Protocol Governance: an 800 Year Old Experiment

Weakened by a losing campaign in France and facing an uprising of rebel barons, on June 15th, 1215, King John of England signed the Magna Carta. The Magna Carta was the first governance contract that established limits on the King’s power by setting up an oversight council of 25 barons. It was the initial step in the modern evolution of governance designed to protect the rights of citizens. But governance is hard, and the deal outlined in the Magna Carta didn’t even survive the year. Despite over 800 years of experimentation, we see our current systems being challenged around the world, and blockchain governance will likewise continually be tested.

with dozens of innovative projects working hard to develop scalable, decentralized and secure solutions. Each technology promises fast and secure transactions and despite regular delays, and some over-promising, undoubtedly many will fulfill the promise. In less than a year, we may see multiple consensus technologies achieve significant scale advances, and the focus will turn to security and to governance.

Governance refers not to how consensus is generated, but to how the network is managed. Even open source networks require some form of governance: how is the technical road map set? Who proposes changes? And how are they accepted? Does the network charge fees? If so, so how are fees determined and distributed? If governance can be manipulated, then code can be altered, incentives changed, trust undermined and in a worst case scenario, the network compromised. So the objective of governance is to ensure that the protocol remains trusted, free of interference or manipulation, and that the right incentives remain to develop and deploy upgrades that further the utility, use and security of the network.

If we see a future where more and more of the world’s commerce moves over public ledgers and where huge value resides on those ledgers, the security of both consensus and governance will be critical. The incentives for attacks will increase and instances of corruption or manipulation would not only cause value loss, but would undermine trust in the entire industry. Widespread adoption of distributed ledgers will depend on robust governance.

With China making a concerted effort to develop blockchain technology, and governments around the word hostile to large distributed networks such as Bitcoin, Telegram and Libra, we must realize that the most used ledgers will need governance strong enough to resist the influence of even state actors. And that is a very high bar.

What are the forms of distributed ledger governance and how suited are they to resist these potential threats? There are two main categories:

  1. On chain
  2. Offchain

On chain governance has a thousand permutations but all depend on some form of economic (coin) related voting which assumes both a level of participation, and that users behave rationally to maximize their coin value. Both assumptions are questionable. Participation has been anemic in many systems, and for users on multiple platforms, being informed on the issues requiring votes is daunting and unrealistic. If we look at voting in the traditional public company context, participation of informed voters is very low with most votes being cast by proxy services.

It is impossible to construct a network where the economic incentive isn’t vulnerable to an attacker with objectives larger than the price of the coins required to compromise the network. Pokadot for example, increases vote weight based on coin lock up duration, and for typical users the incentives make sense, but it can be overwhelmed by a motivated state attacker or even a large competitor. Reputation based voting is potentially even easier to compromise by bribing the only the high reputation voters, and anonymous voting can compound the problem as there is no off line reputation accountability for suspected collusion.

This economic vulnerably is relevant because on chain governance models are for open source projects for whom generally ‘code is law’. We may not like our current reliance on large, centralized companies, but they are subject to laws and overseen by shareholders. The threat of imprisonment serves as a material (but not perfect) deterrent to bad behavior by executives. We learned recently, for example, that compromised employees at Twitter are being prosecuted for aiding Saudi Arabia’s tracking of dissent. Companies are obligated to generate returns for their shareholders and despite the well-publicized examples of companies who forget this, most know that breaking the law has material negative consequences. Open source blockchains, however, have no management to hold accountable, are subject to no legal jurisdiction and have no shareholders to report to. An individual, company or state actor with sufficient resources can attack or attempt to manipulate governance for their own ends with no legal consequences. When there is an open source will its governance or, that of the layer on which it is built, prevent it from being vulnerable to manipulation?

Off chain blockchain governance falls into two broad categories:

  1. Core group of individuals

2. Trusted/expert council

If the Magna Cara was the starting point for the protection of citizens’ rights, Bitcoin governance is of course the place to start with regard to blockchain. Governance in Bitcoin oversees code updates and decisions like increasing the block size. The Bitcoin Core development team led by a few well known developers operates in loose consensus and proposes changes. Only when a change is accepted by a majority or super majority of the miners (depending on the change) is it implemented. The strength of this system is that two key constituents must agree on changes — the Bitcoin Core team and the miners. While just a few miners control the vast majority of hash power, theoretically making collusion possible, to date their incentive in having Bitcoin trusted has been sufficient to prevent corruption. Is it invulnerable? No. At a price of $100,000 will collusion be more tempting? It is hard to say.

Ethereum, Stellar, Ripple and many others are governed in a similar fashion but with more formality that includes a foundation. A foundation sounds like an altruistic mechanism, but digging deeper, many of the foundations are in fact controlled by several key people known as ‘benevolent dictators’ making them actually quite centralized. With regard to Ethereum, for example, any developer can submit a code update proposal, but to have it implemented, the Ethereum foundation is highly involved in coordination, and of course Vitalik, the benevolent dictator, exercises substantial weight. As in Bitcoin, the miners need to accept the updates proposed by the foundation and in the case of the DAO hack, many miners did not agree with the Ethereum Foundation’s update and the network forked. Stellar is also governed by a non-profit Foundation but the board all is appointed by Jed McCaleb; another benevolent dictator. These founder-dictators have the appropriate incentives both in terms of economics and reputation and seem very hard to corrupt, but they are single point of failure, and what will eventually replace them?

The newest model is that of a trusted council, first proposed and implemented by Hedera Hashgraph and later copied by the Libra Association. The council oversees management, and via subcommittees, approves the technical road map, sets budget and pricing and addresses legal and regulatory issues. But a council only addresses the shortcomings of a foundation if the members are not all appointed by one person or entity, if they are term limited, and if they are organizations, not individuals. If one entity can appoint the members, the potential for centralized influence exists. The Libra Association hasn’t recognized that term limits are critical to prevent the formation of an entrenched cartel with interests that diverge from the best interests of the network. Even though EOS block producers can be voted out, they have been criticized for acting against the best interests of the EOS network. Alleged corruption in the voting-based EOS block producer selection process, vulnerable to cartel-like behavior as seen in the Huobi leak, further demonstrates the vulnerabilities of voting models.

Institutions are important to have as members because, on average, they are less subject to corruption than individuals. Certainly institutions can be influenced, but the larger the company, and the higher the value of their brand and reputation, the less likely they are to take risks. And we have seen companies in highly regulated industries such as payments quickly driven out of the Libra Association. Clearly that isn’t positive, however, as the larger the company, the more subject to government regulation, and so for a robust council, it is critical that the companies come from a wide variety of geographies and sectors to reduce the influence of any particular government. Even with the largest firms, state actors could try to exert influence, but for diversified council, anything short of a globally coordinated state effort would likely encounter resistance. Besides geography and jurisdiction diversification, diversity of sectors is important to prevent collusion among companies with a common interest that differs from the network. The twenty five percent representation of venture capital firms in the initial Libra Association is a large, homogeneous voting block that seems likely to be driven by their own value maximization. Finally, the governing members must take their role seriously, set the agenda and properly exercise their oversight responsibility. Management dominance, especially in an excessively diversified or inexperienced council, is a vulnerability to good governance.

On chain governance models will always be vulnerable to large, economically insensitive actors, and benevolent dictators do not live forever. If we want to build our distributed ledger future on the strongest possible foundation, governance must involve multiple entities with more than money at stake. No system is invulnerable, but the trusted council that can attract a diverse group of high profile companies with term limits is the most protected against corruption and external influence. Building on the Magna Carta’s check on unlimited and arbitrary authority, we must rely on systems that are architected to prevent any party from dominating — whether the tactics be physical or economic.

Building a decentralized world; founder, advocate, former President Hedera Hashgraph