From Imperial China to Cyberspace: Contracting Without the State[1]
I: The Past as Prologue
In
1895, as part of the
treaty of Shimonoseki, China ceded the island of Taiwan to Japan. The
Japanese
government wished to maintain the existing legal system; , yet in
order to do so it had to discover what that legal system was. A
scholarly
commission was established, and its report provides us with a detailed
picture
of the legal system of at least one province of Imperial China at the
end of
its last dynasty (Brockman 1980, p. 130).[2]
One
feature of that legal
system was the combination of elaborate contractual practice with an
almost
total absence of contract law. Imperial China had no equivalent of our
civil
lawsuits. A merchant who had sold goods on credit and not been paid
could, if
he wished, report his debtor to the district magistrate for the crime
of
swindling him--Ðbut
once he had done so, the case was out of
the merchant's hands. The magistrate, if convinced of the justice of
the claim,
might compel repayment--Ðusually
only partial repayment. He might do
nothing. He might even conclude that the merchant was the one at fault
and
sentence him to a beating. The legal system enforced by the magistrate
focused
almost entirely on criminal acts and criminal punishment, with only a
handful
of provisions dealing with matters of contract (Brockman 1980, p. 85),[3]
and some, such as the statute specifying a maximum interest rate,
appear to
have been ignored in practice.
The Chinese empire relied heavily on non-state hierarchical structures to maintain order and settle disputes, most notably the extended family, and it supported them in doing so (Bodde and Morris 1967). That provided a possible mechanism for settling contract disputes within family, clan or guild. But merchants in Taiwan engaged in extensive large scale dealings that cut across all such categories, buying bulk agricultural products to ship across the straits to be sold in the mainland, importing mainland products to Taiwan, and much else.
The problem of settling commercial disputes without state courts was dealt with in medieval Europe, in part, by the development of private courts at the major trade fairs, run by merchants and relying heavily on reputational enforcement (Benson 1998c). No equivalent seems to have developed in China, perhaps due to Imperial hostility to any rival authority.
Nonetheless,
Chinese
merchants developed an elaborate set of contractual forms, including a
variety
of form contracts, supporting an extensive and sophisticated network of
commercial relations. Part of the explanation of how they did so was
presumably
the existence of reputational enforcement, part the availability of
state
courts for dealing, when all else failed, with parties engaged in
deliberate
and obvious violations. But much of the explanation lies in the details
of the
private contract law that developed within that framework--Ða
system of
rules designed to minimize the reliance on courts and external
enforcement.
One
example is the rule
that we call caveat emptor.
Under any
circumstances short of explicit clear and
deliberate
fraud--Ðgold
bars that turned out to be gold plated
lead, for example--Ða
merchant who had accepted delivery of
goods had no recourse if they turned out to be defective. Another is
the
linkage between possession, ownership, and responsibility; goods in my
warehouse were mine, whether or not they were about to become yours,
and I bore
the risk of any damage that occurred to them.[4]
The rules appear to
have been designed, wherever practical, to let a loss lie where it
fell, thus
eliminating the need for legal action to shift it.
Problems arise in situations where canceling a contract and leaving everything in the possession of whoever, at the moment, has it will advantage one party, a situation that encourages opportunistic breach. One solution is to redesign the contract so that the two parties' performance is more nearly synchronized, reducing the incentive of either to breach. An alternative is to rely on reputational enforcement, structuring the contract so that the incentive to breach, if it occurs, is likely to be on the party who will suffer reputational penalties from breaching.
An
example in the Chinese
case is provided by contracts for future purchase of commodities at a
pre-arranged price. Such contracts were not considered binding until
there had
been at least partial performance by one party. Typically, that
consisted of a
deposit paid in advance by the purchaser. By adjusting the size of the
deposit,
the parties could take account of both how large the incentive of the
seller to
breach might become--Ðdepending
on the range of likely prices
changes between contract formation and delivery--Ðand
how much
each party was constrained to keep to the deal by reputation.
A
buyer who breached
forfeited his deposit--Ða
result that required no judicial
intervention, since the deposit was in the possession of the seller.
That left
an obvious problem--Ða
seller who breached but kept the deposit.
Presumably that was prevented by some combination of reputation and the
threat
that such an obviously criminal act would provide the buyer sufficient
grounds
for going to court.
Important
elements in
making the system work were the existence of a system of written forms
using
standard boilerplate terminology understood by the parties and others
in the
trade, and the use of seals--Ð"chops"--Ðto
provide
clear evidence of assent to a contract. So long as issues of fact were
simple--Ðwhether
a
shipment of grain had been delivered and accepted, but not the precise
quality
or quantity--Ðit
was possible for third parties to
determine, at a low cost, which party to a contract had violated its
terms.
Here the third party might be either another merchant interested in
knowing who
could be trusted or, in extreme cases, a district magistrate interested
in who
had committed a criminal offense and should be punished accordingly.
Whatever
the mechanisms
responsible--Ðinterested
readers can find a more detailed
account in Brockman's chapter--ÐChinese
merchants
a century ago succeeded in maintaining a sophisticated system of
contracts with very nearly no use of state enforcement. It is the
thesis of
this paper that the past of China is our future--Ðthat
parties
to online transactions will, over the next few decades, face
essentially the
same problem and find, mutatis mutandis,
similar solutions.
Both
the Chinese past and
the cyberspace future are special cases of a more general problem--Ðcontract
enforcement
in the absence of state enforced contract law. That problem appears
in a variety of other contexts, including criminal markets and
political
markets. Perhaps less obviously, it appears in markets where court
enforcement,
although legally possible, is impractical because performance is
difficult or
impossible to monitor. The marriage market is an important example. For
instance É .
Al-Tannuhki, a 10th century judge, tells the story of a vizier who gave a large sum in alms, 200 dinar, to a poor woman. Three days later he received a petition from the woman's husband, reporting that she had decided she was now too rich to be married to a poor man like him and was threatening to force him to divorce her. The husband asked the vizier to appoint some man in authority to prevent his wife from doing so. The vizier considered the problem briefly, took out paper and pen, and wrote "pay this man 200 dinar" (Margoliouth 1922).
It
is possible for state
courts to enforce rules permitting or restricting divorce. It is a
great deal
harder for them to enforce the other terms, explicit or implicit, of
the
marriage contract--Ðto
sanction someone for not doing a good job
of being a wife or husband, even if the failure is deliberate. Given
that
difficulty, legal rules designed to punish one party for explicitly
breaching
the contract by getting a divorce may merely give that party an
incentive to
breach the less observable terms of the contract in order to make it in
the
other party's interest to agree to terminate it. That problem appears
to have
existed even in a medieval society whose marriage law was, on the face
of it,
heavily biased in favor of the husband.
Part II of the paper presents a general approach to private contract enforcement, some features of which are illustrated in the Chinese example. Part III sketches out the reasons why I expect that, for transactions in cyberspace, state enforcement of contracts will work worse and reputational enforcement better than in realspace today, including the technologies that provide an online equivalent of the seals used by Chinese merchants to establish the identity of a signatory party at a distance, in time or space. I go on to discuss how, in that environment, parties might structure their dealings, as well as the difficulties they will face due to the special nature of the cyberspace environment.
II: Enforcing contracts without the state
Two parties wish to form a contract in a context where enforcement through a state court system is not a practical option. One simple way of doing so is the silent auction, for which we have descriptions going back to the sixth century B.C.[5] One party piles up the goods he wishes to sell, the other makes a matching pile of what he offers in exchange. If the offer is acceptable, the first party takes the second pile and leaves the first, and if not, the first party adjusts his offer. The process continues until one party accepts the other's most recent offer.
No
common language is
required for this simplest form of auction, but the parties still need
some way
of enforcing their property rights, of preventing one of them from
taking both
piles and departing. That might be either the threat of violence or the
discipline of repeated dealings--Ðthe
expectation that if one party acted that way this year, the other would
not
show up next year.
Difficulties arise when what the parties are contracting for is performance, by one or both, spread out over a period of time. Lloyd Cohen has discussed that problem in the context of modern marriage law, where the combination of a shift to no fault divorce and a pattern of traditional marriage within which the wife's performance of her part of the joint duties was concentrated in the early years of the marriage, the husband's more heavily weighted towards the later years, provided an incentive for opportunistic breach by the husband (Cohen 1987).
A partial solution in that case was for the wife to postpone childbearing and shift part of the cost of child rearing from household to market, thus aligning her performance more closely with the husband's. In a less intimate context, contractors building a house expect to receive payments spaced out over the time of construction and at least roughly corresponding to the spacing of costs, reducing the incentive of a contractor paid in advance to skip out with the money or a home owner promising to pay on completion to renege.
This
kind of solution
works reasonably well as long as the joint gains from final completion
of the
contract are substantial relative to the costs. Consider, however, the
limiting
case in the other direction--Ða
situation where the gain to one party from
breach is just equal to the loss to the other.
In such a situation, any departure from perfectly synchronized performance gives one party or the other an incentive to breach. If I have paid the contractor a little more than he has spent so far, he has an incentive to breach; if I have paid him a little less, I do. A more realistic example, and one which seems to have been a serious issue in the Chinese case, is a contract for future delivery at a pre-agreed price. If the transaction cost of arranging a replacement supplier is low, any significant drop in price provides an incentive for the buyer to breach; if the costs of finding a replacement buyer is low, any significant increase provides an incentive for the seller to breach. The parties can guard against breach by the buyer by having him pay a deposit in advance, but that increases the incentive for breach by the seller.
One
solution is to create
an artificial gain from completion--Ða
cost to
breach--Ðby
making it possible for the victim of
breach to unilaterally impose a large cost on the other but not a
correspondingly large benefit on himself. The deposit is replaced by a
hostage.
The threat of destroying the hostage reduces the gain to breach by the
party
who has given the hostage without creating a proportional increase in
the gain
to breach by the party holding the hostage. The logic of the situation
is
illustrated by Figures 1a-c.
Figure
1a shows the
situation with neither deposit nor hostage. The horizontal axis is
time,
starting just after the contract is negotiated. The vertical axis
shows, for
each party, its gain to breach--Ðhow
much
better off it will be if it breaches at that time than if the contract
is
completed. At time zero, the parties have negotiated the contract but
no performance
has occurred and no deposit has been made. Assuming that there was some
cost to
negotiation, which the parties expected to at least recover on
completion of
the contract, both parties should be worse off breaching at that point
than
carrying the contract to completion.
Over time, each party bears costs of performance which it expects to recover on completion, pushing the gain from breach further down, as shown between t=0 and t=10. At some point, possibly before completion, each party starts to get benefits from the partial performance that has occurred, increasing the gain (i.e. reducing the loss) from breach. In the figure, Party 1 is continuing to bear costs of performance from t=10 to t=20. Party 2 is no longer bearing costs of performance but is receiving benefits. So the gain to breach is falling for Party 1 but rising for Party 2.
If
the contract is badly
designed, at some point Party 1's benefit to breach rises above zero.
In a
world with no enforcement of contracts, legal or reputational, Party 1
breaches--Ðperhaps
immediately,
perhaps with a delay to let the gain rise even higher. In the
Figure, that happens at t=20. Party 1's gain is smaller than Party 2's
loss, so
the breach is inefficient.
The parties can try to avoid such an outcome in the initial agreement by having Party 1 make payments to Party 2 between t=10 and t=20, shifting some of the gain from breach and keeping both parties' gain from breach negative. But in an uncertain and imperfectly observable world, this may not always work, since the parties do not know with certainty what the pattern of either performance costs or benefits will be.
Figure
1b shows the same
contract, with one change--Ðat
t=0, Party 1 pays a deposit d
to Party 2. That shifts Party 1's gain from breach
down, since if the contract does not go to completion the deposit will
remain
with Party 2; it is now no longer in Party 1's interest to breach the
contract.
Unfortunately, it also shifts Party 2's gain from breach up, since
Party 2 can
breach and keep the deposit. The result is that it is now in the
interest of
Party 2 to breach the contract--Ðin
this
example, immediately after signing it and receiving the deposit.[6]
Figure 1c shows the same contract again, this time with Party 1 giving Party 2 a hostage rather than a deposit. The result is to shift Party 1's gain from breach down without shifting Party 2's gain from breach up, so neither party has an incentive to breach the contract.
[Insert Figures here]
One example of this approach is the literal hostage, offered by one party in a conflict as a guarantee that he will abide by terms agreed to. For a less obvious equivalent, consider the role of the state court system in Taiwan. If a merchant failed to either deliver the goods contracted for or return the buyer's deposit, the buyer could report him to the district magistrate as a swindler. The resulting legal case might or might not provide any benefit to the buyer but was likely to impose large costs on the seller. From the standpoint of the strategic situation of the two parties, the threat to make use of the court served the same function as the threat to execute a hostage.
A similar situation arises in a world without courts, but in which parties are concerned about their reputation. When you cheat me, I gain very little by making the fact public. But, assuming my report is credible, you lose a great deal. That fact, combined with a credible commitment on my part to report breach, increases the net cost of breach and so reduces the risk that breaching will be in the interest of one of the parties.[7] Both this case and the previous have an additional attractive feature: the existence of the hostage depends at least in part on the existence of breach, since the accusation of breach, whether to the court or to the general public, is more damaging if true.
For
a final example,
consider the enforcement of contractual agreements in modern criminal
markets.
Antonio pays Ricco $100,000 for a large container of what turns out to
be
talcum powder. Antonio pays a hit man an additional $10,000 to kill
Ricco--Ðafter
first
prudently convincing the local capo of
the justice of his case in order not to get a reputation as a dangerous
man to
do business with but only a dangerous man to cheat. Here Ricco is, in
effect,
hostage for his performance--Ðand
Antonio for his.
It may occur to readers familiar with Coase that there is a problem with the use of hostages as a solution to the problem of opportunistic breach. The son I give as a hostage may be of no value to you, but he is of considerable value to me. If you decide to breach our agreement, you also inform me that you will kill him unless I buy him back from you for a suitable price. Similarly, if we are merchants in Taiwan, you breach the contract and then offer to buy my silence. You thus convert the hostage back into a deposit, eliminating the wedge between the terms on which it pays me to breach and the terms on which it pays you to.
Nonetheless we observe the use of hostages in contexts where a deposit would be of little use. One explanation is that parties who wish to give hostages are able to commit themselves not to accept such offers. Another is that the situation sets up a bilateral monopoly bargain with a large bargaining range and such bargains are likely to generate substantial transaction costs. That said, the issue deserves further thought.[8]
The
discussion of
hostages brings us to the last and, for this purposes of this paper,
most
interesting mechanism for enforcing contracts without the state--Ðreputation.
Reputational Enforcement
For a simple example of reputational enforcement, consider a department store that guarantees to refund your money if you are not satisfied. If, when you discover that the jacket you bought is the wrong size and your wife points out that purple is not really your color, the store refuses to give you a refund, you are unlikely to sue themÑthe amount at stake is not enough to make it worth the time and trouble. Nonetheless, almost all stores in that situation will, at least in my experience, take the product backÑbecause they want the reputation, with you and with other people you may discuss the incident with, of living up to their promises.
For a more elaborate example, consider the New York diamond industry, as described in a classic article by Lisa Bernstein (Bernstein 1992). At one point, somewhat before the time she studied it, the industry had been mostly in the hands of orthodox Jews, forbidden by their religious beliefs from suing each other. They settled disputes instead by a system of trusted arbitrators and reputational sanctions. If one party to a dispute refused to accept the arbitratorÕs verdict, the information would be rapidly spread through the community, with the result that he would no longer be able to function in that industry. The system of reputational enforcement survived even after membership in the industry became more diverse, with organizations such as the New York Diamond DealerÕs Club providing both trusted arbitration and information spreading.
The reason the department store, or the dishonest diamond merchant, is concerned about his reputation is not fear of being disliked but of losing business. The reason your friend will shop at another store if you tell him that this one refused to take your jacket back is not that he wishes to punish the store for cheating you but that he does not himself want to be cheated. Reputational enforcement works by spreading true information about bad behavior, information that makes it in the interest of some who receive it to modify their actions in a way which imposes costs on the person who has behaved badly.
How
well that works
depends on two things. One is the degree to which reputation matters;
if I am a
confidence man who plans to cheat you out of a million dollars and then
retire,
my future reputation is not very important. I donÕt care if anyone
trusts me
again. But most firms are in business for more than one transaction.
Hence, for
most firms, a reputation for cheating their
customers or
other firmsthose they do business with is a
costly
liability.
The
other critical
variable is the cost to third parties of obtaining reliable information
about
what happened. In most disputes, both parties claim that they are in
the right
and the other in the wrong. When I tell my friend how badly the
department
store treated me he, hopefully, knows me well enough to decide whether
or not
to believe my story. But when I read a post on Usenet, a very large
collection
of online conversations, I do not have that sort of information about
the author.
I have to form my opinion based on internal evidence--Ðdoes
the
poster sound reasonable--Ðand
consistency with other sources of
information, such as other people posting in response.
If
I claim that you
cheated me, and you claim that I cheated you, a third party who cannot
easily
find out which of us is telling the truth is likely to attribute some
probability to both stories--Ðand
avoid doing business with either of us
in the future. It follows that if you have cheated me, but I cannot
easily
demonstrate the fact to an interested third party, I may be better off
saying
nothing, since complaining will lower my reputation as well as yours.
This
raises a serious problem of incentive compatibility for a system which
depends
on action taken, not by government employees hired to enforce the law,
but by
private individuals acting in their own self interest.[9]
One
way of lowering
information costs to third parties is to have a legal system where the
obligations of the parties depend on easily observed facts--Ðloosely
speaking,
a system of bright line rules rather than standards. That appears to
describe
some features of the Chinese system already discussed.
For controversies with substantial amounts at stake, arbitration[10] provides a second mechanism for lowering information costs to interested third parties. A New York diamond merchant does not have to know the details of a controversyÑmerely the verdict of the arbitrator as to who was at fault and whether or not the party at fault provided suitable compensation to the injured party. That system works because, even if the interested third party does not know the details of the controversy, he does know that the arbitrator is competent and honest. As we will see, computer technology provides an equivalent that requires considerably less information and functions at even lower cost.
Cheating on the Reputational Bond
There
is another problem,
however, which is likely to be more serious for online commerce than
for the
traditional realspace version. My current reputation functions as a
bond to
guarantee performance--Ðif I
cheat on a contract, I lose (or reduce)
the reputation, which is costly. It follows that I will not cheat
unless the
gain from doing so is more than the value of the forfeited bond. If my
reputation is worth a million dollars to me, you should be safe in
trusting me
up to that sum--Ðin,
for example, lending me $600,000.
I
borrow $600,000 from
you. I also borrow $400,000 from another lender and $500,000 each from
two
more. I then default on all the loans, forfeiting my million dollar
reputation--Ðin
exchange
for $2,000,000.
In
order for reputational
enforcement to work, the party who relies on it must have some way of
knowing
not only what opportunities the other party has to cheat him but what
opportunities he has to simultaneously cheat other people. That may not
be too
much of a problem in the sort of ordinary market where most of the
players know
each other--Ðbefore
agreeing to lend me $600,000 you
first discuss the situation with other potential lenders. But it could
be a
very serious problem for anonymous dealings online in a worldwide
marketplace.
In order for reputational enforcement to work in that setting, we need
either
an environment where the sort of opportunities made possible by my
particular
reputation are scarce enough so that I am unlikely to have a chance to
take
many at once, or procedures sufficiently transparent so that someone
who relies
on my reputation can know how many other people are currently doing soÐhow
far I am
stretching my reputational bond.
Whose Reputation?
A
contract involves at
least two parties, but they do not both have to have reputations. One
is
normally enough, since the parties can usually structure the contract
to put
the risk of breach on whichever can best bear it. If you are performing
a
service for me and I trust you but you do not trust me, because you are
a
repeat player with a reputation and I am not, I pay in advance. Reverse
the
situation and I pay on completion. In ordinary commerce, individual
purchasers
pay for goods when they get them, in the expectation that if the
computer in
the box turns out to have no innards, the store will take it back. The
seller,
in almost any field, is a repeat player with a reputation--Ðthe
buyer
often is not.
What
about the situation
where neither player has a reputation? In that case, they can solve the
problem
by bringing in a third party who does. An escrow agency provides a
familiar
example. I agree to pay you $50,000 for a sixteenth century painting by
a known
artist which you are offering on EBay. You deliver the painting to an
escrow
agency. I inspect it. If it fits the description I send you the money
and claim
the painting, if it does not the agency sends it back to you. Neither
of us has
to trust each other--Ðonly
the agency. The mechanism does not
depend on the existence of state courts to enforce the agreement, only
on a
third party with an adequate reputation.
III: Problems with Public Enforcement in Cyberspace
Commercial
activity in
cyberspace, mostly on the World Wide Web, is increasing rapidly. Such
commerce
poses two rather different problems for conventional mechanisms of
public
contract enforcement. One, already important, is that cyberspace has no
geographical boundaries. Purchasing goods or services from the other
side of
the world is as easy as purchasing them from your next door neighbor.
Delivery
of physical goods is more costly from the other side of the world--Ðbut
some
cyberspace commerce is in information goods and services, and they can
be
delivered online just as they can be purchased online. It follows that
an
increasing fraction of commercial transactions, especially of
transactions by
private individuals, will be between parties in different countries.
Public enforcement of contracts between parties in different countries is more costly and uncertain than public enforcement within a single jurisdiction. Furthermore, in a world where geographical lines are invisible, parties to publicly enforced contracts will frequently not know what law those contracts are likely to fall under. Hence public enforcement, while still possible for future online contracts, will be less workable than for the realspace contracts of the past.
A second and perhaps more serious problem may arise in the future as a result of technological developments that already exist and are now going into common use. These technologies, largely based on public key encryption, make possible an online world where many people do business anonymously, with reputations attached to their cyberspace, not their realspace, identities (Friedman 1996).
There are a variety of reasons why people may in the future wish to avail themselves of such technologies. One is privacy; many people do not want others to know what they are reading, buying, or saying online.[11] A second is to evade taxes; it is hard for a government to collect taxes on activities it cannot see. A third is to evade regulations, whether commercial regulations in the U.S. or religious regulations in a country controlled by Muslim fundamentalists. Anonymity is likely to be particularly attractive to people living in parts of the world where property rights are insecure, making secrecy a valuable form of protection (Friedman 2004). If, for these or other reasons, a significant amount of commerce becomes anonymous, public enforcement of contracts will become increasingly irrelevant. It is hard to sue someone when you do not know who he is or what continent he lives on.
Private Enforcement of Contracts
What about the private alternative? At first glance, one might think that the same changes that made public enforcement of contracts more difficult in cyberspace would make private enforcement not only difficult but impossible. My local department store keeps its promises in part because if I am dissatisfied with their behavior, the people I talk to are likely to also be their customers; in a future without geography, where everyone is shopping everywhere, that is far less likely. And it is not obvious how you can injure someoneÕs reputation without knowing his name.
Both of these problems are soluble; in each case, online commerce provides not merely substitutes for the reputational mechanisms with which we are already familiar, but superior substitutes.
Consider first the problem of getting information from one customer to another. Considered as a mechanism for spreading information, local gossip is very much inferior to a well designed search engine. If, today, I am considering dealing with an online merchant and want to know whether other customers have had problems with him, I do not bother to ask either friends or the Better Business Bureau. A one minute search with Google will tell me whether anyone on Usenet News has mentioned that firm any time in the past year, and show me what was said.
Online
commerce is
already institutionalizing such mechanisms. Consider eBay. Their
software
permits anyone who has won an auction to post comments on the seller--Ðwhether
the
goods lived up to their description, were delivered promptly, or
whatever else
he wants to say. The comments are available, both in summary form and
in text,
to anyone bidding in an auction with that seller.
So far I have been considering informal reputational enforcement, the online equivalent of the reputational mechanism that keeps your local department store honest. What about formal enforcement, along the lines of the diamond industry, as described by Bernstein (Bernstein 1992)? Here too, cyberspace has significant advantages over realspace.
Keys and Signatures: A Brief Digression
To explain how the cyberspace equivalents of arbitration by the Diamond Dealer Club of New York and verification by the use of seals in 19th century China work, I must first briefly sketch some relevant technology; readers already familiar with public key encryption and digital signatures may want to skip this section.
Public key encryption is a mathematical process for scrambling and unscrambling messages. It uses two keys, numbers containing information about a particular way of scrambling a message. The special feature of public key encryption is that if one of the two related numbers is used in the scrambling process, the other must be used in the unscrambling process. If I have one of the two keys I can encrypt my messages with that key, but someone who wishes to decrypt messages that have been encrypted with that key needs to use the other one. While the pair of keys is generated together, there is no easy way of calculating one of the two keys from the other.
To make use of public key encryption, one generates such a pair of keys. One, called your public key, you make available to anyone you might be corresponding with. The other, called your private key, you keep entirely secret.
Someone
who wants to send
you a message encrypts it using your public key; since only you have
the
matching private key, only you can decrypt it. Someone who wants to
digitally
sign a message encrypts it using his private key[12]
and
attaches unencrypted information identifying himself. The recipient
obtains the
senderÕs public key and uses it to decrypt the message. The fact that
what he
gets is a message and not gibberish demonstrates that it was encrypted
with the
matching private key; since only the sender possesses that particular
private
key, the digital signature authenticates the message. Thus the digital
signature in cyberspace serves the same function as the physical seal
used to
authenticate contracts in China a century ago--Ðto
prove
authorship and responsibility at a distance in space or time.
Not
only does a digital
signature prove who sent the signed message, but it
also
proves that the message has not been altered, and it proves both in a
form
that the sender cannot deny. If the sender tries to deny the message,
the
recipient can point out that he has a version of it encrypted with the
senderÕs
private key, something that only the sender could have produced.
Convincing Interested Third Parties
Imagine that you and I are signing a contract online, specifying our mutual rights and obligations for some substantial transaction. We include in the contract the name and public key of the arbitrator who we agree will settle disputes between us. We then both digitally sign the contract. Each of us gets a copy.
A dispute arises; I accuse you of violating the terms of the contract. We put the question to the arbitrator. He rules in my favor and instructs you to pay me $5000 in damages. You refuse. He writes up his account of what happened (he ruled in my favor and you refused to abide by his ruling), digitally signs it, and gives me a copy.
I
now make up a package
consisting of the original contract (digitally signed by both of us,
and
including the arbitrator's public key) and the arbitrator's account
(digitally
signed by him). I send the package to any third party who I think might
want to
know whether or not you are trustworthy--Ðand
post it
on a web page with your name all over it, to be found by anyone
searching for
information about you. The third party (more precisely, his computer)
checks
the digital signatures on the contract and on the account, using the
public key
included in the contract to check that the account is by the arbitrator
we
agreed to. The third party now knows that you agreed to accept the
ruling of
that arbitrator and reneged on that agreement--Ðand
finding
that out has taken him essentially no time at all.
Digital signatures provide a way of drastically reducing the cost to interested third parties of discovering whether someone is trustworthy.[13] By doing so, they increase the cost to individuals or firms engaged in repeat transactions of reneging on their contractual agreements.
Private enforcement of contracts along these lines solves the problems raised by the fact that cyberspace spans many geographical jurisdictions. The relevant law is defined not by the jurisdiction but by the private arbitrator chosen by the parties. Over time, we would expect one or more bodies of legal rules with regard to contract to develop, with many different arbitrators or arbitration firms adopting the same or similar legal rules.[14] Contracting parties could then choose arbitrators on the basis of reputation.
For small scale transactions, you simply provide your browser with a list of acceptable arbitration firms; when you contract with another party, the software picks an arbitrator from the intersection of the two lists. If there exists no arbitrator acceptable to both parties, the software notifies both of you of the problem and you take it from there.
Private
enforcement also
solves the problem of enforcing contracts when at least one of the
parties is,
and wishes to remain, anonymous. Digital signatures make it possible to
combine
anonymity with reputation. A computer programmer living in Russia or
Iraq and
selling his services online has an online identity defined by his
public key; any
message signed by that public key is from him. That identity has a
reputation,
developed through past online transactions; the more times the
programmer has
demonstrated himself to be honest and competent, the more willing
people who
want programming done will be to employ him. The reputation is
valuable, so the
programmer has an incentive to maintain it--Ðby
keeping
his contracts.[15]
Cheating in a Reputational System[16]
There are, unfortunately, ways in which the online world I have been describing makes contract enforcement harder than in the real world. One is that, in the real world, my identity is tied to a particular physical body, identifiable by face, finger prints, and the like. I do not have the option, after destroying my realspace reputation for honesty, of spinning off a new me, complete with new face, new fingerprints, and an unblemished reputation.
Online, I do have that option. As long as other people are willing to deal with cyberspace personae not linked to realspace identities, I always have the option of rolling up a new public key/private key pair and going online with a new identity and a clean reputation.
The
implication is not
that reputational enforcement will not work but that it will only work
for
people who have reputations--Ðsufficient
reputational capital so that
abandoning the current online persona and its reputation is costly
enough to
outweigh the gain from a single act of cheating. Someone who wants to
deal
anonymously in a trust intensive industry may have to start small,
building up
his reputation to the point where its value is sufficient to make it
rational
to trust him with larger transactions. Presumably the same thing
happens in the
diamond industry today.[17]
The problem of spinning off new identities is not limited to cyberspace. Real persons in realspace have fingerprints but legal persons may not. The realspace equivalent of rolling up a new pair of keys is filing a new set of incorporation papers. There is a well developed literature on the result, explaining marble facing for bank buildings and expensive advertising campaigns as ways of posting a reputational bond that makes it in a corporationÕs interest to remain in business and hence gives others a reason to trust it to act in a way that will preserve its reputation (Nelson 1974; Williamson 1983; Klein and Leffler 1981). Cyberspace personae do not have the option of marble, at least if they want to remain anonymous, but they do have the option of investing in a long series of transactions, or advertising, or some other publicly visible expenditure, in order to bond future performance.
What
if only one of the
parties to an online contract is a repeat dealer with a reputation? The
solution, as in realspace, is to structure the contract so that it is
not in
the other party's interest to breach it. The simplest example is the
purchase
of goods or services. The party who does not have a reputation performs
first--Ðpays
in
advance if he is the buyer, delivers in advance of payment if he is the
seller.
We
are left with an obvious
problem--Ðhow
can a pair of entities neither of which
is engaged in long term dealings guarantee contractual performance in
this
world? One solution has already been mentioned--Ðpiggyback
on
the reputation of another entity that is engaged in such dealings.
I
am, again, an anonymous
online persona forming a contract which may provide me an opportunity
to
benefit by defaulting on my contractual obligations. This time,
however, I have
no reputation and no time in which to build one. Instead I offer to
post a
performance bond with the arbitrator--Ðin
anonymous
digital currency,[18] assuming that I am
seriously
interested in protecting my own anonymity. The arbitrator is free to
allocate
all or part of the bond to the other party as damages for breach.
This
approach still
depends on reputational enforcement, but this time the reputation
belongs to
the arbitrator. If he steals bonds posted with him, he is unlikely to
stay in
business very long. If I am worried about such possibilities, I can
require the
arbitrator to sign a contract specifying a second and independent
arbitrator to
deal with any conflicts between me and the first arbitrator. My
signature to
that agreement is worth very little, since it is backed by no reputation--Ðbut
the
signature of the first arbitrator to a contract binding him to accept
the
judgment of the second arbitrator is backed by the first arbitratorÕs
reputation. For a less extreme example of the same approach, consider
the
current use of escrow agencies for transactions on eBay.
As
that final example
suggests, it is possible to combine realspace and cyberspace
institutions,
state and private enforcement mechanisms. If court enforcement in
realspace
turns out to provide a more reliable mechanism than reputational
enforcement
online, anonymous online parties can use identifiable real space third
parties
as escrow agencies, arbitrators, and in other contexts in which a
trusted third
party eliminates the need for trust between the other parties to a
transaction.
If, on the other hand, courts prove less reliable, realspace parties
can make
use of online reputational mechanisms instead--Ðas
they now
do.
As
long as parties are
identifiable in realspace, the state has the option of imposing its own
terms
on them--Ðan
option some parties may wish to avoid.
But anonymous parties in cyberspace who wish to make use of a trusted
third
party in realspace can choose which third party, and hence which state,
they
wish to deal with. States will thus be constrained by competition in
their
dealing with online personae, just as U.S. states are currently
constrained in
dealing with corporations.
One
way of succeeding in
that competition is to make it possible for online parties to take
advantage of
realspace enforcement without revealing their realspace identities. A
possible
approach would be for a state to recognize transfers of claims from
cyberspace
to realspace persons, validated by the former's digital signature. So
if
anonymous X has a valid claim against realspace Y, X sells the claim to
realspace Z who prosecutes it--Ðwithout
either
Z or the court having to know X's realspace identity.
One
problem with
reputational enforcement online is that a party can roll up additional
identities. A second problem is that a party can conduct multiple
transactions,
each invisible to the parties toofose party to
the others. As discussed earlier, that means that a party with a
million dollar
reputation might put together a collection of transactions, each of
which was
not worth cheating on (and forfeiting the reputation) but which
together were.
One
solution is to have a
million dollar reputation and engage in thousand dollar transactions in
a
context where one is unlikely to be able to run as many as a thousand
of them
at once. In realspace that is often practical. It may work less well in
cyberspace--,where
the identity of the party behind a
reputation, including how many actual persons that party consists of,
may be
unknown.
An alternative is for a party to deliberately create transparency in order that everyone who contracts with him will be aware of the existence (but not necessarily the identity) of everyone else currently contracting with him.
I
wish to create an
online identity, post a reputational bond, and be trusted. My identity
consists
not only of a public key but also of a transactional protocol--Ða
set of
rules associated with that identity and its reputation, specifying how
people
are to deal with me. The protocol is designed to enforce transparency.
For
a simple example, let
the protocol specify that all transactions become binding only when
posted to a
particular web page, publicly accessible. That way, anyone transacting
with me
can see how many other transactions I am engaged in and whatever
relevant
features of the transaction--Ðthe
size of a loan, say--Ðare
specified
in the protocol.
Reputation: Version Two
In
the discussion so far,
"reputation" meant "reputation for fulfilling your
contracts." But there is another sort of reputation that is important
in
realspace--Ða
reputation for competence in the activity
you are performing for pay. When you hire a lawyer or a heart surgeon,
it isn't
enough to know that he is honest. That sort of reputation can also be
established in cyberspace--Ðand
there too, the special circumstances of
cyberspace raise problems, but problems that have their parallel in
realspace.
Suppose
I claim to be an
expert in predicting real world events that potential customers wish
predicted--Ðthe
weather,
the outcome of a particular legal case, the performance of a stock.
Just as in
realspace, I can establish a track record by making a series of correct
predictions. There is, however, a problem.
To
see it, imagine that
my claim is to be able to predict, with certainty, the outcome of coin
tosses--Ðwhich
many
potential customers want predicted. Some people have that ability but,
unfortunately, I do not. I proceed as follows:
1. I obtain a list of 10,000 potential customers.
2. I create 128 identities, each of which claims to be an expert predictor of coin flips, and divide the potential customers among them.
3.
The first time a flip
is to be predicted, half my identities predict heads, half predict
tails. The
coin is flipped and comes up heads. I scrap all of the identities that
predicted tails and remove their customers from my current list--Ðretaining
their
names and email addresses for future iterations of my business plan.
4. I repeat the previous step six more times.
I now have one surviving identity with about forty customers. Each of them has seen that identity predict a coin flip correctly seven times in a row, an event that could happen by chance less than one time in a hundred. Predicting coin flips is valuable, so each should be willing to pay a sizable sum for the next prediction.
I
have just described the
cyberspace equivalent of the market for investment newsletters or
mutual funds.
The chief difference--Ðleaving
aside the simplification of my coin
flipping model--Ðis
that in my version the multiple
identities all belong to the same person, making the fraud a deliberate
one. In
the realspace case, the publishers of each investment newsletter or the
administrators of each mutual fund may actually believe that they know
what the
market will do next--Ðand,
each time, about half of them are
right.
How might someone who really did know how to predict coin flips distinguish himself from those who did not but who might attempt to simulate that ability as described? The obvious answer is again some form of bond. When I first go into business making (public) predictions of coin flips, I also donate $100 in e-cash to some popular charity that is willing to testify to the receipt of the money from my online identity. I then make seven consecutive correct public predictions.
A
hundred dollars is not
very much money. But in order to follow the business plan described in
steps
1-4 above, I needed 128 identities--Ðwhich,
at
$100 per identity, gets expensive. Furthermore, in addition to selling
my
prediction of flip number eight to paying customers, I also post it on
my web
page--Ðafter
the customers have gotten their bets
down but five minutes before the coin is flipped. After another ten
correct
calls, a potential customer can calculate that either I know something,
or I am
fantastically lucky, or I am the sole survivor of a collection of
identities
that cost somewhat over twelve million dollars to create. The
generalization to
someone selling investment advice, legal advice or medical advice
online is
left as an exercise for the reader.
Conclusion
If the arguments I have offered are correct, we can expect to see a substantial shift in the direction of reliance on private enforcement via reputational mechanisms online, with an associated development of private law. To some degree, the same development can be expected in realspace as well. Digital signatures lower information costs to interested third parties whether the transactions being contracted over are occurring online or not. And the existence of a body of trusted online arbitrators will make contracting in advance for private arbitration more familiar and reliance on private arbitration easier for realspace transactions as well as for cyberspace transactions.
Figures
References
Benson, B. L. (1998a). "Economic Freedom and the Evolution of Law." Cato Journal. 18, 209-232.
Benson, B. L. (1998b). "Evolution of Commercial Law." In P. Newman, (ed.). The New Palgrave Dictionary of Economics and the Law, London: Macmillan Press.
Benson, B. L. (1998c). "Law Merchant," In P. Newman, (ed.). The New Palgrave Dictionary of Economics and the Law, London: Macmillan Press.
Benson, B. L. (1998d). "How to SECEDE in Business Without Really Leaving: Evidence of the Substitution of Arbitration for Litigation." In D. Gordon. (ed.). Secession, State, and Liberty. New Brunswick, NJ: Transaction.
Benson, B. L. (1999). "To Arbitrate or to Litigate: That is the Question," European Journal of Law and Economics. 8, 91-151.
Benson, B. L. (2000). "Arbitration." In B. Bouckaert and G. De Geest. (eds.). The Encyclopedia of Law & Economics. London: Edward Elgar.
Bernstein, Lisa, "Opting Out of the Legal System: Extralegal Contractual Relations in the Diamond Industry," 21 Journal of Legal Studies, 1992, pp.115-157.
Bodde, Derk and Morris, Clarence, Law in Imperial China, Harvard University Press 1967.
Brockman, Rosser H., "Commercial Contract Law in Late nineteenth-century Taiwan," in Jerome Alan Cohen, R. Randle Edwards and Fu-mei Chang Chen, editors, Essays on China's Legal Tradition, Princeton University Press 1980, pp. 76-136.
Choi, Stephen J., "Gatekeepers and the Internet: Rethinking the Regulation of Small Business Capital Formation," The Journal of Small and Emerging Business Law, Volume 2 (Summer 1998) Number 1 [http://www.lclark.edu/~lawac/LC/jsebl/summer98.htm]
Cohen, Lloyd, "Marriage, Divorce, and Quasi Rents; Or 'I Gave Him the Best Years of My Life.'" 16 Journal of Legal Studies 267-304. (1987)
Friedman, David, A World of Strong Privacy: Promises and Perils of Encryption," Social Philosophy and Policy (1996), pp. 212-228. [http://www.best.com/~ddfr/Academic/Strong_Privacy/Strong_Privacy.html]
Friedman, David, ÒWhy Not Hang Them All: The Virtues of Inefficient Punishment,Ó Journal of Political Economy, vol. 107, no. 6 1999 pp. S259-269.
Friedman, David, "Privacy and Technology", Social Philosophy and Policy. 17:2 (Summer 2000)
David D. Friedman and Kerry L. Macintosh, "The Cash of the Twenty-First Century," Santa Clara Computer and High Technology Law Journal, 17 Santa Clara Computer & High Tech. L.J. 273, 2001(273)
Friedman, David D. and Macintosh, Kerry L. "Technology and the Case for Free Banking", chapter in The Half-life of Policy Rationales : How New Technology Affects Old Policy Issues. Klein, D. and Foldvary, F., editors. New York University Press (2003)
Friedman, David, "The Case For Privacy" in Contemporary Debates in Applied Ethics, Blackwell. (2004)
Friedman David, "Contracts in Cyberspace," 6 Journal of Internet Law 12 (Dec. 2002).
Klein, B. and Leffler, K. (1981). "The Role of Market Forces in Assuring Contractual Performance," Journal of Political Economy. 89, 615-641.
Margoliouth, D.S. (tr), The Table-Talk of a Mesopotamian Judge, by al-Muhassin ibn Ali al-Tanukhi, Royal Asiatic Society (1922).
Nelson, P. ( 1974) "Advertising as Information," Journal of Political Economy 76, 729-754.
Siegler, Marc, Earthweb, (Baen Books: 1999).
Vinge, Verner, "True Names," included in True Names and Other Dangers. Baen (1987).
Williamson, O. E. (1983) "Credible Commitments: Using Hostages to Support Exchange," American Economic Review. 83, 519-540.
[1] I would like to thank Bruce Benson for permitting me to read a manuscript of his which makes some of the same argument as this article from a somewhat different perspective. I have felt free to avail myself of his references where they were relevant to my argument, and have included a number of relevant articles by Benson in the list of references at the end of this piece. An earlier version of part of this chapter was published in the Journal of Internet Law (Friedman 2002).
[2] "The major publication in the area of customary law was Taiwan Shiho [the Private Law of Taiwan] (1910), a six-volume work which reprinted and analyzed documents pertaining to land law, family law, personal property and commercial law É with seven volumes of reference materials É ."
[3] "Of the 346 statutes in the Code, only eight dealt at all with what is usually called commercial law."
[4] There were
a few exceptions--Ðmost
notably
for a dye shop that would have cloth in it to be dyed.
[5] By Cosmas Indicopleustes and in the fifth century B.C. by Herodotus.
[6] The situation without the deposit or hostage is shown by the grey lines on figures 1b and 1c.
[7] This point was suggested to me by R.C. Friedman.
[8] This problem parallels a similar issue in the use of inefficient punishments, such as imprisonment, in criminal law as a way of reducing the risk of setting off a rent seeking struggle as some people attempt to use control of the criminal law to expropriate others. Thus we sometimes observe an inefficient punishment converted into a less inefficient punishment when police or prosecutors let one criminal off in exchange for testimony (true or false) that will allow them to convict another (Friedman 1999).
[9] Friedman (2002), on which this article is in part based, includes a simple model of reputational enforcement showing the link between cost to third parties and the amount of cheating.
[10] Some
readers may associate
arbitration primarily with institutions for settling disputes that are
selected
only after the dispute arises. In this article, my primary interest is
in
arbitrators chosen in advance--Ðby
parties
when they sign a contract that might lead to future disputes.
[11] For a discussion both of the puzzle of why people favor more privacy, for others as well as themselves, and of the relation between privacy and technology, see Friedman (2000).
[12] The
process used for digital
signatures in the real world is somewhat more elaborate than this, but
the
differences are not important for the purposes of this article. A
digital
signature is produced by using a hash function to generate a message
digest--Ða
string of
numbers much shorter than the message it is derived from--Ðand
then
encrypting the message digest with the sender's private key. The
process is
much faster than encrypting the entire message and almost as secure. It
also
means that it is possible to read the message without bothering to
check the
signature.
[13] Strictly speaking, what the third party learns is that the accused either is not trustworthy or has agreed to use a dishonest or incompetent arbitrator. The latter alternative implies that while the accused may not be dishonest, save in the very limited sense of refusing to be bound by his own mistake, he is incompetent.
[14] As Bruce Benson has pointed out, this development is closely analogous to the development of the Lex Mercantoria in the early Middle Ages. That too was a system of private law enforced by reputational penalties, in an environment where state law was inadequate for contract enforcement, due in part to legal diversity across jurisdictions (Benson 1998b,c).
[15] The first discussion of privacy through anonymity online of which I am aware of was in a work of fiction by a computer science professor, Verner Vinge's novelette "True Names." A good recent description of the combination of anonymity with online reputation occurs early in Marc Siegler's novel Earthweb.
[16] A firm that breaches a contract but pays damages according to the terms specified in the contract has not cheated in the sense in which I am using the terms. To cheat, it must both breach the contract and fail to pay any damages agreed on in advance or awarded by a pre-agreed upon arbitrator.
[17] Earthweb contains an entertaining illustration of this point. A central character has maintained two online personae, one for legal transactions, with a good reputation, and one for quasi-legal transactions, such as purchases of stolen property, with a deliberately shady reputation. At one point in the plot, his good persona is most of the way through a profitable honest transaction when it occurs to him that it would be even more profitable if, having collected payment for his work, he failed, at the last minute, to deliver. He rejects that option on the grounds that having a persona with a good reputation has just given him the opportunity for a profitable transaction; if he destroys that reputation it will be quite a while before he is able to get other such opportunities.
[18] For a discussion of how such currency would work, see Friedman and Macintosh (2001, 2003).