Ownership - Elia Torre

**How do you know what you really own?** The metaphor: - You are going to work out to work and packing your bag lunch with an apple. - On your way, you stop to a supermarket to buy a sandwich and cookies. - At the checkout, the employee sees you have the exact same apple they are selling in your bag. - How could you prove that you did not steal the apple? **Who Records Ownership?** - Imagine your cast gets stolen: what would you do? - Go to the police department to log your complaint. - If your car gets noticed with someone else, the police will verify the ownership via Automobile Registry. - The thief will be put to trial. - That's way too easy! - What if someone captures your drone? - How would you prove you own it? - Did any authority record that you bought the drone? - Your best bet would be the paper receipt that you received from the shopkeeper. - Will they prove your ownership of the drone? **The old paper is not enough**... Paper receipts are not unique! - The thief can forge one too claiming that he owned the drone. - Right now, there's no easy way to prove you own what you own. - Even if there's a way, it'd be probably a slow and tedious process. - You own something because others believe you own it. The thief doesn't. **A new hope?** - According to Economist, "estimates for the total value of fakes sold worldwide each year go as high as \$1.8 trillion." - Economist, July 30^th^, 2015. - Last year was about 3.3% of world trade. - This leads to losses for brands. - This also leads to **consumers losing their trust** in those brands. - Imagine a world in which when someone goes out to buy something that must be authentic to have value, the shopper could simply pull out their phones, type in some number and verify if the shopkeeper is trying to dupe them. - Just for a moment, imagine a world where each and every valuable thing could be assigned a number and ownership. **Ownership and Witnesses** - You are in court disputing your alleged apple-theft case: how do you prove your innocence? - Best case: you **find someone that could testify** you had your apple before the event. - The employee who sold you the apple is having hard time with cross-examination: can you identify the exact apple you sold to the accused? - It could even be the case you bribed the witness to remember all fancy details about the apple transaction. - Here is the take out: **be sure to have many independent witnesses testifying the exact same thing**. - To prove the ownership three elements are keys: - An identification of the owner. - An identification of the object being owned. - A mapping of the owner to the object. - You can accomplish these through the testimony of witnesses. - Though this is **time consuming** that's why we replaced lot of things with documents issued by trustworthy entities (namely governmental). - A birth certificate does not change with time. **The mapping between owners and objects** - The mapping step can be achieved through a ledger or register. - A ledger does not stay constant over time: it gets updated. - Having a robust and fast updating process is a key requirement. - Typically, the higher the value of certain objects (i.e. diamonds), the higher are the chances that there is a regulated ledger documenting the ownership of those objects. ![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image15.png]] **Hints on Security** We have introduced three major security concepts. Since we are in the context of software systems, let's provide definitions. The concepts are: - **Identification** - **Authentication** - **Authorization** What is the link? - You want to buy a bottle of wine in a liquor shop. That are not allowed to sell alcoholic to underage. - How can the liquor shop employee be sure that he is selling wine to the right people? **Identify and Authenticate** The identification step involves a simple **statement that can be used as an identifier**. The **identification** step **does not prove your real identity** though: it is just a claim. But we want to prove you are not underage: so **we require an authentication**. In our simple example, an ID card will do the job since it is directly connected to a single individual (e.g., with a photograph). The employee now compares the face in the shop with the one on the ID card and accomplishes the authentication. He might request a two-steps verification by asking the driver license or another type of document. **Authorize** Once the employee is convinced you are not underage, he grants access to specific resources or services (you get your bottle of wine). The authorization changes with the characteristics of the individual's identity (think about a Starfleet's captain vs. lieutenant). Remember: if you are too young but has shown a correct ID, both the identification and authentication processes went good. What failed was the authorization step because it did not comply with certain rules. **The proof of ownership and the ledger** ![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image16.png|600]] - Transparency vs. Privacy - Proving ownership vs. transferring ownership All relates to the blockchain. - Reading vs. writing the ledger. **Ownership and the Blockchain** Assume you have a very good and trustworthy witness like a government ledger. What if this ledger is damaged or destroyed? What if the guys responsible for updating the ledger make an error or just throws it in on purpose? **This is a disaster! The ledger does not reflect the reality anymore. It does not represent the truth**. How do you solve the issue when you have just one ledger? Well, you just increase the number of independent witnesses. Having many witnesses who independently make their own observations free of mutual influences is the key for this approach to finding the truth. Here is the link: **Through the use of a purely distributed P2P system of ledgers you get the proof of ownership based on that version of the reality on which the majority of peers agree on**. ![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image17.png|600]] **Let's build a blockchain** We now know everything about the relation between trust, integrity, purely distributed P2P systems and the blockchain. We know what a blockchain is, why we need it, and what kind of problems it can solve. **That's fancy, but seriously ... How does it work internally?** **Key Points** - We consider a purely distributed P2P system. - Its users with their computational resource contribute to the overall system's computational power. - The system uses the Internet as a network. **The network is public and open**. - We have **no a priori information** neither on the number of nodes nor on their trustworthiness and reliability. - The system aims at **managing the ownership** of a digital asset, whatever it is. - The system is therefore a **completely open and untrustworthy environment**. **Blockchain Structure** |![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image18.png]] | ![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image19.png]] | |---|---| **Path to Blockchain** There are **seven major tasks** which are mandatory to design a blockchain system: 1. **Describing ownership - defining the transaction** - What do you want to do with your fancy blockchain? - We are building a system that manages ownership so we **need to describe what the ownership is**. - Analogy: **consider transactions as transfers of ownership**. - The **full history of transactions** is the way to identify the current owners. - A transaction generally contains sender's and receiver's information as well as the value of the transaction itself. - Plus: there is a **cryptographic digital signature**. 2. **Protecting ownership - transaction authentication** - Fundamental to find a **way to prevent people from accessing the property of others**. - **Cryptography** is the way to go. - It protects transactions at individual level. - **Once again: identify, authenticate and then authorize**. - First, each node will validate the incoming transaction by decrypting its digital signature. - The transaction is then temporarily held until finalized into a block. 3. **Storing transaction data - block creation** - We described a transaction and we protected it. Now we have to store it. - In particular, we need a way to **store the whole history of transactions: ownership clarification**. - We use the **blockchain as a data structure** to securely store all the transactions. - Now we need to distribute it... 4. **Distributing ledgers in an untrustworthy environment - Block validation** - We have copies of the ledger on untrustworthy nodes in a untrustworthy network. - There is no central control or coordination. - How can you prevent the transaction history from being changed? - You make it **unchangeable: the blockchain is immutable.** - Still, the blockchain needs to accept new transaction. - To achieve immutability, **computer science plays a major role**. - The blockchain data structure is an **append-only structure**. - Simply distributing copies of the ledger across nodes does not fulfill the goals. - What we need to understand is **how nodes interact with each other** and what information is exchanged. 5. **Adding new transaction to the ledger - Block chaining** - So far, each member has a copy of the ledger. - We verify that new transactions are valid and unauthorized. - Since it is a purely P2P system, **we turn each member into the supervisor of all its peers**. - If no errors are met, a new block with a given list of transactions is then added, permanently, to the blockchain. 6. **Deciding which ledgers represent the truth - Achieve consensus.** - It's cool that anybody can be a supervisor... But who is right? - Typical problem of P2P systems: different peers may have received different transactions. - This implies different versions of the history which threats the system integrity. - Also typical: you can't prevent different versions in a P2P system. - You have to come up with a criterion to decide what the truth is. - But how? There is no central authority! - Here is the trick: **distributed consensus**. You let each and every node decides on its own what's true. This way, when the majority independently agrees for a transaction history, the system considers it as the truth. ![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image20.png|500]] **Potential Challenges** - The blockchain system introduces a unified system for conducting financial transactions over a network (e.g. the Internet) - Organizations need an agreement which governs the rules of the network... - And this is huge! Companies have heterogeneous policies and protocols to perform their operations which affect their best practices. - Don't forget privacy and security issues. - We need standards: the focus of blockchain implementation is more on the standardization of data flows and the intermediate language used to communicate within blockchain rather than the technology that supports its platform. **Advantages and Limitations** - The blockchain technology is based on the idea of distributing information over connected nodes represented by computers. - These nodes work together as one giant system which stores encrypted sequences of transactions into blocks. - One of the main advantage is that there is no dependence anymore on middlemen or third party to provide trust and authentication. **Advantages** - **Empowered users:** each user has the ability to control its information and the transaction it is in. - **Durability, Reliability and Longevity:** there is no centralized computing architecture: no global failure because of a single one. - **Integrity, Transparency, Immutability**: transactions are public and cannot be changed. - **Faster and Lower Costs**: no intermediaries so fast interactions and less management costs. **Limitations** - **Regulations:** currencies used in financial transactions are ruled by national governments. Governments need to reach an agreement to regulate the status of blockchain. - **Security and Privacy:** yes, we have strong encryption algorithms, though cybersecurity remains an open problem. Think about sharing personal information over a public network... - **Software Vulnerability:** you have a software, you have bugs! This open the door to malicious activities so no more integrity. Plus, what if there is a hack on a global technology? - **Integration:** organizations will face problems and costs to integrate the technology into their operations. - **Understanding the Technology:** few people just get it. Simpler for coders and hackers, harder for business professionals. **Potential Applications: Financial Services** There is an increasing interest by financial services sector in blockchain. Pretty much as an alternative to the current transactional system. That's because of inefficiencies cause by third party organizations, processing time, costs. J.P. Morgan and Goldman Sachs created a partnership to invest in the technology. Santander bank estimated a saving of approx. \$20bn by eliminating centralized trust agencies. Each financial institution maintains its own ledger. Reconciling ledgers is a costly process, particularly in big banks with hundreds of ledgers. Even worse when this process is carried out through primitive and unsecured tools such as VBA. - **Cost Reduction:** no more ledger duplication as well as reduction of post-trade processing time. - **Smart Contract:** automation of existing logic where all financial assets are already in electronic format. - **Risk Management:** increase speed of settlement with an increase in liquidity and decreasing of balance sheet risk. - **Improved Regularity Compliance:** authorized regulator to view a transparent ledger distributed among financial organizations (i.e., better anti-money laundering). **Adoption by Organizations** Potential benefits across the different trading stages within the financial market. ![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image21.png]] Whenever a new technology comes up, developing real-life applications is vital to ensure investments. Though, developing the technology requires time. ![[Bocconi/Bocconi - Introduction to Blockchain/Images - Bocconi Introduction to Blockchain/image22.png]] **Blockchain Governance and Contracts** Using a blockchain provides services in a more efficient and decentralized way. Less dependence on state or government bureaucracy. You get a more distributed diffusion of authority. Contracts definition and management will improve. The ongoing legal system requires different statements to improve the enforceability of contracts. Some contracts need to be notarized to prove each party real intentions. Contracts must be registered in order for the transaction to be stored in the public record. With a blockchain, no need for human intermediation and easy way to provide provenance. Lawyers would just prepare self-executing legal documents. The ownership of intellectual property rights could be checked by referencing to time-stamped locations on blocks. We would move towards **Automated Contractual Negotiation**. **Preview on Smart Contracts.** Blockchain has the potential to decrease the costs of contracting. Smart contracts would drastically reduce the friction in commerce and society by providing greater precision to transactions. A smart contract is just a source code which can be executed like any other programming language. In addition, smart contracts offer a significant advantage to existing contractual drafting practices by eliminating the inherent ambiguity of natural language. Legal parties could use vagueness and poor language to step back from contractual conditions they no longer want to honor. A smart contract offers an effective solution by incorporating legal provisions into the code. It comes with a **zero-tolerance policy**: parties are obliged to fulfill the contract. There is freedom to breach rules because legal enforcement takes place after the act. Judicial enforcement is less needed in a system controlled by self-executing smart contracts as the manner in which the rules have been defined in the code matches exactly the manner by which they are enforced. If you want to violate the rules, you have to break the code ... not that easy. **Towards a P2P economy?** We all, as individuals, interact with the internet. Developers are trying to integrate Blockchain into web browsers. Websites would employ distributed data centers. Back to the music industry: authors and musicians could use this technology to collect royalties right after there's been a purchase. Think about piracy: self-executing contracts can track duplicates and related distribution of unoriginal work. **Synergy with banking sector** Banks started to systematically become more active with blockchain in recent years. Main reason: since blockchain eliminates middlemen and is faster and more secure, banks are going to save billions. They explore the concept of decentralized systems as well as systems where only authorized users are accepted. They created innovation labs. Possible business uses: settling trades and issuing bonds, payments and settlements, securities issuance, transfers, clearing, anti-money laundering, asset registries. **Decentralization and some questions** *"There is an increasing risk that we will end up with a patchwork quilt of inconsistent privacy"*- Leonard Cali, Senior VP of Global Public Policy, AT&T. - **Can Blockchain systems comply with privacy regulations?** - The French Data Protection Authority (DPA), members of the EU parliament and the EU Blockchain Observatory and Forum, are among the few governmental actors that have publicly acknowledged the tensions between blockchain and the GDPR. - In particular, the rules around the right to erasure, right to rectification and the principle of data minimization. - A number of proposed solutions to GDPR compliance exist, such as zero-knowledge proofs and destruction of private keys, but it remains unclear whether they constitute methods of erasure or anonymization. - Will the EU Data Protection Board issue guidelines and recommendations to "ensure that blockchain technology is compliant with EU law?". - **Will international regulators work together?** - As Blockchain projects become more geographically decentralized, anonymous and/or censorship resistant, domestic regulators must tackle breaches of their laws by facilitating global coordination or, perhaps, harmonization of their securities, commodities, money transmitter, and tax laws. - **How can the wide range of regulatory responses from different nations within these international organizations be reconciled?** - **Will (and can) privacy coins be banned?** - Easier to track cash or legally accepted transactions by banks and financial institutions. - Harder with transactions in privacy coins like zcash or monero. - Perhaps the most practical way to regulate privacy coins today is to allow them to be traded on regulated crypto exchanges, which could encourage trading under the watchful eye of regulators and create an initial auditable trail. - For example, two regulated crypto exchanges, Gemini and Coinbase, recently began offering the trading of zcash. Both exchanges now allow withdrawals of zcash to be made to transparent addresses only. - **Will we be able to regulate decentralized exchanges?** - Prior to 2018, many believed that DEXs were unstoppable. - Now, many DEXs implement know-your-customer procedure (KYC). - In 2018, the SEC published guidance on online platforms for trading digital assets. - ShapeShift reluctancy introduced KYC in the form of compulsory membership. - The SEC fined EtherDelta's creator for causing software to violate the law requiring registration of securities exchanges. - **Will developers be held responsible for violations of law?** - In corporate law, the "corporate veil" allows a corporation to be treated as a separate legal entity, insulating the company's owners, in most cases, from personal liability for the company's violations. - A "tech veil" has helped code developers escape liability from state and federal regulation and civil lawsuits arising from bugs in, or third parties' malicious use of, their code. - Sometimes, the "tech veil" can be pierced. - In 2018, *Commodity Future Trading Commission* (CFTC) Commissioner Brian Quintenz suggested that smart contract code developers could be prosecuted for wrong doing. - First: reasonably foreseeable the code would likely be used by U.S. persons in a manner violative of CFTC regualtions. - Second: when the SEC charged Zachary Coburn (founder of EtherDelta and writer/deployer of the EtherDelta smart contract) with operating an unregistered national securities exchange. - **What is or is not reasonably foreseeable in an age of constant innovation?** - **How, if at all, will courts and regulators distinguish between the role of the code writer, deployer of the code, and platform operator?** - **Will the "tech veil" be pierced further in criminal or civil cases?** - **If so, how will enforcement be affected by decentralized networks, unstoppable smart contracts and anonymous code developers?**