The Truth Machine: The Blockchain and the Future of Everything. Paul Vigna

Чтение книги онлайн.

СКАЧАТЬ But the law goes much, much deeper and much, much broader than that. The philosophical question of “what is law?” can prompt a host of different answers, but the more you dig into the concept the harder it is to separate law from what Carl Jung called our “collective unconscious,” a set of ideas about how to treat each other that we’ve inherited from prior generations and iteratively altered over millennia. It’s simply not something we can reduce to computer code.

      No episode brought this lesson home more forcefully than the debacle of The DAO attack of June 2016. The DAO stands for The Decentralized Autonomous Organization. In using this name, the founders of The DAO appropriated an acronym that had until then been used as a generic description of a variety of new, and potentially valuable, systems of automated corporate management and attached it to an extreme expression of techno-anarchic ideals. The DAO was an investment fund established by Slock.it, a smart contracts development group founded by Ethereum’s former chief commercial officer, Stephan Tual, and two others. This entity, The DAO, was to be entirely managed by software code—no CEO, no board of directors, no managers of any kind. This kind of thing had been talked about in theory, but these guys were the first ones to give it a shot. The basic idea was that the platform would allow the funds’ investors to vote on how to allocate its money—that is, to select from a variety of proposed projects. The idea was that a more democratic, and supposedly superior, investment logic would emerge than that of traditional funds, where fund managers’ interests don’t always align with those of their principals.

      It was pie in the sky to the moon, and then some. Investors were invited to buy DAO tokens with ether, Ethereum’s native currency, giving them a stake in The DAO fund. Decisions on investments would depend on token holders’ votes on submitted business proposals. After that, the contributions, dividends, and distributions would all be handled according to the Ethereum-based smart contract that ran The DAO. The concept sparked an inordinate amount of excitement among decentralization utopians within the crypto community, who saw it as a way to prove that effective economic decisions could be made without relying on third-party institutions, whether private or government.

      Lawyers expressed concerns about the lack of redress in the event of losses, and respected cryptographers such as Zcash founder Zooko Wilcox-O’Hearn and Cornell professor Emin Gün Sirer gave grave warnings about flaws in the code that would allow a clever hacker to siphon off funds. Despite this, investors poured $150 million of ether into DAO tokens in just twenty-seven days. It was, at the time and at that valuation, said to be the biggest crowdfunding exercise in history.

      As it turns out, the whole concept was doomed by defects unnoticed by founders and investors blinded by hubris and idealistic faith. In the pitch documents explaining the terms of the deal, Slock.it said, “The DAO’s smart contract code governs the Creation of DAO tokens and supersede[s] any public statements about The DAO’s Creation made by third parties or individuals associated with The DAO, past, present and future.” This was a bold—and, as it would turn out, poorly conceived—statement. It pushed Lessig’s “code is law” concept to an extreme interpretation, a literal interpretation. They wanted to eliminate humans, and their fuzzy, subjective notions of what is right and wrong, from the equation.

      The flaw in this logic was soon made apparent. In the early hours of Friday, June 17, 2016, monitors of The DAO’s ether account realized that it was being relentlessly drained of funds. A massive attack was under way by an unidentifiable participant who’d figured out that if he or she wrote a program to interact with the smart contract, it could constantly ask for and receive funds, sent to a copycat DAO that they controlled. The attacker built a virtual version of an out-of-control ATM, one that could not be turned off by the now autopilot-managed DAO system. Before they locked the attacker out, he or she siphoned off almost $55 million worth of ether.

      The panicked organizers now found themselves in legal no-man’sland since they had declared that nothing supersedes the code. Whatever the software does was supposed to be okay, and in this case the software, according to the rules of its own code, was redistributing investors’ funds to one savvy user. “I’m not even sure that this qualifies as a hack,” wrote Gün Sirer, the Cornell professor, on his blog post later that day. “To label something as a hack or a bug or unwanted behavior, we need to have a specification of the wanted behavior. We had no such specification for The DAO…. The ‘code was its own documentation,’ as people say. It was its own fine print. The hacker read the fine print better than most, better than the developers themselves…. Had the attacker lost money by mistake, I am sure the devs would have had no difficulty appropriating his funds and saying ‘this is what happens in the brave new world of programmatic money flows.’ When he instead emptied out coins from The DAO, the only consistent response is to call it a job well done.” By The DAO founders’ own terms, the attacker had done nothing wrong, in other words. He or she had simply exploited one of its features.

      In the real world, the spirit of the law always supersedes its letter—the intent is more important than the code. In this case, the intent of the attacker was made clear in the mood of the token holders: they were angry; they believed they’d been wronged. They wanted their money back. But whom were they going to sue? There was no designated owner of this enterprise. They were all equal members of a decentralized system with no one in charge. As many lawyers argued, however, the law will always find a way to get around that problem. The law will seek out and find someone to hold responsible. And in this case those most likely to be fingered were the Slock.it team and various Ethereum founders and developers who’d encouraged and promoted The DAO. Even if they could avoid legal consequences, their reputations, and that of the system they supported, were on the line.

      Sure enough, one year later, the law did take an interest. Conducting an investigation into the affair, the U.S. Securities and Exchange Commission ruled that the tokens that had been issued constituted unregistered securities and so would have been in breach of U.S. laws. To Slock.it’s inevitable relief, the SEC decided not to pursue charges, but the press release explaining its decision was a shot across the bow. Not only did it make clear that the growing number of crypto-token issuers needed to be wary of regulatory action, but it was also a reminder of how far-reaching are the jurisdictional powers of regulatory institutions that carry the weight of U.S. law behind them.

      A related matter is the question of how to incorporate relationships of human trust into a blockchain. Bitcoin purists believe that users need not trust anyone with whom they enter into a transfer of bitcoin currency. The record of their transactions is generated according to a distributed software program that no one controls, and when currency is transferred to other users, that exchange is verified by a decentralized system that requires no “trusted third party’s” adjudication and has no need to identify the users. But in reality, Bitcoin users can’t get away from having to trust someone or something. For one, the payment is only one part of the transaction; there’s nothing in the software that ensures that the merchant delivers the goods or services offered in return. Bitcoin users also must trust that data being input into the record is reliable. How do you know the smartphone or PC you are using to give instructions to the Bitcoin network hasn’t been compromised? How do you know that when you are typing “6f7Hl92ej” on your keyboard, those characters are the ones being conveyed to the Bitcoin network? We have little choice but to trust that Apple, Samsung, and other manufacturers are using strict supply-chain monitoring systems to ensure that attackers haven’t put malware into the chips. This is not to sound paranoid, because the fact is that, even in the face of constant cyberbreaches, we all choose to trust our computers. But it is to say that it’s inaccurate, and a little naïve, to think that blockchain systems operate within what some in the cryptographic community describe as a state of “trustlessness.”

      Once we go beyond bitcoin currency СКАЧАТЬ