In the first two parts of this series, we talked about what the basic workings of a decentralized autonomous corporation might look like, and what kinds of challenges it might need to deal with to be effective. However, there is still one question that we have not answered: what might such corporations be useful for? Bitcoin developer Jeff Garzik once suggested that one application migh be a sort of decentralized Dropbox, where users can upload their files to a resilient peer-to-peer network that would be incentivized to keep those files reliably backed up. But aside from this particular example, what other applications might there be? What are the industries where decentralized corporations will not simply be a gimiick, but will rather be able to survive on their own merits and provide genuine value to society?

Arguably, there are three major categories where this is the case. First, there are the natural monopolies. For certain kinds of services, it simply makes no sense to have many hundreds of competing offerings all working at the same time; software protocols, languages and to some extent social networks and currencies all fit into this model. However, if the providers of these services are not held in check by a competitive market, the question is, who does hold them in check? Who ensures that they charge a fair market price for their services, and do not set monopoly prices thousands of times above what the product actually costs to produce? A decentralized corporation can theoretically be designed so that no one involved in the price-setting mechanism has any such incentive. More generally, decentralized corporations can be made invulnerable to corruption in ways unimaginable in human-controlled system, although great care would certainly need to be taken not to introduce other vulnerabilities instead; Bitcoin itself is a perfect example of this.

Second, there are services that violate government laws and regulations; the use of decentralized file-sharing networks for copyright infringement, and to a much lesser extent the use of Bitcoin on sites like Silk Road, are both examples. As Satoshi Nakamoto put it, “Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own.” Finally, there are those cases where a decentralized network can simply maintain itself more efficiently and provides better services than any centralized alternative; the peer-to-peer network used by Blizzard to distribute updates to its massively multiplayer online game World of Warcraft is perhaps one of the purest examples.

The rest of this article will outline one particular idea for a decentralized corporation that can potentially open up a number of new possibilities in cryptocurrency, creating designs that have vastly different properties from the cryptocurrencies we see today while still staying close to the cryptocurrency ideal. The basic concept is this: Identity Corp, a corporation whose sole purpose is to create cryptographically secure identity documents for individuals that they could sign messages with, and are linked to individuals’ physical identities.

What’s The Point?

At first, the idea of creating yet another way to track people’s identity seems silly. Here we are, having escaped the shackles of state-backed fiat currency and its onerous anti-money-laundering identity verification requirements and gotten into the semi-anonymous world of Bitcoin, and I’m suggesting that we bring identity verification right back to the table? But of course, the choice between “nymity” and anonymity is not nearly quite so simple. Even individuals facing potential lifetime imprisonment, such as Silk Road founder Dread Pirate Roberts, still tend to maintain some kind of identity – in the aforementioned case, the identity is “Dread Pirate Roberts” itself. Why does he (or perhaps she, we may never know) do that? The answer is simple: he is also running a multimillion dollar business – namely, the online anonymous marketplace Silk Road, and he needs to provide customers some reassurance that he can be trusted. Legal and even semi-legal businesses often show themselves in public, deliberately making themselves vulnerable to both government prosecution and harassment of varying degrees from disaffected customers. Why do that? To show to the world that they now have an extra incentive to act honestly. The “crypto” in cryptography does come from the Greek word for hiding, but in reality cryptography is often about verifying your identity as it is about concealing it.

However, the sort of “identity” used by Dread Pirate Roberts is different from the identity we are talking about here. The function of standard public key cryptographic identity is a limited one: to provide proof that two messages were created (or at least signed) by the same entity. This definition may seem strange at first; usually, we think of identities as determining “who someone is”. In reality, however, just like in the principle of relativity in physics, in the context of identity and reputation theory there is no “preferred frame” for determining which set of observations of a person constitute that core person, or if a person has multiple names which name is his or her “real name”. If I write articles as “Vitalik Buterin”, but make internet posts as “djargon135″, it is equally legitimate to say “djargon135 is actually Vitalik Buterin” as it is to say “Vitalik Buterin is actually djargon135″; in either case, what matters is that one set of messages claimed to be written by djargon135, and another set of messages claimed to be written by Vitalik Buterin, in fact have a common author. Under this framework, a “real name” is distinguished from a “pseudonym” in one way and one way only: each entity can only have one real name. That is to say, while pseudonyms can be used to prove that two messages were created by the same entity, real names can also be used to prove that two messages were created by two different entities.

But this still does not answer the question: why have real names at all? In fact, nearly all applications of a real name can be reduced to one fundamental concept: the giveaway. We all understand what a giveaway is: perhaps a corporation wishes to hand out a free sample of a product to attract potential customers, perhaps a homeless shelter with limited resources wants to feed everyone enough to survive, and thus not let anyone take triple portions for themselves, or perhaps a government agency administering a welfare program wants to prevent people from claiming welfare twice. The idea is simple: X units of some product, service or commodity per person, and if you want more you will have to get your second portion through other channels. One of the use cases of a “real name” used earlier, that of a company owner publishing his details to reassure customers that he is vulnerable to prosecution by law enforcement, does not look like an example of a giveaway, but in fact that company owner is a recipient of a particularly special kind of giveaway in society: that of reputation. In a public key reputation environment, an identity can be created at no cost, so everyone starts out with zero reputation, making business difficult at first. In a real-name system, however, everyone immediately starts out with one pre-made identity, and no way to acquire more, making that identity “expensive” and thus giving them a fixed quantity of reputation to start out with. Instead of one free sample per person, it’s one free reputation per person, but the principle is the same.

How To Implement It

Actually implemening a system, of course, is a challenge. It is very difficult to do with any purely over-the-internet mechanism because anyone can trivially create multiple identites and make them all act like different people. It is certainly possible to weed out some fraud by applying statistical analysis on the messages that everyone signs (eg. if two different identities both consistently spell “actualy” instead of “actually”, that is some strong evidence that they might be linked); however, this can easily be circumvented by combining a spellchecker with a program that deliberately inserts spelling errors and rearranges some grammatical constructions. These tactics can perhaps be themselves corrected for, but ultimately relying solely or even largely on such mechanisms is a recipe for statistical warfare, not any kind of stable identity system.

So what’s left? Offline mechanisms. DNA-based identity is the most obvious, although face, iris and fingerprint scans can also add themselves to the list. Currently, government-based identity systems do not use this information too much because government identity documents follow a centralized parent-child model: you want a social insurance number, you need to provide your passport, you lost your passport, you provide a birth certificate and possibly change-of-name certificates if applicable. Ultimately, everything usually depends on a combination of the birth certificate and face recognition on the part of he government agents administering the system. A decentralized system to accomplish this can use both mechanisms, although many will argue that having the ability in theory to register without providing any government documents is a strong positive – it should be possible to get an identity through the system without necessarily tying in one’s government-backed “real name” (in the usual sense of the term, not my own distinction given above). If this is not possible, then some kind of mixnet-like setup could be used to anonymize identities once they have been created while still maintaining the one-per-person limit. However, attempts at fraud would likely be much more frequent; governments are not, at least at first, going to use any legal mechanisms to enforce anti-fraud rules with these identities as they do with their own documents.

From the above information, it becomes easy to imagine how one might create a centralized organization that accomplishes this objective. The organization would have an office, people would go in, have their biometrics (face, fingerprint, iris, maybe DNA) checked, and would then receive their fresh new cryptographic passport. Why not stop there? In this case, the answer is that the natural monopoly argument applies. Even if the system may have multiple identity providers, they would all need to cross-check information with each other to prevent multiple signups, and the resulting system would necessarily be the only one of its kind.

If this system is managed by a corporation, that corporation would have the incentive to start charging high fees once its product becomes ubiquitous and necessary. If it is managed by a government, then the government would have the incentive to tie these identities to its own real names, and remove any privacy features (or at least install a backdoor for itself). Furthermore, it might want the ability to revoke identities as a punishment, and if large parts of the internet (and society at large) start relying on these mechanisms it would become much harder to survive as a fugitive or dissident. Furthermore, there comes another question: which government speficially would administer the system? Even supposedly worldwide bodies like the United Nations are not universally trusted, often precisely because they are such perfect targets for corruption among anyone trying to secure any kind of worldwide control. Thus, to both avoid a corporation subverting the system for profit and a government subverting the system for its own political ends, placing the power into the hands of a decentralized network, if possible, is arguably the best option.

But how is it possible? Identity Corp can certainly avoid the truly difficult challenge of actively interacting with the world because all it does is provide information. However, receiving data about the world, including its users’ biometric information, would be nevertheless very challenging. There are no public APIs for such information; the only option would be for some human agent, or group of agents, to collect it. The channel of communication between the humans and the network will be simply digital bits, so it is very easy to see how these agents themselves could defraud the system: they could create many different identities for fake individuals with fake data.

The only solution seems to be, once again, decentralization and redundancy: have many different agents collecting the same information, and require individuals looking to get an identity to confirm it with several different agents, ideally randomly (or otherwise) selected by the system itself. These agents would all send out messages to the network containing both biometric data and the identity that data is mapped to, perhaps encrypted using some cryptographic mechanisms that allows two datasets to be checked to see if they are nearly identical but shows nothing else. If two different agents assign two biometric identities to the same data, the second identity can be rejected. If someone tries to register an identity with fake biometric data, they will need to convince a number of specific organizations to somehow accept it. Finally, the system should also include a mechanism for detecting and correcting fraud after the fact, perhaps using some sort of special-purpose decentralized “court”.

The second challenge is figuring out exactly who these “agents” are going to be. The system should be able to avoid Sybil attacks (the technical term for an attacker pretending to be a million entities so as to take control of a network that relies on consensus), and weed out bad agents without that mechanism itself being subject to bad agents or Sybil attacks. Proof-of-work and proof-of-stake is not enough; since we do not want each individual to travel around the world giving their biometric information to 51 of the network, in practice it may only take as little as 10 or even 5 to pull off fraud on a large scale. Thus, it is quite probable that making a pure decentralized corporation to accomplish this task will be impossible; rather, the best we can hope for is a hybrid system that uses heavy support from humans to keep the network in balance, but at the same time uses the network’s cryptographic properties to force the system to stick to its original mission. This would be somewhere between a legal contract or constitution and a true decentralized network, but the distinction there is a very fluid one; as Lawrence Lessig is keen to point out, “code is law“.

SocialCoin and the One World “Government”

The existence of a decentralized “real name” system allows for a large number of possibilities that have so far been unexplored in the cryptocurrency world. One attractive possibility is SocialCoin, the cryptocurrency that pays everyone in the world a “world citizen’s dividend” of 1000 units per month; another, similar alternative is to plug the system into a Devcoin-like system, allowing people to come together and vote on projects that the money should be spent on, thereby creating what is essentially a (voluntary) “world government” that funds itself from the revenue from generating new currency units. How much money could such a government get while still maintaining a low inflation rate? Here, there are two factors to keep in mind: people dying and losing their coins forever, and actual inflation.

Currently, when someone dies, their property automatically goes to their children or spouse by default. In a cryptocurrency, however, by default a person’s monetary savings simply become inaccessible since their passwords are lost. This destruction of coins creates a deflationary pressure; given the current death rate of around 8 per 1000 per year, multiplying by a factor of 2 to account for the fact that people tend to be somewhat wealthier than average at the time of their death, and then again dividing by 3 to take into account the fact that many people will have a system set up to ensure their wealth will go somewhere when they die (currently, about half the population has wills, and the divider can be bumped to 3 since people with more money are more likely to have them), we can get an estimate of 0.5 coin loss per year.

This, combined with a low target inflation rate of 1.5, means that we can “print” 2 of the current money supply every year. Since cryptocurrencies will massively reduce the amount of fractional reserve banking in the world (as the cryptocurrency base unit is online, so individuals no longer “need” to store their money in banks in order to maintain savings accounts and make long-distance transactions), we can expect much of the world’s M2 and M3 money supply (ways of calculating money supply that include bank deposits) to become part of the base money supply of a cryptocurrency. The M2 money supply of the world is estimated at around $40 trillion, giving our world government a budget of $800 billion per year to play with – or, in the case of SocialCoin, a universal dividend of $114 per person per year.

In theory, a world government can do a lot with $800 billion per year; in practice, it remains to be seen how free from corruption such an institution would be, although in this case the fact that it will be controlled by direct democracy, and have no power to tax, can potentially serve as powerful restraints on abuse. It would essentially be a government in the sense of being an entity tasked with maintaining social infrastructure, but would lack the power to coerce and compel that might make it particularly dangerous. Or, we can simply stick with SocialCoin, and leave it up to each individual to improve their lives the best that they can with $114 per year – almost nothing to most people reading this article, but a very substantial amount in many underdeveloped countries. If the system can be made to rely on no centralized institutions and no tax revenue, it can secure a level of political neutrality that would allow it to be trusted by the entire world. Will it happen? Well, either wait and see to find out, or start implementing it yourself.