Optimal autonomous organizations

"Imagine if the holders of Chipotle shares had to elect the next new burrito flavor."

In 2022, the distributed autonomous organization is sort of a thing. DAOs exist. They are not a joke. But we can hardly say they are mature.

The 2022 DAO standard design has not been ruthlessly optimized by experience and competition—we should not expect the current practice of the field to be in any way optimal. We should expect it to reflect the hopes of the players, not their experience.

Autonomous and sovereign are of course synonyms—or near synonyms. When we draw up a contract for a DAO, we are drawing up a constitution for a government. In both cases, there is no power above the organization that can directly regulate it; and the organization has some power (mathematical or military) that can effectively defend it from all competing powers.

Contrast the DAO with the corporation, which is anything but autonomous—while it does act independently like a sovereign, the corporation’s process is regulated by the laws of a higher government. The sovereign can do anything it wants to the company; but the company trusts it to enforce contracts, not through math but through lawyers. Have you hired a lawyer lately? Lawyers are lovely people.

Yet the architecture of the corporation has been ruthlessly optimized. Big, ambitious companies approach and exceed the scale and ambition of many historical sovereigns. If there was a better way for Apple to organize itself to build phones, or SpaceX to build rockets, probably someone would have found this way.

Instead the basic design of the Anglo-American limited-liability joint-stock company has remained roughly unchanged since the start of the Industrial Revolution—which, a contrarian historian might argue, might actually have been a Corporate Revolution. If the joint-stock design is not perfectly optimal, we can expect it to be nearly optimal.

While there is a categorical difference between these two types of organizations—we could call them first-order (sovereign) and second-order (contractual) organizations—it seems that society in the current year has very effective second-order organizations, but not very effective first-order organizations.

Therefore, we probably know more about second-order organizations. So, when designing a DAO, we should start from corporate governance, not political science.

There is a categorical difference between sovereign and contractual power. We have to adapt the corporate design for that difference—while optimizing away any ancient spandrels from the paper age.

But at least we are looking for something optimal. Let us try to rederive it from scratch, in the context of a DAO: the optimal autonomous organization, or OAO.

The uniform purpose of governance

Suppose you are an asshole and you have a governance token. This makes you an asshole with a governance token. Why do you, not some other asshole, have this token? What determines whether you do the right thing with it?

What determines whether you do the right thing with your governance token is the product of two factors: purpose and competence. Competence cannot be culturally instilled—except by filtering who gets the token. There is no such thing as uniform competence, except as enforced by some competence filter.

But we would like the culture of the governance tokenholders—the governors—to be at least uniform in purpose. They may be more or less clueful; but they all should be at least trying to solve the same abstract problem.

An optimal autonomous organization assumes the goal of the governance holders is unconflicted. Their governance actions have only one motivation: the success of the organization. Maybe this should go without saying, but it most certainly does not.

Success itself is difficult to define, of course—but ignore this problem for a moment, as each organization solves it differently. What other motivation can a governor have? You could have a conflict of purpose. As a governor, you can be conflicted in two ways:

First, you have a straightforward conflict of purpose if directing the organization to zig rather than zag would benefit you personally.

For example, insiders in an organization commonly have straightforward conflicts of purpose, which is why companies are not democratically governed by their employees. No one wants to kill their own project, etc. A more sordid conflict of purpose is the common or garden conflict of interest, in which you steer a contract to your cousin.

Second, you have a vicarious conflict of purpose if your governance token is actually a source of entertainment—if you find enjoyment and meaning in directing, or even just trying to direct, the organization. Vicarious conflicts of purpose often lead governors to push an organization ultra vires—outside its constitutional definition of success.

For example, if you have a strong sense of good and evil, you may find meaning in directing the organization to do good rather than evil, according to your personal interpretation of some specific historical situation.

If the purpose of the organization is to do good rather than evil, this is not a conflict of purpose. If the purpose of the organization is to make widgets, or to make money by selling widgets, it is. Imagine you are managing the HOA of a condo complex, but send the landscaping funds to help starving refugees in Yemen. Are you guilty of embezzling? You are.

Vicarious conflicts of purpose do not benefit the governor directly—only emotionally. But most people have emotions, and these emotions are socially mediated. Moreover, the most common socially mediated purpose of governance is not even related to good or evil—it is just the governor’s socially-mediated desire to experience status through importance. “Impact” is power and intrinsically pleasant to feeble human beings.

Direct democracy and vicarious purpose

When we look at DAOs in 2022, we see a lot of direct democracy. It is normal for the holders of governance tokens, or the equivalent, to vote directly on policy decisions. Imagine if the holders of Chipotle shares had to elect the next new burrito flavor.

Direct democracy is clearly a tradeoff in favor of a vicarious conflict of purpose. One way to define vicarious purpose is a thought-experiment: if you, a governance holder, could proxy all governance decisions irrevocably to a governance expert whom you absolutely knew would make better decisions for the organization—would you?

If so, you have no attachment to the vicarious purpose of impact. But few governors of today’s DAOs seem to be looking to surrender their power in any such way.

Constitutions designed to pander to vicarious purpose may have a much greater chance of being created. But, because management by shareholder democracy looks like an absurdly ineffective practice from the corporate perspective, constitutions which make no concession to vicarious purpose seem more likely to be efficient.

So, on a level playing field, we would expect corporations to kick the ass of DAOs. This is the most fundamental motivation for the design of the OAO, which is nothing more than a streamlined version of corporate governance translated into blockchain. But this design has absolutely no role for vicarious purpose.

We will assume that governance-token holders have no vicarious purpose—they are uniformly unconflicted in their goal of an efficient organization. Of course this is an ideal approximation, but the closer to it the better. If it does not approximate reality, reality should be educated to accommodate it.

But if vicarious purpose persists and cannot be educated away, the OAO is not the right design. Folly has always had its tax to pay.

Efficiency and accountability

The OAO is designed to maximize the combination of efficiency and accountability.

Draw the OAO as an hourglass. At the top of the OAO are the governors. Below them is an inverted pyramid which ends in a smaller pyramid. The base of this pyramidion is the board of trustees. Its tip, the tip of both pyramids, is the chief executive. Below this nexus is a right-side-up pyramid: the hierarchy of employees, as a classic orgchart.

The governors picks the board. The board picks the CEO. The CEO bosses the employees. This simple monarchical design makes everything that works in the world. Look around you—everything you see was made by a monarchy. You can probably see the work of twenty monarchies without turning your head.

The top backup pyramid provides accountability and responsibility. The bottom operating pyramid provides authority and efficiency. The combination is an accountable monarchy or responsible monarchy—essentially, a “benevolent dictatorship.”

Thousands of years of human history have proven at every scale that the pyramid-shaped hierarchy is the best way for people working together to get things done. The fundamental problem of the classic pyramidal monarchy, at a sovereign level, is the single point of failure at the top. The joint-stock design is the basis of a solution, but this solution has never been adapted well to the sovereign level.

Sovereign monarchy goes wrong less often than most think, but often enough that an unaccountable autocracy is a real problem. If accountability can be solved with little or no compromise to the efficiency of the regime, the result is probably near optimal.

The purpose of the hourglass shape is to avoid interference between efficiency and accountability. Accountability ensures a level of competence which indirectly also assures sanity—resolving the fear of a deranged, yet autonomous, CEO-dictator-king. Accountability certainly has a nonzero impact on efficiency; it cannot help but cramp the style of the CEO, especially in a crisis. But this cost can be quite tolerable.

Corporate governance is not corporate management. The CEO is always the manager. A company micromanaged by its board of directors is a disaster. Here, accountability is cutting into efficiency in a major way—but not as badly as if the shareholders were in charge directly!

The goal of a well-chosen board is simply to ensure that the CEO is excellent in every sensible way—since purely numerical targets, while incredibly useful, can always be hacked in counterintuitive ways. The board is human because humans have common sense, and the organization must not act in ways that violate common sense.

Because the board consists of professionals, and because they are not involved in the actual use of power, and because in a successful company they need not be consulted at all, the vicarious purpose of the board can be kept extremely low.

The board is not part of the operating loop of the company. A board is a backup device. Power corrupts, but power does not corrupt the board—it is as far from power, or at least any power that would conflict its interests, as possible. The whole point of a board is that it makes as few decisions as possible—making it literally independent.

A board can be repurposed for other accountability-like purposes. For example, it can approve structural decisions or even set budgets, set the CEO’s pay, etc. The board in a DAO might collectively control the cold wallet of the treasury, set the burn rate from this treasury to the organization, etc.

But when a board makes policy decisions, it becomes a player within the management of the corporation. This has more impact on efficiency—it degrades not only the performance of the company, but also of the board (which is no longer independent).

Almost all major corporate boards recognize this, and refrain from micromanaging (which, as many a startup has learned to its sorrow, any board can do)—of their own cultural volition. The purpose of a professional board can be culturally standardized in a way that is impossible for a motley crew of random governors—which is why the shareholders do not directly elect the CEO.

Securing autonomy

For a DAO to be truly autonomous, its governance must be secure against sovereign power. For a regime to be truly sovereign, its governance must be secure against all external and internal powers. These goals are slightly different but clearly related.

If the board can be pressured or coaxed by any other force to overmanage the CEO, or to malfunction in any other way, it is not an independent board. If the board is not truly independent, the OAO design does not work and should not be tried.

The advantage of the OAO is that an OAO is secure so long as (a) its process and (b) its trustees are secure. The process is secured by running the OAO on a blockchain. The trustees are secured by making them anonymous—even to each other.

So long as the trustees are anonymous, the employees and even the CEO can be completely public. They still cannot be coerced, except secretly or by surprise. Ultimately, all the assets of the OAO are under the trustees’ control. The trustees can even update the constitutional contract of the OAO.

If they sense the influence of an outside power on their employees, the trustees can get new employees, or even pick a new CEO. Without a lucky investigation, a board of anonymous trustees is almost impossible to find and kill. Autonomy is ultimately a security problem—and an anonymous board is the best solution to this problem.

Selecting the board

To select N trustees from a random pool of governors, ask every governor to either be a candidate, or delegate their support to another, wiser governor.

Every candidate’s point total is the cumulative weight of their tree of supporters. Candidates who are not in the top N either waste their points, or point their votes toward a more successful candidate.

If you see no one wiser than you, you can only be a candidate. If you are not in the top N, you might as well throw your votes toward one of them you prefer to the rest.

Once everyone stops changing their vote, the top N represent the community’s collective wisdom on who in the community is the wisest. The weighting of points is preserved, and counts in votes within the board—not every seat has equal weight.

In some cases, an OAO begins with one or more founders, not a community. In this case, the founders should select their own trustees—whose mission is to continue the founders’ vision, even if the founders die or go insane. But initial trustee selection has as many variations as there are organizations.

Cutting the cord

Of course, the board election process can run continuously—occasionally changing the board membership as the body of opinion amongst the governors shifts, and as the board changes possibly changing the CEO.

This is a terrible idea. It destabilizes the OAO by making its accountability structures vulnerable to any power that can manipulate the public opinion of the governors. The OAO starts from the assumption that public opinion is highly volatile and imperfect. The governance structure is bootstrapped from it because there is no alternative. But the governance structure should be more stable and sane than the governors, forever.

If the governors have no vicarious purpose, they should be willing to delegate their power permanently to any institution designed to be more responsible than them. If after this initial election public opinion shifts, and the opinions of the community diverge from the opinions of the trustees, the trustees are more likely to be right—since the whole point of the election was to concentrate responsibility into the trustees.

Why would any governor, if focused only on implementing responsible governance, not permanently abandon his vote to an inherently even more responsible regime? One reason might be: he likes voting. In other words, he has a vicarious purpose.

The reset button

But another reason might be: he is not quite 100% sure of the permanent perfection of the design. Is the OAO 100% inherently forever more responsible than the community of governors? Is the engineering perfect? It should be… but you never know.

One way to retain the backup accountability of the community of governors, without pandering unnecessarily to their vicarious purpose, is to give them a reset button that reboots the government completely from the start.

Board selection ends; but if, at any time in the future, the governors become absurdly dissatisfied with the board, they can reset the regime—resulting in a new election, etc. An election always starts out by producing a board aligned with the governors.

So, while the reset button exists, the governors retain their ultimate sovereignty. But they have no way at all to manage the board, except by hitting the button repeatedly—which, democracy being democracy, they will get tired of.

A reset button should have a high threshold, so that in any reasonably well-governed system it is never a serious possibility—just as in the lifecycle of most corporations there is never a single serious shareholder vote. In the long run, it is probably a bad design. In some ways it is the most conservative design, and it deserves consideration.

Anonymizing the trustees

It is difficult to anonymize the candidates in an election. We would expect election winners to be identified. Indeed, considering the threat model of the organization, there may be nothing wrong with an identified board.

But there are so many ways to pressure a fragile human being. If any entity can put pressure on the board, that entity joins the board in the circle of power—an unholy and unacceptable intrusion. And anyone whose name is known can be pressured.

Once the cord of the selection process is cut, however, board seats are the permanent property of their holders. They are tokens. They can be transferred, like any token.

And the natural and inevitable ethos of the responsible trustee, who feels no vicarious purpose at all, toward any form of pressure at all is simple: transfer the token. The receiving party should be anonymous.

Once this chain, which can grow at any time, is sufficiently long, no authority will have the practical power to trace it. A single initial transfer for each seat anonymizes the board forever, unless there is some leak—which only takes one transfer to fix.

The purpose of the trustees

What is the definition of success? Any organization is dysfunctional if it deviates from its own definition of success.

This definition must match the ethos of the trustees. Ultimately, the stability of any government or other autonomous system rests upon the ethos of some set of human beings. If this set of humans is corrupted, the government is also corrupted.

The OAO addresses this by resting its ethical stability on the trustees. Its reasoning is that, since the trustees are exposed to far smaller doses of power—ideally, replacing a retiring CEO every decade or two—they are far less likely to be corrupted by power.

Therefore, it can be assumed that the trustees have some shared ethos which they pass on to their successors. The ethos is enforced by no one—no one can fire a trustee. But since it sets a standard which no incentive is pressing against, this ethos of governance can maintain itself indefinitely.

A generic ethos

The first part of the ethos of an OAO trustee is mission-specific. The OAO (like early corporations, which were chartered with a purpose) must define its mission. Any intentional action outside this mission is ultra vires. It must displease the trustee. If the OAO’s only mission is to make money by any means necessary, this is fine; but even this mission must be written down.

The second part of the ethos is mission-independent. It includes these directives, which only the trustee’s ethical conscience can enforce:

1. The trustee votes to maximize the performance of the CEO in achieving the mission, without using any other criterion.

2. The trustee has a succession plan which will be activated in case of death or resignation, and has selected a successor of equal or greater responsibility.

3. The trustee has the responsibility to remain anonymous, and the responsibility to resign if anonymity is compromised, even to other trustees.

4. The trustee never acknowledges ownership of the seat, except to other trustees.

5. The trustee does not communicate with other trustees or with the CEO, except within an anonymous virtual meeting of all the trustees.

6. The trustee does not work in, for or with the organization.

7. The trustee does not hold more than one seat.

8. The trustee does not buy or sell a seat.

The temptation to violate these commandments is fairly weak. Also, the damage done if some small percentage of the trustees violates them is fairly small. Again, since the structure and ethos of the OAO insulate the trustees from the direct execution of power, power is unlikely to corrupt them.

And if some seats are corrupted—for instance, if a seat is offered publicly for sale—a majority of the trustees can defend themselves by rewriting the constitution.

The executive

The executive should be one, two, or (rarely) three people. Three only works because a triumvirate can take a vote; two cannot do anything without a consensus.

In general, a multiple executive tends to only work with founding executives. In that case, though, it can work quite well.

The executive should not have control of the cold assets of the OAO, only of operating cash. If the OAO is burning cash, the trustees set the burn rate. If cash dividends need to be distributed to the governors, the trustees send it directly from the cold wallet. The trustees must always be the direct stewards of the OAO’s capital and treasury.

Three types of OAO

The three types of OAO are sovereign, legal, and illegal.

A sovereign OAO is a government with a monopoly of force over some territory and population. The problem in a sovereign OAO is how to give the CEO control over the military, whose guns do not care about the blockchain.

The solution is a system of military weapons which do care about the blockchain—which use permissive action links all the way down to the handgun. As a result, the CEO can decide which units can or cannot fire their weapons—a decisive factor, to say the least, in any attempt at civil strife or rebellion.

A legal OAO is protected by law—law may even help it enforce its contracts. A legal OAO may not even need its trustees to be anonymous. But it may want this anyway.

A criminal OAO is a sovereign OAO without a monopoly of force. As a result, all its operations must be protected from every kind of sovereign force. Its assets must be privacy coins; its CEO and employees must be anonymous, as well as its trustees and its governors. Yet the effectiveness of this design for, say, a drug cartel, is undeniable. This is a scientific assessment, not an endorsement.

Summary

The DAO is a fun and workable concept which many people are trying, but which has not yet learned to punch at its full weight when in the ring with “real” corporations.

This is because DAOs have all been governed (a) by committee, (b) by democracy, or (c) by informal power structures. These forms of governance have no chance in any equal competition with a joint-stock corporation, which has the advantage of autocratic efficiency—the company’s trains run on time. So they are confined to protected niches.

An OAO is a DAO running a modern version of the joint-stock design. Eliminating the official rituals that slow down every official corporation, while maintaining the management structure that makes those corporations scalable and efficient, might produce a more equal competition between new and old management forms.