Permissionlessness

: “Permissionlessness” is a term often used in association with public blockchains. In this glossary entry, we explore the origins, evolution, and coexisting uses and meanings of the term “permissionless” to contextualise it. We argue that a technosocial system is deemed permissionless if it is possible to participate in the use, development, and governance of that system or infrastructure without requiring permission from an authority, by adhering to publicly stated procedures. This term is much more broadly applicable then just blockchain systems although it is relevant to decentralized systems. It can be conceptualised as a technical attribute, an ideology, and a cultural value, and links to the access, control, governance, entry and exit of an open information system.


Origin
The term 'permission' comes from the Latin word 'permissio' -the act of permitting, in granting formal consent or authorisation (American Heritage Dictionary, 2000).
In law, "permission" refers to the authority to act, as expressed or implied (Bouvier, 1856). The antithesis, 'permissionless' , means without permission, or the ability to act without requiring another to allow that action. The notion of "permissionlessness" in relation to distributed technologies is both a technical attribute, and ideology, and a cultural value that emerged with the early internet.
In a technical context, permissionlessness refers to the open technical specifications in the network layer of the underlying protocols of the internet that avoids the cost of "permissioning" when transmitting data packets. The higher-level protocols for displaying websites also adhered to open specifications ("Hypertext Transfer Protocol" or HTTP). This innovation means that anyone is free to read, write, and share digital information across interactive links without needing to seek permission from a central authority or gatekeeper, whereas prior to this, people were limited to local intranets on private networks. A culture of open source software development whereby anyone can verify or modify the underlying codebase helped enable permissionless protocols and innovation (Raymond, 2000).
The technical attributes of permissionless systems interplay with ideological values around freedom and anti-authoritarianism. For example, the "Cypherpunk" contributors to the technical developments and political ideology of decentralised digital infrastructure state "We're free individuals, able to say what we wish, meet in secret meetings without the permission of the government, and learn anything we wish to" (May, 1992).In a sociological context, permissionlessness is also a cultural value that emerged in early internet culture. "Permissionless innovation" is a counterculture value from the 1960s and 1970s about no central ownership or control, and not having to ask anyone for permission (Naughton, 2014;Web Foun-dation, 2017). Computer scientist and credited inventor of the World Wide Web, Tim Burners-Lee states that the internet is a force for free and open creativity outside of walled gardens: "It was all based on there being no central authority that you had to go to to ask permission" (Brooker, 2018). Digital networked infrastructures can be described as both social and technical, as "infrastructures for communication, cooperation and common value creation…allow for permission-less interlinking of human co-operators and their technological aids" (Kostakis and Bauwens, 2014, 55). An ideological purity towards free access to decentralised technologies developed in parallel to these technical capabilities, with some arguing that "true distributed networks are permission-less" and "not dependent on powerful obligatory hubs" (Bauwens, 2009). 'Permissionlessness' has come to broadly refer to anyone being able to use the infrastructure as common property with no selection process to participation.
These technical and cultural values were strongly amplified by adherents to influential technology communities, such as the free-software and open-source software movements (Stallman, 2002;Raymond, 2000). In these movements, the source code for computer programmes is available for users to modify it for their own use. Some principles of "permissionlessness" have also been defended against political and regulatory institutions by organizations such as the Electronic Frontier Foundation (EFF), which was formed in 1990 to define and protect internet based civil liberties, such as open access to "Pretty Good Privacy" (PGP) digital encryption to rallying against bans on cryptocurrencies (Electronic Frontier Foundation, 2021).

Evolution
Permissionless protocols have required, and also enabled new forms of social organisation and governance to evolve, including "Transmission Control Protocol and the Internet Protocol" or TCP/IP, and "Simple Mail Transfer Protocol" or SMTP. An important evolution in permissionless distributed technologies is the establishment and continuous development of standards to govern permissionless systems and allow them to scale. Although the foundation of permissionless systems is free access for anyone, permissionless systems still need to be governed at higher levels of the technology stack to manage unintended, negative consequences of free access. For example, the 'World Wide Web Consortium' (W3C), directed by Tim Burners-Lee, was founded in 1994 to develop open standards to ensure the longterm growth of the Web (W3C, 2021). These consensus-based standards offer recommendations to guide the technical specifications of how the system architec-ture should be developed.
Another example whereby permissionless systems still require governance mechanisms to function in practice is The Simple Mail Transfer Protocol (SMTP). SMTP is the protocol that facilitates email. A negative externality of permissionless email is the ability for anyone to freely send unsolicited junk mail, or 'spam' (Brunton, 2013). Spam is an example of the unintended consequence of open information networks that requires innovation in the governance of undesirable behaviour.
This limitation of the base layer permissionless protocol is managed through governance mechanisms. This issue of spam in SMTP is solved by credentialing authorities that enforce processes and norms around automatically filtering incoming emails at higher levels of the technology stack. Modern email servers will reject or at least deprioritize messages that come from addresses on untrusted domains or which lack certificates from a relevant certificate authority by marking them as 'junk' . Although it involved institutions, some level of intervention, and in some ways partial censorship, this up-stack governance to manage the negative consequences of access to the system helps to ensure the ideal of permissionlessness can persist, as long as governance is polycentric, rather than monocentric. SMTP is arguably a failed example of permissionlessness, as access to the global network is gated by access to the internet and the rules of access control are not clearly specified. This demonstrates how permissionless protocols have adapted over time to develop and incorporate governance mechanisms and processes to manage negative externalities. The sophistication and automation of these processes is constantly evolving.
Permissionless technological infrastructure was essential for the social evolution of the participatory systems that followed. The countercultural ideologies of the early internet influenced blockchain communities (Brunton, 2019). A resurgence of technical, cultural, and scholarly interest in 'permissionless' information infrastructures emerged in the wake of the Bitcoin whitepaper in 2008. Although the whitepaper does not mention "permissionless" directly, it makes numerous references to the ideals of the early internet and further develops these ideas of independence for "trust minimization" and "peer-to-peer" transactions without central intermediaries (Nakatomo, 2008). Bitcoin further mitigated the "Byzantine agreement problem", for agreement in distributed open networks (Lamport, Shostak, & Pease, 1982;Sherman et al., 2018). The ability to coordinate payments without intermediaries inspired an explosion in distributed consensus mechanism research in the field of computer science and economics (Xiao et al., 2020;Neudecker & Hartenstein, 2019). The explosion in innovation and development of public blockchains has led to the resurgence of the technical attribute and cultural value of "permissionless" networks.
"Decentralised Autonomous Organisations" (or "DAOs") represent a more recent class of "permissionless" organisation for participatory, technology-mediated systems that share a common goal (Larimer, 2013;Buterin, 2017). Within blockchain communities, DAOs are understood as a blockchain-based system that enables people to govern themselves, independent from central control (Hassan & De Filippi, 2021). DAOs refer to technologically mediated institutions, in the broad sense of the term, that are 'decentralised' , as in "distributed away from a central authoritative location or group" (Merriam-Webster, 2021), and 'autonomous' , as in "independent or self-governing" (Voshmgir et al., 2021). DAOs which are freely accessible to anyone to participate are an instantiation of 'permissionless' human-machine organisation at its logical extreme, and perhaps an evolution of the goals of the permissionless Web that more explicitly incorporate permissionless approaches to governance. There are also other approaches beyond DAOs towards how information infrastructure-enabled coordination of value and social organisation among communities can be structured, such as protocol cooperatives and distributed cooperative organisations (Bauwens & Pazaitis, 2019;Mannan, 2020).

Coexisting uses and meanings
The concepts of "permissionless" and "participatory" frequently appear together and are related. Although they frequently appear together, and are sometimes used interchangeably, they are not the same thing.
Permissionless is characterised by not needing permission to participate. These systems have a permissive boundary, meaning that no organisation mediates or controls access. Participatory systems are characterised by the ability to participate in a system in one or more ways. A common use of the term participatory is participatory governance, "which puts emphasis on democratic engagement, in particular through deliberative practices" (Fischer, 2012). Participation in an organisation operating and maintaining a digital infrastructure can include participation in multiple levels of the system, including (i) use of the infrastructure, (ii) contributing to the infrastructure's development, or (iii) engaging in governance of the infrastructure. Systems that are permissionless are necessarily participatory, yet those that are participatory are not always permissionless. Exclusivity can be a value proposition in participatory systems that are permissioned. An example of this is a semipermissioned blockchain consensus mechanism, where only an approved set of validators can participate in governing the network. Different network architec-tures have various trade-offs and are fit for purpose in different cases. The context and purpose of a system, including who it serves must be clearly articulated to determine if permissionlessness is a useful attribute (Nabben, 2021). Conversely, permissionless systems may wish to consider the ways in which stakeholders participate.

Issues currently associated with the term
There are five key issues with the term permissionless, including anarchy, censorship-resistance, exit, forking, and generationalisation, which we address in turn.
Anarchy: permissionless systems or communities does not mean the absence of rules of governance or lawlessness, but rather changing the architecture of a network to remove gatekeepers and hierarchy in accessing the network (Lessig, 2009).
Activities in an anarchic network are still constrained within a surface of action and operate within the bounds of existing norms, including technical standards defined by the protocol, operational practices, and local laws (Daigle, 2014). Yet, being governed by norms and the rules of a protocol does not mean that selfish value-extraction is not possible if people can identify ways to exploit the system (Olson, 1965).
Censorship-resistance: permissionless at the technical level prevents banning someone from a digital network (or deplatforming) for any reason besides not adhering to the rules specified by the protocol (Ali et al., 2021). However, permissionless does not mean that you cannot be excluded for violating the protocol (e.g., when other nodes in a peer-to-peer network blacklist or drop connection to disconnect you from the network). In a social system, this equates to being kicked out of the community if the rules or norms of the community are violated repeatedly, through mechanisms such as graduated sanctions (Ostrom, 2005).
Exit: permissionless systems, whether cultural or technical, are defined by adherence to certain rules and norms. Those rules and norms themselves may change over time, or participants' preferences for following those rules or norms may change. In the presence of these changes a participant is faced with the options of Exit, Voice and Loyalty (Dowding, 2016). Permissionless systems that have a high cost of exit may be more effective at retaining participants, or this could work adversely, and retain undesirable participants. A particular manifestation of this concept as code is the 'rage-quit' mechanism popularized by MolochDAO, which allows participants to take their funds and exit the DAO if they disagree with a governance decision (de la Rouviere, 2021).
Forking: forking is an extreme manifestation of the permissionless ideal in all three layers (use, creation, governance) of a digital infrastructure. In both technical and cultural contexts, it is possible for disagreements to emerge regarding a particular standard, rule or norm which render two or more subgroups of digital network participants at odds. An example of this is a split in the Ethereum blockchain community following the hack of a joint investment project called "The DAO" (DuPont, 2017). Some people believed the blockchain record of transactions should be wound back to recover the funds, while others wanted to respect the "immutable" ethos of public blockchains. This led to a "fork" of the protocol and community into what we know today as Ethereum, and Ethereum Classic. The resulting forking process is a technical mechanism to resolve a community impasse by copying the software code and dividing the community of participants. This can occur without permission of the original entity. It can be interpreted as exit on a scale large enough that a new similar entity is formed, despite, or in-spite, of the existence of the original entity.
Generalisation: the term 'permissionless' has become an ideological and cultural catchcry which is applied so generally that it loses its original meaning. It has evolved from its specific application in the technical architecture of open networking to mean 'all things that are without permission' .

Conclusion
We have shown that "permissionlessness" can be conceptualised as a technical attribute, an ideology, and a cultural value. In practice, any functioning institution, including an institution that constitutes a digital infrastructure must have boundaries (Ostrom, 2005). Permissionless infrastructures are institutions where participation arises from an actor choosing to enter those boundaries, rather than an external authority or institution choosing to admit them. In contrast, participation is necessary but not sufficient for a system to be permissionless. An institution encompassing a digital infrastructure includes participation by way of (i) use of the infrastructure, (ii) contributing to the infrastructure's development, or (iii) engaging in governance of the infrastructure. In order for an infrastructure to be deemed fully permissionless in the strongest sense of the word, it must be possible to participate in its use, development, and governance without requiring permission from an authority, by adhering to publicly stated procedures.