As the news spotlight moves away from its focus on bitcoin and its spin-offs, and refocuses on the underpinning technology and what it actually means for businesses and all of the participants in the economic fabric, the discussion on the relevancy of Permissioned vs Permissionless Blockchain and Distributed Ledger Technology (DLT) heats up once more.
To summarize and as a quick introduction, Blockchain is essentially a distributed database that allows for potentially complex trust relationships between database users. It works via a distributed network of nodes and users to move any ‘digitalized’ asset from peer to peer (native records or reference records) and validation is done by the majority of nodes (‘mining’; consensus algorithms). By design it doesn’t require an intermediate party (‘authority’) or facilitator to authenticate or to settle and confirm transactions. In essence, the primary question driving Blockchain technology is, ‘do I trust that the data I am using is good and I can rely on it to assess my risk?’
Most have already heard about Blockchain and most likely this is within the context of bitcoin and other cryptocurrency. However, such technology functions in two primary modes:
- Permissionless (or Public): Permissionless Blockchains allow anyone to participate. The transactions are validated and processed by votes / consensus. A vote does not depend on having a prior identity of any kind within the ledger and no pre-existing trust is assumed between participating nodes.
- Permissioned (or Consortium / Private): Permissioned Blockchains restrict access in terms of who can perform various actions on the Blockchain. The transactions are validated and processed by those who are already recognized by the ledger and some level of pre-existing trust is assumed and proven.
Blockchain purists will probably refuse to call the permissioned model ‘Blockchains’ as they tend to consider them just shared or common ledgers. This is the point at which the relevancy tends to escape me as it is a question of definition and common standards that are yet to be set on a practical scale.
The terminology surrounding cryptocurrency and Blockchain is to date still not precise and can be confusing for a lot of people. This is one of the reasons why there are today a number of initiatives to create common terminology and standards even though the standards for the underpinning components already exist (hash, SHA256, etc.). It’s the combination of technologies that make Blockchain unique.
Use Case Angle
To boldly state that Permissioned or Permissionless is better or more important is highly presumptuous. There are an almost unlimited number of use cases that can be put on specialized Blockchains, and there are an almost unlimited number of trust models. To say either one is better or more relevant for that matter is uniquely linked to a specific use case with clear definitions.
In a Permissionless model, creating the required trust requires huge amounts of compute power and the node providing the proof is rewarded for the action (‘miner’). In a Permissioned model, as trust is provided by a cascade / inheritance (via regulator, via contract, etc.), participating nodes can trust the data without the need for compute power. This allows a focus on the process itself, where relevant, via smart contracts.
The choice is therefore part of the design decision itself and what and how you want to achieve the goal. This includes but is not limited to liability angles, operational risk, cost, speed, smart contracts, business process, etc.
Managing Operational Risk for all actors
It is no secret that the purists and some of the actors in the cryptocurrency communities are claiming that their models include self-regulating actions and regulators and therefore governments shouldn’t intervene. I (and many others) however have yet to see the practical implementation of this self-regulating in the context of Permissionless Blockchains. There is a whole plethora of cases where, for example, dodgy ICOs (Initial Coin Offerings) and VCs (Venture Capital) activities illustrate the lack of capability (or in some cases willingness) to arbitrate. That being said, there are many good people in the communities who really believe in the models they are building. However, it has proven difficult to remove those who give any well-intended efforts a bad name.
In a recent blog post the US-based technology firm Post Oak Labs stated something which has stuck with me, “We are still at the eff-you-money stage, in which everyone thinks they are Warren Buffett. The Madoffs will only be revealed during the next protracted downturn”.
Even though some of the use cases with Permissionless Blockchains are mind-blowingly interesting and disruptive for the entire economic and social fabric, it is highly unlikely that they will immediately find their way into the overall business landscape.
This is not only a consequence of regulators and compliancy requirements, but also a direct consequence of how business operators have to know who they work with because of the liability – they need to be able to manage claims and increase their efficiency starting from existing processes. In the financial sector this is visible in the obligations related to AML (Anti-Money Laundering) and KYC (Know Your Customer). These can change over time but the need to know who you are dealing with will most likely not disappear.
One argument the Permissionless Blockchains adepts often state is the need for anonymity. However, looking at how identity can be managed these days (from basic ID services to Self-Sovereign Identity models), including models where the primary actors can only disclose partial identity or even just a referencing ‘fingerprint’, the business future is more likely Permissioned where information is linked and the key actors (or specific attributes of actors) are used to manage the identity.
Compliancy, operational risk, claims, knowing your customer and regulatory requirements are today an essential component of the economic and financial fabric, hence the current focus on permissioned Blockchains and DLT. This may change; however, I do not believe this is going to be happening fast unless there is a ‘magic happens here’ moment which brings new insights on the matter.
As it stands today, the functional and non-functional requirements cannot be left to the permissionless chain in order to self-regulate, certainly when it’s absolutely unclear who has accountability and liability. Consortium and private Blockchains (Permissioned) are currently the expected norm in businesses. Based on the innovations that are available in the field of identity management, it is more likely that a hybrid form with a manageable depth of identity exposure will take the foreground.