Should We Use the Internet Computer’s Governance System to Purge Canisters that Infringe on Intellectual Property?

The Internet Computer faced arguably its largest challenge yet on Tuesday when a member of the DFINITY foundation proposed the deletion of a canister that contained intellectual property owned by Nintendo. According to the foundation member, the proposal was prompted by a takedown notice that Nintendo sent one of the node operators that hosts a node in the subnet that contained the relevant canister. The proposal was later mooted because the canister creator removed the canister herself. But underlying question is still live: should we use the Internet Computer’s governance system to purge canisters that infringe on intellectual property?

If the DFINITY forum is any indicator, the majority of the Internet Computer community seems to think that the Internet Computer should allow the NNS to remove canisters that infringe on intellectual property. This view seems to be based on the underlying premise that allowing canisters that use intellectual property without permission to run on the Internet Computer could have serious negative consequences for the network, while providing little to no benefit. I don’t necessarily disagree. If we have no way to purge those kinds of canisters from the network, a malicious actor could attack the Internet Computer by running stolen intellectual property on every single subnet. Were that to happen, virtually every node operator would likely face suit from the intellectual property owners (such as Nintendo) and have to decide whether the benefits of running a node outweigh the costs of defending herself in court and the potential liability were she to lose her case. Faced with that decision, nodes might leave en masse, crippling the Internet Computer.  

That said, it is not clear to me that we should allow the NNS to delete canisters that infringe on intellectual property. First and foremost, the fatal flaw of the design is that voters have no way of knowing whether a given canister actually violates someone’s (or some organization’s) intellectual property. Indeed, a bad actor could submit an NNS proposal to remove a canister or cluster of canisters on the ground that they infringe upon intellectual property—even where not true. Similarly, a bad actor could send “fake” takedown notices to nodes, with the hope that the Internet Computer community will give credence to a canister-removal proposal made by a node provider. In either case, the bad actor could rely on highly technical and complex patents as the property being violated, knowing that the community will have neither the technical chops nor the time needed to determine whether there actually was a violation.

Another fatal flaw is that the design cannot scale. A bad actor could start uploading someone else’s intellectual property to hundreds of canisters a day. Were that to happen, the NNS voters would be faced with a deluge of canister-removal proposals that they would have to review for accuracy. Faced with a flood of requests, the process would break down: voters would either (1) stop voting altogether, (2) vote at random, or (3) rely on some trusted neurons to vote for them.

All three of those are seriously problematic. If enough people stop voting, intellectual property violations won’t be removed from the Internet Computer, leaving nodes just as vulnerable to suit as they would be were there no way to delete canisters. Moreover, as people stop voting, the cost of an attack on the network falls: bad actors could vote to remove a canister under the guise of an intellectual property infringement, and use their own votes to make sure it passes. 

If people vote at random, the system fails to achieve its purpose because some legitimate canisters will be purged, and some canisters that infringe on intellectual property will remain. If enough legitimate canisters are purged, it would be impossible to build on the Internet Computer because your code could arbitrarily be removed any moment. 

Finally, if voters rely on trusted neurons to vote for them, the trusted neuron becomes an attack vector. The neuron controllers could be pressured to delete canisters that don’t actually infringe on intellectual property, under the guise that they do. It's not hard to imagine a situation where government officials pressure members of the trusted neurons to delete canisters that violate laws--threatening them with jail time if they fail to comply. Moreover, it’s not entirely clear to me that one or two trusted neuron controllers are capable of handling upwards of hundreds of infringement requests a day.

Thus, there are serious questions about whether we actually can craft some sort of system that would allow us to use the NNS to remove canisters that infringe on intellectual property. But even if we could, should we? The argument that node operators must follow the laws of their home country opens implies that in addition to canisters that contain others’ intellectual property, we should also have the NNS purge all decentralized exchanges, options platforms, gambling programs, etc. that are built on top of the Internet Computer. Indeed, all of those types of programs violate extremely strict laws in the United States that require operators of exchanges and gambling platforms to have a license—something that a decentralized, autonomous application cannot possibly do.

Some have argued that intellectual property is different because multinational corporations like Nintendo are highly litigious. But so are state and federal governments. If we start deleting canisters out of fear that node providers will be sued, it is highly likely that governments across the world will take note and start to pressure node providers to take down applications that violate their laws—such as the types of applications I listed above. When (not if) that happens, decentralized finance will be dead in the water. Other innovations won’t be far behind.

 I don't know what the solution to this problem is. Neither answer seems to be a good one. We must protect our node providers, but at the same time there is no way to actually purge all intellectual property violations from the Internet Computer without also deleting some good canisters. In my mind, the only solution is to protect nodes by shuffling them around and obscuring both their identity and what it is they are hosting.

Comments

  1. AlejandroDecember 9, 2021 at 12:27 AM

    awesome take. This is a big issue that can potentially scare investors away and dfinity needs to outline how they're going to handle these issues.

    ReplyDelete

Post a Comment

Popular posts from this blog

An Introduction to the Internet Computer

  What is the Internet Computer? The Internet Computer is a protocol that connects independent datacenters around the world and enables them collectively to create a giant computer that no singular datacenter controls and that anybody can use. Technically, the Internet Computer is not unique in that regard: every public blockchain could be described in a similar way. What is unique about the Internet Computer, however, is that it does not face the same constraints that plague other blockchains. Other blockchains are architected in a way that severely limits the storage and compute they can handle. This constraint makes traditional blockchains prohibitively expensive to use for any application that requires even a moderate level of storage. Indeed, it is no coincidence that up until now blockchains have been associated only with storage-light applications like DeFi. In stark contrast, the Internet Computer can scale its capacity without bound to host any volume of computations...
Read more

Valuing ICP

The Internet Computer is a “world computer” created by weaving together the compute capacity of independent data centers across the world. Conceptually, it can be thought of as a highly secure edge cloud platform that isn’t controlled by a singular company. But does that mean that the Internet Computer’s native token (ICP) should be valued against the market capitalization of edge cloud (or even cloud) companies? If not, how should we value it? ICP has three major functions. First, it is used to pay for compute power on the Internet Computer. Second, it is used to vote on changes to the Internet Computer. And third, it is used to buy things that are sold on the Internet Computer. These three have equivalents in traditional markets that can help provide frameworks for valuation: (1) energy commodities, (2) equities, and (3) money. ICP as Energy Commodity. Software on the Internet Computer cannot run unless it has been charged with “cycles”—a so-called stable coin that is pegged to...
Read more