Why is the moral hazard of blockchain so high?

Author: Reid Blackman

Original Title: “Why Blockchain's Ethical Stakes Are So High”

Translation: MK, Chain Catcher

If I send you Bitcoin, this transaction will be recorded simultaneously on more than 12,000 computers, servers, and other devices running Bitcoin. Everyone on the chain can see this transaction, and no one can change or delete it. Alternatively, you could send me a non-fungible token (NFT) on the Ethereum blockchain, and the transaction would also be recorded on all computers (also known as "nodes") running Ethereum. These two examples roughly explain what blockchain technology is: a method of maintaining immutable transaction records across multiple computers. This way, a new transaction cannot be recorded on just one computer without being simultaneously recorded on all other computers. The applications of blockchain have far exceeded cryptocurrencies and NFTs, as governments and industries—from healthcare to agriculture to supply chain operations—are leveraging the technology to enhance efficiency, security, and trust.

The core functionalities of blockchain are highly attractive, but they are a double-edged sword, opening new avenues for organizations and their stakeholders to face ethical, reputational, legal, and economic risks. In this article, I identify four of these risks: lack of third-party protection, invasion of privacy, zero-state issues, and poor governance. For each risk, I outline the responsibilities of two key actors in managing blockchain decisions and regulations: developers (those who design and develop blockchain technology and applications running on it) and enterprise users (organizations using blockchain solutions or advising clients who use these solutions).

Lack of Third-Party Protection

Cost-effective third-party intermediaries, such as banks, are often seen as the optimal choice for doing business, and while the worst-case scenario can be predatory, they do play a crucial role in safeguarding customer interests. For example, banks have complex methods for detecting the activities of malicious actors, and consumers can dispute fraudulent transactions and scams on their credit cards.

What Developers Must Consider. Developers need to consider the types of protective services that third parties provide to stakeholders and then design a decentralized way to offer those protections. If this is not possible, developers must inform stakeholders that the technology lacks the protections they are accustomed to. Developers may even decide not to develop the application if the risks to users are too high.

What Users Must Consider. Users need to understand the risks of operating without these safeguards for themselves and for those they represent (the clients they advise, the patients they care for, the citizens whose rights they protect). They must be transparent about the risks and obtain meaningful informed consent from those they serve. They should also explore non-blockchain solutions that could fill the gaps.

Lack of Privacy

The most popular blockchains, Bitcoin and Ethereum, are public. Known for their transparency and accessibility, anyone can view, add to, and audit the entire contents of the chain. However, if transparency poses a serious threat to user privacy, private chains may be necessary. For example, Nebula Genomics uses private blockchain technology to give patients "full control" over their genomic data.

Blockchains may contain some information that users should see but others should not; in such cases, a hybrid approach may be needed, where private and public chains interact. For instance, electronic health records contain highly sensitive data that must be kept confidential, as well as information that should be shared with entities like the Centers for Disease Control and Prevention (CDC) and health insurance providers. Companies like Hashed Health, Equideum Health, and BurstIQ are hybrid blockchains that collect and share biometric information while allowing patients better control over their data.

What Developers Must Consider. Developers need to carefully consider their ethical responsibilities in balancing transparency and privacy, then decide on the applicable public, private, or hybrid chain solutions. An important factor is the likelihood of on-chain members being identified and the ethical consequences that arise from this. Other key decisions include determining who should access what data, under what conditions, and for how long.

What Users Must Consider. Users need to understand not only how transparency affects their own business and those they serve but also must recognize and address the risks of wallet holders (generally serving as authentication mechanisms for web3 users) potentially being identified (including inadvertently exposing their identities).

Zero-State Issues

Zero-state issues arise when the accuracy of the data contained in the blockchain's first block or "genesis block" is called into question. This can happen if due diligence is not properly conducted on the data, or if the person inputting the data makes an error or maliciously alters the information. For example, in a blockchain used to track goods in a supply chain, the first block might incorrectly show that a truck is loaded with copper from one mine when, in fact, the materials come from another mine. Those involved with the truck's contents may have been deceived or bribed along the way, while the creator of the genesis block remains unaware.

However, if we are talking about blood diamonds or property, the ethical stakes are heightened. If the government creates a blockchain as a database for land registration records, and the person inputting information into the first block assigns a plot to the wrong owner, serious injustices occur (the land is effectively stolen). Some organizations, like Zcash, have created a highly secure privacy-protecting cryptocurrency and have taken significant efforts to ensure the credibility of their genesis block.

What Developers Must Consider. Developers must carefully verify all data to be included in the genesis block and use best practices to ensure its accurate input. They must also alert users to zero-state issues and disclose how the blockchain may contain false information so that users can assess potential risks and conduct their own due diligence.

What Users Must Consider. Users of the blockchain should review how the genesis block was created and the sources of the data. If the items recorded in the blockchain have historically been targets of fraud, bribery, and hacking, they should diligently ask themselves whether the organization that created the first block is trustworthy. Was the block subject to reliable third-party audits?
Users also need to understand that even if the data in the genesis block and subsequent blocks is accurate and legitimate, malfeasance can still occur. For example, compliant diamonds may be placed on a truck, and the multiple transfers may be accurately recorded on the blockchain, but that does not prevent clever thieves from swapping real diamonds for fake ones during transport. Users must also inform those they serve about zero-state issues, disclose their due diligence on the genesis block, and clarify what protections (if any) have been taken to prevent fraud.

Blockchain Governance

Blockchain technology is described using a series of terms—"decentralized," "permissionless," "autonomous"—which may lead users to make assumptions about governance: for example, they may think it is a utopia for libertarians and anarchists, or that all members have an equal say in how the blockchain operates. In reality, blockchain governance is a very, very complex matter with significant ethical, reputational, legal, and financial implications. The creators of the blockchain decide who has power; how they obtain power; what oversight, if any, is needed; and how decisions are made and operations run. A quick look at two cases, one notorious and one still ongoing, is very enlightening.

The first decentralized autonomous organization (DAO), initially called "The DAO," was a hedge fund running on the Ethereum network. Members had different voting rights based on the amount of capital (specifically, Ether) they contributed to the venture. When the DAO was hacked in 2016, approximately $60 million worth of ETH was drained from the fund, and members took very different ideological stances on how to handle the situation—and whether the hack constituted "theft." One camp argued that the ill-gotten gains obtained by the bad actors exploiting the software vulnerability should be returned to the legitimate owners. Another camp believed the DAO should avoid reversing fraudulent transactions and simply fix the vulnerability to allow Ethereum to continue operating. This camp argued that "code is law," and "blockchain is immutable," thus the hacker acted according to the code and did nothing morally unacceptable. The former camp ultimately prevailed and established a "hard fork" that redirected funds to a recovery address, allowing users to reclaim their investments, effectively rewriting the history of the blockchain.

The second example involves a governance controversy surrounding another DAO—Juno. In February 2021, Juno conducted an "airdrop" (i.e., sending free tokens to community members to encourage participation) within its network. One wallet holder figured out a way to exploit the system and obtained a significant portion of the tokens, valued at over $117 million at the time. In March 2022, a proposal was made to reduce the majority of the tokens held by "whales" (whales are considered holders of Bitcoin worth over $56 million) to what was deemed a fair share of the airdrop. A month later, the proposal was officially passed with 72% of the vote, resulting in the withdrawal of all tokens except for 50,000 held by whales. The whale claimed he invested with other people's money and threatened to sue Juno.

These events illustrate how crucial it is to construct governance for blockchains and applications running on them with great care and diligence.

What Developers Must Consider. Developers must determine what constitutes good governance, paying particular attention to how governance structures may invite hackers or bad actors. This is not merely a mechanical issue. Developers' values need to be explicitly articulated and then implemented within the blockchain. For example, consider the philosophical divide that emerged among Ethereum developers when weighing whether to change their blockchain when the DAO was hacked or to fix the error and move on, as well as the similar divide between those voting in favor of confiscating Juno tokens and those voting against it. To avoid such ethical dilemmas, developers should establish guiding principles for governance from the outset.

Disagreements arise when rules about how to allocate or earn power and money within the system are not carefully considered. The DAO hack exploited a flaw in the software, leading to confusion about whether code—even flawed code—truly is law. In Juno's case, part of the turmoil stemmed from insufficient consideration of how tokens were initially distributed. Developers need to understand that those with voting rights may have significant differences in beliefs, values, ideals, and desires. Strong governance is one of the most important tools for managing these differences, and if developers' values are embedded in the infrastructure, policies, and procedures governing the blockchain, significant ethical and financial risks can be avoided.

What Users Must Consider. Users must ask themselves whether the values of the blockchain creators align with those of their organization and clients. They must determine how much volatility, risk, and lack of control they and those they serve can tolerate. They must articulate their standards for what constitutes good and responsible governance and only engage with blockchains that meet those standards. Users may be using a distributed network without a single authority, but they are certainly dealing with a political entity.

Towards an Ethical Risk Framework for Blockchain

The ethical risks of any technology are as variable as its applications. For example, an AI-driven autonomous vehicle carries the risk of causing pedestrian fatalities. A social media application comes with the risk of spreading misinformation. The ethical and reputational risks associated with nearly all data-driven technologies also apply to blockchain. When implementing blockchain, senior leaders must establish a framework to mitigate these risks. They should carefully consider a range of scenarios.

• What are the ethical nightmares our organization must avoid?
• How do we consider edge cases?
• Should they anticipate ethical issues arising and engage in self-reflection?
• What governance structures do we have? What kind of oversight is needed?
• Could blockchain technology undermine any of our organizational and ethical values, and if so, how can we minimize those impacts?
• What protective measures should be taken to safeguard our stakeholders and our brand?

Fortunately, many of these questions have already been addressed in adjacent AI ethical risk literature, including guidelines I have written on implementing ethical AI programs. This material serves as a good starting point for any blockchain project.