Hal Finney wrote:
I thought Blanc Weber made a good point when he wrote:
I learned a while back that Blanc is a woman. She's never corrected this public misperception, that I recall seeing, so maybe I'm out of place doing it here, but I've gone and done it anyway. (Blanc's point elided)
This is similar to Tim May's suggestion for a credential-less society (as far as possible). Rather than trying to carry around a lot of baggage in the form of certifications, credentials, reputations, etc. (anonymous or not), people structure their affairs in such a way that transactions can be completed using just the information at hand. Blanc's idea for immediate demos to demonstrate competency could tie into this nicely.
Yes, I think "locality" is generally a big win. Locality means local clearing, immediacy, and self-responsibility. Caveat emptor, and all that. Not perfect, of course, but generally better than a non-local, non-immediate system in which contracts are negotiated, credentials must be produced (often demanded by the government--here in Santa Cruz one needs a license to be a palm reader!). There are cases where time-binding is needed, where contracts must be negotiated, but the modern trend to make everything into a non-local, accounting-centered deal seems wrong-headed.
I didn't quite follow the rest of Blanc's message (a problem I have, I'm afraid, with many of his postings) but I do agree that there are problems with the use of reputations as a catch-all to solve the problems of anonymity. Faced with the ease of unpunished cheating in an anonymous relationship, people introduce the idea of reputations, sometimes called "reputation capital", and assert that cheaters would in fact be punished by damage to their reputations, the loss of reputation capital.
I don't think reputations solve all problems. Enforcement of contracts with threats of sanctions (economic, physical, etc.) is often needed. One doesn't pay $20,000 for a new car, not get the car because the dealer welched, and simply say: "Boy, his reputation is mud now." (I won't go into the various common-sense ways of dealing with this, nor point out that such massive frauds are rare, for various reasons.) My main point is a simple one: Let there be no laws which dictate what protocols people use for transactions. If Alice and Bob are content to use each others' "reputations" as a basis for doing business, let no third party step in and force them to use "credentials." How it all works out, with flaws and all, is not something we can predict. I'm not saying Hal's doubts about how reputation will work are unwarranted, or unwelcome...indeed, such questioning is needed.
What is this stuff, reputation capital? What does it look like? How can it be measured? How much is it really worth? I think this concept needs to be clarified and examined if it is to serve as one of the principle foundations of pseudonymous commerce. (I know there is a concept in modern finance which attempts to measure the economic value of a firm's reputation, called, I think, "good will", but I don't know how similar that would be to what we are talking about.)
Economists ought to be thinking about these things, a point economist David Friedman agreed with me on a couple of years or so ago. The study of anonymous markets, in which conventional sanctions are difficult to apply, should be an exciting area to explore.
One question is, to the extent that a "piece of reputation capital" is an actual object, a digital signature or token of some sort, how heavily linked is it to a given owner? If I run two pseudonyms, Bert and Ernie, and Ernie earns a piece of reputation capital, can he securely transfer it to Bert and have Bert show it as his own?
"Webs of trust" are partial examples of this, with Alice signing Bob's key and thus saying "I trust this key, so if you trust me, you should also trust Bob." While this does not yet extend to more substantive issues (such as saying "I vouch for this transaction"), it gives us a hint about how this may work. We've had some good discussions in Cypherpunks physical meetings, with noted agorists Dean Tribble, Norm Hardy, Mark Miller, etc., on this very topic: the transitive properties of reputation capital. It seems to work, based on analogies with criminal markets (where they obviously can't go to the courts), and with comparisons to primitive trading societies. The "Law Merchant," as you'll recall (Benson's "The Enterprise of Law") was extra-national, and only "my word as a captain is my bond" worked to ensure completion of trade arrangements. It worked well, too. (As I've said before, the fallback position of relying on the State has displaced ordinary concepts of trust and honor...it is no longer a "fallback" position, and so trust and honor (= reputation) has become a joke. I am optimistic that crypto anarchy will see a restoration of these concepts, back-stopped of course with cryptographic protocols and unforgeable signatures.)
On the one hand, we would not want this to be so (or, expressed in less normative terms, people would probably be uninclined to put much value on reputation capital which had this mathematical structure). If the purpose of reputation capital is to, in effect, punish cheaters, this is defeated to a large extent if it can be transferred. Ernie can earn a reputation, cheat, and then have Bert show the good aspects of Ernie's reputation while being unlinkable to the bad. Going back to the earlier discussion of anonymous escrow agents this would seem to make it far too easy for dishonest agents to succeed.
An unresolved issue, I suspect. Almost no work has been done here, so we have only our intuitions about how things will work. I have to be honest here, but I feel no shame about not knowing the answers to Hal's good points--this is just an area that has had little study, theoretically or empirically. A clarion call for more work.
On the other hand, untransferrable credentials are undesirable from the point of view of privacy. That was the whole point of Chaum's work on pseudonyms and credentials. If pseudonym credentials are untransferrable we have a problem where information builds up about a pseudonym that is very nearly as bad as a completely identified system. It is true that at least the ultimate linkage between pseudonym and physical body is broken, but to the extent that your on-line activities _are_ your pseudonym, it is no more desirable to allow dossiers to be built up about your on-line personality than your off-line life.
Practically, I see almost no way that credentials would *not* be transferrable. One obvious way is for Len and Mack to share bank accounts, money, etc. Len could have a large bank account (a credential of one sort) and could then "transfer" it (the access codes) to Mack. Voila! Credentials got transferred. More generally, two agents, related or not, can arrange transfers. In one extreme from, Len could transfer *all* of his codes and numbers to Mack, allowing Mack to effectively become Len. This is certainly a transfer of reputation! (And a concern several have raised, a la "But how do you know who you are *really* dealing with?")
Chaum's system worked in large part because it was ultimately grounded in an identity-based system. People could have credentials and transfer them, but there were limits on the types and numbers of pseudonyms you could have. I think these kinds of restrictions could limit some of the problems which arise with transferrable reputation credentials, although the general problem of "negative credentials", which is really another word for the problem of punishing cheaters, was not fully solved by Chaum's approach, at least not in a way that I understood (he wrote as though he had solved it).
I agree that much more work is needed. In fact, it's a situation analogous to the nanotechnology field, where one researcher dominates a field (Chaum in this stuff, Drexler in nanotech) and the great mystery is why no more Chaums or Drexlers have appeared!
One final point I'd make is that Tim's idea about avoiding credentials, along with the points Blanc made, is attractive but there do seem to be a lot of situations where credentials are shown in life. When that is necessary it is tempting to fall back on a trusted authority, the anonymous escrow agent or perhaps Jason Solinsky's cyberspace government, but I think you still have the problem of those authorities proving their honesty. So the problems of credentials and reputations are still present.
Even with the implications not fully explored, my main point is (again) that there be no restrictions on *my* ability to try to deal with other agents on this basis. That there may be some messy situations is not enough reason to outlaw anonymity; we see messy situations in our credential-happy society today, with "permission slips" needed for increasing numbers of transactions. Anonymity and unlinkable, untraceable transactions gives us the opportunity to explore these issues, and probably answer Hal's questions. A fair trade, I'd say. Even if I don't have a credential authorizing me to make that statement. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."