Attack of the 50 Foot Blockchain
Page 13
Permissioned blockchains
Exposing all your business data and back-office machinery to the whole Internet is obviously silly. So the next move was permissioned blockchains, for approved users only.
There are various consensus models, or ways to choose who gets to write the next block. Bitcoin-style competitive Proof of Work is stupendously wasteful. Most permissioned blockchains use something else, typically various forms of just agreeing to take turns, because trustlessness in practice is hugely inefficient, and a bit of trust saves vast amounts of wasted effort.
But even then, a “permissioned” blockchain is otherwise known as “the most inefficient possible centrally-administered database cluster.” All proposals I’ve seen in the course of researching this chapter, if they turned out to do anything useful, could gain immediate performance improvements by just moving to a conventional centralised database.
You already work with other people and companies. Industry consortia, standards groups and so on are well-tested models. Blockchains do not offer a better way to do this.
An August 2015 blog post from Vitalik Buterin discusses “public”, “consortium” and “private” blockchains. Bitcoin and Ethereum are “public” blockchains.377 This comment chain on the post concisely summarises the innovations the private blockchain brings:
Andrey Zamovskiy: Let’s just admit that blockchain is simply a new type of replication algorithm for a database cluster. That’s it.
Vitalik Buterin: Correct. Plus Merkle trees. The Merkle trees are actually important.
Andrey Zamovskiy: Merkle trees have not been invented with bitcoin, they’ve just got an adoption.
Of course, one use case is that a “private blockchain”378 or “mutualized database structure”379 might sound less suspect to anti-trust authorities than a “cartel”. And the desire to get out from under the gimlet eye of regulators post-2008 attracts the more adventurous sort of financial firm looking for a suitable “dark pool” of liquidity.380 The next economic disaster courtesy irresponsible speculation is hardly going to cause itself, after all.
In practice, financial institutions talking up “Blockchain” are envisaging a private permissioned blockchain, with only well-known participants, and only as open as regulators require.
Beneficiaries of business Blockchain
The market for selling buzzwords to upper management has done very well with “Blockchain,” which is vastly superior to “cloud computing” or “NoSQL” in not being verifiably any particular sort of product whatsoever. Which means it can be any product, at least hypothetically.
People selling buzzwords to venture capitalists have benefited similarly. There’s been about $1.5 billion in venture capital spent on Bitcoin-related ventures up to February 2017, which have so far returned zero;381 the word “Bitcoin” is now a red flag to venture capitalists, so a quick terminology shift is most useful.
Any business that involves records or logs of any sort can quickly add the word “blockchain” to improve its marketability and further the all-important press release churnalism and “Ten Hot Startups” listings to back its flimsy promotional Wikipedia entry.
Even if your product has nothing to do with blockchains, you can talk about blockchains to suggest people use your thing instead while they’re waiting for blockchains that work.382
Non-beneficiaries of business Blockchain
A keen prospective market is end users who want efficiency savings and will even look into magical flying unicorn ponies to see if they can get them. None of these have found any in blockchains.
The most prominent current attempt is the Australian Securities Exchange (ASX) testing a blockchain-based replacement for its 24-year-old back-office settlement software; they’re working with Digital Asset Holdings, so this might actually involve a blockchain proper. Many of the claims are pure hype, e.g., they appear to have been sold the pup “instant transaction clearance,”383 and their customers are already deeply unhappy that the ASX are not proposing something that talks a more industry standard protocol.
“We think if we can get this right, we can get very close to real-time settlement. You should be able to sell shares at your desk right now and walk to the nearest ATM to get your money. That is our mission,” said then-CEO Elmer Funke Kupper. Such short block times are unlikely to be sufficiently secure for a system with serious money in it, far outweighing the comparatively piddling amounts in Bitcoin or the DAO, and with a concomitant level of hostile attacker; it is possible that Digital Asset Holdings did not outline this problem to him.
Funke Kupper resigned in August 2016 after a bribery allegation; the new CEO has said he’s staying the course,384 but has also punted the decision into the long grass.385
Real businesses don’t in fact want the world seeing all their transactions, which is where the idea of private blockchains comes from. As IBM found out after starting Hyperledger, all manner of businesses – financial institutions, beef industry, shoe brands, confectioners – don’t want to share data even with all participants in their blockchain, but only with the people the specific deal is actually with.386 387 388 This was apparently news to them. It turns out that IBM set up an elaborate hammer design consortium without first finding out if there are nails.
“Blockchain” products you can buy!
With so many people waving money and shouting “SELL ME A BLOCKCHAIN! WHATEVER THAT IS,” several companies have come forth to offer something using that word and fulfilling at least a few of the less outlandish claims.
This is easier than you might think, since the actually good bit is the tamper-evident ledger, and we already have working examples which are useful for real things (e.g., Git) with no need for the sillier aspects of blockchain-style decentralisation.
The examples remain instructive, particularly in comparison to Bitcoin or Ethereum:
Accenture: Accenture offer the one thing customers who actually have money want from a blockchain: centralised administration and a way to edit the ledger when necessary. You might think that this is literally the opposite of the standard blockchain value proposition since the invention of Bitcoin, but Accenture probably have a better track record of big-ticket sales. They mention The DAO as an excellent worked example of why this is needed.389
Microsoft: Azure Blockchain as a Service promises public, consortium or private blockchains, with any consensus algorithm you like, definitely reaching public release status with at least some of the promised features some time soon maybe. You will be able to write smart contracts in Solidity, offering all the advantages of that language that we’ve already seen with The DAO.390
Hyperledger: IBM offer the IBM Blockchain, based on Hyperledger. Hyperledger.org is a corporate open source Potemkin village of the sort IBM has long favoured: the illusion of an open project, with no “there” there. I spent half an hour dredging the site and could not find one clear statement of what this software is actually intended to do, let alone differences from and similarities to existing blockchains. Even Bitcoin blog CoinDesk notes: “Among the doubts facing Hyperledger is a perceived lack of clarity on what might be ultimately produced by the initiative.”391
If you click long enough, you’ll find a page where the participating companies have dumped their unfinished blockchain experiments.392 The main code contributor is Digital Asset Holdings; their joining announcement (on their own site, not hyperledger.org) gives as technical details only that Hyperledger is an append-only ledger and has an actual Bitcoin-style blockchain in it.393 (Digital Asset Holdings was founded by Blythe Masters, pioneer of the credit default swap, the financial instrument behind the global financial crisis of 2008 that may have provoked Nakamoto to finally release Bitcoin.)
Sawtooth Lake: Intel’s contribution to Hyperledger.org replaces the blitheringly stupid and wasteful Proof of Work with something equally stupid but less wasteful, Proof of Elapsed Time,394 which might as well be called Proof of Buying An Intel CPU. Rather t
han have miners compete to produce the next block, a timer running in an environment secured by a DRM mechanism built into your Intel CPU picks if you get to do the next block. The white paper is an extended advertisement for Intel® Software Guard Extensions™ (SGX™). Also, they only have a simulated Proof of Buying An Intel CPU mechanism as yet.
This doesn’t provide any security against malicious participants, on the logic that private blockchains need speed over security. You might think that at that point you don’t need a blockchain at all, but you’re hardly going to sell any consultant hours with that sort of thinking.
Chain Core: Software to run a permissioned private “blockchain”. It solves the secure distributed consensus problem in an obvious and sensible manner: blocks are generated only by designated official core nodes.395 Distributed consensus is so much simpler if you don’t distribute it. 2016 press stories that Visa was using it in the real world were in fact forward-looking versions of Visa’s press release that they were planning a pilot programme for 2017.396
R3 Corda: The R3 Consortium’s Corda Distributed Ledger Designed for Financial Services is the most sensible of all these approaches: after careful consideration of the fact that the Bitcoin-style blockchain was expressly designed to be the direct opposite of what large paying customers with money want, their “Blockchain Product” does not, in its default configuration … contain a blockchain.397
UK Government Office for Science: “Distributed Ledger Technology: beyond block chain”
The UK’s Chief Scientific Adviser, Sir Mark Walpole, released a report in January 2016, “Distributed Ledger Technology: beyond block chain,”398 which caught some attention at the time, as an official government publication concerning the issue.
The report’s existence suggests high-level interest, but it is not a good report and won’t inform you in any manner – it was literally written by the companies and consultants selling blockchain and smart contract hype, the overview buys the hype wholesale with fantastic claims of present-day capabilities that are not true of any existing blockchain, its “case studies” are largely hypothetical and it has way too many typos for a report anyone cared about at any stage. It reads like an end-of-term assignment written in a single desperate overnight caffeinated tour de force. The accompanying video399 is vastly improved if you imagine it being narrated by Philomena Cunk.
The meat of the report is a complicated plan to put all UK welfare spending on a single blockchain, purchases only being possible through a DRMed smartphone, for the purpose of fine-grained monitoring of spending habits. The noteworthy thing about this plan is how there is nothing feasible about any aspect of it.
The report’s recommendations are largely generic, the important one being that the government should run local trials involving blockchains. None of these have shown up in the ensuing months, but there may be opportunities for sale and ongoing maintenance contracts on technology that can’t possibly ever work properly.
Chapter 12: Case study: Why you can’t put the music industry on a blockchain
The recording industry has suffered nearly two decades of crisis, after the 1990s CD boom petered out and the Internet proceeded to turn the entire world of human communication upside down. The musicians themselves are no happier. In an instructive worked example of Blockchain hype in one industry, both sides have heard the word “blockchain” and wonder if it could be their saviour.
Jeremy Silver of Digital Catapult quotes Mark Meharry, CEO of MusicGlue, as calling “blockchain” the “worst case of smoke and mirrors” that he has seen in an industry which “specialises in self-deception”. Nevertheless, the wants and needs behind music industry blockchain dreams are worth exploring.
The rights management quagmire
Any piece of music has many intertwined rights. There’s the copyright in the music and the words, the copyright in a given recording of the song, the right to reproduce a recording mechanically, the right to public performance, the right to broadcast, the use of a recording in a film or video, whatever rights are involved in streaming – still a subject of much negotiation – different laws in different countries … and these get even more complicated when there are samples of previous works involved.
Keeping track of all of this is a huge amount of labour-intensive back office faff. The systems are creaky, haphazard and ill-maintained. All the incentives are not to fix it, because that would mean more efficient payouts.
The back office can be horrifyingly slapdash. Real example: one US rights management operation specialising in an obscure subgenre which turns out to be used in a lot of movies. Their accountants had to first keep running, then later emulating, 32-bit operating systems because the company’s custom software was written in the DOS era. The majority of payments in the subgenre were stalled for three weeks in 2014 as the accountants waited on a back-ordered 32-bit Windows 7 PC, because a software rewrite (or even just running it in DOSbox) was vetoed by the company’s owner. Now multiply this by an industry.
Even ASCAP, a membership-based nonprofit collection society, for a long time consigned the job of paying people properly to the “too hard” basket – they would collect performance fees from all venues, but would only pay performance royalties to the top 200 grossing tours that year; indie musicians were literally subsidising the biggest rock stars.400 This only changed after widespread negative publicity.401
If the money funnel gets at all complicated, the agencies often just give up and hand the artist’s money to a large company. Real example: a US-based songwriter is a member of ASCAP. Their song sells a download in Japan. The shop pays the local agency, JASRAC, for public performance. JASRAC splits the money as 30% public performance and 70% mechanical royalties – an arbitrary split varying per country. JASRAC takes 15-25% for administration and passes the rest of the 30% public performance to ASCAP. If you or your label don’t reach out and claim the 70% mechanical, it’s split per total market share between the major record labels locally. Each step of the process involves months of delays and is almost impossible to audit.
This can become a point of competition. Music services company Kobalt, for example, have cut a swathe through the industry in the past few years with a data-driven approach that pays musicians relatively fast.402 (And has no use for blockchains.) SoundExchange works similarly.
Getting paid for your song
The artist, of course, gets paid only after everyone else’s cut, if at all.
Then there’s whether as an artist your deals concerning these rights are even fair. And the bit where you try to extract the money that is owed to you from large companies, and their offices around the world.
There are various agencies that offer to handle all of this for you, because there’s never been a shortage of helpful people keen to intermediate between you, the artist, and the prospect of money. So along come companies promising to do this on a “blockchain” using “smart contracts” that can’t be weaseled out of and will pay you in less than a year. It sounds almost too good to be true!
The record industry’s loss of control and the streaming apocalypse
The record companies’ fundamental problem is that they no longer control studio access, pressing plant access or distribution – you can record on a laptop and sell your music online, or just give it away. Anyone on the whole Internet can be an artist, and you’re in direct competition with all of them. And the marginal cost of a copy is zero, and your customers know it.
There’s a lot of bitterness and resentment – the record industry blames Apple and Google for the fact of technology, even though all of this could have been reasonably anticipated in the late 1980s from the existence of the early Internet and psychoacoustic lossy compression (the basis of MP3). Their response to every new technology since the cassette has been to try to strangle it in the crib. Their consistent strategy concerning the Internet, the greatest revolution in human communication since the printing press, has been to try to hobble it.
They tried to stop piracy with Digital Rights Management (DRM), which bred massive consumer resentment and meant that piracy literally gave listeners a better product than the paid version. This peaked with the Sony rootkit malware fiasco of 2005, where if you put a CD into your PC, it would install a hidden software backdoor that blocked CD ripping, phoned home to Sony and left new security holes for other malware to use.403 And DRM can’t possibly work in the first place – you can’t give someone the lock and the key, then keep the key secret from them forever. No DRM that end users wanted to break has ever stayed unbroken.
The income levels of the 1990s CD boom turned out not to be a law of nature, and streaming has seen people move their music listening from CDs to something very like radio – much as when radio sent US record sales from 100 million in 1930 to 6 million in 1932.
(And there was a depression then, too. The music industry lives entirely off people’s discretionary income, which is highly sensitive to consumer confidence. When times are tough, attitudes are hard.)
The record business has no idea how to deal with the Internet, and there seems no obvious solution. This is like catnip for snake-oil salesmen: desperate people with money to spend. Perhaps “blockchains” will fix it!
Berklee Rethink and blockchain dreams
The blockchain hype went public in July 2015 with “Fair Music: Transparency and Payment Flows in the Music Industry,”404 a report from the Rethink Music initiative at the Berklee College of Music’s Institute for Creative Entrepreneurship.