Open Source Operational Risk and Public Blockchains

Open Source Operational Risk and Public Blockchains

Presented at New Context Conference, sponsored by Digital Garage, in Tokyo on July 26, 2017.

594dd1efdecf5b4b5305f6d859a3c0a2?s=128

Angela Walch

July 26, 2017
Tweet

Transcript

  1. Open-Source Operational Risk and Public Blockchains Angela Walch Associate Professor

    St. Mary’s University School of Law Research Fellow UCL Centre for Blockchain Technologies New Context Conference, Tokyo July 26, 2017 1 UCL CENTRE FOR BLOCKCHAIN TECHNOLOGIES
  2. Main Questions • How do common practices from “grassroots” open

    source software generate operational risks for public blockchains? • Are these risks ok for critical systems? July 26, 2017 A. Walch, New Context Conference 2
  3. How We’ll Proceed • Look at how operational risks are

    handled in existing critical systems, using financial market infrastructures as an example. • Discuss how common practices from grassroots open source software generate operational risks for public blockchains. July 26, 2017 A. Walch, New Context Conference 3
  4. What are Financial Market Infrastructures? • Financial market infrastructures are

    “multilateral systems among participating financial institutions…used for the purposes of clearing, settling, or recording payments, securities, derivatives, or other financial transactions.” (Federal Reserve). • They include “payment systems, central securities depositories, securities settlement systems, central counterparties, and trade repositories.” (Federal Reserve). • These systems allow us to keep track of who owns (and owes) what. • FMIs ongoing functioning is critical to financial stability. July 26, 2017 A. Walch, New Context Conference 4
  5. What is Operational Risk? The risk that deficiencies in information

    systems or internal processes, human errors, management failures, or disruptions from external events will result in the reduction, deterioration, or break-down of services provided by the [financial market infrastructure]…includ[ing] physical threats, such as natural disasters and terrorist attacks, and information security threats, such as cyberattacks. Further, deficiencies in information systems or internal processes include errors or delays in processing, system outages, insufficient capacity, fraud, data loss, and leakage. (Federal Reserve) July 26, 2017 A. Walch, New Context Conference 5
  6. Principles for Financial Market Infrastructures Principle 17: Operational risk: An

    FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to have a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. (PFMI 2012). July 26, 2017 A. Walch, New Context Conference 6
  7. Principles for Financial Market Infrastructures (cont.) Principle 2: Governance: An

    FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. (PFMI 2012). July 26, 2017 A. Walch, New Context Conference 7
  8. Principles for Financial Market Infrastructures (cont.) Principle 3: Framework for

    the comprehensive management of risks: An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. (PFMI 2012). July 26, 2017 A. Walch, New Context Conference 8
  9. What is Grassroots Open Source Software? • Emerges from software

    developer community. • Contrasted with ‘corporate’ or ‘sponsored’ open source software. • Source code is available to all. • Anyone can fork it to improve or modify it. • Examples are Linux, Open SSL, Bitcoin. July 26, 2017 A. Walch, New Context Conference 9
  10. Grassroots OSS Practices Create Operational Risks for Public Blockchains Governance

    Funding Forking July 26, 2017 A. Walch, New Context Conference 10
  11. Decentralized, Undefined Governance • No official responsibility/accountability to keep software

    operational. • No one is the official “decider.” • Unacknowledged Centralization of Power – Unaccountable – Unchecked • Lead to  Paralysis/Delay in fixing code. July 26, 2017 A. Walch, New Context Conference 11
  12. Problematic Funding Model • Grassroots OSS development generally uncompensated. •

    Inadequate care of critical OSS projects? – Heartbleed / Core Infrastructure Initiative / Mozilla’s SOS • Bitcoin had luxury of low-stakes youth. • No one is low-stakes now. • Experiments in funding: – Pre-sales, Tokens, ICOs. – Private Companies / Sponsorships • Conflicts of Interest? How stable is funding source long-term? Are consumers protected? July 26, 2017 A. Walch, New Context Conference 12
  13. Forks • Possible Outcomes: – Peaceful coexistence of old and

    new – Old die – New dies – Contentious coexistence of old and new • Consequences significant for Public Blockchains – Embed and transfer actual value – Serve as authoritative record of events July 26, 2017 A. Walch, New Context Conference 13
  14. Real World Examples • March 2013 Hard Fork – Different

    versions incompatible. – 2 ledgers. – Human Coordination to fix (requiring ALTRUISM) • Bitcoin Block Size Debate – Political Question  Not just technical. – Paralysis because consequences so extreme. – SegWit fix? • Ethereum’s July 2016 Hard Fork – Ethereum & Ethereum Classic 14 A. Walch, New Context Conference July 26, 2017
  15. Lessons Learned • New software releases  fractured networks. •

    Fixing forks may need human coordination. • Core devs/Miners/Exchanges wield a lot of power/influence. • Risk of forks  Paralysis. • Upper-level apps can impact underlying blockchain. • Humans aren’t perfect. Neither is code. • Competing Blockchains are possible outcome of fork. – Which is legitimate? – If embed critical records, which is “correct”? July 26, 2017 A. Walch, New Context Conference 15
  16. Chained Together • Magnified software risks for structures atop public

    blockchains. • Community commits to staying together for system to have value – 1 authoritative record. • Each potential hard fork like binding secession referendum. – If don’t go with majority  you’ve seceded. – Build your own! July 26, 2017 A. Walch, New Context Conference 16
  17. Reflections • Undefined governance, problematic funding, and forking chance create

    operational risks for public blockchains. • As practices are tweaked, risks change. • Very different from how we operate current critical infrastructures, such as FMI’s. – Clear governance. – Comprehensive risk management. – Identifying and mitigating operational risks. • Broader Implications -- think about use of grassroots OSS practices in other critical systems? July26, 2017 A. Walch, New Context Conference 17
  18. Angela Walch angelawalch.com Twitter: @angela_walch awalch@stmarytx.edu UCL CENTRE FOR BLOCKCHAIN

    TECHNOLOGIES