1995-11-15 - Re: credit card conventional wisdom

Header Data

From: Greg Broiles <greg@ideath.goldenbear.com>
To: cypherpunks@toad.com
Message Hash: 093e2d8450454fcff298c0856c8c06d4af19ee935d3fc8105d9fc14bf772ffd1
Message ID: <199511150321.AA17449@ideath.goldenbear.com>
Reply To: N/A
UTC Datetime: 1995-11-15 03:39:29 UTC
Raw Date: Wed, 15 Nov 1995 11:39:29 +0800

Raw message

From: Greg Broiles <greg@ideath.goldenbear.com>
Date: Wed, 15 Nov 1995 11:39:29 +0800
To: cypherpunks@toad.com
Subject: Re: credit card conventional wisdom
Message-ID: <199511150321.AA17449@ideath.goldenbear.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Detweiler writes:

> the argument goes like this: secure credit card number uploading
> schemes (such as in Netscape) are not important on the internet because 
> credit card numbers are already insecure. you give them to low-wage
> workers all the time who might steal the number from you anyway.

> there are a lot of fallacies with this. I find this to be a key
> cypherpunk issue, and I hope others will agree to the point of
> trying to attack this fallacy through letters to the editor,
> debates, etc., because it seems to rationalize weak security.

You're only reproducing half of the debate, which goes like this:

Businesses/customers won't trust the Internet for commerce, because it's
not perfectly secure.

And then others go on to point out that businesses and consumers do business
every day using commerce tools whose security features are weak to nonexistent.

So, no, we don't have to "get the Internet ready for business" because it's
already at least as secure as ordinary consumer transactions. This doesn't
mean that it's not important to work on security, just that it's a useful
direction for improvement, not a baseline requirement.

Most consumer-level transactions are based on a general sort of 
trust-in-human-nature sort of policy, backed up by the knowledge that a single
failed transaction (or even a constant low level of failed transactions, where
failed == "didn't get paid but gave the stuff away") isn't likely to kill off
a business or even make it unprofitable. Loss by theft or fraud can be thought
of like any other sort of overhead - and it doesn't make sense (financially)
to spend more to eliminate it than you'll recover by that elimination. 
Pursuing criminal or civil charges against a non-performing party is 
expensive - most people do it out of a sense of moral outrage, or because they
want to maintain a public perception of unforgiveness, not because they 
really think they'll get back what they've expended in time, money, and 
opportunities lost for other (more profitable) pursuits. (see Axelrod on
the Prisoner's Dilemma tournaments for the arguable game-theory C-punks
cryptoanarchy relevance.)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMKlcz33YhjZY3fMNAQEAlwP7B+cP/IB1wZ0TeWwwoL5j9z4m5irIO9yV
O5599i6fiJ2X3+HbJKGY0/aENs1Zq6kNPHo1I/HcjBhN3fazwelv5BV1dFfmnfUp
lPA8DOTraM7qGse6JEpG+tyJa7bL4wadjDAlFVe4uPSxokw1gppBMkZa6pcwd3cX
zQ7ammmgeQI=
=ZZi9
-----END PGP SIGNATURE-----





Thread