Thursday, September 27, 2018

The great cryptocurrency heist | Aeon

The great cryptocurrency heist | Aeon

The great cryptocurrency heist

Blockchain enthusiasts crave a world without bankers, lawyers or fat-cat executives. There's just one problem: trust

On 20 July 2016, something happened that was arguably the most philosophically interesting event to take place in your lifetime or mine. On that day, after much deliberation and hand-wringing, in the aftermath of a multimillion-dollar swindle from his automated, algorithm-driven, supposedly foolproof corporation, Vitalik Buterin, then 22 years old, announced the 'hard fork' of the cryptocurrency Ethereum. By making that announcement, Buterin shattered certain tightly held assumptions about the future of trust and the nature of many vital institutions that make modern life possible. He also really pissed off a lot of people.

How? Well, to understand all that, first we need to talk about trust and its place in the fabric of our lives. Trust seems to be in short supply these days, although we have no choice but to rely on it. We trust schools and babysitters to look after our children. We trust banks to hold our money and to transfer it safely for us. We trust insurance companies to pay us should we meet with some disaster. When we make a large purchase – such as a house – we trust our solicitors or an escrow company to hold the funds until the transaction is complete. We trust regulators and governments to make sure these institutions are doing what they are supposed to be doing.

Sometimes, however, our system of trust fails us. There are runs on banks. People lose faith in currencies issued by nation-states. People stop trusting their political institutions because of the chicanery, short-sightedness and general incompetence of the self-interested clowns running the show. The response to this widespread erosion of trust has been varied, ranging from Donald Trump's (hypocritical) pledge to 'drain the swamp', to the promise of so-called 'blockchain technology' and its associated cryptocurrencies.

The blockchain is the key to understanding Buterin's project. A good way to wrap our minds around the concept is to think of its most famous application: Bitcoin. And the best way to think about Bitcoin is not in terms of coins at all but rather as a giant ledger.

Imagine a world in which we didn't exchange currency, but kept track of who had what on a huge public spreadsheet, distributed across the internet. Every 10 minutes, all the transactions that took place in that slice of time are fused together into a single block. Each block includes a chain linking it to previous blocks, hence the term 'blockchain'. The end result is a universal record book that reliably logs everything that's ever happened via a (theoretically) tamper-proof algorithm. We don't need to trust human bankers to tell us who owns what, because we can all see what's written in the mathematically verified blockchain.

But Bitcoin is just one version of the blockchain. The fundamental technology has the potential to replace a much wider range of human institutions in which we use trust to reach a consensus about a state of affairs. It could provide a definitive record for property transfers, from diamonds to Porsches to original Picassos. It could be used to record contracts, to certify the authenticity of valuable goods, or to securely store your health records (and keep track of anyone who's ever accessed them).

But there's a catch: what about the faithful 'execution' of a contract? Doesn't that require trust as well? What good is an agreement, after all, if the text is there but people don't respect it, and don't follow through on their obligations? Which brings us back to the crucial matter of how Buterin managed to piss off so many people.

In the beginning, Buterin was a hero to the crusaders against trust. In late 2013, at the age of 19, he wrote a document, known as the 'Ethereum White Paper'. In it, he observed that you could hypothetically use the blockchain to store and execute computer programs – hypothetically, any computer program. This gave rise to Ethereum: a blockchain-based platform that supported self-executing contracts. The commands to execute the contract were built into the contract itself, and the contract was sealed into the (supposedly) immutable and universally visible blockchain. No trust necessary. Or so the story went.

This had extraordinary implications – one of which was that entire corporations could be encoded in the blockchain in the form of 'decentralised autonomous organisations' (DAOs). None of the usual trusted business partners would be required: employees, managers, human resources officers, CFOs and CEOs would be rendered otiose. No longer would shareholders need to pay massive bonuses to hedge-fund executives 'trusted' to make decisions about our money. In theory, at least, those executives could be replaced by a bundle of transparent, pre-set instructions stored in the blockchain.

About 11,000 people ponied up a total of $150 million to take part. What had they purchased, exactly?

On the back of a wave of excitement, Ethereum's currency, known as 'ethers', went up for pre-sale in the summer of 2014. Ethers would serve a dual function as both the 'fuel' that powered the computations on the network, and as a medium of exchange, like bitcoins. In short order, the value of ethers started to climb, and the platform reached a 'market capitalisation' of around $1 billion after the pre-sale. (Full disclosure: I participated as an investor at this initial stage but have since liquidated my holdings.)

Two years later, a DAO was created. It was called, simply, The DAO, and about 11,000 people ponied up a total of $150 million to take part. What had they purchased, exactly? What they believed they had bought was a virtual hedge fund that would invest in other companies and ventures. Anyone wanting to get money from the DAO had to submit a proposal online, in the form of a self-executing contract that DAO shareholders would then vote upon. If approved, the DAO was programmed to automatically transfer the agreed allotment of ethers.

Shareholders did not have to worry about the good intentions of the DAO's employees, for there were no employees; nor about the competence of its supervisors or executives, because there were none; nor about its lawyers to go over the fine print, for there was no fine print to go over. They'd have no need to trust courts and police and attorneys to enforce the contracts, because the contracts did it themselves. All they had to do was look at the software code and see what the program (that is, the corporation) would do, and choose whether or not to buy in. Remember the Texas oil man T Boone Pickens, who campaigned for shareholder rights in the 1980s? To the optimistic investors in The DAO, this was a T Boone Pickens dream come true.

Of course, it was all totally awesome until it all went to shit. On 17 June 2016, someone – we still don't know who – successfully hacked The DAO. The hacker siphoned off the equivalent of $50 million into a different DAO, which subsequently became known as the Dark DAO. When this flaw in the code was detected, other stakeholders used the same move to bump the remaining ethers into a third DAO, known as the White Hat DAO. Then all the existing accounts in the three DAOs were frozen.

What to do with the money in Dark DAO and the White Hat DAO? Some argued that, as the hacker was only doing what the software allowed, the ethers in the Dark DAO rightfully belonged to the hacker. And why was one DAO called 'Dark' and the other 'White Hat' – weren't both hacks undertaken with the same code? And wasn't the code the law?

This brings us, finally, to what pissed people off. It was the 'fork' – actually, the 'forks', for there were two forking options. A 'soft' fork would merely change the code for Ethereum so that only future transactions would be affected. But a 'hard' fork, well, that was another matter entirely. A hard fork would undo previous transactions. In this case, what the hard fork could do would be to take the money back from the Dark DAO and the White Hat DAO, and put it back in the hands of the original investors.

But in a trustless universe, who decides if the fork happens? Now we have no choice but to talk about miners. They do the gruntwork of sealing information into the blockchain, using a cryptographic method called 'hashing'. As it turns out, the process of computing a hash to seal each block involves an astounding level of computational power. So who is going to bother to do it, and why?

The code was supposed to be the law. If you didn't see the weakness in the software, that was your problem

With Bitcoin, for example, miners are rewarded with payments in bitcoins (around 12.5 bitcoins are currently rewarded for the successful hash of each block). What this really means is that hashing wins you some extra units on the ledger. They're called miners, but it would be more accurate to describe these people as clerks. Whatever we call them, the point is that if the miners stop mining, the whole enterprise grinds to a halt. So, while Buterin and the Ethereum Foundation could propose a fork, ultimately it was up to the Ethereum miners to decide. They were the ones that had to mine the revamped Ethereum code, and keep the whole system ticking over. (Another disclosure: I have been a Bitcoin miner before.)

On 20 July 2016, Buterin announced that the miners had accepted the hard fork and were happily mining away with the new code. The reality was that most of them had. A number of holdout miners and Ethereum users were outraged. In their view, the hard fork undermined the core principle of Ethereum, which was, after all, to bypass all the meddling humans – the corrupt bureaucrats and politicians and board directors and CEOs and lawyers. The code was supposed to be the law. If you didn't see the weakness in the software, that was your problem, since the software was publicly available.

Some Ethereum miners thus refused to go with the fork and instead stayed with the original Ethereum protocol, which they re-dubbed 'Ethereum Classic'. You'd think that would be the end of it, but no. Shortly after the hard fork of Ethereum and the persistence of the rebranded Ethereum Classic, a further round of technical problems were identified with the Classic protocol. Soon, there was a counter-proposal to hard-fork Ethereum Classic, which led to the inevitable threat by the true believers that they would respond with an Ethereum Classic Classic.

Such are the perils of supposedly trust-free technology. It might make for good marketing copy, but the fact of the matter is that blockchain technology is larded through with trust. First, you need to trust the protocol of the cryptocurrency and/or DAO. This isn't as simple as saying 'I trust the maths', for some actual human (or humans) wrote the code and hopefully debugged it, and we are at least trusting them to get it right, no? Well, in the case of The DAO, no, maybe they didn't get it right.

Second, you have to trust the 'stakeholders' (including miners) not to pull the rug out from under you with a hard fork. One of the objections to the hard fork was that it would create a precedent that the code would be changeable. But this objection exposes an unmentioned universal truth: the immutability of the blockchain is entirely a matter of trusting other humans not to fork it. Ethereum Classic Classic would be no more immutable than Etherum Classic, which was no more immutable than Ethereum. At best, the stakeholders – humans all – were showing that they were more trustworthy qua humans about not forking around with the blockchain. But at the same time, they obviously could change their minds about forking at any time. In other words, if Ethereum Classic is more trustworthy, it's only because the humans behind it are.  

Third, if you are buying into Ethereum or The DAO or any other DAO, you are being asked to trust the people who review the algorithm and tell you what it does and whether it's secure. But those people – computer scientists, say – are hardly incorruptible. Just as you can bribe an accountant to say that the books are clean, so too can you bribe a computer scientist. Moreover, you're putting your trust in whatever filters you applied to select that computer scientist. (University or professional qualifications? A network of friends? The testimonials of satisfied customers – which is to say, the same method by which people selected Bernie Madoff as their financial advisor.)

Blockchains don't offer us a trustless system, but rather a reassignment of trust

Finally, even if you had it on divine authority that the code of a DAO was bug-free and immutable, there are necessary gateways of trust at the boundaries of the system. For example, suppose you wrote a smart contract to place bets on sporting events. You still have to trust the news feed that tells you who won the match to determine the winner of the bet. Or suppose you wrote a smart contract under which you were to be delivered a truck full of orange juice concentrate. The smart contract can't control whether or not the product is polluted by lemons or some other substance. You have to trust the humans in the logistics chain, and the humans at the manufacturing end, to ensure your juice arrives unadulterated.

Can't these gateways to the system be trustless as well? Can't smart contracts some day have code to call for robotic orange-pickers and robotic juice concentrate-makers who would summon their robotically driven trucks to deliver the orange juice concentrate straight to our door? Yes – in theory. But imagine the task of reviewing the code to ensure that every step in the process hadn't been corrupted by a bug that uses security failures to highjack trucks, or that gives false approvals to adulterated orange juice. Perhaps we could write second-order programs to automate the testing of the first-order programs – but why do we trust those? Do we ultimately need automated automated-program-tester testers? Where does it end?

By now, the answer should be obvious: it ends with other humans. Blockchains don't offer us a trustless system, but rather a reassignment of trust. Instead of trusting our laws and institutions, we are being asked to trust stakeholders and miners, and programmers, and those who know enough coding to be able to verify the code. We aren't actually trusting the blockchain technology; we are trusting the people that support the blockchain. The blockchain community is certainly new and different, and it talks a good game of algorithms and hashing power, which at least sounds better than tired slogans such as Prudential is rock solid and You are in good hands with Allstate. But miners aren't necessarily any more reliable than the corporations they replace.

The sorry case of The DAO raises another question: Why are people so eager to put their faith in blockchain technology and its human supporters, instead of in other social and economic organisations? The upheavals of 2016, from Brexit to Trump, suggest that there is widespread fatigue with traditional institutions. Governments can be bought. Banks are designed to service the wealthy, and to hell with the little guy. 'The system is rigged' is a common refrain.

But instead of targeting the moral failures of the system and trying to reform it, the very concept of 'trust' has become suspect. Blockchain enthusiasts tend to cast trust as little more than a bug in our network of human interactions. To be sure, one of the weird features of trusting relationships is that, in order to trust someone, there has to be some chance that they will fail you. Trust involves risk – but that's not necessarily a bad thing.

Which brings us back to Buterin and the hard fork of The DAO. What made this event significant was not just what it demonstrated about the foibles of technology or the hubris of 20-something computer scientists. What it really exposed was the extent to which trust defines what it is to be human. Trust is about more than making sure I get my orange juice on time. Trust is what makes all relationships meaningful. Yes, we get burned by people we rely on, and this makes us disinclined to trust others. But when our faith is rewarded, it helps us forge closer relationships with others, be they our business partners or BFFs. Risk is a critical component to this bonding process. In a risk-free world, we wouldn't find anything resembling intimacy, friendship, solidarity or alliance, because nothing would be at stake.

Perhaps we ought to reconsider the desire to expunge trust, and instead focus on what should be done to strengthen it. One way to support trust is to hold institutions accountable when they betray it. When the US Department of Justice, for example, elected not to prosecute any of the bankers responsible for the 2008 financial collapse, the net effect was to undermine confidence in the system. They debased the principle of trust by showing that violating the public's faith could be cost-free.

Much of our system of trust is invisible to us – but it would be helpful if we could be more aware and appreciative all the same

Second, trusting relationships should be celebrated, not scorned. When we believe in someone and they betray us, our friends might call us a sucker, an easy mark, a loser. But shouldn't we celebrate these efforts to trust others – just as entrepreneurs talk up the value of failure on the road to innovation? Isn't the correct response along the lines of: 'I see why you trusted them, but isn't it is terrible that they let you down?'

Third, we should appreciate the trusting relations we engage in, and are rewarded by, every day. We're constantly relying on others to help us with something or look after our financial affairs, and much of the time we simply take it for granted. In part, that's because much of our system of trust is invisible to us – but it would be helpful if we could be more aware and appreciative all the same.

Finally, we shouldn't deceive ourselves with the idea that a technological fix can replace the human dimension of trust. Automation of trust is illusory. Rather than disparaging and cloaking human trust, we should face the brutal truth: we can't escape the need to rely on other people, as fallible and imperfect as they might be. We need to nurture and nourish trust – not throw it away, like so much debased and worthless currency.



_- Steve

No comments: