1996-03-15 - Re: Kid Gloves or Megaphones

Header Data

From: Hal <hfinney@shell.portal.com>
To: eric@remailer.net
Message Hash: a44d9e400252dfe239f3cec92de168c2fdbeebada54c4fd487bcd4906048aebe
Message ID: <199603141818.KAA16974@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1996-03-15 03:06:53 UTC
Raw Date: Fri, 15 Mar 1996 11:06:53 +0800

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Fri, 15 Mar 1996 11:06:53 +0800
To: eric@remailer.net
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <199603141818.KAA16974@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: eric@remailer.net (Eric Hughes)
> The situation is thus.  Ian Goldberg et al. have developed a protocol
> for simultaneous payer and payee anonymity.  It appears to be novel,
> albeit not entirely unanticipated.  The protocol works with the
> existing bank signing oracle and could interoperate with Mark Twain's
> current system.
> [...]
> It is foolishness itself to deceive a public which is substantially in
> favor of the program of complete privacy.  We must appeal to the
> public that finally will decide, not to some officials today who have
> power and tomorrow who will not.  Clipper itself was not defeated by
> constructive engagement with the Clinton wiretap administration.
> Clipper was defeated by a general call to arms.
> 
> Therefore, shout out to the world that payee anonymity is possible with
> ecash(TM)!

As is well known, Chaum has been saying that one of the good features of
ecash (from the point of view of regulators and law enforcement) is that
payee anonymity is not supposed to be possible.  This means that if
someone sets up a shop to sell something illegally, they can be caught.
(I suspect that is at least part of the reason why you have to fill out a
multi page form to open an ecash account, so they have enough information
to arrest you if you break the law.)

It also means that various kinds of crimes would be prevented as well,
such as theft of funds or extortion.  Imagine that someone starts
lobbing mailbombs at the cypherpunks list, and demands a payment of $1
a week from each subscriber to keep him from doing it, said payments to
be posted to some newsgroup encrypted with a specified PGP key.  Right
now he could be caught when he tries to deposit his ill-gotten riches.
But with payee anonymity that could be avoided.

As a remailer operator I unfortunately see more of the seamy side of
anonymity than most people.  I do think there are people who will take
advantage of this technology in harmful ways.  So payee anonymity will
certainly make life more interesting.

However, Mark Twain Bank presumably went into this business with the
expectation that they were providing a non-payee-anonymous payment
system.  They have already shut down at least a couple of merchants who
were selling materials not to MTB's taste.  So if they find out that they
are now providing the perfect payment system for criminals, I would not
be surprised to see them suspend the ecash trial and demand that Chaum
redesign the system to truly make it non-anonymous for payees, if that is
possible.

So while I admire Eric's ethical concern about making relevant
information about the properties of ecash available, it is also important
to understand the possible outcome.

One thing I notice that was missing from Eric's posting was a description
or reference to exactly how the payee anonymity is achieved.  Is it his
intention to tell people that it is possible, yet to keep secret how it
is done?  This way there might be a debate about the desirability of full
anonymity, while not actually putting these tools into the hands of those
who would misuse them.  And it might lessen the chance of precipitate
action by MTB and other ecash issuers.

But on the other hand it's not clear that keeping it secret is possible
or desirable.  A full discussion of the issue will require
understanding of technical aspects.  How effective is the payee
anonymity?  How about a timing/amount coincidence attack, where
payments of X dollars to anonymous person A are always followed a few
moments later by deposits of X dollars to account B?  Does the payee
need to trust a "broker" who serves as an intermediary with the bank?
Is there any way the bank can distinguish a payee-anonymous deposit
from a normal one, and are there any countermeasures the bank could
take to prevent payee anonymity?  These questions would seem to require
understanding of how the scheme works.

Also, there were a number of postings a few months ago by people who had
ideas about how payee anonymity could be done.  They mostly had drawbacks
and may not be as nice as what Ian has come up with, but could perhaps
serve as a starting point for re-creating something similar to Ian's
ideas.  So keeping it secret may not be a practical possibility.

Hal





Thread