(First of all, I just wanted to say hello, especially to those of you I met for the first time at the Cypherpunks BOF last night at Usenix.) I caught up on the digital banking thread and have a few thoughts about future banks, financial privacy, and nonregulation issues, especially how they relate to the way things are done now. What is important to me in an ideal bank, in roughly descending order: 1. Security. The bank will not disappear, steal my money, allow others to steal my money, or unwarrantedly cut off my access to it. 2. Convenience. I can easily and reliably spend the money I have on deposit, deposit funds from elsewhere, and communicate with the bank regarding my accounts. 3. Privacy. The bank will not (or, possibly, cannot) reveal details of my financial situation or transactions to others including the government. 4. Credit. The bank will loan me money for appropriate purposes if needed (and my credit rating is acceptable). The financial institutions I currently deal with do a pretty good job of all of these except (3), which is not their fault but is the government's. (Except for crud like banks that use trivial keys like your SSN for access to banking by phone.) No. 1, security, is a problem with anonymized, offshore, network banking. Today we rely on a combination of reputation and regulation to provide bank security -- the banks we deal with stress size, longevity, permanence, etc., in their marketing campaigns, and there are mandatory reserve requirements and mandatory deposit insurance. Reputation should translate pretty well in our idealized banking world -- what is better than the electronic word of mouth of the Internet? But in a nonregulated environment, there will have to be private deposit insurance which could easily have some bootstrap problems in building the initial market. Convenience, #2, should be a vast improvement. Freed from the necessity and cost of maintaining a network of impressive physical edifices of Federal-style architecture, and coupled with more-or-less ubiquitous networking and computing, banks can concentrate on giving ultra-fast, efficient transaction services via authenticated e-mail and customer services via a Web-like server. I envision transactions ending up in two big buckets: card services and "cheque" services. Cards are for when you are wandering around, and e-mail "cheques" are for paying regular bills. The card system, insecure at it is, is fast becoming universal; I stopped carrying a checkbook around years ago and use credit cards for all possible transactions: you get a comprehensive statement at the end of the month with the names of all your vendors, and you also get a nice premium for using their transaction services (mine is airline frequent-flyer miles). In any future banking system one must assume that card-based transaction service will be the main, if not only, means of casual transaction, and it will be up to us to to build in the ncessary privacy and authenticating schemes to make this a trustable system. I find it difficult to imagine large-scale displacement of institutions like VISA, MasterCard, and Amex, simply because they do what they do (provide instant POS credit authorization, guarantee merchants quick payment, etc.) very well. While e-mail "cheques" are attractive because the mail infrastructure is almost entirely there already, I wonder if they will ever become more than a small percentage of total transactions, possibly limited to pre-authorized direct drafts for such things as utility bills, and maybe mail orders and transactions between individuals. #3, privacy, is a very difficult issue because of the regulatory role of the government. Because of the degree to which strong financial privacy threatens government power (especially taxing power; see previous messages on this) I can easily imagine that (1) banks doing business in or "touching" the US and most politically similar sovereignties will not be able to prevent themselves from disclosing identity and transaction information about their customers, and (2) people will probably be prohibited from dealing with these banks if they are in fact beyond the reach of legal process. This leads to the key question: should one trust (i.e., disclose one's identity to) or not trust one's bank? It would certainly be nice to be able to trust your bank, as it makes things much easier for all parties. They would be able to freely grant you credit (#4 above), since you could verifiably prove your assets, real property, employment, etc. But if you trust your bank, then they may be forced to disclose your identity to the government under legal process. Thus it is probably best to postulate a banking system that does not require trust. This complicates #4, credit. I can envision a system of vouched-for indirection (not unlike signing PGP-keys) that would allow you (the borrower) to disclose assets/earning capacity to a trusted third party that would certify to a lender that you (known to the lender only as a numbered account) are credit-worthy. If it can be made possible to break the traceability link between the credit-vouching agency and the lender, privacy may be possible. One problem may be that credit-vouching agencies cannot easily be "offshore", since they may need to examine your real estate (or whatever) though this could be done, perhaps, by appraisers or other local agents. Comments? -- Michael C. Berch mcb@net.bio.net / mcb@postmodern.com / mcb@remarque.berkeley.edu