From: rah@shipwright.com (Robert Hettinga)
Date: Tue, 16 Aug 94 07:42:39 PDT
To: cypherpunks@toad.com
Subject: Re: In Search of Genuine DigiCash
Message-ID: <199408161439.KAA10429@zork.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain



At 11:06 PM 8/15/94 -0700, Mike Duvos wrote:

>The problem with practical digital cash lies not in the
>mathematics, but in the financial and legal arenas.  It is very
>difficult to convince a real financial institution with deep
>pockets to underwrite a potentially unlimited liability for
>itself.  I suspect that for the forseeable future, digital cash
>will take the smartcard route, and that money which can
>anonymously traverse cyberspace in large denominations will not
>be forthcoming.

I've been thinking about this a little. First of all, I'm not sure what the
big unidentifiable risks are, except for the technological risk of the
cryptography.  I'm willing to take it on faith that the risk is acceptable.
There's too much science out there to back up the proposition that ecash
is technologically sound and does everything it's supposed to do.

That leaves the financial, political and business risks of underwriting ecash.

A piece of ecash is basically a callable bond. This issuer is "loaning" the
internet the money to be used as a medium of exchange. The issuer gets to
keep the interest accrued on that money while the ecash is in circulation.
The underwriter looses money if the duration, and thus the total return, of
his portfolio of ecash is less than the total return of the principal he's
holding in escrow (real escrow, not pseudoescrow like clipper keys). In
other words, he takes principal backing up the ecash and puts it into other
financial instruments which make him a return. Safer things like bank
accounts, t-bills, or other bonds, and probably not stocks. When the ecash
comes back, it's like a bond is called, and the issuer has pony up the
principal. He then has to unwind a piece of his offsetting portfolio,
incurring transaction costs and losing whatever future income those
investments might yield.  This is usually figured out in advance, and these
tests of a portfolio manager predictive ability are what make or break his
career.  If you think that the duration of a piece of ecash on the net is
say, 3 months, and it's 3 days, and you've invested on those assumptions,
you could get hammered. You've bought longer term instruments which are
more volatile but yeild more on a total return basis. If you thought that
the ecash duration was 3 days and it stayed out there 3 months, you've left
a lot of money on the table (relatively speaking), which means you have
higher exchange fees to pay for it, and also means that a competitor that
doesn't make the same mistake can beat your price.

As we just saw, exchange fees are one way to hedge against the call risk.
The issuer charges fees for moving the money on and off of the internet. In
theory, if the fees are high, the money may never come back, and stay in
circulation forever. In reality, if fees are too high, nobody will buy your
ecash in a market which is the least bet competitive.

None of this stuff is any riskier than what an average bond portfolio
manager and his trading team does everyday.

A good book to read on this is "Fixed Income Mathematics", by Frank
Fabozzi, Probus Press, 1993. Fabozzi edits the handbooks that fixed income
and derivatives people learn their business from.  This book is built to
write code from.

Next, there are the legal, regulatory and political risks.  Perry has said
a lot about this already, but to hold up the other side of the argument, I
think that if a significant financial incentive exists with the existence
of an ecash market, then the political risks will be dealt with.
International regulatory arbitrage, the revolving door for personnel of the
regulators and the regulated, and plain old campaign "contributions" will
see to that.

Finally, the business risk of selling the concept of ecash to the users of
the internet. I've spoken many times here about the difficulty I've had in
finding things that give e-cash a market advantage over other forms of e$.
These include, but are not limited to: encrypted credit card transactions,
trusted third-party cash clearing, and even swiping an ATM card into the
access screen of an ATM/Internet gateway. Then Tim comes up with a nifty
list off the top of his head just this week.  I love this place...

However, as I've said before, the only real way to find this out is to put
up a demo and try it out.  The costs for a large money-center bank aren't
really that much.  It looks like DigiCash BV is working as fast as they can
on a legitimate net-wide proof of concept, having demonstrated a
point-to-point capability at the WWW conference a little while ago.  This a
good time to be interested in e$ for this alone.

>
>It is also unlikely that faith of financial institutions in
>supposedly unbreakable mathematics has been enhanced by the
>recent one-line fix announced for the DSS.

I don't think this is really a problem. It's just as if somebody had
figured out how to counterfeit money cheaper.  Countermeasures are taken
and it isn't cheap anymore. The neat thing about strong crypto is that it's
strong in spite of public algorithms. People who crack those algorithms
publish their results, or someone else will. The half-life of a hidden
innovation in that kind of environment is pretty small.

The financial markets are living proof that hiding innovation fails. The
ability to exchange people and thus proprietary information between
competitors makes the markets efficient, and all profitable secrets
impossible in the long run. The NSA could keep its innovations secret
because it couldn't share its information with its competitors. It was very
illegal for *anyone* to go to work for the KGB, much less anyone from Ft.
Meade. Strong crypto evolved anyway because the NSA couldn't prevent the
open discussion of the ideas that lead up to it. Paradoxically, it was this
unhidden innovation, the use of the public algorithm, which made the most
secure crypto in history possible.

>
>Still, I look forward to the first person brave enough to attach
>a hard currency value to anonymous cyberbucks.  It may actually
>make hacking a worthwhile pursuit again.

Because of the way the financial markets work these days, there may or may
not be a Columbus (like Mike Milken, who was just as rapacious as Columbus
ever was), but it's the Columbian Exchange that we're more interested in
here, and I think that's happening now, Columbus or not.

Robert Hettinga

-----------------
Robert Hettinga  (rah@shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923