The Chamber of Digital Commerce recently published a National Action Plan for Blockchain. Since I count myself among the people interested in blockchain systems, and keen to find useful applications for them, I figured this was a document worth examining.
First, though, we should ask: who is the Chamber of Digital Commerce? They’re basically a group of blockchain-industry advocates. Those of you who are familiar with industry consortia will recognize the structure – a collection of organizations, each paying $5K to $50K per year for varying levels of membership (and associated influence). So although their name might suggest that they’re the digital branch of the U.S. Chamber of Commerce – that quintessential Main Street business lobby – there’s actually no relationship between the two. And once we know that the Chamber of Digital Commerce is a blockchain advocacy group, we can predict some of the likely tone and content of the report.
So what about the report itself? The best thing about it is that it’s short, which I know might sound snarky. It’s 8 printed pages, and 3 of those pages are basically filler (title page, a page about the Chamber, and an end page with the Chamber logo). So there’s only 5 pages to consider, which seems like a good thing if we’re seeking to grab the attention of decision makers. The structure of the paper is also promising: the first part talks about the importance of blockchain, the second part talks about the importance of government support, the third part talks about guiding principles for government, and the last part gives examples of blockchain applications in industry and government. Those seem like good areas to cover in a paper like this, and in a sensible sequence.
Unfortunately, when I started reading the paper it didn’t take long to find items that were objectively untrue – or at least highly misleading. The descriptions of blockchain and blockchain applications are full of hype. The principles for government focus on light touch at the national level, coupled with pre-emption of state regulation. Such an approach clearly maximizes the industry’s freedom and minimizes industry costs, but requires willful blindness to experience with blockchains to date. Some significant but well-known problems with blockchain systems are omitted, perhaps because they would undercut this advocacy of regulatory minimalism.
What’s missing? For example, there is no mention of the unusual and challenging nature of irreversibility in blockchain systems. Most financial systems involving trades or exchange recognize the possibility of error, and have some means for undoing or reversing erroneous transactions. When parties disagree about whether a given action should be undone, there are processes to handle the dispute (mediation, lawsuits, and the like). In contrast to these historic norms, a blockchain represents a new paradigm in which the shared representation is (largely) irreversible, by design. Once an erroneous transaction or fact is solidly in the blockchain, it’s not clear what can (or should) be done about it.
Further complicating the situation, it’s not just that you can’t necessarily reverse errors. There’s also the opposite problem: a correct transaction that’s apparently secure on a blockchain can disappear. The probability of this kind of change decreases with time, but it’s still a very real concern in terms of real-world interactions with this new technology. How long should you wait before you can rely on the transaction being stable? What recourse (if any) do you have if you rely on a transaction that disappears?
And as if that weren’t enough complexity, there’s the additional problem of a case like the DAO. Because hackers were successful at attacking the system and stealing a substantial chunk of the system’s value, some of the supposedly irreversible transactions were reversed. The implementation was of course designed (as all blockchains are) not to allow transactions to be reversed. However, that implementation is itself mutable (as all software systems are). So the ugly problems caused by hackers were neatly bypassed by a collective effort to install a new version of the blockchain’s implementation. This was in no sense a unanimous decision, and the losing parties had good reason to wonder why they lost. What should a participant in a future blockchain system reasonably expect?
We can turn away from blockchain irreversibility to consider the problems associated with high-stakes key management. It is hard to know for sure whether QuadrigaCX has millions of dollars’ worth of cryptocurrency that’s inaccessible due to the death of the only person who knew the private key – but it’s not hard to believe that such a situation could arise. Indeed, it’s likely to happen again. Is this kind of unfixable loss the only problem that arises from cryptographic keys and their management? Certainly not. We also have problems that arise from loss of control over crucial private keys, whether those keys belong to individuals, organizations, or – most alarmingly – exchanges. In most systems, access to a private key is what defines identity – if I can use your private key, then in cryptographic terms I am you. Correspondingly, if you don’t have your private key, then in cryptographic terms you aren’t you. The more money that is at stake, the higher the risk associated with losing or misplacing such keys, or of having them stolen by energetic hackers.
There is nothing about the nature of the technology that currently rules out such situations. Although there might well be technical solutions available for any particular case, we are not yet at a point where such solutions are standard best practices. And certainly there is nothing in law or regulation that is likely to avert these situations in the future. If anything, it’s quite the opposite: encryption and key management are unforgiving technologies, in which small errors can have large consequences.
Let’s step back and consider both the strange nature of blockchain irreversibility and the practical challenges of key management. We might first ask, What is a reasonable expectation in these cases? We may not know the single best answer today, but we might sensibly require blockchain systems to be transparent about their policies (or lack thereof). Similarly, we might at least consider the idea of whether some features or behaviors need to be required, so that blockchain customers don’t have to treat every blockchain system as a potential catastrophe waiting to happen.
Let’s step further back and ask about the broader landscape of blockchain questions: are irreversibility and key management the only two areas that might cause concern in terms of public policy? No, they’re just a couple of convenient examples. Although blockchain systems unarguably let us do some interesting things we couldn’t do before, that is not an entirely good thing.
Blockchain systems represent a combination of poorly-understood and complex characteristics, valuable items at stake, and readily-available stories of huge potential gains. We know from history that such a combination tends to attracts scammers and grifters, and we also know that real people have already suffered real losses from the volatile mixture of greed, complexity, and deception. It’s simply dishonest – and ultimately self-defeating – to say that government should just leave everything alone because industry will do the right thing. It’s entirely possible that a careful examination would conclude that the best available option is indeed self-regulation – but it’s absurd to act as though that is self-evident.
Sadly, the National Action Plan document represents another missed opportunity in “blockchain land.” Rather than taking an open-minded but skeptical approach to the question of how blockchains intersect with government, this document is just a mush of technology cheerleading and doctrinaire libertarianism. Perhaps this is what the Chamber members want to get for their annual membership fees, but I would have hoped for better.