Tuesday, July 5, 2016

Organizing Without Organizations (and the story of the world’s biggest cash heist)

It’s an organization without a boss. No org chart, no hierarchy, no workflow plan. This may at first sound like utopian post-hippie talk, i.e. that if everyone just brings their best intentions, and their favourite casserole, that we the people can do anything. Barriers to entry be damned, business as usual be damned, best practices and all the rest be damned too. This may sound like a whole lot of antiestablishment nonsense except that we now have examples to point to such as Wikipedia, a free-to-use, high quality, written by no one in particular encyclopedia that is organized, vetted, and updated by the crowd.  Previous attempts to do the same – produce an online encyclopedia, with a combination of experts and the public had been attempted but with extremely limited success. How limited? In its first year a scant 21 articles went online, compared with Wikipedia’s 18,000 in its first year.

Design by committee, rather than bosses, VPs, and armies of the able, was the philosophy behind Nupedia, but apparently they did not go far enough. It wasn’t until the whole system was thrown to the wind and decentralization became the lay of the land that Wikipedia started to flourish, and now it is a daily destination for most of the world’s 3 billion Internet users.

The fact that with a few tweaks something like a wiki-based encyclopedia could go from a stalled, somewhat idealistic effort to a world-changing repository of knowledge may be reason for us all to have faith in other decentralized technologies.

The blockchain is one that comes to mind, and one about which I learned more at a recent Meetup. Blockchain, perhaps best known as the technology backbone of BitCoin, was looked at in an earlier blog post, as a potential solution to many of the music industry’s legacy system problems that send dollars to layers of the business that aren’t necessarily needed in today’s digitally connected marketplaces.  

The blockchain is also behind something called the DAO, which stands for decentralized autonomous organization.

Click to enlarge

The objective of the DAO, a single app running on the blockchain, is to eliminate the need for organizational decision making apparatuses, such as formal managerial positions and hierarchical structures. And note: Decentralization does not mean an absence of control, but, rather, no single person or entity is in control. It sounds kind of crazy until you think of, say, Wikipedia.

In the words of one of the Meetup speakers, Jeff Coleman of Ledger Labs, the blockchain enables “super secure, super awesome decentralized organizations that can give you more security for less work than any other system out there." 

Ledger Labs’ Jeff Coleman schools the crowd on the great DAO hack of 2016    

Coleman then walked the Meetup crowd of 100+  through the architecture of the DAO, explaining how, when a funding window in the DAO was opened on April 30th, 2016, over 10,000 people poured in about $100 million in funds, making it the largest crowdfunding endeavour in history. The idea was that it that this would be a relatively low risk investment where you could invest and withdraw funds at will.

All good. Really really good in fact, until the hack

Coleman called the hack, in which $60 million was drained from the DAO, “the largest cash heist in the history of the world”.  (As you can see lots of firsts and biggests here.) The problem, it was explained, came down to issues with the smart contracts, pieces of computer code that represent contract-like agreements between other pieces of code built on the blockchain. (I’m not a lawyer so for an actual lawyer’s perspective on smart contracts, click here.)

The short version of the story is that despite two years of due diligence, including bug bounties -- essentially crowdsourced security -- it was assumed the system was good to go. Who performed the due diligence? Not the DAO, pointed out Coleman, but the underlying platform, Ethereum.

How the Ethereum platform works
Source: https://www.ethereum.org

Coleman continued: "Thanks to this careful due diligence, Ethereum, the platform, remains uncompromised. But the DAO opted for just a few short weeks of public viewability and no serious testing, audits, or bounties, and that's why it was successfully attacked."

In other words, this wasn't a blockchain problem, but a negligence problem. If there's a problem with a single website you don't blame or impugn the entire Internet. Same thing here.

And the icing on the cake, in Coleman’s view: “It’s exceedingly likely that the attackers didn’t plan on actually getting the $60 million.” In fact, the cash is still yet to be released to the attacker, and Coleman thinks it may never be.

The moral(s) of this story? That’s hard to say, as this is a story that is only beginning to be written, and is one that changes dramatically from week to week. Not only do technologies move at unfathomable speeds and take on increasingly complex functions, but they also bring with them enormous flows of capital, and along with those flows trust invested in systems that are built and operated outside of the usual standards and structures that have formed the basis of our economy for decades.

Related Post:
Will the blockchain free music from being free?