-----BEGIN PGP SIGNED MESSAGE----- David Murray <sdavidm@iconz.co.nz> writes:
One avenue of safety - shepherding the idea through SEC etc scrutiny so as to render the venture completely legal seems to lack something of a c'punk flavour. After all, one idea that some of us are quite taken with is that strong crypto and the changes it brings are not only important (they are), nor good (as Tim has pointed out - it depends where you stand) but *inevitable*.
So, how safe would a cp style bank be today?
[feasibility analysis of blacknet style payment system]
If you haven't, you should read Doug Barnes <cman@communities.com> recent postings on the current state of money laundering regulations. Chilling stuff. You can bet they are not going to like the payment system you described, it's it's methods of transfering funds to and from US bank accounts would be open to many of the anti-money laundering attacks. It would put a lot of strain on the remailer nets to have the likes of FinCen, FBI, CIA, NSA etc. after them. It is the legal impliciations which are the problem, if they don't like what you are doing, and can hold that it is illegal, they will come after you with excessive force. Even it you could get away with it, a purely anarchistic system has the disadvantage of lack of take up: if no one is accepting your e-cash, you can't buy things with it. It could be made illegal for people to accept your e-cash, at this point only people acting anonymously will be using it. I think a possible approach is to work in two stages: to first work towards wide use of ecash, as privacy preserving as feasible with government imposed restrictions, and then in the future work on improving the level of privacy. The two stage approach I think is more likely to succeed because while there is no payment infrastructure, the hard-line blacknet style operations run counter to the aim of speeding the uptake of ecash. It seems to me that payment systems that escape jurisdictions by being in cyberspace protected by strong crypto, whilst perhaps inevitable long term, are still some way off. I think it is useful to explore what could be achieved by getting something less abitious working first. I like the distributed anarchic approach too, but lets first find peoples opinions on what is possible within the system, and see if anything useful would be possible with these constraints. I would like to hear views on whether the best that can be achieved with such constraints would be a step in the direction of a more desirable system (with better privacy guarantees), or whether it would instead be detrimental to the cause, say perhaps by contributing to getting a non-privacy preserving scheme immovably fixed as a standard. There are several approaches to ecash systems that I am aware of: 1. no anonymity - most current systems 2. "trust me" the schemes which claim anonymity, but in reality rely on your trust in the bank. eg Mondex 3. clipper-cash (Jakobsson) here you get to trust a (supposedly independant) third party http://www-cse.ucsd.edu/users/markus/ http://www-cse.ucsd.edu/users/markus/revoke.ps 4. blind signatures (Chaum, Brands) http://www.digicash.com/ http://www.digicash.com/publish/pu_sc.html 5. or agnostic server (Doug's paper) (blinding as well, just avoiding Chaum's patents) http://www.communities.com/paper/agnostic.html 6. anarchy - remailer net, blacknet type operation I would discount 1 & 2 as outright undesirable, and already available anyway. 6 would cause the regulators to throw a fit. Of the remainder 3, 4 & 5, I think the most likely to be acceptable to regulators is 4: clipper-cash. Next come 4 & 5. Chaum's blinding, and Doug's agnostically blinding proposals. What do people think of clipper-cash? Basically it sets of a scheme where you have an ombudsman who is supposed to be acting on the consumers behalf. Revoking privacy requires the cooperation of both the bank and the ombudsman - the bank on it's own can't strip your privacy. Down side: to get such a scheme past regulators the ombudsman would probably end up being a government body, or one beholden to government, such as banks are with all the current banking regs, re Doug's last two posts on the subject. The problem with clipper-cash see is that it is just as the name implies: private until you are investigated, or until the regulators decide to go on a fishing spree. But better than no anonymity. Technologically it would be possible to have multiple ombudsmen, or even have the recovery key be secret share split amongst ecash users in such a way that some chosen percentage of agreement would be required before cash could be traced, or revoked (made worthless). I would presume that the more ombudsmen there are, and the less amenable they are to government pressures, the less likely the payment scheme would be to be acceptable to the banking regulators. Does clipper cash satisfy any cypherpunk goals? Or is it the ecash equivalent of the hated clipper, and clipper II initiatives? A blinding agnostic or openly blinding signature based server would obviously be preferable, but could you get such a system approved by the regulators? These are just questions, to see what people think are the optimal configurations from a cypherpunks perspective, and how close to these ideals a payment system could be and still get past the regulators. Adam -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMHwDaSnIuJ1VakpnAQHS9wQAmVqEtZI4gNLWtory4adCvkZ1hKDYleXJ i2SM/HzvqreyVGyPyYEVWqwNasOYoUvUH/lJBt0DNjnAk1xzU2xFcjKxjjA9sOH8 tUxPbAPBNK9UJIMqMHUPCz33KDd0KYeHDJXYvW1Or+JUxRKQD065hBZZLIJqf3+K DXcMlD4qifU= =01vA -----END PGP SIGNATURE-----