The NSA's research report on e-cash says: "The ideal situation (from the point of view of privacy advocates) is that neither payer nor payee should know the identity of the other. This makes remote transactions using electronic cash totally anonymous: no one knows where Alice spends her money and who pays her. "It turns out that this is too much to ask: there is no way in such a scenario for the consumer to obtain a signed receipt. Thus we are forced to settle for payer anonymity." Keeping in mind I am only a lawyer, my skim of Schneier (2d ed.) didn't illuminate. The discussion of digital cash seemed to assume no payee anonymity. But the immediate previous section of dining cryptographers involved (it seemed) recipient untraceability. Is payee anonymity technically possible? Under what conditions? If so, is the issue social, e.g., as NSA notes, the lack of a signed receipt? Thanks, Lee