I'm writing a lot today. These last several days, actually. Maybe I got enough sleep, maybe the debate about how CFP has been taken over by the droids is inspiring me, maybe it's because I can't wait until I can get these drawings (talked about later) up on my soon-to-appear "virtual whiteboard" Web site. Whatever, what follows here (I'm writing this intro last) is probably one of the most important essays I've written in recent months. If most of you disgree, I'll know I'm truly out of touch. On Saturday, August 25, 2001, at 08:25 PM, Declan McCullagh wrote:
On Sat, Aug 25, 2001 at 05:44:39PM -0700, Tim May wrote:
I won't pay these rates for _any_ conference. Greg Broiles hit the nail on the head: the only ones worth paying for are the ones with short-term economic payoff. For CFP, this probably means law firms hoping to get some business, or hoping to recruit some lawyers.
CFP is still worth attending, but more as a social event nowadays. It's started to become a corporate-privacy-officer conference. I was chatting two weeks ago with a friend who's a CPO at one of the valley's largest firms and my friend was talking about suggesting a panel on "how firms can comply with european data directive stuff." Not unimportant in a practical sense, but hardly interesting, or cypherpunkish.
So I guess my candidate submission for the P.E.T. workshop might not be well-received: "BlackNet; Case History of a Practically Untraceable System for Buying and Selling Corporate and National Secrets." The whole notion of "Chief Privacy Officers" shows how ridiculous things have become. For several obvious reasons we've talked about many times. (And the notion that companies like ZKS will survive by reinventing themselve as privacy consultants to comply with privacy laws is equally silly. Hint: Whatever companies need to meet privacy "laws" in Europe, Asia, and North America doesn't have much to do with PipeNets and extremely robust systems for high-bandwidth communication.) But I guess the vanished occupations of "Web Master" and "Web Mistress" had to morph into something equally silly. PLOTTING THE COSTS AND BENEFITS OF UNTRACEABILITY Look, this is all part of something I talked about at the June physical meeting in Berkeley: by failing to acknowledge the "high-value" markets for untraceability, characterized by such things as Swiss bank accounts and income-hiding, porn-trading rings, and information markets, the whole technology of privacy/untraceability gets ghettoized into low-value markets like "untraceable subway tokens" (wow, gee!), weak versions of proxy surfing tools, and boring attempts to get people to use digital money for things they don't mind using Visa and PayPal for. At the June meeting I drew a graph which makes the point clearly. A pity I can't draw it here. (Yeah, there are ways. My new Web page should have some drawings soon. But this list is about ASCII.) Plot "Value of Being Untraceable in a Transaction" on the X-axis. This is the perceived _value_ of being untraceable or private. Start with "little or nothing," proceed to "about a dollar" then to "hundreds of dollars" then to "thousands" then to "tens of thousands and more." (The value of being untraceable is also the cost of getting caught: getting caught plotting the overthrow of the Crown Prince of Abu Fukyou, being outed by a corporation in a lawsuit, being audited by the IRS and them finding evaded taxes, having the cops find a cache of snuff films on your hard disk, and so on.) Some examples: People will demonstrably get on planes and fly to the Cayman Islands to open bank accounts offering them untraceability (of a certain kind). It is demonstrably worth it to them to pay thousands, even tens of thousands, of dollars to set up shell accounts, dummy corporations, Swiss bank accounts, etc. For whatever various and sundry reasons. (They may be Panamanian dictators, they may be Get Rich Quick scamsters, they may be spies within the FBI or CIA.) They expect a "value of untraceability" to be high, in the tens or hundreds of thousands...or even much higher. Even their lives. Call this the "Over $100K" regime. I cite this because it disputes directly the popular slogans: "People won't pay anything for privacy or untraceability." (In fact, people pay quite large sums for privacy and untraceability. Ask Hollywood or corporate bigshots what they pay not to be traced.) People will also pay money not to be traceable in gambling situations. They gamble with bookies, they fly to offshore gambling havens, and so on. The _value_ to them is high, but not at the level above. If they're caught, they face tax evasion charges, maybe. Call this the "$1K-10K" regime. (The spread is wide, from low-rent bookie bets which even the IRS probably doesn't care much about to schemes to avoid large amounts of tax.) At lesser levels, some choose to pay cash for their video tape rentals (with deposits arranged) just to avoid leaving a paper trail. (Bet Justice Thomas wishes he had.) And then at very low levels there are the cases where the benefits of untraceability are worth little or nothing to most people. I call this the "millicent ghetto." Actually, the ghetto begins down at around a dollar or less. Sadly, a huge number of the proposed "untraceable digital cash" systems are targetted at uses deep down in this ghetto. (Perhaps because they have no hint of illegality?) On the Y-axis. Plot here the _costs_ of achieving untraceability for these levels of achieved. This is the cost of tools, of using the tools, of delays caused by the tools, etc. For example, flying to the Cayman Islands to personally open a bank account may cost a couple of days in time, the airfare, and (more nebulously) the possible cost of having one's photograph taken for future use upon boarding that plan for Switzerland or the Caymans. Lesser costs, but still costs, would be the costs of using Freedom (much frustration, say most of my friends who have tried to use it), the costs of getting a Mark Twain Bank digital cash account and actually having it work the way it should, and just the overhead/costs of using PGP. Now on this X-Y graph plot the "blobs" where benefit/cost clouds of points are found. The 45-degree line is where the "costs" equal the "benefits." (These values change somewhat in time, of course, but the general point is still clear I expect.) Anything _below_ this 45-degree line is "cost effective": benefits > costs. Anything _above_ this line is NOT cost-effective: costs > benefits. (In the economics of black markets, or illegal activities, we can expand these terms a bit. For example, "costs = costs of being caught x chance of being caught." An illegal action which will result in a $100K fine but which is only expected to be caught 1% of the time has a resultant cost of $1K. This is the "expected cost." Obviously, the idea of crypto and untracebility tools is to alter the equation by reducing the chance of being caught.) RATIONAL ACTORS The obvious point is that rational actors never pay more for untraceability than they get back in perceived benefits. Someone will not pay $1000 for privacy/untraceability technology or tools that only nets them $500 in perceived benefits. They won't spend $1.00 in tools to net them 10 cents in perceived benefits. THE SWEET SPOT The "sweet spot" for privacy/untraceability tools is out of the "millicent ghetto" so much of the focus has beenon, and is even out of the "private Web surfing to avoid company tracing" ghetto, roughly at the tens of dollars levels. (It is hard to imagine how the "cost" of having Pillsbury know your baked good preferences is more than some trivial amount. This is the "ghetto" of low value transactions. However, not having the FBI know your are interested in "Lolita" images can be worth many hundreds of thousands of dollars in terms of avoided jail time, fines, loss of employability, etc. (Do I think many pedophiles will, accordingly, pay hundreds of thousands for technologies to make them untraceable? Of course not, for reason psychologists are familiar with. But they'll pay some amount, and that amount may dwarf the aggregate value of what all of the "millicent ghetto" dwellers will pay. Interestingly, ZKS Freedom as ORIGINALLY SPECCED would have provide this "pedophile-grade untraceabilty" (to coin a phrase). Does it now? I don't think so, from what I hear from Wei Dai, Lucky Green, and from words coming out of ZKS. Apparently they are not planning to focus on these "high value" areas.) Things start to get "interesting" at the thousands of dollars for tools for tens or hundreds of thousands of dollars in benefits. (By the way, the same applies to crypto per se. The military has "crypto specialists" and "crypto shacks" on board ships. But these cost a lot of money in training, procedures, and equipment. Millions of dollars a year for a ship, for example. Do the math. Real crypto is more than just strength of algorithms and keys: it's this economic trade-off. Too much of "why don't people use crypto more?" whines fails to see this basic point.) The "sweet spot" often, practically by definition, involves putatively illegal activities: child porn, plotting revolution in Saudi Arabia, selling corporate secrets, distributing banned materials, etc. Only in these situations are the "costs of failure to be untraceable" high enough to make spending money and time learning to be untraceable worthwhile. It is not surprising that "those with nothing to hide" tend to put their money into their local bank branches under their own names while "those with something to hide" tend to open Swiss bank accounts. Again, draw this region as a blob far to the right on the X-axis and, we hope, not very high up on the Y-axis. Meaning, advances in crypto, remailers, digital money, etc. will make this "sweet spot" truly sweet. CORPORATIONS AND ACADEMICS FOCUS ON THE "GHETTO" NEAR THE ORIGIN Still, corporations and academics focus on the "near the origin" blobs: millicent payment schemes, slight Web surfing untraceability tricks, subway tokens, etc. Because to focus on the real sweet spot is to admit to working on crypto anarchy, untraceable revolutionary cells, child porn rings, all that good happy stuff. The stuff people want to be untraceable for--and are willing to pay for. This is the failure of nerve that all corporations and "reputable" academics face. CONCLUSION: To really do something about untraceability you need to be untraceable. Draw this graph I outlined. Think about where the markets are for tools for privacy and untraceability. Realize that many of the "far out' sweet spot applications are not necessarily immoral: think of freedom fighters in communist-controlled regimes, think of distribution of birth control information in Islamic countries, think of Jews hiding their assets in Swiss bank accounts, think of revolutionaries overthrowing bad governments, think of people avoiding unfair or confiscatory taxes, think of people selling their expertise when some guild says they are forbidden to. Most of all, think about why so many efforts to sort of deploy digital cash or untraceability tools have essentially failed due to a failure of nerve, a failure to go for the brass ring. --Tim May