The Cyphernomicon

12. Digital Cash and Net Commerce

12.1. copyright
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
1994-09-10, Copyright Timothy C. May. All rights reserved.
See the detailed disclaimer. Use short sections under «fair
use» provisions, with appropriate credit, but don’t put your
name on my words.

12.2. SUMMARY: Digital Cash and Net Commerce
12.2.1. Main Points

  • strong crypto makes certain forms of digital cash possible
  • David Chaum is, once again, centrally involved
  • no real systems deployed, only small experiments
  • the legal and regulatory tangle will likely affect
    deployment in major ways (making a «launch» of digital cash
    a notrivial matter)
    12.2.2. Connections to Other Sections
  • reputations
  • legal situation
  • crypto anarchy
    12.2.3. Where to Find Additional Information
  • http://digicash.support.nl/
    12.2.4. Miscellaneous Comments
  • a huge area, filled with special terms
  • many financial instruments
  • the theory of digital cash is not complete, and confusion
    abounds
  • this section is also more jumbled and confusing than I’d
    like; I’ll clean it up in fufure releases.

12.3. The Nature of Money
12.3.1. The nature of money, of banking and finance, is a topic that
suffuses most discussions of digital cash. Hardly surprising.
But also an area that is even more detailed than is crypto.
And endless confusion of terms, semantic quibblings on the
list, and so on. I won’t be devoting much space to trying to
explain economics, banking, and the deep nature or money.
12.3.2. There are of course many forms of cash or money today (these
terms are not equivalent…)

  • coins, bills (presumed to be difficult to forge)
    • «ontological conservation laws»–the money can’t be in
      two places at once, can’t be double spent
    • this is only partly true, and forgery technology is
      making it all moot
  • bearer bonds and other «immediately cashable» instruments
  • diamonds, gold, works of art, etc. («portable wealth»)
    12.3.3. Many forms of digital money. Just as there are dozens of
    major forms of instruments, so too will there be many forms
    of digital money. Niches will be filled.
    12.3.4. The deep nature of money is unclear to me. There are days
    when I think it’s just a giant con game, with value in money
    only because others will accept it. Other days when I think
    it’s somewhat tied to «real things» like gold and silver. And
    other days when I’m just unconcerned (so long as I have it,
    and it works).
    12.3.5. The digital cash discussions get similarly confused by the
    various ideas about money. Digital cash is not necessarily a
    form of currency, but is instead a transfer mechanism. More
    like a «digital check,» in fact (though it may give rise to
    new currencies, or to wider use of some existing
    currency…at some point, it may become indistinguishable
    from a currency).
    12.3.6. I advise that people not worry overly much about the true and
    deep nature of money, and instead think about digital cash as
    a transfer protocol for some underlyng form of money, which
    might be gold coins, or Swiss francs, or chickens, or even
    giant stone wheels.
    12.3.7. Principle vs. Properties of Money
  • Physical coins, as money, have certain basic properties:
    difficult to counterfeit, pointless to counterfeit if made
    of gold or silver, fungibility, immediate settling (no need
    to clear with a distant bank, no delays, etc.),
    untraceability, etc.
  • Digital cash, in various flavors, has dramatically
    different properties, e.g., it may require clearing, any
    single digtital note is infinitely copyable, it may allow
    traceability, etc. A complicated mix of properties.
  • But why is physical money (specie) the way it is? What properties account for this? What are the core principles that imply these properties?
    • hardware (specie like gold) vs. software (bits, readily
      copyable)
    • immediale, local clearing, because of rational faith that
      the money will clear
    • limits on rate of transfer of physical money set by size,
      weight of money, whereas «wire fraud» and variants can
      drain an account in seconds
  • My notion is that we spend too much time thinking about the
    principles (such as locality, transitivity, etc.) and
    expect to then derive the properties. Maybe we need to
    instead focus on the objects, the sets of protocol-
    derived things, and examine their emergent properties. (I
    have my own thinking along these lines, involving «protocol
    ecologies» in which agents bang against each other, a la
    Doug Lenat’s old «Eurisko» system, and thus discover
    weaknesses, points of strength, and even are genetically
    programmed to add new methods which increase security.
    This, as you can guess, is a longterm, speculative
    project.)
    12.3.8. «Can a «digital coin» be made?»
  • The answer appears to be «no»
  • Software is infinitely copyable, which means a software representation of digital money could be replicated many times
    • this is not to say it could be spent many times,
      depending on the clearing process…but then this is not
      a «coin» in the sense we mean
  • Software is trivially replicable, unlike gold or silver
    coins, or even paper currency. If and when paper currency
    becomes trivially replicable (and color copiers have almost
    gotten there), expect changes in the nature of cash.
    (Speculation: cash will be replaced by smart cards,
    probably not of the anonymous sort we favor.)
  • bits can always be duplicated (unless tied to hardware, as with TRMs), so must look elsewhere
    • could tie the bits to a specific location, so that
      duplication would be obvious or useless
    • the idea is vaguely that an agent could be placed in
      some location…duplications would be both detectable
      and irrelevant (same bits, same behavior, unmodifiable
      because of digital signature)
  • (this is formally similar to the idea of an active agent
    that is unforgeable, in the sense that the agent or coin is
    «standalone»)
    12.3.9. «What is the ‘granularity’ of digital cash?»
  • fine granularity, e.g., sub-cent amounts
    • useful for many online transactions
    • inside computers
    • add-on fees by interemediaries
    • very small purchases
  • medium granularity
    • a few cents, up to a dollar (for example)
    • also useful for many small purchases
    • close equivalent to «loose change» or small bills, and
      probably useful for the same purposes
    • tolls, fees, etc.
    • This is roughly the level many DigiCash protocols are
      aimed at
  • large granularity
    • multiple dollars
    • more like a «conventional» online transaction
  • the transaction costs are crucial; online vs. offline
    clearing
  • Digital Silk Road is a proposal by Dean Tribble and Norm
    Hardy to reduce transaction costs
    12.3.10. Debate about money and finance gets complicated
  • legal terms, specific accounting jargon, etc.
  • I won’t venture into this thicket here. It’s a specialty
    unto itself, with several dozen major types of instruments
    and derivatives. And of course with big doses of the law.

12.4. Smart Cards
12.4.1. «What are smart cards and how are they used?»

  • Most smart cards as they now exist are very far from being the anonymous digital cash of primary interest to us. In fact, most of them are just glorified credit cards.
    • with no gain to consumers, since consumes typically don’t
      pay for losses by fraud
    • (so to entice consumes, will they offer inducements?)
  • Can be either small computers, typically credit-card-sized,
    or just cards that control access via local computers.
  • Tamper-resistant modules, e.g., if tampered with, they destroy the important data or at the least give evidence of having been tampered with.
    • Security of manufacturing
    • some variant of «cut-and-choose» inspection of
      premises
  • Uses of smart cards
    • conventional credit card uses
    • bill payment
    • postage
    • bridge and road tolls
    • payments for items received electronically (not
      necessarily anonymously)
      12.4.2. Visa Electronic Purse
      12.4.3. Mondex

12.5. David Chaum’s «DigiCash»
12.5.1. «Why is Chaum so important to digital cash?»

  • Chaum’s name appears frequently in this document, and in
    other Cypherpunk writings. He is without a doubt the
    seminal thinker in this area, having been very nearly the
    first to write about several areas: untraceable e-mail,
    digital cash, blinding, unlinkable credentials, DC-nets,
    etc.
  • I spoke to him at the 1988 «Crypto» conference, telling him
    about my interests, my ‘labyrinth’ idea for mail-forwarding
    (which he had anticipated in 1981, unbeknownst to me at the
    time), and a few hints about «crypto anarchy.» It was clear
    to me that Chaum had thought long and deeply about these
    issues.
  • Chaum’s articles should be read by all interested in this
    area. (No, his papers are not «on-line.» Please see the
    «Crypto» Proceedings and related materials.)
  • [DIGICASH PRESS RELEASE, «World’s first electronic cash
    payment over computer networks,» 1994-05-27]
    12.5.2. «What’s his motivation?»
  • Chaum appears to be a libertarian, at least on social
    issues, and is very worried about «Big Brother» sorts of
    concerns (recall the title of his 1985 CACM article).
  • His work in Europe has mostly concentrated on unlinkable
    credentials for toll road payments, electronic voting, etc.
    His company, DigiCash, is working on various aspects of
    digital cash.
    12.5.3. «How does his system work?»
  • There have been many summaries on the Cypherpunks list. Hal
    Finney has written at least half a dozen, and others have
    been contributed by Eric Hughes, Karl Barrus, etc. I won’t
    be including any of them here….it just takes too many
    pages to explain how digital cash works in detail.
  • (The biggest problem people have with digital cash is in
    not taking the time to understand the basics of the math,
    of blinding, etc. They wrongly assume that «digital cash»
    can be understood by common-sense reasoning about existing
    cash, etc. This mistake has been repeated in several of the
    half-assed proposals for «net cash» and «digi dollars.»)
  • Here’s the opening few paragraphs from one of Hal’s
    explanations, to provide a glimpse:
    • «Mike Ingle asks about digicash. The simplest system I
      know of that is anonymous is the one by Chaum, Fiat, and
      Naor, which we have discussed here a few times. The idea
      is that the bank chooses an RSA modulus, and a set of
      exponents e1, e2, e3, …, where each exponent ei
      represents
      a denomination and possibly a date. The exponents must
      be relatively prime to (p-1)(q-1). PGP has a GCD routine
      which can be used to check for valid exponents.. «As with RSA, to each public exponent ei corresponds a
      secret exponent di, calculated as the multiplicative
      inverse of ei mod (p-1)(q-1). Again, PGP has a routine
      to calculate multiplicative inverses. «In this system, a piece of cash is a pair (x, f(x)^di),
      where f() is a one-way function. MD5 would be a
      reasonable choice for f(), but notice that it produces a
      128-bit result. f() should take this 128-bit output of
      MD5 and «reblock» it to be an multi-precision number by
      padding it; PGP has a «preblock» routine which does this,
      following the PKCS standard. «The way the process works, with the blinding, is like
      this. The user chooses a random x. This should probably
      be at least 64 or 128 bits, enough to preclude exhaustive
      search. He calculates f(x), which is what he wants the
      bank to sign by raising to the power di. But rather than
      sending f(x) to the bank directly, the user first blinds
      it by choosing a random number r, and calculating D=f(x)
    • r^ei. (I should make it clear that ^ is the power
      operator, not xor.) D is what he sends to the bank,
      along with some information about what ei is, which tells
      the denomination of the cash, and also information about
      his account number.» [Hal Finney, 1993-12-04]
      12.5.4. «What is happening with DigiCash?»
  • «Payment from any personal computer to any other
    workstation, over email or Internet, has been demonstrated
    for the first time, using electronic cash technology. «You
    can pay for access to a database, buy software or a
    newsletter by email, play a computer game over the net,
    receive $5 owed you by a friend, or just order a pizza. The
    possibilities are truly unlimited» according to David
    Chaum, Managing Director of DigiCash TM, who announced and
    demonstrated the product during his keynote address at the
    first conference on the World Wide Web, in Geneva this
    week.» [DIGICASH PRESS RELEASE, «World’s first electronic
    cash payment over computer networks,» 1994-05-27]
  • DigiCash is David Chaum’s company, set up to commercialize
    this work. Located near Amsterdam.
  • Chaum is also centrally invovled in «CAFE,» a European
    committee investigating ways to deploy digital cash in
    Europe
    • mostly standards, issues of privacy, etc.
    • toll roads, ferries, parking meters, etc.
  • http://digicash.support.nl/
  • info@digicash.nl
  • People have been reporting that their inquiries are not
    being answered; could be for several reasons.
    12.5.5. The Complexities of Digital Cash
  • There is no doubt as to the complexity: many protocols,
    semantic confusion, many parties, chances for collusion,
    spoofing, repudiation, and the like. And many derivative
    entities: agents, escrow services, banks.
  • There’s no substitute for thinking hard about various
    scenarios. Thinking about how to arrange off-line clearing,
    how to handle claims of people who claim their digital
    money was stolen, people who want various special kinds of
    services, such as receipts, and so on. It’s an ecology
    here, not just a set of simple equations.

12.6. Online and Offline Clearing, Double Spending
12.6.1. (this section still under construction)
12.6.2. This is one of the main points of division between systems.
12.6.3. Online Clearing

  • (insert explanation)
    12.6.4. Offline Clearing
  • (insert explanation)
    12.6.5. Double spending
  • Some approaches involve constantly-growing-in-size coins at
    each transfer, so who spent the money first can be deduced
    (or variants of this). And N. Ferguson developed a system
    allowing up to N expenditures of the same coin, where N is
    a parameter. [Howard Gayle reminded me of this, 1994-08-29]
  • «Why does everyone think that the law must immediately be
    invoked when double spending is detected?….Double
    spending is an informational property of digital cash
    systems. Need we find malicious intent in a formal
    property? The obvious moralism about the law and double
    spenders is inappropriate. It evokes images of revenge and
    retribution, which are stupid, not to mention of negative
    economic value.» [Eric Hughes, 1994-08-27] (This also
    relates to Eric’s good point that we too often frame crypto
    issue in terms of loaded terms like «cheating,» «spoofing,»
    and «enemies,» when more neutral terms would carry less
    meaning-obscuring baggage and would not give our «enemies»
    (:-}) the ammunition to pass laws based on such terms.)
    12.6.6. Issues
  • Chaum’s double-spending detection systems
    • Chaum went to great lengths to develop system which
      preserve anonymity for single-spending instances, but
      which break anonymity and thus reveal identity for double-
      spending instances. I’m not sure what market forces
      caused him to think about this as being so important, but
      it creates many headaches. Besides being clumsy, it
      require physical ID, it invokes a legal system to try to
      collect from «double spenders,» and it admits the
      extremely serious breach of privacy by enabling stings.
      For example, Alice pays Bob a unit of money, then quickly
      Alice spends that money before Bob can…Bob is then
      revealed as a «double spender,» and his identity revealed
      to whomver wanted it…Alice, IRS, Gestapo, etc. A very
      broken idea. Acceptable mainly for small transactions.
  • Multi-spending vs. on-line clearing
    • I favor on-line clearing. Simply put: the first spending
      is the only spending. The guy who gets to the train
      locker where the cash is stored is the guy who gets it.
      This ensure that the burden of maintaining the secret is
      on the secret holder.
    • When Alice and Bob transfer money, Alice makes the
      transfer, Bob confirms it as valid (or verifies that his
      bank has received the deposit), and the transaction is
      complete.
    • With network speeds increasing dramatically, on-line
      clearing should be feasible for most transactions. Off-
      line systems may of course be useful, especially for
      small transactions, the ones now handled with coins and
      small bills.

      12.6.7. «How does on-line clearing of anonymous digital cash work?»
  • There’s a lot of math connected with blinding,
    exponentions, etc. See Schneier’s book for an introduction,
    or the various papers of Chaum, Brands, Bos, etc.
  • On-line clearing is similar to two parties in a transaction
    exchanging goods and money. The transaction is clearled
    locally, and immediately. Or they could arrange transfer of
    funds at a bank, and the banker could tell them over the
    phone that the transaction has cleared–true «on-line
    clearing.» Debit cards work this way, with money
    transferred effectively immediately out of one account and
    into another. Credit cards have some additional wrinkles,
    such as the credit aspect, but are basically still on-line
    clearing.
  • Conceptually, the guiding principle idea is simple: he who
    gets to the train locker where the cash is stored first
    gets the cash. There can never be «double spending,» only
    people who get to the locker and find no cash inside.
    Chaumian blinding allows the «train locker» (e.g., Credit
    Suisse) to give the money to the entity making the claim
    without knowing how the number correlates to previous
    numbers they «sold» to other entities. Anonymity is
    preserved, absolutely. (Ignoring for this discussion issues
    of cameras watching the cash pickup, if it ever actually
    gets picked up.)
  • Once the «handshaking» of on-line clearing is accepted,
    based on the «first to the money gets it» principle, then
    networks of such clearinghouses can thrive, as each is
    confident about clearing. (There are some important things
    needed to provide what I’ll dub «closure» to the circuit.
    People need to ping the system, depositing and withdrawing,
    to establish both confidence and cover. A lot like remailer
    networks. In fact, very much like them.)
  • In on-line clearing, only a number is needed to make a
    transfer. Conceptually, that is. Just a number. It is up to
    the holder of the number to protect it carefully, which is
    as it should be (for reasons of locality, or self-
    responsibility, and because any other option introduces
    repudiation, disavowal, and the «Twinkies made me do it»
    sorts of nonsense). Once the number is transferred and
    reblinded, the old number no longer has a claim on the
    money stored at Credit Suisse, for example. That money is
    now out of the train locker and into a new one. (People
    always ask, «But where is the money, really?» I see digital
    cash as claims on accounts in existing money-holding
    places, typically banks. There are all kinds of «claims»–
    Eric Hughes has regaled us with tales of his explorations
    of the world of commericial paper. My use of the term
    «claim» here is of the «You present the right number, you
    get access» kind. Like the combination to a safe. The train
    locker idea makes this clearer, and gets around the
    confusion about «digimarks» of «e$» actually being any
    kind of money it and of itself.)

12.7. Uses for Digital Cash
12.7.1. Uses for digital cash?

  • Privacy protection
  • Preventing tracking of movements, contacts, preferences
  • Illegal markets
    • gambling
    • bribes, payoffs
    • assassinations and other contract crimes
    • fencing, purchases of goods
  • Tax avoidance
    • income hiding
    • offshore funds transfers
    • illegal markets
  • Online services, games, etc.
  • Agoric markets, such as for allocation of computer resources
    • where programs, agents «pay» for services used, make
      «bids» for future services, collect «rent,» etc.
  • Road tolls, parking fees, where unlinkablity is desired. This press release excerpt should give the flavor of intended uses for road tolls:
    • «The product was developed by DigiCash TM Corporation’s
      wholly owned Dutch subsidiary, DigiCash TM BV. It is
      related to the firm’s earlier released product for road
      pricing, which has been licensed to Amtech TM
      Corporation, of Dallas, Texas, worldwide leader in
      automatic road toll collection. This system allows
      privacy protected payments for road use at full highway
      speed from a smart card reader affixed to the inside of a
      vehicle. Also related is the approach of the EU supported
      CAFE project, of which Dr. Chaum is Chairman, which uses
      tamper-resistant chips inserted into electronic wallets.»
      [DIGICASH PRESS RELEASE, «World’s first electronic cash
      payment over computer networks,» 1994-05-27]
      12.7.2. «What are some motivations for anonymous digital cash?»
  • Payments that are unlinkable to identity, especially for things like highway tolls, bridge tolls, etc.
    • where linkablity would imply position tracking
    • (Why not use coins? This idea is for «smart card»-type
      payment systems, involving wireless communication.
      Singapore planned (and perhaps has implemented) such a
      system, except there were no privacy considerations.)
  • Pay for things while using pseudonyms
    • no point in having a pseudonym if the payment system
      reveals one’s identity
  • Tax avoidance
    • this is the one the digicash proponents don’t like to
      talk about too loudly, but it’s obviously a time-honored
      concern of all taxpayers
  • Because there is no compelling reason why money should be linked to personal identity
    • a general point, subsuming others

12.8. Other Digital Money Systems
12.8.1. «There seem to be many variants….what’s the story?»

  • Lots of confusion. Lots of systems that are not at all
    anonymous, that are just extensions of existing systems.
    The cachet of digital cash is such that many people are
    claiming their systems are «digital cash,» when of course
    they are not (at least not in the Chaum/Cypherpunk sense).
  • So, be careful. Caveat emptor.
    12.8.2. Crypto and Credit Cards (and on-line clearing)
  • Cryptographically secure digital cash may find a major use
    in effectively extending the modality of credit cards to
    low-level, person-to-person transactions.
    • That is, the convenience of credit cards is one of their
      main uses (others being the advancing of actual credit,
      ignored here). In fact, secured credit cards and debit
      cards don’t offer this advancement of credit, but are
      mainly used to accrue the «order by phone» and «avoid
      carrying cash» advantages.
    • Checks offer the «don’t carry cash» advantage, but take
      time to clear. Traveller’s checks are a more pure form of
      this.
    • But individuals (like Alice and Bob) cannot presently use
      the credit card system for mutual transactions. I’m not
      sure of all the reasons. How might this change?
    • Crypto can allow unforgeable systems, via some variant of
      digital signatures. That is, Alice can accept a phoned
      payment from Bob without ever being able to sign Bob’s
      electronic signature herself.
  • «Crypto Credit Cards» could allow end users (customers, in
    today’s system) to handle transactions like this, without
    having merchants as intermediaries.
  • I’m sure the existing credit card outfits would have
    something to say about this, and there may be various
    roadblocks in the way. It might be best to buy off the VISA
    and MasterCard folks by working through them. (And they
    probably have studied this issue; what may change their
    positions is strong crypto, locally available to users.)
  • (On-line clearing–to prevent double-spending and copying
    of cash–is an important aspect of many digital cash
    protocols, and of VISA-type protocols. Fortunately,
    networks are becoming ubiquitous and fast. Home use is
    still a can of worms, though, with competing standards
    based on video cable, fiber optics, ISDN, ATM, etc.)
    12.8.3. Many systems being floated. Here’s a sampling:
  • Mondex
    • «Unlike most other electronic purse systems, Mondex, like
      cash, is anonymous. The banks that issue Mondex cards
      will not be able to keep track of who gets the payments.
      Indeed, it is the only system in which two card holders
      can transfer money to each other. «»If you want to have a product that replaces cash, you
      have to do everything that cash does, only better,»
      Mondex’s senior executive, Michael Keegan said. «You can
      give money to your brother who gives it to the chap that
      sells newspapers, who gives it to charity, who puts it in
      the bank, which has no idea where it’s been. That’s what
      money is.»» [New York Times, 1994-09-06, provided by John
      Young]
  • CommerceNet
    • allows Internet users to buy and sell goods.
    • «I read in yesterday’s L.A. Times about something called
      CommerceNet, where sellers and buyers of workstation
      level equipment can meet and conduct busniess….Near the
      end of the article, they talked about a proposed method
      for exchanging «digital signatures» via Moasic (so that
      buyers and sellers could know that they were who they
      said they were) and that they were going to «submit it to
      the Internet Standards body»» [Cypher1@aol.com, 1994-06-
      23]
  • NetCash
    • paper published at 1st ACM Conference on Computer and
      Communications Security, Nov. 93, available via anonymous
      ftp from PROSPERO.ISI.EDU as /pub/papers/security/netcash-
      cccs93.ps.Z
    • «NetCash: A design for practical electronic currency on
      the Internet … Gennady Medvinsky and Clifford Neuman «NetCash is a framework that supports realtime electronic
      payments with provision of anonymity over an unsecure
      network. It is designed to enable new types of services
      on the Internet which have not been practical to date
      because of the absence of a secure, scalable, potentially
      anonymous payment method. «NetCash strikes a balance between unconditionally
      anonymous electronic currency, and signed instruments
      analogous to checks that are more scalable but identify
      the principals in a transaction. It does this by
      providing the framework within which proposed electronic
      currency protocols can be integrated with the scalable,
      but non-anonymous, electronic banking infrastructure that
      has been proposed for routine transactions.»
    • Hal Finney had a negative reaction to their system:
    • «I didn’t think it was any good. They have an
      incredibly simplistic model, and their «protocols» are
      of the order, A sends the bank some paper money, and B
      sends A some electronic cash in return…..They don’t
      even do blinding of the cash. Each piece of cash has a
      unique serial number which is known to the currency
      provider. This would of course allow matching of
      withdrawn and deposited coins….These guys seem to
      have read the work in the field (they reference it) but
      they don’t appear to have understood it.» [Hal Finney,
      1993-08-17]
  • VISA Electronic Purse
    • (A lot of stuff appeared on this, including listings of
      the alliance partners (like Verifone), the technology,
      the plans for deployment, etc. I regret that I can’t
      include more here. Maybe when this FAQ is a Web doc, more
      can be included.)
    • «PERSONAL FINANCE – Seeking the Card That Would Create A
      Cashless World. The Washington Post, April 03, 1994,
      FINAL Edition By: Albert B. Crenshaw, Washington Post … «Now that credit cards are in the hands of virtually
      every living, breathing adult in the country-not to
      mention a lot of children and the occasional family pet-
      and now that almost as many people have ATM cards,
      card companies are wondering where future growth will
      come from. «At Visa International, the answer is: Replace cash
      with plastic. «Last month, the giant association of card issuers
      announced it had formed a coalition of banking and
      technology companies to develop technical standards for
      a product it dubbed the «Electronic Purse,» a plastic
      card meant to replace coins and bills in small
      transactions.» [provided by Duncan Frissell, 1994-04-05]
    • The talk of «clearinghouses» and the involvement of VISA
      International and the Usual Suspects suggest
      identity-blinding protocols are not in use. I also see no
      mention of DigiCash, or even RSA (but maybe I missed that-
      -and the presence of RSA would not necessairly mean
      identity-blinding protocols were being planned). Likely Scenario: This is not digital cash as we think
      of it. Rather, this is a future evolution of the cash ATM
      card and credit card, optimized for faster and cheaper
      clearing. Scary Scenario: This could be the vehicle for the long-
      rumored «banning of cash.» (Just because conspiracy
      theorists and Number of the Beast Xtian fundamentalists
      belive it doesn’t render it implausible.)
    • Almost nothing of interest for us. No methods for
      anonymity. Make no mistake, this is not the digital cash
      that Cypherpunks espouse. This gives the credit agencies
      and the government (the two work hand in hand) complete
      traceability of all purchases, automatic reporting of
      spending patterns, target lists for those who frequent
      about-to-be-outlawed businesses, and invasive
      surveillance of all inter-personal economic transactions.
      This is the AntiCash. Beware the Number of the AntiCash.
      12.8.4. Nick Szabo:
  • «Internet commercialization in itself is a huge issue
    full of pitfall and opportunity: Mom & Pop BBS’s,
    commercial MUDs, data banks, for-profit pirate and porn
    boards, etc. are springing up everywhere like weeds,
    opening a vast array of both needs of privacy and ways to
    abuse privacy. Remailers, digital cash, etc. won’t become
    part of this Internet commerce way of life unless they are
    deployed soon, theoretical flaws and all, instead of
    waiting until The Perfect System comes along. Crypto-
    anarchy in the real world will be messy, «nature red in
    tooth and claw», not all nice and clean like it says in the
    math books. Most of thedebugging will be done not in any
    ivory tower, but by the bankruptcy of businesses who
    violate their customer’s privacy, the confiscation of BBS
    operators who stray outside the laws of some jurisdication
    and screw up their privacy arrangements, etc. Anybody who
    thinks they can flesh out a protocol in secret and then
    deploy it, full-blown and working, is in for a world of
    hurt. For those who get their Pretty Good systems out
    there and used, there is vast potential for business growth
    — think of the $trillions confiscated every year by
    governments around the world, for example.» [Nick Szabo,
    1993-8-23]
    12.8.5. «What about non-anonymous digital cash?»
  • a la the various extensions of existing credit and debit
    cards, traveller’s checks, etc.
  • There’s still a use for this, with several motivations»
    • for users, it may be cheaper (lower transaction costs)
      than fully anonymous digital cash
    • for banks, it may also be cheaper
    • users may wish audit trails, proof, etc.
    • and of course governments have various reasons for
      wanting traceable cash systems
    • law enforcement
    • taxes, surfacing the underground economy
      12.8.6. Microsoft plans to enter the home banking business
  • «PORTLAND, Ore. (AP) — Microsoft Corp. wants to replace
    your checkbook with a home computer that lets the bank do
    all the work of recording checks, tallying up credit card
    charges and paying bills…. The service also tracks credit
    card accounts, withdrawals from automated teller machines,
    transfers from savings or other accounts, credit lines,
    debit cards, stocks and other investments, and bill
    payments.» [Associated Press, 1994-07-04]
  • Planned links with a consortium of banks, led by U.S.
    Bancorp, using its «Money» software package.
  • Comment: Such moves as this–and don’t forget the cable
    companies–could result in a rapid transition to a form of
    home banking and «digital money.» Obviously this kind of
    digital money, as it is being planned today, is very from
    the kind of digital cash that interests us. In fact, it is
    the polar opposite of what we want.
    12.8.7. Credit card clearing…individuals can’t use the system
  • if something nonanonymous like credit cards cannot be used
    by end users (Alice and Bob), why would we expect an
    anonymous version of this would be either easier to use or
    more possible?
  • (And giving users encrypted links to credit agencies would
    at least stop the security problems with giving credit card
    numbers out over links that can be observed.)
  • Mondex claims their system will allow this kind of person-
    to-person transfer of anonymous digital cash (I’ll believe
    it when I see it).

12.9. Legal Issues with Digital Cash
10.8.1. «What’s the legal status of digital cash?»

  • It hasn’t been tested, like a lot of crypto protocols. It
    may be many years before these systems are tested.
    10.8.2. «Is there a tie between digital cash and money laundering?»
  • There doesn’t have to be, but many of us believe the
    widespread deployment of digital, untraceable cash will
    make possible new approaches
  • Hence the importance of digital cash for crypto anarchy and
    related ideas.
  • (In case it isn’t obvious, I consider money-laundering a
    non-crime.)
    10.8.3. «Is it true the government of the U.S. can limit funds
    transfers outside the U.S.?»
  • Many issues here. Certainly some laws exist. Certainly
    people are prosecuted every day for violating currency
    export laws. Many avenues exist.
  • «LEGALITY – There isn’t and will never be a law restricting
    the sending of funds outside the United States. How do I
    know? Simple. As a country dependant on international
    trade (billions of dollars a year and counting), the
    American economy would be destroyed.» [David Johnson,
    privacy@well.sf.ca.us, «Offshore Banking & Privacy,»
    alt.privacy, 1994-07-05]
    10.8.4. «Are «alternative currencies» allowed in the U.S.? And what’s
    the implication for digital cash of various forms?
  • Tokens, coupons, gift certificates are allowed, but face
    various regulations. Casino chips were once treated as
    cash, but are now more regulated (inter-casino conversion
    is no longer allowed).
  • Any attempt to use such coupons as an alternative currency
    face obstacles. The coupons may be allowed, but heavily
    regulated (reporting requirements, etc.).
  • Perry Metzger notes, bearer bonds are now illegal in the
    U.S. (a bearer bond represented cash, in that no name was
    attached to the bond–the «bearer» could sell it for cash
    or redeem it…worked great for transporting large amounts
    of cash in compact form).
  • Note: Duncan Frissell claims that bearer bonds are not illegal.
    • «Under the Tax Equity and Fiscal Responsibility Act of
      1982 (TEFRA), any interest payments made on new issues
      of domestic bearer bonds are not deductible as an
      ordinary and necessary business expense so none have been
      issued since then. At the same time, the Feds
      administratively stopped issuing treasury securities in
      bearer form. Old issues of government and corporate debt
      in bearer form still exist and will exist and trade for
      30 or more years after 1982. Additionally, US residents
      can legally buy foreign bearer securities.» [Duncan
      Frissell, 1994-08-10]
    • Someone else has a slightly different view: «The last US
      Bearer Bond issues mature in 1997. I also believe that to
      collect interest, and to redeem the bond at maturity, you
      must give your name and tax-id number to the paying
      agent. (I can check with the department here that handles
      it if anyone is interested in the pertinent OCC regs that
      apply)» [prig0011@gold.tc.umn.edu, 1994-08-10]
    • I cite this gory detail to give readers some idea about
      how much confusion there is about these subjects. The
      usual advice is to «seek competent counsel,» but in fact
      most lawyers have no clear ideas about the optimum
      strategies, and the run-of-the-mill advisor may mislead
      one dangerously. Tread carefully.
  • This has implications for digital cash, of course.
    10.8.5. «Why might digital cash and related techologies take hold
    early in illegal markets? That is, will the Mob be an early
    adopter?»
  • untraceability needed
  • and reputations matter to them
  • they’ve shown in the past that they will try new
    approaches, a la the money movements of the drug cartels,
    novel methods for security, etc.
    10.8.6. «Electronic cash…will it have to comply with laws, and
    how?»
  • Concerns will be raised about the anonymity aspects, the
    usefulness for evading taxes and reporting requirements,
    etc.
  • a messy issue, sure to be debated and legislated about for
    many years
  • split the cash into many pieces…is this «structuring»? is it legal?
    • some rules indicate the structuring per se is not
      illegal, only tax evasion or currency control evasion
    • what then of systems which automatically, as a basic
      feature, split the cash up into multiple pieces and move
      them?
      10.8.7. Currency controls, flight capital regulations, boycotts,
      asset seizures, etc.
  • all are pressures to find alternate ways for capital to
    flow
  • all add to the lack of confidence, which, paradoxically to
    lawmakers, makes capital flight all the more likely
    10.8.8. «Will banking regulators allow digital cash?»
  • Not easily, that’s for sure. The maze of regulations,
    restrictions, tax laws, and legal rulings is daunting. Eric
    Hughes spent a lot of time reading up on the laws regarding
    banks, commercial paper, taxes, etc., and concluded much
    the same. I’m not saying it’s impossible–indeed, I believe
    it will someday happen, in some form–but the obstacles are
    formidable.
  • Some issues:
    • Will such an operation be allowed to be centered or based
      in the U.S.?
    • What states? What laws? Bank vs. Savings and Loan vs.
      Credit Union vs. Securities Broker vs. something else?
    • Will customers be able to access such entities offshore,
      outside the U.S.?
    • strong crypto makes communication possible, but it may
      be difficult, not part of the business fabric, etc.
      (and hence not so useful–if one has to send PGP-
      encrypted instructions to one’s banker, and can’t use
      the clearing infrastructure….)
    • Tax collection, money-laundering laws, disclosure laws,
      «know your customer» laws….all are areas where a
      «digital bank» could be shut down forthwith. Any bank not
      filling out the proper forms (including mandatory
      reporting of transactions of certain amounts and types,
      and the Social Security/Taxpayer Number of customers)
      faces huge fines, penalties, and regulatory sanctions.
    • and the existing players in the banking and securities
      business will not sit idly by while newcomers enter
      their market; they will seek to force newcomers to jump
      through the same hoops they had to (studies indicate
      large corporations actually like red tape, as it
      helps them relative to smaller companies)
  • Concluson: Digital banks will not be «launched» without a
    lot of work by lawyers, accountants, tax experts,
    lobbyists, etc. «Lemonade stand digital banks» (TM) will
    not survive for long. Kids, don’t try this at home!
  • (Many new industries we are familiar with–software,
    microcomputers–had very little regulation, rightly so. But
    the effect is that many of us are unprepared to understand
    the massive amount of red tape which businesses in other
    areas, notably banking, face.)
    10.8.9. Legal obstacles to digital money. If governments don’t want
    anonymous cash, they can make things tough.
  • As both Perry Metzger and Eric Hughes have said many times, regulations can make life very difficult. Compliance with laws is a major cost of doing business.
    • ~»The cost of compliance in a typical USA bank is 14% of
      operating costs.»~ [Eric Hughes, citing an «American
      Banker» article, 1994-08-30]
  • The maze of regulations is navigable by larger institutions, with staffs of lawyers, accountants, tax specialists, etc., but is essentially beyond the capabilities of very small institutions, at least in the U.S.
    • this may or may not remain the case, as computers
      proliferate. A «bank-in-a-box» program might help. My
      suspicion is that a certain size of staff is needed just
      to handle the face-to-face meetings and hoop-jumping.
  • «New World Order»
    • U.S. urging other countries to «play ball» on banking
      secrecy, on tax evasion extradition, on immigration, etc.
    • this is closing off the former loopholes and escape
      hatches that allowed people to escape repressive
      taxation…the implications for digital money banks are
      unclear, but worrisome.

12.10. Prospects for Digital Cash Use
12.10.1. «If digital money is so great, why isn’t it being used?»

  • Hasn’t been finished. Protocols are still being researched,
    papers are still being published. In any single area, such
    as toll road payments, it may be possible to deploy an
    application-specific system, but there is no «general»
    solution (yet). There is no «digital coin» or unforgeable
    object representing value, so the digital money area is
    more similar to the similarly nonsimple markets in
    financial instruments, commercial papers, bonds, warrants,
    checks, etc. (Areas that are not inherently simple and that
    have required lots of computerization and communications to
    make manageable.)
  • Flakiness of Nets. Systems crash, mail gets delayed
    inexplicably, subscriptions to lists get lunched, and all
    sorts of other breakages occur. Most interaction on the
    Nets involves a fair amount of human adaptation to changing
    conditions, screwups, workarounds, etc. These are not
    conditions that inspire confidence in automated money
    systems!
  • Hard to Use. Few people will use systems that require
    generating code, clients, etc. Semantic gap (generating
    stuff on a Unix workstation is not at all like taking one’s
    checkbook out). Protocols in crypto are generally hard to
    use and confusing.
  • Lack of compelling need. Although people have tried various
    experiments with digital money tokens or coupons (Magic
    Money/Tacky Tokens, the HeX market, etc.), there is little
    real world incentive to experiment with them. And most of
    the denominated tokens are for truly trivial amounts of
    money, not for anything worth spending time learning. No
    marketplace for buyers to «wander around in.» (You don’t
    buy what you don’t see.)
  • Legal issues. The IRS does not look favorably on
    alternative currencies, especially if used in attempts to
    bypass ordinary tax collection schemes. This and related
    legal issues (redemptions into dollars) put a roadblock in
    front of serious plans to use digital money.
  • Research Issues. Not all problems resolved. Still being
    developed, papers being published. Chaum’s system does not
    seem to be fully ready for deployment, certainly not
    outside of well-defined vertical markets.
    12.10.2. «Why isn’t digital money in use?»
  • The Meta Issue: what digital money? Various attempts at
    digital cash or digital money exist, but most are flawed,
    experimental, crufty, etc. Chaum’s DigiCash was announced
    (Web page, etc.), but is apparently not even remotely
    usable.
  • Practical Reasons:
    • nothing to buy
    • no standard systems that are straightforward to use
    • advantages of anonymity and untraceability are seldom
      exploited
  • The Magic Money/Tacky Tokens experiment on the Cypherpunks
    list is instrucive. Lots of detailed work, lots of posts–
    and yet not used for anything (granted, there’s not much
    being bought and sold on the List, so…).
  • Scenario for Use in the Near Future: A vertical
    application, such as a bridge toll system that offers
    anonymity. In a vertical app, the issues of compatibility,
    interfaces, and training can be managed.
    12.10.3. «why isn’t digital cash being used?»
  • many reasons, too many reasons!
    • hard issues, murky issues
    • technical developments not final, Chaum, Brands, etc.
    • selling the users
    • who don’t have computers, PDAs, the means to do the
      local computations
    • who want portable versions of the same
    • The infrastructure for digital money (Chaum anonymous-
      style, and variants, such as Brands) does not now exist,
      and may not exist for several more years. (Of course, I
      thought it would take «several more years» back in 1988,
      so what do I know?)
    • The issues are familiar: lack of standards, lack of
      protocols, lack of customer experience, and likely
      regulatory hurdles. A daunting prospect.
    • Any «launches» will either have to be well-funded, well-
      planned, or done sub rosa, in some quasi-legal or even
      illegal market (such as gambling).
  • «The american people keep claiming in polls that they want
    better privacy protection, but the fact is that most aren’t
    willing to do anything about it: it’s just a preference,
    not a solid imperative. Until something Really Bad happens
    to many people as a result of privacy loss, I really don’t
    think much will be done that requires real work and
    inconvenience from people, like moving to something other
    than credit cards for long-distance transactions… and
    that’s a tragedy.»[L. Todd Masco , 1994-08-20]
    12.10.4. «Is strong crypto needed for digital cash?»
  • Yes, for the most bulletproof form, the form of greatest
    interest to us and especially for agents, autonomous
    systems
  • No, for certain weak versions (non-cryptographic methods of
    security, access control, biometric security, etc. methods)
    • for example, Internet billing is not usually done with
      crypto
    • and numbered Swiss accounts can be seen as a weak form of
      digital cash (with some missing features)
    • «warehouse receipts,» as in gold or currency shipments
      12.10.5. on why we may not have it for a while, from a non-Cypherpunk
      commenter:
  • «Government requires information on money flows, taxable
    items, and large financial transactions…..As a result, it
    would be nearly impossible to set up a modern anonymous
    digital cash system, despite the fact that we have the
    technology…..I think we have more of a right to privacy
    with digicash transactions, and I also think there is a
    market for anonymous digicash systems. » [Thomas Grant
    Edwards. talk.politics.crypto, 1994-09-06]
    12.10.6. «Why do a lot of schemes for things like digital money have
    problems on the Net?
  • Many reasons
    • lack of commercial infrastructure in general on the
      Net…people are not used to buying things, advertising
      is discouraged (or worse), and almost everything is
      «free.»
    • lack of robustness and completeness in the various
      protocols: they are «not ready for prime time» in most
      cases (PGP is solid, and some good shells exist for PGP,
      but the many other crypto protocols are mostly not
      implemented at all, at least not widely).
    • The Net runs «open-loop,» as a store-and-forward delivery
      system
    • The Net is mostly a store-and-forward netword, at least
      at the granularity seen by the user in sending
      messages, and hence is «open loop.» Messages may or may
      not be received in a timely way, and there is little
      opportunity for negotiaton on a real-time basis.
    • This open-loop nature usually works…messages get
      through most of the time. And the «message in a bottle»
      nature fits in with anonymous remailers (with
      latency/delay), with message pools, and with other
      schemes to make traffic analysis harder. A «closed-
      loop,» responsive system is likelier to be traffic-
      analyzed by correlation of packets, etc.
    • but the sender does not know if it gets through (return
      receipts not commonly implemented…might be a nice
      feature to incorporate; agent-based systems
      (Telescript?) will certainly do this)
    • this open-loop nature makes protocols, negotiation,
      digital cash very tough to use–too much human
      intervention needed
    • Note: These comments apply mainly to mail systems,
      which is where most of us have experimented with these
      ideas. Non-mail systems, such as Mosaic or telnet or
      the like, have better or faster feedback mechanisms and
      may be preferable for implementation of Cypherpunks
      goals. It may be that the natural focus on mailing
      lists, e-mail, etc., has distracted us. Perhaps a focus
      on MUDs, or even on ftp, would have been more
      fruitful…but we’re a mailing list, and most people
      are much more familiar with e-mail than with archie or
      gopher or WAIS, etc.
    • The legal and regulatory obstacles to a real system, used
      for real transactions, are formidable. (The obstacles to
      a «play» system are not so severe, but then play systems
      tend not to get much developer attention.)
      12.10.7. Scenario for deployment of digital cash
  • Eric Hughes has spent time looking into this. Too many
    issues to go into here, but he had this interesting
    scenario, repeated almost in toto here:
  • «It’s very unlikely that a USA bank will be the one to
    deploy anonymous digital dollars first. It’s much more
    likely that the first dollar digital cash will be issued
    overseas, possibly London. By the same token, the non-
    dollar regulation on banks in this country is not the same
    as the dollar regulation, so it’s quite possible that the
    New York banks may be the first issuers of digital cash, in
    pounds sterling, say. «There will be two stages in actually deploying digital
    cash. By digital cash, here, I mean a retail phenomenon,
    available anybody. The first will be to digitize money, and
    the second will be to anonymize it. Efforts are already
    well underway to make more-or-less secure digital funds
    transfers with reasonably low transaction fees (not
    transaction costs, which are much more than just fees).
    These efforts, as long as they retain some traceability,
    will almost certainly succeed first in the marketplace,
    because (and this is vital) the regulatory environment
    against anonymity is not compromised. «Once, however, money has been digitized, one of the
    services available for purchase can be the anonymous
    transfer of funds. I expect that the first digitization of
    money won’t be fully fungible. For example, if you allow
    me to take money out of your checking account by automatic
    debit, there is risk that the money won’t be there when I
    ask for it. Therefore that kind of money won’t be
    completely fungible, because money authorized from one
    person won’t be completely identical with money from
    another. It may be a risk issue, it may be a timeliness
    issue, it may be a fee issue; I don’t know, but it’s
    unlikely to be perfect. «Now, as the characteristic size of a business decreases,
    the relative costs of dealing with whatever imperfection
    there is will be greater. To wit, the small player will
    still have some problem getting paid, although certainly
    less than now. Digital cash solves many of these problems.
    The clearing is immediate and final (no transaction
    reversals). The number of entities to deal with is greatly
    reduced, hopefully to one. The need and risk and cost of
    accounts receivables is eliminated. It’s anonymous. There
    will be services which will desire these advantages, enough
    to support a digital cash infrastructure. [Eric Hughes,
    Cypherpunks list, 1994-08-03]

12.11. Commerce on the Internet
12.11.1. This has been a brewing topic for the past couple of years.
In 1994 thing heated up on several fronts:

  • DigiCash announcement
  • NetMarket announcement
  • various other systems, including Visa Electronic Purse
    12.11.2. I have no idea which ones will succeed…
    12.11.3. NetMarket
  • Mosaic connections, using PGP
  • «The NetMarket Company is now offering PGP-encrypted Mosaic sessions for securely transmitting credit card information over the Internet. Peter Lewis wrote an article on NetMarket on page D1 of today’s New York Times (8/12/94). For more information on NetMarket, connect to http://www.netmarket.com/ or, telnet netmarket.com.» [ Guy H. T. Haskin guy@netmarket.com, 1994-08-12]
    • Uses PGP. Hailed by the NYT as the first major use of
      crypto for some form of digital money, but this is not
      correct.
      12.11.4. CommerceNet
  • allows Internet users to buy and sell goods.
  • «I read in yesterday’s L.A. Times about something called
    CommerceNet, where sellers and buyers of workstation level
    equipment can meet and conduct busniess….Near the end of
    the article, they talked about a proposed method for
    exchanging «digital signatures» via Moasic (so that buyers
    and sellers could know that they were who they said they
    were) and that they were going to «submit it to the
    Internet Standards body»» [Cypher1@aol.com, 1994-06-23]
    12.11.5. EDI, purchase orders, paperwork reduction, etc.
  • Nick Szabo is a fan of this approach
    12.11.6. approaches
  • send VISA numbers in ordinary mail….obviously insecure
  • send VISA numbers in encrypted mail
  • establish two-way clearing protocols
    • better ensures that recipient will fulfill service…like
      a receipt that customer signs (instead of the «sig taken
      over the phone» approach)
    • various forms of digital money
      12.11.7. lightweight vs. heavyweight processes for Internet commerce
  • Chris Hibbert
  • and the recurring issue of centralized vs. decentralized
    authentication and certification

12.12. Cypherpunks Experiments («Magic Money»)
12.12.1. What is Magic Money?

  • «Magic Money is a digital cash system designed for use over
    electronic mail. The system is online and untraceable.
    Online means that each transaction involves an exchange
    with a server, to prevent double-spending. Untraceable
    means that it is impossible for anyone to trace
    transactions, or to match a withdrawal with a deposit, or
    to match two coins in any way.» «The system consists of two modules, the server and the
    client. Magic Money uses the PGP ascii-armored message
    format for all communication between the server and client.
    All traffic is encrypted, and messages from the server to
    the client are signed. Untraceability is provided by a
    Chaum-style blind signature. Note that the blind signature
    is patented, as is RSA. Using it for experimental purposes
    only shouldn’t get you in trouble. «Digicash is represented by discrete coins, the
    denominations of which are chosen by the server operator.
    Coins are RSA-signed, with a different e/d pair for each
    denomination. The server does not store any money. All
    coins are stored by the client module. The server accepts
    old coins and blind- signs new coins, and checks off the
    old ones on a spent list.»
    […rest of excellent summary elided…highly recommended
    that you dig it up (archives, Web site?) and read it]
    [Pr0duct Cypher, Magic Money Digicash System, 1992-02-04]
  • Magic Money
    • ftp://csn.org/pub/mpj/crypto_XXXXXX (or something like
      that)
    • ftp:csn.org//mpj/I_will_not_export/crypto_???????/pgp_too
      ls
      12.12.2. Matt Thomlinson experimented with a derivative version called
      «GhostMarks»
      12.12.3. there was also a «Tacky Tokens» derivative
      12.12.4. Typical Problems with Such Experiments
  • Not worth anything…making the money meaningful is an
    obstacle to be overcome
  • If worth anything, not worth the considerable effort to use
    it («creating Magic Money clients» and other scary Unix
    stuff!)
  • robustness…sites go down, etc.
  • same problems were seen on Extropians list with «HEx»
    exchange and its currency, the «thorne.» (I even paid real
    money to Edgar Swank to buy some thorned…alas, the market
    was too thinly traded and the thornes did me no good.)

12.13. Practical Issues and Concerns with Digital Cash
12.13.1. «Is physical identity proof needed for on-line clearing?»

  • No, not if the cash outlook is taken. Cash is cash. Caveat
    emptor.
  • The «first to the locker» approach causes the bank not to
    particularly care about this, just as a Swiss bank will
    allow access to a numbered account by presentation of the
    number, and perhaps a key. Identity proof may be needed,
    depending on the «protocol» they and the customer
    established, but it need not be. And the last thing the
    bank is worried about is being able to «find and prosecute»
    anyone, as there is no way they can be liable for a double
    spending incident. The beauties of local clearing! (Which
    is what gold coins do, and paper money if we really think
    we can pass it on to others.)
    12.13.2. «Is digital cash traceable?»
  • There are several flavors of «digital cash,» ranging from
    versions of VISA cards to fully untraceable (Chaumian)
    digital cash.
  • This comes up a lot, with people in Net newsgroups even
    warning others not to use digital cash because of the ease
    of traceability. Not so.
  • «Not the kind proposed by David Chaum and his colleagues in
    the Netherlands. The whole thrust of their research over
    the last decade has been the use of cryptographic
    techniques to make electronic transactions secure from
    fraud while at the same time protecting personal privacy.
    They, and others, have developed a number of schemes for
    UNTRACEABLE digital cash.» [Kevin Van Horn,
    talk.politics.crypto, 1994-07-03]
    12.13.3. «Is there a danger that people will lose the numbers that
    they need to redeem money? That someone could steal the
    number and thus steal their money?»
  • Sure. There’s the danger that I’ll lose my bearer bonds, or
    forget my Swiss bank account number, or lose my treasure
    map to where I buried my money (as Alan Turing supposedly
    did in WW II).
  • People can take steps to limit risk. More secure computers.
    Dongles worn around their necks. Protocols that involve
    biometric authentication to their local computer or key
    storage PDA, etc. Limits on withdrawals per day, etc.
    People can store key numbers with people they trust,
    perhaps encrypted with other keys, can leave them with
    their lawyers, etc. All sorts of arrangements can be made.
    Personal identification is but one of these arrangements.
    Often used, but not essential to the underlyng protocol.
    Again, the Swiss banks (maybe now the Liechtenstein
    anstalts are a better example) don’t require physical ID
    for all accounts. (More generally, if Charles wants to
    create a bank in which deposits are made and then given out
    to the first person who sings the right tune, why should we
    care? This extreme example is useful in pointing out that
    contractual arrangements need not involve governmental or
    societal norms about what constitutes proof of identity.)

12.14. Cyberspace and Digital Money
12.14.1. «You can’t eat cyberspace, so what good is digital money?»

  • This comes up a lot. People assume there is no practical
    way to transfer assets, when in fact it is done all the
    time. That is, money flows from the realm of the purely
    «informational» realm to the physcial realm Consultants,
    writers, traders, etc., all use their heads and thereby
    earn real money.
  • Same will apply to cyberspace.
    12.14.2. «How can I remain anonymous when buying physical items using
    anonymous digital cash?’
  • Very difficult. Once you are seen, and your picture can be
    taken( perhaps unknown to you), databases will have you.
    Not much can be done about this.
  • People have proposed schemes for anonymous shipment and
    pickup, but the plain fact is that physical delivery of any
    sort compromises anonymity, just as in the world today.
  • The purpose of anonymous digital cash is partly to at least
    make it more difficult, to not give Big Brother your
    detailed itinerary from toll road movements, movie theater
    payments, etc. To the extent that physical cameras can
    still track cars, people, shipments, etc., anonymous
    digital cash doesn’t solve this surveillance problem.

12.15. Outlawing of Cash
12.15.1. «What are the motivations for outlawing cash?»

  • (Note: This has not happened. Many of us see signs of it
    happening. Others are skeptical.)
  • Reasons for the Elimination of Cash:
    • War on Drugs….need I say more?
    • surface the underground economy, by withdrawing paper
      currency and forcing all monetary transaction into forms
      that can be easily monitored, regulated, and taxed.
    • tax avoidance, under the table economy (could also be
      motive for tamper-resistant cash registers, with spot
      checks to ensure compliance)
    • welfare, disability, pension, social security auto-
      deposits
    • fraud, double-dipping
    • reduce theft of welfare checks, disability payments,
      etc….a problem in some locales, and automatic
      deposit/cash card approaches are being evaluated.
    • general reduction in theft, pickpockets
    • reduction of paperwork: all transfers electronic (could
      be part of a «reinventing government» initiative)
    • illegal immigrants, welfare cheats, etc. Give everyone a
      National Identity Card (they’ll call it something
      different. to make it more palatable, such as «Social
      Services Portable Inventory Unit» or «Health Rights
      Document»).
    • (Links to National Health Care Card, to Welfare Card,
      to other I.D. schemes designed to reduce fraud, track
      citizen-units, etc.)
    • rationing systems that depend on non-cash transactions
      (as explained elsewhere, market distortions from
      rationing systems generally require identification,
      correlation to person or group, etc.)
    • this rationing can included subsidized prices, denial
      of access (e.g., certain foods denied to certain
      people)
      12.15.2. Lest this be considered paranoid ranting, let me point out
      that many actions have already been taken that limit the form
      of money (banking laws, money laundering, currency
      restrictions…even the outlawing of competing currencies
      itself)
      12.15.3. Dangers of outlawing cash
  • Would freeze out all transactions, giving Big Brother
    unprecedented power (unless the non-cash forms were
    anonymous, a la Chaum and the systems we support)
  • Would allow complete traceability….like the cellular
    phones that got Simpson
  • 666, Heinlein, Shockwave Rider, etc.
    12.15.4. Given that there is no requirement for identity to be
    associated with money, we should fight any system which
    proposed to link the two.
    12.15.5. The value of paying cash
  • makes a transaction purely local, resolved on the spot
  • the alternative, a complicated accounting system involving
    other parties, etc., is much less attractive
  • too many transactions these days are no longer handled in
    cash, which increases costs and gets other parties involved
    where they shouldn’t be involved.
    12.15.6. «Will people accept the banning of cash?»
  • There was a time when I would’ve said Americans, at least,
    would’ve rejected such a thing. Too many memories of
    «Papieren, bitte. Macht schnell!» But I now think most
    Americans (and Europeans) are so used to producing
    documents for every transaction, and so used to using VISA
    cards and ATM cards at gas stations, supermarkets, and even
    at flea markets, that they’ll willingly–even eagerly–
    adopt such a system.

12.16. Novel Opportunities
12.16.1. Encrypted open books, or anonymous auditing

  • Eric Hughes has worked on a scheme using a kind of blinding
    to do «encrypted open books,» whereby observers can verify
    that a bank is balancing its books without more detailed
    looks at individual accounts. (I have my doubts about
    spoofs, attacks, etc., but such are always to be considered
    in any new protocol.)
  • «Kent Hastings wondered how an offshore bank could provide
    assurances to depositors. I wondered the same thing a few
    months ago, and started working on what Perry calls the
    anonymous auditing problem. I have what I consider to be
    the core of a solution.
    …The following is long…. [TCM Note: Too long to include
    here. I am including just enough to convince readers that
    some new sorts of banking ideas may come out of
    cryptography.] «If we use the contents of the encrypted books at the
    organizational boundary points to create suitable legal
    opbligations, we can mostly ignore what goes on inside of
    the mess of random numbers. That is, even if double books
    were being kept, the legal obligations created should
    suffice to ensure that everything can be unwound if needed.
    This doesn’t prevent networks of corrupt businesses from
    going down all at once, but it does allow networks of
    honest businesses to operate with more assurance of
    honesty.» [Eric Hughes, PROTOCOL: Encrypted Open Books,
    1993-08-16]
    12.16.2. «How can software components be sold, and how does crypto
    figure in?»
  • Reusable Software, Brad Cox, Sprague, etc.
    • good article in «Wired» (repeated in «Out of Control»)
  • First, certainly software is sold. The issues is why the
    «software components» market has not yet developed, and why
    such specific instances of software as music, art, text,
    etc., have not been sold in smaller chunks.
  • Internet commerce is a huge area of interest, and future
    development.
    • currently developing very slowly
    • lots of conflicting information…several mailing
      lists…lots of hype
  • Digital cash is often cited as a needed enabling tool, but
    I think the answer is more complicated than that.
    • issues of convenience
    • issues of there being no recurring market (as there is
      in, say, the chip business…software doesn’t get bought
      over and over again, in increasing unit volumes)

12.17. Loose Ends
12.17.1. Reasons to have no government involvement in commerce

  • Even a small involvement, through special regulations,
    granted frachises, etc., produces vested interests. For
    example, those in a community who had to wait to get
    building permits want others to wait just as long, or
    longer. Or, businesses that had to meet certain standard,
    even if unreasonable, will demand that new businesses do so
    also. The effect is an ever-widening tar pit of rules,
    restrictions, and delays. Distortions of the market result.
  • Look at how hard it is for the former U.S.S.R. to disentangle itself from 75 years of central planning. They are now an almost totally Mafia-controlled state (by this I mean that «privatization» of formerly non-private enterprises benefitted those who had amassed money and influence, and that these were mainly the Russian Mafia and former or current politicians…the repercussions of this «corrupt giveaway» will be felt for decades to come).
    • An encouraging sign: The thriving black market in Russia-
      -which all Cypherpunks of course cheer–will gradually
      displace the old business systems with new ones, as in
      all economies. Eventually the corruptly-bought businesses
      will sink or swim based on merit, and newly-created
      enterprises will compete with them.
      12.17.2. «Purist» Approach to Keys, Cash, Responsibility
  • There are two main approaches to the issue:
    • Key owner is responsible for uses of his key
    • or, Others are responsible
  • There may be mixed situations, such as when a key is stolen…but this needs also to be planned-for by the key owner, by use of protocols that limit exposure. For example, few people will use a single key that accesses immediately their net worth…most people will partition their holding and their keyed access in such a way as to naturally limit exposure if any particular key is lost or compromised. Or forgotten.
    • could involve their bank holding keys, or escrow agents
    • or n-out-of-m voting systems
  • Contracts are the essence…what contracts do people
    voluntarily enter into?
  • And locality–who better to keep keys secure than the
    owner? Anything that transfers blame to «the banks» or to
    «society» breaks the feedback loop of responsibility,
    provides an «out» for the lazy, and encourages fraud
    (people who disavow contracts by claiming their key was
    stolen).

Descubre más desde Anonimato, Privacidad, Hacking & ++

Suscríbete y recibe las últimas entradas en tu correo electrónico.

Páginas: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Los comentarios están cerrados.

Blog de WordPress.com.

Subir ↑