December 10, 2016

Smart Contracts and Smart Questions - does a submarine have a blowhole?

As the topic wends its way into the mainstream consciousness, people struggle to figure out what all the smart contract talk is about, and perhaps more importantly what it is not about.

Smart Contracts as mostly & originally envisaged by Nick Szabo are not contracts, but they can be part of contracts. We can imagine this as two extremes being 100% no and 100% yes: At one extreme, SCs are little programs that mediate the flow of value, back and forth. In essence, machines with money, and if you give a machine your money, then well, that's fine, but you might be throwing it away, you might be gambling.

At the other extreme, these flows of value are engaged within the overall framework of agreeable trade between humans, and that's agreements and the domain of contract law. So contracts they are.

Does it matter? Well, that depends, as the lawyers like to say. It doesn't matter much when we're talking about a vending machine. It does matter a lot when we're talking about the sort of work that Barclays described with their Smart Contract Templates work. Clearly, Barclays want their contracts to be solid contracts before the law, and they call out their designs (as facilitated by R3's Corda in a very early demo) to utilise both the code and the legal prose, a thing highlighted earlier in these pages.

Which is to say, the finance end of town is only interested in smart contracts within the fully contractually-informed framework. That's because accidents happen and the go-to place to sort out disasters is the courts, with their facility for dealing with the unexpected or unusual. This notion goes back to the Magna Carta, which was ultimately a brawl over the right to a fair day in court.

If you want a pithy principled statement, it is like this: people who trade in large values want someone to mind their backs. These people believe that smart contracts will always break, and we need a way to get predictability back into the contract.

Which brings us to the DAO - that $150 million lesson in how not to build a smart contracts platform. We didn't just see an accident, we saw a series of unexpected consequences as a bunch of people stumbled over each other to launch from one disaster to the next, from frying pan into the fire, onto the chopping board and then into the cauldron. I haven't followed it in detail, so feel free to correct, but it looks like 50% of market cap wiped out, a loss of the remaining principle funds, the permanent twilight split of the currency into two, in which some people sort of maybe got their value back and some people sort of maybe didn't. Four (?) hard forks in series, and a behind-the-scenes brawl that is only a lawsuit away from causing disaster to the personal lives of many of the chain's bravest and best.

To interpret a short, pithy principle, the investors in the DAO found that nobody's minding their backs. And when that happens, the brawl starts. Magna Chaina?

Which leads us to two things other than dramatic loss of money: a completely unpredictable result, being somewhat at odds with the famous reputation of a smart contract to provide a predictable result, and a consequent loss of faith in pretty much everything related to the area: contract, chain, currency, people.

And it is this that the pundits unfamiliar with trade miss - the concepts of faith and predictability in human affairs. If they don't exist, the machine doesn't care, but the people stop trading. People leave. Which leads to the smarter question - how do we deploy smart contracts such that people have the faith to trade and stick around for another trade?

The smart answer is, we do it with predictability. Just as the smart contract suggests predictability when it is running, it needs to prepare for predictability when it's not.

And it's that question which underlies the question of enforcability explored in the Norton Rose Fulbright white paper co-released with R3 (disclosure - I reviewed the paper and lots of my suggestions made their way in). When asking, is a smart contract enforceable? what they're really asking is, does the smart contract deliver the sort of predictability that leads to long-term faith in the platform?

The DAO did not. Ethereum clearly isn't ready for that mission, as yet, and until they can conquer the buggishness of the chain *and* the contract code *and* the people, it won't be ready to deliver the sort of predictability that builds faith for ordinary people. (: To be fair, no DLT is ready, including Bitcoin and Corda and every other startup 'smart' product out there, although some will try even when not ready :)

But what the proponents of the code-only smart contract are holding out for is that there is a place where the concept works without law being needed, without contracts being agreed and without enforcement outside the code. They refer to the humble vending machine, but this is not a good example. Vending machines have stickers on them with phone numbers to call for a refund and owners to sue when they don't work. Vending machines are not code-only machines - they enter into contracts much the same as any merchant in a shop. The law has your back when you use a vending machine as much as it does when you buy bananas at a market; if it didn't the economics wouldn't work, the vendor wouldn't be able to field 100s or 1000s of machines.

So why is a vending machine such a heroic role model for the smart contract? I suspect it is because if you get stiffed for a drink, then you're likely to kick it and move on - that is, you decline to use any rights you might have at law, and instead use the rights you have in mobility or rebellion. But this optionality born of convenience doesn't mean you don't have the rights, and doesn't mean you will buy again at the next machine that offers to steal your dollar for a promise of a drink. Failure is remembered, and failure is the opposite of faith.

Proponents of smart contracts sans law also refer to agents that spend money back and forth between themselves without recourse to humans. But those agents have owners (else they're not agenting) and those owners get mighty p*ssed when the agents aren't showing profit. If you discover the supermarket is hacking your fridge through 7547 to offload stale icecream, you turn the bl**dy thing off and return it. You don't say, "oh, it's a smart contract, I've got no recourse. I'll just feed it another $100 bucks and throw out the unneeded gallons of surplus mush I got diddled for..."

The school that says code is law not only have misinterpreted the origins of the phrase, but also have a high bar to find a financial smart contract that isn't using some aspects of the law, isn't going to reflect badly on the ecosystem, and isn't going to be treated as a toy. It might exist. But don't get your hopes up.

And even if it is found - a smart contract that works usefully with no external backing into human custom will likely only be a small market. Right now, the interesting contracts are code and prose, together, and they back into someone who's minding your back. That's not to say you're going to be enslaved to the courts, yet again, and see the Norton Rose Fulbright paper for suggestions on how to do it without the courts. Or here.

Mental health warning - you can disassemble the courts, the law and the lawyers into a design of your own making, if you act fast enough. Or you can wait until they all turn up, in conspiracy against you. Your choice.

Finally, in answer to that rhetorical question - does a submarine have a blowhole? Yes, it's called a snorkel. In common with whales, the submariners and diesels alike need to recycle the fumes for fresh oxygen in order to stay alive. :-) Enjoy the rest of your dive!

Posted by Prometheus at 11:48 AM | Comments (0)

December 04, 2016

Fake US embassy provides full service

It's been a while since I've posted on the cost of false documents, perhaps because I've fooled myself into belief that everyone's got the message: you can pick a full set for about $1000.

But this one is more adventurous:

In Accra, Ghana, there was a building that flew an American flag outside every Monday, Tuesday, and Friday, 7:30 a.m.-12:00 p.m. Inside hung a photo of President Barack Obama, and signs indicated that you were in the U.S. Embassy in Ghana. However, you were not. This embassy was a sham.

It was not operated by the United States government, but by figures from both Ghanaian and Turkish organized crime rings and a Ghanaian attorney practicing immigration and criminal law. The "consular officers" were Turkish citizens who spoke English and Dutch. For about a decade it operated unhindered; the criminals running the operation were able to pay off corrupt officials to look the other way, as well as obtain legitimate blank documents to be doctored.
The sham embassy advertised their services through flyers and billboards to cultivate customers from Ghana, Cote d'Ivoire, and Togo. Some of the services the embassy provided for these customers included issuance of fraudulently obtained, legitimate U.S. visas, counterfeit visas, false identification documents (including bank records, education records, birth certificates, and others) for a cost of $6,000.

There's no indication as to why it took a decade to find, nor whether the documents were good enough to fool.

Nor is there any indication in the article as to what $6k buys you - and $6000 does seem to be an outlier. Most of the prior information suggests $1000 gets you the set. It's important to know the number, roughly, because it sets the bar as to how much security we can expect from the state identity machine. Whether $1k or $6k is a low bar or a high bar depends, but what is the case is that there is a bar, above which we can expect criminals to leap for profit.

Posted by iang at 02:15 PM | Comments (0)

November 30, 2016

Corda Day - a new force

Today is the day that Corda goes open source. Which will be commented far and wide, so not a lot of point in duplicating that effort. But perhaps a few comments on where this will lead us, as a distributed ledger sector.

For a long time, since 2009, Bitcoin dominated the scene. Ethereum successfully broke that monopoly on attention, not without a lot of pain, but it is safe to say that for a while now, there have been two broad churches in town.

As Corda comes out, it will create a third force. From today, the world moves to three centers of gravity. As with the the fabled three-body-gravity problem of astrophysics, it's a little difficult to predict how this will pan out but some things can be said.

This post is to predict that third force. First, a recap of features, and shortfalls. Then, direction, and finally interest.

Featurism. It has to be said again and again (and over and over) that Corda is a system that was built for what the finance world wanted. It wasn't ever a better blockchain, indeed, it's not even a blockchain - that was considered optional and in the event, discarded. It also wasn't ever a smarter contract, as seen against say Ethereum.

Corda was what made sense to corporates wanting to trade financial instruments - a focus which remains noticeably lacking in 'the incumbent chains' and the loud startups.

Sharing. In particular, as is well hashed in the introductory paper: Corda does not share the data except with those who are participants to the contract. This is not just a good idea, it's the law - there are lots and lots of regulations in place that make sharing data a non-starter if you are in the regulated world. Selling a public, publishing blockchain to a bank is like selling a prime beef steak to a vegetarian - the feedgrain isn't going to improve your chances of a sale.

Toasting. Corda also dispenses with the planet-warming proof of work thing. While an extraordinary innovation, it just will not fly in a regulated world. Sorry about that, guys. But, luckily, it turns out we don't need it in the so-called private chain business - because we are dealing with a semi-trusted world in financial institutions, they can agree on a notary to sign off on some critical transactions; And -- innovation alert here -- as it happens, the notary is an interface or API. It can be a single server, or if you feel like going maximal, you can hook up a blockchain at that point. In theory at least, Corda can happily use Bitcoin to do its coordination, if you write the appropriate notary interface. If that's your thing. And for a few use cases, a blockchain works for the consensus part.

These are deviations. Then there are similarities.

Full language capability. Corda took one lead from Ethereum which was the full Turing-complete VM - although we use Java's JVM as it's got 20 years of history, and Java is the #1 language in finance. Which we can do without the DAO syndrome because our contracts will be user-driven, not on an unstoppable computer - if there's a problem, we just stop and resolve it. No problem.

UTXO. Corda also took the UTXO transaction model from Bitcoin - for gains in scaleability and flexibility.

There's a lot more, but in brash summary - Corda is a lot closer to what the FIs might want to use.

Minuses. I'm not saying it's perfect, so let me say some bad things: Corda is not ready for production, has zero users, zero value on-ledger. It has not been reviewed for security, nor does that make sense until it's built out. It's missing some key things (which you can see in the docs or the new technical paper). It hasn't been tested at scale, neither with a regulator nor with a real user base.

Direction. Corda has a long long way to go, but the way it is going is ever closer to that same direction - what financial institutions want. The Ethereum people and the Bitcoin people have not really cottoned on to user-driven engineering, and remain bemused as to who the users of their system are.

Which brings us to the next point - interest. Notwithstanding all the above, or perhaps because of it - Corda already has the attention of the financial world:

  • Regulators are increasingly calling R3 for expertise in the field.
  • 75 or so members, each of which is probably larger than the entire blockchain field put together, have signed up. OK, so there is some expected give and take as R3 goes through its round process (which I don't really follow so don't ask) but even with a few pulling out, members are still adding and growth is still firmly positive.
  • Here's a finger in the air guess: I could be wrong, but I think that as of today we already have about the same order of magnitude of programming talent working on Corda as Bitcoin or Ethereum, provided to us by various banks working a score or more projects. Today, we'll start the process of adding a zero. OK, adding that zero might take a month or two. But thereafter we're going to be looking at the next zero.
  • Internally, members have been clamouring to get into it for 6 months now - but capacity has been too tight because of the dev team bottleneck. That changes today.

All of which is to say: I predict that Corda will shoot to pole position. That's because it is powered by its members, and it is focussed to their needs. A clear feedback loop which is totally absence in the blockchain world.

The Game. Today, Corda becomes the third force in distributed ledger technologies. But I also predict it's not only the game changer, it's the entire game.

The reason I say that is because it is the only game that has asked the users what they want. In contrast, Bitcoin told the users it wanted an unstoppable currency - sure, works for a small group but not for the mass market. Ethereum told their users they need an unstoppable machine - which worked how spectacularly with the DAO? Not. What. We. Wanted.

Corda is the only game in town because it's the only one that asked the users. It's that simple.

Posted by iang at 07:15 AM | Comments (0)