From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: bdf339b2c738aaf29a0613cc77e972348526e826ce5b9e46e04f9bd810b30f41
Message ID: <199408291900.MAA08729@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-08-29 19:01:13 UTC
Raw Date: Mon, 29 Aug 94 12:01:13 PDT
From: Hal <hfinney@shell.portal.com>
Date: Mon, 29 Aug 94 12:01:13 PDT
To: cypherpunks@toad.com
Subject: Problems with anonymous escrow 1
Message-ID: <199408291900.MAA08729@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
There has been some discussion here about how anonymity/pseudonymity
can be applied to a wider range of relationships. One possibility
that Tim May and others have mentioned is to have escrow agents be
anonymous. (I will use "anonymous" and "pseudonymous" more or less
interchangeably because the former term is more familiar. But I am
really referring to a case where the agents maintain a certain amount
of continuity via secret keys and such.)
(Let me make it clear that I am not arguing that there SHOULD NOT be
anonymous escrow agents. I am questioning whether they are likely to
be viable entities due to the problems I am listing here.)
The obvious problem I see with anonymous escrow agents is that it is
much harder for them to become and stay trustworthy. With an
identified (non-anonymous) agency, you can have a lot of information
on which to base your judgement. You can look at its assets, at its
employees and hiring procedures, at its record. You look at the
jurisdiction in which it operates and judge what protection the legal
system may offer. You can look at other agencies in that jurisdiction
and what their track record has been.
I would guess that most of that information would not be available
from an anonymous escrow agent, at least not in a validated form.
Perhaps some of it could be done with credentials (a blinded statement
from a reputable accounting firm that (this?) escrow agency has assets
of $X). But generally thinking I think it will be very difficult to
get nearly as much high-quality information about an anonymous escrow
agent.
This leaves the possibility of using its public record to judge
trustworthiness. It may be able to offer certified statements (again,
credentials of a sort) from earlier customers to show that it behaved
honestly. Tim has suggested "pinging" such businesses, performing
various dummy transactions to make sure that they are still behaving
honestly. All this can help establish a record, but how well can this
be extrapolated into the future?
One of the problems with anonymity which has no underlying identity
certification is that you are pretty much forced to adopt the stance
that "the key is the identity." Your only channel of communication
with the agent is via its key, and any message signed with that key
has to be assumed to be coming from the agent. There is nothing else.
The problem with this is that keys are not people. People, and
businesses, have a certain continuity, a certain predictability. Keys
do not. A key may change its personality, literally overnight, and
you will not have any warning about this. In an identified business,
if it changes hands, acquires new management, or has some other change
which might lead to new behavior, you generally have some warning
(especially if it is a business which is selling trustworthiness, in
which case it will probably provide customers with an unusual degree
of access to the business's internals.) But with an anonymous
business this is not the case. An escrow agent who has been as steady
as the sunrise for years may, without any warning, become totally
dishonest. Hidden behind the shield of anonymity there is no way for
its customers to discover the change.
What are the motivations for an anonymous escrow agency to stay in
business, to not take the money and run? Legal sanctions would
presumably be ineffective. One proposal is that as long as the
expected future stream of income is worth more than the current value
of all contracts being held by the agent, it is worthwhile for it to
be honest.
There are a couple of problems with applying this. First, it is
necessary to know about how many contracts the agent is holding at one
time. But this will be complicated by the possible desire on the part
of many customers to keep their activities secret (even beyond their
presumed shield of anonymity). So there must always be the worry that
more contracts are in progress than you suspect. This is especially
true when you consider the possibility that other agencies may
secretly be owned by this one.
But more importantly, judging whether a future income stream is worth
more than a present sum depends on knowing the escrow agent's personal
time preferences. Some people like to have their money now, some are
willing to postpone present gratification in favor of future income.
Neither position is inherently right or wrong, but obviously a
customer would feel more comfortable with an agent which favored
future income. And the fact that an agent has been in business a long
time suggests that this is indeed its view - if the agent is stable.
But combine this with the ease with which a key can change its
personality without warning and it suggests that even a long track
record of stability could be fragile. The business is passed from
father to son, it is acquired, it is coerced away, the owner
experiences a change of circumstances due to illness or other
catastrophe, and suddenly the agency has changed. Now, future income
doesn't look so attractive compared to present money. Now, the owners
have an incentive to close the business and (I firmly think the word
applies) cheat their customers.
Again, with an identity-based business these kinds of changes will be
monitored closely by customers. And after a change like this the
customers will be nervous and may go through a period where they don't
fully trust the changed company. But with an anonymous agent there is
no way of knowing when these things happen, and this uncertainty will
constantly threaten the safety of the customers.
Hal
Return to August 1994
Return to “Jason W Solinsky <solman@MIT.EDU>”