Without the law, the actual "contract" you have re ownership of anything is that you can prevent anyone else from owning those things. If someone else can manage to "steal" your thing, they own it now.
I think that's not a world anyone wants to live in aside from an-caps.
I'm not speaking of lawlessness, I mean the actual lawful contract of who owns or can transfer or take possession of the data. Bitcoin introduces all sorts of novel ways to store and assign ownership of the Satoshi. Flags like ANYONE_CAN_PAY and scripts which equate to ANYONE_CAN_SPEND, or in this case a script which equates to SPEND_WITH_PWD.
The vast majority of people have zero understanding of the underlying crypto contract they are entering when they use Bitcoin. But there are experts who can explain what these scripts actually mean and who in turn can access the funds and under what conditions. Like buying other commodities electronically, it is best to consult an expert if you don't know what you're doing. That doesn't change the terms of the underlying contract.
Back in the real world, contracts have a lot to do with intent. Generally, if you didn't intend to give money to whoever picks it up first, a court would rule that nobody but the intended recipient has the right to pick up the money.
Even if you leave a duffel bag full of money beside a motorway, it's not legally the property of whoever picks it up first. That would be a perfectly reasonable legal argument. In order to give it away to whoever picks it up first, you need to create clear intent - a posting in plain English, for example. Making it easy to pick up isn't intent to allow anyone to pick it up.
Code isn't contract, and behaviour isn't contract either.
> In order to give it away to whoever picks it up first, you need to create clear intent - a posting in plain English, for example.
So we have someone who takes that proverbial duffel bag full of money, lays it down on the information superhighway, and puts a sign on it which says, 'SPEND_WITH_PASSWORD'. So Malory picks up the bag, opens it up with the password, and spends the money. They didn't "intend" for that to happen, but they signed a contract which says exactly that. The best example I've heard where this is not a valid defense is the life insurance policy written by Aviva France which allowed retroactive trading (a.k.a printing money) and where the policy could now be worth billions of dollars. [1]
Can code ever be a contract? I think so. What if the code functions exactly as designed, and exactly as advertised, is it then a contract? A world where you don't have the freedom to follow clear and obvious labels does not function very well. If someone puts a water fountain on a public way, and then sues people for drinking from it claiming they stole the water, I would hope those claims would be thrown out and the claimant censured.
The right answer is, of course, no one should be laying their money down with a sign on it that says 'SPEND_WITH_PASSWORD' if that's not what they want to have happen -- because trying to recover that money after the fact when someone picks it up is going to be challenging, to say the least. But I do think it's an interesting argument to say that the person who did pick it up with the right password actually did nothing legally wrong, and even ethically or morally wrong.
Even more-so, I find arguments that 'SPEND_WITH_PASSWORD' should actually mean 'SPEND_WITH_PASSWORD_AND_CONSENT' to be highly problematic for a decentralized blockchain which can trade smart assets. A crypto-currency should be expected to do what it says on the label, and users should be expected to read the label before using it. See, for example, the many cases of inadvertently large transaction fees, and even that's a more clear cut example of programming error, or human error, than 'SPENT_WITH_PASSWORD' which does exactly what it says.
A machine flag on a data record which doesn't even say SPEND_WITH_PASSWORD, but is instead a set of machine instructions, to be interpreted by a machine that nobody really fully understands, is not human-readable English, and can reasonably be set without intent to allow anyone to spend it - it's easy to mess up and make it less secure than you intended.
Therefore, it's not a contract, by definition, no matter what a subset of the population would like to think. Also - what if there's a crypto bug somewhere in Bitcoin, or a popular key/password generator? If it turned out all SPEND_WITH_PASSWORD transactions are far weaker than expected, does that mean it would be perfectly legal for anyone to steal money from all such transactions? I can't see a court saying "yes" to that, any more than they'd say that if your computer wasn't secure enough it'd be legal to access your bank account details and steal all your money from your bank. Or you could also bring up the argument that you'd get your money back if you'd sent money to the wrong person by PayPal/Faster Payments/whatever and had to take it to court, and the term "smart contract" doesn't actually change what's almost the same action.
This doesn't necessarily mean the blockchain needs to include some sort of "revoke transaction" functionality, but it is something that you can take to court if you find out who stole your money. New tech doesn't mean that courts suddenly break every rule that's been developed over hundreds of years. Courts are very used to dealing with "irrevocable" transactions.
I think that's not a world anyone wants to live in aside from an-caps.