6. GENETIC TAKEOVER | Cryptocommerce

Previous chapter: IMPROVE COOPERATION | Information, Money, Rights, Contracts, and Privacy

Co-Evolve, Cooperate, and Compete

How can we get to a rich cryptocommerce from our paper world, in which printed contracts dominate and checks are the second most preferred way to pay bills? 

How cities are built, how people self-organize, and what kind of society they organize into is largely based on how the economics of defense and attack evolve with technological progress. Law, for instance, evolved to deal with problems as they arose using the level of technology that was available to people at the time. Today’s legal systems evolve by competing on at least three axes. First, on how well they insulate us from underlying rules of biology, such as violence. Second, on how well they create rules for their own survival, such as capitalism vs. communism. Third, on how well they insulate us from their own dynamics, such as separation of powers to allow for watchers being watched. 

The invention of cryptography technology, coupled with worldwide networks, changes the economics of defense and attack of today’s legal systems. This change is greater than going from the bow and arrow to the gun. Once again, society will have to self-organize around this change to reach a new equilibrium.

¹

  Where will we settle? Cryptocommerce with its perfect realization of a neutral framework of rules can provide secure arrangements. But we still rely on the legal system to insulate us from the rules of biology. Both systems will co-adapt, each constraining the other without either one emerging as dominant. 

Let’s look at two popular positions in cyber debates: Let’s call one perspective legal absolutism. It states that human law, enforced by governments via their monopoly on violence, will remain the dominant point of reference. In its most exaggerated form, this perspective holds that anything legislatable has the upper hand. It amounts to denying reality in the face of technological advance, comparable to trying to legislate that pi equals 3. 

Let’s call the other perspective code absolutism. It states that code is law, which will take over the legal system and displace all of human law. This ideal is unrealistic, because the people who write code and the computer hardware that runs it are in government-controlled physical space. As long as governments deploy legal systems with strong public support, many computer systems will enforce existing law. 

Rather than seeing the crypto or legal absolutism caricatures as attainable goals, they are better regarded as side constraints on the evolution of real systems. 

We can borrow the term genetic takeover from biology to describe such an alternative transition. A phenotype, highlighted in green, evolves through a new genotypic representation, G2, gradually emerging within an older one, G1. The dominant system’s features provide context and constraints influencing what is viable in the new system that grows within it. The evolving phenotype now has entirely novel qualities, i.e. here it is spiky, rather than smooth.

²

 

Let’s imagine a world in which fences were not invented, but property rights were. People keep records of where boundaries lie; some can hire guards to protect their land and use the court system to prosecute boundary crossers. Eventually, someone invents a fence. A debate ensues between the legal absolutists, arguing fences are not legitimate versus the fence absolutists, arguing that property law has become irrelevant. There are obviously many lower-cost solutions to the boundary crossings problem than legal records. A fence may substitute for the law in some of these cases. But not in all cases, because people can climb over and go under fences.

Likewise, the world in which traditional legal systems emerged had no better choice; it did not have the enablers of strong cryptography and the net. Like a fence, a smart contract will substitute for some, but not all, cases in which we currently use legal systems. But since code can be buggy or we sometimes just want a human in the loop, paper law will remain a useful tool, for instance in Split Contracts. A contract acts by provoking behavior in an enforcement mechanism; in a legal contract this is the legal system, while a smart contract is simply the choice of a different system. Our current legal systems have never been static and will change along with technology, requiring continuous updating of our notions of “rule-based systems”. 

Change the Rules Without Relying on the Rules

How can we peacefully transition into cryptocommerce? Apart from honoring the voluntary Schelling Points as constraints, we don’t necessarily have to rely on existing rules to change them. Often, legal policy framings haven’t been concretely articulated into laws. This leaves an intermediate space, which different policymakers have different ways of regulating. Premature filling of such regulatory gray areas could be disastrous for innovation. The U.S. Supreme Court had to overturn early railroad regulations drafted before we had sufficient experience with the railroad system. 

The internet could not have emerged without many people operating in the emerging blank spaces of their time. Its rules are built on both political and technological interaction. Many political decisions were embodied in protocols such as those promoted by the IETF, which created a transnational rules system in which most countries let their citizens participate. This was not an extensible rules system in the way smart contracts are, but it was a base system of rules founded on voluntary gray area interactions that, at that time, no one decided to try to suppress. No rules clearly allowed the internet’s phenomena, but no one interpreted the ambiguity into an enforceable rule violation. It was unclear if doing commercial transactions online was legal. Many assumed it was not. But people just started doing it, regulators refrained from interfering, and it gradually grew into an accepted legal activity. Enough people were interested in seeing certain uses continue so that whatever was needed to continue those uses became technological reality. The internet changes the nature of the emergent rules, such that they increasingly operate by its logic. 

Bitcoin nudges the rules further to settle ambiguities in favor of continuing to allow new activities. Cryptocurrencies are built from voluntary interaction that is costly to suppress. At most, a nation can take its citizens out of the game and weaken its own position. We have settled on the intermediate state of regulated on- and off-ramps into cryptocurrency via services like Coinbase. These convert dollars into crypto and vice versa. Yet, once on the other side of the boundary, private currencies let you transact without record-keeping, at least until you off-ramp into fiat currency again.

Many of the more complex arrangements are not illegal, but are genuinely novel economic phenomena. Blockchain-based prediction markets may fall under gambling laws by one reading of U.S. law. But they are not treated as such by the mainstream economy. You can earn cyber coins betting on the future, withdraw those coins and trade them for fiat money. Know Your Customer (KYC) and Anti Money Laundering (AML) efforts mean this directly borders current legal systems. But the lack of a central control point means that to shut the process down, one would have to go after people individually via the KYC. This is extremely costly given how easy converting one cryptocurrency for another is. 

We are used to negotiation at the boundary between different rule-based systems; international law is an evolving consensus from negotiation at jurisdictional boundaries. We can compare the interaction of the legal system with cryptocommerce to interactions among jurisdictions. When jurisdictions have contradictory rules, engaging in multi-jurisdictional transactions requires complex negotiations. Despite the messiness of those negotiations, they often succeed. Transacting across the legal system backed by the government's monopoly on violence and cryptocommerce backed by cryptography and strong anonymity will be equally messy.

New territory will be unlocked. As agreements are made without relying on courts, we may create a new functional legal subset, a Lex Cryptographia, the crypto-equivalent of the Lex Mercatoria that merchants developed to expand European commerce.

³

Just as this traditional commercial law emerged autonomously via custom and best practice, and was enforced by merchant courts, Lex Cryptographia will emerge from cryptocommerce participants, enforced by a mix of code and decentralized dispute resolutions. As legal and crypto systems encroach on each other’s realms, both systems will try to fight back. As this fight becomes increasingly costly, they may converge on a new legal-technological reality.

Mature Cryptocommerce

Explore Immutability: Assassination Markets

How will legitimacy questions be settled within cryptocommerce’s emerging jurisdiction? A legal absolutist may argue that treating immutable cyberlaw as the default is problematic since it raises the question of whether immutability is a desirable feature in the first place. 

Legal absolutists can mean different things by immutability. One meaning is the de facto immutability of public information. This is in the sense that information, once public, is permanently public, whether or not regulators demand that it be removed. The emergence of the internet showed that questioning this default’s desirability is the wrong question. Once information is disseminated, it is always publicly available. 

Another possible meaning of immutability is that transactions are final, in the sense that their outcome cannot be reversed. If the web and encryption secure free speech by routing around censorship, smart contracts bring the benefits of rule of law unrestricted by jurisdictional law. Immutability in this sense can be a critical design feature that enables the creation of cross-jurisdictional institutions.

While many users want to count on the transaction being final, other experiments are more open-ended. Some blockchains allow anyone to propose governance changes that, if accepted via on-chain vote, result in a self-amending ledger. Others even allow retroactive changes to the ledger itself by voting to reverse a transaction from the system without having to fork.

⁴

These governance experiments are very valuable—within the larger ecosystem. We will be able to choose among immutable, self-amending, and reversible blockchains for transactions based on our desired level of immutability. Choices will vary from person to person and transaction to transaction. We will want to store some changes on a long-term public immutable blockchain, but immutability may not be ideal for all changes.

One of cyberspace’s great benefits is its creation of an experimental sandbox. In it, we can develop new rendezvous points for cooperation without having to replace civilization with any of them. Anyone can establish a new jurisdiction with its own ruleset. If enough people believe that enough others would rendezvous there to transact, their use of that rule set legitimizes it. Convincing a majority is not necessary. Bitcoin exists because enough people decided that they want to participate in it. Any system with a critical mass willing to rendezvous on it becomes a viable option. 

We can certainly imagine reprehensible enough situations to form consensus for intervening to shut them down. Prediction markets could incentivize people to take certain actions by betting on them.

⁵

Such incentive markets could have multiple negative implications, for example by providing a laundered payoff for assassinations, i.e. an assassination market. This prospect is frightening but is it a new threat?

Both assassination markets and push-backs against them already exist. The fatwa from Supreme Leader Ayatollah Khomeini against Salman Rushdie for The Satanic Verses resulted in groups collecting money to fund the bounty on Rushdie. This was a very explicit non-anonymous market in assassination. While multiple Rushdie translators and publishers were brutally murdered, Ayatollah Khomeini was never brought to trial. Even after the Ayatollah’s death, the Iranian government stated it would “neither support nor hinder” assassination attempts on Rushdie. In the West, Julian Assange and Chelsea Manning’s revelations allow an insight into the atrocities of government-based assassinations, including war crimes in Iraq. There was no prosecution of those responsible following the revelations. Instead, those exposing the crimes were prosecuted by the US government in a way that is itself criminal. 

We already live in a complex, messy world where some can incentivize assassinations and get away with it. Given how extraordinarily easy it is for a sniper or drone to kill someone at a far distance and escape, how rarely this happens is encouraging. Introducing prediction markets may not create fundamentally different new problems from the ones we already face. Rather than focusing on which individual actions are possible, we could look at the overall dynamic. Powerful people such as Kim Jong-Un can have a half-sibling publicly assassinated without repercussions, yet the overall dynamic is one of reduction in overall violence. By repositioning the balance of power away from governments, we take power away from where there are currently robust assassination markets. Cryptography-enabled immutable systems, such as Wikileaks, are a great tool to do so.

Simply pointing to negative uses of cryptocommerce technologies is like pointing out that writing allows people to write down instructions to kill, or that the internet lets people publish bomb-building instructions. Preventing those technologies would have suppressed their emergent beneficial effects without our realizing what we missed. Incentive markets are already in use, not as assassination markets but as replication markets for scientific research. When considering dangers, rather than taking today’s experiments as static and extrapolating problems they may create, we should not underestimate that our defenses will also be evolving. We can tilt society in favor of our desired applications.

Revisit Legitimacy: The DAO Bug

Voluntary systems depend on drawing boundaries movable by voluntary agreement. On a base level, voluntarism is about boundary-setting around our physical bodies, and every right beyond this is just convention on different layers of abstraction. The notion of property theft being something involuntary only occurs within a level of abstraction where we have the convention of those assets being actual property. 

As we unlock new levels of commerce, we must chart unprecedented terrain. Smart contracts create automated arrangements that we bind ourselves to. The relevant rights are only released back according to the agreed contract terms. At least in theory. In practice, the cryptographic connection to rights in the world only exists by recognized convention. A core problem will be creating a credible realm of voluntary interaction, which at the base level is itself only built out of voluntary interaction. 

We cannot rely on philosophy to derive what counts as voluntary in future level of the game. It becomes a question of agreed threshold setting, i.e. of creating Schelling Points for legitimacy. A Schelling Point can result in crudely incorrect judgments for any particular case. But we can still be better off holding to a simple standard because its very simplicity is what gives it stability. 18 years of age is frequently—but not always— the threshold for being a voluntarily consenting adult. There is no obvious non-arbitrary standard that works better than just agreeing to this arbitrary standard. Anything that tries to be more accurate will necessarily be less simple. Common knowledge of the expectation of legitimacy is the ultimate governance. 

Genuinely difficult edge cases will arise. One was the DAO Bug Fork. The most prominent instantiation of a DAO was the Slock.itDAO, a $150M venture capital fund. Smart contracts automatically executed investments and profit distribution based on how investors used their shares to vote. Unfortunately, this DAO came to an untimely end when a user discovered a bug and siphoned out a substantial amount of the funds. This triggered a reversal of transactions to restore investors’ funds via a “hard fork” that effectively unwound a supposedly immutable transaction record. Crucially, the bug was in the application, not in the underlying Ethereum code.

Forks can be valuable because they allow one to take the state of an existing system and chart a new path. It is the crypto equivalent to Facebook allowing you to take their entire database and codebase to create a competitor with the same code, social connections, and photos but better features.

⁶

This allows for more experimentation than legacy governments or companies with no exit options but also brings new challenges for our shared understanding of legitimacy.

Per one interpretation, both the draining of the DAO and the fork into the new ETH currency and the remaining ETH Classic were voluntary transactions based on entities sending messages over the net. The sense in which money was transferred depended on players interpreting ETH as money and the listing of ETH on the chain as property. The bug beneficiaries properly received their ETH Classic currency payment, while most of the Ethereum value moved from ETH Classic into the forked ETH. You could say that the fork merely represented differing interpretations of informational messages signaling a massive change of convention. 

On a different view, smart contracts are binding contracts about the property rights represented in ETH. After all, the DAO’s terms stated that “nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code”.

⁷

If the DAO’s code should be interpreted as law, then using it to drain the funds was a voluntary transfer of rights and forking was not. As Ethereum has developed, there have been larger losses than The DAO bug and despite emerging arguments to fork again, the community decided against doing so. Through an accumulation of genuinely new edge cases, we update our sense of legitimacy. The digital realm gradually evolves rules that affect the physical world.

Evolve Cryptocommerce

Interoperate: Proof of Location

What can we say about future dynamics of an emergent cryptocommerce? Much of its activity is based on innovators wanting to introduce new cooperative arrangements into the world. But once introduced, the arrangements become much more valuable if not subject to their inventors’ whims. As long as a centralized entity provides the arrangement, it does not have the benefits of multipolar checks and balances. 

To some extent, our interactions are already centralized in the Internet Protocol (IP) on the web. There aren’t many completely different hypertext experiments that don’t play with it. But the web itself is largely decentralized; protocols allow many different parties to communicate with each other. They function more like language than governments. One could say that the decentralized nature of the protocol achieves a system that is 99% decentralized and 1% centralized.

⁸

Realizing the dangers of a centralized power, the temptation is to regulate. But to make progress toward voluntarism going up levels of abstraction, we need to seek novel solutions. There are already single web governing bodies and efforts against them.

⁹

The domain name system functions as a centralized decision-making point to allocate the namespace’s root names. The Petnames project seeks to enable interconnectivity without a global namespace. The Dweb movement builds a distributed web infrastructure that compensates against concentrated control. If an architecture causes us to make overly-centralized decisions, we should consider it a bug and find a better one.

¹⁰

If innovators deliver more value by taking themselves out of the control position, they can find arrangements to make more profit by doing so. If they don’t find a way to deploy their arrangement without their controls, their competitors will. To speed this up, let’s point out a few centralization dangers that are innovation opportunities for better systems. One near-term centralization risk to cryptocommerce has been well articulated for the computer security foundation that it’s built on. TOR is the onion router that protects against knowing a message sender’s physical location by routing between hops with multiple inputs and outputs. But we don’t know if TOR nodes are conspiring. If 90% of the TOR nodes are run by the NSA — and you can't know they aren’t—it's not providing the desired privacy protection. This is the Sybil attack, which involves falsely simulating a highly multipolar world.

¹¹

We want active compensation against centralization. Bitcoin is spread across jurisdictions such that any single corrupting jurisdiction is just taken out of the game. But one government could threaten the lives of their Bitcoin miners to force them to do something corrupt. Proof of location is an economic attestation that a computation is happening at a particular location at a particular time. This can incentivize decentralization by creating rewards for computing in spread-out geographic areas. Geographic diversity means jurisdictional diversity, making governmental interference and collusion more costly. Rather than relying on entities to naturally keep each other in check, proof of location incentivizes multipolarity, thus creating compensating dynamics against centralization risks.

¹²

 

In future levels of the game, more subtle dangers will emerge. Ethereum is highly decentralized in that it is governed by some rule of law and thus incorruptible by any one malicious player. Nevertheless, its architecture may allow subtle centralization problems because it requires tremendous coordination on one emergent decision. All voluntary interactions are composed on one blockchain with one linear history operating according to one set of code-embodied rules. When we want to make a change, a large number of people must come together to agree on it. Decisions are floated as hypotheticals and argued about, until only a small number of decisions are actually made, one per blockchain. Centralization arises, not in the space of decision makers but in the space of possible decisions.

It is an architectural decision, not a requirement, to create an ecosystem that requires every contract to run on a huge blockchain with a huge number of participants. An alternative ecosystem with many small experiments creates less need for large-scale governance in unitary decisions. In the spirit of competition as a discovery process, one could imagine many competing systems making many decisions, such that good decisions rise to the top. A few decisions requiring global agreement, perhaps on currency, would be centralized. But for regular contracts we need to lower the risk enough to benefit from the transaction without everyone in the world needing to agree on it. 

Ethereum’s strength is that it operates the world’s first truly credible computer, but most contracts don't need that degree of global mutual credibility, at least at first. Local contracts can start small among parties with shared relevant context and mutual credibility.

¹³

When some contracts need wider credibility, we can move them to more widely credible platforms. If I want to sell my role in my local contract with you to Alice, who is outside our local circle, we can migrate the contract to a new platform with credibility among the three of us. The larger the circle, the more overhead we must pay to achieve mutual credibility, plus a privacy cost. Multiple blockchains and circles of mutual credibility across them move us closer to a polycentric world.

Cosmos builds an Internet of Blockchains for interoperability and currency exchanges between them. Agoric develops a secure platform for smart contracts so they can migrate between chains. Together, they are the main collaborators on the inter-blockchain-protocol (IBC) for secure communication between chains with a diversity of architectures and consensus mechanisms. Similar to how the higher-order composition of property rights unlocks commerce, these architectures can compose individual arrangements into a rich ecosystem with each other. 

In the early days, computers had tremendous architectural diversity. Each computer had a little operating system and localized interactions through the timesharing system. The ARPAnet connected some of those computers by enabling them to email each other without suppressing their architectural diversity. Each was an independent experiment, but suddenly via network effects there was a larger community to cooperate with. Today there are different blockchains, some mutable, some immutable. The IBC will interoperate between them without suppressing the architectural diversity of attempts to build a better blockchain. The result may well be an ecosystem of multiple self-governing blockchains with the ability of entry and exit so commerce can travel across them. If you disagree with how one blockchain is running, you create a new one. Instead of debating how our overall system reflects our values, groups with critical mass can experiment with their vision while interoperating with the rest.

¹⁴

 

Ultimately, we need to rely on competition as a discovery procedure for finding out which systems work well, and there will be more than one winner. Starting from the internet as a single winner with a decentralized protocol, we may arrive at a multi-blockchain ecosystem. The more decision-making poles are spread out and interwoven into a cross-cutting blockchain ecosystem, the more they will see it in their interest to compensate for others dominating. 

Learn from History: IBM, Internet Giants, and Centralized Blockchains

Long-term, can we rely on decentralized systems outcompeting centralized ones? A look at computer history provides a rich mixed picture: In the computer industry’s early days, it was common knowledge that IBM’s mainframe monopoly would lead to monopolizing the entire computer industry, unless the government broke it up. Antitrust forces were engaged against IBM; IBM fought back. It is possible that antitrust laws had little to do with IBM's loss of the dominant market position and that the personal computer’s rise had everything to do with it. IBM started in a fairly dominant monopoly position with its PC. Microsoft then outplayed it, and became the monopoly supplier of PC operating systems and most office applications. 

For a long time Microsoft was so dominant in software that it seemed it would remain the monopoly forever, unless broken up. Antitrust forces were engaged against Microsoft, and Microsoft fought back. Once again, it is possible that antitrust forces had little to do with Microsoft losing its dominant position but that the rise of the web had much more to do with it. Microsoft was a substantial web player, with Internet Explorer being an initial browser wars winner, but that dominance was unstable. The character of the game changed, and players that grew up more adapted to the new game’s character out-competed the supposedly permanent centralized monopoly that had owned everybody's desktops. 

Gradually, today’s internet giants emerged and turned email into Gmail, Usenet into reddit, blog replies into Facebook, pingbacks into Twitter, squid into Cloudflare, and Gnutella into The Pirate Bay.

¹⁵

As in the previous Microsoft case, the current centralization wave has been swiftly accompanied by antitrust efforts, such as the 2020 efforts to break up Facebook and Google. Smaller companies cooperate to form coalitions such as standards committees to create a survivable system in light of a perceived threat. Now we have web3. Once again, it is possible that coalitions of non-dominant players compensate against power centralization of giants. 

Neither Google nor Facebook existed until 1996 and 2004, respectively. By the 2030s we may see that they were just flashes in the pan, and instead view Ethereum to be so dominant in the blockchain space that we need to break it up. The same well-known calls for intervention may emerge. Once again, it is possible that by the time some new technological revolution dethrones big blockchains as the dominant player, regulations will have had little to do with it. 

Claims of a winner-takes-all setting with only one or two blockchains is like estimating that we’ll only need a few computers before any are on the market. Our current blindspot is largely due to the lack of blockchain interoperability.  Why create more islands if there is no way to travel between them? Once blockchains can talk to each other, more experiments will want to split. We don’t have one website, or a handful of websites, but many, which also makes sense for blockchains. In a system consisting of a multiplicity of blockchains, new levels of the game will be unlocked. Their dangers might be as opaque to us as internet centralization dangers were to the drafters of the U.S. Constitution. If upper level centralization dangers arise, we should compete with upper level compensating arrangements. 

It took centuries for today’s open societies to outcompete tyrannical ones, just as it took decades for open source software to outcompete proprietary software. We should not expect quick wins of decentralized systems over centralized service providers, even if the decentralized ones bring a confident rule of law. There will be many failed ventures and it will take time to build up an adequate level of functionality. But we have repeatedly witnessed the long-term winners are those which create a rules framework leading to a predictable basis for cooperative interaction with minimal risk. As long as future levels of the game are defined by a rich taxonomy of rights and composability of contracts, cooperation can evolve. As civilization unlocks level after level, we expect non-human cognition to play an increasing part in the growth of knowledge, wealth, and innovation. We’ll come back to this in chapter 8.

Chapter Summary

Starting from our paper world, we embark on a co-evolution in which legal and crypto jurisdictions develop within constraints imposed by the other. Within crypto, proof of location and a polycentricity of blockchains can compensate for centralization from Sybil attacks and large blockchains. With a bit of foresight we can bake interoperability into this system from the get-go. A voluntary future of ever richer cooperative games awaits —if it were not for serious physical and digital threats looming along the way; a topic we will examine in the following chapters. 

How can the current legal systems and future systems coevolve and constrain each other? Checkout this seminar to find out more.

Next up: DEFEND AGAINST PHYSICAL THREATS | Multipolar Active Shields

1

 See Mark S. Miller’s Computer Security as the Future of Law.

2

The graph is taken from Origins of Life. The concept originated in Genetic Takeover by A.G. Cains-Smith.

3

See Primavera de Filippi’s Decentralized Blockchain Technology and the Rise of Lex Cryptographia.

4

See Dominic William’s The DFINITY Blockchain Nervous System.

5

See Robin Hanson’s Foulplay.

6

See Fred Ehrsam’s Blockchain Governance: Programming Our Future.

7

See Terms: Explanation of Terms and Disclaimer.

8

See Mitchell Kapor’s The Self-governing Internet: Coordination by Design.

9

See Brewster Kahle’s A Game with Many Winners.

10

See Behind the Scene of the Decentralized Web Principles by Mai Ishikawa Sutton.

11

Ironically, this danger is a collateral consequence of our ability to cooperate anonymously, one of our greatest protections. Because we don’t know who is running the TOR nodes, we don't know if they are conspiring. If TOR nodes aren’t conspiring, TOR helps provide anonymity, which could create the Sybil danger elsewhere. Even if TOR was corrupted by Sybil, it would not prevent the Sybil danger elsewhere. All the rest of us are still anonymous to each other, even if somebody knows everybody's identity. 

12

Blockchain systems have a few options to prevent Sybil attacks. Let’s say it becomes known that one actor amassed the majority of the Bitcoin mining power to extend a chain with transactions the rest of the community views as illegitimate. If a minority agrees that the extension is illegitimate, they can ignore it and jointly extend the chain in a way they consider legitimate. There is no enforced automated mechanism saying that the used chain is the one extended by the majority of the mining power. If we can agree to do this for a Bitcoin bug, then we can agree to do it based on a shared sense of legitimacy that is more powerful than the Sybil attack. But we want to tread lightly when introducing precedents that impair the expected reliability that makes cryptocommerce desirable. 

13

See Mark S. Miller’s Towards Secure Computing: Navigating the Attack Surface.

14

We can make a soft prediction about which systems will be successful competitors. Projects that require high governance long-term may not have the biggest comparative advantage. This is because we already have high-governance systems in the real world. Systems that make a credible commitment to move from high governance early to high automation later may be good competitors. We may see a human overrider mechanism in a Split contract, that starts by requiring a 2/3 supermajority to overrule transactions, gradually raises the majority required to 9/10, before ultimately moving to entirely immutable transactions This design protects against two risks: one is from bugs that lead the code to not mean what we think it means. If we immediately deploy our system by treating code as law, we need to have high confidence in the code. This risk starts high but gets lower over time as the system is playtested. The other risk is corruption of the human stewards, which starts off low because the contract is first deployed by a small set of people with high trust. As asset value goes up, and the influence of initial stewards decreases, the risk of corruption rises. Thus, rapidly moving to low governance may be adaptive to how risks change over time. But this is just a prediction.

15

See Handshake.