# Identity and Governance vvander.eth - 2022-08-18 ###### tags: `values` --- Recently, the Rocket Pool community has been working hard to formalize the DAO and get several initiatives off the ground. This is a great achievement and it's something I'm very proud participate in. Generally, this has taken the form of [Rocket Pool Improvement Proposals](rpips.rocketpool.net), but it also includes a vote on the Incentives Management Committee initial member list, which includes several anonymous members. This is the subject of my writing today. Identity and its relationship to trust in the crypto realm is a touchy subject, as evidenced by the recent Tornado Cash + OFAC debacle. Privacy is a core crypto value. Nevertheless, all participants are responsible for the safekeeping of public goods, so we have to form an opinion on identity and trust in governance. Namely, is identity a useful input in deciding who we trust? Trust is a difficult problem. BrightID and similar projects aim to provide Proof of Humanity (PoH) without publicizing identifying information, but they are still nascent and easy to fool. PoH protocols might help prevent large-scale sybil attacks, but it isn't a solution for preventing smaller, more targeted sybil attacks like the ones to which a multi-sig is vulnerable. As any infosec professional will corroborate, security planning is all about the expected threat vectors. If you want to defend against a nation-state attack on your trillion-dollar blockchain, you're going to take different precautions than if you're just worried about your smartphone in a sketchy part of town. In Rocket Pool's case, its governance resources are already a decently high value target, so when designing governance structures, the DAO must account for actors willing to put in an enormous amount of time and effort into an attack -- e.g. paying several people to create the appearance of multiple active and engaged anonymous accounts with the explicit goal of campaigning for governance powers. This is especially worth thinking about when it comes to the more powerful protocol-level responsibilities like the pDAO guardian and the oDAO, but it's true for anyone given governance powers. The blessing and curse of crypto is that we can't rely on any authority to provide deterrence against such attacks, so we're on our own to design resilient systems. Therefore, I am convicted that identity is a useful tool for trust and that we, the crypto community, ought to account for it in governance as best we can. This doesn't mean giving up our values regarding privacy, though. We can design systems which take into account members' right to privacy by requiring identity disclosures only to existing trusted members. This creates a web of trust which mimics the natural transitive property of trust -- e.g. I trust Bob, Bob trusts Alice, so I can trust Alice to some degree, too. With this model, the deterrence of reputation destruction remains intact while only slightly compromising on privacy. Some have suggested that using identity as an input for trust in any form is disinclusive. There are many individuals with innocent yet serious needs for anonymity -- whales with security concerns, someone living under authoritarian conditions, etc. Truthfully, though, I assign less trust to those individuals than someone who I can reasonably connect a true identity into. Is it ideal to trust those people less because of their innocent choices to remain anonymous? No. Is it logical, however? Absolutely. This is one of the costs paid for the additional security provided by anonymity. People have a right to reasonable privacy, but this generally comes at a cost for trust. In the end, it's tempting to try and rewrite the rules of trust in the name of our cryptographic revolution, but I worry that much of the crypto world is just re-learning what we've known for millennia: humans have enormous capacity for creativity with our evil acts. If we take a hardline stance on privacy of identity, we do so at the expense of trust. ## Formal Reasoning **Prior 1: a known identity is not *sufficient* for trust** There are plenty of people who were fully identified but ended up doing bad things. Hitler had his identity publicized! (Godwin's law: ✅) **Prior 2: a known identity is not *necessary* for trust** Anonymous accounts can build reputation. There are plenty of anonymous contributors who have done incredible things for the collective. -- **Assertion: a known identity is *useful* for trust** **Evidence 1: Attacks are easier with anonymity** Although some may be willing to destroy their reputation for a payout, this is a deterrent. Identity is still a helpful tool for developing security mechanisms against sybil attacks, to which multi-sigs with anonymous members are vulnerable. If 6 of your 6-of-9 multi-sig addresses are all anonymous, how can you confirm that these aren't the same person? **Evidence 2: Identity is important for ensuring alignment** I have a lot of respect for Vasiliy Shapovalov (Lido co-founder), but it's probably not appropriate for him to be on a multi-sig for a competing protocol like Rocket Pool. Similarly, it's probably not appropriate for Rocket Pool's founder, Dave Rugendyke, to be on a multi-sig for the Lido DAO. There's just too much potential for conflict of interest, despite how much expertise each of them bring to the table. ============= **In short, identity is a useful tool for alignment and security, and identity disclosures can improve trustworthiness without presenting a significant impedance to contribution, so long as this technique is used appropriately.** -- This article draws incfluence from [Cryptoeconomics as a Limitation on Governance](https://mirror.xyz/ntnsndr.eth/zO27EOn9P_62jVlautpZD5hHB7ycf3Cfc2N6byz6DOk])