Re: bearer = anonymous = freedom to contract

[Robert Hettinga <rah@shipwright.com>]

At 11:56 AM -0500 on 2/16/99, Kawika Daguio wrote:

> I think we have been having this conversation over and over for at least
>three if not four years now...and neither of us has given up.

Not only that, Kawika, but we're *famous* for this conversation, if anyone
who's rooted around in HotWired's "BrainTennis" debate site would know.
:-). Me Dan, you, Jane, to do some heavy lifing from the original Saturday
Night Live...

> I still claim that your insistance on offline clearing is a mistake that
>limits your options and the possibilities for ecommerce.

I know you know the difference between on-line and offline transactions in
financial cryptography, so it seems to me that you're saying that anything
which doesn't immediately go through a bank must be "offline", right?

And, of course, your redefinition of a cryptographic term of art has
nothing to do with the fact that you work for the American Banking
Association, does it, Kawika?

;-)


Look, you can have a box in a rack on the internet in which a digital
bearer transaction executes, clears, and settles all at once. David Chaum
and Ron Rivest calls these boxes "mints". I call the owner of these boxes
"underwriters", which is what they're doing, financialy. And,
cryptographically, if you redeem and reissue these transactions at every
transaction, they are called *online* transactions.

*Offline* transactions, cryptographically, are hard, particularly when you
have a high risk or high value transaction. That is, if you just keep a
digital bearer certificate someone gave you, without checking it at the
time of acceptance, someone could be giving you a double-spent one. If you
don't get another certificate reissued to you at the same time, someone
could double spend "your" certificate later. Now, there are ways to fix
this with hardware, with special observer chips on every machine where the
certificates are stored, but that violates the third of my three rules,
"nothing but net" (the others are "geodesic payment for geodesic networks",
"three orders of magnitude cost reduction"). Observer chips, wallets, and
the like force you to create your own network instead of using the one
which is already there. I personally think that this was the primary
strategic flaw of DigiCash, both BV and Inc., though given their founding
5? years before the commercial internet, not to mention Chaum's discovery
of blind signatures almost a decade before that, I can certainly be accused
of 20-20 hindsight.

For micropayments, the double spending problem isn't so pronounced, so
offline transactions are much easier to do. Typically, I expect that
machines would be making these payments to each other, and, like I've said
already, double spending allows a machine to drop money on the floor, like
we do to IP packets now, and resend it. It's easier to "blackball" a
"criminal" machine, particularly if it has an IP address. People move
around, change machine addresses, and are harder to catch, so you can't
trust them as much. :-).

Now, surely, you need to be able to convert these digital bearer tokens
into book-entry form, using a bank of deposit, especially if you want to
buy something off of the net. In fact, they're worth absolutely nothing if
you *can't* convert them into another asset.

But, you don't need to do it on every transaction, if at all, if there's
enough stuff on the net to buy. I think most financial cryptographers worth
their salt will tell you that the transaction risk of a decent bearer
protocol is the same, if not much less, than any book-entry, bank-assisted,
protocol, (again, I refuse to redefine "on-line" to the ABA's convenience)
so, why not keep your cash, in bearer form, on the net, where it's easier
to deal with?

Someday, it might even be possible to have other assets, like debt, equity,
derivatives, in digital bearer form as well. Then *investment* banks will
have an interesting time, but that's another story.

And, of course, I don't really think that digital bearer cash means the end
of banks, especially as trustees, or even good old-fashioned banks of
deposit. For a while, anyway. :-). Finance is still finance, and it still
requires smart, clueful financial intermediaries to rent their reputation
to a given transaction.

Again, privacy is not the reason to do this. Economics is the reason to do
this.

As to the timeliness of the discussion, yes, I do feel a little like
someone pushing "computerized" book-entry settlement in about, oh, 1949,
but stuff like that's never stopped me before. I was pushing financial
cryptography before it was discovered, even coined "financial cryptography"
myself, and, of course, I was jumping up and down about digital commerce
long before it happened, too.

Besides, there *were* people advocating "computerized" book-entry
settlement back then in the late 1940's, and they were right as well.

However, I now think that financial cryptograpy and ubiquitous
internetworking will make bank-based, "computerized" book-entry settlement
go they way of the paper bearer certificate and the Brinks truck, and that
people who think otherwise should, um, take their spats off before the 20th
century's over.

Cheers,
RAH


-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

For help on using this list (especially unsubscribing), send a message to
"dcsb-request@ai.mit.edu" with one line of text: "help".