From: szabo@netcom.com (Nick Szabo)
Date: Sun, 7 Nov 93 13:38:12 PST
To: cypherpunks@toad.com
Subject: Commercial aspects of digital cash
Message-ID: <199311072137.NAA27470@mail.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Here's my attempt to explain the practical commercial aspects of 
digital cash on imp-interest@thumper.bellcore.com:


Rob Raisch questions digital cash by pointing out the many problems
with issuing credit over the net.  What's missing is that digital 
cash is not credit.  It is cash, unforgeable, signed by a reputable
bank.  The customer cannot obtain such cash without presenting
whatever credentials are necessary to join the bank, and the bank 
takes any risk involved in trusting those credentials.  Cf. Chaum & 
colleague papers for the protocols.  Thus, no physical identity is 
needed by the vendor, just as none is needed for physical cash
purchases.

Thus, 

> 	- Monetary transactions require hard identity to cover risk.

True for credit transactions, untrue for cash.  For customers
without physical identity, the the cash's integrity is verified with 
real-time connection to the issuing bank before the goods are 
delivered (much like credit cards are verified today, except 
that we're checking the signature of the bank that issued the cash,
not the ID of the customer).

> 	- Risk can be offset by charging a fee for each transaction.

The risk of digital cash fraud is much lower than for credit cards, 
ATMs, and even physical cash (which can be forged and stolen much 
more easily than digital cash).

> 	- On the Internet, there is no hard physical identity.

Quite true, and it is also quite impractical to insist, as Mr.
Detweiler does, that the Internet be radically changed to facilitate it.  

It is possible to build up a system of reputation for "soft" identities,
so that digital signatures with unforgeable credentials and/or well
developed credit ratings can be extended limited amounts of
credit, but such a system will take time to develop and get used
to.  I've described a combination offline cash/reputation system which 
gives extremely low rates of fraud, which I can post if there's 
interest, but it's probably better to start off with the online digital 
cash system which also gives very low rates of fraud, is simpler and 
doesn't require any credit ratings for digital signatures.

> 	- Data cannot be protected because it lacks a physical identity.

Not at all true.  Encryption, digital signatures, and variations
of these can be used to protect data in a wide variety of ways,
typically superior to protecting the integrity of physical objects
(photo IDs, cash, etc.).  The difference is that on the net, 
the signature itself becomes an identity with its own reputation.
This requires a change in the way we view commercial credit risk
as we become more at home in the net,  but it is not inherently less 
trustworthy or "subversive" (love ya, Mr. Detweiler) than physical
identity (which is also just based on information, the imperfect
information of our senses, which can be spoofed in various ways).

Keeping mind it is not necessary to trust such signatures
for online digital cash: the customer's identity doesn't matter,
and the bank's signature can be checked online.

Conclusion: Issuing credit over the net is, for the near future, a can 
of worms.  Even just verifying credit entails the high fraud, lack of 
ubiquity, and lack of privacy of credit cards.  Lack of hard identitity, 
thousands of legal jurisdictions criss-crossed by the net, etc. make net 
credit very risky.  Take the trouble to implement digital cash.  With
significant volume it will soon pay for itself in much lower, even very
close to zero, rates of fraud.

Nick Szabo				szabo@netcom.com