1994-08-28 - Cash, cheaters, and anonymity

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: Hal <hfinney@shell.portal.com>
Message Hash: 71cf1e072536fea1354f021a38c8636b396908145939968d451efc0a8f65e064
Message ID: <199408281953.MAA07945@netcom14.netcom.com>
Reply To: N/A
UTC Datetime: 1994-08-28 19:54:08 UTC
Raw Date: Sun, 28 Aug 94 12:54:08 PDT

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 28 Aug 94 12:54:08 PDT
To: Hal <hfinney@shell.portal.com>
Subject: Cash, cheaters, and anonymity
Message-ID: <199408281953.MAA07945@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



(As I said in another post, Netcom has a seriously broken mail system.
Sorry for the delays.)

I'll try to only respond to a few of Hal's good points, so as not to have
too long a post here. His points are elided unless included.

>Tim has made a lot of good points, and I'll only try to respond to a few:
>
>>NEGOTIATED PROTOCOLS TO REDUCE RISKS
>
>>However, just as most folks make arrangements with their bank/ATM machines
>>(semantic meaning #2 of "ATM") to limit cash withdrawals to, say, $200 a
>>day (it varies), so too can digital cash arrangements make similar
>>contractual deals to limit losses. Some possible plans:
>
>>* Plan A: The protocol insists on retinal scan or other biometric
>>authentication between the "smartcard" used as the cryptographic keying
>>device and the putative owner. The "Thunderball" plan. (issues: preserving
>>anonymity with biometric authentication, spoofing of the channel between
>>card and physical apparatus, theft of smartcard, etc.)
>
>In Demolition Man, Wesley Snipes plucks the eyeball out of the victim to
>hold it up to the retinal scanner and escape.  Hacked-off thumbs may provide
>similar workarounds for fingerprint protection.  Maybe what we want is

Yep. part of the reason I dubbed it the "Thunderball" plan: in that movie,
almost 30 years ago, a stolen nuclear weapon is armed by spoofing the
retinal scanner with a stolen eyeball (or maybe it was fake contact
lenses...it's been awhile). Given the stolen nukes theme, it's amazing that
the debate has shifted so little in 30 years. (ObCrypto links: Gus Simmons,
who most of you should know about via his "Contemporary Cryptology" book
and his work on subliminal messages, was the *main guy* on the "Permissive
Action Links" (PALs) used to secure American nukes. I asked Whit Diffie, a
close friend of him, if it was true that Simmons and others leaked security
info to the Soviets to help them to secure their own nukes against
unauthorized use...apparently they did, with the approval of the U.S.
government.)

...
>I think this is where the tamper-proof wallet idea comes from; it is the
>closest anyone has come to providing truly conserved digital cash.  With
>such a system you can get the benefits of on-line clearing even in the off-
>line environment, just as people will accept cash today without taking it
>to the bank first.

As I remember the observer protocol (Chaum's "Scientific American" article,
August of 1992, as I recall), a trusted manufacturer is needed.
Tamper-resistant modules, etc. This still allows spoofing. I know that
off-line clearing, in which I get my money at some time after the
transaction, is a whole lot less satisfying that receiving confirmation
from my own agents/bankers that the money has already been transferred into
my account.

I agree that various protocols will exist, at various prices, with various
benefits.
..
>I think this is the key point.  All of our speculation about the relative
>advantages of the various forms of cash is largely irrelevant, as long as some
>form of privacy-protecting payments comes into existance.  Then the details
>of the implementations will determine the relative costs and the market
>advantages of each approach.  The hard part will be getting that first cash
>system in place.

Which a free-market person such as Hal agrees with, of course. The market
will ultimately evolve various protocols. Provided that regulations do not
stop certain approaches, of course.

...
>>([...]  My use of the term "claim"
>>here is of the "You present the right number, you get access" kind. Like
>>the combination to a safe. The train locker idea makes this clearer, and
>>gets around the confusion about "digimarks" of "e$" actually _being_ any
>>kind of money it and of itself.)
>
>Dollar bills got their start this way.  At one time they were just "claims"
>on the real dollars in the bank vaults.  Yet most people find it more con-
>venient to think of them as money, even back when you could still turn them
>in for gold.  I think it's useful to think of ecash as being money as well,
>although granted it is money with its own characteristics different in some
>ways from banknotes, checks, or coins.

The plethora of financial instruments, derivative, etc., will be echoed
with digital money (indeed, some existing instruments already overlap with
digital money, albeit not yet of the Chaumian flavor). For example,
traveller's checks evolved to fill a niche for a form of money which could
be "lost or stolen" and yet still be replaced. Don't leave home without it.

Lots of niches exist, and many new ones will be created.

>One thing I think is clear is that off-line cash will not be issued to
>anonymous recipients.  Imagine a magic quarter which would reappear in
>your pocket after you put it into the coke machine.  How many people would
>be willing to resist using it?  That's what you'll have with an off-line
>coin issued to a pseudonym.

We agree. Protocols I've seen make off-line cash problematic. "There is no
digital coin." But on-line cash can be, and hence will be, issued to
anonymous recipients. It's already done, with numbered Swiss bank accounts
(at least in the past), and with the train lockers I mentioned. People put
money in train lockers anonymously, then give the key to others, in
exchange for goods and services (drugs, return of kidnap victims, etc.).



>
>>And as networks get much faster, expect even off-line cash to fade. Depends
>>on costs, insurance rates, benefits, and of course on regulations.
>
>This is probably right, although ironically the infrastructure for off-line
>cash might be simpler.  On-line cash needs 24-hour availability, quick
>(nearly instantaneous) response, a fully automated cash validation system.
>We have this now, with the Visa cards, but it didn't appear overnight.  And
>I doubt that the Internet is a suitable communications medium for it (due
>to reasons of availability, reliability, and security).  Off-line cash could
>be handled with longer turnaraounds in a machine which is not on the net,
>using manual intervention so pass words and such are not stored on-line.
>Of course the disadvantage is that the off-line cash requires identity
>authorization during issuing.

Yes, it requires an infrastructure. But for reasonable-sized transactions,
the few cents for a current VISA transaction would be lost in the noise.
Even if more computations are needed (as they will be, presumably), on-line
transactions will be manageable for the larger transactions. Very small
transactions (buying snacks and newspapers) can be handled off-line. This
is already done, as when people buy "subway cards" that are
semi-tamper-resistant (we all know they aren't, but most people don't try
to diddle them). Ditto for phone cards, parking coupons, etc.

(But why bother with off-line cash for most purposes? Physical cash is
convenient for such things. However, markets will decide.)

>Tim's ideas about escrow agents and a credential-less society are very
>interesting as well and I'll try to make some comments on them later.
>
>Hal

I look forward to hearing these comments. Understand that I wrote that
essay basically off the top of my head, pulling together some ideas that I
think have been pretty obvious for a while. We don't often discuss these
sorts of ideas, preferring (I guess) to correct each other on points of
trivia about the flight range of the A-10 Warthog (;-}). Life on the
Internet.

--Tim May


..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









Thread