Experiments in Algorithmic Governance
The following is an excerpt of an academic article [PDF] I wrote detailing why The DAO failed, and why other DAOs and blockchain technologies might also fail. In a nutshell, lack of an appropriate governance structure and plan, and insufficient recognition of the challenges of building new social models doomed The DAO. When building new blockchain platforms, one ought to plan for these eventualities.
This chapter describes a short-lived experiment in organizational governance that attempted to utilize algorithmic authority through cryptocurrency and blockchain technologies to create a social and political world quite unlike anything we have seen before. According to the visionaries behind the project, by encoding the rules of governance for organizations and governments in a set of “smart contracts” running on an immutable, decentralized, and potentially unstoppable and public blockchain, new forms of social interactions and order would emerge. This experiment was an example of a new form of organi-zation, called a “Decentralized Autonomous Organization,” or DAO. The forms of sociality that would emerge—they promised—would be transparent, efficient, fair, and democratic.
While the idea of decentralized autonomous organizations had been mooted since the early days of cryptocurrencies, the launch of sophisticated block-chain platforms with built-in programming interfac-es gave enthusiasts a practical, technical apparatus to realize their vision. Foremost among these emerging blockchain platforms was Ethereum, a so-called distributed “Turing-complete” computer. The Ethereum platform is new and expanded version of the Bitcoin system in that it adds a layer of software on top of a blockchain. Like Bitcoin, Ethereum is also comprised of decentralized “mining” computers, but whereas the Bitcoin miners primarily authenticate transactions, the Ethereum miners authenticate and run executable code.
It seemed like decentralized autonomous organizations would finally get their day in 2016, when a design built on the Ethereum platform emerged from a small blockchain company called Slock.it. Earlier, in June 2015, Slock.it begun development of a decentralized autonomous organization frame-work, accepting contributions from the open source software community. By March 2016, a large community had begun to form around the open source framework, and Christoph Jentzsch of Slock.it pub-lished the corresponding whitepaper on March 15, 2016 (Jentzsch, 2016). The community formed through the Slack messaging service initially, and then launched an online forum independent of Slock.it, calling themselves DAOhub, which was co-founded by Felix Albert and Auryn Macmillan, and joined by a core team of six other members. Slock.it was sympathetic and encouraging of the DAOhub, and wanted their design to become a “standard” for future decentralized autonomous organizations to build on. In April 2016, the DAOhub community appointed 12 “curators,” backing the project with the imprimatur of industry heavyweights, including Vitalik Buterin himself, the wunderkind and inventor behind Ethereum.
The very model of simplicity, a mere 900 or so lines of software source code, this design was given the placeholder name of “The DAO.” The DAO was intended to allow cryptocurrency “investors” to directly fund and manage new enterprises—all to be run on the Ethereum blockchain. Because The DAO was backed by Ethereum, complex business logic could be programmed, and once set in action, the organization would be virtually unstoppable. The blockchain would ensure that all business transactions and organizational changes would be immutably recorded on a public ledger authenticated and controlled by a large, decentralized network of computers. Moreover, because the organizations spawned by The DAO were directly funded through digital token-holding “investors,” each organization would be, in-effect, directly managed by its investors, as per the investment stake of the individual (i.e., those investors who contributed more tokens would get a correspondingly larger number of votes on organizational decisions). No need for messy and inefficient human negotiation—so it seemed!
The DAO was launched on April 30, 2016, at 10:00am GMT/UTC (by several “anonymous” submissions associated with DAOhub, who executed the open source bytecode on the Ethereum blockchain), with a set funding or “creation” period of 28 days (A2be, 2016). As the funding period came to a close (concluding May 28, 2016), The DAO went live with the equivalent of about $250m USD in funding, breaking all existing crowdfunding records. Some 10,000 to 20,000 (estimated) people invested in The DAO, contributing 11,994,260.98 Ethereum tokens (known as ether, or ETH), which amounted to about 14% of the total ETH supply. However, shortly after the minimum two week “debating” period, on June 17, 2016, The DAO’s code was “exploited” by an unknown individual. This exploit used unintended behaviour of the code’s logic to rapidly drain the fund of millions of dollars’ worth of ETH tokens. Immediately, Slock.it, the leaders of the Ethereum platform, numerous crypto-currency exchanges, and other informal technical leaders stepped in to stem the bleeding—shutting down “exits” through the exchanges, and launching counter-attacks. It is at precisely this point that we see the vision of future governance structures break down, and devolve into traditional models of sociality—using existing strong ties to negotiate and influence, argue and disagree—all with nary a line of code in sight. In the end, the whole project was disbanded, with an inglorious “hard fork” rolling back the ostensibly “immutable” ledger.
In the months leading up to the post-funding, launch date of The DAO, numerous community members expressed worry about the security and governance of The DAO. One community member called it an “experiment in responsibility,” and, in general, it was becoming clear that Slock.it might not be the safe shepherd the community had hoped for (Ryan, 2016). The most pressing and vocal critique came from cryptocurrency researchers Dino Mark, Vlad Zamfir, and Emin Gün Sirer, who released a whitepaper on May 26, 2016 (when The DAO was launched but in the static “funding” period), outlining eight possible security risks (Mark et al., 2016). Although these security risks were based on game theory issues, rather than actual code bugs, given the status of these researchers in the field, and the unexpected success of The DAO’s funding stage, their call for a temporary “moratorium” was well supported in the community. Nonetheless, Stephen Tual, founder and COO of Slock.it (who had taken on a de facto corporate messaging role), assured the community that such concerns would be addressed, and that there was no need for panic. Later, in conversations with both Tual and Jentzsch, they expressed concern to me that between the unexpected success of the launch, the DAOHub’s quasi-control, and their de facto lack of control, The DAO was becoming a fearsome worry.
Between June 5th and June 9th, 2016, another issue was discovered—a technical bug this time, called a “race to empty” attack—just days before the first activities of The DAO were to begin (2016). To address the rising tide of security issues, and to reassure an increasingly worried public, on June 13, Tual issued a statement about a 1.1 software update to The DAO framework, which had been in the works for “over a month” (2016a). This updated version purported to address the game the-ory issues identified by Mark, Zamfir, and Sirer (2016), as well as technical fixes for other issues, including the “race to empty” attack. However, during this time, Tual was also increasingly vocal that Slock.it did not “own” or “run” The DAO—a fact they had begun emphasizing as The DAO grew relatively large and wealthy—motivated to keep their role as hired contractor distinct from the ostensibly leaderless DAO framework. Because of the algorithmic governance structure, Tual reported to the community, the needed technical fixes (supplied for the most part by Slock.it) could not be implemented until a) The DAO token holders affirmatively voted for an upgrade (after a proposed two-week community review), and b) Ethereum miners approved and implemented the change.
Meanwhile, as the Slock.it team was preparing the version 1.1 update and trying to move it through the community governance process for upgrading, the “race to empty” attack was out in the open. This exploit would enable an attacker to utilize the “split” function to exit the DAO while repeatedly calling a function to withdraw funds before the bal-ance could be updated. The attack had been tested by a similar (but much smaller) DAO project called “MakerDAO,” which confirmed that it was execut-able, and had alerted The DAO developers about the security risk. On June 12, just prior to his prepared statement about the launch of the version 1.1 update, Tual issued a statement about this security risk, insisting that “no funds were at risk” (a statement that, while technically true, he later regretted), and that the forthcoming 1.1 software update would address this exploit (2016c).
With ostensibly no funds at risk, and little true control over the platform at this point, the Slock.it and DAOHub teams pressed forward, insisting that The DAO would stick to its original schedule, but that they might reconsider moving forward with new features and improvements until after “the deployment of a DAO Framework 1.1,” which was supposed to fix existing security issues (2016c). Slock.it and community members thoroughly vetted the by-now immutable code, looking for the “re-entry” bugs that had been previously identified, and found none. Besides, in theory, all The DAO funds were safe anyways, at least for the time being, due to built-in debating periods for proposals and creating new child DAOs, and a seven-day delay window for the withdrawal-like “split” action (Christoph, 2016). Therefore, Slock.it argued, token holders—malicious or otherwise—could not immediately exit The DAO. Accounting for all of the various built-in delays, the earliest date token-holders could exit with their funds was July 15, 2016. In the end, no dates would be pushed back; The DAO launched with the 1.0 framework and an upgrade path to 1.1 software (requiring community approval and re-view).
On June 17, 2016, an unknown “attacker” launched a “race to empty” exploit that was similar to the one that had been previously identified, and began draining The DAO of funds (in the end, 3,689,577 ETH, or about 30% of the total,). The first warning came from a Reddit community member, “ledgerwatch,” who wrote, “I think TheDAO is getting drained right now” (ledgerwatch, 2016b). Within hours, Ethereum Foundation member George Hallam roused key Ethereum developers and other pertinent members of the community to an internal Slack communication channel (some of whom were already well into a Friday night). The members confirmed the attack and started to strategize. Knowing that the attacker would want to convert the “stolen” funds into “traditional” currency, the assembled group contacted several individuals in charge at the major exchanges responsible for trad-ing ETH, and strongly requested that these exchanges halt trading. Worried that shutting down trading would cause panic and reputational damage, and potentially suggest fiduciary malfeasance, some exchanges resisted such a drastic action, but with $250m USD and an existential crisis for the entire Ethereum platform on the line, the major exchanges eventually relented. With nowhere to go, and counter-attacks in place, the attack relented and the funds were effectively “frozen” for the time being (due to the built-in security delay required for child DAOs and “splits” from The DAO). At this point, long-term strategies were discussed, blame was placed (the community excoriated Slock.it, and especially Tual), and a countdown clock for a solution was started.
The DAO provides a compelling and rich snapshot of unrealized dreams, visions of new worlds, and quotidian struggle. Because The DAO ended in disaster, the results also speak to literatures on crisis and the governance thereof. Specifically, I am drawn to Samman’s analysis (2015) of crisis and historical imagination, which conceives of crisis as both over-determined and indeterminate. In the case of The DAO, there were numerous internal contradictions that overdetermined a single narrative history, and The DAO remained indeterminate because it was shuttered before long-term dynamics of governance could be further explored. Moreover, as a moment of crisis, the experimental goals that The DAO originally set out to achieve have yet to be brought to fruition. Therefore, assessing the governance of The DAO, and seeking sensible solutions and options for addressing risk (see Saurwein et al., 2015), remains a significant challenge.
Of the many potential themes that emerged in the complex discourses on The DAO, I identified three related to issues of governance: legal authority, practical governance, and the experimental nature of using algorithmic systems for distributed action.
Legal authority is now a well-known “issue” in the cryptocurrency and blockchain world. For years, strong (idealistic) proponents of blockchain tech-nology have advocated that “code is law.” In the academic literature, this articulation of “code is law” has been described as a form of “algorithmic authority”—first identified by Clay Shirky (2009) and then later Frank Pasquale (as “automated authority”) (2011), among others. In much of this literature, in direct opposition to the idealistic proponents of blockchain technology, the concept of algorithmic authority is characterized critically, as tantamount to the biopolitical technologies that go about un-known by, and against the interests of, its subjects (Introna, 2016).
Lustig and Nardi (2015) characterize the Bitcoin community’s beliefs about legal authority through the lens of algorithmic authority. In their analysis, they identified a complex array of views on algorithmic authority, and they found that according those in the Bitcoin community, the presence of algorithmic authority is not uniformly negative. Similar views about the role of algorithmic authority were also found in the discourses on The DAO. As I mentioned above, the person who purportedly exploited The DAO also wrote a letter to the community, arguing from this very position of algorithmic authority—that he or she “rightfully claimed 3,641,694 [sic] ether” by exploiting a “feature” of The DAO that was designed to “promote decentralization” (‘The Attacker’, 2016). Others in the community were also sympathetic to this view (despite sometimes being in a position to potentially lose a significant number of valuable tokens due to this very model of legal authority).
Therefore, rather than simply adopt a critical, normative position when assessing the community discourses on algorithmic authority, I reference a model of algorithmic authority in terms of its governance relations (Campbell-Verduyn et al., 2017). Using this model, I argue that the forms of algorithmic authority present in the discourses on The DAO properly exist in a continuum—as governance through algorithms, governance with algorithms, and governance by algorithms.
Those attuned to formal understandings of law will likely find the notion of algorithmic authority—as exemplified by the argument put forth in the attacker’s letter—galling and borderline humorous. As though intent could not or does not play an important role in law, or that a Terms of Service Agreement (which the attacker also cites) could trump common sense and legal process. Nonetheless, the concept of algorithmic authority crystallizes a point that many in The DAO community held—The DAO was supposed to represent a turning point in legal authority, where code really does form a new legal regime. For example, “IAMnotA_Cylon” (2016) argued that “Ethereum worked exactly as intended,” and “Polycephal_Lee” (2016) argued that the exploit was “the protocol working as it was written.” On the other hand, “UntamedOne” (2016) argued that “we don’t live in this idealistic cryptoanarchy world yet” (emphasis added). For those in The DAO community, many (but certainly not all) saw The DAO as a realization of new form of legal authority. Nonetheless, the subsequent ex-ploit also helped expose the tensions necessarily pre-sent in the space between algorithmic and existing, juridical legal authority.
Some members of The DAO community expressed concerns about this tension. Early on, these voices also included Slock.it’s, which attempted to balance this legal tension by rhetorically distancing itself from fiduciary involvement of The DAO, seemingly for fear of legal reprisal (and many community members picked up on this maneuvering). A clear example of the latent tensions between utopia and reality was expressed by Tual in an early blog post (March 1, 2016), entitled “DAOs, or how to Replace Obsolete Governance Models” (2016b). This blog post announced the coming realization of a practical technology for “anyone, anywhere in the world to set up a Decentralized Autonomous Organization” (later known as The DAO), which included the proviso that “if you create a DAO... [using our software] you will be responsible for its operation” (Tual, 2016b). Somewhat more skeptically, others noted that The DAO nonetheless involved “real people” (ledgerwatch, 2016a), which may or may not be able to “legally own assets” given the unique structure of ownership under existing law (Dunning_Krugerrands, 2016). Showing concern for the ways that existing legal authority might impinge on their collective experiment, taxes, regulation, and liability were also frequent points of conversation in the community.
Many members of The DAO community saw their experiment as embarking on a new legal world, and devised strategies to make this world a reality. Reddit community member “ledgerwatch” (and later, the individual to first discover The DAO exploit), thought that “the necessary legal framework” for The DAO could be “grown bottom up... [from] within the current legal system” (ledgerwatch, 2016a). This individual then invoked Lex mercatoria, or medieval merchant law, as a model for how The DAO might find its legal footing within the existing legal system (ledgerwatch, 2016a). Presumably, medieval merchant law was a suitable model on account of its rough-and-ready and pragmatic way of dealing with legal issues (medieval merchant law sat outside of more formal legal processes). For The DAO, this kind of pragmatism became a form of real governance, as seen in the views of those community members who believed the post-exploit hard fork was an example of pragmatic, good governance.
On the continuum of governance made possible by algorithmic technologies, practical governance (or governance of algorithms) is a key issue facing society today. The existence of autonomous weapons, self-driving cars, and, of course, The DAO, all throw into relief the challenge of socially integrating these technologies, through forms of risk management, internal design and development, market solutions, industry self-regulation, and state and government regulation (Saurwein et al., 2015).
Once the exploit of The DAO took place, the previously existing ideals of algorithmic authority held by The DAO developers and supporters were thrown into disarray, and the project entered crisis mode. Slock.it and others attempted to assure a nervous public that the exploit did not threaten any funds and that it was “business as usual” (in the end, no funds were actually stolen) (carloscarlson, 2016). Some of these community members saw the exploit as an expensive lesson in “real life” (“Let the DAO burn” wrote “GeorgesTurdBlossom,” 2016), or perhaps one that would motivate further development in security for decentralized autonomous organizations. Others, however, thought that a solution lied in the realization that, despite ideals and heaps of rhetoric about decentralization and immutability, good governance was flexible and pragmatic. For instance, some argued that this was a “maturing of the ecosystem” (Floersch, 2016) or a “rite of passage” (Sirer, 2016). For these individuals, which included Buterin, a hard fork was an obvious choice when faced with an existential crisis of this nature (vbuterin, 2017).
In these discussions, the issue of “centralized” governance emerged in parallel to factions in the community. Hardliners saw Buterin’s and the Ethereum Foundation’s support of a hard fork as tantamount to the bank bailouts following the 2008 global credit crisis. “DonaldCruz” wrote, jokingly, “good thing we have a central authority to come to the rescue when shit hits the fan” (DonaldCruz, 2016). And “Eldakara” wrote, “Ah..[sic] So decentralized protocols come with centralized bailouts now” (Eldakara, 2016). By accepting “centralized” governance in the form of a hard fork, instead of sticking with flawed but pure algorithmic authority, “itworks123” believed it was “like saying we should delay democracy until things are ‘perfect’’ (it-works123, 2016). On the other hand, many community members pushed back against this logic, perhaps motivated by saving their personal investment stake in The DAO, or perhaps by a thicker sense of the social embeddedness of technological systems. Summarizing this position, “DavidMc0” wrote, “decentralized doesn’t need to mean static, stupid, or powerless against attackers” (DavidMc0, 2016).
An important part of the model of practical governance for The DAO rests on the view that it made a break with past forms of governance and that the exploit merely highlighted the ways that reality had not yet caught up to these new models. Looking toward technical developments that would create forms of algorithmic authority enabling a more robust and nuanced mode of governance, “reddit-bsbsbs” writes: “we can argue about full decentralization and autonomy post Serenity” (redditbsbsbs, 2016). Here, “Serenity” is the name of a point in the Ethereum development roadmap, but tellingly, also a rhetorical emblem of an imagined state of affairs, when algorithmic governance reaches peace and serenity.
Experiments in distributed action
From the earliest days of The DAO, many community members acknowledged that the enormous complexity of decentralized and algorithmic governance required a new kind of experimental “science” (dm1n1c, 2016) to map the “uncharted territory” The DAO was entering (laughing__cow, 2016). This new science was understood as, and promised to be, governance by algorithms. Bringing to light this science of society, however, required both a pioneering spirit and a new model of distributed ac-tion.
This logic and rhetoric of “experiment,” “confusion,” and “newness” pervaded discussions about how action could be coordinated using a decentralized technology platform. Summarizing the tension between a sound “investment” and a “recipe for chaos,” one Reddit member noted that this kind of collective action is “dependent on an experimental, first-of-its kind DAO platform” (xxeyes, 2016). The DAO was also surprisingly complex in terms of coordinating actors, with vigorous debates about the role of Slock.it, curators, developers, miners, the Ethereum Foundation, and the community of token holders. When the collective “community is in charge,” people worried, where do rights and duties fall (cubefriendly, 2016)?
Coordinating interests and actions across a range of actors with often very different incentives is a central challenge to designing many decentralized in-formation communication technologies, including the Internet. The development of The DAO, as a model for future decentralized autonomous organizations, was an ideal site of exploration for experimenting with these incentive structures. One of the key actors in this regard is Vitalik Buterin, who has demonstrated a sophisticated, if at times blinkered, view of incentive and distributed action. In his online writing, he has come up with numerous game theoretical models to assure honesty, compliance, and other means for distributed action, which in turn, can be instantiated in algorithms to produce authority and governance. Buterin’s emerging and much-lauded “Proof of Stake” algorithm (replacing the now, much maligned, “Proof of Work” algorithm originally used in Bitcoin) is one such direct result of this kind of musing. Perhaps because it is so amenable to implementation in technical systems (a form of “computationalism;” Golumbia, 2009), rational actor and game theory have become key ways of modelling complex social properties in blockchain and cryptocurrency systems.
The exploit of The DAO, however, inevitably be-lied much of this sophisticated theory. The exploit shone a light on the shortcomings of these assump-tions, or at least, reminded the actors of the enormous complexity of socially-embedded systems. It was believed that action could be coordinated through technology, or at least enhanced by it, with the application or operationalization of games or bets. Beneath the methods of coordinating action, however, The DAO relied on a model of human behaviour and social constitution notionally based on liberal ideologies, where humans act as rational, self-interested, and untrusting agents (see Reijers et al., 2016; Scott, 2014). Inevitably, however, when gov-ernance of The DAO deviated from the expected course of events (those modelled in game theory by the designers), the social actors fell back to traditional strong network ties. In doing so, governance of The DAO discredited its ideological underpinnings, and even exposed a worrisome lack of managerial prowess that would typically use forms of rationalizing behaviour drawn from risk management or crisis mediation.
The resolution of the exploit, through the eventual and final hard fork, was ultimately a hurried private discussion among known individuals, and bore little resemblance to theoretical modes of incentivizing and distributing action (see Hallam et al., 2016). Despite The DAO’s experimentation, operationalizing algorithmic governance in society still requires awareness of implied and undeclared social goods (Levy, 2017), and any future design will need to contend with these challenges.
Full article, with references, is available at iqdupont.com [PDF]