From: “Marcel van der Peijl” <bigmac@digicash.com>
To: cypherpunks@toad.com
Message Hash: 1d967cb8f35e1953563bde6eedc6bca0f233842826403c9364278db40f6bbc68
Message ID: <199507271307.PAA21979@digicash.com>
Reply To: N/A
UTC Datetime: 1995-07-27 13:09:35 UTC
Raw Date: Thu, 27 Jul 95 06:09:35 PDT
From: "Marcel van der Peijl" <bigmac@digicash.com>
Date: Thu, 27 Jul 95 06:09:35 PDT
To: cypherpunks@toad.com
Subject: Full text of David Chaum's Congressional speech
Message-ID: <199507271307.PAA21979@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain
Here's the full text of the speech David Chaum gave in his
Congressional hearing. I will also make it available for online
reading on our web server in the publications section.
--- cut here ---
Mr. Chairman, Members of the Committee:
As an American who is regarded as the inventor of electronic cash,
who has worked over the last dozen or so years to make the technology
viable, and who is now CEO of a leading company pioneering in its
commercialization, I am very pleased by the interest being shown
here and to be here today.
We are being forced to decide between two very different kinds of
electronic payment technology. The core values we as a nation have
fought for, and continue to stand for, are at stake. As a
consequence of choosing one of the two directions, these values will
be profoundly eroded; by choosing the other direction, however, they
will be preserved and likely extended. Wise decisions at this
critical juncture may also allow us to avoid certain other pitfalls
and to realize economic leadership and growth.
I think my limited time before you is best used to briefly explain
the fundamentally different approaches to security, before coming to
privacy, privacy technology, and its implications.
Security
Security is simply the protection of interests. People want to
protect their own money and banks their own exposure. The role of
government is to maintain the integrity of, and confidence in, the
whole system. With electronic cash, just as with paper cash today,
it will be the responsibility of government to protect against
systemic risk. This is a serious role that cannot be left to the
micro-economic interests of commercial organizations.
In order for those in government to make informed decisions, it will
be necessary for them to understand the basic ways to secure
transactions in different situations.
One basic form is tamper-resistance, exemplified by the chip in a
chip card. It is designed to be hard to modify or to read secrets
from. Such tamper-resistance is needed for "off-line"
payments--those in which the reader device receiving payment from a
card, validates payments by contacting a central system only at the
end of each day.
(Incidentally, this and the other basic form must rely for security
on cryptography, sometimes refereed to as encryption, which is
fundamental to all information security.)
The other basic form is where the individual uses their own computer,
whether a desk-top, lap-top, or palm-top device. Such "software
only" is all that is needed in an "on-line" system--a system in which
the party receiving payment communicates over a network during each
payment.
The trend is toward a convergence of these two forms into a
hybrid--since people don't want incompatible forms of money and since
it offers the best of both worlds in terms of convenience; in other
words, you will put a chip card into a user-friendly electronic
device of your own choosing, whether on your desk, in your living
room, or in your pocket. I have brought some examples of this to
show you...
The problems I see in the industry today reflect a lack architecture.
And architecture is essential when building infrastructure, which is
what we are embarking on. In my view, a sound architecture must: (i)
include the two basic forms of security, and allow for their
integration into the hybrid; (ii) prevent the vulnerability of
system-wide secrets from being stored in every card or, nearly as
bad, every off-line point of payment; and (iii) address privacy
concerns effectively, since they cannot be addressed as add-ons or
afterthoughts. Today, DigiCash systems are alone in having any of
these three attributes, and their architecture has all three.
Privacy
Let me now turn to this issue of privacy...
A recent Harris poll of the American public began by introducing
respondents to all the consumer benefits of the information
superhighway. Then respondents were told that in order to make such
systems economically viable, payment transaction data would have to
be gathered and used for purposes such as making special offers to
them. But the majority of respondents still objected to any use,
other than consummation of the payment, and they gave privacy as the
primary reason.
Fully 82% of Americans today expressed concern over privacy of
computerized data. That fraction has been growing steadily ever
since the "first wave" of privacy concern was triggered when
Americans saw their names punched into computer cards or printed on
computer generated forms. When people are exposed to the
information superhighway, which provides an awesome glimpse of the
power of modern information technology, with dropping transaction
costs leading to finer granularity of payments (which we will be
hearing more about later), concern will reach new levels.
Privacy Technology
"Privacy technology" allows people to protect their own information,
and other interests, while at the same time it maintains very high
security for organizations. Essentially, it is the difference
between, on the one hand, a centralized system with disenfranchised
participants (like the electronically tagged animals in feedlots);
and, on the other hand, a system where each participant is able to
protect its own interests (like buyers and sellers on a town market
square).
Take ecash as an example of privacy technology. It provides a fully
digital bearer instrument--a number that is itself money, just like a
bank note is money. On the Internet, once someone downloads the
requisite software, which takes only a few minutes, they are ready to
send and receive ecash in payments.
Security of ecash is superior to that of paper cash. If it is
stolen, it cannot be used; if someone refuses to give you a receipt,
you have proof that they deposited it; and if it is lost, you can get
your money and records back. Counterfeiting ecash poses the same
cryptographic challenge as breaking the most sophisticated codes
used to protect nuclear materials, military secrets and large-value
wire transfers. Therefore, ecash is certainly not the target of
opportunity.
Ecash is already being experimented with on the Internet in a
worldwide monopoly money trial with tens of thousands of
participants. Related card technology has been extensively tested,
by DigiCash licensee Amtech, for highway-speed road tolls and road
pricing, offering privacy instead of dossiers on everywhere people
drive. And, CAFE, the European Commission sponsored trial, at its
headquarters buildings in Brussels, of chip cards that can be
inserted into electronic wallets (that I have already shown you),
allows privacy in payments and the electronic ECU. Such "privacy
technology" was even successfully used by the participants at the
most recent international meeting of data protection commissioners.
Ecash has received substantial media coverage; consequently, the
public is beginning to realize that the coming of electronic payments
need not mean an obliteration of privacy. And the superhighway will
give consumers unprecedented mobility to choose it. Some concern
about ecash, however, has been raised by various parties over
possibilities it might open for illicit payments. But there is
simply no legitimate basis for these allegations.
Ecash, even when it achieves significant scale, is considerably less
dangerous to society than automatic teller machines. For one thing,
like cash, the amount withdrawn and deposited is on record; but, for
another, unlike cash, the amounts of money that pass through each
person's hands are also on record at the bank. Ecash itself is less
prone to abuse than paper bank notes, because privacy is "one-way,"
which means that an extortionist, a seller on a black-market, or the
acceptor of a bribe is forever vulnerable to being irrefutably
incriminated by the party that paid them.
National Leadership
Governments who stifle the new technology while it is still in its
infancy, before its has had a chance to develop and harmonize with
our institutions; who don't pro-actively support needed
infrastructure; or who fail to establish confidence by protecting
against systemic risk--will be left behind in global competition.
Countries who take clear positions based on understanding of the
technology, however, and encourage needed developments, stand to gain
enormous economic growth and market leadership. Privacy technology,
whether used for electronic payments, voting, or other public
expression, is the electronic equivalent of a free market and
democracy. People will come to insist on it as an informational
human right.
Dr. David Chaum, DigiCash
--- cut here ---
// Marcel van der Peijl, DigiCash bv
// http://www.digicash.com/~bigmac/
// There is no signature like no signature!
Return to July 1995
Return to “Phil Fraering <pgf@tyrell.net>”