Q&A with Charles Hoskinson (Cardano)
We were thrilled to experience Charles Hoskinson of Input Output at a corporate invitation-only event at the start of his week in Japan, jointly organized by Tokyo FinTech and Deloitte Tohmatsu Consulting. There were relatively brief opening comments, and then extensive Q&A, of which we have extracted the key points. The audience was not necessarily very technical, so the session focused on a discussion of general concepts rather than a deep dive into protocols.
Charles’ opening comments
Where do we start? How do we get practical use out of blockchain?
Blockchain vs. databases
The first thing I tell anyone is to understand the difference between a database and a blockchain, what a blockchain does for you and what it does not do for you. The point of a blockchain, the point of a distributed ledger, is all about immutability, time-stamping and auditability, it is not about storage. You do not use a blockchain to replace a conventional database. When you say it is really important that I create an audit log and a timestamp of things that happen — events, history, facts & circumstance — then you can look at some economical examples such as a real estate ledger. Recently, I bought a ranch in Colorado, and it took quite a bit of time to sort out the history behind that piece of property. It would have been so much nicer to have a chain of custody from the very first issuance to today, and the story behind how that happened, how each of the transitions occurred. The point of a blockchain would be to timestamp that, make it immutable so that people cannot tinker with it, and also make it auditable so that I can look back at that log in an efficient manner.
In a way, what a blockchain really is, it is part of a tool set to allow you to tell stories around changes in situations, changes in state, whether that is changes in ownership or major events. When you look at anything that has a transition from A to B to C, the story behind that, the story that you need to timestamp, the story that you need to have a group of people agree on who probably do not get along with each other or are not honest with each other, that is where blockchain probably adds value to your business process.
Blockchain and smart contracts
The second thing is to know the difference between the blockchain, which is where we put the data, and what is actually happening with the events themselves, i.e. the contracts, the transactions. If you are financial institution that trades certain financial products, you have different business logic and regulatory logic with those products, that is a different concept, which is closely related to our industry, because we work with financial contracts and smart contracts, but it is a whole separate domain. Both of these domains generally have to be tackled at the same time for you to build a production system.
Centralization and decentralization
Finally, there is also the fidelity of the information that is going into the blockchain itself. We have these self-contained systems like Bitcoin, where it is kind of easy to ensure that everything works well. But when you talk about systems that receive information from the outside world — that is called an oracle, or a data feed — then you are completely at the mercy of the entity that is injecting the information. For example, how does Bitcoin know its own price? The only way it can know that is that the exchange tells it, so you are at the mercy of the exchange telling it. Similarly, all the interesting smart contracts, those that are doing reasonable things and interact with the outside world, require an oracle, and that is a point of failure and a point of centralization. So, kind of a meta point to anyone considering using blockchain technology is that it does not automatically decentralize you. You will get components of your system which you can immediately decentralize, but then there are all other types of parts around your system where you implicitly or explicitly still relying on some sort of central actor or trusted third party. So at the end it compresses down the whole system to one or two entities that determine whether it succeeds or fails. For example, you could argue that Bitcoin is highly centralized, because only a small group of actors controls consensus, and only a small group of actors control the entry and exit points, these are the exchanges. So, although the technology is permissionless and open, the system is still at the mercy of some gatekeepers, and it important to model and understand these consequences.
What are some recent technological advancements that might have an influence on how legislation will evolve?
Asset classification
Regulation is kind of interesting, we can break it into a few categories. There is the asset class classification regulation that defines what these “things” are, are the commodities, currencies, securities, or all of the above? There is also the question whether we should capture these assets under existing regulation like the Securities Exchange Act of 1933, or should we create new regulation specifically for these assets. So if you take a look at specific jurisdictions, Japan actually passed a dedicated law to regulate cryptocurrencies, whereas the US so far has put cryptocurrency regulation on the asset side into existing regulatory standards. like the MSB regulation, FinCen regulation, etc.
This lack of regulatory clarity is one of the principal reasons why institutional investors and more traditional clients are having difficulty dealing with cryptocurrencies or cryptocurrency-like assets, because they are going to holding things in their portfolio that they actually do not understand the implications of — do they need a custodial agent, should these be traded on exchanges or with broker/dealers?
The other side of it is that it has created a lot of regulatory arbitrage in the world where jurisdictions like Switzerland Liechtenstein, Malta, Singapore and others have decided to jump on this bandwagon and try to make thins a little easier for us entrepreneurs, so in some ways they created a safe haven, but the operators in these jurisdictions technically are playing globally, so that means you are basically under US jurisdiction. It is a very muddled situation on the asset classification side.
The direct consequence of this is that it is very difficult for many cryptocurrency businesses to get bank accounts — that is a near universal complaint. Another consequence is that it makes it very difficult for many cryptocurrency businesses to raise capital from traditional means, like venture capital, although it is becoming less of an issue today, in particular for certain specialized sources.
Privacy
There are two other buckets of regulation that we have to constantly deal with. The second one concerns capabilities, and in particular privacy, which is a big concern. The regulators are not used to a financial system that behaves like cryptocurrencies behave. If you look at the way money moves in the world, it is between collections of very well understood actors, one bank to another bank, one money servicing business to another money servicing business, and every single one of these entities is in some way regulated, and there is a great deal of transparency to the global regulatory system on how these things move — there are checks and balances put in between to enforce capital controls, sanctions, etc.
We do have a system that is peer-to-peer, it is old, and it is very easy to move money out of this system — it is called cash. But unless you are Pablo Escobar, it is really hard to move three or four million dollars across the border. So our regulatory system is not set up for a currency that lets you kind of do that, and do it anonymously. Now I can do it, I can do it with my phone, anywhere in the world. I do not even have to carry my phone with me, I can just remember some key words and borrow somebody else’s phone. Regulators are not well set up for this type of system, and the consequences of this type of system, it is completely foreign to them.
Taxes
And finally, there is always taxes. Taxes generally are based on actions and assets, what you are doing and the asset class. Now you have these weird assets that are transnational, and they can be anything — how do you pay taxes on those? If you cannot really know how much money people are making, how do you charge an income tax effectively? Cryptocurrencies are making it more and more difficult for governments to actually definitely know the income of their citizens, or the consumption patterns of their citizens. This is only going to get more pervasive over time.
This is what you see whenever you have technological innovation. Before the internet, information was physical. Now that it is digital, it changed certain regulation, like copyright protection. Along the same lines, now that money moves that way, it will fundamentally change the way we regulate financial instruments, the way we regulate taxes, and the way we handle things like privacy.
This is also a great business opportunity. For the first time, in the transaction itself you can bundle the regulation, you can put the terms & conditions into it. So a lot of things that used to be manual, or require third-party auditing, things that could only be done every three months or every year, can now be done real-time, continuously and embedded within the transaction.
Blockchain is dependent on the Internet itself. How do you improve cybersecurity to ensure working of the ecosystem overall?
Well, the analogy is, if you want to do an operation, you should clean your operating room first. In the early days of surgery, we did not do that, and we did not have very good results. Along the way we realized that germs are real things, and we should probably work hard to prevent them. Cybersecurity is much the same way. In the early days of the Internet, we never cleaned the operating room.
It is really frustrating for me, because in 1991 this amazing piece of technology was invented, and had it gotten mainstream consumer adoption, then we would have no passwords on the Internet, everything would be just one click to log in, we would not have domain registrars, all of your emails would be encrypted by default. It is called PGP (Pretty Good Privacy). But despite the fact that it was an amazing technology, it was ahead of its time, and although there were so many potential benefits to the consumer, consumers never adopted it.
This is the great paradox of cybersecurity: there are things that we can do that will dramatically improve the security of the user, from using a password manager to using two-factor authentication, to some practices on how we install things on your computer, which for whatever reason consumers have trouble with, and because they do not do these things, they end up creating situations where their operating environment is not so secure. In consequence, it is difficult for them to have a reasonable expectation for security with assets on that computer.
So, to continue that medical analogy, I can make the operating room equipment, I can design surgical techniques and I can even train the surgeons. But I cannot make the operating room clean. Ultimately, that is someone else’s responsibility. That is the challenge of the Googles, the Apples and the Microsofts of this world to to make their software a little better, to make it easier to clean the operating room. It is a constant struggle. And it is what makes cybersecurity such a large and lucrative field, because there is always a huge amount of challenges.
Just as an example, recently a Chinese hacker published in our Telegram channels a fake version of our wallet software. And a few unfortunate users downloaded the software, and had their money stolen. Now, my software is fine, it is very secure, it got formal methods and third-party audits behind it, we have the checksums on our website, digitally signed, so you can verify which version IOHK shipped. Yet, some people went ahead and installed this fake software on their computer.
And this is, by the way, why banks exist, and intermediaries exist, they take the risk of custodianship on behalf of the consumer. So, in a way I do not think that cryptocurrencies are going to kill the banks. I think that one of the solutions for cybersecurity problems is trusting third parties to handle these things on your behalf. The difference is, the consumer now actually gets to decide, whereas in the system that we grew up in, it was decided for us, and we just had to accept third-party control. So we are going to live on a spectrum where the more technically astute have total control, and they can do whatever they want, but they also accept the consequences; and the less technically astute will have the ability to delegate to a third party that they trust, and that third party will be able to take care of that risk for them, understanding that they could be subject to failure, just like your bank could fail.
Can you further elaborate on your view on jurisdictions, in particular Crypto Valley?
I helped found Crypto Valley in Switzerland. In fact, Ethereum was the first cryptocurrency company there, we kind of created the whole momentum. It is a good jurisdiction, but it is becoming more diverse. So when you set up a Zug-based foundation, for example, there is probably also going to be some for-profit entity, and that might be in Liechtenstein, or Luxembourg, or Malta. And there might be a US connection, or Guernsey, or Isle of Man. Generally, when you structure these vehicles, for regulatory and tax reasons, it ends up being quite complicated.
The other thing is, you need to think carefully about separation of concerns. When you do an ICO or STO, and you are raising capital for your project, you have various agents within that project. So you have some, for example, who do engineering work and research, some who are going to do business development and marketing, some who are their for regulatory outreach and community management, and these things have to be separated generally to different people and different legal entities, with different financial incentives.
We talked a lot about how blockchain can help inclusion. Can you talk about dangers of exclusion?
Social credit in China is probably the hallmark. Blockchain systems are intrinsically neutral. Unfortunately, that means, while they can do great good, they can also do great harm. In China, there is a lot of desire to take the way you interact with people, your consumer choices, your political choices, and your overall behavior, and assign it a number, your social credit score, and then create consequences from that. That might range from soft consequences like being shamed, to hard consequences like shutting off your money. These system can be programmed in a way that they just stop working for certain people that do not have the right credentials, and the government can be the controller of these credentials. There are already some pretty strong indications from authoritarian regimes, or less democratic regimes, that this is the direction they would like to go in. I absolutely believe that there are many cases of exclusion, and social credit is a phenomenal example of that.
We also have to think about age and competence-based exclusions. My father only got a smart phone last year. So when you start saying we are going to move to this digital money that requires you to understand how public keys and private keys work and all these other complicated things, in some ways it starts to disenfranchise and exclude certain parts of the population. As a consequence of that, these people only get a shallow, surface-level understanding of it, and delegate the nuances to third parties. In the process of that delegation, they might lose a lot of control or privacy, or get scammed.
If you found value in this article, please “clap” (up to 50 times).
This article is part of our Tokyo FinTech Publication, please follow us to read more from our writers, like hundreds of readers do every day. Should you live in Tokyo, or just pass through, please also join our Tokyo FinTech Meetup.
