November 20, 2018

Against Mandatory Arbitration on EOS

Against Mandatory Arbitration on EOS

The EOS community has been working together to produce a referendum contract; that is, a contract that will allow the EOS community to hold public, on-chain vote on any topic. This will allow the EOS community to officially ratify a constitution that serves as a peer-to-peer terms of service agreement for EOS users. This will be the first in a series of articles that dive into the most important topics that the EOS community must consider when building a new constitution.

Intro

Recently, there has been a debate in the EOS community around arbitration, also called dispute resolution. Arbitration is defined as “the hearing and determining of a dispute or the settling of differences between parties by a person or persons chosen or agreed to by them.” In the context of EOS, dispute resolution is a broad concept that refers to any method by which any kind of dispute that may arise between users of the EOS platform is resolved on-chain.

The debate over how dispute resolution on EOS will work is one of the most important, controversial, and confusing topics discussed as the EOS community adopts a new constitution via public referendum.

In this post we will explain the concept of arbitration on EOS and the current state of the debate. We will also make the case that arbitration on EOS should be opt-in rather than mandatory. We will demonstrate why the next version of the EOS constitution should not give special powers to any single global arbitrator, since mandatory arbitration degrades the security, public trust, and social scalability of the EOS blockchain. Finally, we’ll offer a near-term solution to this issue and brainstorm next steps.  

Background

Many blockchains that came before EOS took a “code is law” approach to governance. These blockchains operate under rigid, strictly defined parameters in order to operate in as deterministic a manner as possible without the complexities introduced by human interactions. The advantage to this approach is that it gives users strong guarantees about how the protocol will behave under any given circumstance. The disadvantage is that code is created by humans, and when humans are involved, at some point things inevitably go wrong.

EOS is designed to have a more structured governance process that allows network disputes to be resolved without having to resort to hard forks that fracture the network. EOS has a multi-layered governance stack that includes voting for block producers, voting in general referenda, a network constitution, and arbitration. Different layers may be more or less relevant to different types of governance decisions. Each of these layers is designed to give the protocol more flexibility than the code is law approach. But this governance stack is still being defined and formalized, and it is up to the EOS community to improve these processes and put effective frameworks in place.

In this article, we’ll be focusing on the arbitration layer of governance. Arbitration attempts to answer the question: “how can two entities interact on a blockchain and resolve disputes when the code does not behave as intended?” With arbitration, both parties to an transaction have a mutually agreed-upon third party who is tasked with resolving disputes. While simple in theory, there are many nuances to how arbitration works in practice. We believe specifically that mandatory arbitration degrades the value of the EOS network.

Mandatory Arbitration vs. Opt-in Arbitration

The EOS community is debating two paths forward: opt-in (or application-layer) arbitration, and mandatory (also called default, or base-layer) arbitration.

All arbitration requires that two parties agree to an arbitrator prior to there being a dispute. The debate between opt-in arbitration and mandatory arbitration is simple— should all users be bound to a system-level arbitrator or should users have to opt into arbitration? In other words, should there be a single arbitrator of last resort for all EOS users, or should many different arbitrators exist, giving users the option of any of these arbitrators or no arbitrator at all?

Opt-in arbitration would work by allowing EOS users to choose any arbitrator to mediate their interactions. Importantly, however, these agreements would happen on a contract by contract basis and can be handled in any number of different ways, depending on the specifics of the situation. No user of EOS would be required to use an arbitrator, but users who choose not to do so would have to accept the risks associated with their interactions on the blockchain. This approach would allow users to be completely self-sovereign but would also offer the option of arbitration for those that wanted it.

So how would opt-in arbitration work in practice? If Alice and Bob enter into a contract, they can both agree that a neutral third party (Carol) can arbitrate in the event of a dispute. Alternatively, if Alice and Bob don’t want to agree on an arbitrator ahead of time, they can specify in the contract that they must mutually agree on an arbitrator in the event of dispute. When a dispute occurs, the decision falls on the arbitrator, who can address the specifics of the case without requiring outside involvement. In some cases, arbitrators can even structure smart contracts, multi-sig key management, and account permissions in such a way that allows arbitration decisions to be enforced programmatically. Different arbitrators, some specializing in certain kinds of disputes or in certain jurisdictions, will compete in a free market for business from EOS users. We expect that arbitrators will emerge that specialize in different verticals— gaming, financial services, enterprise agreements, etc. Just as businesses today choose different jurisdictions in which to incorporate, so too will EOS users and businesses built on EOS choose different arbitrators based on specific use cases.

Mandatory arbitration, on the other hand, refers to the use of a default arbitrator, specified in the constitution, for every interaction that takes place on the blockchain. The idea of a network constitution was first introduced in the EOSIO whitepaper, described as a “peer-to-peer terms of service agreement.” This serves as a document and Ricardian contract that defines

the governance processes of the network. The EOS mainnet launched in June with a temporary constitution designed to serve as an interim solution until a public on-chain vote could be held to ratify an official version. This current interim EOS constitution defaults to base-layer arbitration, with ECAF acting as the default arbitrator. In this setup, users do not have the option to opt out of arbitration, and they can’t use EOS unless they agree to the default arbitrator. In the case of a dispute, users can file a case with ECAF, and all EOS users are bound by ECAF’s decisions.

At Aurora EOS, we believe that the EOS platform should offer users the option to use an arbitrator but should not include any arbitrator by default. We believe that the inclusion of a base layer arbitrator is a grave mistake that does far more harm than good. Below, we outline the reasons why.

  • Mandatory Arbitration Breaks the DPOS Security Model

EOS is powered by delegated proof of stake (DPOS), the consensus algorithm that allows token holders to elect the network’s validator set. In DPOS, many independent companies located all over the world compete to earn the approval of EOS token holders, and thus the privilege of serving as a block producer. They are elected into semi-trusted positions within the network, but there are direct, enforceable, and effective checks on their power that both limit the amount of damage they can do if they act maliciously and also keep them highly accountable and incentivized to act honestly. If a block producer is malicious or acts against the best interest of the community, they can be voted out and replaced by another standby BP. They risk losing not only their public reputation but also their future income stream. This is a core part of the security model of DPOS.

Public blockchains like the EOS mainnet are explicitly designed to be decentralized. While there is no single definition or quantifiable metric to measure decentralization, one way to conceptualize decentralization is to eliminate the reliance on any single individual or entity. DPOS does this by rotating block production equally among 21 entities at any given time, giving token holders the ability to control who is in those positions, and incentivizing BPs to act as standbys (there are currently more than 60 standby BPs that’re being paid by the protocol in case anything happens to any of the top 21 BPs). The network is designed to withstand any one entity behaving maliciously; if any single BP attempts to harm the network, the effects are negligible. BPs are subject to their constituents, token holders, in a perpetual, 24/7 election. Token holders are the owners of the network. They are in control collectively, but no single party has complete power or influence to make decisions.

Mandatory arbitration, instead of eliminating reliance on any single entity, creates such reliance. In fact, it gives sweeping decision-making power to a single entity, the default arbitrator, within the EOS ecosystem without any checks or restrictions on that power.

Proponents of base layer arbitration argue that block producers provide a check on the power of the arbitrators, since it is ultimately up to the BPs to enforce any arbitration decision. But this argument undermines the entire point of a constitution! If BPs are constitutionally bound to an arbitrator, they should not question that arbitrator’s decision. This is key to the separation of powers in the EOS system.

DPOS creates a system of distributed trust that gives very limited power to a diverse set of entities in order to create a system that is global, permissionless, and doesn’t give outsized power or influence to any individual entity. The inclusion of an arbitrator at the base layer of EOS violates the most fundamental tenet of decentralized systems.

  • Mandatory Arbitration Undermines the Legitimacy of EOS as a Public Blockchain

In order to be successful, blockchains need to provide certain levels of assurance for their users. Users need to know that their property is self-sovereign— that it cannot be confiscated by any third party. Arbitration, as it currently stands, is a feature unique to the EOS blockchain. Although it has been used successfully to protect users from malicious attacks, it creates a massive liability for the vast majority of token holders. Users should be able to agree to 100% final, non-reversible transactions. With the presence of a base-layer arbitrator, this is impossible.

Blockchain tokens are bearer instruments. Even with all of the unique features of EOS, the protocol is still powered by public key cryptography, meaning private keys act as definitive proof of ownership. This is important because that is the only way for the protocol to objectively verify ownership. Any other way of defining ownership naturally requires off-chain, subjective interpretations (like those given by ECAF), and thus undermines property rights on EOS. If a blockchain cannot objectively determine ownership at the protocol level, then it will introduce dangerous levels of subjectivity that ultimately cause the entire project to break down.

We do not believe that the goal for all blockchain systems is to entirely eliminate the need for subjectivity and trust in the world. We know that there is room for these things, but they can’t exist at the protocol layer because blockchains as designed to have objective consensus and state transition rules. If these protocols can’t rely on objective criteria like public/private key cryptography at the base layer, then they won’t function at scale. Systems that require trust and subjectivity should exist on top of these protocols, either at the dApp layer or as services offered by third parties. The important thing is that users have a choice of whether or not to use these services and the risk/reward tradeoff that comes with that decision.

  • Mandatory Arbitration Doesn’t Scale

Even if EOS token holders were to agree to mandatory arbitration specified in the constitution, this setup faces massive practical challenges. Base-layer arbitration is by definition global, which means that it must scale to support 7B people. It is entirely unreasonable to expect a single arbitration body to operate at this scale, especially given the massive diversity contained therein (different cultures, timezones, languages, etc). Arbitration requires decisions to be made about individual disputes, which are inherently local, and not global, in scope.

EOS launched less than 6 months ago, and the EOS community is still relatively small. ECAF has already become inundated with cases and has suffered from lack of proper funding. To have a single arbitration body dealing with cases ranging from petty theft of small accounts to multi-million dollar contract disputes is simply not feasible. In order to avoid these complications, a base layer arbitrator must limit the scope of its services, which makes it inherently less effective.

ECAF, the current base-layer arbitrator, has no business model. Thus far, it has relied on donations and small fees charged to those filing disputes. Mandatory arbitration specifies a single party that is ultimately responsible for disputes but does not offer a business model to fund such an entity (which would need to operate at significant scale). There should be no single arbitrator put into a privileged position. Arbitrators, like all other businesses built on top of EOS, should compete on the open market to create a business model that attracts customers and funds their operations. With mandatory base-layer arbitration, this is impossible.   

Finally, because the EOS base layer arbitrator is so backlogged, its services have become entirely ineffective. Currently, a user must file a claim with ECAF, who must then examine the claim, issue an order to block producers to freeze an account, finalize a decision about the account, and then issue another order to BPs on how to proceed. Recently, months after mainnet launch, ECAF issued its first decision related to a simple case of petty theft. EOS is one of the fastest blockchains in existence. A hacker could easily steal a user’s tokens, send those tokens to an exchange, and cash out of EOS before a base layer arbitrator could even complete step one of the ECAF process. Only with additional tools such as account alerts, transaction delays, and various key permissions can arbitration actually function effectively. It cannot be expected that all users take advantage of these software features, so base layer arbitration simply can’t offer protection to all users of the platform, as it claims to do.

  • Mandatory Arbitration is an Attack Vector

Perhaps the most important reason to oppose mandatory arbitration on EOS is that the existence of such a system creates a singular attack vector for the entire network. EOS, through the use of DPOS, is designed to be resilient to any single entity being compromised, attacked, or becoming malicious. If a single block producer (or even a number of block producers) was attacked, the system would survive because it is designed to withstand such an attack by having distributed control.

A mandatory base-layer arbitrator, on the other hand, is a single entity who, if compromised, could do significant damage to the EOS network. Because a mandatory arbitrator can issue decisions related to ownership and transaction validity, a compromised arbitrator could easily undermine the entire network. And because this style of arbitration is not opt-in, it could potentially affect any and every user of EOS.

Any entity wishing to attack EOS would go after the lowest-hanging fruit— that is, any singular point of failure or control. A mandatory arbitrator specified in the constitution is that point of failure. With opt-in arbitration, EOS no longer has that attack vector. The risk to the EOS network as a whole from mandatory arbitration is much greater than the risk of theft for individual users. In order to bolster the resilience of EOS and to protect it against attacks from sophisticated entities, we should eliminate mandatory arbitration.

Next Steps and Long-Term Solutions

We believe the path forward for the EOS community is to use the decision-making processes enabled by on-chain voting to make gradual improvements to the network. We recognize that the current constitution has many issues, but we also believe that adopting an entirely new constitution is a longer-term process that will involve a number of important issues outside just arbitration.

Given that mandatory arbitration at the base layer of EOS degrades the value of the network and adds significant risk to users, we believe that the first step should be to remove any mandatory arbitrator from the current constitution. As soon as the public referendum software goes live, we will be proposing a vote to remove Article IX from the existing constitution. This would stop any mandatory arbitrator from having authority in EOS without requiring an immediate constitutional overhaul.

We believe that opt-in arbitration will play a pivotal role in the future of business interactions on the EOS blockchain, and we will be publishing future articles outlining how this can be achieved. Opt-in arbitration combined with a number of features unique to EOS, including account permissions and recovery, account alerts, delayed transactions, and more can allow us to make EOS the most user-friendly blockchain in existence. We’ll be highlighting the important work being done by a number of BPs and other independent companies in these areas.  

Looking forward, we believe that the EOS community should work towards adopting an entirely new constitution, taking into account not just arbitration but also many other issues. We will be releasing further blog posts on constitutional topics in the near future.