Blockchain Governance Overview: Chronicled and Mediledger

This article provides an overview of the current design of blockchain governance for the Mediledger Project from the viewpoint of its designers at Chronicled.

The questions are drawn from the Wharton Cryptogovernance Workshop’s 20-question “short version” questionnaire. (I had a hand in creating the “long version.”) Both questionnaires are useful for providing a common set of questions, the answers to which should provide a reasonably thorough overview of the governance of a specific blockchain system.

My goal here, working in parallel with others from the Wharton Cryptogovernance Workshop (WCW), is to provide several overviews of functioning systems, public and private. Our hope is that these overviews will serve to advance the state of the art and science of blockchain governance, by letting practitioners and academics look at many different systems that have all been examined through a common lens. A partial list of these overviews is available here.

Narrative Summary

The Mediledger toProject was started in 2017 with the intent to see how blockchain could support solving a particular industry’s regulatory mandate — namely the US pharmaceutical industry’s mandates from the US Food and Drug Administration and the Drug Supply Chain Security Act (DSCSA). The DSCSA requires the creation of an “electronic, interoperable system” by which all parties involved in the prescription drugs supply chain to be able to identify and trace those drugs as they are distributed in the US.

The stakeholders include pharmaceutical manufacturers, wholesale distributors, logistics providers, retail pharmacies, and others.

Since the mandate is to create an interoperable electronic system, it seems natural that blockchain technology would be a good option, which it has indeed proven to be.

The first solution that went live this past month is to address Product Verification, a requirement of the DSCSA law for all drugs returned and resold.

The governance of Mediledger appears to be largely informal, as revealed below in the detailed Q&A.

  • Formal elements include the “Network Charter” that network participants agree to abide by, and the business contract that users of the system sign with Chronicled.

While technically and technologically decentralized — the system runs Enterprise Ethereum with Proof of Authority consensus on multiple independent nodes — it is politically neutral, and is legally centralized via Chronicled’s position as Network Manager. I personally don’t consider that to be a problem, since the system is not trying to be a public mainnet, has no tokens to steal, and affords no competitive advantages among participants. (Many of the knee-jerk expectations of the crypto community around decentralization are irrelevant or harmful in the case of private, consortium-based blockchains.)

Chronicled was able to pull together a consortium of many large pharmaceutical manufacturers and distributors, including Pfizer, McKesson, and Genentech, and technology providers including PwC and SAP. By one estimate, Mediledger will support verification of greater than 90% of the prescription drugs re-sold in the US.

As an interviewer, my sense is that this project has been at least 50% political/relationship/trust building, and no more than 50% technology. Without a critical mass of early adopters, this project would have failed; maintaining the confidence of those early adopters, especially before there was a working system, had to have been an exercise in continual diplomacy, industry alignment, and collaboration. Additionally, there was a natural Schelling point of having a single system uniting the competitors in the industry, but none of the existing competitors could have credibly proposed the single system. Only a neutral outsider like Chronicled could have made it happen.

Assessment of Governance

My personal tentative conclusion is that Chronicled has been very wise to take a lightweight approach to governance, building on strong relationships among a relatively small number of known stakeholders, and setting forth a clear “north star” for handling emergent problems. I’ll feel more confidence in this conclusion after the system has run for a year and has weathered at least one crisis.

Other Features of Note

Although not relevant to governance, the Mediledger system has some very clever data privacy mechanisms that deserve a broader look, and that I think could serve as a model for other blockchain designs.

Detailed Questions and Answers

Respondent(s)

  • Interview date 17-Oct-2019

Project Description

1. What are the purposes, goals, or scope of the project?

See website — product verification is the focus here today. This project is a success if it allows participants to use it as the US federally mandated electronic, interoperable system by which all parties involved in the prescription drugs supply chain to be able to identify and trace those drugs as they are re-sold in the US. The goals are regulatory compliance, drug supply security, and patient safety.

2. What, if any, are the coordinating entities, and what are their functions? (For example, a foundation, software development corporation, DAO, etc.)

Chronicled; also the node operators; solution providers; individual companies — there is a working group of pharmaceutical companies who sign an agreement and pay a fee; users of the service do so via a contact directly with Chronicled, or the solution provider they chose to work with (i.e. SAP’s customers have contracts with SAP).

3. Are network participants identified, and if so, how? (For example, by keypair associated with accounts or UTXOs, wallet number, government ID, etc.)

The system is permissioned. Each company is identifiable by its GS1 Company Prefix and GLN [the GLN is the GS1 Identification Key used for any location (physical, operational or legal) that needs to be identified for use in the supply chain], and there is manual KYC to verify it.

Stakeholder Groups

4. Does the project’s software code delineate groups with particular functions? (For example, those who can propose changes, arbitrate disputes, or vote tokens on behalf of others.)

There is no voting and no software driven governance. When onboarded, a company has specific abilities / access / roles based on what they do in the industry. Part of KYC and onboarding.

4. (continued): If so, please describe them and their operations in detail. (For example, how participants gain access, how the groups interact with the network and each other, and whether there are mechanisms to add, change, or exclude groups.)

Any firm that meets the definition of a market participant (currently driven by the Authorized Trading Partner (ATP) definitions as laid out in the DSCSA) is free to join without exclusion. Very open if the company meets the ATP criteria.

5. Are there other important groups either constituted informally, or specified through legal arrangements?

Solution providers or companies themselves can run nodes (SAP has the contract with Chronicled and the pharma companies work with SAP; other providers are in a similar position to SAP; these solution providers do some of the KYC functions.)

All node operators will have a channel to provide feedback into the governance group after go-live.

Incentive Schemes

6. What behaviors does the project seek to incentivize? How are such behaviors incentivized? (For example, financial benefits, belief in shared values, costs of network failure, or costs of exiting the network)

No tokens; companies that run nodes have an interest in solving the business problem, i.e. meeting regulatory requirements. That’s all the incentive anyone needs today. No mining, no inflation, no slashing, no token.

7. (For operational projects): How well are the incentives and governance mechanisms functioning in practice?

N/A — system was not in production at time of interview.

8. Is there a system to pay for infrastructure, protocol upgrades, development work, network enhancements and/or other work deemed to be in the interest of the network? If so, how does it operate?

Users are paying to access the system. Node operators pay to run their own nodes. No other structures or institutions exist currently.

Governance Powers

9. What makes a governance decision associated with this project legitimate or illegitimate?

Legitimate governance decisions unfold bi-directionally: Industry proposes (and Chronicled agrees to support) or Chronicled proposes (and the industry doesn’t object).

The stated values of the system are “Industry first; companies second; Chronicled third” and Chronicled is intent on showing that nobody is getting an advantage over anyone else. There’s a shared value that every global rule needs to be equally beneficial to all. “Consensus through collaboration.” Some needs can be met w/ 1:1 interactions w/ Chronicled. There was one individual whose requests couldn’t be honored. The system mantra is to serve the industry dispassionately and equitably. Chronicled earns a reasonable profit. The “Network Charter” states some of the shared values and some more technical expectations as well. The respondents were firm in saying “Blockchain is a team sport.”

10. Who has power to introduce governance proposals, and how does that process operate?

Any steering committee member or node operator can introduce change proposals of their own or from customers; any issues raised will be addressed by Chronicled. The ‘true north’ is the business requirement to be solved and the regulations to be followed.

11. Who has policy-setting (“legislative”) power to decide on proposals, and how does that process operate?

There is a functioning method of establishing consensus via collaboration and discussion.

12. Who has implementation (“executive”) power to execute proposals once decided upon, and how does that process operate?

For a software upgrade for example (planned vs emergency), it’s the node operators who follow the Network Charter. Chronicled coordinates the activities as the “network manager”

13. Who has interpretive (“judicial”) power to resolve disputes over application of a policy to a specific instance, and how does that process operate?

Chronicled takes the lead. The need for governance is light because the system has been designed to be light. The “industry first” value deflects most disputes — more than one might imagine. The contracts that people sign coming in (that Chronicled designed) have some teeth about ensuring that nodes run well. The governance group is the venue for airing issues and finding resolution. The rules do have an escalation path, which has never been used; all participants seek to avoid it.

14. What checks and balances, or systems of accountability, exist among these governance powers?

If Chronicled got out of hand, people would leave the network. This incentivizes Chronicled to respect priorities and governance processes that preserve network participation. There is a different work group for each specific problem or problem type. There are no obvious competitive advantages to be seized by tweaking the system, so folks have a primary incentive to just make the “plumbing” work.

Governance Procedure

15. Are there systems for non-binding signals or binding votes on governance decisions? If so, please describe them in detail: How is information communicated, who has the right to vote/signal, and how is the process conducted?

The group is small enough to have conversations. Chronicled has reviewed with industry experts a variety of approaches on how to form and drive governance. The guidance has been “avoid voting.” There are 800 manufacturers and 3 main distributors (100+ distributors in total) involved with the system, which would complicate voting. There’s another industry group out there doing a big arrange-the-chairs exercise around voting; the respondents are glad to be avoiding it.

16. Are there distinctions between which decisions can be made by ordinary processes (for example, majority votes) and which require extraordinary processes (for example, supermajority votes)? If so, explain how each category operates.

If something minor is broken, Chronicled gets to fix it and notify all stakeholders. For major protocol or software changes, Chronicled will go through a consensus process with the governing body before making changes.

17. Are there aspects that can never be changed through governance processes, short of a contentious hard fork of the network?

Not applicable. The priorities may be the closest thing (Industry first, etc)

18. Are there mechanisms that make changing the project easier or harder?

Everything is hard. ;-)

19. What major revisions to governance mechanisms have been made, or are under consideration, and why?

One of our ethos elements is, Chronicled has no access to anyone’s data. There is of course the possibility of errors and mistakes; there may be interim controls in place that can be used to recover from error states, that they can give up once things are more solid and stable. E.g. access to troubleshooting data.

Catch-All Question

20. If there are any significant aspects of the project’s governance that you have not described, please provide details here.

“The only thing we can think of is, that there is a lot of flexibility in setting the conditions for joining the organization, so we can include as many as possible.”

  • The MediLedger working group supports leveraging all existing industry working groups and standards bodies, with current collaboration in place with GS1, HDA and PDSA. Chronicled has great working relationships with them and doesn’t seek to step into their turf.

Edits and Errata

After this was published, I discovered that my employer StrongBlock shares a key investor with Chronicled. This could be seen as a conflict of interests (between my interest in writing a clear, fair article and my interest in pleasing my investors), so I disclose it here for your consideration.

President of Becoming a Best Boss Training & Coaching