On Tuesday we announced our investment in Cryptokitties, and, as you might expect, received a combination of enthusiasm and skepticism in response.  Bitcoin and cryptocurrencies already sound ridiculous to most people, and virtual "real" kittens made out of cryptocurrency take it a step further. But, as with many new technologies, these first use cases just scratch the surface of a broader potential.  There are lots of things to be excited about here, but for now I'll just focus on one of them: interoperability. Cryptokitties are a specific type of cryptoasset, known as a "non-fungible token" (in this case, based on the ERC-721 standard).  Non-fungible means that each one is unique.  So, when a kitty is "born", it is a one-of-a-kind digital asset, as opposed to other types of currencies or tokens that are completely interchangeable.  So, they are different than other tokens in that way, but are similar in that each NFT is "scarce" or "real" in that is secured by the blockchain - in this case the Ethereum blockchain.  So, what we have are unique, scarce, public digital assets. The public part is particularly interesting.  Because each kitty is a token on Ethereum, that means that anyone else (aside from the original developers of Cryptokitties) can view that asset and integrate it into other systems, without anyone's permission. For example, on Kittyhats -- developed independently from CryptoKitties -- you can buy a hat for your kitty.  Here's the one I bought:

(There are now 899 flat brim hats still available if anyone is interested) What's particularly interesting is that I don't own the hat, my kitty does -- from the KittyHats whitepaper:

"When you sell a kitty, the sticker remains applied to the kitty. The new owner can choose to remove the sticker or leave it attached."

Or, put another way:

You own the cat. But the cat owns the hat.

Cascading unique digital good ownership. Super interesting. https://t.co/iGqaWics2E — Liad Shababo (@L1AD) March 22, 2018

So neat!  So what we have the beginnings of is a world where digital assets that are created in one place can be freely integrated into other places. If hats are too tame, you can also race your kitty at KittyRace: (updated, via @sidkal)

Or, when you've had enough of your kitty, you can head over to CryptoZombies (hat tip to Aaron), which teaches Ethereum programming via online game development.  As you create a zombie, it can start to do things.  One of the things it can do is eat CryptoKitties:

The (original) internet brought us a world where any site could link to any other site, and they could all be accessed from anywhere in the world.  This was the first interoperability revolution.  The next one will be with data and digital assets.  For a long time, data has been the property of platforms -- with cryptonetworks and cryptoassets, data can live outside of anyone platform, under the control of users.  This has the potential to open up a lot of innovation.

"Cryptonetworks" can help us build a more competitive, innovative, secure and decentralized Internet.  "Tokens" (also known as cryptocurrencies or cryptoassets) are integral to the operation of cryptonetworks.  As we design new laws and regulations in this emerging space, we should keep these concepts in mind, beyond the financial aspects that are today's primary focus.

In recent months, there has been untold attention paid to cryptocurrencies, blockchains and the coming of the "decentralized web" or "web3".  And, given the rise of the cryptocurrency markets (over 1500 coins, with a total market cap of $370B as of today) and the recent boom in token-based fundraising (including a healthy dose of scams and shenanigans) there is increasing regulatory and legal attention being paid to the sector, and rightly so. This is a profound, and confusing, innovation.  As John Oliver so aptly put it last week, it's "everything you don't understand about money combined with everything you don't understand about computers".  Basically right. At USV, we've spent the better part of the past five years exploring and investing in this space, and now have roughly a dozen investments touching it in one way or another.  As we have watched the technology and market evolve, alongside the public discourse, we feel its important to reiterate why we think this technology is so powerful and important, and contribute to the ongoing collective learning about how it works. While much of the focus, especially in the context of regulations, is on the financial and fundraising applications of cryptocurrencies, our interest continues to be on the potential for cryptonetworks to provide digital services, such as computing, file storage, social applications, and more. You might ask, why is it important to have another way to provide digital services?  We already have lots of websites and apps that do that today.  The reason cryptonetworks are an interesting addition to today's digital services is their core architecture of decentralization.  Just as the original internet gave us a decentralized layer on top of the telecommuncations network, which resulted in untold innovation, cryptonetworks are a decentralized way to provide digital services.  Chris Dixon has a great post exploring why this is important, including the historical parallels to the original internet. The decentralized architecture of cryptonetworks has the potential to address many issues in today's tech and business landscape, including information security, market competition, product innovation, and equitable distribution of gains from technology. Imagine, for instance, if the owners or users of Amazon/Google/Facebook/Reddit/etc. were able to "fork" the product and launch an identical competing copy, if they didn't agree with the direction of the company?  And imagine if all of the users of & contributors to a web platform also had a direct, monetary interest in the success of that platform, that reflected their own contributions as community members?  This is how cryptonetworks work, since they are essentially open-source, mutually owned & operated web platforms.  Each network's cryptocurrency or "token" acts as the internal currency, incentive mechanism, and "binding agent" for the other processes that help the platform function.  And further, the internal data structure of cryptonetworks, the distributed ledger or blockchain has unique properties that can improve privacy and data security.  See also, Steven Johnson's recent NYT piece exploring these ideas. With that as context, it's important to walk through how cryptonetworks function, and importantly, how tokens function within them -- especially given the growing regulatory scrutiny around how tokens are created and traded. The deck below (full size / downloadable PDF) is meant to help explain this.  While it does touch on some public policy goals at the end, it does not attempt to make specific, detailed recommendations.  The main takeaways should be (a) cryptonetworks are an important new innovation in how digital services are delivered, (b) tokens are fundamental to their operation, and (c) as we design new laws and regulations in the space, we should keep (a) and (b) in mind as guiding concepts. 

One thing that's interesting about yesterday's Basic Attention Token sale is how quickly it went - $36M transacted in 30 sec. Lots of people were surely disappointed as they attempted to buy into the token sale only to have their orders canceled for missing the sale window. I haven't nailed this down for certain, but I suspect that all of the successful buys in the token sale were programmatically executed through smart contracts, rather than by hand.  The entire sale was tied to milestones in the Ethereum blockchain, making this possible.  From the BAT sale site:

"The sale of BAT will begin at the time that mining commences on Ethereum block 3,798,640 and continue until the time that 156,250 Ether has been received or mining commences on Ethereum block 3,963,480, whichever is earlier. This is the “sale period."

I honestly don't know the mechanics of Ethereum well enough to really diagnose this, but my guess is that there were lots of buy contracts that were triggered to execute along side block 3,798,640. I don't think that we are quite prepared for what a world driven by "smart contracts" will feel like - despite the fact that we have had high frequency trading for years, smart contracts that auto-execute on blockchains will bring really fast transaction execution to lots more areas of life. I am not sure that there's anything wrong with that, just pointing out that it's going to feel quite different than what we are used to today.

There has been lots of attention this week on cryptocurrencies and blockchains, what with Consensus conf and the Token Summit and lots of related announcements. And with like lots of new things (thinking back to Twitter circa 2010) I find myself spending a lot of time explaining to people what blockchains and cryptocurrencies are, and why we think they're interesting. It has taken us years to peel away layers of understanding around Bitcoin and blockchains -- see "Bitcoin as Protocol" (2013), "The blockchain as verified public timestamps" (2015), "The Golden Age of Open Protocols" (2016), "Fat Protocols" (2016).  We've been chewing on this idea that cryptocurrencies aren't just digital money, they're something else -- they're a new way of storing and verifying data, a new way of building tech platforms, and a new way of monetizing activity on the web. One way I've been thinking about it recently is that cryptocurrencies are the native business model for open source and open data.  I come from a background working in open data, open source, and open standards -- mostly in the context of cities and governments.  I spent the better part of 2008-2011 working to advance standards like GTFS and Open311, and searching for the super-forces that would drive adoption (see Where Do Web Standards Come From?).  The big takeaway from that time was that standards don't propagate themselves -- you need some sort of major driver to pull them into market (in the case of GTFS it was Google Maps). What we have now learned from cryptocurrencies and blockchains is that they can provide that driver.  By creating an economic incentive -- the cryptocurrency or token -- to create a shared open data asset, we now have powerful driver for open data, interoperable through open standards.   This is the point of Joel's Fat Protocols piece -- that with cryptocurrencies and blockchains, we can now monetize the underlying token and let the data be open, rather than controlling the data and monetizing access.  This is a really big deal. Take that a step further, we can now re-think how we build "platforms". Think social networks like Twitter, who have historically been forced to close down their APIs in order to keep attention within their own ecosystem, rather than let it "leak" to third parties. Blockchains and cryptocurrencies offer an alternative here as well -- by monetizing through an underlying cryptocurrency, we can now afford to be "open" when it comes to platform interoperability.  As much as I dislike the Rare Pepe project because of its racist roots, one thing stands out: the way it's open and interoperable by default. From this article describing the project:

"Interoperability Finally, the potential of rarepepe model doesn’t end with simple digital asset collection and trading. What’s even more remarkable about this token model is that third party developers or projects can bring external value and use cases to pepe tokens thanks to their open and permissionless nature. Interoperability and permissionless nature is what differentiates tokens on the blockchain from closed proprietary systems or private blockchains whose essences are control and permissioned. Whether you like it or not, as long as it’s on an open and public blockchain people will create unexpected use cases and synergies that even token issuers cannot imagine sometimes. In my opinion, this is the biggest advantage of using tokens on a public blockchain and this type of cross collaboration has started to emerge already with Pepe. For example. the Rarepepeparty project is developing a trading card game with some RPG element utilizing rarepepe tokens and user created memes. If you own those cards in your wallet and prove its ownership, you will be able to play your dank pepecards within the game."

So what we have here is now a new business model for platforms.  Whereas in the past, you had to lock down your platform in order to control the flow of eyeballs, either for transactional revenue or ad dollars, now the incentives are flipped -- the more people who use it and build on it, the better, so let it be open. So really, what we have now is a new business model for attention.  One where we can be open to share attention with others, as long as we are bound by an underlying cryptocurrency or token.  This is relevant to any platform or network with an advertising-based business model.  As everyone knows, it's hard to make money in the ad business if you're not Facebook or Google, so it's exciting to think that maybe you don't need to be in the ad business to build a successful and sustainable social platform.  This is what Kik is pioneering today with the launch of the Kin token, and if this works I suspect it will be a model that many ad-supported networks follow.

For the past few weeks, I've been following the FBI / Apple phone unlocking case, and digging deep into the debate around encryption, security and privacy. This debate is as old as the sun, and the exact same arguments we're going through now were fought through 20 years ago during the first crypto wars and the US government's effort to deploy the Clipper Chip as a way of sharing crypto keys between industry and government.  The stance of the tech industry has always been "strong crypto or else, because Math" and the stance of the government has been "come on guys, let's figure something out here". At USV, we've been trying to look at this round of the fight with fresh eyes, to the extent possible.  What we've been wondering is: is there something different this time around?[1]  Has anything changed that might make us reconsider these dug-in, partisan-esque positions?  Are there unintended consequences that the tech industry hasn't been considering? To paraphrase my colleague's arguments, Fred points out that trust, safety and security are serious issues within and around web platforms, and platform operators do have a civic duty to cooperate with law enforcement when it's necessary and lawful (on the surface this is not controversial -- it all depends on the whys and hows).  Albert adds to that, and has also written extensively about the general concerns of crypto trench wars leading us down the path to a spy vs spy society where information and knowledge are locked up, rather than an open society that benefits from collective intelligence and open knowledge. The part I really want to dig into is an apparent parallel here between data security and DRM.  With DRM, there's been a 30 year battle to lock down the entire software and hardware ecosystem in the name of controlling access to content.  Internet / free culture advocates have long pointed out that the more enlightened approach is to understand that information wants to be free, and we can all be better off if adapt our culture, expectations, and business models to a world where remixing is allowed. Now, as we look at data security and privacy, I feel a lot of those same forces coming to bear: in the name of data security and privacy, we need to all get on board with a controlled software / hardware model where companies, rather than users themselves, control data flows.  This is best exemplified by Apple's security model, which stores encryption keys in a separate "secure element" and only allows software to be installed that's signed by Apple -- conforming not only to their security policies but to their control policies. This, I think, is where some of us have gotten uncomfortable.  What we don't want is the cause of security and privacy to lead us down the path to lockdown and the war against general purpose computing, the way that DRM has.  A risk here seems that many of the folks who are fighting for copyright reform & device unlocking, may also be unwittingly undermining those same causes in the crypto/privacy/security fight. So what I've been trying to do is parse apart the issues of security and control.  Can we have one without the other, and can we talk about them, and advocate for (or against) them separately? (And, for bonus points, can we find ways to have both security and access to knowledge -- for example as secure data processing projects such as Enigma, LeapYear and Inpher are exploring) Amazingly, as I've been chewing on this part specifically, I came across this announcement about the effort to assemble a secure, open, mobile OS + app + app store stack.   What we've got here is a hardened operating system built on Android (Copperhead OS), a set of secure applications (from the Guardian Project), and a distributed app store (F-Droid) with no central gatekeeping. Why is this important?  Because it shows that it's possible to have verifiable security without the anti-innovation control that comes from centralized app stores.   For example: one of our portfolio companies recently realized that by shifting from an app-store model to an API-based model, they could increase their product iterations by 1000% -- shipping new code instantly, rather than waiting weeks for app store approval.  This is the kind of innovation we want, and it's just not possible with the controlled app store model. It's also important for other kinds of security -- specifically, the ability for users to audit and inspect the devices and services they use.  This was a key outcome of the VW emissions scandal, and will be increasingly important as more Internet of Things devices do more things with more data.  If we move towards a world of DRM-style data lockdown, we'll have less knowledge of how products work and less control over our information. This has been a long post, so I'll just summarize by saying: I think it would do everyone good to keep looking at the encryption issue not simply through the lens of privacy and security, but also through the lens of openness and innovation, and make sure that whatever policies and technologies we support coming out of this strike the best possible balance. -- [1] the best resources from the academic community on the subject are Keys Under Doormats, an MIT publication pointing out the security risks of "key escrow" systems that the government prefers, and Don't Panic, a Berkman Center report pointing out the extent to which the "going dark" framing is misleading, since the overall surface area for digital surveillance has grown dramatically at the same time that strong encryption has made some data inaccessible.