as a Schedule 1 narcotic, meaning that cannabis would remain federally illegal. However, the STATES Act provides that compliant transactions would not be considered trafficking and would therefore not result in the proceedings accompanying an unlawful transaction. With this distinction in mind, it remains unclear what impact the STATES Act, if passed, may have on the willingness of U.S. stock exchanges and federally regulated banks to participate in the U.S. cannabis industry.

While much uncertainty remains with respect to the long-term outlook of the U.S. cannabis market, there appears to be a significant appetite among investors to participate in this burgeoning industry. As of right now, the most attractive way for U.S. cannabis companies to capitalize on this enthusiasm and to access capital markets is to look north of the border, where the CSE awaits with open arms.

While hanging around the water cooler the other day, I took an informal survey of a few colleagues. “How many of you are finding the task of addressing private information in compliance with increasingly complex laws, regulations, and corporate mandates to be hugely fun?” Unsurprisingly, the feedback was unanimous; everyone was loving it. They couldn’t get enough. They clamored for greater records management responsibilities and litigation response obligations. They also mentioned that there is no better end to a long workday than an involved information-security training, provided that their lunchtime could be interrupted for dental work with no anesthesia.

As it turns out, employees in the real world don’t really like doing anything beyond their real jobs, and certainly don’t want to have anything to do with the perceived tedium of classifying their files according to a growing set of company rules. For the vast majority of people, information management is about as fun as a root canal. And yet, effectively managing information has always been essential and is more and more a differentiator for organizations. This capability impacts a company’s reputation, risk profile, and innovation initiatives.

What can companies do? They can’t outsource their obligations—even if a third party is brought in to do some of the legwork, ultimately the obligation to comply lies with the company. Neither can they ignore the issue because there are increasingly more laws that prescribe how companies and their employees must manage information from its creation to its proper destruction. Similarly, there are far more consequences in failing to get it right. It’s an unenviable position for companies; they need their employees protecting the company’s information assets, but most employees are disinterested at best, viewing themselves to be full up with “real” work that trumps a concerted focus on these efforts.

Generally, there are two kinds of employees: the ones who are motivated by carrots, and the ones who must be inspired by sticks. There are some employees who will follow rules because they are told to and because being proactive is good for the company. However, if there is no compelling reason for employees to do something, they often fall into the latter category of needing a consequence, a penalty, or a loss of some benefit or privilege before they will dream of doing a task at work outside of their perceived job scope.

That brings us to a confluence of realities: more downside, more attacks on the IT systems, more laws dictating what is required and penalizing companies when they fail to comply, and more employees behaving badly, uninspired to lift a finger to help your company better manage information.

Here are seven keys to fix such a problem.

1. Set the Tone at the Top. The CEO in some respects is the soul of the company in that he or she sets the big-picture objectives for the organization. This is commonly communicated through a mission statement, vision, and code of ethics. These concepts and values are then seen as calls to action by others in the organization and rapidly become operationalized. When the CEO or other executives message the importance of a company initiative or action, the employees (everyone below them) are more likely to listen and follow their lead. For example, if the CEO decides that being a “greener” company is important, then initiatives that advance that idea will get more attention and funding. Employees will more likely do what it takes to make the company greener. Thus, one thing that will be essential to making information activities come to life in the company is for the executive team and others in management to support the information project or program and message its importance to all employees. Another way they can show support is by funding such activities and publicly recognizing successful efforts.

2. Make It Part of the Job. One of the best ways to get folks to take on protecting private information is to make it a part of their job responsibilities. For many businesses, at most they develop policy and expect that employees will read, understand, and follow the directives. That is usually the last time the policy is addressed until something bad happens. Then everyone wants to know what went wrong. What commonly goes wrong is that employees have a black and white view of their roles and responsibilities. They disregard policies as irrelevant to their jobs if adequate context isn’t provided.

The company can “legitimize” the activity by making it a part of the employees’ job responsibilities in writing and by making it clear that failure to do as required will, for example, impact performance incentives. When compliance with a policy is tied to compensation, it tends to get employees engaged. That would be more of the stick approach.

In terms of the carrot, why not have high-potential employees nominated by senior leadership to serve as information stewards? Formalize the role, make it a coveted position, and recognize and reward them for participating. You will find that you have inspired these employees to be your eyes and ears in the business. This causes a chain reaction whereby those around them start caring more as well.

3. Train the Employees. A policy itself, no matter how comprehensive and clear, is only as good as the training and change-management that accompanies it. Parking a myriad of policies on a website and thinking employees will search to find and master them is wholly unrealistic. Not only that, but having policies that no one follows is a liability. “Isn’t it true that your company has a privacy policy, you didn’t know about the policy, and in fact were never trained on the policy . . .” You get the idea.

Providing a written policy or other directive tells employees what is expected; training them on it helps ensure they understand what they must do in greater specificity. In other words, policy is not enough. Training and perhaps even testing on the mastery of the training is far more effective.

Remember, however, that employees can’t take in endless training sessions on one topic after another. Be mindful to not put too much in front of them at once and spread it out to maximize the training’s effectiveness. In other words, limit how much training employees receive, given the law of diminishing returns.

Training should be an important tool in your arsenal when it comes to ensuring that employees are able to digest and apply vital policy concepts. It is a stepping-stone to behavioral change. One point of consideration is to consolidate trainings where possible. Companies often have a “code of ethics” or “code of conduct” that provides high-level principles regarding the company’s position on such matters as privacy requirements, books and records management, cyber-security fundamentals, and beyond. Publishing such a code for public/external consumption bolsters a company’s reputation for being trustworthy and of sound integrity. Is it possible to consolidate your trainings on various governance topics into one large “code of ethics” training that can be taken in modular format? This then strengthens and unifies the company’s position on various interdependent information-management directives while streamlining the training experience for employees.

4. Gamify. In the last few years, gamification of training has helped create better-trained employees and kept employees engaged with longer-term retention of the topic. Gamification is a process where an employee is engaged at a deeper level to make the training like a game. This means launching awareness campaigns that involve features like points, levels, and awards. The goals of gamification are to create a sense of intrinsic motivation, achievement, and mastery. The more employees interact with the training material or policy in a game context, the more likely they are to understand the material and be able to act upon it. Bottom line is that it works.

5. Auditing/Monitoring. The only real way to know whether employees are doing what is required of them is by looking. In the workplace, that is typically done by watching their actions in real time (monitoring) or looking at what they have done after the fact (auditing). Auditing and monitoring programs help ensure that employees are getting it right. These programs also allow the company to help employees better perform tasks and fix training or implementation issues across the company as they become known.

In highly regulated industries, auditing and monitoring are part of the normal course of business. In fact, internal audit and quality assurance teams can be excellent partners in building an audit readiness program and in conducting the audits themselves.

6. Whack with Love or Not, but Be Consistent. When employees get something wrong, there may be a need to reprimand them. Thus, when policies provide that noncompliance may result in disciplinary action, the company must follow through. Failure to discipline may result in claims that such policy or disciplinary action is applied in a discriminatory fashion. Remind and follow up with employees to ensure they are getting it right, and when they don’t, act swiftly, fairly, and consistently to address the failure. Remember, word travels fast, and others will take note, which tends to change behavior in a positive way.

7. Repeat. Training, behavioral change, and the business transformation that follows are not one-time projects or instantaneous outcomes. Begin the process of training on key topics from the very beginning of an employee’s tenure at your company during orientation. For topics that are essential for employees to master, such as information security, training should be routinized and part of an established schedule. Not only that, policy principles and core concepts should be patiently and persistently reiterated via meetings with communities of practice, company newsletters, annual refresher trainings, and embedded within spotlights on governance initiatives when there has been a “big win.” Making employees care about managing information well means making these conversations part of your company’s culture.

Conclusion

Information has become the lifeblood of organizations. Oftentimes, it’s pumping life without rhyme, reason, control, or direction, and that has to change. Unless leadership institutionalizes the management of information, the employees will likely do as little as possible or nothing at all. With value, volume, growth in legal requirements, and consequences all intensifying around information management, however, companies must have their work forces engaged. The seven keys may not build love, but they will build a reasonable, repeatable, and defensible process “hook” for litigators to hang their hats on when failure occurs, and it always does.

On September 28, 2018, California became the first US state to specifically regulate the security of connected devices (otherwise known as ”Internet of Things” or “IoT devices”).

The new laws aim at increasing the security of IoT devices, whose global use is growing rapidly. Statista has estimated that in 2018 there are over 23 billion IoT devices currently in use, and this number is expected to grow to over 26 billion in 2019 (Gartner has estimated 20 billion such devices will be online by 2020). Unfortunately many IoT devices remain dangerously unprotected from cybercriminals and vulnerable to malware as they enter the market with no passwords, default passwords (think ”123”, ”admin” or even worse, ”password”) or otherwise hard-coded passwords that cannot be modified or updated. 

These concerns are not merely speculative. By way of ‘real life’ example, beginning September 2016, massive distributed denial of service (DDoS) attacks took down various US Internet infrastructure companies/DNS providers, leaving much of the Internet inaccessible on the east coast of the United States and incapacitating popular websites (including AirBnB, Amazon, Github, HBO, Netflix, Paypal, Reddit, the New York Times and Twitter, just to name a few). Originally created by three teenaged hackers, the Mirai malware responsible for the attack was specifically designed to target and infect susceptible IoT devices such as security cameras, home routers, air-quality monitors, digital video recorders and routers using a table of more than 60 common factory default usernames and passwords.  These devices were turned into a network of remotely controlled bots that were used to launch the DDoS attacks which later spread globally, impacting such diverse organizations as OVH (a large European provider), Lonestar Cell (a Liberian Telecom Operator) and Deutsche Telekom. At its peak, Mirai infected over 600,000 vulnerable IoT devices.

These two new substantially similar IoT laws (California Senate Bill 327, chapter 886 and Assembly Bill No. 1906, “Security of Connected Devices” (2018 Cal. Legis. Serv. Ch. (S.B. 327)(to be codified at Cal. Civ. Code § 1798.91.04(a)) (collectively, the “IoT Laws”) require manufacturers of connected devices to equip the device with a ”reasonable” security feature or features that meet all of the following criteria: (i) appropriate to the nature of the device; (ii) appropriate to the information it may collect, contain, or transmit; and (iii) designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification or disclosure. The IoT Laws broadly define a ‘connected device’ to mean any devices or other physical object that is capable of connecting to the Internet (directly or indirectly), and that is assigned an Internet Protocol address or Bluetooth address, meaning that consumer, industrial, and other IoT devices are covered.

Additionally, if the connected device is equipped with a means for authentication outside of a local area network, either of the following requirements must be met before it shall be deemed to possess a “reasonable security feature”: (i) it must have a preprogrammed password unique to each device manufactured; or (ii) the device must contain a security feature that requires a user to generate a new means of authentication before access is granted for the first time.

The IoT Laws broadly capture “manufacturers” to include the producers of the devices themselves and those who manufacture on behalf of such organizations, connected devices that are sold or offered for sale in California. However, manufacturers are not responsible for any unaffiliated third-party software or applications that a user chooses to add to the device. Contracts with organizations or persons involving the mere purchase of connected devices or purchasing and branding a connected device are excluded. 

Manufacturers are obliged to allow users to have full control and/or access over connected devices, including the ability to modify the software or firmware running on the device at the user’s discretion. Additionally, no obligations or duties are imposed upon electronic stores, gateways, marketplaces or other means of purchasing software or applications to review or enforce compliance with these statutes.

The IoT Laws contain various exclusions and limitations. For example, they do not apply to manufacturers of connected devices that are already subject to security requirements under US federal law, regulations or the guidance of federal agencies (presumably FDA-regulated medical devices, for example). They do not prevent law enforcement agencies from continuing to obtain connected device information from a manufacturer as authorized by law or pursuant to a court of competent jurisdiction. They also do not apply to the activities of covered entities, providers of health care, business associates, health care service plans, contractors, employers, or other persons subject to the U.S. federal Health Insurance Portability and Accountability Act of 1996 (better known as HIPAA) or California’s Confidentiality of Medical Information Act.

Significantly, the IoT Laws do not provide individuals with a private right of action against non-compliant manufacturers. Only the Attorney General, a city attorney, a county counsel, or a district attorney has the authority to enforce these requirements.

The IoT Laws are scheduled to come into force on January 1, 2020.

The enactment of the IoT Laws was clearly motivated by the desire to improve the security of smart devices and mitigate security vulnerabilities that leave such devices open to cyber-attacks such as Mirai malware. By not mandating what security features are ”reasonable,” the legislation is effectively leaving it up to the manufacturer to determine whether its security features meet the three-prong test described above. Guidance from agencies such as the National Institutes for Standards and Technology (NIST) and other industry self-regulatory guidelines can help determine what will be reasonable under the circumstances (in fact NIST is currently seeking comments on its draft guidance document which includes recommendations for addressing security and privacy risks associated with IoT devices—see Draft NISTIR 8228, “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks”.)(“NIST Guidance”).

The new IoT Laws are not without their flaws and skeptics. Critics charge that certain aspects of the IoT Laws are vague and ambiguous given the lack of clear standards (what does “reasonable security feature or features” mean practically?) with no way to validate that the manufacturer actually designed to those standards. While the IoT Laws may address the security threats associated with hardcoded or default passwords that are easily guessable and may force manufacturers to in turn force consumers to change their passwords before using such devices (or otherwise install unique passwords), they do not address many other security concerns or truly enhance device security. These concerns include the failure of many manufacturers to routinely update the software/firmware accompanying many IoT devices (or otherwise compel consumers to update such software/firmware if patches/upgrades are actually available) to address security and other concerns. Other pre-market security means to enhance security are also ignored (device attestation, security audits for firmware from third party providers, improvements in device access, management, and monitoring, requirements to remove unnecessary insecure features, etc.). As the NIST Guidance has noted, an IoT device may be a black box that provides little or no information on its hardware, software, and firmware or may not offer any built-in capabilities to identify and report on known vulnerabilities. And users can still deploy terrible passwords. 

However, while arguably incomplete from a security perspective, California is a large market and a standard setter for the U.S., and the IoT Laws may serve as an example for other jurisdictions to follow. Accordingly any manufacturer of an IoT device that intends to ship its products into California must start employing better security features that meet the requirements of the IoT Laws; as such the IoT Laws may be the catalyst required to nudge IoT-connected devices in the right direction to better security.

Lisa Lifshitz

Blockchain technology (or as some commentators prefer, “distributed ledger technology”) is a major technological innovation that promises to significantly alter the way we do business in several fields. Those changes, in turn, will bring new legal challenges that our laws, courts, regulatory agencies, and other institutions must address. As promising as blockchain technology is, however, it is no panacea. It can offer concrete benefits over prior approaches, but it also comes with real costs that can limit or preclude its use in some applications. To better assess the legal challenges facing existing and new applications of blockchain technology, it is important to understand the benefits and costs of the technology; that, in turn, requires at least some level of understanding what blockchain technology is.

The starting point for the technology was Satoshi Nakamoto’s release in 2008 of the white paper, Bitcoin: A Peer-to-Peer Electronic Cash System (Nakamoto was a pseudonym for the real and still-unknown authors), in which Nakamoto introduced blockchain technology for the first time along with a fully conceived platform for its use to implement digital cash.

By the time Nakamoto released his white paper in 2008, digital signatures were a well-understood feature of the mathematical field of public-key cryptography. Participants generate a key pair composed of a public key and a related private key. The public key is distributed to all participants while the private key remains secret. The relationship between the two keys is such that a message encrypted with one of the keys can only be decrypted using the other key.

In this system, a participant, Alice, can digitally sign a message by encrypting it with her private key, which only she possesses. Anyone can read the message by decrypting it with Alice’s freely available public key, but the fact that the message can successfully be decrypted using Alice’s public key proves that Alice—and only Alice—digitally signed the text with her private key because only Alice possesses that key.

Like some others before him, Nakamoto began by defining a digital coin as a chain of digital signatures, but digital signatures alone could not prevent network participants from spending the same coins more than once by signing multiple but inconsistent spending transactions—the “double-spending” problem. To prevent double-spending, the system must have some way to determine whether the sender, Alice, owns a spendable coin that has not previously been sent to someone else. Prior electronic payment systems typically solved the double-spending problem by relying on a trusted central party to keep track of all transactions. In contrast to such a centralized system, Nakamoto sought a peer-to-peer system that did not assign trusted status to a special central party.

Nakamoto reasoned that a peer-to-peer system could work if each node possessed the means to evaluate for itself the validity of the transaction. Thus, each node would have to maintain its own ledger of all transactions. This ledger—with identical copies distributed to all notes—is the blockchain. All new transactions would be distributed in blocks to all nodes, which would add them to their ledgers.

With each node maintaining its own ledger, there arose a need to ensure that the separate ledgers would remain consistent. Thus, Nakamoto needed a mechanism to achieve consensus among the nodes as to which transactions should be included and in what order. Nakamoto decided to use “proof of work” to achieve consensus on the Bitcoin network. Certain nodes—miners—would validate transaction blocks by performing a time-consuming calculation, adding proof of the successful completion of the calculation to each validated block. Then, in the event a node received inconsistent blocks to add to the chain, Nakamoto specified that nodes should select the valid blocks representing the largest amount of computational work. A proof-of-work mechanism requires a lot of computation, but it is essential to the functioning of the Bitcoin consensus system. Therefore, the system provides miners an incentive payment in the form of newly created bitcoins and transaction fees offered by the sender.

People soon realized that blockchain technology could be adapted to uses beyond Bitcoin. The first such use was to create new cryptocurrencies. Today, there are thousands of “altcoins” using blockchain technology. Beyond cryptocurrencies, many other human activities are amenable to representation in a ledger system like the one underlying Bitcoin. One obvious example is a blockchain used to keep track of assets such as real property, inventory items, and government records. The blockchains in these use cases might operate similarly to the Bitcoin blockchain, but instead of coins, they would employ coin-like tokens linked to the underlying physical assets.

Taking blockchain technology beyond Bitcoin, other developers have implemented systems that offer the ability to execute user-specified programming code on the blockchain itself. For example, the Ethereum platform begun in 2013 allows users to create complex computer code linked to transactions on a blockchain. As a result, some users speak not of submitting transactions on Ethereum, but of creating “smart contracts” (also called distributed applications, or dApps), which run on the blockchain. The availability of smart contracts in a blockchain system makes it possible to envision autonomous, distributed functioning of a number of complex activities that cannot happen today without manual control and intervention, or a centralized bureaucracy.

• Autonomous trading platforms. Smart-contract code automatically matches buyers and sellers and automatically performs trading on the blockchain in securities, commodities, or other assets.
• Supply chains. Actors at each stage of a supply chain—purchasing, manufacturing, transportation, delivery, payment—enter secure transactions into a blockchain system, and smart code automatically tracks products, initiates new orders, and allocates appropriate resources at the next stage of the chain.
• Peer-to-peer insurance. The pooling of risks, the events documenting the losses and claims, and the submission and payment of claims are represented by autonomous transactions on the blockchain.
• Organizational decision making and voting. Participants in an organization vote for new policies, investments, or candidates by recording secure transactions on a blockchain, and smart-contract code automatically tallies the results and effectuates the election results.

Although blockchain technology confers many potential advantages, its nature poses potential costs as well. Not all centralized ledgers are better replaced by distributed blockchain technology. Some of the potential advantages and disadvantages are described below. The successful use cases will be ones with a favorable balance of factors.

• Many business processes involve complex interactions among multiple individual or institutional intermediaries that are intended to serve as a check on one another. In a blockchain network, careful planning can allow cryptography and consensus mechanisms to take the place of human judgments about trust, just as they do in the Bitcoin network.
• Transparency and immutability. The basic operation of a blockchain system is the creation and addition of validated blocks to a chain of prior blocks. These blocks provide a complete record of all transactions and operations processed by the system. Cryptography insures that blockchain records, once recorded, cannot be forged or altered.
• Blockchains distribute the responsibility for storing and processing information across multiple nodes in a networked system. In doing so, they reduce the number of possible points of failure or points of attack.
• Automatic rule enforcement. The nature of blockchain systems disallows certain kinds of errors and malfeasance that in other systems might require specialized code or human intervention.
• User autonomy. Blockchain systems can allow users great autonomy in the control over their own transactions. In the Bitcoin network, for example, so long as the network continues to operate, there is no way to prevent a user from transferring bitcoins or to force an unwanted transfer without the user’s private keys.
• Performance and scalability. The features that provide blockchain technology its advantages come with performance and resource costs. Even if a blockchain system does not use the proof-of-work system of Bitcoin, blockchains frequently require significant storage, computing power, and network bandwidth. As a general matter, blockchain-based systems use more computing resources and scale less efficiently than systems based on centralized ledgers.
• Complexity, errors, and vulnerabilities. Blockchain systems can be highly complex and difficult to develop. Moreover, the design and programming of smart-contract systems utilizing blockchain systems is a separate source of complexity, and almost certain to produce significant bugs and vulnerabilities that can lead to execution flaws or vulnerabilities.
• The blockchain contains a full and detailed record of every transaction processed using the system, and the consensus mechanism of the system ensures the replication of that full record across multiple nodes of the system. These risks do not necessarily prevent the use of blockchain technology for sensitive information, but they can add complication to the design of the system.

To practice law effectively, lawyers today need a basic understanding of modern technologies, which should include the fundamentals of blockchain technology.

In depositions and trials involving non-English-speaking parties and witnesses, clients represented by bilingual counsel have the clear upper hand. The advantage a bilingual attorney has over a nonbilingual attorney cannot always be offset by the services of an interpreter at deposition or trial, given that even the most skilled interpreter can make inadvertent mistakes and, more importantly, cannot comment on material credibility indicia of non-English-speaking witnesses, such as their intonation or sarcasm, while testifying. Consider these scenarios:

A plaintiff in a deposition testifies in Spanish, but neither the plaintiff’s nor the defendant’s attorneys speak Spanish. Out of necessity, both attorneys must rely on the interpreter’s translation of the plaintiff’s testimony (particularly if the proceeding is not videotaped), although neither attorney can be sure that the translation truly captured the meaning of the testimony the plaintiff gave in Spanish. Regardless, the interpreter’s translation stands without contest and becomes the official record of the deposition or trial. Clearly missing in an even accurate, verbatim translation of the testimony is an assessment of the witness’s credibility. Neither counsel will know whether the witness used certain words in a sarcastic or skeptical tone which, if known, would have prompted counsel to seek clarification or conduct follow-up questioning.

Consider another scenario, but one in which only one of the attorneys speaks the plaintiff’s native language. For this example, assume the bilingual attorney is defense counsel in the deposition of a Spanish-speaking plaintiff. Defense counsel, as the sole bilingual attorney in the proceeding, understands the plaintiff’s testimony in Spanish and understands the interpreter’s translations of counsel’s questions and plaintiff’s answers. In this scenario, the bilingual defense counsel has the ability to effectively challenge the accuracy and completeness of the interpreter’s translations during the deposition. Plaintiff’s counsel, the nonbilingual attorney, is at a clear disadvantage, unable to challenge defense counsel’s objections to the interpreter’s translations. Worse yet, the nonbilingual attorney may not be representing the client well if he or she fails to object to inaccurate translations defense counsel did not challenge. Besides the bilingual counsel’s ability to understand the Spanish testimony and translations, the bilingual counsel has another advantage. The Spanish-speaking witness may be more candid, cooperative, or feel less anxious if the witness knows the questioning attorney is bilingual.

The effectiveness of the legal representation a client receives in litigation involving non-English-speaking parties or critical witnesses often depends on the ability of a party’s counsel to understand the non-English-speaking party in his or her native language not only to ensure that the translations are correct, but more importantly, to assess witness credibility. Counsel at a deposition or trial should not rely on an interpreter for this purpose.

Just as court reporters in trials and depositions must transcribe testimony verbatim and without injecting subjective commentary, such as a witness’s intonation or sarcasm while responding to questions, interpreters in depositions and trials involving non-English-speaking witnesses must also act in neutral capacities. Interpreters can provide only verbatim translations of questions posed and answers given at depositions and trials. Interpreters may not add their own subjective commentary to translations, such as whether in a narrative response a witness used a particular word in a sarcastic, surprised, or skeptical tone. It is the responsibility of counsel to make important credibility assessments of witnesses—whether English-speaking or not—to effectively proceed with the interrogation or defense of a witness during a deposition or trial. It goes without saying that in addition to a witness’s substantive responses, a witness’s credibility involves an assessment of intonation, sarcasm, body language, and emphasis on certain words while testifying, particularly in harassment, discrimination, and other employment-related cases. The bilingual attorney who speaks the same language as the witness can pick up on important credibility subtleties and nuances (such as sarcasm, skepticism, fear, hesitation, etc.) that are not captured in interpreters’ translations and may be missed by counsel who are not bilingual. At a trial where jurors speak the same language as a witness, a bilingual attorney is in the best position to instantly gauge juror reaction to a witness’s intonation or emphasis of certain words while testifying and adjust trial strategy as necessary.

Aside from credibility assessment considerations, the bilingual attorney has other advantages. In the heat of trial or deposition, the bilingual attorney can quickly use his or her judgment in deciding whether to: pursue alternate questioning if a witness’s intonation while testifying indicates hesitation, discomfort, sarcasm, or skepticism; let awkwardly translated answers stand to avoid disrupting the flow of questioning or wasting limited time; forgo objections to certain translations of technical words or slang because they cannot be translated with precision; question a witness about foreign-language documents produced during a deposition; conclude that although testimony was not translated verbatim, an interpreter’s translation captures the essence of a witness’s testimony; call for a break upon detecting that an interpreter is becoming bored or tired as evidenced by labored or confusing translations of questions; or object to translated questions or testimony because the translations are inaccurate or incomplete.

Counsel may opt to videotape a deposition to capture a witness’s non-English testimony and an interpreter’s translations of same. Counsel should not count on using the videotape to challenge inaccurate translations after the deposition is concluded. Aside from possibly waiving such objections because they were not made during the deposition, it may not be feasible to reopen the deposition to conduct follow-up questioning based on the witness’s actual testimony. Moreover, the deponent may attempt to use the videotape to make substantive changes to the deposition transcript based on his or her responses as reflected in the videotaped deposition.

Large percentages of employment-related litigation in the United States are brought by non-English-speaking plaintiffs, particularly in states such as California where Latinos comprise almost 40 percent of the population. Given these demographic realities and to effectively represent their clients, counsel must be prepared to address the challenges presented in depositions and trials involving non-English-speaking witnesses.

In response to increasing public attention on the small percentage of women serving on corporate boards, the California Assembly passed Senate Bill 826 (the Act). The Act requires that all public companies headquartered in California have at least one female director and, beginning in 2021, a percentage of female directors based on the size of its board. Although championed by the National Association of Women Business Owners and other activists, the Act will face legal challenges to its implementation, and its overall impact may be muted.

Background and Requirements

California’s mandate is the most recent attempt in the growing movement to increase women on corporate boards across America. The first pages of the Act offer a litany of findings outlining the current state of affairs and the widespread historical exclusion of women from corporate leadership posts. The Act reads as follows:

For companies with a market capitalization of more than $10 billion, those with women directors on boards outperformed shares of comparable businesses with all-male boards by 26 percent. . . . As of June 2017, among the 446 publicly traded companies included in the Russell 3000 index and headquartered in California, representing nearly $5 trillion in market capitalization, women directors held 566 seats, or 15.5 percent of seats, while men held 3,089 seats, or 84.5 percent of seats. . . . More than one-quarter, numbering 117, or 26 percent, of the Russell 3000 companies based in California have NO women directors serving on their boards. . . . If measures are not taken to proactively increase the numbers of women serving on corporate boards, studies have shown that it will take decades, as many as 40 or 50 years, to achieve gender parity among directors.

The Act addresses these shortcomings through a two-pronged mandate. First, any publicly held domestic or foreign corporation whose principal executive office is in California (according to its 10-K) must have one female director on its board by December 31, 2019. Second, no later than December 31, 2021, those same corporations must have at least three female directors if there are six or more board seats, or two female directors if there are five board seats. The first violation of the Act (or a failure to file the mandated disclosure information) results in a $100,000 fine; each subsequent violation is $300,000.

Champions of the Act have realized the legal challenges to come (as discussed below), but viewed its passage and signing by Governor Jerry Brown as applying much-needed pressure to accelerate the elevation of women into corporate leadership positions. In his signing statement, Governor Brown expressed a desire for firm action despite the potential obstacles to implementation, stating: “There have been numerous objections to this bill and serious legal concerns have been raised. . . . Nevertheless, recent events in Washington, D.C.—and beyond—make it crystal clear that many are not getting the message.” After highlighting that corporations have been considered “persons” since at least 1886, well before women could even vote, Governor Brown further stated, “Given all the special privileges that corporations have enjoyed for so long, it’s high time corporate boards include the people who constitute more than half the ‘persons’ in America.”

Legal Objections

Beyond policy-based objections, critics have raised at least two legal arguments against the Act: (1) it violates equal protection by facially discriminating based on sex, and (2) because it applies to companies organized outside California, it violates the dormant commerce clause and the “internal affairs doctrine,” which requires that internal company affairs be under the regulatory purview of only one jurisdiction.

Taking these complaints in turn, the 14th Amendment equal protection argument is straightforward. Any law that discriminates based on sex must survive a heightened version of intermediate scrutiny. Per Justice Ginsburg’s 1996 majority opinion in United States v. Virginia, any sex-discriminatory law must have an “exceedingly persuasive justification” and be “substantially related” to an “important” state interest. Although remedying the long-standing exclusion of women from corporate leadership is no doubt an important state interest, California may struggle to show that its chosen means are a close fit with its legitimate end goals. The Act may apply both too narrowly (to the small subset of companies that are both publicly traded and headquartered in California) and too broadly (without consideration for whether a firm has previously engaged in discriminatory conduct or whether an industry may naturally attract more men or women) to survive scrutiny.

Second, by applying the mandate to companies organized outside California (so long as the executive offices are in California), the Act imposes a burden on foreign-organized corporations beyond California’s state interest and potentially requires companies to comply with incompatible mandates from competing jurisdictions. Due to these issues, the Act’s enforceability could be judicially limited to firms that are organized and located in California. If so, the Act would apply only to a small subset of local companies—one estimate puts the number at 72—and only one of the Fortune 500. See Joseph A. Grundfest, Mandating Gender Diversity in the Corporate Boardroom: The Inevitable Failure of California’s SB 826, Rock Center for Corporate Governance at Stanford University Working Paper No. 232 (Sept. 12, 2018).

Potential Impact on Board Composition and Governance

Although the number of companies directly impacted is relatively small (enforcement may well be limited to companies both chartered and located in California), the real value is in sending a signal that may prompt other states to begin pushing for and requiring more equitable board composition. The Act may also help to add momentum to diversity efforts undertaken by investors. Before the Act was passed, CalPERS sent a letter in 2017 to certain Russell 3000 companies asking each of them to “develop and disclose its corporate board diversity policy and implementation plan to address the lack of diversity.” State Street also attracted much attention for its diversity advocacy efforts when it installed “Fearless Girl” across from the “Charging Bull” in lower Manhattan at the center of the Financial District and announced that it would be engaging with companies about the importance of diversity. BlackRock likewise announced in 2017 that it would hold nominating and governance committees accountable if they do not achieve results. Passage of the Act keeps this issue at the forefront and may encourage other investors to follow suit.

California is blazing a new trail in the United States, but European countries began adopting quotas more than a decade ago when Norway adopted a 40-percent quota and France and Italy passed similar measures. Today, the composition of the boards of Norway’s public companies includes 41 percent women, a number well above that currently achieved in the United States. Whether the United States will be able to realize similar results will depend upon whether the Act and any other similar legislative efforts will be able to overcome legal challenges that are sure to make their way through the courts.

This two-part series of articles has been abridged and adapted from the chapter “Analysis of Cost Behavior” by Elizabeth A. Eccher, Jeffrey H. Kinrich, and James H. Rosberg, in the book Lost Profits Damages: Principles, Methods, and Applications, edited by Everett P. Harry III and Jeffrey H. Kinrich (Valuation Products and Services, 2017).

In Part One of this series, we discussed concepts relevant to calculating avoided costs, a key step in calculating lost profits. In this article, we illustrate the use of these concepts in determining avoided costs.

Identifying the Cost Objects Comprising Lost Sales

The analysis of avoided costs logically follows, and depends on, an analysis of lost sales revenue, which is in turn a function of the quantity of products or services that were not sold and the price that would have been received if the sales had occurred. Therefore, for each cost object comprising the lost sales, the cost analysis requires consideration of the following questions:

• How many units of each product or service would have been sold?
• Over what time period(s) would the sales have occurred?
• At what prices would sales have occurred?

The total amount of any costs that are determined to be variable—and hence potentially avoided—will depend directly on the quantity of product that would have been manufactured and sold. In addition, because fixed costs may be fixed only with respect to a relevant range of time and activity, it is important to know whether the quantity of lost sales falls within or outside of that range. As discussed further below, the price of a lost sale may be relevant for certain incremental marketing costs, such as sales commissions.

Identifying Resources Involved in Producing the Product or Service

As discussed in Part 1, costs arise through the consumption of resources. Therefore, the analyst should gain an understanding of the resources and activities required to make the lost sales products or services. To gain this understanding, the analyst should consider the following:

• Are direct materials required?

These may include raw materials, such as steel or silicon, as well as components, such as batteries or circuit boards. Direct materials almost always result in variable, and thus incremental or avoidable, costs.

• Is direct labor required?

Labor costs depend on the nature of the contracts between employer and employees, which may affect the variability of these costs.

• Are productive assets (i.e., capital investments) used in the production process?

Machinery use, for example, can give rise to indirect costs, such as set-up, calibration, operating supplies, and routine maintenance. Similarly, the use of a factory or other building can give rise to indirect costs related to ongoing maintenance and other operating overhead costs, such as for electricity, other utilities, and security.

Identifying the Resources Involved in Selling and Delivering the Product or Service

In addition to production costs, the company may incur costs related to delivering and selling the product or service in question, as well as costs related to future obligations resulting from a sale. The following considerations will be relevant to this assessment:

• How are sales generated? Is there a direct sales force that receives a sales commission?
• Does the seller bear the cost of transporting the products to buyers? If so, the behavior of transportation/delivery costs should be analyzed.
• Is the product or service covered by a warranty or other contract that will give rise to expected costs in the future? Warranties obligate the seller to guarantee certain aspects of product performance after delivery.
• Is additional capital required to produce a good or service and, if so, at what cost? For example, the company may have accounts receivable or may purchase and hold relevant inventory. Whether the funds are provided by the company or sourced externally, the company is incurring a cost by using funds from which it could otherwise earn a return on investment.

Identifying the Cost Data Available for Analysis

For financial reporting under generally accepted accounting principles (GAAP), firms must calculate the cost of products they produce or purchase and transfer those costs from an inventory account to an expense called cost of goods sold (COGS) as the products are sold. COGS often include, however, both direct costs that can be traced to products and indirect costs, such as warehousing or depreciation costs, that may be unlikely to change as sales volume increases, at least within a relevant range. Nevertheless, the unit costs calculated under GAAP can provide a useful starting point, particularly if the underlying financial records allow the analyst to disaggregate unit costs into components (such as materials, labor, and various types of overhead) that can be further analyzed.

Beyond the cost systems used for financial reporting, firms sometimes maintain internal records and systems to support their own cost-management efforts.

Developing Hypotheses about Likely Cost Behaviors

When developing hypotheses about cost behavior, the central question is: What incremental costs must be incurred to develop, produce, and sell the good or service within the relevant time frame and range? In some cases, strong hypotheses about cost behavior exist at the outset of the analysis.

As mentioned in Part 1, though, expected cost behavior may not be as clear-cut for other resources. Consider direct labor costs in automobile manufacturing. Unlike direct materials, labor is not usually purchased by the unit (e.g., by the hour or even by the day). Rather, employees often have labor contracts that limit the firm’s ability to terminate employment over short periods. Thus, labor is one example of a cost for which it is important for an analyst to carefully assess cost behavior in order to determine whether the cost can be expected to vary (or not) with incremental sales volumes over specific periods.

Testing the Hypotheses

Two of the most common methods used to test cost behavior and estimate avoided costs are account analysis and regression analysis. We discuss and illustrate each in turn.

Account Analysis

Account analysis (sometimes called the direct assignment method) is a simple but often valuable method for identifying fixed and variable costs. The analyst reviews the historical income statements or a detailed general ledger and judges whether costs reflected in each account are fixed or variable based on experience, observation of the accounts’ behavior, review of the business’s contracts, and consultation with other sources of expertise. This background provides valuable information about how costs relate to activities and how both activities and costs behave with respect to changes in production or sales volumes.

Although account analysis can be a useful tool for analyzing cost behavior, accounting data are often “messy” due to changes in accounting practices over time, the presence of amortized or allocated costs, and end-of-quarter or end-of-year adjustments, among other issues. These data problems can lead to nonsensical results; thus, it is often informative to combine account analysis with other tools, such as regression analysis.

Regression Analysis

Regression analysis is a generally accepted statistical method used to measure the degree and nature of association between a dependent variable (the variable the analyst seeks to explain) and one or more independent variables (the variables hypothesized to cause the behavior of the dependent variable). That is, the analyst seeks to measure the association of the rate of change of a dependent variable with the rate of change of independent variables.

In the context of lost-profits analysis, costs are typically the dependent variable, whereas measures of activity (such as inputs to or from manufacturing processes or units sold) are typically among the independent variables. Analysts might use regression analysis when they have data for a dozen or more time periods for two or more particular costs or volumes and want to find a relation that can predict one value given the others.

Although the mathematics behind regression analysis may be complex, it is a powerful tool with which to measure the extent of the correlation between dependent and independent variables.

Developing Conclusions, Subjecting Them to “Sanity Checks,” and Revising

A common refrain in scientific analyses is that “correlation is not causation.” Regression analysis may yield spurious results, such as finding a statistically significant relationship between cost and sales (or production) that does not reflect a causal relationship, or failing to find a statistical relationship when a causal relationship does exist. Moreover, regression analysis may fail to identify an actual incremental cost when measures of cost are not recorded when they are incurred. For example, depreciation of capital equipment is typically recorded according to a preset formula, not according to the intensity of use of the machinery. Therefore, a regression analysis of depreciation cost will typically not find a statistically significant relationship with production even if machinery does wear out in proportion to its usage.

Given the potential for spurious results, the analyst must confirm any cost estimate, statistical or otherwise, as reasonable. Accepted testing methods include:

• Comparing the results of more than one estimation method. If the results are reasonable, both methods should yield approximately the same results; if results differ, reasonable explanations should exist for any discrepancy.
• Comparing the results to actual experience. For example, compare estimated costs at historical volumes to actual historical costs. Compare results at an assumed but for volume with historical results (at some other date) for roughly the same volume. The results need not be identical, but differences should be reasonable.
• Comparing the results to independent cost estimates. The company may have forecast costs as part of a business plan before the alleged misconduct. Industry statistics can also provide a useful baseline.
• Considering the intrinsic reasonableness of the results. Do costs increase with volume? Do they behave appropriately compared to changes in production capacity? In short, do the results make sense?
• Considering the insights and experience of company management, industry analysts, and experts on the particular production process.

Conclusion

Cost estimation is an important part of a lost-profits analysis. By understanding cost behaviors and using the tools of cost accounting, statistics, economics, and industrial engineering, the analyst can produce defensible estimates of incremental costs. If the tools are applied by rote or without sufficient consideration of the context, the results of the analysis will not be reliable.

Read Part One of this series.

Elizabeth A. Eccher is a principal in the Chicago office of Analysis Group, Inc.; Jeffrey H. Kinrich is a managing principal in the company’s Los Angeles office; and James H. Rosberg is a vice president in the San Francisco office.

This two-part series of articles has been abridged and adapted from the chapter “Analysis of Cost Behavior,” by Elizabeth A. Eccher, Jeffrey H. Kinrich, and James H. Rosberg, in the book Lost Profits Damages: Principles, Methods, and Applications, edited by Everett P. Harry III and Jeffrey H. Kinrich (Valuation Products and Services, 2017).

In many lawsuits, a plaintiff may recover damages for lost profits. For a given time period, profit equals the difference between sales revenues and the costs or expenses required to generate those revenues. When revenues are (wrongfully) diminished, costs are often reduced as well. Therefore, computing lost profits requires computing not only lost sales revenues, but also the resulting avoided costs that would have been required to generate those sales (also referred to as saved expenses or incremental costs). Think of it as a simple equation:

Lost Profits = Lost Revenues – Avoided Costs

Although proper calculation of avoided costs is thus essential to calculating lost profits, it is not as straightforward as it may seem, and it often becomes a point of contention between damages experts. The higher the costs that can be attributed to a sale, the lower the profit from that sale. This can lead to disagreements between a defendant’s expert and a plaintiff’s regarding both the nature of the costs associated with lost sales and the amount of those costs.

In what follows, we lay out the basic concepts behind avoided costs and offer analytical guidelines as to their proper calculation.

Fundamental Cost Concepts

We begin with costs themselves, which are measures of resources used or foregone to achieve a particular objective. A cost object is something that a cost measures—it could be a physical object, a service, or an activity.

An example of a physical product that is a cost object is a bicycle. Costs associated with manufacturing and selling the bicycle would arise from acquisition or production of the bicycle’s components, labor used to assemble the components into a bicycle, distribution of the bicycle to retailers, and so on.

An example of a service that is a cost object is the customization of a database software package. Here, the relevant costs could include those associated with sales and marketing, developers’ time to do the required development work, and ongoing development to maintain and update the program.

An understanding of the different ways to classify costs is essential for an accurate calculation of avoided costs. We describe some of the basic distinctions below.

Variable, Fixed, and Semi-variable Costs

The first important dimension to consider is whether costs are variable or fixed. Variable costs vary with respect to changes in the underlying activity or volume/quantity. In the bicycle example, if each bicycle requires two pedals, and the company purchases each pedal for $3, the pedal cost is a variable cost of $6 per bicycle. This cost is variable because the total cost varies in constant proportion to the number of bicycles produced.

Fixed costs, by contrast, do not change in response to changes in the volume of activity over a specified time period or range of volume. Consider rent for factory space under a lease that requires a monthly payment of $2,000. Although the company’s production volume may fluctuate from one month to another, the rent remains a constant fixed cost of $2,000 per month.

Fixed costs, however, may not always remain fixed. A lease may expire, causing the rent to increase or decrease. Over a long enough period of time and a large enough change in volume, nearly every cost becomes variable. Thus, fixed costs are typically fixed for a limited period (e.g., the monthly rent can increase or decrease after the lease expires), and only over a relevant range of activity (e.g., a large change in production volume may require a change in production facilities or equipment).

Therefore, in assessing whether a cost is fixed, a critical consideration is “fixed with respect to a particular period and a relevant range of activity.” Costs that are fixed over a certain range but change outside that range are sometimes referred to as step costs.

Finally, the term semi-variable costs refers to those costs that have both a fixed and a variable component, for example a telephone service contract that charges an “access” cost of $10 per month that includes 300 minutes of connection time plus a usage cost of $0.05 for each minute beyond 300.

Direct and Indirect Costs

Another important distinction is between direct and indirect costs. Direct costs are those that can be traced in an economically feasible or cost-effective way to a particular cost object, whereas indirect costs cannot. Typically, companies record indirect costs in cost pools and then make allocations from these pools to calculate the full cost of a product or service.

Continuing with our bicycle example, the direct costs for the product include the pedals and other components that are purchased from outside vendors. The cost of each pedal is directly traceable to the cost object (the bicycle). By contrast, consider a production supervisor whose job entails oversight of a number of projects, one of which involves bicycles. The supervisor’s salary is an indirect cost that cannot be traced directly to the cost object (the bicycle) in a straightforward way. Such indirect costs have become a greater proportion of total product costs in recent years, making their analysis and estimation increasingly important.

Analysis of Cost Behavior

Why are these distinctions important? Why should they matter for the project of determining lost profits?

The answer is that, as a general rule, fixed costs should not be deducted from lost sales during the lost profits calculation. In a simplified case, only variable costs that change according to the volume of lost sales should be taken into account. Similarly, indirect costs that cannot be traced to the lost sales of a particular cost object should be excluded from the avoided costs calculation; only direct costs and those indirect costs that can be traced to lost sales of a particular cost object should be included as saved expenses. This is because, in many cases, traceable costs tend to behave as variable costs, whereas untraceable costs tend to behave as fixed costs.

To take a rather basic example, think of our bicycle manufacturer, which claims it has lost sales of a specific number of bicycles due to a competitor’s allegedly illegal actions. If the company does not purchase the pedals that would have gone into the manufacture of those bicycles, the cost of those pedals is a direct (traceable to the cost object of the bicycle) variable (with the number of bicycles that were not sold) cost, and hence an avoidable cost. By contrast, the rent on production space, which would have to be paid regardless of the disruption, is a fixed cost that is not avoidable. A portion of a production supervisor’s salary that cannot be traced to bicycle production in a straightforward way is an indirect cost that also may not be relevant for the saved expenses calculation.

Although this may sound straightforward, these distinctions are rarely so clear-cut when it comes to multifaceted, real-world businesses. In particular, the line between fixed and variable costs may prove especially complex in certain cases. Consider a business that has suffered a disruption and wants to argue that it would have significantly ramped up its production volume (and hence its profits) but for the disruption.

In this scenario, certain costs that would have been considered as fixed in the existing circumstances should be considered as variable in the “but for” world; examples could include increased rent for a larger factory space, or additional labor costs to meet the new production demands. These costs should now be considered step costs because the alteration in range has made a portion of the costs variable instead of fixed; this portion should now be considered as part of the avoided costs calculation.

The broader point is that the calculation of avoided costs is a complex task that requires a set of sophisticated tools in order to produce a plausible assessment in litigation.

Analyzing Avoided Costs: A Step-by-Step Methodology

As we have seen, a key cost question in a lost-profits analysis is: What incremental costs would the plaintiff have incurred to realize the additional sales revenues but for the unjust disruption to the business? The following steps are helpful in making this calculation:

1. identify the cost objects (i.e., the products or services) comprising the lost sales;
2. identify the resources involved in producing the product or service;
3. identify the resources involved in selling and delivering the product or service;
4. identify the cost data that are available for analysis;
5. develop hypotheses about cost behaviors using the data and knowledge gathered from the steps above,;
6. test these hypotheses; and
7. develop conclusions, subject them to “sanity” checks, and revise conclusions as necessary.

We discuss and illustrate each step in Part Two of this series.

Elizabeth A. Eccher is a principal in the Chicago office of Analysis Group, Inc.; Jeffrey H. Kinrich is a managing principal in the company’s Los Angeles office; and James H. Rosberg is a vice president in the San Francisco office.