Get your tickets to the 2024 Coin Center Annual Dinner 

What does “permissionless” mean?

At the heart of the much-hyped “blockchain” technology lies not a blockchain, surprisingly, but a consensus mechanism. A consensus mechanism does what it says; it helps everyone on the network agree, or reach consensus, on a shared computation and records of that computation. In the Bitcoin network, for example, the shared computation is the continual creation of a list of digital currency transactions made between users. In Ethereum it’s the state changes of a globally-accessible virtual machine.

A fundamental question in the design of any consensus mechanism is who can participate and how do they participate in order to reach consensus over some shared computation. For many years it was assumed that useful consensus mechanisms could only be developed if the participant computers were identified through channels outside of the decentralized computing system itself. In other words, it had been assumed that useful consensus mechanisms could only be designed as closed or permissioned systems. To participate in the decentralized computing system a user would need to either (a) gain physical access to a private underlying network architecture (e.g. an “intranet” rather than the Internet) or (b) obtain an access credential via a cryptographic key exchange with other participants or by utilizing a public key infrastructure. Several such permissioned consensus mechanisms have been under development for decades.. A good example is Paxos, which has been around since the 1980s.

Bitcoin, invented in 2008, and follow-on innovations like Ethereum and Zcash are something new. In these systems, anyone with an Internet connection, a computer or smartphone, and free and open source software can join the group of people—almost all strangers to each other—working to reach consensus over the computation. So, in these new systems, the number of participants on the network is unlimited, and no one needs to get permission from another user in order to take part. It’s a free and open system, like the Internet. And that’s an important comparison because many people are optimistic about the future of open blockchain networks for the same reason they were excited about the early open Internet. If you want to understand why permissionless-ness matters, you need to understand why it made possible the Internet we know and love today.

The Internet and Permission

The Internet is revolutionary in large part because it avoids the costs of “permissioning.” The underlying protocols that power the Internet—TCP/IP (the Transmission Control Protocol and the Internet Protocol)—are open technical specifications. Think of them like human languages; anyone is free to learn them, and if you learn a language well you can write anything in that language and share it: books, magazines, movie scripts, political speeches, and more. Importantly, you never need to seek permission from the Institut Français or the Agenzia Italiana to build these higher level creations on top of the lower level languages. Indeed, no one can stop you from learning and using a language.

When Tim Berners Lee had the idea of sending virtual pages filled with styled text, images, and interactive links over TCP/IP (i.e. when he invented the Word Wide Web), there was no central authority he needed to approve the project. He could write the standards and protocols for displaying websites—the higher level internet protocol known as HTTP (the Hypertext Transfer Protocol)—and anyone with a TCP/IP capable server or client could run freely available HTTP-based software (web-browsers and web-servers) to read or publish these new rich web pages. As a result, the Internet went from a primarily command-line text-only interface to a virtual magazine full of pleasantly styled pages full of text, pictures, and links to other related pages, and it made the transition without any formal body approving the change. Every Internet user was free to opt-in or opt-out of the new format, the World Wide Web, as they so desired simply by choosing whether or not to read and write internet data with the new higher level protocol, HTTP.

Today, thanks to the open, permissionless architecture of TCP/IP and higher level protocols built on top of it, no one needs to gain access to a private network in order to create a blog or send an email. Nor must an Internet user obtain a certificate of identity to participate in online discussions. Nor must a hardware designer obtain permission to build a new gadget that can send and receive data from the Internet. This openness has been a major factor in democratizing communications, and spurring vibrant competition and innovation. Anyone can design, build, and utilize hardware or software that will automatically connect to the Internet without seeking permission from a network gatekeeper, a national government, or a competitor.

It is true that businesses often utilize public key infrastructure online, and that this does add a layer of permissioning to the web. When you visit an online bank, for example, your web browser will look for a signed certificate issued by a certificate authority that has vouched for the Bank’s online identity. This begins a process between your browser and the bank that will ultimately encrypt all of your communications while you are navigating the website. This process is known as TLS/SSL (Transport Layer Security and its predecessor, Secure Sockets Layer), and it is the system behind the little green lock consumers are told to watch out for when visiting sensitive websites like banks.

TLS/SSL, however, is another application-layer Internet protocol—like HTTP—that runs on top of the open TCP/IP network. Again, the underlying protocols are the reason for the Internet’s openness. When a consumer device is connected to the Internet these protocols do not ask for identification, certificates, or authentication; they simply assign the new device a seemingly random but unique pseudonym (called an IP Address) in order to have a consistent address for routing data. The identified and permissioned layer, TLS/SSL, is running on top of the open and pseudonymous layer.

The layered design of the Internet is not accidental. It is modular, with an open lower layer, in order to enable flexibility. One can always build identified and permissioned layers on top of a permissionless system—as TLS/SSL (a closed, identified layer) is built on top of TCP/IP (an open, pseudonymous layer). The reverse is not possible, however. Had the Internet originally been architected to be permissioned and identified, it would have imposed costs and limitations on open public participation, and it would have ossified the possible range and diversity of future higher level protocols for identity and permission. When lower layers are permissionless and pseudonymous, on the other hand, the costs of participating are low (merely the cost of hardware and free Internet-protocol-ready software), and such an open platform enables a variety of closed or identified higher level layers to emerge and compete for particular use cases where identity and permissioning are essential. For example, PGP and the Web of Trust compete with TLS/SSL as methods for enabling secure and identified communications built on top of TCP/IP.

The Internet and Permission

We are still in the very early days of decentralized computing systems, and there remains much uncertainty over which protocols and systems will come to dominate the space. Given that uncertainty, it is possible that these systems will not follow the evolution of the Internet or the PC and instead be permissioned by default at the lower level. The key takeaway from a policy perspective, however, should be

  1. awareness of the technological features that enabled the Internet to flourish as a democratic and innovative medium: modularity, openness, and pseudonymity, and
  2. willingness to allow these new decentralized computing systems to evolve unencumbered just as the early Internet did, even when openness and pseudonymity cause regulatory confusion or concern because of their novelty and sharp contrast with legacy systems.

Regulators, especially financial regulators, are used to dealing with fully identified parties and closed systems. And, make no mistake, companies that hold other people’s money are currently (and should remain) identified and regulated like any other financial institution. But the infrastructure that these new companies use is open, public, and permissionless. And if the history of the Internet is any indication, permissionless networks like Bitcoin, Ethereum, and Zcash may revolutionize our lives in ways we, today, can’t even begin to imagine.