Are Your NFT Assets Safe?
NFTs provide a way of claiming and registering ownership.
For intangibles such as image files they serve the same function as a registry of deeds does for tangible real estate, or a motor vehicles department that issues and records the title to your car.
But the “registry” of an NFT resides on a blockchain, a public ledger system whose authority consists of merkle tree algorithms. That means that whoever has the private key to the token owns the property.
Imagine if your county registry of deeds decreed that whoever has your home’s secret big number owns your home!
Or suppose that anyone who happened to get their hands on your car keys… owned your car!
That’s how it works for the owner of this sixty-nine million dollar Beeple artwork:
You could say that this is how numbered Swiss bank accounts work; but one suspects that in practice the bank requires more evidence than just the number to get at the deposits.
It’s not hypothetical. This is how the token world really works. Most of the horror stories aren’t as visible as Seth Green’s having to buy his stolen NFT back from thieves for $260,000, but because ownership of a token and what it represents goes with whoever gets their hands on the token’s private key, such stories abound.
If a token is worth thousands or even millions of dollars, that provides a big incentive to get at that private key, by trickery or other means, because that’s all you need in order to claim ownership! In other words, an NFT – that is, a non-fungible token – is as fungible as a twenty-dollar bill! If you manage to get your hands on it, it’s yours!
Does this make sense? How did we end up with this system for establishing ownership of digital assets?
The reason is that this system designed to provide non-fungibility is built on a system whose basic requirement is fungibility.
A very important part of a registry of deeds is provenance. Let’s say an asset is being transferred (deeded) from one owner to another. Well, what evidence do we have that the owner has the title to it in the first place? What happens when you try to sell a car with no title? It can be done, but not without first proving to authorities with a lot of paperwork that you do in fact own the car.
That’s the essence of a titling system.
There’s a huge difference between the requirements of a titling system and a currency system. Blockchain was invented as a currency system.
In 2008, the mysterious Satoshi Nakamoto combined asymmetric cryptography and his (her?) own brilliance to accomplish the impossible in Nakamoto’sfamous paper entitled Bitcoin: A Peer-To-Peer Electronic Cash System.
Nakamoto designed an actual working currency – money and payments – that is not issued or backed by a central bank or other authority. Nakamoto’s amazing creation was built on asymmetric technology that was created more than thirty years earlier at the British signals intelligence agency GCHQ.
People make a lot of the fact that Bitcoin is a decentralized system, but peer-to-peer technologies had been around for decades.
What’s actually amazing about Bitcoin is that, first, the currency is truly fungible, and second, it solves the double spend problem.
The double spend problem refers to the fact that when you spend a Bitcoin, it must leave you. It can’t stick around to be spent again. A spent or withdrawn bitcoin is… gone. Ask any bank examiner about how complicated that gets.
Bitcoin does that without human supervision.
Well, in theory anyway.
“Fungible” means that, like a dollar or euro or rupee in your pocket, any one bitcoin may be substituted with any other bitcoin with no implications on a transaction.
Accomplishing both no-double-spend and fungibility in an automated system with no central institution supervising the process is a herculean accomplishment, full of complexity and genius.
But fungibility in a system that must include provenance? How’s that supposed to work?
It turns out that there is indeed a system, built on that same asymmetric cryptography, that provides the basis for exactly the provenance that is called for in a digital registry of deeds. It’s well-proven… and it requires centralized authority. That system is PKI, with its digital certificates.
NFTs are just one more example of what inevitably happens to decentralization when it’s subject to real-world pressures. It turns out that governance is required, and as the decentralization advocate Lawrence Lundy-Bryan notes,
“There is no such thing as decentralized governance.”
Governance, in turn, requires accountability, and accountability is meaningless if it doesn’t start with the individual.
The thing about accountability is that you can’t achieve it with a collection of commercial product widgets. Today, the custodian of our identities is what we call “Silibandia”: Silicon Valley plus the broadband and media industries.
What we need instead of Silibandia is a source of authority that protects our personal information and whose governance we can all participate in. It will provide a source of measurably reliable identities of users that is accepted by all within a domain. The source of authority includes the services of legally accountable Attestation Officers who examine those identity claims and attests to their reliability, as measured on a scale. And that source of authority cannot be a commercial enterprise which, when it’s successful, can be sold to the highest bidder (who will inevitably be the bidder whose intention is to weaken, and therefore corrupt, its standards.)
I have become a part of, a group that compares itself to an “authenticity growers’ cooperative,” modeled after an agricultural cooperative. You may not be aware that brands such as Land O’ Lakes, Cabot, Florida’s Natural, Ocean Spray, and many other food brands are actually agricultural cooperatives. You won’t read about them in the Wall Street Journal because you can’t buy their stock – unless you’re a farmer who actually grows the crop that the coop packages and sells. It’s a wonderful business model that completely avoids the awful excesses of stock-price-driven public companies.