1995-10-08 - Re: cypherpunks digicash bank?

Header Data

From: aba@dcs.exeter.ac.uk
To: cman@communities.com
Message Hash: 012997afb20eec3edf9f9cadeda09b3be4fd7b7877cccfad564841945933be12
Message ID: <18185.9510081722@exe.dcs.exeter.ac.uk>
Reply To: N/A
UTC Datetime: 1995-10-08 17:22:42 UTC
Raw Date: Sun, 8 Oct 95 10:22:42 PDT

Raw message

From: aba@dcs.exeter.ac.uk
Date: Sun, 8 Oct 95 10:22:42 PDT
To: cman@communities.com
Subject: Re: cypherpunks digicash bank?
Message-ID: <18185.9510081722@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Douglas Barnes <cman@communities.com> writes on cypherpunks:
> I'm afraid you may have somewhat misunderstood the motivation behind
> the Identity Agnostic paper. In no way is it intended as a way of
> not facing the music wrt regulators in the country(s) where such an
> institution has offices. The IA approach is intended as an possible
> alternative for an institution that might otherwise license from
> Chaum.

So it's intended for avoiding patent issues only?

But the identity agnostic idea, and the idea of using software not
officially supplied by the bank does not sound like something that
would be easy to convince a bank, or other financial institution of?

I mean the agnostic server idea is that the user must obtain patent
infringing software in order to gain anonymity, or else the user
individually obtain on a case by case basis a license from Chaum.  A
similar mess to the early problem with PGP, back in the days when RSA
contended that PGP was a patent infringement, and the other side of
the story was that it was the users responsibility to get a license
from RSA.

As early versions of PGP demonstrated individuals can get away with
this kind of thing, but it doesn't help commercial uptake of the
software.  You need commercial uptake, as a lot of the shops will be
commercial service providers, plus value added information or product
providers.  What I'm saying is that whilst technically the server need
do nothing infringing, without the infringing client software it
provides nothing new over existing systems, and that the stigma of
illegality, might adversely affect the acceptability of the whole
scheme to a bank.

Ie if you really wanted to sell the system to a bank, you'd presumably
stand a better chance if you removed the potential for blinded
signatures altogether.

Tim is right, patents most definitely retard advancement of technology.

> The regulators I've discussed this with are primarily concerned with
> how money moves into and out of a digital cash system. The fact that
> small payments cannot be traced from buyer to seller is not at the
> top of their list of concerns -- it's already a basic fact of life
> for them in existing payment systems. 

So you think with the $10k limit, they might even be happy with a
system such as I just described?  (note: I did not imply anonymous
accounts, only payer anonymity, basically exactly what Chaum has in
his trial system right now).

> They are also not oblivious to the privacy concerns inherent in an
> institution logging massive amounts of counterparty data about
> small transactions.

I had not realised they were concerned over such things.  How does
this fit in with the separate 100$ bill for domestic and foreign use?
It was previously my suspicion, that 100$ bills were first, and that
soon they would be trying to outlaw cash altogether!

Perhaps I am too cynical, and I am glad to hear it.

(Anyone know if anything ever come of this creation of a foreign issue
of 100$ bills which had to be exchanged at customs in entry and exit,
each being legal tender only when used in the correct jurisdiction?)

> I would strongly discourage anyone from trying to set up a garage-
> type operation. While regulators clearly don't appreciate the
> subtleties of this stuff, they can spot an illegal bank or an
> unlicensed money transmitter from a mile away.

I was talking of doing it by the book, patent licenses, appropriate
banking licenses, banking regulatory approval.  Your description of
the banking regulatory bodies likely stance on transferring small
amounts anonymously was more favourable than I envisaged.

The garage-type operation: I was having problems convincing myself
that any bank could be persuaded to do it.  Hence I thought, well the
civilian sector would have to do it.  It doesn't have to be
amateurish, just has to be run by people who have an interest in
privacy, cypherpunks aren't excluded from doing things professionally,
and in fact have a vested interest in seeing it succeed even.  You
can't expect big banks, governments or corporate types to deliver
privacy on a plate, it is counter to their interests - they like
nicely indexed, cataloged user profiles, as they are saleable items.
Accurate user demographics is big business.

The closest that I've seen to a bank offering any semblance of
anonymity is Mondex, and it's a crock as far as privacy goes IMO, as
as far as I understand the card knows everything, and there is
*nothing* stopping the bank downloading *all* of that information next
time you plug the card in.  That's the kind of anonymity I was growing
used to seeing banks offer.  Also the fact that it relies purely on
the tamper resistance of the card isn't very inspiring, no
cryptographic protocols, just a counter buried in a tamper proof card.

> If your concern is creating account anonymity, then you're going to
> need to set up outside of the US.

That was not the immediate concern, only payer anonymity.  I thought
this would be too much to expect to get away with.  Your comments
backup that belief.

> Do be aware that even the more relaxed countries of the world have
> regulations that cover this sort of thing, and they are especially
> interested in making sure you at least pay the appropriate licensing
> fees.

Licensing fees for what?  I lack details, and insight into the
background of financial dealings (as you might have noticed:-), but my
outburst was prompted by impatience with the take up of DigiCash, or
any half decent alternative.  Blind signature technology has been
around for a long time now, and there is not one on-line instance of a
practical real world use of this technology.

So what problems remain to be solved with a system which has the
following characteristics:

1) either agnostic (to save $150k + 10% profits) or coughing up the
   $150k for Chaums patents - I'm not fussy, only concern for me is
   implications on uptake as described above

2) no anonymous accounts

3) payer anonymous

4) on-line, normal banking style records kept of money paid in

5) 100% real currency backed

6) profits by keeping interest on backed currency, possibly small % on
   cashing to pass on VISA costs, etc if necessary


Would US banking regulations in your opinion have a problem with this?

If $150k is the real sticking point then I'm surprised, I mean ok,
it's some money, perhaps the 10% cut of profits Chaum requires is more
of a concern.  But surely this would win as a privacy preserving
internet payment system for convenience, on-line instant payment.

With the kind of money investors seem to be willing to back netscape
with and the unexpectedly high level of interest in their commerce
servers, even Chaum's $150k seems like small change.  There must be
more to it, what a $1M lawyers bill to sort out the technicalities,
and legal implications with regulators?

Adam
--
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2)






Thread