real money) From: Somebody at a Central Securities Depository :-) Date: Wed, 13 Oct 2004 10:31:10 +0100 i buy the argument that transaction instantaneity is a solution to the identity theft problem - my cash in your hands, at the same time (now) as your goods in my hands, in a way that allows both of us to ensure we have got what we wanted. But there's a trade-off; I have to use money, not credit, now - your point about the buyer 'lending' the seller cash at 0% interest. I'm not sure how "the system compensates" for that. It seems to me it becomes a risk-cost trade-off for the individual: I can work out the cost to me of using real money not credit; then I know what I am paying to insure myself against identity theft. Of course I probably rely on the credit people covering me against a lot of the risk of identity theft, and I may not even pay them for that cost (if it is built into the APR they charge and I can avoid interest by paying off the card quickly)... so to me identity theft risk is almost costless. Why then would I choose to insure myself explicitly by using cash instead of credit? What is it that makes all the individuals start thinking about the best interests of "the system" (which should be cheaper without all these hidden insurance costs) instead of thinking about their own interests?! David "R.A. Hettinga" <rah@shipwright.com> 12/10/2004 15:52 To: John Kelsey <kelsey.j@ix.netcom.com>, cryptography@metzdowd.com, cypherpunks@al-qaeda.net cc: Subject: Re: Financial identity is *dangerous*? (was re: Fake companies, real money) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 9:49 AM -0400 10/12/04, John Kelsey wrote:

Hmmm. I guess I don't see why this story supports that argument all that well.

More like the straw that broke the camel's back, admittedly. A long time ago I came to the conclusion that the closer we get to transaction instantaneity, the less counterparty identity matters at all. That is, the fastest transaction we can think of is a cryptographically secure glop of bits that is issued by an entity who is responsible for the integrity of the transaction and the quality of assets that the bits represent. Blind signature notes work fine for a first-order approximation. In other words, an internet bearer transaction. In such a scenario, nobody *cares* who the counterparties are for two reasons. The first reason is existential: title to the asset has transferred instantaneously. There is *no* float. I have it now, so I don't *care* who you were, because, well, it's *mine* now. :-). Second, keeping an audit trail when the title is never in question is, in the best circumstances superfluous and expensive, and, in the worst, even dangerous for any of a number of security reasons, depending on the color of your adversary's hat, or the color your adversary thinks his hat is, or whatever. Keeping track of credit card numbers in a database is an extant problem, for instance, with a known, shall we say, market cost. We'll leave political seizure and other artifacts of totalitarianism to counted by the actuaries.

Clearly, book entry systems where I can do transactions in your name and you are held liable for them are bad, but that's like looking at Windows 98's security flaws and deciding that x86 processors can't support good OS security.

I'm walking out on a limb here, in light of what I said above, and saying that when there's *any* float in the process, your liability for identity theft increases with the float involved. Furthermore, book-entry transactions *require* float, somewhere. They are debt-dependent. Someone has to *borrow* money to effect a transaction. (In a bearer transaction, the shoe's on the other foot, the purchaser is *loaning* money, at zero interest, but that's what the buyer wants so the system compensates accordingly, but that's another story.) Because the purchaser has to borrow money to pay, and because you *cannot* wring the float out of a transaction (that is, you can get instantaneous execution, but the transaction clears and settles at a later date; 90 days is the maximum float time for a non-repudiated credit-card transaction, for instance), I claim that book-entry transactions will *always* be liable for "identity" theft. Put another way, remember Doug Barnes' famous quip that "and then you go to jail" is not an acceptable error handling step for a transnational internet transaction protocol. I would claim that enforcement of identity as a legal concept costs too much in the long run to be useful, and that the cheapest way to avoid the whole problem is to go to systems which not only don't require identity, but they don't even require book-entry *accounts* at all to function at the user level. Financial cryptography has had that technology for more than two decades now, so long that the patent's about expired on it, if it hasn't already.

The aspect of this that's generally spooky is not the existence of book entry payment systems, it's the ease with which someone can get credit (in one form or another) in your name, based on information they got from public records and maybe a bit of dumpster diving, some spyware installed on your machine, or a phishing expedition. How the payment systems are cleared isn't going to change that, right? (I know you've thought about this stuff a lot more than I have, so maybe I'm missing something....)

See above. When you use book-entry transactions, by definition, you need identity. Biometric, is-a-person, go-to-jail-if-you-lie-about-a-book-entry identity. With bearer transactions, digital/internet or otherwise, you don't have identity. You don't *need* identity to execute, clear, and settle the transaction, primarily because all three happen at once. There's no float between the three activities. You don't have to send someone to jail if they lie, because the transaction never executes in the first place if they do. Now, there are tradeoffs. The first one is key management, which as Schneier likes to point out, is a hard problem. Personally, I think that if you don't have to associate a key with a flesh-and-blood body in meatspace, a whole continent full of problems just disappears. In a bearer transaction, it's orthogonal to the issue of security anyway, and all it does is cost you money to do for no added benefit. The second one is security of the digital bearer notes and coins themselves, which, frankly, scares people in the finance business most of all. However, I would claim that all organizations, and even people :-), do their *database* and document backups already, and that proper system hygiene will evolve, particularly if literal money is involved. Frankly, there already is a market for distributed data storage, and there are even working systems using m-of-n distributed data storage, which would be the most secure way to solve the problem. And, as we all know, digital bearer transactions are the best *way* to pay for those kinds of m-of-n services anyway, so it feeds on itself nicely. I think that it's less of a chicken-and-egg problem than it used to be, and I think that reality is catching up to all the theory we've kicked around on these lists for more than a decade now. The ultimate solution to the problem of identity theft is to not use identity at all, and, frankly, not even to use book-entries at all. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc sc4xGjfFFKMysKjV2hRDjSsy =C/Ar -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' This email is for the intended recipient only and is confidential. If you are not the intended recipient, please inform the sender immediately and delete this email and any copies, (including attachments), from your system. You should not read, copy or make any use of this email if you have received it in error. You should take whatever measures you deem to be appropriate to ensure that this email is virus free. CRESTCo Ltd does not give any representation, guarantee or warranty (whether expressed or implied) that this email has been securely transmitted or is accurate, timely or complete and excludes all liability in connection with this email or for any statements which are clearly the senders own and do not represent the views of CRESTCo Ltd. CRESTCo Ltd reserves the right to monitor the use and content of all emails. --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'