XML-X Part III - Governance
XML-X Part III - Governance
Date: Fri, 29 Mar 2002 12:33:32 -0500 (EST)
From: Ian Grigg
To: xml-api@intertrader.com
Cc: dbs@philodox.com, dgcchat@goldmoney.com
Subject: [xml-api] XML-X - part III - Governance
Let's face it, the governance in the gold world sucks.
Just simply utterly sucks. With rocks, as our American
friends would say.
There is, of course, the rather fine part to do with
the physical metal. Granted, with some of the systems,
you can have some sort of confidence that there are some
gold bars there. London, Zurich, Dubai. Other places
that only get visited by us mere net-mortals when our
dotcom shares ship in. According to some big 5 (whoops,
big 4 and [ac]counting) audit firm, maybe there are some
bars somewhere. It is not a system that you can rely on
to any great extent, but it can certainly be built upon.
But, my gripe here today (and, it is a gripe, but with
a purpose) is not with the protection of the bars.
(Previously I talked about the use of XML-X for the
vanilla communication of transaction information.
Now, I'm going to leap 2 layers up in the financial
cryptography pyramid and talk about governance. Not,
specifically the protection of the bars of metal in
a DGC, but the protection of the electronic gold.)
What really truly sucks, absent little pebbles but with
the thunder of great rolling boulders that presage
avalanches to sweep away tiny struggling economies in
the shadow of the mountains of the old world, is the
digital side.
Let's face it (2), it is rather easy to count bars, but
how in all of our experience of 6000 years of counting
do we calculate how many electrons are circulating out
there and making this gold stuff mean .. well, gold?
Actually, it's rather difficult. And it is no surprise
that every metallic money system has made a complete
hash of it. There is no confidence whatever that
there are X golden units on that server related to the
apparently escrowed same X' worth of mass of physical
gold.
Why is this? Simply because ... nobody watches those
numbers. Or, the same people that watch the numbers
are the ones signing the transfers on the metal. Or,
the ones in control of the numbers are not being
watched by the ones watching the bars.
Or, the ones doing the transactions (wake up, dear
reader) are the ones who have no idea whatsoever as
to what happened when they clicked that [OK confirm
now] button.
It's a fact, faceable (3) or deniable, as you choose,
that your average DGC has no, zilch zero governance in
the digital side of the equation. If you are unsure,
consider this.
Which system out there publishes the way in which the
metal float is increased? Who signs off on that?
Does our chosen metal system use outsourced float
creation, hand-typed SQL to add a little extra into
some table, or something even more arcane?
For that matter, how do we know that, when a transfer
is done, the same amount of digital gold exists before
and after? What is to stop a system administrator
simply adding some extra to his account? What system
has any methods in place to detect insider access to
user accounts?
One could go on, but you (yes, that's you, the nominal
owner of these transactions) should be getting the
point by now.
Into all this planetary wasteland of governance lies
the unfortunate fact that there is, in (yadda yadda)
information theoretic terms absolutely no way that the
average DGC can do anything to 'govern' the digital
value.
Shock horror, what does this mean? Well, look at it
from first principles. Someone has to run the server.
What does that server do? It runs numbers, hopefully
ones formed into nice precise double-entry transfers.
Anyone who has access to that server can ... change
the transactions. They can move value into secret
accounts (cunningly numbered 88888 for convenience).
They can create unauditable movements of funds by
activating frozen accounts in the morning, moving
money through them and inactivating the accounts by
lunchtime. See the Clearstream operating manual for
more information.
These gnomes of the backend system can rewind
transactions, wind them forward where before there
were none, or simply steal value from unwatched
accounts and sell it to ... well, who cares.
In the same sense that you, the owner of the metal
(electronic and/or physical) care about your bars, it
is very clear that you should also care about your
numbers. Governance of the computer system that is
driving the accounts for your average DGC is a most
important thing, and a most forgotten thing.
What this has to do with XML-X is ... to be described
in the following Part IV.
_______________________________________________
xml-api mailing list
xml-api@intertrader.com
http://lists.intertrader.com/mailman/listinfo/xml-api