Call Blockchain Developers What They Are: Fiduciaries
The recklessness of pioneers like The DAO and the need for learning are not unique to the blockchain ecosystem, pessimists notwithstanding. This technology is living through turbulent early days. It is bound to become safer and more powerful.
A certification process can provide participants in smart contracts with greater assurances they won't lose their money (see: the DAO). But in distributed systems, the true test of security comes when software is released into the wild.
The recent hack of the DAO (short for Decentralized Autonomous Organization) and the subsequent reversal of funds on Ethereum's blockchain should finally put an end to a decentralization charade. People are, in fact, governing public blockchains, and we need to be able to trust them.
From the beginning, the core developers (who write, evaluate and modify the software code) and the powerful miners (holders of significant chunks of computing power within the network) have been the governing bodies of these so-called decentralized systems. Yet the romance of decentralization — with the seductive idea that we don't have to trust anyone because no human is doing anything — has allowed many to overlook this important truth.
In the techno-utopian world of blockchain technology, it has become fashionable to proclaim that software code and its operation can replace the need for human governance. Hence, the push toward "decentralized autonomous organizations," which are essentially corporations run through code rather than by people. The first of these, the DAO, began operating in May 2016, raising $150 million from investors to operate as a venture fund for blockchain technology.
The DAO is just software, coded by an ambitious group at the company Slock.It. It was embarrassingly compromised through a computer hack for $60 million within a month of its inception.
The theft's fallout has been dramatic. Since the DAO was built on the Ethereum blockchain, everyone involved with the technology was affected: DAO investors, owners of ether (the cryptocurrency of Ethereum) and anyone building anything on Ethereum, which has sought to be a platform for so-called smart contracts. This raised serious questions like: Should folks try to get the stolen ether back? Should they leave it be, as the hack was simply an exploitation of a bug in the purportedly unstoppable code?
Ultimately, the core developers of Ethereum decided to attempt a hard fork, which involved writing a new version of the Ethereum software that would recover the stolen funds and make them available to the DAO's investors. But implementing that hard fork required a threshold percentage of the network's miners (a decentralized network of transaction processors) to run the newly revised code. In other words, the developers had to persuade the miners to upgrade.
Long story short: the hard fork initially appeared successful, but part of the Ethereum community thwarted the developers' best-laid plans. Akin to the "Bernie or Bust" movement in the U.S. presidential election, these mavericks kept the old Ethereum blockchain running and dubbed it "Ethereum Classic."
Worse, there is now competition between the all-new Ethereum (which took the name with it when it forked) and Ethereum Classic. And unsurprisingly, a group just announced on bitflikz.com that it is suing both the coders of the DAO and the Ethereum core developers.
Wow. Aside from the fact that there should definitely be a movie made of these escapades (The Anti-Social Network?), the DAO debacle spotlights something very important. It is past time to acknowledge that governance of public blockchains is happening, by actual identifiable people, and that these people's actions impact consumers.
In other settings, such as a corporation, we call the people who take comparable actions officers, directors and controlling shareholders. Along with these titles, we burden them with fiduciary duties because we recognize that others trust them to make good decisions on their behalf. We should treat those that govern public blockchains the same way.
Throughout the DAO episode, the Ethereum core developers have made critical decisions that impact Ethereum users. These include political choices (Should the blockchain be immutable? Should we treat the code exploitation as theft?) and technical choices (How do we write the code to take back the funds?).
The powerful miners of Ethereum, in voting for the hard fork by running the new software, made similarly critical choices for the network.
With millions of dollars of other people's money on the line, these were enormous decisions for this small group of people to make. This exercise of power makes them look an awful lot like fiduciaries of ether holders, and maybe even of investors in the DAO. Notably, the core developers and big miners have been making similarly consequential decisions since the blockchain's creation — the hard fork drama just makes this more transparent.
Treating the core developers and big miners of public blockchains as fiduciaries would set a clear standard for performance, make them accountable for actions that significantly impact other people, and ensure that they take their creation and operation of these public systems seriously.
Generally, fiduciary duties include a duty of care (to act with competence), a duty of loyalty (to act in the interests of those they serve rather than in their own interest), and according to some schools of thought, a duty of good faith. Those who have invested in Ethereum, whether by buying ether or building on its blockchain, have likely expected this level of performance from the beginning.
Blockchain (and tech) proponents will surely cry that this proposal would inhibit innovation, as coders won't work on cutting-edge projects if they could get sued for it. The default position in tort law is that it is very difficult to hold software developers liable for the harms their software wreaks. Software licenses — the terms on which people use software — generally disclaim all liability for problems the software causes. In keeping with the tech mantra that it's always better to ask forgiveness than permission, these powerful shields encourage coders to experiment.
This lax liability standard may work when we are talking about sharing music or creating cat videos. It doesn't work so well with money, finance, contracts, property records, medical records, proof of identity — all matters of fundamental importance in people's lives that blockchain technology seeks to disrupt. It's not just coding and running software that is happening here. People are making decisions about what should happen with other people's money.
With high-stakes matters like these, we want people to slow down and act carefully. When you know you are accountable to others, you take what you are doing extremely seriously. You get malpractice insurance. You evaluate whether you have the right expertise to execute your plan or whether you need to get some help. You consider the potential risks of your plan in addition to the benefits.
Blockchain technology jumped into the big leagues when it attempted to replace existing monetary, financial, property, contracting and identity systems. Those who are creating and operating the technology must therefore be accountable in a big-league way.
Angela Walch is an associate professor at St. Mary's University School of Law.