eeba1deafd
Chapter 15 unformatted
311 lines
17 KiB
Markdown
311 lines
17 KiB
Markdown
15. Reputations and Credentials
|
|
|
|
15.1. copyright
|
|
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
|
|
1994-09-10, Copyright Timothy C. May. All rights reserved.
|
|
See the detailed disclaimer. Use short sections under "fair
|
|
use" provisions, with appropriate credit, but don't put your
|
|
name on my words.
|
|
|
|
15.2. SUMMARY: Reputations and Credentials
|
|
15.2.1. Main Points
|
|
- "a man's word is his bond"
|
|
- reputations matter
|
|
- the expectation of future interaction/business is crucial
|
|
15.2.2. Connections to Other Sections
|
|
- see section on Crypto Anarchy for why reputations matter
|
|
15.2.3. Where to Find Additional Information
|
|
- very little published on this
|
|
- Bruce Benson's "The Enterprise of Law"
|
|
15.2.4. Miscellaneous Comments
|
|
- this is another "transition" chapter, laying the groundwork
|
|
for Crypto Anarchy
|
|
|
|
15.3. The Nature of Reputations
|
|
15.3.1. The claim by many of us that "reputations" will take care of
|
|
many problems in crypto anarchic markets is disputed by some
|
|
(notably Eric Hughes). To be sure, it will not be a trivial
|
|
issue. Institutions take years or decades to evolve.
|
|
15.3.2. However, think of how often we use reputations: friends,
|
|
books, movies, restaurants, etc
|
|
15.3.3. Reputations and other institutions will take time to evolve.
|
|
Saying "the market will talke care of things" may be true,
|
|
but this may take time. The "invisible hand" doesn't
|
|
necessarily move swiftly.
|
|
15.3.4. "What are 'reputations' and why are they so important?"
|
|
- a vague concept related to degree of believability, of
|
|
trust, etc.
|
|
+ "we know it when we see it"
|
|
- (sorry for the cop out, but I don't have a good
|
|
definition handy....James Donald says studying reputatons
|
|
is "nominalist hot air" [1994-09-02], but I think it's
|
|
quite important)
|
|
+ obvious, in ordinary life, but in the cyberspatial context
|
|
- reputation-based systems
|
|
- escrow, expectations
|
|
- "reputation capital"
|
|
- like book or music recommendations
|
|
- web of trust (is different than just "trust"---tensor,
|
|
rather than scalar)
|
|
+ Actually very common: how most of us deal with our friends,
|
|
our enemies, the books we read, the restaurants we
|
|
frequent, etc.
|
|
- we mentally downcheck and upcheck on the basis of
|
|
experience; we learn
|
|
- Are there examples?
|
|
- Eric's objections
|
|
15.3.5. "How are reputations acquired, ruined, transferred, etc.?"
|
|
+ First, reputations are not "owned" by the person to whom
|
|
they are attached by others
|
|
+ the algebra is tricky...maybe Eric Hughes or one of the
|
|
other pure math types can help straighten out the
|
|
"calculus of reputations"
|
|
- reputations are not symmetric: just because Alice
|
|
esteems Bob does mean the reverse is so
|
|
- reputations are not transitive, though they are
|
|
partially transitive: if Alice esteems Bob and Bob
|
|
esteems Charles, this may cause Alice to be somewhat
|
|
more esteemful of Charles.
|
|
- a tensor matrix?
|
|
- a graph?
|
|
+ Any holder of a reputation can "spend" some of his
|
|
reputation capital
|
|
- in praise or criticism of another agent
|
|
- in reviews (think of Siskel and Ebert "spending" some of
|
|
their reputation capital in the praise of a movie, and
|
|
how their own reptutations will go up and down as a
|
|
function of many things, including especially how much
|
|
the viewing audience agrees with them)
|
|
15.3.6. "Are they foolproof? Are all the questions answered?"
|
|
- Of course not.
|
|
- And Eric Hughes has in the past said that too much
|
|
importance is being invested in this idea of reputations,
|
|
though many or even most of us (who comment on the matter)
|
|
clearly think otherwise.
|
|
- In any case, much more study is needed. Hal Finney and I
|
|
have debated this a couple of times (first on the
|
|
Extropians list, then a couple or more times on the
|
|
Cypherpunks list), and we are mostly in agreement that this
|
|
area is very promising and is deserving of much more
|
|
thought--and even experimentation. (One of my interests in
|
|
crypto simulations, in "protocol ecologies," is to simulate
|
|
agents which play games involving reputations, spoofing,
|
|
transfers of reputations, etc.)
|
|
15.3.7. Reputations have many aspects
|
|
+ the trading firm which runs others people's money is
|
|
probably less "reputable" in an important sense than the
|
|
trading firm in which partners have their own personal
|
|
fortunes riding....or at least I know which one I'd trust!
|
|
- (But how to guarantee one isn't being fooled, by a spoof,
|
|
a sham? Hard to say. Perhaps the "encrypted open books"
|
|
protocol Eric Hughes is working on will be of use here.)
|
|
|
|
15.4. Reputations, Institutions
|
|
|
|
15.5. Reputation-Based Systems and Agoric Open Systems
|
|
15.5.1. Evolutionary systems and markets
|
|
+ markets, emergent order, Hayek, connectionism
|
|
- many related ideas...spontaneous order, self interest,
|
|
agents, etc.
|
|
+ a critique of "blind rationalism"
|
|
- or hyperrationalism, the idea that a form model can
|
|
always be found
|
|
- order can develop even in anonymous systems, provding
|
|
certain types of contacts are established, certain other
|
|
things
|
|
15.5.2. shell games...who knows what?
|
|
15.5.3. key is that would-be "burners" must never know when they are
|
|
actually being tested
|
|
- with devastating effects if they burn the tester
|
|
+ example: how to guarantee (to some degree of certainty)
|
|
that an anonymous bank is not renegging (or whatever)?
|
|
- e.g., a Swiss bank that denies knowledge of an account
|
|
- key is that bank never know when a withdrawal is just a
|
|
test (and these tests may be done frequently)
|
|
- the importance of repeat business
|
|
15.5.4. another key: repeat business....when the gains from burning
|
|
someone are greater than the expected future business.....
|
|
15.5.5. reputations are what keep CA systems from degenerating into
|
|
flamefests
|
|
- digital pseudonyms mean a trail is left, kill files can be
|
|
used, and people will take care about what they say
|
|
- and the systems will not be truly anonymous: some people
|
|
will see the same other people, allowing the development of
|
|
histories and continued interactions (recall that in cases
|
|
where no future interaction is exected, rudeness and
|
|
flaming creeps in)
|
|
+ "Rumormonger" at Apple (and elsewhere) always degenerates
|
|
into flames and crudities, says Johann Strandberg
|
|
- but this is what reputations will partly offset
|
|
15.5.6. "brilliant pennies" scam
|
|
15.5.7. "reputation float" is how money can be pulled out of the
|
|
future value of a reputation
|
|
15.5.8. Reputation-based systems and repeat business
|
|
+ reputations matter...this is the main basis of our economic
|
|
system
|
|
- repeat business....people stop doing business with those
|
|
they don't trust, or who mistreat them, or those who just
|
|
don't seem to be reputable
|
|
- and even in centrally-controlled systems, reputations
|
|
matter (can't force people to undertake some relations)
|
|
- credit ratings (even for pseudonyms) matter
|
|
- escrow agents, bonding, etc.
|
|
- criminal systems still rely on reputations and even on
|
|
honor
|
|
- ironically, it is often in cases where there are
|
|
restrictions on choice that the advantages of reputations
|
|
are lost, as when the government bans discrimination,
|
|
limits choice, or insists on determining who can do
|
|
business with who
|
|
+ Repeat business is the most important aspect
|
|
- granularity of transactions, cash flow, game-theoretic
|
|
analysis of advantages of "defecting"
|
|
- anytime a transaction has a value that is very large
|
|
(compared to expected future profits from transactions,
|
|
or on absolute basis), watch out
|
|
- ideally, a series of smaller transactions are more
|
|
conducive to fair trading...for example, if one gets a
|
|
bad meal at a restaurant, one avoids that restaurant in
|
|
the future, rather than suing (even though one can claim
|
|
to have been "damaged")
|
|
- issues of contract as well
|
|
|
|
15.6. Reputations and Evolutionary Game Theory
|
|
15.6.1. game of "chicken," where gaining a rep as tough guy, or king
|
|
of the hill, can head off many future challenges (and hence
|
|
aid in survival, differential reproduction)
|
|
|
|
15.7. Positive Reputations
|
|
15.7.1. better than negative reputations, because neg reps can be
|
|
discarded by pseudonym holdes (neg reps are like allowing a
|
|
credit card to be used then abandoned with a debt on it)
|
|
15.7.2. "reputation capital"
|
|
|
|
15.8. Practical Examples
|
|
15.8.1. "Are there any actual examples of software-mediated
|
|
reputation systems?"
|
|
- credit databases...positive and negative reputations
|
|
15.8.2. Absent laws which ban strong crypto (and such laws are
|
|
themselves nearly unenforceable), it will be essentially
|
|
impossible to stop anonymous transactions and purely
|
|
reputation-based systems.
|
|
- For example, Pr0duct Cypher and Sue D. Nym will be able to
|
|
use private channels of their own choosing (possibly using
|
|
anonymous pools, etc.) to communicate and arrange deals. If
|
|
some form of digital cash exists, they will even be able to
|
|
transfer this cash. (If not, barter of informations,
|
|
whatever.)
|
|
- So, the issues raised by Hal Finney and others, expressing
|
|
doubts about the adequacy of reputation capital as a
|
|
building block (and good concerns they are, by the way),
|
|
become moot. Society cannot stop willing participants from
|
|
using reputation and anonymity. This is a major theme of
|
|
crypto anarchy: the bypassing of convention by willing
|
|
participants.
|
|
+ If Alice and Bob don't care that their physical identies
|
|
are unknown to each other, why should we care? That is, why
|
|
should society step in and try to ban this arrangement?
|
|
- they won't be using "our" court systems, so that's not an
|
|
issue (and longer term, PPLs will take the place of
|
|
courts, many of us feel)
|
|
- only if Alice and Bob are counting on society, on third
|
|
parties to the transaction, to do certain things, can
|
|
society make a claim to be involved
|
|
- (A main reason to try to ban anonymity will be to stop
|
|
"bad" activities, which is a separate issue; banning of
|
|
"bad" activity is usually pointless, and leads to
|
|
repressive states. But I digress.)
|
|
15.8.3. Part of the "phase change": people opt out of the permission-
|
|
slip society via strong crypto, making their own decisions on
|
|
who to trust, who to deal with, who to make financial
|
|
arrangements with
|
|
+ example: credit rating agencies that are not traceable, not
|
|
prosecutable in any court...people deal with them only if
|
|
they think they are getting value for their money
|
|
- no silly rules that credit rating data can "only" go back
|
|
some arbitrary number of years (7, in U.S.)...no silly
|
|
rules about how certain bankruptcies "can't" be
|
|
considered, how one's record is to be "cleared" if
|
|
conditions are met, etc.
|
|
- rather, all data are considered....customer decides how
|
|
to weight the data...(if a customer is too persnickety
|
|
about past lapsed bills, or a bad debt many years in the
|
|
past, he'll find himself never lending any money, so the
|
|
"invisible hand" of the free market will tend to correct
|
|
such overzealousnesses)
|
|
+ data havens, credit havens, etc. (often called "offshore
|
|
data havens," as the current way to do this would be to
|
|
locate in Caymans, Isle of Man, etc.)
|
|
- but clearly they can be "offshore in cyberspace"
|
|
(anonymous links, etc.)
|
|
|
|
15.9. Credentials and Reputations
|
|
15.9.1. debate about credentials vs. reputations
|
|
- James Donald, Hal Finney, etc.
|
|
- (insert details of debate here)
|
|
15.9.2. Credentials are not as important as many people seem to think
|
|
- "Permisssion slips" for various behaviors: drinking age,
|
|
admission to movie theaters, business licenses, licenses to
|
|
drive taxicabs, to read palms (yes, here in Santa Cruz one
|
|
must have a palm-reading license, separate from the normal
|
|
"business license")
|
|
+ Such credentials often are inappropriate extensions of
|
|
state power into matters which only parents should handle
|
|
- underage drinking? Not my problem! Don't force bars to be
|
|
babysitters.
|
|
- underage viewing of movies? Ditto, even more so.
|
|
15.9.3. Proving possession of some credential
|
|
|
|
15.10. Fraud and False Accusations
|
|
15.10.1. "What if someone makes a false accusation?"
|
|
- one's belief in an assertion is an emergent phenomenon
|
|
+ assertion does not equal proof
|
|
- (even "proof" is variable, too)
|
|
- false claims eventually reflect on false claimant
|
|
15.10.2. Scams, Ponzi Schemes, and Oceania
|
|
+ Scams in cyberspace will abound
|
|
- anonymous systems will worsen the situaion in some ways,
|
|
but perhaps help in other ways
|
|
- certainly there is the risk of losing one's electronic
|
|
cash very quickly and irretrievably (it's pretty far gone
|
|
once it's passed through several remailers)
|
|
- conpersons (can't say "con men" anymore!) will be there,
|
|
too
|
|
+ Many of you will recall the hype about "Oceania," a
|
|
proposed independent nation to be built on concrete
|
|
pontoons, or somesuch. People were encouraged to send in
|
|
donations. Apparently the scheme/scam collapsed:
|
|
+ "It turned out to all be a scam, actually. The key
|
|
people involved, Eric Kline and Chuck Geshlieder,
|
|
allegedly had a scheme set up where they repeatedly paid
|
|
themselves out of all of the proceeds." [anonymous post,
|
|
altp.privacy, (reprint of Scott A. Kjar post on
|
|
Compuserve), 1994-07-28]
|
|
- or was it Eric Klein?
|
|
|
|
15.11. Loose Ends
|
|
15.11.1. Selective disclosure of truth
|
|
- More euphemestic than "lying."
|
|
- Consider how we react when someone asks us about something
|
|
we consider overly personal, while a friend or loved one
|
|
may routinely ask such questions.
|
|
- Is "personal" the real issue? Or is that we understand
|
|
truth is a commodity with value, to be given out for
|
|
something in return?
|
|
- At one extreme, the person who casually and consistently
|
|
lies earns a poor reputation--anyone encountering them is
|
|
never certain if the truth is being told. At the other
|
|
extreme, the "always honest" person essentially gives too
|
|
much away, revealing preferences, plans, and ideas without
|
|
consideration.
|
|
- I'm all for secrets--and lies, when needed. I believe in
|
|
selective disclosure of the truth, because the truth
|
|
carries value and need not be "given away" to anyone who
|
|
asks.
|
|
15.11.2. Crytography allows virtual networks to arrange by
|
|
cryptographic collusion certain goals. Beyond just the
|
|
standard "cell" system, it allows arrrangements, plans, and
|
|
execution.
|
|
- collecting money to have someone killed is an example,
|
|
albeit a distasteful one
|