Governance of Internet Instruments

Introduction

Other Documentation

The "big picture" paper on Financial Cryptography in 7 layers discusses Governance firstly in general terms and secondly within the Ricardo context [1].

Systemics has manuals for roles in the five parties model for people working with issuers.

---

Backing

What is a digital currency backed by?

A digital currency would often be backed by deposits held at a conventional repository. These deposits might be one-for-one with issued digital asset, depending on the contract [2].

What is Backing?

An issue of a financial instrument has to be backed. Backing means the sum total of things that will give your issue value; so by definition an issue of value is backed by something [3].

An Issuer's task, then, is to design the backing to suit.

As a starting point, consider one-to-one reserves located at a secure repository: for example, placing all your members contributions and into a bank account.

Then, vary the equation from there. What happens if you hold bonds denomninated in your issue instead of deposited balances? What happens if some value is lent out to club members? What happens if the bank manager doesn't like my issue?

If you are bank, then you could just push the float into your risk calculations, but seeing as it will be hard to allocate a risk factor in the foreseeable future, you may still benefit from simply holding the monies as one-to-one deposited reserves.

What are Reserves?

Reserves are underlying assets that are a) denominated in the same as the digital issue, and b) kept escrowed for the purpose of providing value to the issue.

Commonly, reserves are redeemable, and are also bailable. That is, the user can pay to acquire them directly using the digital issuance, or can send in new reserves, and collect equivalent digital issuance in exchange.

For example, a digital gold currency (DGC) would normally escrow bars of gold with a repository, and then issue exactly that amount in digital issue. Thus, the reserves would be one-for-one (1:1) and the reserve ratio would be 100%. DGCs often state in their agreement with users how committed they are to maintaining 100% reserves, and what access users have to the reserves.

---

The Five Parties Model of Governance

How Do I Avoid Inflation, Bankrupcy, Prison and Sundry Other Pitfalls?

The steps described in The SOX Server Management (a.k.a. the Server) allow you to write money where before there was none, which puts unparalleled power into your hands. Now, experience over the ages has shown that anyone who has the power to write money generally does. And that they write a lot of it. So, how do we avoid this?

Well, just like any despot with the keys to the mint, no-one can stop you inflating your own currency into Reichsmark territory. The only way to stop this is to take the keys away from you. To do this, we need a few more people at the party, who are (continuing with the Club scenario):

• The Board. Is who is ultimately responsible.
• The Mint. Looks after capitalisation. The stuffed shirt brigade with a reputation to protect.
• The Operator. Runs the Servers. The Geeks with square eyes.
• The Manager. Handles value transfer between worlds. The cash gopher.

We'll also refer to the Users, who are of course members of the Club. That gives five Parties, using the individual sense of the word, and hence this model is called the Five Parties Model of governance (commonly abbreviated as 5PM).

And with a salute to F. A. Hayek, we will label our Club tokens as Digital Ducats.

How do we bootstrap a currency?

With the above Five Parties in mind, the following steps are required to start off the Digital Ducat.

• Selection of Parties. The Board selects the other parties, as shown in Figure 1:
  • The Operator, which isn't hard, as at the moment of writing, the only one is Systemics. Watch this space for the arrival of Operator Competition.

    The Operator runs servers on the Internet that accept SOX instructions. Make sure you pay enough to the Operator to allow them to run secured high-availability servers :))

  • The Mint. You will need a trustworthy party. If you are seriously in commercial business, you might make this your firm of accountants. Or a lawyer.

    If enhancing your reputation for fiscal prudence is not important, ask the Operator to do it, or do it yourself. This might even be sensible in the early stages of a commercial operation, but you should plan to move over fairly quickly.

  • The Manager. This is whoever is going to manage the ingress and exit of funds in between the physical cash world and the cyber cash world.

    The Manager is the day-to-day controller of the item, so if you are creating Club tokens such as our Digital Ducats, this role would go to the Treasurer of the Club. If you are more serious, it would probably be two people, one doing the legwork, and the other countersigning the cheques.

• The Keys. Create a [certification] and a [contract] key. It's a good idea to create a [web] key as well, so you can participate in the "web of trust." These keys are created according to Purposes of Keys.

  If this is leaning to far into the technical side, appoint a Key Technology Officer (KTO) who's task it will be to master Contracts and PGP technology, and advise the board on what they are signing and how to secure the keys.

• The Contract for the Digital Ducat. Once the Operator is selected, the Board does the following to get the contract up on the system:
  • Write a contract that specifies the arrangment between the Club Board and the Users, as described in The Digital Financial Instrument Contract (a.k.a. an item).
  • Instruct the Operator to mount this contract as an issued digital financial instrument, as described in Management of a SOX Server. We can now create Digital Ducats, but they are worthless and immovable.
• Sign Operator Keys. Using the [certification] key, sign a [comms] and a [receipt] key as provided by the Operator. These keys are such that they allow the Operator to sign for SOX value on the behalf of the Board, and conduct SOX communications with the users on behalf of the Board. Now, the Digital Ducat is worth something, and can be moved around. But, regardless, there are none there yet.
• The Mint. This trustworthy party creates an account, see 1. in Fig. 1; the party and the account together we will call the Mint.
• The Credit Side of the Balance Sheet. As described in Server get your Operator to find the Mint account and enable it for credit, see 2. in Fig 1. This is the only one enabled for loans, and it separates the digital currency into two sides - a credit side and a debit side (or, a minus side and a plus side).
• The Manager's account. Create a second account for the Manager.
• Setting the Initial Capitalisation The Board now supplies a signed document to the Mint stating that the Digital Ducat is nominally capitalised at a given amount, at least initially. Go for something comfortable, like the amount of membership dues per member times the number of members. Here, let's assume that's 1000 ducats.
• Writing of Total Capitalisation The Mint now uses its account to write the agreed amount of total capitalisation. The act of signing causes the digital currency balance sheet to look momentarily like this:

  	Balance Sheet - Digital Ducats
  
  	Mint      Others
  	------------------------------
  	1000  |
  	      |
    

  That is, on the left hand side, we have the credit (or minus or asset) ducats, and on the right hand side, we hope to have the debit (or plus or liabilities) ducats. For now, 1000 ducats is missing somewhere!
• A Balanced Sheet. The payment is sent to the Manager, see 3. in Fig. 1. When deposited, the Manager holds the entire nominal capital of the Club, for distribution, and the Mint has a single credit number to maintain. The balance sheet now balances:

  	Balance Sheet - Digital Ducats
  
  	Mint     Others - Manager
  	------------------------------
  	1000  |  1000 Manager
  	      |
    

  which is a relief!

The Digital Ducat is now set up for Club Trading.

Figure 1: Bootstrapping the Digital Ducat

Now, once the ducats are safely in the control of the Manager, they can be distributed to Users according to the funds that the latter have supplied. If, as shown in Figure 1, Bob gets a ducat, Carol gets two ducats, and Dave scoops up a hundred, then our balance sheet looks like this:

	Balance Sheet - Digital Ducats

	Mint     Others - Members and Manager
	------------------------------
	      |     1   Bob
	      |     2   Carol
	      |   100   Dave
	      |  ---- 
	      |   103   Ducats in Circulation
	      |   897   Manager
	      |  ====
	1000  |  1000   Total Capitalisation
  

Which, most importantly, balances.

Before we move on, a quick note to those who are wondering why we went to this sort of trouble. This method is called double entry book-keeping and was invented around about 500 years ago in Italy. Legend has it that a bunch of Genoan Pirates found that the only way to stop the slaves from plundering their hard-earned treasure was to invent a system with the property that everything comes from somewhere.

So, when you look at the books, and you find a mistake, you can be assured that the answer is in the figures somewhere. Or, at least, that was the Pirates' theory.

What Responsibilities of the Parties are there?

Now, there are a number of responsibilities to be followed by each party.

• The Mint and the Board need a contract that specifies under what conditions the Mint is authorised to write more value for the Manager. This would be written, or PGP, as agreed between the two parties. It would say something to the effect that "On presentation of a PGP-signed authorisation from the Board of Control of the Club that authorises Mint to write a stated amount."
• The Operator must show that 1. only the Mint key can write credit payments, and 2. every completed transaction that was signed for by the [receipt] was in response to a duly signed SOX request by the account (that is, the user).
• The Mint must show that each and every credit payment was written when and only when duly authorised according to the original agreement, and said credit payment was delivered to the Manager.
• The Manager must show that all transfers into and out of the Manager account are in accordance with User instructions, and supplies from the Mint.
• To complete the cycle, the Users must show that the Board authorised due capitalisation, and that each User managed their accounts with due caution.

And thus we have the Pentagon of Virtue! If each and every one of the above five parties fulfills their part, nothing can go wrong.

Well, in theory at least; in practice, this is a system of human design, not of human action (to paraphrase Adam Ferguson [4]).

As human action dictates that a rip-off is in the offing, then we need to guard against the inevitable temptations. A second feature of the above design is that nothing can remain undetected for long. This is based on the requirement that each party show that they have fulfilled their obligations. Hence the Virtue of the Pentagon is assisted by reducing the amount of time that can occur between audits, and the increase in the ratio of reward to punishment.

A third feature of the design is that it is openly practiced by the Parties, so there is more likleyhood of flaws being published than exploited.

What Checks do the Parties carry out?

To fulfill their responsibilities to the Five Parties model, each party should consider the following:

• Board - check the below reports, and publish a report with authorisations to the Mint, and appropriate User minutes to back them up.
• Operator. Publish a report, on demand, that states how much total capitalisation exists, that there is one negative account, and that negative value equates to positive value.
• Mint. Publish a report that shows the capital transactions written on one side, against the authorisations on the other side.
• Manager. Publish a report that shows the capital transactions (influxes of money), the net sum of movements, the balance of the Cash At Bank, and the Manager account. The three should balance.
• Users - ensure that they check the reports, and instruct auditors to check the positions and actions of the parties. Specifically,
  • Board: authorisations are in accordance with User instructions.
  • Operator: instructions are signed, only one negative account exists, and that reports are validly produced.
  • Mint: account instructions match authorisations by Board.
  • Manager Cash-At-Bank activity matches Manager account activity, each transaction is authorised by a user, and each Mint supply matches authorisation by Board.

This way, in order to hyperinflate your ducats, many parties must be in cahoots, or the auditor must fail in its duties, or the damage is of short term significance.

Now, if the Club has chosen its office holders carefully, and each party is concerned with their reputations, sufficient barriers should be in place to minimise the difficulties.

At least that's today's view, so don't put your money in until you have thought it through carefully.

---

Liability

When an Issuer "loses" the reserves, what happens?

When the cookie jar is empty, and the Manager (and thus the issue) is effectively bankrupt, there is generally a last and final word. This is the Ultimate Liability. A currency issued by a failed issuer could be further backed by several things, often in combination:

1. Members. The limited liability of a set of individuals.
2. Partners. The unlimited liability of a set of individuals.
3. Governments. Nothing specific, but a reputation and an available and continuing stream of cash flow from tax payers.
4. Private Law. Where the force of law is not strong, then private law can sometimes fill in the gap.

Issuer liability a key decision in the issuance of any currency, so we'll examine the alternatives a bit more closely:

Limited Liability

This is what most businesses use at the moment in their legal incorporation as a company. But bear in mind that most companies don't handle money as their primary product.

Banks do, but they have other forms of backing, being the implicit or explicit government gauruntee in existance in most countries, and the existance of insurance funds. So there's no big problem if they go bust [5].

Perhaps the best example is the non-banks, those amazing creatures that operate in the banking sphere, but are just companies. In this case, the liability is limited to the share holdings in the company by the individual share holders. Effectively, the share holders are liable to what they have already put in to the venture as capital.

Now, this method is perhaps also most appropriate for a club, where a group of people share a common interest, and would rather work on high mutual trust than have unspecified liabilities hanging over them. In a club, value injected would represent their liabilities. Then, if it all disappears, that is the sum total of the liabilities. This is the motivation behind many clubs becoming incorporated companies (clarification of liability).

A variant of limited liability is "double-liability" that was sometimes used in the various historical periods of free banking. This effectively meant that each shareholder was liable for their existing shares, plus that sum again [6].

The advantage of this was that each shareholder now had a solid incentive to monitor the activities of the bank. Normally, shareholders, by nature, are prepared to lose any particular holding, by the principle of diversification. But by obliging them to also pony up more hard cash in the event of bank failure, their focus on scrutiny of the bank became much stronger.

Unlimited Liability

This means that if you fail to pay your debts, any asset you own can be taken from you. Literally, the shirt of your back. Whilst this may sound draconian, if you are prepared to put *everything* into the venture at hand (be it selling lemonade or building a new country), the promise of unlimited liability can cause a much heightened degree of confidence.

This is the method that seems to have predominated in the various historical periods of free banking. People of independant wealth (the PC term for the rich) would place their entire wealth at the disposal of the bank in the event of collapse. This worked well, with bank failures in the Scottish period resulting in losses to depositors that were trivial compared with their southern neighbours [7].

These days, Unlimited Liability is more usually embodied in the legal partnership that exists in most countries. The terms are often used interchangeably.

Nothing Specific

This is what governments do. By relying on their reputation (faith from the people) and the availability of taxes, they can meet the liabilities of their issued currency. It should be pointed out that they enjoy this position *not* from any natural force, but from a century of legal manipulation.

It should also be pointed out that their ability to control competition means that they can "inflate" their way out of trouble. It is this monopoly position that allows them a guarunteed demand of the currency that allows them to forgoe any specific backing for the currency.

Private Law

This is mentioned more as a theoretical circumstance for the moment, but it might make some headway in the chaos of the Internet. Private law is any arrangement outside the normal notion of a state-supported contract. For example, independant arbitration fits in here [8]. Further, see Hernando de Soto's fascinating description of the arisal of property rights in the north American continent [HdS].

These alternates are discussed further in the main FAQ.

What Liability Arrangement can be used?

You have to choose one of the above Ultimate Liability scenarios (although if you can think up another one, let me know and I will add it to the list).

No Liability

Let's address the easy one first: nothing specific. The key point here is that there is an absence of competition. If you can do achieve this, then you could consider it. Here are some of the circumstances where there is an absence of competition:

One user of "nothing specific" might be club or community currencies. Clubs and Community Currencies rely on other, tacit or unwritten trust assets to back their currencies.

A further issuer of "nothing specific" might be corporate issues. Corporates would generally take their currency back for goods & services, thus creating demand. A corporate may seek to buy back currency where there is surplus, in order to maintain value, but it might reserve the right to not do that.

Limited Liability

If you are a bank or a large listed corporation, you could opt for limited liability. Your activities and trust-base might convince people that you are a sound risk.

If you are a small group that enjoys high mutual trust, and only the group participates in transactions, then you could rely on limited liability. That is, everyone in the group agrees that they won't recover anything they put in, if it all goes bust. This is the club scenario.

If you are a company that intends to only operate a payment system, and you put in place independant checks on the value held, then your customers may be comfortable with limited liability. The more credible your checks, the more comfortable they will likely be.

UnLimited Liability

If you are intending to conduct fractional lending, or deal with the public, then you might want to consider unlimited liability. This way, people can assess your true worth, and your true committment to the project.

It is the case that Unlimited Liability as it is conceived here has proven to be difficult to arrange.

Caveats

However, big caveat here, these are early days in the Internet Financial System, and most of the information listed is theoretical. There is little hard and fast experience out there, and lots of confusing laws. Tread with care.

In practice, most serious issues have chosen Limited Liability - that is, they have formed a company. They have often done this more as a routine choice, probably reflecting the normal business patterns of these days.

---

References

[1] FC7 "Financial Cryptography in 7 layers," Proceedings of Financial Cryptography Fourth International Conference , Anguilla, British West Indies, 21st - 24th February 2000.

[2] Reserve Ratio A one-for-one reserve of assets backing the currency is a useful starting point, especially for understanding. Anything less than one-for-one is expressed as a Reserve Ratio, with the reserves being divided by the total circulated currency (and multiplied by 100). For example, the current BIS recommendation of 8% implies that a BIS bank maintains $8 in assets for every $100 of circulating liabilities. A User of a Ricardian Contract must read the contract in order to determine just what reserve ratio the Issuer is claiming to offer as reserves, if any.

[3] Backing. Backing includes reserves, guruntees, insurance, government fiats and laws (legal tender), demand factors such as need to pay bills such as taxes, supply factors such as payment to employees, reputational factors, and anything else that helps the issue to succeed.

[4] Adam Ferguson "nations stumble upon establishments, which are indeed the result of human action but not the result of human design." An Essay on the History of Civil Society, 1767, p. 187, quoted by Hayek in "Individualism: True and False" reprinted in _Individualism and Economic Order_, 1948, p. 7. and the latter quote further quoted by Mathew.B.Forstater (at) cc.gettysburg.edu, in a post to AustrianECON (at) agoric.com 16 Nov 1996.

[5] Banking Panics "Banking-system failures, threatened or actual, have blighted more than 100 countries [since 1980]." The Economist "Standard Raisers" 30 Nov 1996. At least, by their frequency, nobody seems bothered by them.

[6] Double Liability How this was calculated is unclear.

[7] White See page 37 of Lawrence H. White, Free Banking in Britain 2nd ed., The Institute of Economic Affairs, 1995:

"The loss to the Scottish banking public from all failures to date was estimated in 1841 at only 32,000 pounds. Public losses in London during the previous year alone were estimated at twice that amount."

The competitive free banking era lasted for about a century until 1844.

[8] Private Law Private Law also includes things like the Mafia, who enforce contracts between parties by various ingenious methods. However, nobody has yet worked out how to send baseball bats over the Internet, so it remains theoretical.

[HdS] Hernando de Soto, Citadels of Dead Capital 2000, an extract from his seminal book The Mystery of Capital: Why Capitalism Triumphs in the West and Fails Everywhere Else