Forking The DAO - Robin Hood Update

No, this is not science fiction: the Ethereum world really has been rocked by financial scandal, and has less than a month to resolve it.

It's very hard to explain this situation simply to fans of financial scandals who may be less familiar with cryptotechnology.

In essence a bunch of people ('curators') got together and created - or curated - a new type of open association, which they christened a Decentralized Autonomous Organization, and this first example “The DAO". 

The DAO is built on a new type of cryptographic software platform called a 'distributed ledger' or 'blockchain', in this case known as Ethereum. Such ledgers typically have their own virtual currency, in this case called 'ether'. 

The DAO's rules are in written in software code, so it is in fact a computer programme (or application or 'app'). The DAO is designed to be controlled by investors who use their 'ether' to buy DAO 'tokens' that entitle them to vote on the The DAO's affairs - the main issue being how the DAO should invest the 'ether' it raises through selling 'tokens' to investors, who can also start mini-DAO or 'child DAOs' to focus the investments. By last week the The DAO had raised $60m worth of ether at the going exhange rate.

You can maybe see what's coming...

A savvy participant noticed that The DAO would allow any participant to start a 'child DAO' under their own control and drain 'ether' from The DAO into the child DAO without bothering any of the other participants. 

So they did. 

Cue outrage!

The other participants and 'curators' now say this move was an "attack" that exploited a 'vulnerability' arising from a 'mistake' in The DAO's code. As a result, a 'soft fork' has been imposed by the DAO's 'curator' for 28 days, effectively freezing the child DAO and the ether within it. Many of The DAO's participants want to see the soft fork become permanent - or a 'hard fork' (this saga is providing endless scope for unfortunate puns). Yet The DAO web site's makes it very clear that the code is the sole contract governing The DAO (though what contractual significance The DAO's web site has is therefore questionable).  At any rate, The DAO clearly allowed what in fact happened.

It's ironic that the self-styled "attacker" has resorted to lawyers and is threatening court action to protect his/her/their financial gains. But it would be a fascinating case to run, and a real-world judgment on the issues (applicable law, jurisdiction, whether there was a mistake for which relief could be given etc.) could actually be very helpful to the development of distributed ledgers and the applications that run on them.

23 June:

Meanwhile, the parties are battling it out in a cryptographic re-enactment of Robin Hood (or Barbarians at the Gate?). So-called 'white hat' hackers (claiming to be 'good actors') attempted to secure the remaining ether in The DAO in other child DAOs but the 'attacker' joined them as well.

But is either set of participants 'right' or 'wrong', 'good' or 'bad'? Are they not simply competing in any fashion that The DAO allows?

Would you do business with The DAO or its 'children'?

Would you be happy for The DAO or any child DAO to be an investor in your business? 

Watch this (cyber)space!

Further reading:
Frances Coppola has written a great piece for Forbes.
Introduction to the DAO.
Open letter from "The Attacker".
DAO Wars: Hacker Counter-Attacks and Infiltrates the Robin Hood DAOs

Distributed Ledger Technology: Cutting Through The Hype

A busy start to 2016 has meant the blogging has suffered, but I have at least co-written an article with Susan McLean of Morrison & Foerster that cuts through the hype around blockchain and other distributed ledger technology (DLT). 

The article includes updates on a range of DLT initiatives across numerous business sectors; various policy and regulatory responses; as well as some thoughts on the challenges involved in implementing DLTs.

You won't be able to put it down! ;-)

Of Royalty Problems and Distributed Ledgers

January has been a whirlwind of meetings and discussion around the idea of using 'blockchains' and other distributed ledger technology to help track and collect royalties on creative works, starting with music and the Digital DNA Genome Project. The potential is certainly there for a new ledger-based environment for creative works. But whether distributed ledger technology will address the root causes lurking beneath the biggest problems that the creative industry faces is another question. Here are some observations relating to problems in the music sector, which I know from other conversations and reports resonate in other creative industry sectors...

The current processes for producing and distributing music are clearly broken.  A trawl through the comments below this 'story' on how much YouTube pays in royalties to artists gives you some insight into the problems faced even by those who work really hard at tracking and claiming what they are owed. Responding to a Wall Street Journal report on claims that Spotify fails to properly account for royalties, musician and critic David Lowery wrote to the Attorney General of New York State demanding action. Civil litigation has followed, seeking $150m in unpaid royalties. 

But the more you dig into the royalty problems, the more you realise they are just a symptom, not the cause, of the music sector's woes. One has to be careful about apportioning blame among the multitude of different types of participant involved in the overall process for creating, distributing and performing musical works. What some see as misconduct can easily be attributed to poor systems and record-keeping and a failure to address the root causes of those failures. But, again, go easy on the blame: it's a huge and daunting task to figure out all the processes involved in such a diffuse sector and then how to improve and control each of them so you know when things are going awry and how to respond.

Ultimately, however, one can't help feeling that listeners are not getting access to the sort of range and quality of music that a more efficient sector could deliver.

So, where to start?

The high level problem statement is that the ability to efficiently monetise music has simply not kept pace with the ability to generate and consume it. Why? Well, let's say that the back-office processes have not kept up with the front of house processes. How so? Back office staff at record labels and collection agencies, artist's agents - and even the artists themselves - manually reconcile paper contracts and bank statements to figure out who is owed what; and royalties are often still paid by cheques, even for tiny amounts. At the other end of the process, consumers can stream music and watch video clips on their smartphones. The distribution processes in the middle are also far from operationally efficient. They don't properly track and account for what is made available to consumers at the front end, and don't interface efficiently with the back office.

Why? 

Well, this is where the sector seems to have stopped analysing the situation, which is what we humans tend to do in such situations. We leap to conclusions and solutions. "It's in the interest of the big labels to do nothing about it," has been the most popular refrain, although "Google and Spotify don't care" seems to the latest chart-topper. Current 'solutions' range from sending in the auditors, to filing law suits, to preferring to stage live gigs and concerts as the way to make money. From a technology standpoint, we have the Codec idea from Benji Rogers - not to mention the distributed ledger initiatives that we'll come to.

But these are really just solutions in search of the root cause to the sector's actual problems, spawned more by a sense of helplessness and frustration than any pure insight.

To identify the solutions that will give the most bang for the buck there is a lot more work to be done in understanding all the processes; defining the key problems more precisely, measuring which cause the most pain, then analysing the range of root causes of those problems; before then figuring out which improvements are worthwhile implementing. Finally, all that work will be lost unless there are controls in place to know when the processes are starting to fail again.

Any new system for monetising music efficiently must be “customer-centric” and not merely ‘consumer-centric’ or ‘artist-centric’. It has to cater for the entire set of end-to-end business processes and treat all industry participants fairly. We have to recognise that each participant may be a supplier in one step of the overall process, yet the customer of another step; and which hat they are wearing when they complain. One could argue, for example, that artists are perhaps most upset not in their role as suppliers of music, but in their role as customers in process steps related to distribution, consumption and payment.

To become sustainable, 'the system' must evolve in a customer-centric fashion at each step, otherwise the participant in the role of the ‘customer’ will not buy in to the solution for that step. Equally, however, no one can afford to get caught up in anger and blame. The whole sector needs to move along the change curve to accepting that the system is broken and participate positively in the work required to fix it.

So it's simply too early to say what role, if any, distributed ledgers have to play in solving the creative industry's problems. It's not about imposing a solution, but rather fostering agreement on root causes of the problems and the necessary improvements and controls to be implemented.

That's not to say work should not continue on the use of ledgers in relation to music and other works. It is exciting to see the work on releasing music into ledgers by Ujo Music and MyCelia; Audiocoin; Aurovine; Revelator; Colu; and OCL (One Click Licence); as well as the work of the Kendra Initiative on the wider development of a distributed marketplace; and collaborative forums like the Digital DNA Genome Project mentioned earlier. I just don't think we should saddle these initiatives with the responsibility for solving the current woes of the creative industry - the two can co-exist quite peacefully.

Isle of Man Goes Crypto-Crazy

I'm indebted to my colleagues in the Isle of Man for pointing me to the IoM's recent Designated Businesses (Registration and Oversight Act 2015, which imposes various registration and anti-money laundering requirements on distributed ledger technology. Do we have a poster-child for how regulation of new technology can go way too far?

The IoM compliance obligations are aimed at: 

"the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating convertible virtual currencies, including crypto-currencies or similar concepts where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity;"

This seems likely to be counter-productive, to say the least, given that the 'currency' aspect of distributed ledgers is often merely there to reward the 'miner' or processor of transactions or events that occur on the ledger, regardless of whether those events are themselves financial in nature - financial services being merely one of many different potential applications.

So, should every business on the IoM that uses, or might wish to use, distributed ledgers register with the authorities and introduce AML controls on everyone it deals with, just in case? Maybe so...

Two specific points to make:

1. ‘convertible virtual currencies’ are defined more broadly than one would expect:

“including crypto-currencies or similar concepts [neither term being defined, except by what follows…] where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity”, 

Most definitions of a ‘currency’ require all these criteria to be met, not just any one of them. Imagine what would happen to the US Dollar, for example, if suddenly it was not accepted as meeting just one of the above criteria...  Indeed, for this reason many people disagree that Bitcoin - the most widely used form of 'crypto-currency' - is still nothing more than a commodity.

In addition, none of the typical exemptions under payment services regulations seem to be imported here. To take but one relevant example: consumer loyalty/rewards programmes are typically exempt on the basis that the rewards are only accepted as a means of payment within a 'limited network'. Do the local authorities really want every business participating in a loyalty scheme on the Isle of Man to register and apply AML controls just because the scheme involves distributed ledger technology? Maybe so...

2.  Similarly, the list of activities that trigger the relevant compliance obligations would seem to cover a vast array of potential services and their providers/users - recognising that these are distributed ledgers to which all computers running the protocol have the same access. Again, just think of consumer loyalty programmes as you go through the list:

the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating...

Even payment services regulation, for instance, exempts technology services that support transactions without the service provider handling funds. And the whole point of the ledger is that no intermediary is actually handling funds - its all happening peer-to-peer amongst machines - indeed perhaps everyone's device is handling the funds. Furthermore, there will be instances where access to a distributed ledger is just one element of a wider system - as in the car-rental example, or tracking shipping containers - and it may not be clear to everyone that a distributed ledger is involved if it's just to share the location or state of a vehicle or container.

Still, the Isle of Man's approach might at least be useful in demonstrating how regulation in this area can go too far...

Heap's Giant Leap!

Another great discussion about distributed ledgers, this time focused on the music sector, hosted by the Copyright Hub at the Digital Catapult. A quick summary of the discussion along Chatham House lines to protect the innocent.

By now it's clear that people in different sectors are encountering very similar issues that might be solved by distributed ledgers, but each sector tends to have a different set of priorities that might mean one is faster to take advantage of the technology. The fact that the first solutions have been alternative currencies tells you that proponents of distributed ledgers are not shy of a challenge. Now music is to get the same treatment with key events this Friday and Saturday night featuring the release of Imogen Heap's song "Tiny Human" into a distributed ledger for 'hackers' to attempt to spoil the party, followed by a live Saturday night post mortem on what could be improved. No doubt future events will try to perfect the process.

Why music? 

The problems in the music industry (and most other segments of the entertainment market) are pretty well-rehearsed, with just about every stakeholder group (except the consumers, these days) split over whether digital technology is helping all the participants strike the right bargain or robbing them blind. The revenue flows (or lack of them) have been the subject of constant disruption from internet technology, with the advent of P2P file-sharing via Kazaa in 2001 and rewards-based crowdfunding through Artistshare in 2003.

But bigger obstacles to reaching a better settlement for all concerned lie in the notorious lack of data about who really created and/or worked on various tracks and albums; or even about what's really in many 'back catalogues'. Then there's the secrecy surrounding licensing/royalty deals and the snail's pace of royalty collection/distribution - not to mention who sampled what; whether a performance and related video was a private family affair or an attempt to build a public-facing YouTube channel; hacking digital rights management software; and file-sharing. 

A lot of these issues go away if you just focus on creating and dealing with new music in a more efficient way. And few of these issues are exclusive to music itself. They relate to any item whose status changes a lot and where a multitude of different parties are affected but find it hard to get all their systems and processes to talk to one another. 

So this seems another case for getting everyone's machines to share a single view of a marketplace that avoids 'capture' by any single intermediary. In fact, the 'ledger' they all share becomes that intermediary. In that case, all the participants' machines running the same ledger protocol would be able to see and agree who created which music in its myriad iterations and remixes; who has the various types of rights to exploit or consume the various versions; who owes what to whom; and even make payments in the ledger currency.

Will it work? There's only one way to find out - hence Imogen's giant leap on Friday night.

I reckon it'll be all the rage this Christmas ;-)

Guest Post at Open Identity Exchange - A Pragmatic Approach To Distributed Ledgers

The post appears here.

Thanks to OIX for the opportunity to support the initiative.

What (The Hell) Is A Smart Contract?

Another good meeting of the BitcoinBlockchain Leadership Forum today, with the focus on practical use-cases for distributed ledgers and grasping at the nebulous concept of 'smart contracts' (links are to my own recent posts on these topics). 

In particular, we saw good, productive tension between Bitcoin blockchain purists who are intent on coding pretty much every element of a transaction into the blockchain; and those who see distributed ledgers as (also) playing a more limited role as just one layer or component in a broader array of gadgetry involved in any contractual scenario.

In my view, both approaches are valid but which 'wins' will depend on the use-case. And the development of the Internet demonstrates the technology will be used in ways no one intended anyway.

So, for my money, the definition of a 'smart contract' needs to be very broad, and I've suggested:

"an agreement performed via any number of applications, devices, networks and messages, which may involve entries in a distributed ledger."

This definition flows partly from a great discussion I had with Alex Amsel of Bitshake recently. I made the point that distributed ledgers seem most useful where a specific item is somehow dealt with or used very frequently and by many people or entities. Alex added a third condition: the participants are running different proprietary software, operating systems and/or devices - in other words they have an expensive interoperability challenge.

So a 'smart contract' might just be written in Word format, or html, and not embedded in a distributed ledger at all. But the subject matter of the contract - the rights to play a song, or rent a shipping container or space on a truck - might be 'hashed' into the ledger, and users' machines could interact using that hash, triggering instructions to pay the contractual amount to a certain account. Multi-factor authentication as one step in the contractual process (e.g. identify checks for anti-money laundering) is another example.

At the forum, there was mention of locating, booking and paying for a car space as another example. This was dismissed by lots of people who said you can already do this without a distributed ledger - the parking space is already entered in the systems of the council's chosen payment service provider. But that means I need to know which municipality I'm in to find the right payment app, download it and register a payment method before paying (I changed cars recently, so I have to re-do all that). And that inaccessibility is partly a function of having to cover the cost of expensive proprietary systems. But if parking spaces were 'hashed' in an openly accessible public ledger, couldn't our smartphones find and pay for them using that code and our own chosen payment method?

Anyhow, the point is not that we necessarily need distributed ledgers to pay for parking or any other specific use-case, but that once people begin using distributed ledgers more widely, tons of other apparently trivial uses become feasible and worthwhile. Conversely, a comparatively trivial but widely shared use-case might unleash more widespread adoption, as happened with text messaging (I'm not suggesting that parking will do it, by the way).

Of course, Bitcoin users will be screaming at their screens by now, if they've got this far. They'll be shouting that Bitcoin has already unleashed distributed ledgers. 

They're probably right.

1001 Use Cases For Distributed Ledger Technology...

Virtual currencies are so last year. This year is about all the other uses for the underlying technology - the blockchain and other distributed ledgers.  

The number of use-cases is starting to snowball with every discussion about scenarios in which a certain item is dealt with many times by many parties. That's because it will be more efficient and cost-effective for the item to be represented by a 'hash' in the ledger, and each transaction related to that item to be 'hashed' so they are available to any computer running the same language/protocol, rather than dealing with that using 'old' technology. Even though the ledger is openly accessible to everyone's machine, confidentiality can be guaranteed using encryption, so that only those computers with the right private key could unlock the hash and see the details.

Here are a few of the ideas, some of which are definitely being kicked around and most of which involve smart contracts, e.g.:

• car rental;

• identification tools - multi-factor authentication - e.g. checking validity of a drivers licence (hat tip to Alex Batlin)

• issuing/trading shares, bonds and other financial instruments;

• freight, transport, logistics - e.g. booking space in shipping containers, long-haul trucks and aircraft, and keeping track of the delivery items themselves;

• tracking, controlling autonomous vehicles/devices;

• switching to the best tariff minute to minute for services related to cars, homes, devices like insurance, gas, electricity, phone contracts;

• renting hotel rooms, accommodation;

• tracking and paying royalties for music, films etc;

• something I'm working on that it's not my place to disclose;

and on, and on.

In other words, distributed ledgers as a platform will have the same horizontal impact as the Internet,  mobile networks and the smartphone. The ledgers won't necessarily replace any of that, but will be an important layer, enabling all sorts of applications and devices to 'run' off the recorded transactions and related events.

Worth giving is some thought - just keep a good old fashioned pen and paper handy to jot down the flow of ideas ;-)