Engineering Trust with Charles Hoskinson

in bitshares •  3 years ago  (edited)

Charles Hoskinson just published a blog article entitled Some History, Some Musings and My Take on the DAO which I really liked for some reason - even though it gave me a bit too much credit.

It invoked our original concept of a Decentralized Autonomous Company (DAC) which we conceived as a robotically honest platform that was incorruptible. Our goal was to spawn systems that no human could be seduced or coerced into overriding its covenant behaviors. There was no expectation that they would start out completely autonomous, but by the time we pronounced them networthy and cut the tether to them there was supposed to be no turning back. After all, the ability to fix their mistakes is the ability to corrupt them.

But I've worked on nearly two dozen "autonomous" air, ground, sea, space, and cyberspace systems in my lifetime and precisely none of them was fully autonomous. It turns out that system owners really don't like to be ignored all that much.

Mostly we just want to be able to trust them to do the right thing when we are not looking. An autopilot is nice. It lets you go get a cup of coffee now and then. But they have an "off switch" for a reason. Even the Project Mercury spam-in-a-can ballistic trajectory bound astronauts still wanted to be called "pilots". I think NASA may have even given them a placebo joystick to fiddle with.

So, we shouldn't expect that all blockchain applications will be fully autonomous. They just need to be trustworthy. And there are many ways to engineer that trust that may involve a hybrid combination of man and machine.

I recently waxed eloquent on the subject at

Engineering Trust

Humans, in general, cannot be trusted. We can trust some of the people all of the time and all of the people some of the time but, since we never can really tell which is which, we try hard not to trust anyone any of the time.

Unfortunately, unless we want to carry all of our wealth around with us (and trust others not to rob us or ourselves not to lose it) we wind up having to trust others to look after it, like it or not. The best we can do is spread our wealth out among several of the least untrustworthy custodians (in our expert opinion) and hope for the best.

Since being trusted with Other People’s Money is a lucrative business, a lot of effort is spent trying to come up with systems and processes that are more trustworthy than the sum of their parts. This is an art more than a science.

For example, put physical gold bullion in a safe deposit box with two keys held jointly by four security-bonded close relatives sealed in a steel vault with two combinations and an atomic clock timer that only opens on Wednesdays at noon under a big concrete nuclear-hardened bunker with guards and laser motion sensors surrounded by an 8 foot electric fence at the bottom of a shark infested ocean on the dark side of the moon – with a convenient back door for use only by the bank and the government (if absolutely necessary).

But all that costs money, so you replace the gold coins with paper and then replace the paper with electronic ledger entries which you encrypt and back up with triply redundant dissimilar, fault tolerant, decentralized Intel® processors accessible only when three people on different continents supply the right three-factor-authentication cryptographic signatures within a small time-out period on Wednesdays at noon – with a convenient back door for use only by the bank or the government (if absolutely necessary).

Then you layer marketing on top of that. You see, it’s not good enough (or even necessary) to do all that work if you can just make your customers believe you are the most secure. So you move into an expansive suite on the top floor of the tallest skyscraper in a big city and insist that all your employees wear suits with monogrammed gold cuff links while you put up a nice glitzy web site and advertise how many customers you have demographically, consisting mostly of People Just Like You who have happy and attractive families of 2.5 perfect but otherwise ordinary multi-ethnicity children enjoying their worry free leisure activities with a little four letter Seal of Approval in the corner that indicates their funds are protected by draconian regulations and “insured by an official sounding private cartel that might be the government” – with no need for that bank or the government to ever use their convenient back doors (unless absolutely necessary).

Today’s digital currency solutions are a lot like that. You’ve got to have a blockchain with cryptographically entangled records certified to be correct by a large number of computers (often controlled by a much smaller number of people) running software that makes it easy for everyone to detect if anyone is cheating and requiring most of them to agree that the one selected to sign each record did it right using binary applications downloaded from an official web site where everyone assumes everyone else has looked at every line of source code to make sure that there are no convenient back doors that will never be used by the developers or the government (unless absolutely necessary).

But, since the average consumer cannot tell which of the many traditional and cutting-edge options available to them today are actually trustworthy, most wind up picking something that merely sounds good or has been suggested to them by somebody else who they, ahem, trust.

Is there a Turing Test for Trustworthiness?

Alan Turing, famous for giving us the phrase “Turing complete”, may be even more famous for his artificial intelligence “Turing Test”: If a person can’t tell the difference when texting with a black box containing a human and another containing a computer, the computer can be said, in some sense, to be able to think.

The average consumer is no more able to look inside the complex “piggy banks” that offer to protect her wealth than she can look inside one of Turing’s black boxes. There is no way she is going to analyze the difference between “proof of work” or “proof of stake” any more than she can examine the ambiguous relationships between big institutions and the faceless miscreants who allegedly regulate them. Whether the core of a piggy bank is manned or unmanned, if you expand black boxes that surround them enough they will eventually contain the corruptible humans that built, operate, and tell you how safe they are. Manned and unmanned piggybanks are indistinguishable to the average consumer.

So she winds up needing a “Turing Test for Trustworthiness”. She can’t tell what’s going on inside any manned or unmanned piggy bank she is considering. Like every new human she meets, she must observe them from the outside and decide how much to trust them by the results they produce. Like trees, she “knows them by their fruits. Grapes are not gathered from thorn bushes nor figs from thistles. So every good tree bears good fruit, but the bad tree bears bad fruit.”

Typical Bad Fruits

Bad fruits might include confiscating depositor funds ala Cyprus bail-ins, changing banking laws so that bail-ins are the new normal, seizing funds before someone is proven guilty, placing capital controls on how much of your own money you can move or withdraw, abolishing cash so negative interest rates can be enforced more easily, printing money from nothing and giving it to your friends to spend first, spending the same funds multiple times, designating deposits as unsecured loans to be paid back only if there is any money left, and giving less and less service at ever increasing costs.

What might good fruits be?

Well, how about complete transparency in where a customer’s money is? How about actually paying decent interest earned from 100% income producing assets backing a currency instead of fractional reserve debt? How about tolerating no inflation, ever. Maybe some, or even all, of the profits could be transparently invested into humanitarian projects for the good of mankind. How about building the system that enforces its promised behavior with open source software running on a neutral public platform independently operated by the people most trusted by those who are using the currency? How about increasingly better levels of service rather than being increasingly more stingy and restrictive? How about encouraging competition and freedom of choice?

None of these things can guarantee what’s actually inside the heart any given black box. In the end corruptible humans run them all. But the more good fruit we see coming out of one, the more willing we might be to trust it with our own money!

Some trust governments to be honest referees.
Some trust big companies, celebrities or brand names.
Some trust science. Some trust religion.
Some trust robotically honest unmanned software.

We engineer trust.
We want the public to trust what we engineer.

What does this all tell us about what we should engineer next?

HINT: It's probably not Autonomous.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

I like where this is heading :)


Great post. Supposedly in the vast number of cases where astronauts are piloting landers they intentionally disable the autonomous controls, but it's not necessarily just so they can feel like they're in control. They are trained to know what the autonomous controls are good at, what the programming was designed to do, and what conditions it was *not* designed for. The pilot has to respond to current realities, the engineer who designed the code was doing so often years in the past based on what he *thought* conditions would be like. I would argue that despite our technology's seeming sophistication, our dynamic with it has yet to change whatsoever. The Model T was autonomous in that you didn't have to use your legs or a horse in order to move forward. When we automate processes that enables us to do other things at the same time and realize that there is more that we want to do with the technology we have automated. As the "automatic" functions in the automobile grew more expansive and sophisticated the more we realized  we could do with it. Perhaps automating driving with free us to focus on enabling the cars to fly. 

Agreed, the only reason general aviation is still in such a primitive state is due to regulations that can't keep up with the progress of automation. Autonomous systems will prove to be much safer as they begin to become a staple in society (this will quickly be followed by our obsolescence). Thanks for the great read.

There is fully autonomous and partially autonomous. Fully autonomous could only work if you have an absolute ability to trust the code. All Turing complete undecidable code has the potential to be buggy, which means all programming languages which produce smart contracts of that type are black boxes. Engineers know this and I'm sure you know this. Unfortunately the general public doesn't and so they believe you can trust bugged code to be reliable when in reality it's a black box.

Making bug free code is non-trivial. It's not impossible because NASA and others do it. It's what powers pacemakers, self driving cars, autopilot in planes, and more. These are not likely to be powered by Ethereum though and never by Solidity as it is now. People asking for autonomous are trusting their lives with the code and people demanding immutability aren't understanding what that could mean when code is protecting lives directly or costing it.

You would not believe the number of unmanned air vehicles and space probes I've seen lost due to Murphy's Law for Unmanned Systems:

"There is always one more bug."

Working with blockchains is much better.  The shame of a hard fork pales compared to the shame of a smoking crater on Mars.

  ·  3 years ago (edited)

People asking for autonomous are trusting their lives with the code and people demanding immutability aren't understanding what that could mean when code is protecting lives directly or costing it.

Trusting their lives with a smart contract code?? Who wants to trust their life with a smart-contract? Smart contracts are not meant to "protect lives directly". That's the point - use a smart contracts reasonably and within their limitations and be aware that things might go wrong.

Actually, there are products that do kill people and still we choose to use them. Cars have the ability to kill and injure people. Whenever I choose to drive I take a little bit of risk of seriously and irreversibly hurting myself (even due to no fault on my side) but still millions of people every day choose this little amount of risk to get a bit of convenience and fun in return.

The same applies to smart contracts. Just make sure that everybody is properly informed about the risk, but let people make the choice and then bear the consequences of that choice. Smart contracts can be immutable and thus not fully reliable, and still widely used, just as cars are. Let the user decide if he wants a safety net or not. If you want a safety net - stick to the legacy system, if you want to enjoy your freedom (and bear the responsibility) - use a smart contract. By adding a hard-fork option to a smart contract, we end up recreating what we already have - we introduce a third party which has the power to intervene. It's no longer a peer-to-peer relationship.

One of your best posts, Stan. I really enjoyed reading it.

May somebody explain to me why is it still cases like MtGox, clearly not an implementation according to Bitcoin paper, referred as failures somehow attached to Bitcoin Protocol?

I would avoid taking seriously anyone who is still arguing that centralized crypto-exchanges' failures are failures of the crypto currencies protocols...

Implementations like #bitsquare or #OpenLedger are inline with the envisioned future. Anything else is just past mentallity disguised as "new" and "fresh".

Do people serve the blockchain or does blockchain serve the people? This is the question to ask.
Bitcoin is more autonomous than Bitshares and as a result it has less efficiency or adaptability. Both serve different purposes though with Bitshares being a decentralized exchange while Bitcoin is a cryptocurrency. The human in the loop is a safety precaution because without it if things go too far you'll be the remote controlled human slave to the blockchain mining for life for a block reward which is could be a chemical release from your brain chip right to the dopamine centers of the brain.

Who wants to be the blockchain controlled human? If people don't want that then it's obvious that the blockchain exists to serve people.