"Who were the humans doing things?"
Professor Angela Walch on crypto, power, and fiduciaries
Oh, hi there. 👋
If you read the first issue of Untangled on how crypto isn't decentralized, welcome back.
If you're new to Untangled, please make yourself at home. And by 'make yourself at home,' I mean subscribe now, and share the newsletter with the entire Internet. 🙌
This week, I spoke with Angela Walch (@angela_walch), Professor, St. Mary's University School of Law and Research Associate at the Centre for Blockchain Technologies, University College London.
In our conversation:
Angela reminds me that the SEC has stated that if a project is “sufficiently decentralized” it should be treated as a commodity, not a security. That...is mortifying. If you don’t immediately know why, please give Untangled’s most popular post (i.e. first and only) a read before continuing.
We discuss making software developers a "fiduciary." Turns out, doing so fits the problem of unaccountable power like a pair of skinny jeans after Thanksgiving: imperfectly. 🦃
Angela recommends three papers for you, dear reader, to dive deeper into crypto governance.
Let’s dig in, shall we?
Charley: Angela, welcome to Untangled!
Angela: Thanks for having me.
Charley: Alright, so how did you first become interested in crypto, what's your origin story?
Angela: I transitioned from practicing law to academia, about 10 years ago. My research interest at the time was what money was, who had the power to make money, how it works, etc. When people were saying Bitcoin was potentially a new form of money, I wanted to understand it. From the beginning, the discussion about Bitcoin left out a lot of talk about...the humans doing things. It was technology all the way down. So I wanted to understand: who were the humans doing things?
Charley: Take me back to when you realized that the term ‘decentralization’ might be hiding or obscuring power in the crypto space.
Angela: In 2013, I went to an early Bitcoin conference in NYC. There were major figures in the crypto community in attendance, and they were talking about forming a Bitcoin foundation to be a voice for Bitcoin – to explain what it was to policymakers, regulators, and the public. Which struck me as strange – how do you give voice to something that is supposed to be decentralized? How can something that is decentralized have goals and policy aims?
Fast forward to 2018 – there was a really important speech by William Hinman, a high-ranking official in the SEC. He laid out a framework that would determine whether a token was a commodity or a security based on the level of decentralization of the system. I was like, okay, if we’re going to use ‘decentralization’ to make legal determinations, now we really need to figure out what it actually means. The SEC was treating decentralization as a metric -- as if it could be quantified or clearly defined.
Charley: That’s mortifying.
Angela: Right, it’s a qualitative concept. People in tech want to quantify it but it’s a lot fuzzier than that. We’re dealing with human behavior – how power is balanced between many different actors within the system. It’s not as simple as counting the number of nodes in the network.
Charley: What is at stake from your point of view? Why does this matter?
Angela: We need to understand how power operates in crypto systems. And by characterizing these systems as simply decentralized, we are glossing over it. Deeper questions need answers: Who has the ability to decide things for other people? To influence other people? To reap gains unevenly? In discussions about crypto, historically, the term ‘decentralized’ supposedly conveyed all you needed to know or say about how power operated in a system. ‘Oh, it’s decentralized, so I don’t need to worry about power concentrations or being exploited because power is diffuse here.’ In my view, the term gives people a false sense of comfort.
Charley: How did power operate in the context of the 2016 Ethereum hard fork?
Angela: One of the most famous bugs in blockchain history happened on Ethereum in the summer of 2016. A group of people had formed a sort of investment fund (known as “The DAO,” short for Decentralized Autonomous Organization) that would be operated through code run on the Ethereum blockchain. Shortly after launch, however, a hacker found a bug in the code and drained $50M from the fund.
When the funds were taken, the Ethereum developers then had to decide what to do. Some took the perspective that ‘code is law’ - that DAO participants had agreed to abide by the terms of the code, even if that meant the code could be exploited. Others took the perspective that even though the bug was written into the code, taking funds by exploiting the bug was a crime that needed to be remedied. The lead Ethereum developers ultimately decided to release a software upgrade that would recover the funds from the hacker – essentially violating the core blockchain principle of ‘immutability.’ Most of the network adopted the new software release, following the recommendations of the Ethereum developers. A smaller portion of the network did not, choosing not to recover the hacked funds, and to operate on the original blockchain. The Ethereum name followed the revised chain, and the original chain became ‘Ethereum Classic.’
Even though the Ethereum developers were unable to force blockchain participants to upgrade to the new software, they exerted a strong influence based on their deep, specialized expertise and the trust people had in them. There were lots of discussions about whether the core developer’s recommendations were affected by their personal financial interests, as some were investors in the DAO.
To me, moments of change help us see how decisions are really made – where power really lies. In responding to the DAO hack, core developers made a key decision and then exerted informal influence over the community. This is a great example of why I was so interested in writing about the ambiguity of the term ‘decentralization,’ and how it hides power.
Interestingly, though, the critique of ‘decentralization’ is now quite widespread in the crypto space, and people are always pointing to other crypto systems and saying that the system is not “really decentralized.” I hear anecdotally that software developers are now somewhat fearful of exercising their powers within the system (e.g., to fix a bug in a moment of crisis) because they fear they may be held legally liable.
So this is where we are – I think we need to be more realistic and honest about how power works in these systems. We need certain people to have more power than others in these systems (e.g., to maintain and protect the systems), and we need to admit that certain people are, by necessity, filling these roles. Developers are guardians, caretakers, and dare I say fiduciaries of the system. You want them to do the right thing and make good decisions. But you also need some accountability in the system -- trillions of dollars are resting on their shoulders. Let’s admit that, and identify some constructive solutions.
Charley: That brings us to your paper on software developers as fiduciaries. First off - what is a fiduciary?
Angela: Fiduciaries are basically people that you put trust in to act on your behalf. A lawyer is a fiduciary. Clients give me confidential information - it’s my job to act on their behalf in negotiations or represent them in court. Doctors are fiduciaries on behalf of patients. Corporate directors are fiduciaries on behalf of shareholders.
The law imposes certain duties on fiduciaries to protect the people trusting in them. (Legal scholar Tamar Frankel calls these people “entrustors.”) Entrustors have to trust their fiduciaries, but can’t really evaluate whether the fiduciary is doing a good job. Entrustors are vulnerable because they don’t share the fiduciary’s expertise. So fiduciaries typically owe a duty of care (in general, to act with competence and reasonableness) and a duty of loyalty (to place the interests of the entrustor ahead of their own) to their entrustors.
I think these concepts have some resonance for key software developers in crypto systems and significant miners who control a high percentage of the hash rate. If there is a critical bug in the Bitcoin Core software, for instance, large numbers of people are putting tons of trust in these developers to fix the bug safely, as well as to put the system’s interests ahead of their own in the resolution of the bug (so, they shouldn’t be tipping their spouse about the bug before the information is publicly disclosed, or even exploiting the bug themselves).
There is so much money riding on these systems and yet we’re using this kind of loosey-goosey open-source software model of governance.
Charley: What would this look like in practice?
Angela: In many ways, software developers of systems like Bitcoin and Ethereum are already acting as fiduciaries. They’re holding themselves to high standards. For example, they use testnets to try out the software, they do a lot of work to socialize any proposed changes, they audit the code. And if a bug is found, they take it seriously. For many projects, it wouldn’t change much.
But there are still regular news reports of systems that haven’t audited their code and therefore it is riddled with bugs. We would need to align on a standard of accountability – what are the best practices for creating high-stakes code, for reviewing it, for finding and fixing bugs -- and failure to meet that standard could trigger certain consequences if people are harmed.
Charley: What are the costs to the fiduciary model?
Angela: Well, one challenge is that it’s quite difficult conceptually to draw the line between blockchain systems and all other open-source software systems. Why would Bitcoin core developers be fiduciaries of the system but not Linus Torvalds of Linux, for instance? (Maybe he should be?)
But the main argument that people make is that calling developers fiduciaries would end open-source software altogether - that if we make software developers legally liable for the harms of the software they create, they simply will stop creating software.
This is a tough one, but I do think we need to reexamine the liability and governance frameworks for software in critical systems, including in open-source software projects, which function as critical infrastructure in many cases. Does the governance model adequately protect the system when no one is required to manage or anticipate crises? I think that once a system passes a certain point of scale or is relied on by other important systems, you have to protect that system in a more robust way. We do this in other contexts for critical systems – why not for open-source software that performs critical functions?
Charley: Fast forward ten years from now - how do you think governance will play out?
Angela: I’ve grown more pessimistic about traditional governance frameworks over time and therefore I’m more open to the value of experimenting with governance in crypto. However, I’m not particularly optimistic that the crypto governance experiments will leave us in a materially better place. In the end, I think we will still have power concentrations and exploitation – with the difference being that new people have the power (i.e. in a world where crypto dominates, power will have been transferred from those who have it now in the traditional financial system to those who hold it in crypto systems). So I think we are in the midst of a power transfer rather than a diffusion or democratization of power.
You made it to the end of the email! 🥳 As a reward for all of your reading, here are more things to read. 📚
Angela recommended three papers on crypto governance just for you:
Quinn Dupont, Experiments in Algorithmic Governance: A history and ethnography of “The DAO,” a failed Decentralized Autonomous Organization, in Bitcoin and Beyond: Cryptocurrencies, Blockchains, and Global Governance (ed. Malcolm Campbell Verduyn), Routledge, 2017.
Gili Vidan and Vili Lehdonvirta, Mine the Gap: Bitcoin and the maintenance of trustlessness, New Media & Society 21(1): 42-59 (2019).
Vlad Zamfir, Against Szabo’s Law: For a New Crypto Legal System, Medium, Jan. 6, 2019.
Next week’s conversation is with Nathan Schneider (@ntnsndr), Assistant Professor of Media Studies at the University of Colorado. We talk about his paper Cryptoeconomics as a Limitation on Governance. Get hyped!