24 MIN7 Apr 2024

Obsessed with Archives

Why secure, immutable, decentralised archives are critical to good governance, and how blockchain technology enables them

Codex

blockchain

Archive

Share

P

Peter Ludlow

J

Jarrad Hope

In the 17th century, the philosopher Gottfried Wilhelm Leibniz proposed an archive in which documents were ‘kept in such a way that they rest intact and unaltered for future information, and that in that occasion they can be used as certified proofs in justice’. The archival project was, in fact, an obsession of Leibniz’s, but why? What Leibniz saw was that the very nature of good governance cannot be separated from the keeping of archives in a secure and immutable fashion. What Leibniz could not see was that the archives should also be widely accessible, and that to achieve both these goals they must be decentralised. We revisit Leibniz’s ideas and reimagine them with the help of blockchain technology. This article is the first in a series of articles by Peter Ludlow and Jarrad Hope, taken from a forthcoming book by the two.

Leibniz’s Obsession

Gottfried Wilhelm Leibniz was one of the great natural philosophers of the 17th century. In addition to his writing in metaphysics (e.g. on monads), he is also known for his debates with Isaac Newton’s associate Samuel Clarke about the nature of space and motion and his work on political philosophy and law, the philosophy of religion, and the theory of knowledge. Leibniz is perhaps best known for independently inventing the calculus (indeed, inventing a version of the notation we use today). A century later, Denis Diderot wrote, ‘Perhaps never has a man read as much, studied as much, meditated more, and written more than Leibniz.’^[1] In fact, Diderot was moved to despair when he measured himself against Leibniz:

Given the great (if sometimes depressing) accomplishments of Leibniz, it is surprising to learn that in 1678, he wrote to the Duke of Hanover, making the mundane proposal for a permanent archive of documents for purposes of governance. When that letter fell on deaf ears, Leibniz made the proposal again in 1680 to the Duke’s successor.

In both letters, he described his archive project as ‘a place where writings useful for government are kept in such a way that they rest intact and unaltered for future information, and that in that occasion they can be used as certified proofs in justice.’ Ulysses Pineiro provided a helpful summary of the project, noting that Leibniz also seemed to be drawing on a proposal he had made at the age of 20 in his doctoral dissertation (entitled Dissertation on Combinatorial Art). In that work, Leibniz’s idea was to encode information in a ‘universal language’ from which conclusions could be derived by proofs. Taking that idea with the archive proposal, Pinero suggested that Leibniz’s big idea was to create ‘an instrument with a fundamental concern over the future actions of a Prince. It has the epistemic value of a virtual mechanism guiding the Prince’s actions’.^[3]

This means that if the information is encoded in a logical language, the correct action might be computed and presented to the prince to carry out. What might these recommended actions be? Leibniz only provides clues, but in his dissertation, he proposed that the relevant terms over which actions could be proved (we might say computed) included war, peace, wagons, money, vassals, truce, allies, booty, bridges, gunpowder, attack, parley, clients, routes, cannonballs, security, treaty, neutrals, agreement, enemies, ships, medicine, and counsels. In short, anything that might be relevant to 17th-century statecraft.

Leibniz’s overarching idea was so profound that it would not become technologically viable for over 330 years – not until the development of computer science, artificial intelligence, and what are now called ‘smart contracts’ (self-executing contracts). Given advances in these fields, we think it is time to revisit his ideas if only to reflect on what he might have thought about recent developments.

In revisiting his proposal, we will see that Leibniz had some predictably deep insights, but he also ran ashore on the rocky crags of centralisation. But we believe we have a solution for his problem – one that we think he would like! And the place we need to begin this entire discussion is with the part that seems the most banal – the proposed archive itself.

Leibniz was apparently obsessed with the issue of archives. In his letters to the Dukes of Hanover, he went into great detail on how they should secure their records. He proposed that the structure that housed the records should adequately preserve the documents from mould, mice, and worms as well as from fire and attack of enemies. He added that its internal vaults should be reinforced and doors should be made of iron. The most important original documents should be kept in a safe and hidden in a wall.^[4] Why this obsession? To answer this, we must first understand the importance of immutable records.

Immutable Records

In May 1747, Don Giuseppe Rapaccioli, a parish priest in Macinesso, Italy, was supervising the renovation of a field near his church when his workers came across a large bronze plaque containing Latin inscriptions. Today called the Tabula Alimentaria Traiana, it measured 1.38 meters tall by 2.86 meters wide. To this day, it is the largest bronze inscription from antiquity ever discovered.

Further study of the Tabula showed that it dated to 112 CE, during the reign of the Roman Emperor Trajan (‘Traiana’ being the Latin version of ‘Trajan’).^[5]

But what was the bronze plaque about? In the early second century CE, Trajan instituted an alimentary program in towns throughout the Italian peninsula. This program encouraged landowners to take out loans from the government by mortgaging their property. The interest on these loans was paid as a food stipend for children in the respective areas. In other words, landowners could borrow some cash from the government using their land as collateral, provided that the interest was paid in the form of assistance to local poor children. Emperor Trajan thus used short-term bribes to incentivise landowners to look after local children long-term. (Here, we set aside questions about the nobility of Trajan’s program, which was probably motivated by a concern that rural regions of the empire were becoming depopulated.)

In this particular case, the bronze Tabula codified the details of Trajan’s alimentary project in Veleia, a rural northern Italian town near the Roman colony of Placentia (today known as Piacenza). The recorded information on the plaque included the debtors’ names, the location and value of their property, and the loans they received for that mortgaged land (generally a bit more than 8% of the land’s appraised value).

Why are we talking about a bronze plaque from the second century? Because this bronze plaque had certain important features that we are interested in. It was public; everyone in the town could see it, and everyone knew what was owed and what the landowners were expected to pay to the children. Second, it was, for all practical purposes, immutable. It was literally cast in bronze, after all, and not one detail had changed in the 1,600 years between its being lost and its discovery by Father Rapaccioli in 1747.^[6]

Not only was the information in the Tabula public and functionally immutable, but it also had a ‘cybernetic’ effect (in the sense of the ancient Greek origins of the term, meaning ‘guiding’). By making responsibilities public, it helped to ensure that those responsibilities were carried out. Everyone knew what was expected. It was thus not merely information but information that had a governing function.

Of course, the encoded information couldn’t guarantee that Trajan’s policy would be carried out. Whoever made the Tabula presumably assumed it would encourage people to live up to their obligations or possibly feel shamed if they failed to do so.

Detailed records have been important to human governance since the earliest civilisations on record. The ancient Sumerians, for example, left behind a detailed record in the form of cuneiform writing on clay tablets.

Subsequent civilisations in the Near East (the Babylonians, Assyrians, Elamites, Hurrians, Kassites, and Hittites) also made extensive use of cuneiform records to extend the scope of their governmental control. So much so that we now know their legal record keeping as ‘cuneiform law’. The most famous example of this legal record keeping is the ‘Code of Hammurabi’, which remains one of the most well-preserved legal texts of the era.

Cuneiform law became not only a way of regularising the administration of justice but also a means of tying together the administration of perhaps the world’s earliest empire and projecting its force throughout Mesopotamia.

Perhaps the survival of these examples, cast in bronze or carved into stone, suggests that written records are normally secure. Leibniz saw that nothing could be further from the truth. For example, during revolutionary periods, one of the first and most important objectives for the revolutionaries is to destroy the records of the existing regime. Why is this so? Well, records might include files on dissidents and details of their arrests and activities. Such record-keeping helps a regime stay in power; thus, destroying the records weakens the regime. Another target has been records of property ownership and debts that were owed to landowners. For example, during the earlier Russian revolution of 1905 (what Lenin called ‘the dress rehearsal’ for the revolution of 1917), peasants attacked the estates of the landowners, destroyed physical property, and, notably, the debt records.^[7]

The Mexican Revolution is also a good example of this phenomenon because records – or the lack of records – played a role on both sides of the conflict. Perhaps initiating the revolution were the actions of the ‘haciendas’ – large estates that seized ancestral claims of land from poor farmers, a feat made possible by the lack of permanent records of ownership. When Zapata’s men attacked the haciendas, one of the principal targets was the newly minted records of ownership.

A fascinating collection of papers assembled by Aguirre and Villa-Flores documents numerous examples of this sort of ‘archival conflict’ in Latin America.^[8] It is a tradition that begins with the destruction of Mayan records by the conquistadors in 1530, an event that was followed by the destruction of 27 Mayan codices by Diego de Landa, the Bishop of Yucatán, in 1566. Reporting on the atrocity, de Landa himself noted:

The history of archival conflict proceeded through the destruction of records of the Spanish Inquisition and the sacking of municipal archives during an uprising in Mexico City in 1630, all the way to the 20th century, throughout which the destruction of archives remained a robust tradition during times of political conflict. We already mentioned Zapata’s destruction of records of property ownership; this strategy was repeated in El Salvador in 1932 when Red Commanders destroyed the property records in every town they occupied. Of course, the destruction of archives does not merely target economic records such as ownership and debt but is routinely used to destroy cultural records as well. This was certainly the goal in the destruction of the Mayan codices in the 16th century.

As Aguirre and Villa-Flores point out, the problem is not merely with intentional efforts to destroy records; records can be subject to lack of attention, natural disasters, etc. There are many examples of this in Latin America, beginning with the Lima earthquake of 1746 and, more recently, the tragic fire in the National Museum of Brazil that destroyed 92.5% of its repository of 20 million items, including its archive of indigenous languages, in 2018. An employee of the Federal University of Rio de Janeiro announced the tragedy in an email to linguists: ‘Folks, there’s nothing left from the Linguistics division. We lost all the indigenous languages collection: the recordings since 1958, the chants in all the languages for which there are no native speakers alive anymore… An irreparable loss of our historic memory. It just hurts so much to see it all in ashes.’^[10]

Tragic losses like the Brazil museum fire are not rare in history. One of the more famous examples is the loss of the Great Library at Alexandria, which was decimated through a series of events, including fires that appear to have been initiated by Julius Caesar’s troops. As we have seen, sometimes archival loss is intentional, sometimes via neglect, and sometimes simply because of the lack of resources to fight against entropy.

In his discussion of Leibniz’s proposal for an archive in conjunction with his views of national sovereignty, Pinheiro argued that, to some extent, the very existence of the state is a function of the archives it keeps.^[11] If this sounds implausible, it shouldn’t. If the archives contain evidence of treaties, land ownership, citizenship, and economic contacts, then at the very minimum, one can reconstruct the state, its borders, and its interests from a well-maintained archive. However, if the archive were to disappear as a result of an ‘archive bomb’, it is not at all clear that the state would be able to persist in its pre-bombing form.

Perhaps this point can be better illustrated by thinking about the governance of corporations. Suppose a corporation were to lose records of its customers and its suppliers, its inventions and production methods, its employees and how they are organised. What would actually be left of the corporation? If we think of a corporation as a body (a natural enough metaphor given the etymology of ‘corporation’) then information archives are the DNA of the corporation – they are the information within the cells of the organisation that guides the organs it should make and where and how they are regulated. Similarly, for nation states, archives are not just things that states ‘keep’. Archives are critical to the very identity of the state. We believe this is also true at every level of governance. But it isn’t enough that the archives exist. They must also be accessible!

Archival Access

So far, we have been on the same page as Leibniz, but now we get to an issue where he comes in for criticism for his proposal. It is important to understand that the loss of archives is not the only possible pain point. A similar effect emerges via restricting access to archives. To put it another way, you don’t need to destroy archives if you can make the archives inaccessible instead. And for sure, there are plenty of information archives throughout the world that remain inaccessible, either because they are ‘classified’, or ‘private’, or behind a paywall – a point that was made clear by Aaron Schwarz in his ‘Guerrilla Information Manifesto’.^[12]

Why does this matter? Because archives, and access to the information contained in those archives, are critical to freedom, democracy, and certainly also to our ability to know whether our government is functioning as it promised (whether that government is democratically chosen or not). Jaques Derrida summarised the importance of archives to governance as follows:

And herein lies the central problem with Leibniz’s proposal. His archive was completely centralised. Some of the documents were to be hidden in a safe in a wall. And the question is, do we have a way to make archives secure yet visible to all like the Tabula Alimentaria was? You might think that we can simply produce copies of the documents and distribute them on the Internet, but this doesn’t help us if fake versions are being distributed. Everything must be checked against the ‘official’ version, which unfortunately might be hidden in the safe in the wall in Leibniz’s archive.

So, if archives are constantly under attack or otherwise under threat from entropy and ineptitude, and if maintaining access to secure archives is critical to democratisation or simply understanding what your governing body is up to and knowing if it is functioning as promised, what is the solution? Well, a key advantage of blockchain technology is that it provides strategies for securing archives and information against attack while at the same time making the information accessible to all.

Decentralisation

One of the most infamous examples of record destruction happened on December 7, 1985, when Pablo Escobar paid the left-wing guerrilla group M-19 (the ‘April 19 Movement’) to invade Colombia’s Supreme Court building in Bogota and destroy records related to criminal cases being built against Escobar and other ‘narcotraficantes’. If Pablo Escobar’s son is to be believed, this was accomplished for the low price of 1 million US dollars – peanuts to Escobar.^[14]

The damage went far beyond the documents in the case against Escobar. According to Mark Bowden, in his book Killing Pablo, the attack destroyed documents for 6,000 pending criminal cases and ‘crippled the Colombian legal system’.^[15]

We can, of course, attempt to armour our central points of failure (as Leibniz proposed to the Duke of Hanover), but sadly, these attempts are inherently vulnerable to all manner of attack. Pablo Escobar chose the crude method of a guerrilla military operation, but softer methods are often just as successful. As Escobar well knew, corruption was a preferable method.

There is a reason why the Defense Advanced Research Agency (DARPA) funded the early stages of the Internet. A decentralised (or at least more decentralised) network is less vulnerable to attack. In theory, it should even survive a nuclear war. Similarly, if we want our documents and records of value to survive attack, we should consider decentralised networks. However, slogans about decentralisation aside, this turns out to be easier said than done.

Pretty obviously, if a centralised repository of records represents a point of failure, then it would seem that a decentralised network represents multiple points of failure. This much is undeniable. The difference is that a decentralised network can be fault tolerant. Nodes in the network can fail, but the network keeps humming. You see this in the case of the Internet. If an internet node goes down, the entire Internet doesn’t fail. However, when we get to matters of money and governance, fault tolerance takes on a whole new dimension.

Most of the institutions of trust that we engage with today are centralised. So, for example, our national governments are typically central governing bodies that sit in a national capital. Most nations issue their own currency, which is under the control of a central bank.

So too, our institutions of financial trust are centralised. We trust large banks to record how much is in our account and to record our transfers of money. For example, if we wire $100 to your account from our account, our bank debits our account $100. If we have the same bank, our bank simply credits your account $100  – no coins, dollar bills, or bars of gold move. There is just a simple change on a ledger that is kept by the bank. If we use different banks, then our bank will credit the account of your receiving bank, and this will be recorded by a centralised interbank protocol like SWIFT.

Similarly, if we buy land, some official record keeper records our land ownership. In the United States, that would be a title company. Perhaps you worry that your title company might have a record-keeping failure or overlook a dispute about who owns your property. That is why we have title insurance. But as with everything else, the title insurance is recorded with a centralised institution.

The problem with centralisation is that it presents a massive point of failure for any system, whether it is governmental or financial. Pablo Escobar showed us how centralised legal records represented a point of failure, but this is true for all kinds of record keeping, including property ownership. In Mexico, for example, the lack of security with records of property ownership remains a constant threat to people who might lose their property to a local crime boss simply by a revision to a document. Transparency International, an NGO that studies corruption in land administration services (e.g. title companies), reports that globally one in five persons have had to pay bribes to land administration officials to maintain their property rights. They report the number is one in two in Africa.^[16]

The same can be said for national currencies, government policies, etc. If there is a central authority, then that central authority becomes a target of opportunity for enemies and individuals who are attempting to game the system for their own benefit. And it may be a very banal form of corruption at the end of the day. Central bankers have friends, too, and they are apt to be part of a wealthy class of individuals. Central bankers are thus likely to take on the attitudes of their small class of friends. Does this make them corrupt or evil? Well, that isn’t the issue; the more pressing issue is whether such decisions should rest in the hands of a few central authorities – authorities that are apt to fall under the influence of a small number of individuals. It doesn’t matter whether that influence is driven by force, or corruption, or simply the interests of good friends. The end result is the same.

You might think that human governance and record keeping can’t be any other way than centralised, because, after all, someone has to keep these records. If everyone kept their own record, surely there would be inconsistencies in the records and thus disputes over the correct record. How would those disputes be resolved if not through some central authority that had access to the correct or ‘official’ record of ownership? It is one thing to say you don’t like centralised records, but it is quite another to figure out what the decentralised alternative might be.

Here is a problem for decentralised networks that are in the business of recording assets and payments – the double-spending problem. Suppose that we offer to buy a widget from you for $100. You check the shared distributed ledger and confirm that we have $101 in our account, so we should be able to pay. You send us the widget, and you deduct the $100 from our account. But what you did not realise is that just as we were buying the widget from you, we were buying a $100 cog from Smith. Smith also consulted their copy of the ledger, saw that we had $101 in our account and sent us the cog. The problem is that you and Smith can’t both get paid! Who is right?

This is the key problem. If there are many nodes in the network, there can be bad actors at any of those nodes. Doesn’t decentralisation just increase our headaches when it comes to failure and corruption?

Byzantine Generals, Decentralisation, and Satoshi

The double-spending problem is really just one instance of a class of problems that every decentralised network has to confront. In 1982, Leslie Lamport, Robert Shostak, and Marshall Pease released a research paper titled, ‘The Byzantine Generals Problem’,^[17] which gave the problem (class of problems) the catchy name we know it by today.

Here is the general form of the problem: Several Byzantine generals must participate in a coordinated attack on a city, each at the head of an army. It is a critical point that the attack must be coordinated. If too few armies attack, they will be crushed. But now we encounter several problems. One is that the generals must communicate with each other in what is effectively a hostile environment. What if the messenger gets intercepted? Well, you could wait for a response message that your initial message was received. But how does the other general know you got the response? Do you have to respond that you got the confirmation? The problem is that for a coordinated attack, it is not enough for everyone to receive the attack message; everyone has to know that everyone received it, and they have to know that everyone knows that everyone received it, etc.

But there are more problems. A coordinated attack may also fail due to traitorous generals in the mix. Or perhaps it will fail merely due to incompetent generals sleeping off their hangovers. So, however we plan our attack, we must do it in such a way that it is ‘fault-tolerant’ – the attack must be successful even if there are weak links among our generals. This is Byzantine Fault Tolerance.

This problem has been with us for as long as we have been engineering distributed systems. Research on Byzantine Fault Tolerance (although not under that name) began in the 1950s and mainly revolved around the aviation industry. To see why, consider an aeroplane with multiple computer systems that might fail. You don’t want one failure to bring down the whole system, but how do we engineer around these inevitable failures? Those early investigations paved the way for the 2008 publication of Satoshi Nakamoto’s Bitcoin White Paper and the subsequent implementation of Bitcoin in 2009. 

The popular view of Bitcoin is that it is some sort of financial asset, but this is an uninformed take. In its essence, Bitcoin is a single implementation of an archival system that is decentralised yet coordinated. Or, to put it another way, the ledger is distributed, but everyone is on the same page – or more accurately, everyone is looking at their own copy of the ledger, and it is saying the same thing as everyone else’s copy.

Many people understandably think of Bitcoin as being a virtual coin of sorts (‘coin’ is in its name, after all), but that is a very weak metaphor. If you own one bitcoin, there is no coin sitting in a repository somewhere. It is much better to think of the Bitcoin protocol as a decentralised record or ledger that keeps track of who holds what – an immutable ledger (like the Tabula Alimentaria Traiana) and which is visible to all (as was the Tabula), but which unlike the Tabla is a decentralised record. It is not located in one place, but control of the record is distributed across the network. This has the advantage of not having a single point of attack.

Of course, our decentralised ledger must still resolve the Byzantine Generals problem, particularly the double-spend problem, which had not been solved heretofore. And this is where the monumental genius of Satoshi’s white paper comes in. Rather than having a single centralised authority that determines the official version of the blockchain, that determination can be a rotating responsibility. Furthermore, we can mathematically prove whether a proffered version of the blockchain is the official version.

There are, of course, now other protocols (for example, so-called ‘proof of stake protocols’), but, at the moment, we set those aside because there is a more pressing issue. We began this essay with a discussion of Leibniz’s proposal for an archive designed for governmental records. In the last few sections, we have been critical of Leibniz for thinking the archive should be centralised. But as we have seen, several centuries of hard work have brought us to the point where we can have decentralised, public, and secure archives. We don’t think Leibniz would object to this development. In fact, we think he would love it!

Why would he love it? Well, setting his archive project aside, he was a big fan of decentralisation. He argued against Hobbes’ idea of centralised sovereignty, suggesting that there could be multiple overlapping notions of sovereignty, some of them involving individual principalities. And if you think about it, even his idea about monads – metaphysical simples from which space-time could be constructed – was a kind of decentralised metaphysics. In his heart of hearts, he was a decentraliser.

In our next essay, we will say a bit about Leibniz’s idea that there could be a universal language that plays a role as a ‘virtual mechanism guiding the Prince’s actions’. Was Leibniz imagining something like smart contracts? We think so, but that is a topic for next time.

For now, we close by emphasising Leibniz’s point about the importance of the archive itself. It is the DNA of human organisation, whether that organisation takes the form of state governance, corporate governance, or some new form of governance (e.g. DAO governance). As we said, without the archive, the governing institution is like an animal without its DNA. It ceases to exist. And for this reason, projects like Codex are fundamental. They provide a decentralised, immutable, and accessible medium in which the archive can be written. 

Our obsession with archives is not pathological. It flows from the fundamental role that archives play in traditional governance, but more importantly, the role that they will play in web 3.0, in the future of human organisation, and ultimately in human flourishing itself.

Onward.