Open-Source Operational Risk and Public Blockchains Angela Walch Associate Professor St. Mary’s University School of Law Research Fellow UCL Centre for Blockchain Technologies New Context Conference, Tokyo July 26, 2017 1 UCL CENTRE FOR BLOCKCHAIN TECHNOLOGIES
Main Questions • How do common practices from “grassroots” open source software generate operational risks for public blockchains? • Are these risks ok for critical systems? July 26, 2017 A. Walch, New Context Conference 2
How We’ll Proceed • Look at how operational risks are handled in existing critical systems, using financial market infrastructures as an example. • Discuss how common practices from grassroots open source software generate operational risks for public blockchains. July 26, 2017 A. Walch, New Context Conference 3
What are Financial Market Infrastructures? • Financial market infrastructures are “multilateral systems among participating financial institutions…used for the purposes of clearing, settling, or recording payments, securities, derivatives, or other financial transactions.” (Federal Reserve). • They include “payment systems, central securities depositories, securities settlement systems, central counterparties, and trade repositories.” (Federal Reserve). • These systems allow us to keep track of who owns (and owes) what. • FMIs ongoing functioning is critical to financial stability. July 26, 2017 A. Walch, New Context Conference 4
What is Operational Risk? The risk that deficiencies in information systems or internal processes, human errors, management failures, or disruptions from external events will result in the reduction, deterioration, or break-down of services provided by the [financial market infrastructure]…includ[ing] physical threats, such as natural disasters and terrorist attacks, and information security threats, such as cyberattacks. Further, deficiencies in information systems or internal processes include errors or delays in processing, system outages, insufficient capacity, fraud, data loss, and leakage. (Federal Reserve) July 26, 2017 A. Walch, New Context Conference 5
Principles for Financial Market Infrastructures Principle 17: Operational risk: An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to have a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. (PFMI 2012). July 26, 2017 A. Walch, New Context Conference 6
Principles for Financial Market Infrastructures (cont.) Principle 2: Governance: An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. (PFMI 2012). July 26, 2017 A. Walch, New Context Conference 7
Principles for Financial Market Infrastructures (cont.) Principle 3: Framework for the comprehensive management of risks: An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. (PFMI 2012). July 26, 2017 A. Walch, New Context Conference 8
What is Grassroots Open Source Software? • Emerges from software developer community. • Contrasted with ‘corporate’ or ‘sponsored’ open source software. • Source code is available to all. • Anyone can fork it to improve or modify it. • Examples are Linux, Open SSL, Bitcoin. July 26, 2017 A. Walch, New Context Conference 9
Decentralized, Undefined Governance • No official responsibility/accountability to keep software operational. • No one is the official “decider.” • Unacknowledged Centralization of Power – Unaccountable – Unchecked • Lead to Paralysis/Delay in fixing code. July 26, 2017 A. Walch, New Context Conference 11
Problematic Funding Model • Grassroots OSS development generally uncompensated. • Inadequate care of critical OSS projects? – Heartbleed / Core Infrastructure Initiative / Mozilla’s SOS • Bitcoin had luxury of low-stakes youth. • No one is low-stakes now. • Experiments in funding: – Pre-sales, Tokens, ICOs. – Private Companies / Sponsorships • Conflicts of Interest? How stable is funding source long-term? Are consumers protected? July 26, 2017 A. Walch, New Context Conference 12
Forks • Possible Outcomes: – Peaceful coexistence of old and new – Old die – New dies – Contentious coexistence of old and new • Consequences significant for Public Blockchains – Embed and transfer actual value – Serve as authoritative record of events July 26, 2017 A. Walch, New Context Conference 13
Real World Examples • March 2013 Hard Fork – Different versions incompatible. – 2 ledgers. – Human Coordination to fix (requiring ALTRUISM) • Bitcoin Block Size Debate – Political Question Not just technical. – Paralysis because consequences so extreme. – SegWit fix? • Ethereum’s July 2016 Hard Fork – Ethereum & Ethereum Classic 14 A. Walch, New Context Conference July 26, 2017
Lessons Learned • New software releases fractured networks. • Fixing forks may need human coordination. • Core devs/Miners/Exchanges wield a lot of power/influence. • Risk of forks Paralysis. • Upper-level apps can impact underlying blockchain. • Humans aren’t perfect. Neither is code. • Competing Blockchains are possible outcome of fork. – Which is legitimate? – If embed critical records, which is “correct”? July 26, 2017 A. Walch, New Context Conference 15
Chained Together • Magnified software risks for structures atop public blockchains. • Community commits to staying together for system to have value – 1 authoritative record. • Each potential hard fork like binding secession referendum. – If don’t go with majority you’ve seceded. – Build your own! July 26, 2017 A. Walch, New Context Conference 16
Reflections • Undefined governance, problematic funding, and forking chance create operational risks for public blockchains. • As practices are tweaked, risks change. • Very different from how we operate current critical infrastructures, such as FMI’s. – Clear governance. – Comprehensive risk management. – Identifying and mitigating operational risks. • Broader Implications -- think about use of grassroots OSS practices in other critical systems? July26, 2017 A. Walch, New Context Conference 17
angelawalch
kobayang
unclejoe
kmwebnet
shinrinakamura
.png){kind=icon}
3playmarketing
line_developers_tw
picardparis
.png){kind=icon}
pharma_x_tech
autifyhq
mottox2
codmoninc
devopstaiwan
jnunemaker
jonrohan
bryan
addyosmani
akmur
lauravandoore
carmenintech
eileencodes
jakevdp
caitiem20
revolveconf
kastner