I applaud Hal's insight into Chaum. I was in Amsterdam last year for a few weeks working for/with him, and I can substantiate what Hal says. I was only there for six weeks, which was supposed to have been the start of a longer relationship, but I got out.
But I think that Chaum has gone off in the wrong direction in the last few years. More and more he is concentrating on protocols which rely on a tamper-proof, hardware implementation of a cryptographic protocol which he calls an "observer".
The observer, owned by the user, opens a communications channel to a chip and to a central computer, both controlled by some company. The observer then mediates the communication between the chip and the central computer to make sure that no privacy information leaks out.
There appears to be no way to provide for secure, off-line digital cash, for example, other than with something like an observer.
This statement, while certainly true in Chaum's mindset, I no longer believe to be true. The question hinges on what 'security' means. To Chaum, it means that fraud losses are a mathematically perfect zero. To a real business, however, the losses must be bounded. The smaller the bound, the better, of course, but real financial service companies can and do tolerate some loss due to (technological) fraud. If the cost of the perfect system is more than the losses from fraud, there's no point in deploying it. Make no mistake, the observer system is expensive. The reasons smart cards are not more widely deployed is that they're too expensive per card. The observer protocols requires both a smart card and a small hand-held computer!
This means that these [observer] ideas are not useful for software-only implementations.
Not only not useful, but totally inapplicable. The observer model relies upon the fact that the computations inside the chip are unknown to the user. This just can't be the case with a software-only system.
I wish Chaum and his group would stop directing their efforts towards protocols which require an observer chip to be effective.
This just won't happen. The observer protocols are *patented*, you see. Anyone can design and build observers, because the spec is public, but you've got to pay up. Chaum seems to be basing his whole strategy for the future on observers. I think it's a gross strategic mistake.
I think that a realistic appraisal of the pros and cons suggests that non-observer protocols are more likely to further our ultimate goal of personal privacy.
Amen. Eric