1994-08-28 - Re: Cash, cheaters, and anonymity

Header Data

From: rah@shipwright.com (Robert Hettinga)
To: cypherpunks@toad.com
Message Hash: 5fb802ced185bc2d09b419b3e30b7edd60d70f505a6e18a113072a5dc1f43198
Message ID: <199408280516.BAA15343@zork.tiac.net>
Reply To: N/A
UTC Datetime: 1994-08-28 05:16:40 UTC
Raw Date: Sat, 27 Aug 94 22:16:40 PDT

Raw message

From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 27 Aug 94 22:16:40 PDT
To: cypherpunks@toad.com
Subject: Re: Cash, cheaters, and anonymity
Message-ID: <199408280516.BAA15343@zork.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain

At  4:43 PM 8/27/94 -0700, Anonymous User wrote:

>If there are hundreds of thousands of vendors on the net, a situation
>CommerceNet predicts before the end of the decade, and they are using
>this offline protocol, then even with small transactions the fraud
>could run into the millions of dollars.

Fallacy of Composition. If every vendor pays a few hundredth of a cent to
that million it's a cost of doing business. The number I had thrown at me
for credit card fraud is 3%. That's a monstrous amount of money if you saw
it one place. You don't see the credit card companies the banks getting out
of the business, do you? You don't see sellers who accept AMEX or Visa
refusing to accept those cards? The userous fees and reserve requirements
against the vendor's own fraud cause some vendors to pull out, but the cost
of outright credit card fraud to vendors and banks is, while noticible, not
a deal-killer as far as they're concerned.

>  There's plenty of incentive
>for Irving to steal Jane's coins, run off to some place on the net
>that has no extradition treaty, and pump good change out of the
>vendors and into his Lichtenstein account to his heart's content.

And then Irving's spouse-equivalent Sam catches Irving in bed with another
guy and rats on him to the police in a fit of jealous rage. Or Irving
spends too much money in the wrong place and gets ratted on, or a
competitor rats on him, as criminals are wont to do upon each other, or
Lichtenstein, who does so much business with tax evaders that they don't
Really Want to Besmirch their Name with Mere Criminals, decides to finger
Irving. Or, maybe, just maybe, Irving has to make a living and, in order to
keep his spouse-equivalent in the style to which he's become accustomed,
repeats himself one too many times. Thus Dick, a detective, sends him to
jail the old fashioned way. With police work.

>We may yet find protocols to mitigate or limit this kind of fraud --
>make change traceable if linked to double spending, do random
>online checks as a cypherpunks poster suggested last year, or
>similar precautions layered on top of the basic protocol.
>But so far these problems haven't been put on the front burner
>of digital cash design, and already we have people out there selling
>offline cash on the network as a superior solution!

God knows (she told me last night she knows :-)) that no system by itself
is superior. As Hal(?) said here recently, expect a mix of systems.
However, please note that any offline system where the receiver of cash
runs right to the underwriter and cashes out is a defacto online system,
without the cost of a live link. And, yes Virginia, offline cash is a
superior network solution because it's just plain cheaper.  You don't need
to keep a bank wired in, you don't need all the other costs (I should just
bind the list to a key and paste them in) you get with online systems.

>Reliance on law enforcement flies in the face of
>cypherpunk goals, and indeed against the goals of good cops
>as well -- one of their most vocal complaints is about
>people setting up systems that are vulnerable to crime, putting
>them in unecessary danger.

One should rely on law enforcement to the extent that it creates privacy.
If you can call a cop and he throws a mugger in jail, and you can go about
your business otherwise, that's cool.  If you can shoot the mugger when he
tries to shoot you, it's messy but it's cool.  If there's a way to deal
with preventing accidental double spending, or indemnifying those victims
of accidental double spending, that's cool. If it takes a cop to slap a few
frauds in jail for deliberate double spending, that, too, is also cool.

>It also goes against political reality to think that a startup
>operation can lobby governments all across the globe to protect
>a system that is ideal for money laundering and tax evasion.
>Ain't gonna happen -- they'll let those "dirty money banks
>and money laundering net sites" rot; they may even give
>Irving a helping hand.

You don't have to lobby governments all over the globe. You just get them
to enforce their own laws about theft. Let's see, in Tehran, it's your left
hand for the first offense... Uh, I hate to break this to you, but startups
do this all the time.  With enough success that a business will do it the
next time if the crime happens twice, I might add.

As far as Binky, the Third Horse of the Apacolypse (otherwise known as as
the Illegal Drug Trade), that's a tough one....Hey, I got it! Let's charge
them with money laundering!  Wow, I'm surprised I thought of *that* one...

>I disagree that "there is no excuse" for double spending.  If
>the software is implemented badly (no fault of the user),
>it might get mixed up with systems programs in such a way as
>to cause double spending.

Cool. Should be caught before it gets out of hand, probably in prototyping,
seing as how "double spending" is the semantic bug highest on the wanted
list once the app comes up without barfing, I bet. If not in beta testing.
Maybe even once it's gone out there; not much by then.  The point is, look
at bug occurance distributions in any development process and tell me what
the chances of this particular kind of bug poping up once a piece of code
has gone into production. Homeopathy doesn't even play with percentages
that small...

>For example, if the system crashes
>and one must recover from a month old backup, one has to
>go through that old purse and determine which coins have been
>spent.  If the software and/or user makes a mistake in this
>process, we get double spending.  If a network burps and
>sends a vendor two coins where there should have been one,
>we get double spending.

Then, the purchaser is probably legally bound to run those notes through
the underwriter to find out if they've been spent. If the network burps,
you say "excuse you" and if the money bounces and nobody's tried to spend
it twice on purpose, the "trade" will just "DK" (don't know) until it
settles on it's own. Typically, this means sending a notice to the person
who spent the money twice so he knows to expect a call from a redeemer who
got burned. If that doesn't happen, Burp Over, Man...

>In the online system the consequences of double spending
>(or million spending) are far more benign.  At worst
>one customer is out stolen coins.  In a networked offline
>system those same few coins are a potential loss for
>every vendor on the net.  As Tim May
>noted, we may not even need to recongize fraud in online
>cash -- just treat all online double spending as accident.
>No bonding, secured accounts, investigators, ID badges
>or cops with guns busting down Janes's door after
>Iriving has million-spent her coins.  Here we both have
>a simple liability system and much less chance of fraud.

The reason that you want an offline system is that you can point to point
clearing of transactions without the involvement of a third party like a
bank.  A third party you have to pay at the very least, a party you have to
develop a sophisticated and costly relationship with at most, and at the
very most a party you have to invent outright down to the protocols for
working with them.

With an offline system, you have an underwriter, a means to convert money
on and off the net into real money somewhere, the buyer, and the seller.
Only two of whom are necessary at any one time to effect a transaction.  In
other words, it can happen now and it doesn't presuppose a clusterfuck
infrastructure (no anger intended there, I'm going to propose "clusterfuck"
as an official jargon word here real soon now) which is too contingent to
be compilable, much less economical, right now.

>Tim May also suggested that most offline protocols are
>intended for manually used smart cards.  This makes sense --
>unlike an network environment with automated spending agents,
>the scope of multi spending for manually used pruchases
>in small amounts is quite limited.  On the network even
>fraud of a few cents per transaction can quickly add
>up to big $$$ across thousands of vendors.

The point in the entire above section is "thousands of vendors".  Again,
the fallacy of composition. Bob, a Buffalo, ;-) is becoming extinct, in
other words. Becoming extinct is not something one buffalo can do. A few
cents per transaction doesn't show up as a big deal to one vendor, to the
underwriter, it's at the very least a pain in the ass, and worth calling
the cops about, even if the people bringing in that double spent cash don't
really care much.  You forget also that the point of concentration of all
this fraud is the underwriter. Since you have the miscreant identified, nym
or not, they you can sick our friend Dick, noted above, onto the case.

>What are the communications costs of online clearing anyway?
>Don't credit card clearings cost about two cents per transaction
>these days?  If clearing costs are less than plausible offline cash
>fraud and fraud prevention costs, online cash is a winner,
>both now and increasingly in the future as bandwidth becomes
>even cheaper.

Yes, when we all have Dark Fiber, and all is valhalla, online transactions
will be Virtually Frictionless. (Sounds sexual, doesn't it? I bet it is, at
that...) In the meantime, offline digital cash works now. Or at least it's
claimed to work now, by most people on this list.  All we need to do is try
it out.

>-- An Unauthenticated Agent with no credentials: whizzywig

My, that was fun. Sorry for attacking you so vociferously, but I don't know
who you are... ;-). Somehow, I feel I can get away with it. Not fair at
all, I'm sure.

Robert Hettinga  (rah@shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923