A fundamental proposition of the blockchain economy and Web 3.0, is to eliminate, as much as possible, the need to trust counterparties and intermediaries. Is it actually possible to eliminate the need for trust, in fact a fundamental mechanism in human interactions? How likely is it that this vision will materialise and who would benefit from such a vision?
Key features of a new possible and hypothetical global digital economic system are
- Trustless consensus based on mathematical, cryptographic algorithms and engineered incentive systems replacing partially the trust between individuals and towards companies, brands, institutions;
- Immutable (encrypted) records of all digital and part of our non-digital interactions;
- Transparent, open-source smart contracts that automate a vast amount of economic transactions that currently require human interaction and are partly driven by social dynamics.
Likely (but not necessary) corollaries of these features are
- Hyperbolic increase of analysable data;
- Increased monitoring by governments and regulators of regional and global economic and social activities (at the same time potentially more anonymous);
- New business models providing economic incentives to users in order to grow a platform;
- Decentralised autonomous organisations (DAOs) on a global scale taking over the role so far played by corporations, blurring geographical boundaries.
Let us think about it more in detail and compare our current system with the hypothetical future that may be implied by a blockchain system based on cryptographic guarantees.
Trustless consensus and decentralisation go hand in hand. One of the key features of blockchain systems is that they use a consensus mechanism to validate transactions, to validate information provided by participants in the system, instead of trusting a central authority. You may want to do it for two reasons at least: you may not want to trust a central authority, simply because you believe it is not trustworthy; or you want to have an alternative in order not to rely on that authority (for example a big bank or Google or Facebook) that would otherwise gain too much bargaining power and use that power to charge too much or force you to provide certain information you don’t want to provide.
This concept can be extended to pretty much everything, including information: instead of relying on what your favourite news service says, or your trusted financial data provider delivers to you, we may rely on consensus mechanisms to obtain information and data. The consensus mechanism provides mathematical guarantees on the reliability of the information. Instead of relying on a brand or a respected journalist, you would rely on mathematical formulas and economic incentives that are designed (and supposed) to align your interests as a data consumer with those of the data provider. While it is a de-humanisation of information, it frankly also has some theoretical value: if we can create an economic incentive that would generate a loss for the information provider in the case of a fake news or incorrect data, that provider would do some more research before writing an article. Think how much information we can access and how much of it people end up trusting without ever analysing objectively who is a reliable source of information and who is not based on their actual track-record. Or think of the LIBOR manipulation scandal in the realm of finance.
At least in theory, a well-designed trustless (or minimum-trust) consensus mechanism could facilitate more meritocratic choices, putting more weight on objective quality metrics vs. traditional brand and marketing strategies. In fact, this could be a game changer for established businesses that are stronger on the marketing side than on the quality of their products and services. The mitigating factor for this is that consensus mechanisms that rely on staking or collateral may still discriminate based on capital.
Immutability is something we are not really used to and something that is, at least apparently, contrary to European law such as GDPR with its right to be forgotten. Technically, this apparent inconsistency might be solved by cryptography for example so-called Zero-Knowledge proofs.
The consequences of immutability of a blockchain are, apart form the operational aspects that are mostly technical in nature, strategic and even philosophical.
Immutability may increase the cost of trying, of taking risk, expressing views, because one might create an eternal liability – if not a financial one, a reputational one. Would someone express the same strong political views if she knew that the article will always be available to everyone in the world? Would someone starting a business in an emerging sector with unclear regulatory boundaries take certain regulatory risks if he knew that certain transactions will be eternally stored on a blockchain and potentially searchable by algorithms?
On the other side, data for research purposes might be available to everyone forever, opening up previously limited possibilities for (real) artificial intelligence. We can only dream of the kind of discoveries that humanity could achieve with such infrastructure.
Forgetting things is not always a curse, quite the opposite: it is sometimes a survival strategy that is part of the cognitive tools we developed over millions of years of evolution. While encryption is a powerful tool to bring something back from a “digitally conscious” to a “digitally unconscious” state, encryption works until a new technology is available to crack it, so nothing is ever 100% safe. What will be the psychological consequences of not being able to forget?
There is clear value to be extracted from an immutable and vast amount of information, in particular for regulators, governments and data-centric companies. It is absolutely not clear however, that there is value in it for the average person and that this would be, net-net, in the average person’s best interest.
Transparency and decentralisation vs. convenience
An often-heard example made by proponents of Web 3.0, including leading crypto-evangelists like Gavin Woods, is the need for users to trust how services like Facebook or Google handle personal data, and the practical impossibility for people to actively read, understand and completely consciously agree to the long and legalistic disclaimers of such services. In practice, one needs to trust the companies behind these services. It is often argued that they do not live up to the expectations of their users.
An idealised web 3.0 with open-source, auditable code that can be reviewed by anyone, would be a transparent alternative with no need to trust in the sense that anyone can see what is done by the smart contracts. One question, if I may – how many people would actually be consciously reading the code behind the smart contracts?
Let’s even assume that coding in 20 years will be just a basic skill that anyone will learn at school. Even then, lots of people from older generations would not be able to understand what is going on – not much of an improvement vs. long and legalistic disclaimers. Even if we were all proficient in coding, how many people would be willing to audit code before using a service?
I strongly believe that people should understand better what they do, in my case with a focus on their financial decisions, but let’s face it: this is simply against human nature and only a fraction of human beings are 1) curious and inquisitive enough to and 2) have time to spend on analysing in detail every decision they are making and the facts behind the decision.
From a psychological point of view, trust is a heuristic that makes our decision-making more efficient. If we remove trust, life becomes highly inefficient. We avoid certain disappointments, but we have to work much harder when we make decisions. The art is to find the balance between trust and scepticism.
The idealised transparency of Web 3.0 implies that open-source software becomes the rule, making enforcement of intellectual property rights at a global level even more important than before. It should facilitate competition and companies (or DAOs) will need to compete in terms of ecosystem and user incentives, also through tokens.
Automation, robots vs. humans
In our day-to-day, we don’t only have to trust Facebook (Meta) or LinkedIn (Microsoft) or Gmail (Google) and their disclaimers. When we deposit money with a bank, we have to trust that they won’t do excessively stupid things or take excessive risks. How many people know the credit rating of their bank? How many people look into their banks’ financial reports to check their capital ratios? I am pretty sure that’s not too many, even among those who have more cash deposited than what is insured.
Say I am a bank lending money to my clients for leveraged investments. I have to perform detailed due diligence, have models in place to measure risk and collateral, but I also need to trust in certain cases the judgement and behaviour of my staff and my clients. Think of the Archegos margin calls in 2021 that led to billions of losses for (some of) the banks that were lending to Archegos.
Would an automated, cryptographic, collateral protocol avoid such situations? It could, if well programmed and well modelled. It could also reduce operating costs by automating partially manual processes. But it could still fail, because any model is subject to model risk, any code can contain bugs or vulnerabilities, the latter potentially exploited by hackers. Just like we have seen major failures by financial institutions, we have seen major failures by blockchain protocols leading to hundreds of millions of losses. And the blockchain economy is still a fraction of the global financial system.
There is value in the idea, but we need to be aware that we may just shift certain risks away from certain humans (e.g. bankers, insurance underwriters, pension fund managers) and into the hands of other humans (developers).
Still what a combination of automation, blockchain-based systems and smart contracts could achieve is a better global monitoring tool for the global, not only national, financial system. This makes the whole idea of financial protocols based on smart contracts, running on blockchains, an interesting and valuable proposition in the long run. Traditional banks and other financial service providers may very well continue to exist and prosper, as long as they are sufficiently agile to adapt technologically to the new infrastructure. While some of the largest banks have already been working on private permissioned blockchains with systems other than those provided by popular public blockchains, the Central Bank of Norway is working on a Central Bank Digital Currency project based on Ethereum.
Decentralised and permissionless vs. paternalistic
Let’s say Alice wants to send Bob a significant amount of money from her bank to Bob’s bank. Alice will rely on her bank because she trusts that the money will not be lost, and she will pay certain bank fees for that. Society as a whole trusts that both banks will have performed certain checks on Alice and Bob, to make sure (or at least reduce the likelihood) that they are not laundering money, financing terrorism, or being involved in criminal activities. There is an operating cost for all these things.
Alice could also send that money to Bob using a blockchain, say sending Bitcoin peer-to-peer with (potentially, not necessarily) lower costs and with higher privacy (no bank needs to know about the transfer). There is no need to trust the bank because there is a technical, decentralised solution that performs exactly what we need without a centralised intermediary we need to trust. There is nothing wrong with in general. However, in such a situation, there is no control performed, for the benefit of society as a whole, to reasonable ensure that the money is not being used for, or is the proceed from, some criminal activity that potentially endangers society or some specific communities and individuals. Of course, institutions can enforce controls in bad faith, for example to limit political activists. Here is where trust in the institutions plays a role and where we see the trade-off between centralised and decentralised, permissionless solutions.
I fear this is something that many DeFi supporters continue to ignore – for sure there are regulatory excesses, and sometimes people and businesses are confronted with overly complex and rigid regulations. But certain regulations exist for a good reason and may be even supported by society as a whole or at least by the majority of people, if we follow a democratic framework. Even Eric Schmidt, the former CEO of Google, despite being an advisor to a major crypto project, sounded a warning about the risks of a libertarian approach to DeFi and Web 3.0.
Let’s slightly change topic, while staying in the financial sector. We know that retail clients tend to lose money with online trading. A recent research paper on retail options trading losses by MIT and Stanford researchers is just an additional piece of evidence after other important studies done in the past. Now, this probably tells you that regulation is not achieving what it should or what it is expected to achieve. But would a global, permissionless, decentralised derivatives trading market lead to better results for retail online traders? Possible but quite unlikely. As the barriers would be lower, you would expect even less knowledgeable people playing the game, leading to overall larger net losses for retail clients as a group.
If a fundamental assumption underlying a crypto business model is that key financial (or other) regulations will be irrelevant, I would argue that such a business model is almost certain to fail in the long-term. There are situations where
- consumers should be protected from themselves and from greedy financial intermediaries;
- society should be protected from risks arising from criminal activities that operate in the local as well as global financial system
The regulatory question on how to treat Decentralised Autonomous Organisations, including their borderless nature, will be an important determinant for the future of DeFi. Even with regulatory constraints and potentially in a permissioned and regulated format, the technical value of certain DeFi protocols remains there and those protocols represent an interesting alternative to current financial infrastructure.
DAOs vs. Companies
DAOs are a complex beast to deal with. How decentralised is a DAO’s decision-making in reality if token-holders are highly concentrated? Who is liable in the case of gross negligence or fraud at protocol level? The regulation is evolving to address the DAO challenge.
Apart from the philosophical questions on how the law should treat DAOs, there are more practical questions. Governance tokens theoretically allow users to express their views and actively contribute to change. But active governance requires a lot of time and deep understanding. While the governance platforms offered by certain protocols are clearly an improvement in terms of transparency and active participations vs. the governance of listed companies, some issues remain the same. In super-democratic Switzerland we tend to have a participation rate of less than 50%, which may be linked to voting-fatigue due to the relatively frequent initiatives. We should expect a similar pattern in DAO governance – just look at the governance platforms of the most popular (and serious) tokens to get an idea of how many proposals are brought forward. Apart from the social and psychological aspects of voting, voting power can be highly concentrated, so that we don’t really have decentralised decision-making.
Most likely, even in Web 3.0, a minority would be governing the protocols. Is it much different from having a few shareholders making key decisions in a company? Theoretically anyone holding even just one share in a company could go to the shareholders’ general meeting and say what they think. It generally won’t really matter. With online governance, it will be easier to make a suggestion, but how much more likely will it be that such suggestion will be implemented? Are we just swapping the ruling by large shareholders or (especially if shareholders are too fragmented) board and management, with ruling by large token holders, like blockchain founders and VCs backing them?
I am not saying this is bad, we may argue that it is still better to have sophisticated and thoughtful experts and practitioners deciding on the protocols. But we should be realistic about the real decentralisation of decision-making in the future.
Is cryptography enough?
One idea of Web 3.0 is that instead of using multiple logins with personal data processed by companies, we could use one secret cryptographic key to access all services on the web while remaining anonymous (or pseudonymous). Instead of our username or personal details, our identity would be a (pseudo)anonymous string, a combination of letters and numbers, just like a username, ideally a very complex one.
If everything runs on blockchains containing publicly available transaction data, what will happen if someone finds out what my “anonymous” address is? In theory, they could profile me even in much more detail than is currently already done by Facebook or Google, etc. And we may have to deal with people who are absolutely not well-intentioned. Extracting value from our personal data is the business model of many companies. But pseudonymous data on a blockchain that gets mapped to a specific individual, so it is not pseudonymous anymore, exposes users to probably much more dangerous misuse.
Cryptographic technologies like Zero-Knowledge proofs will be important to protect privacy while at the same time ensuring convenience for users so they don’t need to manage dozens of private keys in order to increase privacy. But nothing is 100% secure and one should keep it in mind.
If we were relying on private blockchains to protect ourselves from the pseudo-anonymity risk, we would just go back to a centralised system, so the quality and efficiency of the cryptographic solutions on public blockchains will be a key determinant for the success of Web 3.0.
The blockchain economy is evolving very rapidly in terms of technological innovation, economic incentives, regulations and use cases. Decentralised oracle systems are a very interesting area to follow and may be at the centre of the next wave of evolution as blockchain projects need to interact with the real world to prove their potential. Technological advances like quantum computing and its interaction with cryptography are also important to determine which approaches will be robust enough to secure blockchains and personal data and comply with applicable regulations.