Sunday, March 4, 2018

An Ode to Critics (IOTA and DCI)




Recently I heard there is the possibility that one or more actors associated with the IOTA project suggested the possibility of some form of legal action against members of the DCI responsible for an unfavorable analysis of IOTA's core technology. Rather than rehash the entire affair here, I'd recommend these sources as a reference points (DCI Audit Report)(Blog Post)(IOTA Response) to bring everyone up to speed.

What is provoking me to draft a blog post on this topic is that I offered to pay legal fees DCI actors would encumber as a result of their audit of IOTA in the event an agent of the IOTA Foundation or its associates decide to sue a member of the DCI. This offer was immediate and without preconditions. It also isn't connected to an opinion of the soundness- or potential lack thereof- of IOTA's technology.

To be frank, I could care less whether IOTA works, accomplishes its commercial goals or how it manages its ecosystem and community. What concerns me far more as a developer of cryptocurrencies is the relationship between security and cryptographic researchers and protocols we develop for our space.

The reality is that we have a symbiotic relationship. Researchers enjoy spending countless hours attempting to find flaws (theoretical and practical) in the philosophy, design and implementation of our work. These hours are seldom glorified or even compensated. They are generally ignored by the mainstream public outside of an occasional sensational headline by a low information journalist. But they are absolutely necessary to evolve our work.

For the researchers, they gain academic credit, the occasional job and the intellectual joy of resolving a problem. These perks aren't exclusive to a particular protocol or even the cryptocurrency space. Inflicting havoc on Ed25519 yields just as many brownie points as finding an issue in Ethereum's network protocol.

Having paid private firms literally hundreds of thousands of dollars in consulting fees to audit code IOHK writes, I fully appreciate the value of this foundational work. In fact, often one simply cannot hire the top minds as they are only interested in university affairs. Thus their time and effort is not only valuable, it can even be simply irreplaceable.

If a member of our space begins to attack researchers he feels have been unfair in their assessment or criticism, then this event cascades far beyond the immediate actors involved. It fundamentally damages the vital symbiotic environment between researchers and protocol developers. In other words, it directly hurts Cardano, Ethereum, Zcash and every other project.

Most graduate students, postdocs and professors do not have extensive resources to defend themselves against well capitalized cryptocurrency projects that don't actually have to win a case in order to massively disrupt the lives of these researchers. Going to court is expensive, emotionally exhausting and takes a huge amount of time. If a security researcher feels his work could provoke this event - even if it's objectively true, then they will simply choose a different topic.

I also can fully appreciate the discomfort of criticism that members of the IOTA community and the developers themselves are enduring. I have first hand experience with the blatant unfairness of constant attacks over social media, blog posts, at events and through other channels where lies, half truths and baseless innuendo replace an effective dialogue. It's always painful and often crosses the threshold to malicious slander.

But it's extremely important to understand that not all criticism is unfair and even within the set that is unfair, the actors levying it ought to be considered. The academic world is tightly regulated via credentials, unspoken rules and a strong emphasis on reputation. Attacking someone unfairly isn't a pattern that can be repeated without severe career consequences.

Thus the most common response to attacks coming from the academia is to prepare a fact based rebuttal. It doesn't necessarily mean the attack will be deflected or withdrawn, but it forces the critic to acknowledge your rebuttal and provide additional context and clarity.

This process is on display for the entire academic community to form opinions. If a researcher is dishonest, has conflicts of interest or is omitting/missing key points, then it will eventually be discovered. If it's a common pattern, the researcher will be socially exiled from academia.

A prominent example in the cryptographic world comes from Dr. Neal Koblitz. He levied an aggressive series of attacks on the concept of provable security. Neal's credentials are impeccable having created elliptic curve cryptography and being a Harvard educated Putnam fellow. Despite his enormous contributions to the field of cryptography, he wasn't given a pass on what many feel is unfair criticism. And it has had career consequences.

Escalation to courts is generally only done in cases of known fraud and institutional cover-up. For example, the falsification of collected data to skew results to some desired outcome. The consequences are always brutal once discovered. As particular examples, one can review the Schön scandal and also Paolo Macchiarini affair.

Nothing in this audit seems to deserve an escalation of this nature. A researcher made a claim and provided an argument with a set of evidence. The developer says this claim is false. It's an argument and it has an objective answer for the world to see.

Thus, I have no choice but to apply some of my personal resources as a counterbalance to protect the integrity of the system I have so benefited from throughout my academic and professional career. I would recommend that the IOTA community exercise the stoicism of the person who created the heart of their protocol as he continued to teach while students rudely interrupted his class.

I'd also like to remind them that MIT and the broader academic community isn't going away. Direct attacks- even if victorious- will have Pyrrhic consequences.

I hope the matter is closed and everyone can move on to better things. 

[{Axiom}]

36 comments:

  1. It's a difficult one. People should be free to investigate, but others should be free from the spread of malicious falsehoods.

    The spreader of falsehoods may eventually be found out, but what value does that have to the injured party if irreversible has already been done? And how is it a disincentive if the malicious party stands to gain from a competing product and can later merely say "I made a mistake".

    There is a responsibility on both sides.

    ReplyDelete
    Replies
    1. The destruction of an academic career that took years if not decades to forge is incentive enough to admit sins and move on. Lawsuits are beyond the pale here.

      Delete
    2. Do you not realize that if they obtained a heavy bag of enigma, or were guaranteed compensation, their career as academics would be worth sacrificing, to some?

      Delete
    3. One of the best things about academia is that people admit their errors and retract papers.

      It is possible to rebuild a reputation after "a single honest mistake". Especially as it is arguments that count, not authority.

      But how do you repair the missed opportunity of being first to market, or of a major investor going elsewhere? You cannot.

      That's why there is a responsibility on both sides.

      Delete
    4. This comment has been removed by the author.

      Delete
    5. Charles it is hard for researchers to resist the temptation to use their knowledge to purse a quick FUD in order to profit from the cryptocurrency markets. IOTA has shone a light on these perverse incentives, and you would be much better using your money to stamp out these practices rather than supporting a tit for tat legal battle.

      Delete
    6. So if someone accuses you of a crime, without proving you did that crime, you don't have the right to defend yourself for this accusation ?
      " That's why there is a responsibility on both sides. "
      There was an intentional motivation to cause damage to IOTA by the simple fact that the "researcher" did not prove how the "finding" could cause any vulnerability or damage to the network or IOTA token.(tokens were never in danger).

      A real researcher would never act this way by turning public a "vulnerability" that was never proven.
      That's all what IOTA co-founder wants from them, to show him, were is the "vulnerability" (no reply from the "researcher" to date).

      This was intentional by the researcher and as a result he needs to pay and be responsible for his acts, this should be an example for other researchers to think very well before making a PUBLIC ACCUSATION without proves.

      Delete
    7. This comment has been removed by the author.

      Delete
  2. CFB never claimed to sue, he said he wants to use the help of lawyers to illuminate the missing pieces of the puzzle and to reach out to the respective parties. (he's on the other side of the planet)

    Other than that, I find this text pretty fair.
    Generally, the work of these cryptographers is highly appreciated and I understand your stance, but if there is a COI, it will be uncovered.

    ReplyDelete
    Replies
    1. My hope is that this will prevent any further escalation and the issue will be considered resolved.

      Delete
    2. I disagree. CFB said they should be concerned, and that he intends to "win".

      Delete
    3. The iota foundation have released a public statement saying that if dci either prove there was a flaw or that they apologize for jumping the gun they will retract any legal action. I see it more of a move just to finally get a public apology and put some of this FUD to bed finally.

      Delete
  3. I like the endeavour but if Ethan comes out of this on the wrong end, your money has gone to defend an academic fraud.

    ReplyDelete
    Replies
    1. is Ethan a PhD candidate ? Well, he is just an intern in the academic world ! (just like a graduate engineer)

      Delete
    2. Ethan doesn't even have a single journal or conference publication after 4 years of research. At least not listed on his site. Only workshops and symposiums. What does that say?

      Delete
  4. Thank you for this article which I think is very insightful.

    You wrote: "A researcher made a claim and provided an argument with a set of evidence. The developer says this claim is false." which I would agree completely to but I don´t think thats exactly what happened here. Yes the developer said the claim was false but the developer also asked for more information to do more research on his own which the researcher did not reply to. I am not talking about the claims being true/false or fraud (I don´t have good the technical understanding) but don´t you think the researcher should have supplied those information to keep a good relationship between researchers and developers (as stated in your paragraph #3)? What else should a developer do to get more information to potentially fix his code to prevent vulnerabilities when researchers dont reply?

    Thanks for your article, very well written.

    ReplyDelete
  5. Oh, my! I must've missed the presentation of proof from DCI as is the norm in this space. Please, let's not become civil in an effort to hide conflict of interest from DCI. The indefensible are often very expensive to defend. Happy check writing!

    ReplyDelete
  6. Charles you missed the mark here. DCI intentionally attempted to hurt and discredit the IOTA foundation in an attempt to gain an unfair advantage in a tender bid where both technologies were competing against each other. This was a criminal act by DCI, period.

    ReplyDelete
  7. Can I ask whether Ethan/DCI's IOTA attacks were peer reviewed and challenged by your academic peers, before they were 'published'? The lack of a formal peer review is the real issue here, and you are taking a dangerous double standard to expect IOTA to peer review their work when clearly Ethan/DCI have not done any of it.

    ReplyDelete
  8. This comment has been removed by the author.

    ReplyDelete
  9. I personally don't think that to stimulate cheating/misleading is something of which you could be proud... exactly the opposite... you should discourage it...doesn't matter what title you have..as we all know in the crypto sphere the trust is not at a high levels as we all see the scamming/cheating/misleading is happening on daily basis ...

    ReplyDelete
  10. "If a member of our space begins to attack researchers he feels have been unfair in their assessment or criticism"

    Asking the researcher to show the evidences he claims to have is attacking ? Well, i disagree. The attack is CLEARLY on the DCI side.

    What about editing your post and writing :

    "If a researcher publish a paper with the intentional purpose of spreading FUD against a competitor project, he should be fucking fired"

    ReplyDelete
  11. I don't think its the criticism itself, rather the lack of proof, response and the rash publishing of ungrounded facts that has tickled peoples pride.
    Its really important to lay the ulterior motives out in the light of day.

    ReplyDelete
  12. you offer your help (money) prematurely and daringly. You seem civilized now and you intend to politicize. But anyone, even if it is not a developer, finds out by reading the emails that something smells very bad in the way the researchers handled the matter.

    ReplyDelete
  13. you offer your help (money) prematurely and daringly. You seem civilized now and you intend to politicize. But anyone, even if it is not a developer, finds out by reading the emails that something smells very bad in the way the researchers handled the matter.

    ReplyDelete
  14. Charles, I had high regards for you until this post. I understand and support the basic point you are making of protecting researchers. It is, however, very disappointing that you can claim that the Researcher provided evidence. Really? Have they? Really, Charles?

    Have those emails provided you with irrefutable evidence that IOTA was vulnerable?

    What about the researcher unwillingness to jump and discuss the matter of Slack? How do you find that? Can you really say that they were well-intentioned?

    This post leaves the bad taste that you are trying to protect your relationship with researchers because Cardano makes the big claim that it is: "the first peer-blockchain powered by scientists". It seems, given your association with scientists, you are blindly taking side with the hope to continue benefiting their moral backing. This would be unfortunate if this would be the case.

    What I really hope is for DCI to write a solid paper and publish it in TOP software engineering, distributed systems, or security conferences or journals. Maybe we then get real scientific evidences of their claims.

    ReplyDelete
  15. Charles,

    Sergey Ivancheglo (CfB) did NOT say he was planning to sue the DCI Ethan Heilman. This is a personal issue between the two and has nothing to do with the Iota Foundation. CfB wants to get a lawyer involved to clear the communication, not for suing purposes. CfB also wrote you a letter in this blog: https://medium.com/@comefrombeyond/open-letter-to-charles-hoskinson-97c9d5a682d8

    ReplyDelete
  16. Ademic fraud must be punished, DCI has been dishonest in the investigation.

    ReplyDelete
  17. Charles,

    Why would you want to defend someone who committed fraud?

    ReplyDelete
  18. I read the emails. I don't know how any academic or rational person can come to any other conclusion than DCI intended to do harm to IOTA. They delivered no proof, published early then went silent. Absolutely agree with you that we don't want attacks on researchers. However, this seems very much a case of academic fraud rather than an unjust attack on researchers by a major crypto. Charles, please take a moment of your time to read those emails and follow-up on this.

    ReplyDelete
  19. 'To be frank, I could care less...' IT'S COULDN'T CARE LESS, why are Americans unable to grasp this??

    ReplyDelete
  20. Charles, please consider what was the case and what you wrote... it seem that you are defending fraud.

    ReplyDelete
  21. I read a article under the same title some time ago, but this articles quality is much, much better. How you do this..
    cryptocurrency guest post

    ReplyDelete
  22. Nice post! That is an extremely nice blog that I will definitively come back to more times this season! Thanks a lot for the informative post. ICO Listing 2018

    ReplyDelete
  23. eToro is the most recommended forex trading platform for beginning and advanced traders.

    ReplyDelete
  24. Exchange ethereum to paypal instantly

    ethereumpro.net best website to exchange your ethereum to paypal and other currencies.there are many websites are working but this is the
    best website.highly trusted site and have thousands of satisfied customers

    https://www.ethereumpro.net/

    ReplyDelete