Sunday, March 4, 2018
An Ode to Critics (IOTA and DCI)
Recently I heard there is the possibility that one or more actors associated with the IOTA project suggested the possibility of some form of legal action against members of the DCI responsible for an unfavorable analysis of IOTA's core technology. Rather than rehash the entire affair here, I'd recommend these sources as a reference points (DCI Audit Report)(Blog Post)(IOTA Response) to bring everyone up to speed.
What is provoking me to draft a blog post on this topic is that I offered to pay legal fees DCI actors would encumber as a result of their audit of IOTA in the event an agent of the IOTA Foundation or its associates decide to sue a member of the DCI. This offer was immediate and without preconditions. It also isn't connected to an opinion of the soundness- or potential lack thereof- of IOTA's technology.
To be frank, I could care less whether IOTA works, accomplishes its commercial goals or how it manages its ecosystem and community. What concerns me far more as a developer of cryptocurrencies is the relationship between security and cryptographic researchers and protocols we develop for our space.
The reality is that we have a symbiotic relationship. Researchers enjoy spending countless hours attempting to find flaws (theoretical and practical) in the philosophy, design and implementation of our work. These hours are seldom glorified or even compensated. They are generally ignored by the mainstream public outside of an occasional sensational headline by a low information journalist. But they are absolutely necessary to evolve our work.
For the researchers, they gain academic credit, the occasional job and the intellectual joy of resolving a problem. These perks aren't exclusive to a particular protocol or even the cryptocurrency space. Inflicting havoc on Ed25519 yields just as many brownie points as finding an issue in Ethereum's network protocol.
Having paid private firms literally hundreds of thousands of dollars in consulting fees to audit code IOHK writes, I fully appreciate the value of this foundational work. In fact, often one simply cannot hire the top minds as they are only interested in university affairs. Thus their time and effort is not only valuable, it can even be simply irreplaceable.
If a member of our space begins to attack researchers he feels have been unfair in their assessment or criticism, then this event cascades far beyond the immediate actors involved. It fundamentally damages the vital symbiotic environment between researchers and protocol developers. In other words, it directly hurts Cardano, Ethereum, Zcash and every other project.
Most graduate students, postdocs and professors do not have extensive resources to defend themselves against well capitalized cryptocurrency projects that don't actually have to win a case in order to massively disrupt the lives of these researchers. Going to court is expensive, emotionally exhausting and takes a huge amount of time. If a security researcher feels his work could provoke this event - even if it's objectively true, then they will simply choose a different topic.
I also can fully appreciate the discomfort of criticism that members of the IOTA community and the developers themselves are enduring. I have first hand experience with the blatant unfairness of constant attacks over social media, blog posts, at events and through other channels where lies, half truths and baseless innuendo replace an effective dialogue. It's always painful and often crosses the threshold to malicious slander.
But it's extremely important to understand that not all criticism is unfair and even within the set that is unfair, the actors levying it ought to be considered. The academic world is tightly regulated via credentials, unspoken rules and a strong emphasis on reputation. Attacking someone unfairly isn't a pattern that can be repeated without severe career consequences.
Thus the most common response to attacks coming from the academia is to prepare a fact based rebuttal. It doesn't necessarily mean the attack will be deflected or withdrawn, but it forces the critic to acknowledge your rebuttal and provide additional context and clarity.
This process is on display for the entire academic community to form opinions. If a researcher is dishonest, has conflicts of interest or is omitting/missing key points, then it will eventually be discovered. If it's a common pattern, the researcher will be socially exiled from academia.
A prominent example in the cryptographic world comes from Dr. Neal Koblitz. He levied an aggressive series of attacks on the concept of provable security. Neal's credentials are impeccable having created elliptic curve cryptography and being a Harvard educated Putnam fellow. Despite his enormous contributions to the field of cryptography, he wasn't given a pass on what many feel is unfair criticism. And it has had career consequences.
Escalation to courts is generally only done in cases of known fraud and institutional cover-up. For example, the falsification of collected data to skew results to some desired outcome. The consequences are always brutal once discovered. As particular examples, one can review the Schön scandal and also Paolo Macchiarini affair.
Nothing in this audit seems to deserve an escalation of this nature. A researcher made a claim and provided an argument with a set of evidence. The developer says this claim is false. It's an argument and it has an objective answer for the world to see.
Thus, I have no choice but to apply some of my personal resources as a counterbalance to protect the integrity of the system I have so benefited from throughout my academic and professional career. I would recommend that the IOTA community exercise the stoicism of the person who created the heart of their protocol as he continued to teach while students rudely interrupted his class.
I'd also like to remind them that MIT and the broader academic community isn't going away. Direct attacks- even if victorious- will have Pyrrhic consequences.
I hope the matter is closed and everyone can move on to better things.