What's the right lesson for the decentralization community to learn from the collapse of the DAO?
Perhaps the simplest lesson is that even decentralized networks need governments, and have governments. Every network is a state. Every state has a government.
Decentralization theater considered harmful
In Dijkstra's terms: decentralization theater considered harmful.
Decentralization theater means any system that produces not decentralization, but the appearance of decentralization. Security theater is the enemy of real security; decentralization theater is the enemy of real decentralization.
A network without decentralization theater is one that admits:
- any network is a digital state with a central government.
- any new state is born at war with full emergency powers.
- limiting and/or eliminating governance is a slow, hard task.
TLDR: true decentralization isn't just a technical problem. It's also a political problem, and not an easy one. Believing you've solved it, before actually solving it, is not a way to solve it.
Decentralization and legitimacy
Steve Randy Waldman is not alone in pointing out that a blockchain is a parliament. It's just the technical reality that a majority of miners in a proof-of-work blockchain, or stakeholders under proof of stake, have the mathematical power to govern the network absolutely.
But this power does not give them the legitimate authority to do whatever they want. Mathematically, the Ethereum miners can easily roll back the DAO. Do they have the right to roll back the DAO? As we write, this question is one much debated.
We have an easy answer: no. The most basic principle of law is that pacta sunt servanda, agreements must be respected. A good clue is that before the DAO hack, everyone swore great oaths to "the steadfast iron will of immutable code." Methinks the lady did protest too much. But these oaths make rolling back the DAO blatantly illegitimate.
From a governance perspective, the line of lawlessness isn't the line between soft and hard forks. It's any fork which makes an exception for a specific address. Ethereum has already done this by freezing the DAO contract. At this point, it might as well be hanged for an ox, and go through with the full rollback.
Illegitimacy and belligerency
Within the ethos of Ethereum (we are obviously not qualified to comment on "real" law), a rollback is a lawless act. This does not make it a wrongful act. It simply cannot be judged as an act of law. Rather, it is an act of war.
And judged as an act of war, a DAO rollback is exactly right. Ethereum is not dealing with a "participant." It is dealing with a pirate, a thief, hostis humani generis.
As a state at war with an external enemy, the Ethereum network shouldn't just zero the DAO hacker's booty. It must do all it can to destroy her. If possible, it must dox and report her. The right place for this fool is the supermax, not the Riviera.
But does Ethereum really want to be at war? And if Ethereum is at war -- and this certainly isn't the only pirate in the sea -- how does it become decentralized? If Ethereum is at war, where there is no law, how can it achieve its goal of creating a world where code is law?
But we really shouldn't panic. It is actually possible to go from wartime government to peacetime government, from absolute martial law to absolute rule of law. It is just nontrivial. It's a political engineering problem that can't be ignored. If it has to be solved, it should be solved properly.
What really doesn't work is to declare martial law, execute all traitors, terrorists and enemies of the state, then declare that elections will proceed as scheduled next week. If the goal is the decentralized rule of code as law, a rollback takes an enormous step backward. Reversing this setback isn't trivial.
Should Ethereum actually go to war? Or should it just let the hacker win? Clearly, from a pure blockchain perspective, the only correct thing to do is let the DAO burn -- as a painful warning to all future contract authors and participants.
At present, it seems that Ethereum's leadership has chosen war. Certainly, neither choice is obviously imprudent. Ethereum is a winner and probably has a bright future either way. But who chooses war needs a plan to win that war, and return to peace.
Sovereignty is conserved
For a government to even have the power to consider wartime measures, a government has to exist in the first place.
Again, we can't remind ourselves too often that a blockchain just puts absolute authority in the hands of the miners. We just think of this power in terms of the law it's supposed to enforce. But the two are different -- at least in wartime.
Why is it so hard to eliminate unaccountable power? Who watches the watchmen? The German legal scholar Carl Schmitt defined the problem well when he wrote: "the sovereign is who decides the exception."
In the American regime, the Supreme Court is sovereign by Schmitt's definition. We have a complex system of laws, which are not formal code but in some ways aspire to be; above it, we have a judiciary system that can decide arbitrary exceptions to those laws. Pure rule of law, Schmitt tells us, is always and everywhere an illusion. We can and should strive to approach this limit, but it's an infinity that we can't actually reach.
Schmitt's exception principle can be rephrased as "sovereignty is conserved." There is always someone who answers to nobody. We cannot eliminate government; the best we can do is tame it.
One way to think of the problem of reducing exceptional force to zero is to compare it to a simple unstable equilibrium, like a pencil standing on its point. The pencil on its point needs almost no force to stay upright. But the farther it deviates from this orderly, self-sustaining equilibrium, the more energy must be applied to return it to vertical.
Vitalik seems to have grasped more or less Schmitt's point: "Intent is fundamentally complex... we believe that we value things like 'fairness', but it's hard to define what fairness even means."
If we could define fairness, we would have a rule to which there were no exceptions. We would need no judges, or governments, or even soldiers. We would need no sovereignty. But since we can't define fairness -- yet need to enforce some clear vision of fairness -- sovereignty remains conserved.
Bitcoin, a blockchain at peace
Bitcoin has done an excellent job of freezing the war power of its own "parliament." Ironically, mining power in Bitcoin is quite centralized -- a small number of Chinese mining-pool managers, who have every opportunity to collude, could roll back anything. But they never have and they probably never will.
Even if a single pool controlled 51% of Bitcoin mining power, they'd have no incentive to break the rules -- quite the converse. We equate physical decentralization with limited governance, perhaps because we think of the physical difficulty of coordination as the main protection against arbitrary power.
Bitcoin shows that this isn't true. As far as we can tell, Bitcoin would keep working fine if there was only one miner. This uni-miner would have still have no incentive to corrupt the network -- though another party, such as a real government, might have an incentive to coerce the miner.
The important success of Bitcoin is the collective acceptance -- mathematically false, but politically true -- that rollbacks in Bitcoin are inconceivable. Bitcoin has governance problems, but they're confined to relatively unimportant questions, like the blocksize debate. "Decentralization" may not be quite the word, but somehow Bitcoin has achieved limited government. The pencil is standing on its point. For now.
A rollback creates a scary precedent. It's a sort of military coup. Just as the miners have the power to rule any blockchain, the military has the power to rule any country. Do they want it? The first coup makes the next coup much easier. Same with the first rollback.
In retrospect, the great mistake here was that Ethereum didn't know it needed a government, and did its best to pretend it didn't have one. After a rollback, Ethereum doesn't just have a government. It has a military dictatorship.
Ethereum and Bitcoin are qualitatively different. Bitcoin has a simple UI metaphor: cash. Everyone knows how cash works. A smart contract has its own UI metaphor: law. But as we see, mechanically administered law, law without judges, is a very different thing from ordinary human law.
What the DAO shows is that Ethereum just wasn't ready to be decentralized. It was not ready to allow a $150 million contract with no supervision or appeals process. The problem was not Ethereum's code per se -- although Solidity doesn't seem terribly well designed for preventing these pitfalls -- but the human understanding of its capabilities and limits.
A rollback acknowledges this. It acknowledges that Ethereum wasn't ready for complete self-government, and someone needed to have stopped the DAO from trading. It's not quite clear what the principle behind the rollback was.
Perhaps the best kind of DAO rollback would be a rollback which understood this error fully, and acknowledged that -- for the moment -- Ethereum needs a sovereign government, with the power to restrict and/or steward contracts.
Contracts are not payments. They are infinitely more complex. They will keep blowing up. Ethereum is full of buggy contracts, scammy contracts, ponzis and casinos, etc. A governed Ethereum, in the present state of the technology, might well choose to vet all contracts centrally before they started trading.
Would this be a permanent feature? Certainly not -- it would be a way for the community to collectively define a good contract. Once we know what a responsible, well-tested, non-scammy Ethereum contract looks like, it's much easier to return to the principle of caveat emptor and let good contracts outcompete bad ones.
But after the DAO hack, how does anyone trust any contract? Arguably, Ethereum is ready to be decentralized only when users are able to make this decision rationally, and get it right. This work simply hasn't been done.
Perhaps the worst-case scenario is one in which Ethereum approves the hard fork, on the "just this once" principle. To save the country, we need a military coup. But don't panic! "After executing all traitors and enemies of the people, the generals will immediately restore democracy and the rule of law."
The "just this once" fork takes us back to decentralization theater, where Ethereum pretends not to have a government. But now, this pretense is even more threadbare. The next hack, which will certainly happen, will produce yet another coup -- or at least a food fight over whether to have a coup. This is the path to a "digital banana republic," where the tattered illusion of law barely conceals the real law of nature.
The bottom line is that if a rollback happens once, we can expect it to happen again. This time, the rollback can be treated as an act of war, and no process is necessary. Next time, there needs to be a process -- or the dream of code as law will drift further away.
Having a central government isn't inconsistent with the ultimate objective of eliminating central government. Certainly, before Ethereum was released, its developers were its government. Every government is born in a state of chaos and war.
The mistake is just in thinking something as complex as Ethereum can jump directly to decentralization in a single step. The pencil is not standing on its point, or anywhere close. Before anyone can think about letting go, someone needs to actually lift it. To reach law, first enforce peace.
One of the governance problems of blockchains, related to the fundamental error of decentralization theater, is the failure to build deliberative institutions on top of the "parliament of miners." Voting by proof of work is great, especially if the majority is well above 51%, and can demonstrate its strength without an actual hashing race. It's a good way to finalize decisions. But not a good way to make them.
But blockchain governance would be considerably improved if the miners actually had a formal way to delegate their power to a structured institution that represented them. Both Bitcoin and Ethereum have foundations and/or core teams, but authority in these institutions isn't tied in any way to actual mining power. Informal politics fills this void with personality cults and eloquent blogposts, all hoping to create collective agreement among the actual voting miners.
History shows this is not a great way to run a railroad. Misalignment between a fundamental power, like the miners, and a group purporting to represent them, like the foundations, is inherently dangerous.
What's the alternative? An actual constitution. Perhaps the first smart contract that Ethereum needs is not the DAO, not even well-engineered, high-quality smart contracts like Augur and Maker, but just its own equivalent of 1789. If Ethereum needs a government, it must govern itself. It certainly has all the technical tools it needs!
Or, of course, it could just let the hackers win. This is the easiest path. And in the end, it may still be the best. War, who needs it?
A quick Urbit plug
Technically, Urbit needs governance much more than Ethereum. Decentralization remains our goal -- but it's a long-term goal. Decentralization theater has never even been a temptation. It's just technically impossible.
For example, until the Urbit OS and language (Arvo and Hoon) are frozen and perfect -- which, unlike Nock, will take a while -- Urbit is still "evergreen" -- it still needs automatic hotpatches from the network.
Whatever institution signs these updates is, by any standard, an absolute government. It's as if the Ethereum Foundation could push a hardfork of all clients by signing the new code on the blockchain. Getting out of this situation is a long-term goal -- where "long term" means years. Decentralization is hard.