From: nobody@rosebud.ee.uh.edu
Date: Wed, 18 Aug 93 00:00:53 PDT
To: cypherpunks@toad.com
Subject: Physical to digital cash, and back again
Message-ID: <9308180700.AA20607@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> A simpler variation...
> Customer sends cash or money order to digital bank, along with a floppy
> with an anonymous email address (via a remailer) and a public key.  

For any real business, the customer comes from the 99.99% 
of the population that are not hacker/cypherpunks, not the one or two 
dozen people who are.  These protocols aren't at all simple for the 
customer, unless the vendor (the same or another vendor) provides some 
free software on the net or by mail to automate the process (eg PGP with 
a user-freindly shell for generating the key, and a script for creating 
an anon e-mail address).  But then we have several steps:
	(1) customer reads ad about cool net.service
		(a) they contact directly (but this ruins privacy)
		(b) they contact independent distributor of
		PGP key and anon-remail address generating software.
		(but how does customer trust _them_?)
	(2) vendor sends key & address generators (via e-mail or floppy),
	and physical-mail-security instructions
	(3) customer sends in money order (from mail drop or without
	return address!) along with chosen anon e-mail address and public 
	key.
	(4) vendor sets up account and e-mails the d-cash.
	(5) we still need a physical mail drop or bearer bank
		account for withdrawals, refunds, etc. of physical cash.

Pretty exhausting for the typical service industry.  Most customers
will pick the service that's easier to sign up for, even if some
ivory-tower critics criticize its security.  Security and privacy
are very easy to hype, but often difficult to prove to the layman,
who doesn't know or care about the math.  Digressing a bit,
we could use some sort of independent (not government-run please!)
certification company, which takes (perhaps in alliance with
liability insurance providers) responsibility for examining the 
service's computer programs and protocols and giving out "privacy ratings".
Secure vendors could then use "Whit Diffie certified, top privacy
rating" in their ads.

Also, the issue of which parts of these schemes are *legal*
is critical, but being completely overlooked.  Any lawyers
out there with comments on this?  The best protocols for legal and
illegal operations may be very different, legality of digital cash
will vary between jurisdictions, etc.  And what about
certifying agencies that call a protocol "insecure" 
simply because it supports activities illegal in their jurisdiction, 
not for any reasons of physical or software privacy?
The cases of illegality and physical/software security are
both important risk factors for the vendor, customers, and
liability insurers to consider, but ratings for each should
be quite distinct.

But this discussion is too abstract. We need a real, visceral example.
The enclosure below illustrates some of the some legal and privacy
issues of a Mom & Pop BBS operation in the pre-d-cash era.  This
service could use some privacy -- it's an on-line football game 
with a $35 sign-up fee and cash "prizes."  I don't know whether or not
it's legal for the vendor, but it's certainly illegal for a significant 
subset of potential net.customers.  There will be thousands of these 
little on-line services springing up in the near future, if there 
aren't already.  The BBS# is area code (802), but I've lost the rest 
of it, sorry.  You can call their voice# toll-free for more info.

      Sports Spectrum Ltd. (800) 639-3719 (voice)

                        -----------------------------
                        P R I V A C Y     N O T I C E
                        -----------------------------

   Pursuant to the Electronic and Communications Privacy Act of 1986,  18
   USC 2510 et. seq., Notice is Hereby Given that There are NO FACILITIES
        PROVIDED BY  THIS SYSTEM for SENDING or RECEIVING PRIVATE OR
   CONFIDENTIAL ELECTRONIC COMMUNICATIONS. ALL Messages Shall be Deemed to
                be Readily Accessible to the General Public.

   Do NOT Use this System for ANY Communication for Which the SENDER
   Intends ONLY the Sender and the Intended Recipient(s) to read.  Notice
   is Herby Given that ALL Messages Entered into this System CAN and MAY
       Be READ by the Operators of this System, WHETHER OR NOT they
                       are the Intended Recipient(s).

         By Your Use of this System, You Agree to HOLD HARMLESS the
   Operators Thereof  Against  ANY  and ALL CLAIMS Arising Out of Said Use
                        NO MATTER THE CAUSE OR FAULT.
                                                                         ]
....

Please remember that this password is protecting yourself against the
unauthorized use of YOUR credit card. Please take all necessary precautions
to guard it.  Since all communications between customers and Sports Spectrum
Ltd. occur via computer-to-computer, the password is the only way for Sports
Spectrum Ltd. to verify that it is actually you on the other end of the
phone connection.  Gaining access to Sports Spectrum Ltd.'s service by
invoking your password at logon time implicitly authorizes the use of your
credit card to pay for any subsequent purchases during that particular
session.                                            

-----------------------