“Permissionlessness”: exploring a commonly misconceived and convoluted term

By Kelsie Nabben & Michael Zargham

22 April, 2021

Note: this is a pre-print of a draft for the Internet Policy Review “Glossary of decentralised technosocial systems” and some sections have been removed in anticipation of the final publication.

Introduction

In numerous conversations, it strikes that we have shared terminology for referring to certain components or attributes of decentralised technological systems, but not necessarily shared understandings. This was the very motivation for a piece on “An Ethnography of Decentralised Information Systems”, which begins to identify some of the unique attributes of decentralised technologies (Nabben, 2020). The concept of “permissionlessness” is one of these opaque notions, which is a crucial underpinning to the underlying philosophies and core characteristics of decentralised technologies, but has little shared understanding. This post attempts to explore it further.

There are numerous talks, blogs, academic publications, and tweets about permissionless blockchains.

A basis for conceptual understanding

The term ‘permission’ comes from the latin word ‘permissio’, meaning “the act of allowing”. Thus, the antithesis, ‘permissionless’, means “without permission”, or the ability to act without requiring another to allow that action. The notion of “permissionlessness” in relation to distributed technologies is both a technical attribute and a cultural value that emerged with the early internet, and carries over to many values, practices and evolutions of decentralised technology communities as an important object of social enquiry.

In a technical context, permissionlessness refers to the open technical specifications in the network layer of the underlying protocols of the internet that avoid the cost of “permissioning” when transmitting data packets (e.g. TCP/IP and SMTP). The higher-level protocols for displaying websites also adhered to open specifications (i.e. HTTP). This innovation means that anyone is free to read, write, and share digital information across interactive links without needing to seek permission from a central authority or gatekeeper, whereas prior to this, people were limited to local intranets on private networks.

The technical attributes of permissionless systems interplay with ideological values around freedom and anti-authoritarianism.

In a sociological context, permissionlessness is also a cultural value that emerged in early internet culture. “Permissionless innovation” is a counterculture value from the 1960s and 1970s about no central ownership or control, and not having to ask anyone for permission (Naughton, 2014; Web Foundation, 2017). Computer scientist and credited inventor of the World Wide Web Tim Burners-Lee states that the internet is a force for free and open creativity outside of walled gardens.

“The permissionless, free-as-in-freedom web always ends up winning” 
~ Tim Burners-Lee (Tech and Law Center, 2015).

Networked infrastructures can be described as “infrastructures for communication, cooperation and common value creation that allow for permission-less interlinking of human co-operators and their technological aids” (Vasilis and Bauwens, 2014). An ideological purity towards decentralisation developed in parallel to these technical capabilities, with some arguing that “true distributed networks are permission-less” and “not dependent on powerful obligatory hubs” (Bauwens, 2009).

‘Permissionlessness’ has come to broadly be applied to refer to anyone being able to use the infrastructure as common property with no selection process to participate.

These technical and cultural values were strongly amplified by adherents to influential technology communities, such as the free-software and open-source software movements.

A culture of open-source software development whereby anyone can verify or modify the underlying codebase helped enable permissionless protocols and innovation (as described by Eric Raymond (2000)).

In “Free and Opensource Software” (or FOSS), “free” isn’t free as in it costs nothing, its “free” as in permissionless to user and build on: that is, anyone is freely licensed to use, copy, study and change the software in any way, and the source code is openly shared so that people can improve or build on the codebase (Stallman, 2002).

In these movements, the source code for computer programs is available for users to modify it for their own use. Owocki has a nice tweet thread about it, based on a Devcon talk here.

How “permissionlessness” has developed: from the internet to Bitcoin and beyond

Permissionless protocols have required, and also enabled new forms of social organisation and governance to evolve. An important evolution in permissionless distributed technologies is the establishment and continuous development of standards to govern permissionless systems and allow them to scale. Although the foundation of permissionless systems is free access for anyone, permissionless systems still need to be governed at higher levels of the technology stack to manage unintended, negative consequences of free access.

For example, the ‘World Wide Web Consortium’ (W3C), directed by Tim Burners-Lee, was founded in 1994 to develop open standards to ensure the long-term growth of the Web (W3C, 2021). These consensus-based standards offer recommendations to guide the technical specifications of how the system architecture should be developed.

Another example whereby permissionless systems still require governance mechanisms to function in practice in The Simple Mail Transfer Protocol (SMTP). SMTP is the protocol that facilitates email. A negative externality of permissionless email is the ability for anyone to freely send unsolicited junk mail, or ‘spam’. This limitation of the base layer permissionless protocol is managed through governance mechanisms. This issue of spam in SMTP is solved by credentialing authorities that enforce processes and norms around automatically filtering incoming emails at higher levels of the technology stack. Modern email servers will reject or at least deprioritize messages that come from addresses on untrusted domains or which lack certificates from a relevant certificate authority by marking them as ‘junk’. Although it involved institutions, some level of intervention, and in some ways partial censorship, this up-stack governance to manage the negative consequences of access to the system helps to ensure the ideal of permissionlessness can persist, as long as governance is polycentric, rather than monopolised. This demonstrates how permissionless protocols have developed governance mechanisms and processes to manage negative externalities. The sophistication and automation of these processes is constantly evolving.

Permissionless technological infrastructure was essential for the social evolution of the participatory systems that followed. A resurgence of technical, cultural, and scholarly interest in ‘permissionless’ information infrastructures emerged in the wake of the Bitcoin whitepaper in 2009. Although the whitepaper does not mention “permissionless” directly, it makes numerous references to the ideals of the early internet and further develops these ideas of independence for “trust minimization” and “peer-to-peer” transactions without central intermediaries (Nakatomo, 2009). Bitcoin further mitigated the “Byzantine agreement problem”, for agreement in distributed open networks (Lamport, Shostak, & Pease, 1982; Sherman, et. al, 2018). The ability to coordinate payments without intermediaries inspired an explosion in distributed consensus mechanism research in the field of computer science and economics (Xiao, et. al, 2020; Neudecker & Hartenstein, 2019).

“Decentralised Autonomous Organisations” (or “DAOs”) represent a more recent, new class of “permissionless” organisation for participatory, technology-mediated systems that share a common goal (Larimer, 2013; Buterin, 2016). More will be explained on this in the final post to follow.

This is not that

As highlighted in “An Ethnography of Decentralised Information Infrastructure”, decentralised technologies are both permissionless and participatory. Although they frequently appear together, and are sometimes used interchangeably, they are not the same thing.

Permissionless is characterised by not needing permission to participate. Permissionless systems have a permissive boundary, meaning that no organisation mediates access control. Participatory systems are characterised by the ability to participate in a system in one or more ways.

A common use of the term participatory is participatory governance, “which puts emphasis on democratic engagement, in particular through deliberative practices” (Fischer, 2012). Participation in an institution encompassing a digital infrastructure can include participation in multiple levels of the system, including (i) use of the infrastructure, (ii) contributing to the infrastructure’s development, or (iii) engaging in governance of the infrastructure. Systems that are permissionless are necessarily participatory, yet, things that are participatory, are not always permissionless. Exclusivity can be a value proposition in participatory systems that are permissioned.

An example of this is semi-permissioned blockchain consensus mechanisms, where only an approved set of validators can participate in governing the network. Different network architectures have various trade-offs and are fit for purpose in different cases (Nabben, 2021). Permissionless systems may wish to consider the ways in which various stakeholders are incentivised to participate, and why.

Still, a number of common misconceptions exist. These include generalisations, synonymizing permissionlessness with anarchy, and possibilities around censorship, forking, and exit (which will be further explained in the final version of this post).

In Conclusion

Based on this exploration, we have come to understanding “permissionlessness” as: a socio-technical system is permissionless if it is possible to participate in the use, development, and governance of that system or infrastructure without requiring permission from an authority by adhering to publicly stated procedures.

In practice, any functioning institution, including an institution that constitutes a digital infrastructure must have boundaries (Ostrom, 2005). Permissionless infrastructures are institutions where participation in the institution arises from an actor choosing to step into those boundaries, rather than the institution choosing to admit them. In contrast, participation is a sub-set of permissionless systems, when an institution encompassing a digital infrastructure includes participation by way of (i) use of the infrastructure, (ii) contributing to the infrastructure’s development, or (iii) engaging in governance of the infrastructure. In order for sociotechnical systems to be deemed fully permissionless in the strongest sense of the word, it must be possible to participate in the use, development, and governance of that system or infrastructure without requiring permission from an authority, by adhering to publicly stated procedures.

Acknowledgments:

Please note this is a draft working version, which has been submitted for editorial feedback to the kind folk at Internet Policy Review, from whom we request permission to share. It is intended as a contribution to the “Glossary of decentralised technosocial systems”. Constructive feedback is welcome.

Bibliography

Bauwens, M. (2009). ‘Class and capital in peer production’. Capital & Class, 33 (1), pp.121–141. doi:10.1177/030981680909700107.

Buterin, V. (2016). ‘The Meaning of Decentralisation’. Medium. Available online: https://medium.com/@VitalikButerin/i-invented-the-term-in-2013-and-daniel-larimer-came-up-with-dacs-s-organization-corporation-a-ef86db1524d5. Accessed 06/12/20.

Electronic Frontier Foundation. (2021) ‘About’, Available online: https://www.eff.org/about. Accessed 06/02/20.

Fischer, F. (2012). “Participatory Governance: from theory to practice”. The Oxford Handbook of Governance. doi: 10.1093/oxfordhb/9780199560530.013.0032.

Hirschmann, A. “Exit, Voice, and Loyalty: Responses to Decline in Firms” The Oxford Handbook of Classics in Public Policy and Administration. doi: 10.1093/oxfordhb/9780199646135.013.30.

Lamport, L., Shostak, R., & Pease, M. (1982). ‘The Byzatine Generals Problem’. ACM Transactions on Programming Languages and Systems. doi: 10.1145/357172.357176.

Larimer, D. (2013). ‘The Hidden Costs of Bitcoin’, Let’s Talk Bitcoin, Available online: https://letstalkbitcoin.com/is-bitcoin-overpaying-for-false-security#.UjtiUt9xy0w. Accessed 01/15/21.

Merriam-Webster Dictionary. (2021). “Decentralization.” Merriam-Webster.com. Available online: https://www.merriam-webster.com/dictionary/decentralization. Accessed 19/02/21.

MolochDAO, (2021). The Moloch DAO: collapsing the firm. Medium. Available online: https://medium.com/@simondlr/the-moloch-dao-collapsing-the-firm-2a800b3aa2e7. Accessed 12/04/21.

Nabben, K. (2020). ‘An Ethnography of Decentralised Information Infrastructure’: Adopting Cypherpunk Nomenclature To Categorise the Unique Attributes of Decentralised Technologies. Available online: http://dx.doi.org/10.2139/ssrn.3752531

Nabben, K. (2021). “Blockchain Security as “People Security”: Applying sociotechnical security to blockchain technology”. Frontiers in Computer Science. doi: 10.3389/fcomp.2020.599406.

Nakamato, S. (2009). Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https://bitcoin.org/en/bitcoin-paper. Accessed 06/02/2019

Naughton, J. (2014). ’25 things you might not know about the web on its 25th birthday’, The Guardian. Available online: https://www.theguardian.com/technology/2014/mar/09/25-years-web-tim-berners-lee. Accessed 30/03/21.

Neudecker, T. & Hartenstein, H. (2019). “Network Layer Aspects of Permissionless Blockchains”. IEEE Communications Surveys & Tutorials. 21, (1), pp. 838–857. doi: 10.1109/COMST.2018.2852480.

Ostrom, E. (2005), Governing the Commons: the evolution of institutions for collective action. Cambridge University Press: GB.

P2P Foundation, (2021). “Introduction to the P2P Foundation Wiki Material about Sharing”. P2P Foundation. Available online: https://wiki.p2pfoundation.net/Introduction_to_the_P2P_Foundation_Wiki_Material_about_Sharing. Accessed 12/04/21.

Raymond, E. S. (2000). The Cathedral and the Bazaar. Available online: http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/. Accessed 01/04/2021.

Sherman, A.T., Janvani, F., Zhang, H., & Golaszewski, E. (2018). ‘On the Origins and Variations of Blockchain Technologies’. IEEE Security & Privacy. 17 (1), pp. 72–77.

Stallman, R. (2002) Free Software, Free Society: Selected Essays of Richard M. Stallman. GNU Press.

Tech and Law Center. (2015). ‘The real future of according to the inventor of the web’’. Available online: http://techandlaw.net/real-future-according-inventor-web/. Accessed 30/03/21.

Voshmgir, S., Zargham, M., Emmett, J. (2021). ‘Conceptual Models for DAO2DAO Relations’. Medium. Available online: https://medium.com/primedao/conceptual-models-for-dao2dao-relations-ac2b2d3cc84d. Accessed 16/01/21.

W3C. (2021). ‘Standards’. Available online: https://www.w3.org/standards/. Accessed 30/03/21.

Web Foundation. (2017). ‘Web inventor Sir Tim Berners-Lee responds to US net neutrality threat’. Available online: https://webfoundation.org/2017/04/sir-tim-berners-lee-responds-to-us-net-neutrality-threat/. Accessed 30/03/21.

Xiao, Y., Zhang, N., Lou, W., & Hou, T. (2020). “A survey of distributed consensus protocols for blockchain networks.” IEEE Communications Surveys & Tutorials. 22 (2) pp. 1432–1465. doi: 10.1109/COMST.2020.2969706.