diff --git a/12-Digital-Cash/12-Digital-Cash.md b/12-Digital-Cash/12-Digital-Cash.md new file mode 100644 index 0000000..0f56cac --- /dev/null +++ b/12-Digital-Cash/12-Digital-Cash.md @@ -0,0 +1,1381 @@ +12. Digital Cash and Net Commerce + + 12.1. copyright + THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, + 1994-09-10, Copyright Timothy C. May. All rights reserved. + See the detailed disclaimer. Use short sections under "fair + use" provisions, with appropriate credit, but don't put your + name on my words. + + 12.2. SUMMARY: Digital Cash and Net Commerce + 12.2.1. Main Points + - strong crypto makes certain forms of digital cash possible + - David Chaum is, once again, centrally involved + - no real systems deployed, only small experiments + - the legal and regulatory tangle will likely affect + deployment in major ways (making a "launch" of digital cash + a notrivial matter) + 12.2.2. Connections to Other Sections + - reputations + - legal situation + - crypto anarchy + 12.2.3. Where to Find Additional Information + - http://digicash.support.nl/ + 12.2.4. Miscellaneous Comments + - a huge area, filled with special terms + - many financial instruments + - the theory of digital cash is not complete, and confusion + abounds + - this section is also more jumbled and confusing than I'd + like; I'll clean it up in fufure releases. + + 12.3. The Nature of Money + 12.3.1. The nature of money, of banking and finance, is a topic that + suffuses most discussions of digital cash. Hardly surprising. + But also an area that is even more detailed than is crypto. + And endless confusion of terms, semantic quibblings on the + list, and so on. I won't be devoting much space to trying to + explain economics, banking, and the deep nature or money. + 12.3.2. There are of course many forms of cash or money today (these + terms are not equivalent...) + + coins, bills (presumed to be difficult to forge) + - "ontological conservation laws"--the money can't be in + two places at once, can't be double spent + - this is only partly true, and forgery technology is + making it all moot + - bearer bonds and other "immediately cashable" instruments + - diamonds, gold, works of art, etc. ("portable wealth") + 12.3.3. Many forms of digital money. Just as there are dozens of + major forms of instruments, so too will there be many forms + of digital money. Niches will be filled. + 12.3.4. The deep nature of money is unclear to me. There are days + when I think it's just a giant con game, with value in money + only because others will accept it. Other days when I think + it's somewhat tied to "real things" like gold and silver. And + other days when I'm just unconcerned (so long as I have it, + and it works). + 12.3.5. The digital cash discussions get similarly confused by the + various ideas about money. Digital cash is not necessarily a + form of _currency_, but is instead a transfer mechanism. More + like a "digital check," in fact (though it may give rise to + new currencies, or to wider use of some existing + currency...at some point, it may become indistinguishable + from a currency). + 12.3.6. I advise that people not worry overly much about the true and + deep nature of money, and instead think about digital cash as + a transfer protocol for some underlyng form of money, which + might be gold coins, or Swiss francs, or chickens, or even + giant stone wheels. + 12.3.7. Principle vs. Properties of Money + - Physical coins, as money, have certain basic properties: + difficult to counterfeit, pointless to counterfeit if made + of gold or silver, fungibility, immediate settling (no need + to clear with a distant bank, no delays, etc.), + untraceability, etc. + - Digital cash, in various flavors, has dramatically + different properties, e.g., it may require clearing, any + single digtital note is infinitely copyable, it may allow + traceability, etc. A complicated mix of properties. + + But why is physical money (specie) the way it is? What + properties account for this? What are the core principles + that imply these properties? + - hardware (specie like gold) vs. software (bits, readily + copyable) + - immediale, local clearing, because of rational faith that + the money will clear + - limits on rate of transfer of physical money set by size, + weight of money, whereas "wire fraud" and variants can + drain an account in seconds + - My notion is that we spend too much time thinking about the + _principles_ (such as locality, transitivity, etc.) and + expect to then _derive_ the properties. Maybe we need to + instead focus on the _objects_, the sets of protocol- + derived things, and examine their emergent properties. (I + have my own thinking along these lines, involving "protocol + ecologies" in which agents bang against each other, a la + Doug Lenat's old "Eurisko" system, and thus discover + weaknesses, points of strength, and even are genetically + programmed to add new methods which increase security. + This, as you can guess, is a longterm, speculative + project.) + 12.3.8. "Can a "digital coin" be made?" + - The answer appears to be "no" + + Software is infinitely copyable, which means a software + representation of digital money could be replicated many + times + - this is not to say it could be _spent_ many times, + depending on the clearing process...but then this is not + a "coin" in the sense we mean + - Software is trivially replicable, unlike gold or silver + coins, or even paper currency. If and when paper currency + becomes trivially replicable (and color copiers have almost + gotten there), expect changes in the nature of cash. + (Speculation: cash will be replaced by smart cards, + probably not of the anonymous sort we favor.) + + bits can always be duplicated (unless tied to hardware, as + with TRMs), so must look elsewhere + + could tie the bits to a specific location, so that + duplication would be obvious or useless + - the idea is vaguely that an agent could be placed in + some location...duplications would be both detectable + and irrelevant (same bits, same behavior, unmodifiable + because of digital signature) + - (this is formally similar to the idea of an active agent + that is unforgeable, in the sense that the agent or coin is + "standalone") + 12.3.9. "What is the 'granularity' of digital cash?" + + fine granularity, e.g., sub-cent amounts + - useful for many online transactions + - inside computers + - add-on fees by interemediaries + - very small purchases + + medium granularity + - a few cents, up to a dollar (for example) + - also useful for many small purchases + - close equivalent to "loose change" or small bills, and + probably useful for the same purposes + - tolls, fees, etc. + - This is roughly the level many DigiCash protocols are + aimed at + + large granularity + - multiple dollars + - more like a "conventional" online transaction + - + - the transaction costs are crucial; online vs. offline + clearing + - Digital Silk Road is a proposal by Dean Tribble and Norm + Hardy to reduce transaction costs + 12.3.10. Debate about money and finance gets complicated + - legal terms, specific accounting jargon, etc. + - I won't venture into this thicket here. It's a specialty + unto itself, with several dozen major types of instruments + and derivatives. And of course with big doses of the law. + + 12.4. Smart Cards + 12.4.1. "What are smart cards and how are they used?" + + Most smart cards as they now exist are very far from being + the anonymous digital cash of primary interest to us. In + fact, most of them are just glorified credit cards. + - with no gain to consumers, since consumes typically don't + pay for losses by fraud + - (so to entice consumes, will they offer inducements?) + - Can be either small computers, typically credit-card-sized, + or just cards that control access via local computers. + + Tamper-resistant modules, e.g., if tampered with, they + destroy the important data or at the least give evidence of + having been tampered with. + + Security of manufacturing + - some variant of "cut-and-choose" inspection of + premises + + Uses of smart cards + - conventional credit card uses + - bill payment + - postage + - bridge and road tolls + - payments for items received electronically (not + necessarily anonymously) + 12.4.2. Visa Electronic Purse + 12.4.3. Mondex + + 12.5. David Chaum's "DigiCash" + 12.5.1. "Why is Chaum so important to digital cash?" + - Chaum's name appears frequently in this document, and in + other Cypherpunk writings. He is without a doubt the + seminal thinker in this area, having been very nearly the + first to write about several areas: untraceable e-mail, + digital cash, blinding, unlinkable credentials, DC-nets, + etc. + - I spoke to him at the 1988 "Crypto" conference, telling him + about my interests, my 'labyrinth' idea for mail-forwarding + (which he had anticipated in 1981, unbeknownst to me at the + time), and a few hints about "crypto anarchy." It was clear + to me that Chaum had thought long and deeply about these + issues. + - Chaum's articles should be read by all interested in this + area. (No, his papers are _not_ "on-line." Please see the + "Crypto" Proceedings and related materials.) + - [DIGICASH PRESS RELEASE, "World's first electronic cash + payment over computer networks," 1994-05-27] + 12.5.2. "What's his motivation?" + - Chaum appears to be a libertarian, at least on social + issues, and is very worried about "Big Brother" sorts of + concerns (recall the title of his 1985 CACM article). + - His work in Europe has mostly concentrated on unlinkable + credentials for toll road payments, electronic voting, etc. + His company, DigiCash, is working on various aspects of + digital cash. + 12.5.3. "How does his system work?" + - There have been many summaries on the Cypherpunks list. Hal + Finney has written at least half a dozen, and others have + been contributed by Eric Hughes, Karl Barrus, etc. I won't + be including any of them here....it just takes too many + pages to explain how digital cash works in detail. + - (The biggest problem people have with digital cash is in + not taking the time to understand the basics of the math, + of blinding, etc. They wrongly assume that "digital cash" + can be understood by common-sense reasoning about existing + cash, etc. This mistake has been repeated in several of the + half-assed proposals for "net cash" and "digi dollars.") + + Here's the opening few paragraphs from one of Hal's + explanations, to provide a glimpse: + - "Mike Ingle asks about digicash. The simplest system I + know of that is anonymous is the one by Chaum, Fiat, and + Naor, which we have discussed here a few times. The idea + is that the bank chooses an RSA modulus, and a set of + exponents e1, e2, e3, ..., where each exponent ei + represents + a denomination and possibly a date. The exponents must + be relatively prime to (p-1)(q-1). PGP has a GCD routine + which can be used to check for valid exponents.. + + "As with RSA, to each public exponent ei corresponds a + secret exponent di, calculated as the multiplicative + inverse of ei mod (p-1)(q-1). Again, PGP has a routine + to calculate multiplicative inverses. + + "In this system, a piece of cash is a pair (x, f(x)^di), + where f() is a one-way function. MD5 would be a + reasonable choice for f(), but notice that it produces a + 128-bit result. f() should take this 128-bit output of + MD5 and "reblock" it to be an multi-precision number by + padding it; PGP has a "preblock" routine which does this, + following the PKCS standard. + + "The way the process works, with the blinding, is like + this. The user chooses a random x. This should probably + be at least 64 or 128 bits, enough to preclude exhaustive + search. He calculates f(x), which is what he wants the + bank to sign by raising to the power di. But rather than + sending f(x) to the bank directly, the user first blinds + it by choosing a random number r, and calculating D=f(x) + * r^ei. (I should make it clear that ^ is the power + operator, not xor.) D is what he sends to the bank, + along with some information about what ei is, which tells + the denomination of the cash, and also information about + his account number." [Hal Finney, 1993-12-04] + 12.5.4. "What is happening with DigiCash?" + - "Payment from any personal computer to any other + workstation, over email or Internet, has been demonstrated + for the first time, using electronic cash technology. "You + can pay for access to a database, buy software or a + newsletter by email, play a computer game over the net, + receive $5 owed you by a friend, or just order a pizza. The + possibilities are truly unlimited" according to David + Chaum, Managing Director of DigiCash TM, who announced and + demonstrated the product during his keynote address at the + first conference on the World Wide Web, in Geneva this + week." [DIGICASH PRESS RELEASE, "World's first electronic + cash payment over computer networks," 1994-05-27] + - DigiCash is David Chaum's company, set up to commercialize + this work. Located near Amsterdam. + + Chaum is also centrally invovled in "CAFE," a European + committee investigating ways to deploy digital cash in + Europe + - mostly standards, issues of privacy, etc. + - toll roads, ferries, parking meters, etc. + - http://digicash.support.nl/ + - info@digicash.nl + - People have been reporting that their inquiries are not + being answered; could be for several reasons. + 12.5.5. The Complexities of Digital Cash + - There is no doubt as to the complexity: many protocols, + semantic confusion, many parties, chances for collusion, + spoofing, repudiation, and the like. And many derivative + entities: agents, escrow services, banks. + - There's no substitute for _thinking hard_ about various + scenarios. Thinking about how to arrange off-line clearing, + how to handle claims of people who claim their digital + money was stolen, people who want various special kinds of + services, such as receipts, and so on. It's an ecology + here, not just a set of simple equations. + + 12.6. Online and Offline Clearing, Double Spending + 12.6.1. (this section still under construction) + 12.6.2. This is one of the main points of division between systems. + 12.6.3. Online Clearing + - (insert explanation) + 12.6.4. Offline Clearing + - (insert explanation) + 12.6.5. Double spending + - Some approaches involve constantly-growing-in-size coins at + each transfer, so who spent the money first can be deduced + (or variants of this). And N. Ferguson developed a system + allowing up to N expenditures of the same coin, where N is + a parameter. [Howard Gayle reminded me of this, 1994-08-29] + - "Why does everyone think that the law must immediately be + invoked when double spending is detected?....Double + spending is an informational property of digital cash + systems. Need we find malicious intent in a formal + property? The obvious moralism about the law and double + spenders is inappropriate. It evokes images of revenge and + retribution, which are stupid, not to mention of negative + economic value." [Eric Hughes, 1994-08-27] (This also + relates to Eric's good point that we too often frame crypto + issue in terms of loaded terms like "cheating," "spoofing," + and "enemies," when more neutral terms would carry less + meaning-obscuring baggage and would not give our "enemies" + (:-}) the ammunition to pass laws based on such terms.) + 12.6.6. Issues + + Chaum's double-spending detection systems + - Chaum went to great lengths to develop system which + preserve anonymity for single-spending instances, but + which break anonymity and thus reveal identity for double- + spending instances. I'm not sure what market forces + caused him to think about this as being so important, but + it creates many headaches. Besides being clumsy, it + require physical ID, it invokes a legal system to try to + collect from "double spenders," and it admits the + extremely serious breach of privacy by enabling stings. + For example, Alice pays Bob a unit of money, then quickly + Alice spends that money before Bob can...Bob is then + revealed as a "double spender," and his identity revealed + to whomver wanted it...Alice, IRS, Gestapo, etc. A very + broken idea. Acceptable mainly for small transactions. + + Multi-spending vs. on-line clearing + - I favor on-line clearing. Simply put: the first spending + is the only spending. The guy who gets to the train + locker where the cash is stored is the guy who gets it. + This ensure that the burden of maintaining the secret is + on the secret holder. + - When Alice and Bob transfer money, Alice makes the + transfer, Bob confirms it as valid (or verifies that his + bank has received the deposit), and the transaction is + complete. + - With network speeds increasing dramatically, on-line + clearing should be feasible for most transactions. Off- + line systems may of course be useful, especially for + small transactions, the ones now handled with coins and + small bills. + - + 12.6.7. "How does on-line clearing of anonymous digital cash work?" + - There's a lot of math connected with blinding, + exponentions, etc. See Schneier's book for an introduction, + or the various papers of Chaum, Brands, Bos, etc. + - On-line clearing is similar to two parties in a transaction + exchanging goods and money. The transaction is clearled + locally, and immediately. Or they could arrange transfer of + funds at a bank, and the banker could tell them over the + phone that the transaction has cleared--true "on-line + clearing." Debit cards work this way, with money + transferred effectively immediately out of one account and + into another. Credit cards have some additional wrinkles, + such as the credit aspect, but are basically still on-line + clearing. + - Conceptually, the guiding principle idea is simple: he who + gets to the train locker where the cash is stored *first* + gets the cash. There can never be "double spending," only + people who get to the locker and find no cash inside. + Chaumian blinding allows the "train locker" (e.g., Credit + Suisse) to give the money to the entity making the claim + without knowing how the number correlates to previous + numbers they "sold" to other entities. Anonymity is + preserved, absolutely. (Ignoring for this discussion issues + of cameras watching the cash pickup, if it ever actually + gets picked up.) + - Once the "handshaking" of on-line clearing is accepted, + based on the "first to the money gets it" principle, then + networks of such clearinghouses can thrive, as each is + confident about clearing. (There are some important things + needed to provide what I'll dub "closure" to the circuit. + People need to ping the system, depositing and withdrawing, + to establish both confidence and cover. A lot like remailer + networks. In fact, very much like them.) + - In on-line clearing, only a number is needed to make a + transfer. Conceptually, that is. Just a number. It is up to + the holder of the number to protect it carefully, which is + as it should be (for reasons of locality, or self- + responsibility, and because any other option introduces + repudiation, disavowal, and the "Twinkies made me do it" + sorts of nonsense). Once the number is transferred and + reblinded, the old number no longer has a claim on the + money stored at Credit Suisse, for example. That money is + now out of the train locker and into a new one. (People + always ask, "But where is the money, really?" I see digital + cash as *claims* on accounts in existing money-holding + places, typically banks. There are all kinds of "claims"-- + Eric Hughes has regaled us with tales of his explorations + of the world of commericial paper. My use of the term + "claim" here is of the "You present the right number, you + get access" kind. Like the combination to a safe. The train + locker idea makes this clearer, and gets around the + confusion about "digimarks" of "e$" actually _being_ any + kind of money it and of itself.) + + 12.7. Uses for Digital Cash + 12.7.1. Uses for digital cash? + - Privacy protection + - Preventing tracking of movements, contacts, preferences + + Illegal markets + - gambling + - bribes, payoffs + - assassinations and other contract crimes + - fencing, purchases of goods + + Tax avoidance + - income hiding + - offshore funds transfers + - illegal markets + - Online services, games, etc. + + Agoric markets, such as for allocation of computer + resources + - where programs, agents "pay" for services used, make + "bids" for future services, collect "rent," etc. + + Road tolls, parking fees, where unlinkablity is desired. + This press release excerpt should give the flavor of + intended uses for road tolls: + - "The product was developed by DigiCash TM Corporation's + wholly owned Dutch subsidiary, DigiCash TM BV. It is + related to the firm's earlier released product for road + pricing, which has been licensed to Amtech TM + Corporation, of Dallas, Texas, worldwide leader in + automatic road toll collection. This system allows + privacy protected payments for road use at full highway + speed from a smart card reader affixed to the inside of a + vehicle. Also related is the approach of the EU supported + CAFE project, of which Dr. Chaum is Chairman, which uses + tamper-resistant chips inserted into electronic wallets." + [DIGICASH PRESS RELEASE, "World's first electronic cash + payment over computer networks," 1994-05-27] + 12.7.2. "What are some motivations for anonymous digital cash?" + + Payments that are unlinkable to identity, especially for + things like highway tolls, bridge tolls, etc. + - where linkablity would imply position tracking + - (Why not use coins? This idea is for "smart card"-type + payment systems, involving wireless communication. + Singapore planned (and perhaps has implemented) such a + system, except there were no privacy considerations.) + + Pay for things while using pseudonyms + - no point in having a pseudonym if the payment system + reveals one's identity + + Tax avoidance + - this is the one the digicash proponents don't like to + talk about too loudly, but it's obviously a time-honored + concern of all taxpayers + + Because there is no compelling reason why money should be + linked to personal identity + - a general point, subsuming others + + 12.8. Other Digital Money Systems + 12.8.1. "There seem to be many variants....what's the story?" + - Lots of confusion. Lots of systems that are not at all + anonymous, that are just extensions of existing systems. + The cachet of digital cash is such that many people are + claiming their systems are "digital cash," when of course + they are not (at least not in the Chaum/Cypherpunk sense). + - So, be careful. Caveat emptor. + 12.8.2. Crypto and Credit Cards (and on-line clearing) + + Cryptographically secure digital cash may find a major use + in effectively extending the modality of credit cards to + low-level, person-to-person transactions. + - That is, the convenience of credit cards is one of their + main uses (others being the advancing of actual credit, + ignored here). In fact, secured credit cards and debit + cards don't offer this advancement of credit, but are + mainly used to accrue the "order by phone" and "avoid + carrying cash" advantages. + - Checks offer the "don't carry cash" advantage, but take + time to clear. Traveller's checks are a more pure form of + this. + - But individuals (like Alice and Bob) cannot presently use + the credit card system for mutual transactions. I'm not + sure of all the reasons. How might this change? + - Crypto can allow unforgeable systems, via some variant of + digital signatures. That is, Alice can accept a phoned + payment from Bob without ever being able to sign Bob's + electronic signature herself. + - "Crypto Credit Cards" could allow end users (customers, in + today's system) to handle transactions like this, without + having merchants as intermediaries. + - I'm sure the existing credit card outfits would have + something to say about this, and there may be various + roadblocks in the way. It might be best to buy off the VISA + and MasterCard folks by working through them. (And they + probably have studied this issue; what may change their + positions is strong crypto, locally available to users.) + - (On-line clearing--to prevent double-spending and copying + of cash--is an important aspect of many digital cash + protocols, and of VISA-type protocols. Fortunately, + networks are becoming ubiquitous and fast. Home use is + still a can of worms, though, with competing standards + based on video cable, fiber optics, ISDN, ATM, etc.) + 12.8.3. Many systems being floated. Here's a sampling: + + Mondex + - "Unlike most other electronic purse systems, Mondex, like + cash, is anonymous. The banks that issue Mondex cards + will not be able to keep track of who gets the payments. + Indeed, it is the only system in which two card holders + can transfer money to each other. + + ""If you want to have a product that replaces cash, you + have to do everything that cash does, only better," + Mondex's senior executive, Michael Keegan said. "You can + give money to your brother who gives it to the chap that + sells newspapers, who gives it to charity, who puts it in + the bank, which has no idea where it's been. That's what + money is."" [New York Times, 1994-09-06, provided by John + Young] + + CommerceNet + - allows Internet users to buy and sell goods. + - "I read in yesterday's L.A. Times about something called + CommerceNet, where sellers and buyers of workstation + level equipment can meet and conduct busniess....Near the + end of the article, they talked about a proposed method + for exchanging "digital signatures" via Moasic (so that + buyers and sellers could _know_ that they were who they + said they were) and that they were going to "submit it to + the Internet Standards body"" [Cypher1@aol.com, 1994-06- + 23] + + NetCash + - paper published at 1st ACM Conference on Computer and + Communications Security, Nov. 93, available via anonymous + ftp from PROSPERO.ISI.EDU as /pub/papers/security/netcash- + cccs93.ps.Z + - "NetCash: A design for practical electronic currency on + the Internet ... Gennady Medvinsky and Clifford Neuman + + "NetCash is a framework that supports realtime electronic + payments with provision of anonymity over an unsecure + network. It is designed to enable new types of services + on the Internet which have not been practical to date + because of the absence of a secure, scalable, potentially + anonymous payment method. + + "NetCash strikes a balance between unconditionally + anonymous electronic currency, and signed instruments + analogous to checks that are more scalable but identify + the principals in a transaction. It does this by + providing the framework within which proposed electronic + currency protocols can be integrated with the scalable, + but non-anonymous, electronic banking infrastructure that + has been proposed for routine transactions." + + Hal Finney had a negative reaction to their system: + - "I didn't think it was any good. They have an + incredibly simplistic model, and their "protocols" are + of the order, A sends the bank some paper money, and B + sends A some electronic cash in return.....They don't + even do blinding of the cash. Each piece of cash has a + unique serial number which is known to the currency + provider. This would of course allow matching of + withdrawn and deposited coins....These guys seem to + have read the work in the field (they reference it) but + they don't appear to have understood it." [Hal Finney, + 1993-08-17] + + VISA Electronic Purse + - (A lot of stuff appeared on this, including listings of + the alliance partners (like Verifone), the technology, + the plans for deployment, etc. I regret that I can't + include more here. Maybe when this FAQ is a Web doc, more + can be included.) + - "PERSONAL FINANCE - Seeking the Card That Would Create A + Cashless World. The Washington Post, April 03, 1994, + FINAL Edition By: Albert B. Crenshaw, Washington Post ... + + "Now that credit cards are in the hands of virtually + every living, breathing adult in the country-not to + mention a lot of children and the occasional family pet- + and now that almost as many people have ATM cards, + card companies are wondering where future growth will + come from. + + "At *Visa* International, the answer is: Replace cash + with plastic. + + "Last month, the giant association of card issuers + announced it had formed a coalition of banking and + technology companies to develop technical standards for + a product it dubbed the "Electronic Purse," a plastic + card meant to replace coins and bills in small + transactions." [provided by Duncan Frissell, 1994-04-05] + - The talk of "clearinghouses" and the involvement of VISA + International and the Usual Suspects suggest + identity-blinding protocols are not in use. I also see no + mention of DigiCash, or even RSA (but maybe I missed that- + -and the presence of RSA would not necessairly mean + identity-blinding protocols were being planned). + + Likely Scenario: This is *not* digital cash as we think + of it. Rather, this is a future evolution of the cash ATM + card and credit card, optimized for faster and cheaper + clearing. + + Scary Scenario: This could be the vehicle for the long- + rumored "banning of cash." (Just because conspiracy + theorists and Number of the Beast Xtian fundamentalists + belive it doesn't render it implausible.) + - Almost nothing of interest for us. No methods for + anonymity. Make no mistake, this is not the digital cash + that Cypherpunks espouse. This gives the credit agencies + and the government (the two work hand in hand) complete + traceability of all purchases, automatic reporting of + spending patterns, target lists for those who frequent + about-to-be-outlawed businesses, and invasive + surveillance of all inter-personal economic transactions. + This is the AntiCash. Beware the Number of the AntiCash. + 12.8.4. Nick Szabo: + - "Internet commercialization in itself is a _huge_ issue + full of pitfall and opportunity: Mom & Pop BBS's, + commercial MUDs, data banks, for-profit pirate and porn + boards, etc. are springing up everywhere like weeds, + opening a vast array of both needs of privacy and ways to + abuse privacy. Remailers, digital cash, etc. won't become + part of this Internet commerce way of life unless they are + deployed soon, theoretical flaws and all, instead of + waiting until The Perfect System comes along. Crypto- + anarchy in the real world will be messy, "nature red in + tooth and claw", not all nice and clean like it says in the + math books. Most of thedebugging will be done not in any + ivory tower, but by the bankruptcy of businesses who + violate their customer's privacy, the confiscation of BBS + operators who stray outside the laws of some jurisdication + and screw up their privacy arrangements, etc. Anybody who + thinks they can flesh out a protocol in secret and then + deploy it, full-blown and working, is in for a world of + hurt. For those who get their Pretty Good systems out + there and used, there is vast potential for business growth + -- think of the $trillions confiscated every year by + governments around the world, for example." [Nick Szabo, + 1993-8-23] + 12.8.5. "What about _non-anonymous_ digital cash?" + - a la the various extensions of existing credit and debit + cards, traveller's checks, etc. + + There's still a use for this, with several motivations" + * for users, it may be _cheaper_ (lower transaction costs) + than fully anonymous digital cash + * for banks, it may also be cheaper + * users may wish audit trails, proof, etc. + * and of course governments have various reasons for + wanting traceable cash systems + - law enforcement + - taxes, surfacing the underground economy + 12.8.6. Microsoft plans to enter the home banking business + - "PORTLAND, Ore. (AP) -- Microsoft Corp. wants to replace + your checkbook with a home computer that lets the bank do + all the work of recording checks, tallying up credit card + charges and paying bills.... The service also tracks credit + card accounts, withdrawals from automated teller machines, + transfers from savings or other accounts, credit lines, + debit cards, stocks and other investments, and bill + payments." [Associated Press, 1994-07-04] + - Planned links with a consortium of banks, led by U.S. + Bancorp, using its "Money" software package. + - Comment: Such moves as this--and don't forget the cable + companies--could result in a rapid transition to a form of + home banking and "digital money." Obviously this kind of + digital money, as it is being planned today, is very from + the kind of digital cash that interests us. In fact, it is + the polar opposite of what we want. + 12.8.7. Credit card clearing...individuals can't use the system + - if something nonanonymous like credit cards cannot be used + by end users (Alice and Bob), why would we expect an + anonymous version of this would be either easier to use or + more possible? + - (And giving users encrypted links to credit agencies would + at least stop the security problems with giving credit card + numbers out over links that can be observed.) + - Mondex claims their system will allow this kind of person- + to-person transfer of anonymous digital cash (I'll believe + it when I see it). + + 12.9. Legal Issues with Digital Cash + 10.8.1. "What's the legal status of digital cash?" + - It hasn't been tested, like a lot of crypto protocols. It + may be many years before these systems are tested. + 10.8.2. "Is there a tie between digital cash and money laundering?" + - There doesn't have to be, but many of us believe the + widespread deployment of digital, untraceable cash will + make possible new approaches + - Hence the importance of digital cash for crypto anarchy and + related ideas. + - (In case it isn't obvious, I consider money-laundering a + non-crime.) + 10.8.3. "Is it true the government of the U.S. can limit funds + transfers outside the U.S.?" + - Many issues here. Certainly some laws exist. Certainly + people are prosecuted every day for violating currency + export laws. Many avenues exist. + - "LEGALITY - There isn't and will never be a law restricting + the sending of funds outside the United States. How do I + know? Simple. As a country dependant on international + trade (billions of dollars a year and counting), the + American economy would be destroyed." [David Johnson, + privacy@well.sf.ca.us, "Offshore Banking & Privacy," + alt.privacy, 1994-07-05] + 10.8.4. "Are "alternative currencies" allowed in the U.S.? And what's + the implication for digital cash of various forms? + - Tokens, coupons, gift certificates are allowed, but face + various regulations. Casino chips were once treated as + cash, but are now more regulated (inter-casino conversion + is no longer allowed). + - Any attempt to use such coupons as an alternative currency + face obstacles. The coupons may be allowed, but heavily + regulated (reporting requirements, etc.). + - Perry Metzger notes, bearer bonds are now illegal in the + U.S. (a bearer bond represented cash, in that no name was + attached to the bond--the "bearer" could sell it for cash + or redeem it...worked great for transporting large amounts + of cash in compact form). + + Note: Duncan Frissell claims that bearer bonds are _not_ + illegal. + - "Under the Tax Equity and Fiscal Responsibility Act of + 1982 (TEFRA), any interest payments made on *new* issues + of domestic bearer bonds are not deductible as an + ordinary and necessary business expense so none have been + issued since then. At the same time, the Feds + administratively stopped issuing treasury securities in + bearer form. Old issues of government and corporate debt + in bearer form still exist and will exist and trade for + 30 or more years after 1982. Additionally, US residents + can legally buy foreign bearer securities." [Duncan + Frissell, 1994-08-10] + - Someone else has a slightly different view: "The last US + Bearer Bond issues mature in 1997. I also believe that to + collect interest, and to redeem the bond at maturity, you + must give your name and tax-id number to the paying + agent. (I can check with the department here that handles + it if anyone is interested in the pertinent OCC regs that + apply)" [prig0011@gold.tc.umn.edu, 1994-08-10] + - I cite this gory detail to give readers some idea about + how much confusion there is about these subjects. The + usual advice is to "seek competent counsel," but in fact + most lawyers have no clear ideas about the optimum + strategies, and the run-of-the-mill advisor may mislead + one dangerously. Tread carefully. + - This has implications for digital cash, of course. + 10.8.5. "Why might digital cash and related techologies take hold + early in illegal markets? That is, will the Mob be an early + adopter?" + - untraceability needed + - and reputations matter to them + - they've shown in the past that they will try new + approaches, a la the money movements of the drug cartels, + novel methods for security, etc. + 10.8.6. "Electronic cash...will it have to comply with laws, and + how?" + - Concerns will be raised about the anonymity aspects, the + usefulness for evading taxes and reporting requirements, + etc. + - a messy issue, sure to be debated and legislated about for + many years + + split the cash into many pieces...is this "structuring"? is + it legal? + - some rules indicate the structuring per se is not + illegal, only tax evasion or currency control evasion + - what then of systems which _automatically_, as a basic + feature, split the cash up into multiple pieces and move + them? + 10.8.7. Currency controls, flight capital regulations, boycotts, + asset seizures, etc. + - all are pressures to find alternate ways for capital to + flow + - all add to the lack of confidence, which, paradoxically to + lawmakers, makes capital flight all the more likely + 10.8.8. "Will banking regulators allow digital cash?" + - Not easily, that's for sure. The maze of regulations, + restrictions, tax laws, and legal rulings is daunting. Eric + Hughes spent a lot of time reading up on the laws regarding + banks, commercial paper, taxes, etc., and concluded much + the same. I'm not saying it's impossible--indeed, I believe + it will someday happen, in some form--but the obstacles are + formidable. + + Some issues: + + Will such an operation be allowed to be centered or based + in the U.S.? + - What states? What laws? Bank vs. Savings and Loan vs. + Credit Union vs. Securities Broker vs. something else? + + Will customers be able to access such entities offshore, + outside the U.S.? + - strong crypto makes communication possible, but it may + be difficult, not part of the business fabric, etc. + (and hence not so useful--if one has to send PGP- + encrypted instructions to one's banker, and can't use + the clearing infrastructure....) + + Tax collection, money-laundering laws, disclosure laws, + "know your customer" laws....all are areas where a + "digital bank" could be shut down forthwith. Any bank not + filling out the proper forms (including mandatory + reporting of transactions of certain amounts and types, + and the Social Security/Taxpayer Number of customers) + faces huge fines, penalties, and regulatory sanctions. + - and the existing players in the banking and securities + business will not sit idly by while newcomers enter + their market; they will seek to force newcomers to jump + through the same hoops they had to (studies indicate + large corporations actually _like_ red tape, as it + helps them relative to smaller companies) + - Concluson: Digital banks will not be "launched" without a + *lot* of work by lawyers, accountants, tax experts, + lobbyists, etc. "Lemonade stand digital banks" (TM) will + not survive for long. Kids, don't try this at home! + - (Many new industries we are familiar with--software, + microcomputers--had very little regulation, rightly so. But + the effect is that many of us are unprepared to understand + the massive amount of red tape which businesses in other + areas, notably banking, face.) + 10.8.9. Legal obstacles to digital money. If governments don't want + anonymous cash, they can make things tough. + + As both Perry Metzger and Eric Hughes have said many times, + regulations can make life very difficult. Compliance with + laws is a major cost of doing business. + - ~"The cost of compliance in a typical USA bank is 14% of + operating costs."~ [Eric Hughes, citing an "American + Banker" article, 1994-08-30] + + The maze of regulations is navigable by larger + institutions, with staffs of lawyers, accountants, tax + specialists, etc., but is essentially beyond the + capabilities of very small institutions, at least in the + U.S. + - this may or may not remain the case, as computers + proliferate. A "bank-in-a-box" program might help. My + suspicion is that a certain size of staff is needed just + to handle the face-to-face meetings and hoop-jumping. + + "New World Order" + - U.S. urging other countries to "play ball" on banking + secrecy, on tax evasion extradition, on immigration, etc. + - this is closing off the former loopholes and escape + hatches that allowed people to escape repressive + taxation...the implications for digital money banks are + unclear, but worrisome. + +12.10. Prospects for Digital Cash Use + 12.10.1. "If digital money is so great, why isn't it being used?" + - Hasn't been finished. Protocols are still being researched, + papers are still being published. In any single area, such + as toll road payments, it may be possible to deploy an + application-specific system, but there is no "general" + solution (yet). There is no "digital coin" or unforgeable + object representing value, so the digital money area is + more similar to the similarly nonsimple markets in + financial instruments, commercial papers, bonds, warrants, + checks, etc. (Areas that are not inherently simple and that + have required lots of computerization and communications to + make manageable.) + - Flakiness of Nets. Systems crash, mail gets delayed + inexplicably, subscriptions to lists get lunched, and all + sorts of other breakages occur. Most interaction on the + Nets involves a fair amount of human adaptation to changing + conditions, screwups, workarounds, etc. These are not + conditions that inspire confidence in automated money + systems! + - Hard to Use. Few people will use systems that require + generating code, clients, etc. Semantic gap (generating + stuff on a Unix workstation is not at all like taking one's + checkbook out). Protocols in crypto are generally hard to + use and confusing. + - Lack of compelling need. Although people have tried various + experiments with digital money tokens or coupons (Magic + Money/Tacky Tokens, the HeX market, etc.), there is little + real world incentive to experiment with them. And most of + the denominated tokens are for truly trivial amounts of + money, not for anything worth spending time learning. No + marketplace for buyers to "wander around in." (You don't + buy what you don't see.) + - Legal issues. The IRS does not look favorably on + alternative currencies, especially if used in attempts to + bypass ordinary tax collection schemes. This and related + legal issues (redemptions into dollars) put a roadblock in + front of serious plans to use digital money. + - Research Issues. Not all problems resolved. Still being + developed, papers being published. Chaum's system does not + seem to be fully ready for deployment, certainly not + outside of well-defined vertical markets. + 12.10.2. "Why isn't digital money in use?" + - The Meta Issue: *what* digital money? Various attempts at + digital cash or digital money exist, but most are flawed, + experimental, crufty, etc. Chaum's DigiCash was announced + (Web page, etc.), but is apparently not even remotely + usable. + + Practical Reasons: + - nothing to buy + - no standard systems that are straightforward to use + - advantages of anonymity and untraceability are seldom + exploited + - The Magic Money/Tacky Tokens experiment on the Cypherpunks + list is instrucive. Lots of detailed work, lots of posts-- + and yet not used for anything (granted, there's not much + being bought and sold on the List, so...). + - Scenario for Use in the Near Future: A vertical + application, such as a bridge toll system that offers + anonymity. In a vertical app, the issues of compatibility, + interfaces, and training can be managed. + 12.10.3. "why isn't digital cash being used?" + + many reasons, too many reasons! + + hard issues, murky issues + - technical developments not final, Chaum, Brands, etc. + + selling the users + - who don't have computers, PDAs, the means to do the + local computations + - who want portable versions of the same + + The infrastructure for digital money (Chaum anonymous- + style, and variants, such as Brands) does not now exist, + and may not exist for several more years. (Of course, I + thought it would take "several more years" back in 1988, + so what do I know?) + - The issues are familiar: lack of standards, lack of + protocols, lack of customer experience, and likely + regulatory hurdles. A daunting prospect. + - Any "launches" will either have to be well-funded, well- + planned, or done sub rosa, in some quasi-legal or even + illegal market (such as gambling). + - "The american people keep claiming in polls that they want + better privacy protection, but the fact is that most aren't + willing to do anything about it: it's just a preference, + not a solid imperative. Until something Really Bad happens + to many people as a result of privacy loss, I really don't + think much will be done that requires real work and + inconvenience from people, like moving to something other + than credit cards for long-distance transactions... and + that's a tragedy."[L. Todd Masco , 1994-08-20] + 12.10.4. "Is strong crypto needed for digital cash?" + - Yes, for the most bulletproof form, the form of greatest + interest to us and especially for agents, autonomous + systems + + No, for certain weak versions (non-cryptographic methods of + security, access control, biometric security, etc. methods) + - for example, Internet billing is not usually done with + crypto + - and numbered Swiss accounts can be seen as a weak form of + digital cash (with some missing features) + - "warehouse receipts," as in gold or currency shipments + 12.10.5. on why we may not have it for a while, from a non-Cypherpunk + commenter: + - "Government requires information on money flows, taxable + items, and large financial transactions.....As a result, it + would be nearly impossible to set up a modern anonymous + digital cash system, despite the fact that we have the + technology.....I think we have more of a right to privacy + with digicash transactions, and I also think there is a + market for anonymous digicash systems. " [Thomas Grant + Edwards. talk.politics.crypto, 1994-09-06] + 12.10.6. "Why do a lot of schemes for things like digital money have + problems on the Net? + + Many reasons + - lack of commercial infrastructure in general on the + Net...people are not used to buying things, advertising + is discouraged (or worse), and almost everything is + "free." + - lack of robustness and completeness in the various + protocols: they are "not ready for prime time" in most + cases (PGP is solid, and some good shells exist for PGP, + but the many other crypto protocols are mostly not + implemented at all, at least not widely). + + The Net runs "open-loop," as a store-and-forward delivery + system + - The Net is mostly a store-and-forward netword, at least + at the granularity seen by the user in sending + messages, and hence is "open loop." Messages may or may + not be received in a timely way, and there is little + opportunity for negotiaton on a real-time basis. + - This open-loop nature usually works...messages get + through most of the time. And the "message in a bottle" + nature fits in with anonymous remailers (with + latency/delay), with message pools, and with other + schemes to make traffic analysis harder. A "closed- + loop," responsive system is likelier to be traffic- + analyzed by correlation of packets, etc. + - but the sender does not know if it gets through (return + receipts not commonly implemented...might be a nice + feature to incorporate; agent-based systems + (Telescript?) will certainly do this) + - this open-loop nature makes protocols, negotiation, + digital cash very tough to use--too much human + intervention needed + - Note: These comments apply mainly to _mail_ systems, + which is where most of us have experimented with these + ideas. Non-mail systems, such as Mosaic or telnet or + the like, have better or faster feedback mechanisms and + may be preferable for implementation of Cypherpunks + goals. It may be that the natural focus on mailing + lists, e-mail, etc., has distracted us. Perhaps a focus + on MUDs, or even on ftp, would have been more + fruitful...but we're a mailing list, and most people + are much more familiar with e-mail than with archie or + gopher or WAIS, etc. + - The legal and regulatory obstacles to a real system, used + for real transactions, are formidable. (The obstacles to + a "play" system are not so severe, but then play systems + tend not to get much developer attention.) + 12.10.7. Scenario for deployment of digital cash + - Eric Hughes has spent time looking into this. Too many + issues to go into here, but he had this interesting + scenario, repeated almost in toto here: + - "It's very unlikely that a USA bank will be the one to + deploy anonymous digital dollars first. It's much more + likely that the first dollar digital cash will be issued + overseas, possibly London. By the same token, the non- + dollar regulation on banks in this country is not the same + as the dollar regulation, so it's quite possible that the + New York banks may be the first issuers of digital cash, in + pounds sterling, say. + + "There will be two stages in actually deploying digital + cash. By digital cash, here, I mean a retail phenomenon, + available anybody. The first will be to digitize money, and + the second will be to anonymize it. Efforts are already + well underway to make more-or-less secure digital funds + transfers with reasonably low transaction fees (not + transaction costs, which are much more than just fees). + These efforts, as long as they retain some traceability, + will almost certainly succeed first in the marketplace, + because (and this is vital) the regulatory environment + against anonymity is not compromised. + + "Once, however, money has been digitized, one of the + services available for purchase can be the anonymous + transfer of funds. I expect that the first digitization of + money won't be fully fungible. For example, if you allow + me to take money out of your checking account by automatic + debit, there is risk that the money won't be there when I + ask for it. Therefore that kind of money won't be + completely fungible, because money authorized from one + person won't be completely identical with money from + another. It may be a risk issue, it may be a timeliness + issue, it may be a fee issue; I don't know, but it's + unlikely to be perfect. + + "Now, as the characteristic size of a business decreases, + the relative costs of dealing with whatever imperfection + there is will be greater. To wit, the small player will + still have some problem getting paid, although certainly + less than now. Digital cash solves many of these problems. + The clearing is immediate and final (no transaction + reversals). The number of entities to deal with is greatly + reduced, hopefully to one. The need and risk and cost of + accounts receivables is eliminated. It's anonymous. There + will be services which will desire these advantages, enough + to support a digital cash infrastructure. [Eric Hughes, + Cypherpunks list, 1994-08-03] + +12.11. Commerce on the Internet + 12.11.1. This has been a brewing topic for the past couple of years. + In 1994 thing heated up on several fronts: + - DigiCash announcement + - NetMarket announcement + - various other systems, including Visa Electronic Purse + 12.11.2. I have no idea which ones will succeed... + 12.11.3. NetMarket + - Mosaic connections, using PGP + + "The NetMarket Company is now offering PGP-encrypted Mosaic + sessions for securely transmitting credit card information + over the Internet. Peter Lewis wrote an article on + NetMarket on page D1 of today's New York Times (8/12/94). + For more information on NetMarket, connect to + http://www.netmarket.com/ or, telnet netmarket.com." [ + Guy H. T. Haskin , 1994-08-12] + - Uses PGP. Hailed by the NYT as the first major use of + crypto for some form of digital money, but this is not + correct. + 12.11.4. CommerceNet + - allows Internet users to buy and sell goods. + - "I read in yesterday's L.A. Times about something called + CommerceNet, where sellers and buyers of workstation level + equipment can meet and conduct busniess....Near the end of + the article, they talked about a proposed method for + exchanging "digital signatures" via Moasic (so that buyers + and sellers could _know_ that they were who they said they + were) and that they were going to "submit it to the + Internet Standards body"" [Cypher1@aol.com, 1994-06-23] + 12.11.5. EDI, purchase orders, paperwork reduction, etc. + - Nick Szabo is a fan of this approach + 12.11.6. approaches + - send VISA numbers in ordinary mail....obviously insecure + - send VISA numbers in encrypted mail + + establish two-way clearing protocols + - better ensures that recipient will fulfill service...like + a receipt that customer signs (instead of the "sig taken + over the phone" approach) + - various forms of digital money + 12.11.7. lightweight vs. heavyweight processes for Internet commerce + - Chris Hibbert + - and the recurring issue of centralized vs. decentralized + authentication and certification + +12.12. Cypherpunks Experiments ("Magic Money") + 12.12.1. What is Magic Money? + - "Magic Money is a digital cash system designed for use over + electronic mail. The system is online and untraceable. + Online means that each transaction involves an exchange + with a server, to prevent double-spending. Untraceable + means that it is impossible for anyone to trace + transactions, or to match a withdrawal with a deposit, or + to match two coins in any way." + + "The system consists of two modules, the server and the + client. Magic Money uses the PGP ascii-armored message + format for all communication between the server and client. + All traffic is encrypted, and messages from the server to + the client are signed. Untraceability is provided by a + Chaum-style blind signature. Note that the blind signature + is patented, as is RSA. Using it for experimental purposes + only shouldn't get you in trouble. + + "Digicash is represented by discrete coins, the + denominations of which are chosen by the server operator. + Coins are RSA-signed, with a different e/d pair for each + denomination. The server does not store any money. All + coins are stored by the client module. The server accepts + old coins and blind- signs new coins, and checks off the + old ones on a spent list." + [...rest of excellent summary elided...highly recommended + that you dig it up (archives, Web site?) and read it] + [Pr0duct Cypher, Magic Money Digicash System, 1992-02-04] + + Magic Money + - ftp://csn.org/pub/mpj/crypto_XXXXXX (or something like + that) + - ftp:csn.org//mpj/I_will_not_export/crypto_???????/pgp_too + ls + 12.12.2. Matt Thomlinson experimented with a derivative version called + "GhostMarks" + 12.12.3. there was also a "Tacky Tokens" derivative + 12.12.4. Typical Problems with Such Experiments + - Not worth anything...making the money meaningful is an + obstacle to be overcome + - If worth anything, not worth the considerable effort to use + it ("creating Magic Money clients" and other scary Unix + stuff!) + - robustness...sites go down, etc. + - same problems were seen on Extropians list with "HEx" + exchange and its currency, the "thorne." (I even paid real + money to Edgar Swank to buy some thorned...alas, the market + was too thinly traded and the thornes did me no good.) + +12.13. Practical Issues and Concerns with Digital Cash + 12.13.1. "Is physical identity proof needed for on-line clearing?" + - No, not if the cash outlook is taken. Cash is cash. Caveat + emptor. + - The "first to the locker" approach causes the bank not to + particularly care about this, just as a Swiss bank will + allow access to a numbered account by presentation of the + number, and perhaps a key. Identity proof *may* be needed, + depending on the "protocol" they and the customer + established, but it need not be. And the last thing the + bank is worried about is being able to "find and prosecute" + anyone, as there is no way they can be liable for a double + spending incident. The beauties of local clearing! (Which + is what gold coins do, and paper money if we really think + we can pass it on to others.) + 12.13.2. "Is digital cash traceable?" + - There are several flavors of "digital cash," ranging from + versions of VISA cards to fully untraceable (Chaumian) + digital cash. + - This comes up a lot, with people in Net newsgroups even + warning others not to use digital cash because of the ease + of traceability. Not so. + - "Not the kind proposed by David Chaum and his colleagues in + the Netherlands. The whole thrust of their research over + the last decade has been the use of cryptographic + techniques to make electronic transactions secure from + fraud while at the same time protecting personal privacy. + They, and others, have developed a number of schemes for + UNTRACEABLE digital cash." [Kevin Van Horn, + talk.politics.crypto, 1994-07-03] + 12.13.3. "Is there a danger that people will lose the numbers that + they need to redeem money? That someone could steal the + number and thus steal their money?" + - Sure. There's the danger that I'll lose my bearer bonds, or + forget my Swiss bank account number, or lose my treasure + map to where I buried my money (as Alan Turing supposedly + did in WW II). + - People can take steps to limit risk. More secure computers. + Dongles worn around their necks. Protocols that involve + biometric authentication to their local computer or key + storage PDA, etc. Limits on withdrawals per day, etc. + People can store key numbers with people they trust, + perhaps encrypted with other keys, can leave them with + their lawyers, etc. All sorts of arrangements can be made. + Personal identification is but one of these arrangements. + Often used, but not essential to the underlyng protocol. + Again, the Swiss banks (maybe now the Liechtenstein + anstalts are a better example) don't require physical ID + for all accounts. (More generally, if Charles wants to + create a bank in which deposits are made and then given out + to the first person who sings the right tune, why should we + care? This extreme example is useful in pointing out that + _contractual arrangements_ need not involve governmental or + societal norms about what constitutes proof of identity.) + +12.14. Cyberspace and Digital Money + 12.14.1. "You can't eat cyberspace, so what good is digital money?" + - This comes up a lot. People assume there is no practical + way to transfer assets, when in fact it is done all the + time. That is, money flows from the realm of the purely + "informational" realm to the physcial realm Consultants, + writers, traders, etc., all use their heads and thereby + earn real money. + - Same will apply to cyberspace. + 12.14.2. "How can I remain anonymous when buying physical items using + anonymous digital cash?' + - Very difficult. Once you are seen, and your picture can be + taken( perhaps unknown to you), databases will have you. + Not much can be done about this. + - People have proposed schemes for anonymous shipment and + pickup, but the plain fact is that physical delivery of any + sort compromises anonymity, just as in the world today. + - The purpose of anonymous digital cash is partly to at least + make it more difficult, to not give Big Brother your + detailed itinerary from toll road movements, movie theater + payments, etc. To the extent that physical cameras can + still track cars, people, shipments, etc., anonymous + digital cash doesn't solve this surveillance problem. + +12.15. Outlawing of Cash + 12.15.1. "What are the motivations for outlawing cash?" + - (Note: This has not happened. Many of us see signs of it + happening. Others are skeptical.) + + Reasons for the Elimination of Cash: + - War on Drugs....need I say more? + - surface the underground economy, by withdrawing paper + currency and forcing all monetary transaction into forms + that can be easily monitored, regulated, and taxed. + - tax avoidance, under the table economy (could also be + motive for tamper-resistant cash registers, with spot + checks to ensure compliance) + + welfare, disability, pension, social security auto- + deposits + - fraud, double-dipping + - reduce theft of welfare checks, disability payments, + etc....a problem in some locales, and automatic + deposit/cash card approaches are being evaluated. + - general reduction in theft, pickpockets + - reduction of paperwork: all transfers electronic (could + be part of a "reinventing government" initiative) + + illegal immigrants, welfare cheats, etc. Give everyone a + National Identity Card (they'll call it something + different. to make it more palatable, such as "Social + Services Portable Inventory Unit" or "Health Rights + Document"). + - (Links to National Health Care Card, to Welfare Card, + to other I.D. schemes designed to reduce fraud, track + citizen-units, etc.) + + rationing systems that depend on non-cash transactions + (as explained elsewhere, market distortions from + rationing systems generally require identification, + correlation to person or group, etc.) + - this rationing can included subsidized prices, denial + of access (e.g., certain foods denied to certain + people) + 12.15.2. Lest this be considered paranoid ranting, let me point out + that many actions have already been taken that limit the form + of money (banking laws, money laundering, currency + restrictions...even the outlawing of competing currencies + itself) + 12.15.3. Dangers of outlawing cash + - Would freeze out all transactions, giving Big Brother + unprecedented power (unless the non-cash forms were + anonymous, a la Chaum and the systems we support) + - Would allow complete traceability....like the cellular + phones that got Simpson + - 666, Heinlein, Shockwave Rider, etc. + 12.15.4. Given that there is no requirement for identity to be + associated with money, we should fight any system which + proposed to link the two. + 12.15.5. The value of paying cash + - makes a transaction purely local, resolved on the spot + - the alternative, a complicated accounting system involving + other parties, etc., is much less attractive + - too many transactions these days are no longer handled in + cash, which increases costs and gets other parties involved + where they shouldn't be involved. + 12.15.6. "Will people accept the banning of cash?" + - There was a time when I would've said Americans, at least, + would've rejected such a thing. Too many memories of + "Papieren, bitte. Macht schnell!" But I now think most + Americans (and Europeans) are so used to producing + documents for every transaction, and so used to using VISA + cards and ATM cards at gas stations, supermarkets, and even + at flea markets, that they'll willingly--even eagerly-- + adopt such a system. + +12.16. Novel Opportunities + 12.16.1. Encrypted open books, or anonymous auditing + - Eric Hughes has worked on a scheme using a kind of blinding + to do "encrypted open books," whereby observers can verify + that a bank is balancing its books without more detailed + looks at individual accounts. (I have my doubts about + spoofs, attacks, etc., but such are always to be considered + in any new protocol.) + - "Kent Hastings wondered how an offshore bank could provide + assurances to depositors. I wondered the same thing a few + months ago, and started working on what Perry calls the + anonymous auditing problem. I have what I consider to be + the core of a solution. + ...The following is long.... [TCM Note: Too long to include + here. I am including just enough to convince readers that + some new sorts of banking ideas may come out of + cryptography.] + + "If we use the contents of the encrypted books at the + organizational boundary points to create suitable legal + opbligations, we can mostly ignore what goes on inside of + the mess of random numbers. That is, even if double books + were being kept, the legal obligations created should + suffice to ensure that everything can be unwound if needed. + This doesn't prevent networks of corrupt businesses from + going down all at once, but it does allow networks of + honest businesses to operate with more assurance of + honesty." [Eric Hughes, PROTOCOL: Encrypted Open Books, + 1993-08-16] + 12.16.2. "How can software components be sold, and how does crypto + figure in?" + + Reusable Software, Brad Cox, Sprague, etc. + - good article in "Wired" (repeated in "Out of Control") + - First, certainly software is sold. The issues is why the + "software components" market has not yet developed, and why + such specific instances of software as music, art, text, + etc., have not been sold in smaller chunks. + + Internet commerce is a huge area of interest, and future + development. + - currently developing very slowly + - lots of conflicting information...several mailing + lists...lots of hype + + Digital cash is often cited as a needed enabling tool, but + I think the answer is more complicated than that. + - issues of convenience + - issues of there being no recurring market (as there is + in, say, the chip business...software doesn't get bought + over and over again, in increasing unit volumes) + +12.17. Loose Ends + 12.17.1. Reasons to have no government involvement in commerce + - Even a small involvement, through special regulations, + granted frachises, etc., produces vested interests. For + example, those in a community who had to wait to get + building permits want _others_ to wait just as long, or + longer. Or, businesses that had to meet certain standard, + even if unreasonable, will demand that new businesses do so + also. The effect is an ever-widening tar pit of rules, + restrictions, and delays. Distortions of the market result. + + Look at how hard it is for the former U.S.S.R. to + disentangle itself from 75 years of central planning. They + are now an almost totally Mafia-controlled state (by this I + mean that "privatization" of formerly non-private + enterprises benefitted those who had amassed money and + influence, and that these were mainly the Russian Mafia and + former or current politicians...the repercussions of this + "corrupt giveaway" will be felt for decades to come). + - An encouraging sign: The thriving black market in Russia- + -which all Cypherpunks of course cheer--will gradually + displace the old business systems with new ones, as in + all economies. Eventually the corruptly-bought businesses + will sink or swim based on merit, and newly-created + enterprises will compete with them. + 12.17.2. "Purist" Approach to Keys, Cash, Responsibility + + There are two main approaches to the issue: + - Key owner is responsible for uses of his key + - or, Others are responsible + + There may be mixed situations, such as when a key is + stolen...but this needs also to be planned-for by the key + owner, by use of protocols that limit exposure. For + example, few people will use a single key that accesses + immediately their net worth...most people will partition + their holding and their keyed access in such a way as to + naturally limit exposure if any particular key is lost or + compromised. Or forgotten. + - could involve their bank holding keys, or escrow agents + - or n-out-of-m voting systems + - Contracts are the essence...what contracts do people + voluntarily enter into? + - And locality--who better to keep keys secure than the + owner? Anything that transfers blame to "the banks" or to + "society" breaks the feedback loop of responsibility, + provides an "out" for the lazy, and encourages fraud + (people who disavow contracts by claiming their key was + stolen).