Security

Why a fully trust-less view of blockchain is dangerous for business

Blockchain is all about replacing trust with software. For non-developers, this could be a terrible idea.

In a blockchain utopia, society (and economic transactions) work precisely because no one has to trust anyone else anymore. But the truth is that trust is actually the foundation for modern society and economies, and blockchain doesn't eliminate the need for trust, but merely shifts trust from people, and the institutions they create, to software.

Yes, software. What could possibly go wrong?

Oh, you mean that software

Before you get too comfortable with the idea of software ruling the world, imagine, for a minute, that you're not a developer. Or imagine that you're not as good a developer as the person on the other end of that blockchain. (You're not. Trust me.)

To better understand why this matters, True Link Financial founder Kai Stinchcombe first explained how contracts work in our existing system, using a book transaction as an example:

In the traditional system, once you pay you're hoping you'll receive the book, but once the vendor has your money they don't have any incentive to deliver. You're relying on Visa or Amazon or the government to make things fair—what a recipe for being a chump! In contrast, on a blockchain system, by executing the transaction as a record in a tamper-proof repository not owned by anyone, the transfer of money and digital product is automatic, atomic, and direct, with no middleman needed to arbitrate the transaction, dictate terms, and take a fat cut on the way. Isn't that better for everybody?

SEE: What is blockchain? Understanding the technology and the revolution (free PDF)(TechRepublic)

Well, it's certainly better for those who can write software. Why? Because for the software-inclined, "When the novelist proposes the smart contract, you [can] take an hour or two to make sure that the contract will withdraw only an amount of money equal to the agreed-upon price, and that the book — rather than some other file, or nothing at all — will actually arrive," Stinchcombe wrote. Sure, you may not have to trust the bookseller, but you do have to trust the software that governs the transaction. If you don't, you have to verify.

And, as it it turns out, verification is hard. Stinchcombe continued:

Auditing software is hard! The most-heavily scrutinized smart contract in history had a small bug that nobody noticed — that is, until someone did notice it, and used it to steal fifty million dollars. If cryptocurrency enthusiasts putting together a $150m investment fund can't properly audit the software, how confident are you in your e-book audit? Perhaps you would rather write your own counteroffer software contract, in case this e-book author has hidden a recursion bug in their version to drain your ethereum wallet of all your life savings?

Ouch. That doesn't sound like a blockchain utopia, in large part, as Stinchcombe concluded, because "It's not trustless, you're trusting in the software (and your ability to defend yourself in a software-driven world), instead of trusting other people."

In other words, guaranteeing the integrity of a transaction becomes more fraught with peril in a blockchain world, not less. It's easier for most of us to establish trust with a vendor than it is to become software experts capable of verifying the software involved in a transaction.

Trust matters

For the crytpo-crowd, this is the point, as Stinchcombe called out: "Instead of relying on trust or regulation, in the blockchain world, individuals are on-purpose responsible for their own security precautions. And if the software they use is malicious or buggy, they should have read the software more carefully."

Even the companies behind crytpocurrencies like Ripple rely on old, trust-based systems for managing their operations. Why?

Because trust-less systems are a supremely dumb idea.

SEE: IT leader's guide to the blockchain (Tech Pro Research)

Two decades ago, researcher Francis Fukuyama argued that trust is the foundation for well-functioning societies. The greater the trust between people and institutions, the less the need for rules to guarantee the integrity of transactions. As Fukuyama wrote:

By contrast, people who do not trust one another will end up cooperating only under a system of formal rules and regulations, which have to be negotiated, agreed to, litigated, and enforced, sometimes by coercive means. This legal apparatus, serving as a substitute for trust, entails what economists call "transaction costs." Widespread distrust in a society, in other words, imposes a kind of tax on all forms of economic activity, a tax that high-trust societies do not have to pay.

To those who argue that our modern societies do not function well, and are not driven by trust, there's some truth to that. Blockchain, however, is not a replacement for diminished trust: It's simply a new way to assert that might makes right (in this case "might" being equal to software prowess). Savvy developers might like this idea, but it's bad for society and, ultimately, bad for those developers who, smart as they may be, will always be prey to the more canny (and less scrupulous) developer.

Should blockchain therefore be scrapped? Not at all. Let's use it to complement trust-based relationships, rather than pretend that they can be discarded.

Also see

blockchain.jpg
Image: iStockphoto/ismagilov

About Matt Asay

Matt Asay is a veteran technology columnist who has written for CNET, ReadWrite, and other tech media. Asay has also held a variety of executive roles with leading mobile and big data software companies.

Editor's Picks

Free Newsletters, In your Inbox