“Blockchain technology is not as decentralized as we think,” Golden Gate University law professor Michele Benedetto Neitz wrote recently. Public blockchains are supposed to operate by consensus — democratically, if you will — but critical decisions are more often made by a very small group of ‘agents of influence’ — often core software developers.
As a case in point, Neitz referenced the infamous 2016 DAO hack, a $60 million theft that occurred in The DAO, an automated venture capital fund and side code to the Ethereum blockchain. In response, Ethereum’s seven core developers, led by Vitalik Buterin, proposed a hard fork to reverse the transaction and restore the funds.
This generated a kind of existential crisis in the Ethereum community, because according to the blockchain’s decentralized principles “all the decision making power lies within the community. Stepping in to fix this problem would have meant completely undermining that principle.” A hard fork was the eventual outcome — it was ratified by a super majority of Ether holders — creating an entirely new version of the network.
“This extraordinary remedy was created by a small group of people advocating successfully for the hard fork,” said Neitz, who went on to provide a second example of the power of “agents of influence.” In the Parity case, a bug accidentally took control of hundreds of wallets containing millions of dollars’ worth of Ether. In this instance, core developers decided against a hard fork.
In both examples a small group of individuals took control of decisions on a public blockchain, raising some difficult questions: to whom do these core developers really answer? And how does one ensure they aren’t acting in a biased manner that is neither unfair to others, nor overly generous to themselves?
Is decentralization an ‘illusion’?
Neitz isn’t the first to make this critique about public blockchains. “The development and maintenance of the Bitcoin code ultimately relies on a small core of highly skilled developers who play a key role in the design of the platform,” wrote Primavera De Filippi et. al. in 2016, calling attention to:
“…the illusion of Bitcoin as a decentralized global network”
— when, they argue, its governance structure “…in spite of its open source nature, is highly centralised and undemocratic.”
Governance is supposed to be hard wired into Bitcoin’s network infrastructure, after all — but, according to the paper “governance [actually] consists in a form of domination based on charismatic authority, largely founded on presumed technical expertise.” Block size, a critical issue with regard to Bitcoin development, for instance, is often “framed as a value-neutral technical discussion,” noted the paper, but “most of the arguments in favour or against increasing the size of a block were, in fact, part of a hidden political debate.”
In response to these concerns and others, Neitz has called for an industry-wide code of conduct for core developers in public blockchains, as well as other “agents of influence.”
Some within the open source development community itself recognize the problem. “Any core developer who does not make an honest disclosure [about possible conflicts of interest], should take a good hard look at themselves, and question how ethical they are behaving,” wrote ElectrumSV developer Roger Taylor in a blog.
A controversy erupted on Reddit several years back over Blockstream employees who were moonlighting as volunteer BTC core developers. Even though unpaid, might they favor Blockstream’s business interests over what was best for Bitcoin’s users? That Reddit post, titled “Blockstream has a very serious conflict of interest,” drew 255 comments, with one respondent writing:
“Blockstream is a for profit company. They employ many core developers. The conflict of interest is that they intend to build 2nd tier platforms on top of Bitcoin. It’s conceivable they [i.e., Blockstream-employed engineers working as volunteer BTC core developers] would want to restrict [BTC] chain capability in order to increase the profit capability of any products sold as a 2nd layer.”
Do ethics codes make any difference?
Codes of conduct are sometimes viewed as well intended but ineffectual. Assuming an ethics code were implemented within the open source blockchain community, would it do any good?
“I’m skeptical that a code of conduct would spread within the libertarian crypto communities,” Rhys Lindmark, former Head of Long-Term Societal Impact at MIT’s Digital Currency Initiative, told Cointelegraph. “I’m also skeptical that a code of conduct should be turned into law.”
“At the highest level: I don’t think codes of ethics are actually fruitful,” Quinn DuPont, author of the book Cryptocurrencies and Blockchains, explains. “I’ve done a fair bit of work studying ethics in developer communities in general and my takeaway is that they simply don’t work. But I do think conflict of interest is a serious issue in this field.” He worries particularly about “creating “open” systems that are actually developed in ways to privilege certain actors, especially in opaque ways. This is harmful for competition, to say nothing of notions of justice.”
Moreover, in a decentralized enterprise — where no one is clearly in charge — who would actually write and approve an ethics code?
“The industry itself could come together to create a set of ethical standards,” Neitz told Cointelegraph. “This industry is new enough, and small enough, that this could still happen. This is especially true in the wake of COVID-19 as the blockchain economy reorients itself to the new normal.”
ACM’s Code of Ethics
The ACM Code of Ethics and Professional Conduct, created in 2018 by the Association for Computer Machinery (ACM), offers an example of what might be developed. That code has a brief preamble, exhorting computing professionals to act responsibly and “reflect upon the wider impacts of their work, consistently supporting the public good….”
This is followed by four main sections, each with between two and nine numbered sub-items:
- GENERAL ETHICAL PRINCIPLES (e.g., item 1.2, Avoid harm: “A computing professional has an additional obligation to report any signs of system risks that might result in harm….”)
- PROFESSIONAL RESPONSIBILITIES (e.g., 2.9 Design and implement systems that are robustly and usably secure: “….Robust security should be a primary consideration when designing and implementing systems.)
- PROFESSIONAL LEADERSHIP PRINCIPLES (e.g., 3.3 Manage personnel and resources to enhance the quality of working life: “Leaders should ensure that they enhance, not degrade, the quality of working life….”
- COMPLIANCE WITH THE CODE (e.g., 4.2 Treat violations of the Code as inconsistent with membership in the ACM: “….ACM members who recognize a breach of the Code should consider reporting the violation to the ACM, which may result in remedial action as specified in the ACM’s Code of Ethics and Professional Conduct Enforcement Policy.)
ACM’s code of ethics runs to around 3,500 words overall.
Forced to pay a price?
Then there is the critical issue of enforcement. An ethics code without any “teeth” is unlikely to have much of an impact. Would developers who act in a biased manner lose their programming role — and their influence?
“Companies (or agents of influence) that violate industry-agreed ethical standards could be forced to pay a price,” Neitz said, “whether by contributing cash or tokens to an agreed ‘ethical enforcement bureau’ or charity, or by being left out of important industry events.”
“In general, I’m skeptical that legally enforcing a code of conduct is the right mechanism for change. I’d much prefer enforcing outcomes, i.e. existing laws against fraud, crime, etc., instead of prescriptively enforcing actions,” Lindmark said.
Legal enforcement could be problematic, says Wessel Reijers, Ethics Max Weber Fellow 2018-2020 at European University Institute. By contrast, “enforcement from the ‘inside’ will depend on the context of organization. Within a company using blockchain, enforcement might be straightforward because the board can implement rigorous assessment procedures. In loose, transnational communities, by comparison, enforcement will be difficult, but in those contexts more emphasis should be put on the improvement of culture, making sure that people check each-other’s behavior.”
Is a code even the best solution? “The best? I would say, no,” answered Reijers.
“I think there is no ‘one’ best solution to problems of ethics or responsible conduct in technology development.”
These problems are complex and multifaceted and require deep diagnosis and multiple efforts to address issues (e.g., this can be about remuneration practices, governance structures, communication channels, etc.), he explained.
Neitz originally envisioned a top-down code of conduct adopted by individual U.S. states as they developed laws and regulations for the evolving blockchain sector — something like lawyers’ Rules of Professional Conduct that can result in disciplinary action if violated. But a kind of competition is currently underway among states to attract blockchain enterprises, so this may not be feasible. As she said:
“Until the race for blockchain business between states is settled, no state will be willing to risk business development by enforcing a top-down code of conduct.”
As a result Neitz is now more inclined now toward a grass-roots ethical code of conduct — “although there is room for both.”
Intangible benefits
Still, even if ethics codes aren’t the ultimate solution for misconduct, they still may have benefits. “It’s valuable for the community to reflect on the ethics of its activities, the potential negative impacts it might unintentionally bring about, and perhaps more importantly the basic values that should drive its work — just collectively reflecting on these questions is valuable in itself,” said Reijers.
Rafael Becerril-Arreola, Assistant Professor of Marketing at the University of South Carolina, and co-author of the paper Blockchain ethics research: a conceptual model, told me that: “Even when they lack full enforcement, these codes help significantly by raising awareness of the consequences of unethical behavior (which many times are not obvious to everyone),”
In addition, “A code of conduct can be the legacy basis for future efforts, something that the community can build upon. This is what happens in other fields as well, e.g., medicine, where codes of conduct that have been agreed upon in the past, for example the Helsinki declaration, guide efforts in the present,” added Reijers.
Pushback from programmers?
Requiring software developers to sign a code of conduct before working pro bono on open source blockchain projects might invite a backlash, however. A code could be seen as curtailing the very freedoms that made blockchain technology a revolutionary enterprise to begin with.
“There would definitely be a backlash, or at least non-commitment, from blockchain developers,” Lindmark says. “Even if developers agreed with the code of conduct, I’m not sure how many would actively sign one and encourage their friends to do so.”
Becerril-Arreola said that backlash is a possibility, but it can be avoided if developers are involved in the process and convinced of the need for it.
“It is important to balance the interests of all parties involved and the code must take into consideration the freedom of developers but also the freedom of those who are affected by the development of the technology. To ensure the line is drawn at a place where everyone benefits, the voices of developers need to be heard too.”
Asked about the reaction of core developers, Neitz said: “I do believe that a backlash against a blockchain code of conduct would still be an issue. However, there are new movements in this field. California [recently] became the first state in the country to consider ethical issues at the earliest stage of blockchain regulation, through the Blockchain Working Group (BWG).” The World Economic Forum, too, is drafting a set of principles for blockchain users (their “Presidio Principles”) that includes ethical considerations. (Neitz, who is working with the BWG, added, “These opinions are my own and do not represent the California Blockchain Working Group.”)
History suggests that grass-roots implementation of a code of conduct for open source developers could face some hurdles. Developers, as a rule, don’t like to be told by outsiders how to do their work, and the profession hasn’t exactly been a beacon for diversity and inclusiveness.
“Gender bias pervades open source,” reported PeerJ Computer Science, a computer science science journal, adding that interviews with women in open source projects found that “sexist behavior is…as constant as it is extreme.” The Contributor Covenant noted that “open source projects suffer from a startling lack of diversity, with dramatically low representation by women, people of color, and other marginalized populations.”
One recalls, too, comments by Linus Torvalds, legendary creator and principal developer of the Linux kernel, who told Wired Magazine:
“Trying to come up with some ‘code of conduct’ that says that people should be ‘respectful’ and ‘polite’ is just so much crap and bullshit.”
The 1993 Cypherpunk Manifesto captures, arguably, the world view of at least a portion of Bitcoin’s founding generation — which may be at odds with a proscriptive document like an ethics code:
“Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.”
Who will guard the guardians?
Many professions and industries have codes of conduct, and applying a code to volunteer open source developers is really just a recognition that blockchain’s corps of core developers — estimable as they may be — are no better, no worse than others.
Indeed, as Reijers noted, “Given that human beings have certain tendencies that emerge in any field or community, it would be extremely naive to assume that the blockchain community is free of bias or conflicts of interests.”
It is perhaps time, then, to recognize the outsize influence wielded by core developers like Vitalik Buterin and ask them to sign off to the same socially responsible standards as leaders in other organizations, as difficult as that may be to swallow. The industry can no longer hide behind the illusion of decentralization.
Moreover, adopting ethical guidelines now, while the blockchain sector is in an early stage, still evolving, could also help allay public fears about blockchain technology and possibly prevent larger ethical crises from arising later on. In sum, the moment may have arrived for blockchain’s open source developers to ask, as enlightened communities have since the Roman poet Juvenal, if not earlier: Quis custodiet ipsos custodes? — who will guard the guardians?