1998-01-18 - eternity economics (Re: (eternity) Eternity as a secure filesystem/backup medium

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: ravage@ssz.com
Message Hash: 0d75a240a2d64f9b1ad64459efac95c0bb513b4c0a7bed167b25fa4b13a4cced
Message ID: <199801182140.VAA00472@server.eternity.org>
Reply To: <199801182053.OAA18106@einstein.ssz.com>
UTC Datetime: 1998-01-18 22:17:35 UTC
Raw Date: Mon, 19 Jan 1998 06:17:35 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 19 Jan 1998 06:17:35 +0800
To: ravage@ssz.com
Subject: eternity economics (Re: (eternity) Eternity as a secure filesystem/backup medium
In-Reply-To: <199801182053.OAA18106@einstein.ssz.com>
Message-ID: <199801182140.VAA00472@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain

Jim Choate <ravage@ssz.com> writes:
> Kent Crispin <kent@songbird.com> writes:
> > Subject: Re: (eternity) Eternity as a secure filesystem/backup medium (fwd)
> > There are alternative ways of paying for the service that do not in
> > any way depend on ecash, and after thinking about it a bit, they seem
> > more robust, as well. 
> > 
> > The basic idea is as follows:  The fundamental eternity service is 
> > free to readers, and is financed entirely by writers.  The writers 
> > supply the disk space, the network bandwidth, and possibly pay for 
> > the software to support all this.
> It is clear that there are two diametricaly opposed models of payment
> mechanisms and who those costs should fall on; producers or consumers.
> I personaly have no faith in systems where the producers bear the burden of
> the costs since they have no clear mechanism to obtain the funds to finance
> the enterprise in the first place.
> Imagine for a moment that a couple of persons come into possession of a set
> of documents which would cause considerable political embarassment and legal
> difficulties for a head of the local government.
> Why should these two individuals pay to have their data dissiminated to
> anyone who wants it? It certainly isn't going to improve their social,
> political, or professional standing since the server will anonymize the
> data. 

If the would be disseminater was happy to have their name associated
with the document, they could put it on their own web page.  The
problems may be that:

- they do not want to suffer the legal and extra-legal reprisals for

- they have little faith in the data remaining available for long on
  their web page, once well resourced determined attackers try to remove

Eternity helps here in that it obscures the poster's identity, and
reduces their exposure in that they personally don't have to send as
many messages.  Eternity also helps ensure continued availability, at
least while somebody is funding that availability.

> They then have two options, release it themselves and hope for the
> best (and hence reap the benefit of any economic benefits that might
> acrue) or do nothing with it.

Releasing the data themselves is problematic.  They may not wish to
accept the risk.  Eternity provides a way to pay someone else to take
the risks in ensuring availability.

> How about information to build man portable atomic bombs? It doesn't
> make sense to take all those chances and the data haven operators to
> take the chances when they will get at most the monetary input from
> a *single* party.  It is clear that these resources are clearly
> inferior to many parties paying to get the data.

The users is getting value for money from the eternity servers -- the
eternity server is providing the service of risk taking.

It is true that someone could pay for accessing the data, and resubmit
it to eternity with themselves as the beneficiary.  They would likely
want to undercut the price charged by the initial poster.  This
suggests a recursive auction market with prices falling over time.
The eternity server operators win in that they are being paid for
their services.

The original poster possibly doesn't make that much money, but the
operator could counter by reducing their prices over time to undercut
other copies also.

There are other ways where the submitter could get higher prices.  He
could for example post the data in encrypted form, and send the
decryption key to a high reputation third party to verify the
authenticity of the data.  He could then demand $10,000 for the key.

Bids would be placed by users interested in obtaining the data.  When
the bid price is reached the data is posted.  Bids would be held in
escrow by the third party.  In the event that the requested price is
not met the ecash could be returned to the bidders.

The market will discover the value of the risk taking services
provided by the eternity servers in that if the servers over-charge,
users will take their own risks, by starting their own servers.  If a
given server under-charges, other servers will sub contract to that

There is a risk here that the NSA may offer eternity services at
prices undercutting everyone else.  This risk suggests that users
would not necessarily select the cheapest services.  If this pattern
of usage emerges, it also suggests that the NSA would better optimise
their efficacy by not offering the cheapest prices.

The problem of preventing eternity servers sub-contracting all their
work to the cheapest eternity-server (the NSA operated servers)
suggests that it may be desirable to design a system so that the
poster, or some third party auditing agent is able to verify where
data resides.

I can not see how this can generally be achieved, because it seems
difficult to verify whether a server is sub-contracting or not.

So in conclusion the safest strategy seems to be to select random
servers regardless of price.  This results in a flat demand curve, and
no incentive for servers to offer cheap service.

The model is more complex that this in that there are different risk
documents and this risk would affect the price a submitter is willing
to pay.