Douglas Barnes <cman@communities.com> writes on cypherpunks:
I'm afraid you may have somewhat misunderstood the motivation behind the Identity Agnostic paper. In no way is it intended as a way of not facing the music wrt regulators in the country(s) where such an institution has offices. The IA approach is intended as an possible alternative for an institution that might otherwise license from Chaum.
So it's intended for avoiding patent issues only? But the identity agnostic idea, and the idea of using software not officially supplied by the bank does not sound like something that would be easy to convince a bank, or other financial institution of? I mean the agnostic server idea is that the user must obtain patent infringing software in order to gain anonymity, or else the user individually obtain on a case by case basis a license from Chaum. A similar mess to the early problem with PGP, back in the days when RSA contended that PGP was a patent infringement, and the other side of the story was that it was the users responsibility to get a license from RSA. As early versions of PGP demonstrated individuals can get away with this kind of thing, but it doesn't help commercial uptake of the software. You need commercial uptake, as a lot of the shops will be commercial service providers, plus value added information or product providers. What I'm saying is that whilst technically the server need do nothing infringing, without the infringing client software it provides nothing new over existing systems, and that the stigma of illegality, might adversely affect the acceptability of the whole scheme to a bank. Ie if you really wanted to sell the system to a bank, you'd presumably stand a better chance if you removed the potential for blinded signatures altogether. Tim is right, patents most definitely retard advancement of technology.
The regulators I've discussed this with are primarily concerned with how money moves into and out of a digital cash system. The fact that small payments cannot be traced from buyer to seller is not at the top of their list of concerns -- it's already a basic fact of life for them in existing payment systems.
So you think with the $10k limit, they might even be happy with a system such as I just described? (note: I did not imply anonymous accounts, only payer anonymity, basically exactly what Chaum has in his trial system right now).
They are also not oblivious to the privacy concerns inherent in an institution logging massive amounts of counterparty data about small transactions.
I had not realised they were concerned over such things. How does this fit in with the separate 100$ bill for domestic and foreign use? It was previously my suspicion, that 100$ bills were first, and that soon they would be trying to outlaw cash altogether! Perhaps I am too cynical, and I am glad to hear it. (Anyone know if anything ever come of this creation of a foreign issue of 100$ bills which had to be exchanged at customs in entry and exit, each being legal tender only when used in the correct jurisdiction?)
I would strongly discourage anyone from trying to set up a garage- type operation. While regulators clearly don't appreciate the subtleties of this stuff, they can spot an illegal bank or an unlicensed money transmitter from a mile away.
I was talking of doing it by the book, patent licenses, appropriate banking licenses, banking regulatory approval. Your description of the banking regulatory bodies likely stance on transferring small amounts anonymously was more favourable than I envisaged. The garage-type operation: I was having problems convincing myself that any bank could be persuaded to do it. Hence I thought, well the civilian sector would have to do it. It doesn't have to be amateurish, just has to be run by people who have an interest in privacy, cypherpunks aren't excluded from doing things professionally, and in fact have a vested interest in seeing it succeed even. You can't expect big banks, governments or corporate types to deliver privacy on a plate, it is counter to their interests - they like nicely indexed, cataloged user profiles, as they are saleable items. Accurate user demographics is big business. The closest that I've seen to a bank offering any semblance of anonymity is Mondex, and it's a crock as far as privacy goes IMO, as as far as I understand the card knows everything, and there is *nothing* stopping the bank downloading *all* of that information next time you plug the card in. That's the kind of anonymity I was growing used to seeing banks offer. Also the fact that it relies purely on the tamper resistance of the card isn't very inspiring, no cryptographic protocols, just a counter buried in a tamper proof card.
If your concern is creating account anonymity, then you're going to need to set up outside of the US.
That was not the immediate concern, only payer anonymity. I thought this would be too much to expect to get away with. Your comments backup that belief.
Do be aware that even the more relaxed countries of the world have regulations that cover this sort of thing, and they are especially interested in making sure you at least pay the appropriate licensing fees.
Licensing fees for what? I lack details, and insight into the background of financial dealings (as you might have noticed:-), but my outburst was prompted by impatience with the take up of DigiCash, or any half decent alternative. Blind signature technology has been around for a long time now, and there is not one on-line instance of a practical real world use of this technology. So what problems remain to be solved with a system which has the following characteristics: 1) either agnostic (to save $150k + 10% profits) or coughing up the $150k for Chaums patents - I'm not fussy, only concern for me is implications on uptake as described above 2) no anonymous accounts 3) payer anonymous 4) on-line, normal banking style records kept of money paid in 5) 100% real currency backed 6) profits by keeping interest on backed currency, possibly small % on cashing to pass on VISA costs, etc if necessary Would US banking regulations in your opinion have a problem with this? If $150k is the real sticking point then I'm surprised, I mean ok, it's some money, perhaps the 10% cut of profits Chaum requires is more of a concern. But surely this would win as a privacy preserving internet payment system for convenience, on-line instant payment. With the kind of money investors seem to be willing to back netscape with and the unexpectedly high level of interest in their commerce servers, even Chaum's $150k seems like small change. There must be more to it, what a $1M lawyers bill to sort out the technicalities, and legal implications with regulators? Adam -- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2)