Читать книгу The Truth Machine: The Blockchain and the Future of Everything - Paul Vigna, Michael Casey J. - Страница 10
Оглавление“GOVERNING” THE DIGITAL ECONOMY
One evening in September 2011, an entrepreneur named Peter Sims received a text message from a friend, Julia Allison, wondering if he happened to be in an Uber SUV near 33rd Street and Fifth Avenue in New York. It happened that this was exactly where he was, and Sims assumed the friend must have seen him from another car.
In fact, Allison wasn’t even in the same state. She was at a party in Chicago, celebrating the launch of Uber in the Windy City. She’d watched as the Uber team performed one of its favorite party tricks: showing people what it called its “God’s view,” a live map revealing the locations of its cars and their passengers, by name. Uber was not only tracking its cars’ movements, it was tracking people’s movements. When Allison explained how she knew so much about his whereabouts, Sims flipped out and wrote a biting blog post about the experience.
Uber has become notorious for sexual harassment among its staff and has taken drastic action to try to resolve the problem, which was a significant factor in the forced resignation of its co-founder, CEO Travis Kalanick. But this privacy issue is just as important. Not only does the company control sensitive information about the journeys people take, but senior company officials, at least in the early days of the company, showed a willingness to abuse that power. In November 2014, Uber launched an investigation into the actions of its New York general manager, Josh Mohrer, after BuzzFeed journalist Johana Bhuiyan reported that he had used the God’s view feature to monitor her movements. The outcry over this and other privacy concerns led to a settlement with New York Attorney General Eric Schneiderman in which Uber agreed to encrypt riders’ names and geolocation data.
It’s certainly not hard to see that Uber and its main competitor, Lyft, have quickly enmeshed themselves in our daily lives. When the name of your company becomes a verb—Xerox, Google, Uber—you know you’ve arrived. But for all the branding associated with democratizing transportation, and with allowing drivers and passengers to come together and “ride-share,” Uber is really a centralization play. It’s not about disintermediation at all. This for-profit company is the gatekeeper for every deal that gets struck between every driver and every passenger, and for that it takes 25 percent each time. And it is far from the only for-profit company that makes money the new-fashioned way: by controlling data. How Uber, and also Facebook, Google, and all the other twenty-first-century tech titans, treat that data has become a critical issue.
The Internet, in case you weren’t aware, is owned. There are a handful of dominant companies that essentially control everything: Google, Amazon, Facebook, Apple (GAFA, some call them). We trust them to intermediate our e-mail and social media exchanges with each other, to manage our Internet searches, to store our data, etc. To varying degrees they do what seems to be a good job, but there is a huge cost in terms of the power we hand to these organizations. We, the general public, their unpaid product developers, literally create value for these companies, creating content and handing over our valuable data. We get services in return, yes, but the imbalance in the relationship is highly problematic. That’s most evident in our system of democracy.
As became widely known after America’s 2016 elections, Facebook and Google control what news you see. Consider how Facebook’s secret algorithm chooses the news to suit your ideological bent, creating echo chambers of like-minded angry or delighted readers who are ripe to consume and share dubious information that confirms their pre-existing political biases. It’s why during the 2016 U.S. presidential campaign, a group of teens in Macedonia could produce fake news articles, which made claims like that the pope had endorsed Donald Trump, which generated more likes, shares, and advertising dollars than real news items produced by fully funded and researched news outlets.
And it’s not just that, for example, Facebook and Google have become such large social hubs. It’s that these digital leviathans have unprecedented control over much of the most important socially influential data that flies across the Web. The “freemium” model, in which we view these companies’ services as “free content,” is a myth. While we might not be paying U.S. dollars to Google, Facebook, and co., we are handing over a much more valuable currency: our personal data. Control over that currency has turned these players, quite simply, into monopolies, the new incumbent powers of the digital age. Others have said this, of course. We revisit it to illustrate how this concentration of control over Internet information exposes the core problem of the centralized architecture of the Web and the unresolved trust issue that gives rise to it.
A Hacker’s Dream
In the wake of the 2016 legal battle between Apple and the FBI over the latter’s demand that the smartphone maker give the law enforcement agency access to customers’ encrypted data, consumers would seem to be between a rock and a hard place. If we want to live in the digital economy, it seems, either we let private companies control the data with all the capacity for abuse that entails or we let governments control those private companies and expose ourselves to the kind of intrusions that Edward Snowden revealed at the NSA. But the choice need not be so stark. We hope to demonstrate that the solution may lie in a third way, one that involves reimagining the very structure of how online data is organized.
The ideas behind Bitcoin and blockchain technology give us a new starting point from which to address this problem. That’s because the question of who controls our data should stem first from a more fundamental question about who or what institutions we must trust in order to engage in commerce, obtain services, or participate in modern society. We see compelling arguments for a complete restructuring of the world’s data security paradigm. And it starts with thinking about how Internet users can start to directly trust each other, so as to avoid having to pour so much information into the centralized hubs that currently sit in the middle of their online relationships. Solving data security may first require a deliberate move from what we call the centralized trust model to one of decentralized trust.
In an age when technology is supposed to be lowering the cost of entry, the outdated centralized trust-management system has proven expensive and restrictive (think about the 2 billion people in the world who are unbanked). It has also failed—spectacularly. Even though the world spent an estimated $75 billion on cybersecurity in 2015, according to estimates by Gartner, total annual losses from online fraud theft were running at $400 billion that year, said Inga Beale, CEO of British insurance market Lloyd’s of London. If you’re alarmed by that figure—and you ought to be—try this one on for size: $2.1 trillion. That’s the estimated fraud loss Juniper Research came up with after extrapolating from current trends into the even more digitally interconnected world projected for 2019. To put that figure in perspective, at current economic growth rates, it would represent more than 2.5 percent of total world GDP. To be clear, these numbers don’t only represent the total amount stolen by hackers; they also include the cost of legal actions, security upgrades, and so forth—the business losses that are generated by countless attacks every year. Even so, the data suggest that black-hat hackers are among the most financially successful innovators of the Internet era.
This colossal failure to protect global commerce is directly attributable to a mismatch between the centralized way in which we process and store information and the decentralizing tendencies of a global “sharing” economy that’s pushing for more peer-to-peer and device-to-device commerce. As more people connect over peer-to-peer social networks and use online services, and as more so-called Internet of Things (IoT) devices such as smart thermostats and refrigerators and even cars join the network, ever more access points are created. Hackers use these points to find their way into the Internet’s ever-growing centralized data-stores and steal or otherwise mess with their contents.
The risks contained in these contradictory trends were brought home with the October 2016 attack on Dyn, a registered DNS (domain name system) provider. The attack started when a hacker figured out that users of mini computing systems such as game consoles and laptops weren’t routinely downloading security patches as they did with home computers. Once compromised, those devices could then be used as launchpads to direct attacks on other parts of the Internet. When the hacker published a how-to list of instructions, some rogue actors inevitably gave their approach a whirl. Taking control of multiple devices, these malefactors launched a massive distributed denial of service (DDOS) attack against Dyn, a strategy that involved sending a relentless barrage of domain name queries to the firm’s hosting service, so many that it paralyzed the Web sites of its clients, including Twitter, Spotify, Reddit, and many other heavy-traffic sites. This was a direct outcome of the paradox we’ve been talking about. Domain name registrations are managed by increasingly large, centralized, third-party providers while lightweight IoT devices are getting into the hands of an ill-prepared general public. That combination is a hacker’s dream.
And what a pool of data we are gathering for those hackers to play with. In 2014, IBM estimated that human beings were creating 2.5 exabytes, otherwise expressed as 2.5 quintillion bytes of data, every day, most of them now stored permanently thanks to a cloud computing era in which storage has become so cheap that it no longer makes sense to destroy data. Let’s lay that number out numerically, with all seventeen zeroes: 2,500,000,000,000,000,000. (Another way of expressing it: the equivalent of 2.5 trillion PDF versions of The Age of Cryptocurrency.) According to the IBM team, this number meant that human beings had created 90 percent of all data accumulated throughout history in just two years—most of it stored on the servers of cloud service providers like the ones IBM runs.
The only way to protect this data and slow down the force of attacks against it, we will argue, is to take it away from centralized servers and create a more distributed storage structure. Control of data needs to be put back into the hands of those to whom it belongs, the customers and end users of the Internet’s services. If hackers want our data they’ll have to come after each and every one of us, a far more expensive exercise than simply finding a weak entry point into a giant silo database that holds all of our data in one convenient place. To achieve this goal, we need to embrace the decentralized trust model.
Before we delve more deeply into this solution, let’s reflect further on why it matters for humanity. It’s about much more than dollars and cents. There is an intrinsic link between the challenge of protecting privacy, a necessary element of a functioning society, and data security. When that protection breaks down, as it does repeatedly, lives can be destroyed: people’s money and assets are stolen, their identities and reputations are hijacked, they face extortion and blackmail, and they find that the intimate moments they’ve shared with others are thrust into the public domain. Online identity theft has been linked to depression and even suicide. And if this isn’t bad enough, experts are convinced we’ll soon experience cyber-murders, as Internet-enabled cars and other potentially lethal devices become targets of hacker hitmen. Murders may have already been committed; speculation that the mysterious disappearance of Malaysian Airlines flight MH370 was the result of a hacking attack on the plane’s onboard computer is no longer the stuff of conspiracy theorists. We must get ahead of this problem.
Individuals aren’t the only losers in this model. Companies and institutions lose out as well. The list of recent big cyber-attack targets includes some of the biggest names in the S&P 500—J.P. Morgan, Home Depot, Target, Sony, Wendy’s. All paid a high cost in legal fees, restitution to their users, and investment in upgraded security systems. And it’s not just corporate America. Governments, too, have been hit. Recall that security clearance data on 18 million people was compromised when the U.S. Office of Personnel Management was hacked in 2015. And, of course, the alleged Russian hacks of the Democratic National Committee in 2016 have unleashed an all-out political crisis during the Trump administration’s first year.
These constant attacks are expensive, ongoing headaches for the IT departments at companies and other institutions. Every new trick deployed by a rogue hacker prompts a new patch to a security system, which attackers inevitably figure out how to compromise. That prompts even more expensive investment in cybersecurity systems that will themselves, inevitably, get breached or require further upgrades. The companies keep spending more dollars to build ever-higher firewalls, only to learn their adversaries are constantly getting ahold of taller ladders.
Clearly, we need a new architecture for security. And the ideas contained within blockchain technology might help us get there. Within the distributed structure of a blockchain environment, participants do not depend on centralized institutions to maintain cybersecurity infrastructure such as firewalls to protect large groups of users. Instead, security is a shared responsibility. Individuals, not trusted intermediaries, are responsible for maintaining their own, most sensitive information, while any information that is shared is subject to a process of communal consensus to assure its veracity.
The potential power of this concept starts with the example of Bitcoin. Even though that particular blockchain may not provide the ultimate solution in this use case, it’s worth recalling that without any of the classic, centrally deployed cybersecurity tools such as firewalls, and with a tempting “bounty” of more than $160 billion in market cap value at the time we went to print, Bitcoin’s core ledger has thus far proven to be unhackable. Based on the ledger’s own standards for integrity, Bitcoin’s nine-year experience of survival provides pretty solid proof of the resiliency of its core mechanism for providing decentralized trust between users. It suggests that one of the most important non-currency applications of Bitcoin’s blockchain could be security itself.
Security by Design
One reason why Bitcoin has survived is because it leaves hackers nothing to hack. The public ledger contains no identifying information about the system’s users. Even more important, no one owns or controls that ledger. There is no single master version; with every batch of confirmed transactions, the so-called blocks of the blockchain, a new, updated version of the entire ledger is created and relayed to every node. As such, there is no central vector of attack. If one node on the network is compromised and someone tries to undo or rewrite transactions in that node’s local version of the ledger, the nodes controlling the hundreds of other accepted versions will simply refuse to include data from the compromised node in the updates. The contradiction between the many clean versions and the one that’s been altered will automatically label the compromised block as false. As we’ll discuss further in the book, there are varying degrees of security in different blockchain designs, including those known as “private” or “permissioned” blockchains, which rely on central authorities to approve participants. In contrast, Bitcoin is based on a decentralized model that eschews approvals and instead banks on the participants caring enough about their money in the system to protect it. Still, across all examples, the basic, shared, and replicated nature of all blockchain ledgers, in which the common record of truth resides in multiple locations, underpins this core idea of distributed security, that the risk of failure is backstopped by multiple “redundancies.”
This is not how big companies tend to think about security, however. In March 2016, at a symposium organized by the financial securities settlement and clearing agency Depository Trust & Clearing Corp., or DTCC, the audience, filled with bankers and representatives of companies that support them, was asked to vote on what IT sector they would invest in tomorrow if they had $10 million to deploy. From a menu of options, the votes came back, with the majority in favor of investing in “cybersecurity” services, and “blockchain” opportunities second. On stage at the time, Adam Ludwin, the CEO of blockchain/distributed ledger services company Chain Inc., took advantage of the result to call out Wall Street firms for failing to see how this technology offers a different paradigm. Ludwin, whose clients include household names like Visa and Nasdaq, said he could understand why people saw a continued market for cybersecurity services, since his audience was full of people paid to worry about data breaches constantly. But their answers suggested they didn’t understand that the blockchain offered a solution. Unlike other system-design software, for which cybersecurity is an add-on, this technology “incorporates security by design,” he said.
For the private “permissioned” blockchains that Wall Street is typically exploring—distributed ledger models in which all the validating computers must be pre-authorized to join the network—Ludwin’s “by design” notion refers solely to the fact that the data is distributed among many nodes rather than held solely by one. The advantage is that this structure creates multiple redundancies, or backups, that can keep the network running if one node is compromised. A more radical solution is to embrace open, “permissionless” blockchains like Bitcoin and Ethereum, where there’s no central authority keeping track of who’s using the network. And in that case, the entire security paradigm—the question of what constitutes “security”—changes. It’s not about building a firewall up around a centralized pool of valuable data controlled by a trusted third party; rather the focus is on pushing control over information out to the edges of the network, to the people themselves, and on limiting the amount of identifying information that’s communicated publicly. Importantly, it’s also about making it prohibitively expensive for someone to try to steal valuable information.
It’s perhaps counterintuitive to think that a system in which people don’t reveal their identities could be safe from attackers. But the fact is that the incentive and costs that these software programs impose on actors in the system have proven remarkably secure. Bitcoin’s core ledger has never been successfully attacked. Now, it will undoubtedly be a major challenge to get the institutions that until now have been entrusted with securing our data systems to let go and defer security to some decentralized network in which there is no identifiable authority to sue if something goes wrong. But doing so might just be the most important step they can take to improve data security. It will require them to think about security not as a function of superior encryption and other external protections, but in terms of economics, of making attacks so expensive that they’re not worth the effort.
Let’s compare our current “shared-secret model” for protecting information with the new “device identity model” that Bitcoin’s blockchain could facilitate. Currently, a service provider and a customer agree on a secret password and perhaps certain mnemonics—“Your pet’s name?”—to manage access. But that still leaves all the vital data, potentially worth billions of dollars, sitting in a hackable repository on the company’s servers. With a permissionless blockchain, control over the data stays with the customer, which means that the point of vulnerability lies with their device. So instead of Visa’s servers containing the vital identifying information that’s needed for hundreds of millions of cardholders to access its payments network, the right to access a network is managed solely by you, on your phone, your computer. A hacker could go after each device, try to steal the private key that’s used to initiate transactions on the decentralized network, and, if they’re lucky, get away with a few thousand dollars in bitcoin. But it’s far less lucrative and far more time-consuming than going after the rich target of a central server.
The weak link—there is always one, it is a truism of cybersecurity—would now be the device itself. The onus in a blockchain system is on the customer to protect that device. Admittedly, that opens up new challenges in terms of education around the management of private keys and encryption strategies. Optimizing the cryptocurrency future will require people to take charge of their own security.
But even with this new challenge in terms of device protection, we should see a dramatic reduction in the number of attacks. The crucial point here is that the potential payoff for the hacker is so much smaller for each attack. Rather than accessing millions of accounts at once, he or she has to pick off each device one by one for comparatively tiny amounts. It’s an incentives-weighted concept of security. It is security by design, not by patch.
It seems clear to us that the digital economy would benefit greatly from embracing the distributed trust architecture allowed by blockchains—whether it’s simply the data backups that a distributed system offers, or the more radical idea of an open system that’s protected by a high cost-to-payout ratio. Once we put our heads in that place, liberating new models for managing data emerge, models that restore control to the individuals who produce the data and then give the data itself significantly more protection.
One industry that would no doubt rejoice at such a solution would be the health care industry. Right now, highly sensitive health records are spread across separate siloed databases managed by insurance firms, hospitals, and laboratories, each sitting on their own pools of vulnerable data. These institutions are bound by strict non-disclosure rules laid out in well-intentioned but highly restrictive patient privacy legislation such as the Health Insurance Portability and Accountability Act, which imposes high penalties for failing to protect patient data, and they would love to be free of this liability.
Attacks have been mounting in the industry. A 2016 cyber-attack on insurer Anthem Health exposed 78 million customers’ records. The so-called WannaCry ransom attacks, in which health records of patients in different hospitals around the world were encrypted by hackers who demanded bitcoin payments to unlock them, largely targeted hospitals and other places where the data is a life-or-death consideration.
The biggest losers are patients. This structure creates time-wasting, costly inefficiencies in their care—there are countless horror stories of critically ill patients unable to release vital records from their primary-care physicians to emergency staff so they can take the right measures. And because data isn’t being freely shared, research into potentially lifesaving treatments is held back. Almost everything about how the U.S. health care system manages medical records is broken.
That’s why initiatives like MedRec, an open-source program based on the Ethereum blockchain that was created by MIT Media Lab students Ariel Eckblaw, Asaph Azaria, and Thiago Yieira, are filled with such potential. The idea, one that’s also being pursued in different forms by startups such as Gem of Los Angeles and Blockchain Health of San Francisco, is that the patient has control over who sees their records. Data would still reside with each provider, but patients would use their private cryptographic key—the same device used to authorize bitcoin payments—to release whatever specific aspects of their data are required by providers, to whom they authorize access.
Decentralized Economy with Centralized Trust
How do we get to a world of decentralized trust, so that it costs me close to nothing to safely and confidently engage in transactions with others online? Answers to that question lie in reflecting on how we went from the utopian concept of a level-playing-field Internet that led New York Times columnist Thomas Friedman to declare that the “world is flat” to one in which a handful of gargantuan gatekeepers have asserted almost total control.
Let’s start with the pre-Internet offline economy, the one we inherited from the twentieth century, when the centralized trust model was the only one we could imagine. Under that system, which prevails to this day, we charge banks, public utilities, certificate authorities, government agencies, and countless other centralized entities and institutions with the task of recording everyone’s transactions and exchanges of value. We trust them to monitor our activities—our check writing, our electricity consumption, our monthly payments for everything from newspaper delivery to telephone services—and to reliably and honestly update that information in ledgers that they, and only they, control. With that exclusive knowledge, those entities gain unique powers in determining our capacity to engage in commerce. They decide whether we can access an overdraft, draw power from the public utility grid, or make a phone call. And they invoice us for that privilege.
This system was inherently incompatible with the nobody’s-in-charge, distributed framework of the Internet. The Net was designed to let anyone publish and send information, at near-zero cost, to anyone else anywhere. That opened up vast new economic opportunities, but it also posed unique challenges for trust management. The person you’re dealing with might now have a picture of a dog as their avatar and use the moniker “Voldemort2017.” How do you know they can be trusted to deliver on whatever contractual agreement you’re entering into? Star ratings, at services like Yelp and eBay, have tried to step into the breach, but these are easily gamed by fake identities and fake reviews, much as Facebook “likes” can be. When it comes to high-value transactions, they cannot be trusted. Well, when Internet companies discovered they couldn’t resolve those challenges, they were forced to invite centralized entities to intermediate on our behalf. It was perhaps a necessary solution, but a flawed one that is now exposing a host of other security and privacy concerns.
The distributed system made it easier for crooks to misrepresent their identities. They could also duplicate, forge, or counterfeit valuable information. So, when entrepreneurs pioneered e-commerce in the mid-nineties, they struggled to design an online payments model that wouldn’t expose customers to fraud. Unable to assure customers and merchants that their bank account and credit card data were safe, they at first focused on privacy-protecting forms of electronic cash, the concept that Satoshi Nakamoto would tackle with Bitcoin. If cash were digital, they reasoned, people could make online payments without revealing personal identifying information, just as they did with banknotes. In pursuit of that goal, the aforementioned “Cypherpunks”—a loose association of programmers with a fiercely libertarian bent who were obsessed with using cryptography to protect privacy online—and other Internet adventurers toyed with private cryptocurrency concepts, while banks and governments stealthily experimented with sovereign currency-based e-cash. (In The Age of Cryptocurrency, we reported on one little-known e-cash pilot that the U.S. Treasury Department explored in conjunction with Citibank.)
These early digital currencies were bedeviled by the “double-spend” problem mentioned above—rogue users could always find ways to duplicate their currency holdings. Overcoming this was vital because, whereas we might happily make a copy of a Word document and send it to someone, digital counterfeiting of this kind would destroy any monetary system’s inherent value. Technologists tried to make a system to verify that people weren’t double-spending, but it proved much harder than you might think.
In the end, prior to the existence of Bitcoin, the e-commerce industry settled on a workaround: Firms such as Verisign pioneered a model for issuing SSL (Secure Sockets Layer) certificates to verify the trust-worthiness of Web site encryption systems. Meanwhile, card-issuing banks beefed up their anti-fraud monitoring efforts. A version of the “trusted third party” was added to our complicated system of global value exchange. It was another jury-rigged solution that meant that the banking system, the centralized ledger-keeping solution with which society had solved the double-spend problem for five hundred years, would be awkwardly bolted onto the ostensibly decentralized Internet as its core trust infrastructure.
With customers now sufficiently confident they wouldn’t be defrauded, an explosion in online shopping ensued. But the gatekeeping moneymen now added costs and inefficiencies to the system. The result was high per-transaction costs that made it too expensive, for example, to sustain micropayments—extremely low payments, maybe as little as pennies, that otherwise promised to open up a whole new world of online business models. That nixed a dream of early Internet visionaries, who saw that idea feeding into a global marketplace where software, storage, media content, and processing power would be bought and sold in fractional amounts to maximize efficiency. The compromise also meant that credit cards, once an elite-only instrument, became an integral, even necessary component of e-commerce infrastructure, making banks even more relevant to our payments system. Under this model, the banks charged merchants an interchange fee of around 3 percent to cover their anti-fraud costs, adding a hidden tax to the digital economy that we all pay in the form of higher prices.
Meanwhile, other aspects of Internet governance had to be entrusted to centralized entities as well. These include the domain name system (DNS) managers and hosting service providers, companies whose servers occupy URLs—those specially assigned areas of the World Wide Web around which we navigate our Internet surfing—and host the files that make up the clients’ Web sites that point to those Internet addresses. Anyone who has set up a Web site has dealt with such outfits. All of them charge fees. The more files and pages that need hosting, the more they charge.
All these solutions worked for those who could afford them. But, inevitably, the added transaction costs translated into barriers to entry that helped the largest incumbents ward off competitors, limiting innovation and denying billions of financially excluded people the opportunity to fully exploit the Internet’s many possibilities for advancement. It’s how we’ve ended up with Internet monopolies. Those with first-mover advantages have not only enjoyed the benefits of network effects; they’ve been indirectly protected by the hefty transaction costs that competitors face in trying to grow to the same scale. In a very tangible way, then, the high cost of trust management has fed the economic conditions that allow the likes of Amazon, Netflix, Google, and Facebook to keep squashing competitors. Just as important, it has also meant that these monolithic players have become all-powerful stewards of our ever-growing pools of vital, sensitive data.
The Internet’s Missing Piece
This was not the dream conveyed in the Cypherpunk manifesto of Tim May and his fellow band of libertarian advocates for cryptography, privacy, and an online world of individual empowerment. Those geeky rebels of the 1990s Bay Area wanted an Internet that was free of both government and corporatist control, a decentralized online economy where self-expression was devoid of censorship, where anyone could transact with anyone else under whatever identity they chose. Ideas like Ted Nelson’s ill-fated Xanadu project, which never achieved anywhere near its lofty vision of a global network of independent, self-publishing, interlinked, fully autonomous computers, envisaged a network in which far more processing power and data was placed under the control of individual owners’ computers. They were ideas that were far ahead of their time, conceived at a moment when resource, economics, and political realities simply weren’t compatible with them.
But then, in 2008, with the Cypherpunk community seemingly having lost its mojo, along came Bitcoin—an idea for cryptomoney that was straight out of their playbook, even though few by then expected it would work. Now, the question of identifying who controlled the data didn’t matter. Its integrity could be assured by a decentralized network that constantly updated itself through a process of unbreakable consensus. Once Bitcoin’s implications were apparent, the revelation came as a bolt of lightning to many who’d been involved in building the Internet’s early architecture. These people included Marc Andreessen, the venture capitalist and co-creator of the first commercial Web browser, Netscape, who told authors Don and Alex Tapscott that people like him suddenly recognized it as “the distributed trust network that the Internet always needed and never had.”
As Andreessen and others in Silicon Valley’s moneyed classes started to throw money at developers working on Bitcoin and its clones, the sheer breadth of what Bitcoin’s underlying blockchain technology might achieve became apparent. For many of the new technologies that innovators are rolling out today, designers are thinking about how blockchain concepts will be part of the general enabling framework:
Internet of Things solutions will require a decentralized system for machine-to-machine transactions;
Virtual reality content creation, by which future imaginary worlds will be collaboratively produced by writers and coders, could use a blockchain system for divvying up royalties via smart contracts;
Artificial intelligence and Big Data systems will need a way to assure that the data they are receiving from multiple, unknown sources has not been corrupted;
“Industry 4.0” systems for smart manufacturing, 3D printing, and flexible, collaborative supply chains need a decentralized system for tracking each supplier’s work processes and inputs.
In short, the blockchains may provide the architecture framework that makes possible the so-called Fourth Industrial Revolution that brings “bits and atoms” together and thrives off massive amounts of processed, global information. It makes the aspirational goal of an Internet of “open data” possible. With this, we might free up the world’s data so that smart people everywhere can work with it. Open access to data should better enable humankind to collectively figure out solutions to our many problems and make better products more efficiently. It is an extremely empowering concept.
Code Is Not Law
As we’ve said elsewhere, there’s no guarantee that this sweeping vision of a new enabling platform for the global digital economy will come to fruition. In addition to various technological and internal governance challenges, which we’ll address in coming chapters, there are numerous external barriers to adoption. There are also some thorny questions to resolve before blockchain technology or any other decentralized trust system can comprehensively underpin the world’s transactions and information exchanges.
The challenges include those posed by regulators, who are struggling to keep up with the category-defying changes that cryptocurrency poses. It took two years for the New York Department of Financial Services to come up with its benchmark-setting BitLicense regulation for money transmission with digital currencies like bitcoin. By the time it was enacted in 2015, the crypto world had moved on to smart contracts and Ethereum; now it’s all about utility tokens, initial coin offerings, and decentralized autonomous organizations—none of which were foreseen by the regulation’s authors. One risk is that regulators, confused by all these outside-the-box concepts, will overreact to some bad news—potentially triggered by large-scale investor losses if and when the ICO bubble bursts and exposes a host of scams. The fear is that a new set of draconian catchall measures would suck the life out of innovation in this space or drive it offshore or underground. To be sure, institutions like the Washington-based Coin Center and the Digital Chamber of Commerce are doing their best to keep officials aware of the importance of keeping their respective jurisdictions competitive in what is now a global race to lead the world in financial technology. But we live in unpredictable political times in which, to say the least, policy-making is not being guided by rational, forward-thinking principles. The sheer lack of clarity on the intention of regulators and legislators is itself a limit to the technology’s progress.
We are going to need regulations—a framework for understanding how the new organization and governance models of blockchain logic can be interpreted by traditional legal systems, whether based on old or new laws. How do we legally define ownership of a digital asset when rights to it come down to control over a private, anonymized key? Where do jurisdictional responsibilities lie when a blockchain ledger is shared around the world or when there’s no way to know which computers within a global network will execute the randomly assigned instructions contained within a smart contract? Advocates for these new ideas might argue that new laws aren’t needed, but they can’t make the claim that they deserve some kind of exemption from regulation altogether. The online world is not a world unto itself; it exists as a subset of the broad framework of laws and norms that we’ve built up over the centuries.
Some libertarian-minded crypto enthusiasts who want to live entirely by the rules of a blockchain and free themselves from dependence on government are fond of citing the phrase “code is law,” used by Harvard professor Lawrence Lessig. Some have over-interpreted this message. Lessig never meant that software code could be a substitute for real-world law, that all disputes would be resolved by these automatic machines, only that code shares some of the qualities of law in the way it proscribes the behavior of computing components. To see code as a substitute for the law is to reduce the latter to something far smaller than what it is. If the law were merely a set of instructions and rules, then yes, perhaps we could just have computers, working together in algorithmic concert, arbitrating and executing all of our digital exchanges with each other. But the law goes much, much deeper and much, much broader than that. The philosophical question of “what is law?” can prompt a host of different answers, but the more you dig into the concept the harder it is to separate law from what Carl Jung called our “collective unconscious,” a set of ideas about how to treat each other that we’ve inherited from prior generations and iteratively altered over millennia. It’s simply not something we can reduce to computer code.
No episode brought this lesson home more forcefully than the debacle of The DAO attack of June 2016. The DAO stands for The Decentralized Autonomous Organization. In using this name, the founders of The DAO appropriated an acronym that had until then been used as a generic description of a variety of new, and potentially valuable, systems of automated corporate management and attached it to an extreme expression of techno-anarchic ideals. The DAO was an investment fund established by Slock.it, a smart contracts development group founded by Ethereum’s former chief commercial officer, Stephan Tual, and two others. This entity, The DAO, was to be entirely managed by software code—no CEO, no board of directors, no managers of any kind. This kind of thing had been talked about in theory, but these guys were the first ones to give it a shot. The basic idea was that the platform would allow the funds’ investors to vote on how to allocate its money—that is, to select from a variety of proposed projects. The idea was that a more democratic, and supposedly superior, investment logic would emerge than that of traditional funds, where fund managers’ interests don’t always align with those of their principals.
It was pie in the sky to the moon, and then some. Investors were invited to buy DAO tokens with ether, Ethereum’s native currency, giving them a stake in The DAO fund. Decisions on investments would depend on token holders’ votes on submitted business proposals. After that, the contributions, dividends, and distributions would all be handled according to the Ethereum-based smart contract that ran The DAO. The concept sparked an inordinate amount of excitement among decentralization utopians within the crypto community, who saw it as a way to prove that effective economic decisions could be made without relying on third-party institutions, whether private or government.
Lawyers expressed concerns about the lack of redress in the event of losses, and respected cryptographers such as Zcash founder Zooko Wilcox-O’Hearn and Cornell professor Emin Gün Sirer gave grave warnings about flaws in the code that would allow a clever hacker to siphon off funds. Despite this, investors poured $150 million of ether into DAO tokens in just twenty-seven days. It was, at the time and at that valuation, said to be the biggest crowdfunding exercise in history.
As it turns out, the whole concept was doomed by defects unnoticed by founders and investors blinded by hubris and idealistic faith. In the pitch documents explaining the terms of the deal, Slock.it said, “The DAO’s smart contract code governs the Creation of DAO tokens and supersede[s] any public statements about The DAO’s Creation made by third parties or individuals associated with The DAO, past, present and future.” This was a bold—and, as it would turn out, poorly conceived—statement. It pushed Lessig’s “code is law” concept to an extreme interpretation, a literal interpretation. They wanted to eliminate humans, and their fuzzy, subjective notions of what is right and wrong, from the equation.
The flaw in this logic was soon made apparent. In the early hours of Friday, June 17, 2016, monitors of The DAO’s ether account realized that it was being relentlessly drained of funds. A massive attack was under way by an unidentifiable participant who’d figured out that if he or she wrote a program to interact with the smart contract, it could constantly ask for and receive funds, sent to a copycat DAO that they controlled. The attacker built a virtual version of an out-of-control ATM, one that could not be turned off by the now autopilot-managed DAO system. Before they locked the attacker out, he or she siphoned off almost $55 million worth of ether.
The panicked organizers now found themselves in legal no-man’sland since they had declared that nothing supersedes the code. Whatever the software does was supposed to be okay, and in this case the software, according to the rules of its own code, was redistributing investors’ funds to one savvy user. “I’m not even sure that this qualifies as a hack,” wrote Gün Sirer, the Cornell professor, on his blog post later that day. “To label something as a hack or a bug or unwanted behavior, we need to have a specification of the wanted behavior. We had no such specification for The DAO…. The ‘code was its own documentation,’ as people say. It was its own fine print. The hacker read the fine print better than most, better than the developers themselves…. Had the attacker lost money by mistake, I am sure the devs would have had no difficulty appropriating his funds and saying ‘this is what happens in the brave new world of programmatic money flows.’ When he instead emptied out coins from The DAO, the only consistent response is to call it a job well done.” By The DAO founders’ own terms, the attacker had done nothing wrong, in other words. He or she had simply exploited one of its features.
In the real world, the spirit of the law always supersedes its letter—the intent is more important than the code. In this case, the intent of the attacker was made clear in the mood of the token holders: they were angry; they believed they’d been wronged. They wanted their money back. But whom were they going to sue? There was no designated owner of this enterprise. They were all equal members of a decentralized system with no one in charge. As many lawyers argued, however, the law will always find a way to get around that problem. The law will seek out and find someone to hold responsible. And in this case those most likely to be fingered were the Slock.it team and various Ethereum founders and developers who’d encouraged and promoted The DAO. Even if they could avoid legal consequences, their reputations, and that of the system they supported, were on the line.
Sure enough, one year later, the law did take an interest. Conducting an investigation into the affair, the U.S. Securities and Exchange Commission ruled that the tokens that had been issued constituted unregistered securities and so would have been in breach of U.S. laws. To Slock.it’s inevitable relief, the SEC decided not to pursue charges, but the press release explaining its decision was a shot across the bow. Not only did it make clear that the growing number of crypto-token issuers needed to be wary of regulatory action, but it was also a reminder of how far-reaching are the jurisdictional powers of regulatory institutions that carry the weight of U.S. law behind them.
A related matter is the question of how to incorporate relationships of human trust into a blockchain. Bitcoin purists believe that users need not trust anyone with whom they enter into a transfer of bitcoin currency. The record of their transactions is generated according to a distributed software program that no one controls, and when currency is transferred to other users, that exchange is verified by a decentralized system that requires no “trusted third party’s” adjudication and has no need to identify the users. But in reality, Bitcoin users can’t get away from having to trust someone or something. For one, the payment is only one part of the transaction; there’s nothing in the software that ensures that the merchant delivers the goods or services offered in return. Bitcoin users also must trust that data being input into the record is reliable. How do you know the smartphone or PC you are using to give instructions to the Bitcoin network hasn’t been compromised? How do you know that when you are typing “6f7Hl92ej” on your keyboard, those characters are the ones being conveyed to the Bitcoin network? We have little choice but to trust that Apple, Samsung, and other manufacturers are using strict supply-chain monitoring systems to ensure that attackers haven’t put malware into the chips. This is not to sound paranoid, because the fact is that, even in the face of constant cyberbreaches, we all choose to trust our computers. But it is to say that it’s inaccurate, and a little naïve, to think that blockchain systems operate within what some in the cryptographic community describe as a state of “trustlessness.”
Once we go beyond bitcoin currency and start to transfer other rights and assets over a blockchain, the insertion of more trusted parties arises. The authenticity of a land title document that’s represented in a blockchain will, for example, depend on the attestation of some authority figure such as a government registrar. This dependence on a trusted middleman, some cryptocurrency purists would argue, overly compromises a blockchain’s security function, rendering it unreliable. For that reason, some of them say, a blockchain is inappropriate for many non-currency applications. We, however, view it as a trade-off and believe there’s still plenty of value in recording ownership rights and transfers to digitally represented real-world assets in blockchains. We must, however, be aware of that trust component and establish acceptable standards for how data from such sources is gathered and entered into a blockchain-based system.
Blockchain technology doesn’t remove the need for trust. In fact, if anything it’s an enabler of more trustful relations. What it does do is widen the perimeter of trust. While the software removes centralized trust from the internal ledger-keeping process inside the blockchain, we must trust other people in the “off-chain” environment. We have to trust that a merchant will fulfill a promise to deliver goods on time, that a provider of some source of key information like a stock market price-feed is accurate, or that the smartphones or computers we use to input information haven’t been compromised at the manufacturing stage. As we go about designing new governance systems based on this technology, we need to think hard about best practices as they exist at that outer rim—the “last mile” of verification, as some call it. Blockchain technology should be an impetus to develop standards and rules about how the fulfillment of contractual obligations is to be judged in ways that can be read and understood in this new digital context.
Finally, there’s a potentially contentious issue around the market framework—the questions of which computers control the blockchain and how much power to dictate prices, access, and market dominance that allows. Permissioned blockchains—those which require some authorizing entity to approve the computers that validate the blockchain—are by definition more prone to gatekeeping controls, and therefore to the emergence of monopoly or oligopoly powers, than the permissionless ideal that Bitcoin represents. (We say “ideal” because, as we’ll discuss in the next chapter, there are also concerns that aspects of Bitcoin’s software program have encouraged an unwelcome concentration of ownership—flaws that developers are working to overcome.)
Permissioned systems integrate a trusted third party—the very kind of intermediary that Satoshi Nakamoto aimed to avoid—to authorize which computers can participate in the validation process. This option makes sense for various industries that are looking to adopt blockchain technology but whose current industry structures just don’t allow a permissionless system. Until the law changes, banks would face insurmountable legal and regulatory opposition, for example, to using a system like Bitcoin that relies on an algorithm randomly assigning responsibility at different stages of the bookkeeping process to different, unidentifiable computers around the world. But that doesn’t mean that other companies don’t have a clear interest in reviewing how these permissioned networks are set up. Would a distributed ledger system that’s controlled by a consortium of the world’s biggest banking institutions be incentivized to act in the interests of the general public it serves? One can imagine the dangers of a “too-big-to-fail blockchain”: massive institutions could once again hold us hostage to bailouts because of failures in the combined accounting system. Perhaps that could be prevented with strict regulation; perhaps there needs to be public oversight of such systems. Either way, it’s incumbent upon us to ensure that the control over the blockchains of the future is sufficiently representative of broad-based interests and needs so that they don’t just become vehicles for collusion and oligopolistic power by the old guard of finance.
The open-source development of permissioned ledger models that’s being done by R3 CEV, a consortium dominated by major banks, and by the Hyperledger group, in which tech firms like IBM, Intel, and Cisco play hefty roles, is important. It’s forcing the incumbents within them to see the spotlight that this new technology shines on the inefficiencies of their old, centralized work processes. And some of the ideas being developed there will no doubt be of great value to the wider ecosystem of blockchain development. But we believe the “permissionless” ideal first laid down by Bitcoin and since followed by countless alternative “altcoins” and blockchains is a vital one for the world to focus on.
As we stated in The Age of Cryptocurrency, Bitcoin was merely the first crack at using a distributed computing and decentralized ledger-keeping system to resolve the age-old problem of trust and achieve this open, low-cost architecture for intermediary-free global transactions. It may or may not be the platform that wins out. Perhaps something else will come along and fulfill for the age of cryptocurrency what the Transmission Control Protocol/Internet Protocol, or TCP/IP, pair of protocols did for the age of the Internet. Something will emerge as a standard, base-layer protocol that dictates how all computers everywhere exchange value with each other. Will it be Bitcoin, Ethereum, or something else entirely, perhaps a protocol that allows computers with digital assets on any one of these competing blockchains to trade directly with each other without going through a third party? Such is the threat and opportunity that open-source development offers: anyone can copy and then improve upon your idea. The good news is that boundless energy and innovation will go into figuring out how to iterate upon the ideas that currently exist and will build a potentially better system. That innovation might find its way back into Bitcoin, helping to cement its first-mover advantage. Or it might diffuse the value creation power across a wider array of platforms until something more popular comes along. In the next chapter we will ask such questions as we survey the frenetic pace of invention in the blockchain space.
