“Central to determining whether a security is being sold is how it is being sold and the reasonable expectations of purchasers. This also points the way to when a digital asset transaction may no longer represent a security offering. If the network on which the token or coin is to function is sufficiently decentralized — where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts — the assets may not represent an investment contract.”
— William Hinman, SEC
Finding a definition
The question of what decentralisation is and how to define it has been raised again over the last few weeks due to the remarks above by William Hinman indicating that the evolution of systems from centralised to decentralised may change whether they are considered a security. These comments were likely an attempt to clarify the stance of the SEC with respect to Ethereum, given recent speculation on the matter.
A number of people have subsequently claimed that this statement was driven by the fact that a system that is significantly decentralised can’t actually be regulated. I tend to agree with them, and Bitcoin is the best example of this. The fact that Bitcoin survives today in spite of Silk Road being one of its early killer apps demonstrates this. Some may not like to admit it, but censorship resistant money will often be used to route around censorship. If you believe in the right to self determination and individual freedom then this is trivially obvious. So in spite of a significant amount of the early transaction volume being used to purchase drugs that were at the time illegal, Bitcoin was not shut down, though some governments attempted to ban it with limited success. Bitcoin’s survival is somewhat astounding given these circumstances, but it is merely a demonstration of how powerful Bitcoin’s censorship resistance is.
Let’s return to the comments by the SEC. If you are an agency tasked with regulating something that can’t be regulated, you have two options. You can dig your heels in and look incompetent when you fail to regulate it, or you can accept reality and redefine the scope of your power such that it is no longer your problem. The people running the SEC are no fools, and it seems from their statements that they have no intention of digging in and fighting an unwinnable fight. Especially as there are so many easily winnable actions available against centralised crypto platforms run by malicious actors.
So if being decentralised means you are no longer under the purview of the SEC, this begs the question: what is a decentralised system? And how do you know which systems are decentralised and which ones aren’t. Where is the line? The problem is that defining decentralisation based on the features of a system is difficult because there are numerous approaches to implementing decentralisation. The solution I propose is to frame decentralisation as a strategy, a kind of adaptive trait to resist censorship. It should be obvious from this definition that regulation is from this perspective a form of censorship.
Based on this definition, the measure of decentralisation of a system is determined by its success in resisting censorship.
It is important to note, this is not a theoretical definition — it requires empirical measurement. If you use this approach then identifying decentralised systems becomes far easier, and it also more clearly reveals the somewhat cynical reasons behind the stance taken by the SEC.
Measuring censorship resistance
So to define decentralisation we must measure how resistant to censorship a system is. Essentially we need to know how resistant is it to an attack or an attempt to unilaterally alter consensus. Or put another way, how easy would it be for an actor to prevent transactions from occuring, or to modify transactions after the fact. And in this case I don’t mean just the average actor, I mean any arbitrarily powerful actor that could interact with the system.
It should be clear that in a system with a central authority and single point of failure, it is easy for an arbitrarily powerful actor to modify or block transactions. It doesn’t even need to be the central authority itself acting malevolently, it may be an external actor that has determined a way to exploit the single point of failure to their benefit.
To illustrate this I will provide a lighthearted example. Imagine we are all in Prague later in the year, and Gav Wood, driven insane by the fact that the Parity funds are still frozen, has decided to resolve the issue once and for all. He kidnaps Vitalik and demands that EIP999 is adopted immediately — or else! This is interesting, because Vitalik does not control the Ethereum chain in any meaningful way, nor is he a central authority within the network. But he is a significant point of leverage. Many people in the community revere Vitalik, and Gav threatening him is likely to result in strong consensus and likely action. In this scenario it is not hard to image the chain being modified and the funds restored, especially since most people who can make the decision are in a single location. Even more interesting is to consider what happens after Vitalik is released. Obviously Gav flees to an island fortress somewhere, but do the funds get locked up again? This is an interesting question, and It is actually hard to say. It is certainly far less likely that we would reach consensus about whether punishment is justified in this case, especially since innocent third parties with funds locked up in the Parity multisig would lose them again. But it feels to me fairly likely that the funds would not be refrozen.
What this demonstrates is that even in a hypothetical scenario, if one actor can leverage something to get enough of the other actors in the system to act in concordance for their benefit to modify consensus, then the system is not perfectly decentralised. Of course, perfect decentralisation is not possible so long as there are any actors in the system though, so this should be expected. What is more important is establishing where on the decentralisation continuum a given system sits.
Now imagine that Gav (again an evil villain for the sake of this example) was foiled in his plot to kidnap Vitalik, and instead decides to build a nuclear weapon and hide it somewhere in London. Again it is not hard to imagine that this might result in a similar scenario where the funds are released. Now consider the same scenario with Bitcoin, where a lone actor is threatening to destroy an entire city if 1m BTC is not created in the wallet he specifies. Now, in this case it is almost impossible to imagine this being successful. There is minimal ability for actors within the Bitcoin network to reach consensus as to how to even implement this. It is probably far more likely that Satoshi would decide to move his own coins to pay the ransom, and this is vanishingly unlikely. So by this measure, Bitcoin is far more decentralized than Ethereum, at least right now.
If decentralisation is an adaptive trait that systems can employ to limit censorship and interference, then success in limiting interference is itself the best measure of decentralisation.
So when we look at Ethereum we can see that the ability for actors within the network to reach consensus and modify the network after the DAO hack is indicative of a skew towards centralisation. Similarly, the resistance to modifying the network after the parity bug is indicative of a shift away from centralisation, though it is important to note that these events are only indicative not definitive. There are numerous possible reasons for these two outcomes.
To extend this argument further and create effectively a circular definition, we can ask whether the SEC or other regulators are willing and able to attempt to regulate a particular system. If the answer is no, then we can take this as evidence that the system is decentralised enough to resist their interference. Of course this is not a static determination, because as events progress the pressure to regulate these systems may increase, so in a shifting environment there can be no definitive view as to whether a system is on either side of the line. Only continued resistance to interference can be taken as evidence that the system is currently sufficiently decentralised. It should be obvious that a system may need to improve in order to stay ahead of the desire on the part of regulators and others to interfere with a given network. For example if Ethereum were to be used for some major crime, the pressure on regulators to interfere might increase and therefore the measures they might be willing to employ could become more drastic. For example, exfiltrating the entire Ethereum foundation and locking them in jail is certainly possible, and with enough motivation could be achieved. The question is would that ensure the collapse of the network? It is difficult to say, but it would certainly create significant issues. Especially if the people involved forced these parties to hand over their ETH and then dumped it on the market collapsing the price. So in that sense even the concentration of ETH in a few hands becomes a weapon that can be used against the network.
Compare this to Bitcoin, where such a scenario is essentially impossible, there is no one to round up and even if significant BTC holders were forced to hand over BTC, it would likely not have a major impact on the network unless a government were to be able to track down Satoshi or the private keys associated with Satoshi’s accounts.
This should not be considered a criticism of Ethereum — it required this level of centralisation initially to launch and has been successful enough to stay ahead of any efforts to censor it. Whether it can continue to do so, and whether regulators’ desire to censor it increases, remains to be seen. But it should be obvious that increased decentralisation as a risk mitigation strategy is very much in the interest of everyone building on the Ethereum network.
I think it is helpful to look at our project, Havven, which given how new it currently is, is significantly more centralised than Ethereum. You could shut it down by rounding up 2–3 people and preventing them from continuing to build the network. The good news is that right now relatively few people are aware of the project or the potential threat it poses to existing systems. We fully intend, before we become a threat to any regulators or nation states, that the governance of the system will be decentralised enough to resist attempts to censor it.
Anyone working on systems with the intention to disrupt and dismantle existing power structures would do well to ensure their roadmap is not only technical but that it also factors in the requirement to increase censorship resistance in line with the impact the system is designed to have.
*Apologies to Gav Wood for using him as my fictional villain :)