Re: Meeting notes from ANSI X.9 Meeting on Electronic Payment
It doesn't appear that these people seem to care about cash-like anonymous token-based payment schemes. Is that a valid assesment? What is needed to make these people start caring about that?
My guess is, they won't. Ever. <Elmer Gantry Mode On> We're looking right into the maw of the beast, here, folks. This is how book-entry systems want to rule the world. It seems to me that all this X.BlaBla stuff is about interlocking directories, offsetting book-entries and audit trails back to the flood, so that if you break a trade, much less evade taxes or engage in other horsemanlike behavior, they can sic the Lawfully Deputed Authorities to slam you in the pokey. <Elmer Gantry Mode Off> Code words for this bunch include "non-repudiation", "Certification Authorities", "X.Whatever", and of course "information infrastructure", and is done usually in concert with, well, lawyers. Michael Froomkin has had some experience with these types already this month, and my anonmyous informant, "Erwin Corey" , the world's foremost authority, is in the thick of these things. I just got some mail from someone over at bnn who gave me the following argument, just to show how they think: 1. If we use internet-level (ISP) or link-level (SSL,etc) strong cryptography, governments can't keep an eye on the 4 horsemen, who would then rule the world, and the government needs to save us from that. 2. If we just use encryption for the "little" stuff, like credit card numbers, and signatures, and wire authorization codes, and the like, the Powers that Be will let us play with money on the internet. 3. So, go back to your sandbox boy, and let the adults get on with the Important Stuff, okay? Actually, argument #3 is implicit in all of this, but that's okay. Here's why. As one cursed with hyper-analogizing the universe, I see the X.whatever crowd as centralized surface transport, viz: Railroads and Ships. We're in the car and plane business, point-to-point, autonomously operated by the users of the technology for whatever they want to do. The time is, say, 1910. They look up in the sky at the airplanes rattling around, or they jump out of the way of a Model T clattering down the street, and they mutter, "let the adults get on with the Important Stuff". Cool. What they really don't understand is that the internal combustion engine of internetwork commerce, digital bearer certificate technology, is about to rock their world. The thing I hear over and over from these people is, "We just want to map all this great experience we have with the Law of Commerce onto the Information Superhighway, so we won't have to reinvent the wheel." They can't understand why *anyone* would want to remain anonymous. They can't imagine the benefits of uncontrolled autonomous agents, buying or selling things, (including themselves) in a global ecology of networks and silicon. Just like the transportation magnates of the turn of the century couldn't understand why someone wouldn't use a steam engine, because they're much more efficient thermodynamically than any internal combustion engine could ever be. The technology lends itself to economies of scale, and, well, it's lest wasteful that way. This is why J.Pierpont Morgan made a fortune consolidating railroads and steel companies. These people are just victims of their own success, really. They are the end products of years of meritocratic selection, schooling, and certification. They have been practically bred to inhabit the top of hierarchies. So, when they look at the internet, they can see nothing else but what they know. They see something like digital cash an anomaly, an error in the data, because even with a completely on-line system and Mark Twain Bank walking very gingerly on the thin ice of new economic technology, MTB's cost on a Digicash trade is $.50, while the most efficient book-entry system on the net, First Virtual, has to charge, what? $5.00 to break even? Wait until we can actually trust off-line payment schemes for *really* small stuff, and get profits from issuing nano-money. They don't get it. The network isn't a hierarchy. The network is a geodesic. You don't need offsetting book entries, you can trade digital certificates much cheaper. You don't need to control your software, you need to make it autonomous and set it free. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA (617) 958-3971 "Reality is not optional." --Thomas Sowell The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/
Phree Phil: Email: zldf@clark.net http://www.netresponse.com/zldf <<<<<
Excerpts from mail.nonpersonal: 4-Dec-95 Re: Meeting notes from ANSI.. Robert Hettinga@shipwrig (4665*)
MTB's cost on a Digicash trade is $.50, while the most efficient book-entry system on the net, First Virtual, has to charge, what? $5.00 to break even?
From a consumer standpoint, I think that the only reasonable thing you can do is to assume that the vendors are pricing their services at a level that they believe yields profit in the long term. FV charges 29 cents plus 2 percent, which means that you can put 50 cent charges
There are some interesting unspoken assumptions here. To calculate anyone's "cost" on a transaction requires the complex amortization of costs over many transactions, with assumptions/projections about the transaction volume. I have no idea where you came by either of your numbers, MTB's or FV's, but I can tell you that your guess about FV is off the mark. And I'm sure that MTB is no more eager than we are to publicly dissect all the underlying cost structures, so I have no idea what the 50 cents that you cite really means. through the system if you're willing to give up 30 of those cents. By pricing it that way, we have invited people to put 50 cent charges through the system. We wouldn't have done that if we didn't think we could make money on it. To be perfectly clear: our minimum service charge is 30 cents, not 5 dollars. If we didn't think it was worthwhile to take transactions that small, we wouldn't do so. Finally, on the more philosophical matter:
They don't get it. The network isn't a hierarchy. The network is a geodesic. You don't need offsetting book entries, you can trade digital certificates much cheaper. You don't need to control your software, you need to make it autonomous and set it free.
In terms of crypto-privacy, anonymous communication, and things like that, I agree completely. However, it's genuinely more complicated than that where money is concerned, because there are aspects of the translation between "bits and bucks" that have some extremely serious practical complexities. A true geodesic structure is self-supporting and self-structuring. A cryptographic infrastructure can and should be similar, I agree completely. However, a *monetary* infrastructure needs convertability, and the points of conversion are always the best targets of attack for criminals. (I've been casting about for an analogy to physical geodesics, and it's hard to find one. The best I can come up with is to imagine that in order to convert a carbon buckyball to a more conventional set of carbon molecules, you had to do it through a service bureau that was capable of error, fraud, or subversion by outside criminals. This would ONLY matter if you ever wanted to do such conversions, but it would matter a lot then, especially if you had to suffer a serious financial loss if you got the wrong carbon molecules at the end of the process.) IF you wanted to settle for a totally non-convertible economy (like rubles in the old Soviet Union, or like the LETS system on the net today, as I understand it) then you could build it geodesically. But if you want to be able to convert back and forth between Internet payment systems and non-Internet payment systems, it can never be truly geodesic. It will always be attackable at the points of conversion. (You may "trade digital certificates", but how do you know the ones you're receiving were obtained for legitimate real-world value?) Because of this, the underwriting financial institutions, who have a very reasonable desire to limit their own risk, will inevitably seek the protection-by-traceability offered by something less than perfect anonymity. We may not like it, but it's a very natural position to be taken by those who are actually bearing the financial risks at the point of conversion. The truth is that there's a natural tension between the consumer's desire for privacy and the underwriter's desire for financial protection. First Virtual has been worrying about this for 2 years now, actually. Our solution -- which I think has held up pretty well -- was to allow users to be pseudonymous (as opposed to anonymous), to limit the traceability-by-pseudonym to the service bureau (FV) that effects the payments, and to treat all such information with the highest possible standards of confidentiality. The fact that the information can be traced when absolutely necessary is actually a huge selling point with those who carry the financial risks. I'm not claiming it's a perfect solution, but I think that unless you are clear about the underlying tradeoffs, it's hard to talk seriously about how to build a better solution. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> | (Tense Hot Alien In Barn) Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON: FAQ & PGP key: nsb+faq@nsb.fv.com | http://www.netresponse.com/zldf
On Tue, 5 Dec 1995, Nathaniel Borenstein wrote:
In terms of crypto-privacy, anonymous communication, and things like that, I agree completely. However, it's genuinely more complicated than that where money is concerned, because there are aspects of the translation between "bits and bucks" that have some extremely serious practical complexities.
A true geodesic structure is self-supporting and self-structuring. A cryptographic infrastructure can and should be similar, I agree completely. However, a *monetary* infrastructure needs convertability, and the points of conversion are always the best targets of attack for criminals. (I've been casting about for an analogy to physical geodesics, and it's hard to find one. The best I can come up with is to imagine that in order to convert a carbon buckyball to a more conventional set of carbon molecules, you had to do it through a service bureau that was capable of error, fraud, or subversion by outside criminals. This would ONLY matter if you ever wanted to do such conversions, but it would matter a lot then, especially if you had to suffer a serious financial loss if you got the wrong carbon molecules at the end of the process.)
I agree that conversion points are good targets for attack. Therefore whether conversion services are centralized or distributed will partly depend on the economy of scale in protection against criminals. I'm not sure how much of this economy of scale exists for conversion between electronic and physical monetary instruments. But if we're converting between one eletronic system and another, then cryptographic protocols reduce the cost of protection to nearly zero for even small organizations. Wei Dai
Nathaniel Borenstein writes:
A true geodesic structure is self-supporting and self-structuring. A cryptographic infrastructure can and should be similar, I agree completely. However, a *monetary* infrastructure needs convertability, and the points of conversion are always the best targets of attack for criminals.
Ah! You mean the criminals seeking to exploit the conversion, not criminals using the anonymity of the system for income secrecy. I got a little confused right there. -russ <nelson@crynwr.com> http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | Flushing, NY. Not just a suburb, Potsdam, NY 13676 | +1 315 268 9201 FAX | it's a good idea in general.
participants (4)
-
Nathaniel Borenstein -
nelson@crynwr.com -
rah@shipwright.com -
Wei Dai