Jim Choate <ravage@ssz.com> writes:
Kent Crispin <kent@songbird.com> writes:
Subject: Re: (eternity) Eternity as a secure filesystem/backup medium (fwd)
There are alternative ways of paying for the service that do not in any way depend on ecash, and after thinking about it a bit, they seem more robust, as well.
The basic idea is as follows: The fundamental eternity service is free to readers, and is financed entirely by writers. The writers supply the disk space, the network bandwidth, and possibly pay for the software to support all this.
It is clear that there are two diametricaly opposed models of payment mechanisms and who those costs should fall on; producers or consumers. I personaly have no faith in systems where the producers bear the burden of the costs since they have no clear mechanism to obtain the funds to finance the enterprise in the first place.
Imagine for a moment that a couple of persons come into possession of a set of documents which would cause considerable political embarassment and legal difficulties for a head of the local government.
Why should these two individuals pay to have their data dissiminated to anyone who wants it? It certainly isn't going to improve their social, political, or professional standing since the server will anonymize the data.
If the would be disseminater was happy to have their name associated with the document, they could put it on their own web page. The problems may be that: - they do not want to suffer the legal and extra-legal reprisals for posting, - they have little faith in the data remaining available for long on their web page, once well resourced determined attackers try to remove it. Eternity helps here in that it obscures the poster's identity, and reduces their exposure in that they personally don't have to send as many messages. Eternity also helps ensure continued availability, at least while somebody is funding that availability.
They then have two options, release it themselves and hope for the best (and hence reap the benefit of any economic benefits that might acrue) or do nothing with it.
Releasing the data themselves is problematic. They may not wish to accept the risk. Eternity provides a way to pay someone else to take the risks in ensuring availability.
How about information to build man portable atomic bombs? It doesn't make sense to take all those chances and the data haven operators to take the chances when they will get at most the monetary input from a *single* party. It is clear that these resources are clearly inferior to many parties paying to get the data.
The users is getting value for money from the eternity servers -- the eternity server is providing the service of risk taking. It is true that someone could pay for accessing the data, and resubmit it to eternity with themselves as the beneficiary. They would likely want to undercut the price charged by the initial poster. This suggests a recursive auction market with prices falling over time. The eternity server operators win in that they are being paid for their services. The original poster possibly doesn't make that much money, but the operator could counter by reducing their prices over time to undercut other copies also. There are other ways where the submitter could get higher prices. He could for example post the data in encrypted form, and send the decryption key to a high reputation third party to verify the authenticity of the data. He could then demand $10,000 for the key. Bids would be placed by users interested in obtaining the data. When the bid price is reached the data is posted. Bids would be held in escrow by the third party. In the event that the requested price is not met the ecash could be returned to the bidders. The market will discover the value of the risk taking services provided by the eternity servers in that if the servers over-charge, users will take their own risks, by starting their own servers. If a given server under-charges, other servers will sub contract to that server. There is a risk here that the NSA may offer eternity services at prices undercutting everyone else. This risk suggests that users would not necessarily select the cheapest services. If this pattern of usage emerges, it also suggests that the NSA would better optimise their efficacy by not offering the cheapest prices. The problem of preventing eternity servers sub-contracting all their work to the cheapest eternity-server (the NSA operated servers) suggests that it may be desirable to design a system so that the poster, or some third party auditing agent is able to verify where data resides. I can not see how this can generally be achieved, because it seems difficult to verify whether a server is sub-contracting or not. So in conclusion the safest strategy seems to be to select random servers regardless of price. This results in a flat demand curve, and no incentive for servers to offer cheap service. The model is more complex that this in that there are different risk documents and this risk would affect the price a submitter is willing to pay. Adam