Add promotion and protection of decentralization to purposes

[johndillon]

Satoshi didn't create Bitcoin because he wanted another way to pay people over the internet. If that was all he wanted to do, he could have done it via conventional, legal means. Setup some company, hire some lawyers, navigate regulation.

What is special about Bitcoin is that it is a technology, not an organization. As Satoshi said:

Then strong encryption became available to the masses, and trust was no longer required. Data could be secured in a way that was physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter what.

Bitcoin is an idea, expressed in code, and a group of people who chose to accept and value that idea. The Bitcoin idea places as little trust in others as possible, and for what remains, the valid transactions placed into the blockchain, the decision is made by a democratic vote among everyone who possesses hashing power. It is decentralization that makes the Bitcoin idea valuable, and what makes it so fundamentally revolutionary compared to what came before it.

Without decentralization Bitcoin is just another way to pay people over the internet. A Bitcoin where only a select few can participate in that democratic vote is simply not the Bitcoin Satoshi created, and is no different from the centralized systems that came before it.

Anonymity is a key part of true decentralized decision making. Without anonymity you can-not make decisions freely, decisions like what transactions you accept as valid Bitcoins, and what transactions you place into the blocks you mine. It is notable that Satoshi himself wisely decided to use a pseudonym rather than his real identity, allowing him to make choices about Bitcoin free of interference from authorities.

While the blockchain technology will always be public to some degree, we must not promote further encroachment on the ability of individuals to transact and mine with the privacy that they desire, be it fully anonymous, or no privacy at all. User-defined privacy must continue to remain a part of Bitcoin and the Foundation should promote and develop technologies that expand upon the options available, and make the whole spectrum of privacy options easier to access by all users.

Finally, pragmatically speaking, the Foundation has been repeatedly attacked by those who see it as contrary to that decentralized nature of Bitcoin. To some extent those people are right: like it or not the Foundation has a significant amount of control over the direction of Bitcoin by employing Gavin and funding development. There are very real social reasons why that control exists. By making a clear statement of purpose that includes decentralization, the foundation can help meet those concerns.

Of course the Foundation is not Bitcoin. If the Foundation does not support these goals and values, the only honest thing to do is make it clear what goals and values the Foundation does have, so people can make an informed decision about whether they want to support it.

[vessenes]

I think this is an interesting idea. On the downside, decentralization could be super broad. On the up-side, I agree that this is one of the fundamental and unique things about Bitcoin. That said, I'm not sure we can take away from its decentralized nature, whether or not we're promoting that side of things. How would you propose this would change or adjust the Foundation's remit?

[johndillon]

First and foremost, I genuinely do see value in having a statement of the value of decentralization simply to make it clear what the foundation is meant to be and what vision the foundation has for Bitcoin in the future. At the very least it helps dampen conspiracy theories, and provides a standard to hold the foundation to when we look at the decisions it makes. After all the influence of the large doners on the foundation is something where concerns can be expressed genuinely. The foundation does good work, and I have supported you financially in the past.

The people behind Tor like to say the technological architecture is what drives the legal framework Tor operates under. The foundation has a very big influence on the technological direction Bitcoin has simply by funding Gavin, and hopeully in the future other developers. (also the grant process) But look how the idea of the foundation being involved in the development of a trust-free mixer was shot down by legal concerns. Suppose in the future the Zerocoin technology, a proposed way to add provably anonymous and untraceable payments to Bitcoin itself, is developed to the point where inclusion in Bitcoin is feasible. Like it or not, if Gavin remains a core developer, and the foundation opposes that change, it will be much harder Zerocoin to gain the consensus required for inclusion.

The recent uploads of data to the blockchain are another example. How is the foundation going to apply the "promote and protect" bylaw in it's efforts to solve that problem? I saw solutions proposed ranging from "lets all agree on a blacklist of transactions" to clever technological solutions that make such abuse impossible, to even those who don't believe the data uploading was abuse at all. If the foundation didn't see decentralization as valuable I could easily see blacklists maintained by the foundation being promoted as a good solution. Similarly on the legal and advocacy side of things, the foundation can promote such blacklists as a good solution, and promote "responsible" mining that respects blacklists of illegal data, which may in the future be extended to otherwise valid transactions.

Of course with regard to mining Bitcoin does have a very direct challenge to decentralization with regard to the blocksize, and the blocksize is a trade-of between centralization and decentralization. Again, Gavin and the foundation itself has a lot of sway when it comes to navigating that trade-of, and right now it seems that at the very least the statements Gavin has made seem to make it clear that he sees it as acceptable for it to be much more difficult, if not impossible, to operate a full validating node anonymously in the future and by extension participate in Bitcoin fully. As Bitcoin grows, how much decentralization will be sacrificed? The developers do seem to have made the decision that sacrificing decentralization for the sake of tiny micropayments is unacceptable, but what trade-offs are going to be made and what is acceptable? We know that at the extreme VISA scale volumes will result in costs of thousands or even tens of thousands of dollars a month to operate a full validating node. Is that acceptable to the foundation?

Without a clear statement from the foundation about what it thinks Bitcoin should be, I just don't know.

[gavinandresen]

I'll be writing a lot more about the blocksize issue over the next couple of months. In short, I think the concerns about block size leading to centralization are short-sighted and just plain wrong.

RE: this particular pull request: I think it is usually a mistake to try to guess what will happen in the future and be specific. I would support a statement that the Foundation is all about keeping Bitcoin as decentralized as practical, but I think mentioning something like the blocksize or even anonymity in the bylaws is a bad idea. It will just start endless debates about (for example) whether the Foundation should be funding the ZeroCoin researchers RIGHT NOW.

[petertodd]

John's actual pull request, the content of it, isn't really as dramatic as you are implying. He's talking about full participation in Bitcoin, not blocksize. If optimizations allow for a larger blocksize the foundation would be abiding by their bylaws by promoting those optimizations, including promoting changing the blocksize. You're talking about what he's saying in support, not what's actually in the proposed change.

As for anonymity that sounds like a core value to me that should be protected. Maybe it should be a compromise, call it privacy, but the foundation's bylaws should make it clear that they are not going to pursue actions that reduce the level of privacy we can currently obtain.

[gavinandresen]

One last note from me: I'm very tempted to say "Ok, whatever, knock yourselves out." Because it doesn't really matter what the Foundation SAYS, it matters what the Foundation DOES. And in my experience, it is pretty darn easy for an organization to say one thing and do another.

But I probably underestimate the power of lip-service to making people feel comfortable/secure.

[petertodd]

One last note from me: I'm very tempted to say "Ok, whatever, knock yourselves out." Because it doesn't really matter what the Foundation SAYS, it matters what the Foundation DOES. And in my experience, it is pretty darn easy for an organization to say one thing and do another.

So you're saying you think the Foundation would act contrary to any bylaws anyway?

[johndillon]

@gavinandresen Among honorable people the protections offered by things like bylaws are effective because people remain true to their word. I think we all can fully expect the foundation and the developers to behave honorably. Not to say there will not be disagreements, as @vessenes points out, but with bylaws, those disagreements lead to discussions that can't be ignored.

So again, Gavin, explain for us all why you think some bylaws written on some paper will be so ineffective?

If it is because you expect the law will force you to act in ways contrary to them, then let us know you expect that to happen. You have a family, and you should put you and your family first. We may choose to support organizations with better protection from regulation.

If it is because you do not think the foundation has honor, let us know that too. Everyone puts a lot of trust into the dev team to not insert malicious code to steal our coins like StrongCoin did. A tiny flaw in the signing algorithms or random number generation after all could be exploited or a lot of profit, among many things I probably have not thought of, and we all know the review process never works as well as we would like it. Anything that might question our belief in the honor of the foundation and development team is something the whole community should be worried about.

[gavinandresen]

Just cynical, I guess.

Here in the US, we've got the US Constitution-- bylaws for the country. Which, in my humble opinion, is now widely ignored by the people who are supposed to uphold it.

Or take the laws in The Holy Bible, which Christians all over the world decide to interpret differently...

[johndillon]

So again, you are saying you are cynical about the people, including yourself, who are involved with the foundation and don't believe they will conduct themselves honorably?

After all, you are basically saying if the foundation's stated purpose said that the foundation would do what it can to ensure that Bitcoin stays decentralized, whatever that may entail, you think you and other foundation employees would simply ignore those that purpose anyway?

[MagicalTux]

Sorry if I am a bit late here. Let me put some stuff I've been thinking while reading all the comments here.

First, I'd like to say that solutions such as Zerocoin have no value in terms of anonymity. We had experience here at MtGox from back in 2011 of tracking with the help of German police a group of Russian (or ex-USSR country) mafia fraudsters stealing German bank accounts and laundering Bitcoins by moving said coins to wallet services that would mix coins and make it impossible to trace coins, resulting in the same visibility Zerocoin is supposed to provide, and this didn't stop law enforcement from tracing the actual funds. To be quite honest, those guys are used to see funds being moved around as cash, split by mules and laundered over time. Moving cash out that way is the same as hiding the origin and destination of funds, and because of that Zerocoin, while an interesting experiment, does not accomplish what people would expect from it (ie. actual anonymous transactions), but indeed increases the hurdle to trace transactions.

This said, I fail to see how making Bitcoin transactions anonymous helps in any way decentralization. I do see, however, how it could put a negative light on Bitcoin at the current stage where things are still kind of new. Bitcoin is already by itself "quite" anonymous (ie. knowing who is behind a specific transaction is non trivial), and pushing things anymore than that would attract a lot more bad guys, resulting in a lot of bad press and more difficulties to see new Bitcoin businesses (in terms of exchanges for example, you can just see how hard it is already to get a bank to accept to work with you). The main risk I see here is that the effect of going too far on the anonymous part could actually reduce decentralization, and cause some markets (mostly exchanges and payment processors, as this kind of business also needs to respond to laws and regulations) to lose in diversity.

Now, if the foundation is to adopt promotion and protection of decentralization, I have no problem with that. I do believe that "diversification" may be a better wording than "decentralization", as just having multiple similar copies of the same concept in different places (or in some cases of the same sourcecode too) could just result in all said copies to fail due to the same cause at the same time, removing any advantage gained by decentralization.

I also agree with the fact that technical aspects of Bitcoin do not fit within the bylaws of the Foundation.

[johndillon]

Zerocoin is the real deal. It is an implementation of chaum tokens in a decentralized blockchain, so funds coming out of the Zerocoin system have absolutely no links what-so-ever to the funds that went into Zerocoin. All that can be found out is when transactions were made, and all the coins that entered or left Zerocoin from all users. If it catches on it will provide the anonymity the mixers you refer to failed to provide. It is too resource intensive to implement currently, but math improves over time.

It seems to me the bigger issue is that the Foundation is run by people who will not or can not support anonymity, so if that is the case the Foundation needs to be honest with the public about the fact that it will not make Bitcoin more anonymous, and may block efforts to do so by others or take actions that even reduce what anonymity is possible with Bitcoin presently.

As for decentralization that is easily defined. Bitcoin works when everyone can participate in it fully and everyone can be part of the voting process by which transactions are put into the blockchain. The word 'decentralization' covers that goal just fine and matches the well understood meaning of that term legally and technically.

[petertodd]

This said, I fail to see how making Bitcoin transactions anonymous helps in any way decentralization. [...] The main risk I see here is that the effect of going too far on the anonymous part could actually reduce decentralization, and cause some markets (mostly exchanges and payment processors, as this kind of business also needs to respond to laws and regulations) to lose in diversity.

The type of "decentralization" where everything is publicly known and you have no choice but to act in accordance with the wishes of the government, or find yourself thrown in jail, is exactly how the current banking system works. The United States is an excellent example actually as the US has hundreds, even thousands, of banks large and small all over the country. It is a highly distributed system, so much so that many economists criticize the US banking system as being inefficient, but is is not at all decentralized. Every last one of those banks operates out in the open and because of that they all have to follow the wishes of the US government, a single central institution.

A Bitcoin where every participant has no choice but to have their actions public is no different.

[vessenes]

I wanted to update this pull request with some thoughts, post Bitcoin2013. I've always liked the decentralized nature of Bitcoin, but I now believe much more strongly in how important decentralization is to its eventual success.

So, at the very least, as a board member, you'll have me pushing to make sure we help it stay decentralized whenever that vote means much toward the outcome.

There are two viewpoints out there about this as far as I can see from the "decentralization = good" camp. One is that it's naturally decentralized, and therefore, you don't need to worry too much about attackers / burdens on it, it will just route around the damage and keep up.

The other is that this decentralization needs to be actively protected, and that there are many large forces which could push it to centralization, and therefore remove much of its value to society.

I have personally shifted significantly to the second viewpoint in the last few months as I've mulled this over -- I think there are real scenarios in which centralization could cause a major setback for Bitcoin at the very least. One of the things that I think many reactionaries on the bitcointalk forums don't understand is that much of the value that's been added to the ecosystem in the last two years has come from specific, concerted investment of time, money and social capital into Bitcoin.

I don't want us to lose the benefits of that investment, something that would happen if there were a large hard fork which put say bitpay, the exchanges and coinbase on one side, and a bunch of new wave post-hard-fork companies without investors on the other. So, to my mind, it's in the best interests of the community as a whole to work together and keep pushing forward while we keep our eye on great outcomes for everyone.

Now, that said, do I think we should add decentralization to the Foundation's goals? I don't know. I think we should at least be talking about it as a policy item. One of the nice parts about having multiple representatives is they all bring their own perspective, and I don't know that I think my perspective should be exactly shared by the board or put on the Foundation's lifetime mission statement. But, I bet we'll be discussing it!

[petertodd]

I think it's a mistake assume the players in a hard fork are just companies and their investors. I remember at the conference how I was practically mobbed by a half-dozen Argentinian investors with decentralization on their mind, and right now the analytics for my video on the blocksize limit (http://www.youtube.com/watch?v=cZp7UGgBR0I) show that the audience with the most engagement (minutes watched/view, shares etc.) with the video is countries like Argentinia, China, Malasia, Mexico, South Africa. These are all places where cultural and language barriers make it hard for us to get visibility into what values the Bitcoin community there have, and one of them, China, is currently undergoing an explosion of interest in Bitcoin.

Perhaps the best estimate I can get is from how about $500,000 USD worth of Bitcoins are created by miners every day, yet the price of a Bitcoin keeps rising. That's a cost of $12 per blockchain transaction and it indicates that there is a huge community just holding onto their Bitcoins because they believe in the potential of Bitcoin as a decentralized asset.

If a hard-fork happened tomorrow over decentralization, we could easily lose that huge community, yet it's easy to walk into that situation blindly because that community isn't the most vocal and publicly visible part of Bitcoin. I'm sure those post-hard-fork companies that stayed on the more decentralized system would find a way to raise capital eventually and build the systems they need to on a decentralized system - the demand is obviously there - but public trust in the system would be badly shaken.

Building decentralized systems is always harder than building centralized ones, and in Bitcoin there will always be technical trade-offs between what's easy, and what's decentralized. There will always be debate about the specifics of technology, but we will be much better off if we can at least agree on the goals.

Here's a concrete example of how a specific decentralization goal in the bylaws could play out: http://www.coinbox.me/

We had to ban microtransactions worth less than $0.01 from Bitcoin recently because the resource requirements of them are just too much to accommodate in a decentralized system. I haven't tried the service yet, or spoken to the people running it, but it sounds like CoinBox is an off-chain micropayment processor that works with sites making tiny payments to conglomerate multiple such payments into one efficient transaction that can be accommodated on Bitcoin.

This is a perfect example where the foundation can meet the goal of decentralization as well as the other existing purposes in the bylaws by working to standardize the technology these kinds of services use to enable interoporability, and to protect Bitcoin and it's users by ensuring these standards include appropriate auditing and fraud protection mechanisms. Beyond technology the foundation can use it's legal and political resources to ensure that the use of these technologies is legal and users are not forced into using Bitcoin in ways that harm the overall system due to legal issues. (note jdillon's rather less diplomatic take on the issue: https://bitcointalk.org/index.php?topic=221111.msg2368936#msg2368936) The two efforts go hand in hand: appropriate auditing and fraud prevention technology reduces the political pressure to heavily regulate the services in the first place.

I'll give another concrete example, this time with regard to privacy and anonymity: http://www.wired.com/wiredenterprise/2013/06/bitcoin_retai/

The fact that Bitcoin blockchain transactions are always publicly visible poses very real privacy risks, and as the article shows ordinary law-abiding companies and citizens have very good reasons to want to protect their privacy. Right now it's unclear if Foodlers practice of manually mixing their funds around a bit violates anti-structuring laws - a legal analysis would be good to have the foundation do in the short term.

Longer term trust-free mixing technology and some types of off-chain transactions protects and promotes Bitcoin by alleviating that concern among companies who want to adopt Bitcoin. In addition by standardizing the technologies we can also make it easier for those using them to keep accurate records for the purposes of audits so they can securely and accurately reveal transaction information when required to the entities that require it, rather than insecurely revealing that information to the whole world.

[vessenes]

There's a lot to respond to here, but I would draw out one particular thread that I think is important, especially for Americans to consider -- when we say Argentinians or people in Zimbabwe pre-crash deserved / needed a decentralized system for value and spending, we sort of imagine poor fiscal policy impacting men and women on the street. Central bankers / Fiscal policy / Money controls screwing whole populations.

That's important, and it's one of the reasons Bitcoin matters. However, those central bankers in Zim say would probably not see it the same way; sounds like money laundering to them, or at least an imposition on national sovereignty. That's why I think it's important that the Foundation do the sort of stuff you're suggesting Peter, first in America since American money laundering policy is enforced and respected globally, and secondarily around the world.

At the same time, we need these other efforts from all parties working together to make sure we can all hammer out a good system. Post-hard-fork Bitcoin would be significantly less valuable to those who have to contend with regulators saying "But why aren't you using the version for good guys we approved?" I think it's this sort of advocacy that's really important, analagous to advocating for the right to encrypt e-mails, or even just use cash for transactions -- an advocacy that can hold up real use cases and examples that regulators and legislators respond to and understand and care about with an eye toward making sure there aren't causes for a hard fork.

OK, enough speechifying. :)

[petertodd]

While we're talking about "forks" keep in mind that there are a lot of technical changes that we can make to Bitcoin that enable really interesting methods for improving scalability, decentralization and privacy; here's an example: https://bitcointalk.org/index.php?topic=175156.msg2390570#msg2390570 In that example the changes required are a relatively minimal "soft" fork that only needs miners to implement them rather than all Bitcoin users.

@vessenes By a "hard fork" are you are talking about situations where governments would demand changes to how Bitcoin works, for instance the ability to change the inflation rate or freeze transactions?

[petertodd]

I should point out too that even in the existing Bitcoin system subsets of users can easily choose to use Bitcoin in ways that meet government demands for the ability to do things like freeze transaction on demand, and implementing those systems is even easier if we make the changes needed to the scripting system for advanced micro-transaction systems like the example I linked.

Being able to tell governments that their citizens can choose to use Bitcoin in ways that enforce local laws, while still allowing other Bitcoin users to ignore those restrictions and/or choose to abide to different ones, may be a valuable compromise. The freedom to choose to restrict your own freedom is a freedom in of itself.

[vessenes]

Re: opting in, I completely agree. This ties in with how I think of Bitcoin, protocol layer for money on the Internet. A protocol layer can be used in accordance with local laws and regulations, or not, a-la http for copyright infringement, or just sending a note to a friend, or browsing whitehouse.gov. It's not sane, sensible, or likely to be effective to legislate protocol-layer changes. All you will do is push people over to a copy of the protocol layer that they wish to use, especially because protocols are global things, not national things; no regulatory authority is going to be able to successfully claim a global mandate on a protocol.

I do imagine that it's the task of companies (and I would suggest also individuals) to create viable scenarios and tools for using Bitcoin in a way that regulatory authorities are comfortable with. If the community refuses to do this, (again, it's an open protocol, hard to understand how 'refusal' would work), I believe the overall utility of Bitcoin is massively reduced for all players, whether or not they wish to opt in.

Anyway, my imagined hard fork scenario is one in which the community is unsuccessful at navigating this path together, and instead embarks on radically different directions. I don't think we're in danger of that, although I expect vigorous debate to continue, usually great, sometimes tiring. :)

[johndillon]

@vessenes I'll admit at first I thought the idea of pacifying regulators by restricting ones-self to using Bitcoin in specific ways, especially with the scripting system itself, seemed utterly ridiculous until I realized that at a technical level the idea was no different from @petertodd's ideas for creating trust in anonymous third-parties through punishment of fraud. In both cases you are restricting your freedom, possibly voluntarily, to satisfy a third party. Reluctantly I will support it.

But again, it speaks to how important it is for us to keep Bitcoin itself decentralized. Such mechanisms may be valuable, but they are also dangerous when the core of Bitcoin itself has been co-opted. A system consisting of multiple layers can only be as decentralized as the lowest layer.

[mikegogulski]

ACK, though the new text needs a wee bit of clean-up (e.g. "Transact on their Own Terms" is a verb, where the heading should be a noun as in "Purposes").

[johndillon]

@mikegogulski What exactly do you think the wording should be? I'm open to suggestions.

[pmlaw]

@mikegogulski I agree the text could use some polishing but FWIW I think this is an important addition. We are at a point where we must start drawing lines in the sand on things that the Foundation must stand for if Bitcoin is going to retain its real value to society and not be co-opted.

I would frame it this way:

"Section 2.2 The Corporation shall promote and protect both the decentralized, distributed and private nature of the Bitcoin distributed-digital currency and transaction system as well as individual choice and financial privacy when using such systems. The Corporation shall further require that any distributed-digital currency falling within the ambit of the Corporation's purpose be decentralized, distributed and private and that it support individual choice and financial privacy."

Thoughts, improvements?

[petertodd]

@pmlaw I like your version more than jdillon's, both for the appropriate level of detail for a legal document, and for how it makes clear that those same goals apply to any distributed digital currency the foundation should be involved with.

With regard to the level of detail, everyone here should keep in mind that it'd be very easy for a future currency or technology to challenge those terms even if the tech is arguably a good idea. For instance suppose remote attestation capable trusted hardware becomes usable - you can build a very useful crypto-currency system on top of such hardware, even if arguably the hardware itself is a point of centralization. But what's important isn't for the language to capture every possible case as though it's some kind of computer program, what's important is for the language to opens the door to discussion about whether or not something the foundation is doing meets the broader goals of "decentralized, distributed and private" and it ensures that everyone involved can't simply ignore such concerns as unimportant.

[johndillon]

@pmlaw Looks reasonable.

Rather than "individual choice and financial privacy" let's say "individual choice, individual participation, and financial privacy" Exactly what individual participation means in any given case will of course be up for debate, as @petertodd suggests with regard to the level of ambiguity and general purpose of legal writing, but it leaves opens the possibility of discussion in much the same way I intended originally.

After all, in the specific case of blocksize, individual participation can mean equally "small blocksize or small fees", but what matters is for us to have that conversation. To apply, as an example, those terms to the the proof-of-stake voting protocol I proposed (https://bitcointalk.org/index.php?topic=230864.0) the discussion can be about how choice and participation come into play in a vote, all perfectly good things to talk about and resolve.

On the other hand, saying "Let's make Gavin decide" is much harder to defend against those terms, and I'm sure @gavinandresen would be quite happy to be able to say that in addition to a dozen other good reasons the terms of the foundation bylaws don't even say that's an acceptable way of making a decision.

In any case the recent legal action from California accusing the Foundation of being a money transmitter shows how it is a good thing to be able to say that the foundation bylaws themselves do not allow the foundation to be involved in crypto-currencies that are not decentralized, thus providing yet another argument that there is no payment system or currency of any kind under the Foundation's control.

[pmlaw]

@petertodd Thanks, and I agree that the language is a jumping off point for interpretation.

@johndillon Thanks, it seems to me that the term "distributed" encompasses the ideal you are expressing in "individual participation". Am I missing something?

[mikegogulski]

@pmlaw I like your wording. A lot.

I'm looking at the words "decentralized" and "distributed" as a sort of belt-and-suspenders approach to the concept, which is in turn supported by individual participation. To have a resilient, open system which serves everyone, the ability to participate individually must be preserved in a meaningful and pointed fashion.

To give a hyperbolic counterexample of an edge case to be avoided, and why the above is important, imagine a commit submitted to bitcoind/bitcoin-qt which, if accepted, was seen as requiring all full nodes to have at least 1 exabyte of disk storage and 1 TB of RAM by the end of the year, or be unable to continue participating as full nodes. Such a commit should be rejected, and the Bitcoin Foundation should be a vehicle to oppose the adoption of such a change, on the grounds that it would militate against individual participation: My notebook is maxed out at 8GB of RAM, and there's no way I can afford an exabyte of anything.

If the exabyte/terabyte change was accepted, the system could still remain decentralized and distributed, but only among very wealthy actors. We specifically require the ability to participate individually because the decentralization and distribution MUST BE AS BROAD AS POSSIBLE.

Hopefully I'm making myself clear with this bit. I'll drop another bit into another note after this one.

[mikegogulski]

@pmlaw To the other matter I hope address. I believe that the Bitcoin Foundation should also promote and defend individual participation and individual choice, down to the level of the protocol and up through the code of the reference implementation, and at the very least establish a position of strong opposition to any who would move in the other direction.

To again use a hyperbolic example: Imagine that the nice lady from FinCEN comes around to all the US-citizen-and/or-resident core developers with a secret order from a secret court, and demands that they implement something objectionable: government key escrow a la the late Clipper chip, mandatory transaction geotagging, some auditability requirement which goes above the simple shared transaction ledger we have today.

In such a case, the ideal Foundation would bind its members to inform the Board of the order and refuse cooperation with the bogus order, or immediately disassociate itself. Such Foundation would also, upon noting the introduction of code changes leading to capabilities such as above, expel any member involved in the work, withdraw all support of such ex-member, and denounce the work in the strongest possible manner.

[vessenes]

Mike, I'm glad to see you engaging here!

The National Security Letter scenario is an interesting one. Since we don't have access to any more data than anyone else, it would probably be of limited effectiveness, perhaps a-la the random number generation vulnerability route in OpenBSD (did I remember my crypto history correctly there?)

I'm trying to parse out a scenario in which at the very least it would be breaking international law to add backdoors knowingly. One possibility would be working to ensure the core dev team is working in a variety of international jurisdictions, or that there's a consensus commit model from the core dev team, but there are a lot of question marks in my plan like that, for sure, it's just the germ of an idea.

When we talk about industry centralization, it's I think fairly easy to parse out what to do. When we talk about paranoid (but perhaps not totally paranoid) secret government requirements, it becomes much harder to work out a good protocol, I think.

That said, I take comfort in having members of the core dev team around the world, and people trying to break things who keep constant watch on the code. It matters a lot for my own peace of mind. I'm not sure that the biggest worry now should be this NSL angle. The bitcoin code base has to be one of the most watched and analyzed open source codebases in the world, if the highly sophisticated attacks against exchanges we see are any indication.

[pmlaw]

@mikegogulski @johndillon I see your point now about the distinction between distributed and individual participation. Let me tweak my draft to reflect these concerns.

[pmlaw]

@mikegogulski @johndillon

Revised text below:

"Section 2.2 The Corporation shall promote and protect both the decentralized, distributed and private nature of the Bitcoin distributed-digital currency and transaction system as well as individual choice, participation and financial privacy when using such systems. The Corporation shall further require that any distributed-digital currency falling within the ambit of the Corporation's purpose be decentralized, distributed and private and that it support individual choice, participation and financial privacy."

Note the inclusion of individual participation.

Does this address your concerns?

For what it's worth, I think we can all agree that adding a CALEA-like backdoor into the bitcoin protocol is a non-starter.

[petertodd]

@pmlaw Looks good to me. Might be worth making it clear that the foundation expects the same values from organizations it partners with, thoughts?

@vessenes A good example of a case where a software project was forced to add a backdoor by legal action was the Java Anonymous Proxy software for browsing the web anonymously. The German government obtained a warrant to force proxy operators to add logging of a specific target to de-anonymize that target, and at the same time they forced the JAP developers to add a feature enabling that logging to the software itself in secret. In this case what they had done so was figured out very quickly, but the added code was done in a fairly obtrusive way and was substantial; a different approach wouldn't have been so easily detected.

Sure you can blow the whistle on this stuff, even anonymously, but frankly it's just not fair to expect developers with families to face prison to do so. Some developers have said they would publicly quit working on Bitcoin in that event, but a secret order forcing you to do something can just as easily force you to continue working on Bitcoin to avoid raising the alarm, or for that matter force you to give up your passwords and PGP keys so that government agents can do so on your behalf.

But the question to ask is why would the government bother taking such drastic steps? Bitcoin already has terrible privacy and security. Most people knows the blockchain records every transaction, but what few realize is that we also don't encrypt node-to-node communications, allowing the NSA's passive listening capabilities to get very good data on where every transaction originated. Bitcoin itself supports running it over Tor, but all the alternate clients make doing so difficult, with the exception of web-wallets. Privacy for SPV nodes, like the alternate client multibit or the android wallet, is especially bad because when they make a transaction it's clear where the transaction came from. As for resistance to shutdown currently it'd take around 200 or so well distributed IP addresses and not all that much bandwidth to make it impossible to use a SPV client, and likely that effort would be enough to make the overall Bitcoin network collapse in the short run. We've got countermeasures, but they aren't very good, and fundamentally for SPV clients an attacker only need to outspend whatever limited resource the sum of all SPV client users are willing to spend to connect to the network - a figure likely in the range of what a bored semi-wealthy individual can afford. All-in-all a CALEA-like backdoor wouldn't change as much as you might think; about the only thing we do well is make it hard for the government to confiscate your coins, and @vessenes is quite right in saying a subtle RNG change could break that. (you did get your history right BTW)

I think our main risk isn't so much efforts to plant subversive code in Bitcoin, it's efforts to prevent Bitcoin from being made better. Not to say subversive code isn't a risk - the idea that Bitcoin is one of "the most watched and analyzed open source codebases in the world" is either wrong or shows how poor review is everywhere considering the bugs we keep on finding - but when things are this bad already why should the government tip their hand if you don't have too? For instance we can add node-to-node encryption, we can add technologies to automatically mix coins together to greatly improve privacy, (or create provably privacy with zerocoin), we can keep Bitcoin accessible to a wide range of users, and every last one of those improvements can just as easily be discouraged or blocked by the same people who would try to put subversive code into the codebase using not dissimilar methods.

Bylaws aren't magic, but they help you say, if needed, "The Bitcoin Foundation hasn't done x, y, and z, yet they are all things they should be doing and could be doing." with the result of either forcing the foundation to change, or removing the monetary and developer support through community outcry. It will result in some messy situations because it's hard to determine if an idea is being rejected due to subversion or because technically it doesn't work, (zerocoin) but it's the best we can do at the legal level, and does keep the legal and political activities of the foundation pointed in the right direction.

[johndillon]

@pmlaw Your new text addresses my concerns. I'll update my pull-req with it if there aren't objections.

@petertodd Good analysis. A topic for a different venue, but I and my partners would be willing to put some funds towards getting some of these fixes required. Node-to-node SSL might be a good one for modularity, and hopefully a small investment could get a prototype implementation kick-started..

[pmlaw]

@johndillon Great. I will make sure this is on the agenda for our next Board meeting.

[pmlaw]

@petertodd

"Might be worth making it clear that the foundation expects the same values from organizations it partners with, thoughts?"

It may be worth discussing further in the context of core principles that we'd like our member's to adhere to, but likely outside the scope of the by-laws.

I agree with @johndillon that there is a lot of great discussion happening here that I'd like to see continue. Maybe in the Member's forum?

[johndillon]

@pmlaw I've changed section 2.2 to use your suggested revised text. To preserve continuity in the discussion I added it as a second commit, leaving my first version intact in the revision history. (the usual practice in programming source code would be to "rebase" the commit so that automated tests work, but here that would result in throwing away the history of the discussion which IMO is undesirable here)

Keeping our requirements for a relationship with other organizations out of the bylaws sounds reasonable to me. Building bridges is often a good strategy, and we do not want to limit our ability to do so. Second 2.2 by itself should be enough to keep the goal of partnerships in line with the overall goals of the foundation.

[pmlaw]

@johndillon Thanks! This will be voted on at the next Board meeting currently scheduled for August 12. I don't want to speculate on the outcome but I will lend this my support (whatever that's worth).

Also, thanks for preserving this discussion.

[petertodd]

@johndillon ACK - good idea re: the second commit too. I wonder if there's a way to dump the github discussion to an archive?

@pmlaw Good to hear.

[johndillon]

@pmlaw Your support is much appreciated.

[petertodd]

FWIW if you are reading this I've been told the vote was to accept this pull-req; dunno why it hasn't actually been merged yet but it did go through.