Banque des Cypherpunks
-----BEGIN PGP SIGNED MESSAGE----- C'punks, What would a cypherpunk bank (being a bank the style of which some cypherpunks would not hate too much :-) look like? How could it be made safe to run? One avenue of safety - shepherding the idea through SEC etc scrutiny so as to render the venture completely legal seems to lack something of a c'punk flavour. After all, one idea that some of us are quite taken with is that strong crypto and the changes it brings are not only important (they are), nor good (as Tim has pointed out - it depends where you stand) but *inevitable*. So, how safe would a cp style bank be today? There seem to be a number of possible pressure points: the machine, the operators, the managers/directors, the owners, the assets, getting money out of the system and getting money into the system. The Machine The easiest way to shut down an ebank is probably to unplug the machine the software is running on and take it away. A variation of this is to cut off net/telecomms access, or even electricity. (In the US/UK/NZ etc this would not seem to be too difficult - lie to a judge about a bit of child porn and you can pretty much take what you like.) Restricting ourselves to legitimate securities/banking enforcement, however, it would seem to be enough to move the box to some appropriate offshore site away from the major markets for the bank's services. Obviously, there is no need to actively advertise the physical location of the processor... The Operators Even if the authorities of the target jurisdictions (US, Europe, Asia) can't reach the operators of the machine while they are tending to it, they could, presumably, make it difficult for those people to leave their jurisdictions once they had entered them - by, for instance, issuing arrest warrants, or holding trials in absentia. Again, if the physical location of the machine is sufficiently obfuscated, this attack can be foiled. The Managers/Directors Assuming the bank is some kind of artificial legal entity, it will require some other legal entity to control its actions. That controlling entity could be themselves an artificial legal entity - for instance, a corporate director of an offshore company. The Owners Assuming the bank itself is not a natural person, it will be owned by someone (at least one list member has indicated an interest in investing in some form of ebank). These owners could be the subject of pressure. Using the same technology that made the ecash anonymous, the ownership of the bank could be made similarly unknowable. The Assets A bank isn't going to last long if the SEC can just take its 'deposits'. Fortunately there are still a number of jurisdictions left where the bank's bank account should be safe. Getting Money out of the System Eventually Tim is going to want to turn his Blacknet earnings into USD to reinforce his security perimeter. How do we stop the Feds effectively making it illegal to receive cheques from Banque des Cp? Presumably, BCp instructs its banks to issue bank cheques, or get bank cheques from other banks. Receiving wire transfers from Citbank may be notifiably suspicious, but that just makes you one of millions... Getting Money into the System This strikes me as the most serious problem. If we differentiate between big ticket (wholesale pharmaceutical type) and small ticket (remailer stamp type) transactions, it might just be possible that the former could be managed without bringing down the wrath of the authorities on the customers (having failed to effectivley attack the bank). Essentially the idea is to route payments through enough appropriate jurisdictions that tracing back from the ebank to the customer is impossible (or, rather, unlikely). Sticking a Libyan bank in the chain could help, for instance... But small ticket transactions can't use this route. The easiest thing to do would be to accept credit cards - but it wouldn't take much to convince Visa and Mastercard not to let their services be used, if not turn over details of everyone who tried to buy ecash. Cheques, TTs etc seem too cumbersome to be marketable, and, once again, too easy to trace - at least at first glance. The problem stems, I think, from trying to satisfy two seemingly opposed requirements - the customer must be sure who they are paying, but the authorities must not know the customer is paying the bank. Any ideas? [Another problem occurs to me. Alice's Awsome XXX CD-Rom Shoppe accepts BCp's BlackCash[TM]. Simon from the SEC buys a CD with BlackCash. "Asian Teenage Leather Maidens" duly arrives, and Simon arrests Alice for dealing in unauthorised securities (and unauthorised dealing in securities etc)...] I think I'll stop before I talk myself out of the whole thing :-) Cheers Dm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMHtVEVlo3j8JHzalAQHT9wP/TV0AN7o4/yfkKw3G4SPrZWUO+LUFdDnD a9v6OKUZZ8LrPQ/XORq3dvtOFtJ6GNiOPZkAWQQI9Rm792PcW4mdF+ppKynjgt0A olK/wFnbBVhYwoEOXvqaC+ZwCTbaewpydEi3OEPGRoXbpDaYxQkfAj7K0dPT21sz TjV5qM+rt+M= =dTqF -----END PGP SIGNATURE----- [Palmtop News Reader - Beta Version 3]
On Wed, 11 Oct 1995, David Murray wrote:
A bank isn't going to last long if the SEC can just take its 'deposits'. Fortunately there are still a number of jurisdictions left where the bank's bank account should be safe.
Use k-out-of-n secret sharing to split digital coins among hundreds of pseudo-banks spread throughout the world, so that governments would have to make a large number of raids to shut it down. -Thomas
-----BEGIN PGP SIGNED MESSAGE----- David Murray <sdavidm@iconz.co.nz> writes:
One avenue of safety - shepherding the idea through SEC etc scrutiny so as to render the venture completely legal seems to lack something of a c'punk flavour. After all, one idea that some of us are quite taken with is that strong crypto and the changes it brings are not only important (they are), nor good (as Tim has pointed out - it depends where you stand) but *inevitable*.
So, how safe would a cp style bank be today?
[feasibility analysis of blacknet style payment system]
If you haven't, you should read Doug Barnes <cman@communities.com> recent postings on the current state of money laundering regulations. Chilling stuff. You can bet they are not going to like the payment system you described, it's it's methods of transfering funds to and from US bank accounts would be open to many of the anti-money laundering attacks. It would put a lot of strain on the remailer nets to have the likes of FinCen, FBI, CIA, NSA etc. after them. It is the legal impliciations which are the problem, if they don't like what you are doing, and can hold that it is illegal, they will come after you with excessive force. Even it you could get away with it, a purely anarchistic system has the disadvantage of lack of take up: if no one is accepting your e-cash, you can't buy things with it. It could be made illegal for people to accept your e-cash, at this point only people acting anonymously will be using it. I think a possible approach is to work in two stages: to first work towards wide use of ecash, as privacy preserving as feasible with government imposed restrictions, and then in the future work on improving the level of privacy. The two stage approach I think is more likely to succeed because while there is no payment infrastructure, the hard-line blacknet style operations run counter to the aim of speeding the uptake of ecash. It seems to me that payment systems that escape jurisdictions by being in cyberspace protected by strong crypto, whilst perhaps inevitable long term, are still some way off. I think it is useful to explore what could be achieved by getting something less abitious working first. I like the distributed anarchic approach too, but lets first find peoples opinions on what is possible within the system, and see if anything useful would be possible with these constraints. I would like to hear views on whether the best that can be achieved with such constraints would be a step in the direction of a more desirable system (with better privacy guarantees), or whether it would instead be detrimental to the cause, say perhaps by contributing to getting a non-privacy preserving scheme immovably fixed as a standard. There are several approaches to ecash systems that I am aware of: 1. no anonymity - most current systems 2. "trust me" the schemes which claim anonymity, but in reality rely on your trust in the bank. eg Mondex 3. clipper-cash (Jakobsson) here you get to trust a (supposedly independant) third party http://www-cse.ucsd.edu/users/markus/ http://www-cse.ucsd.edu/users/markus/revoke.ps 4. blind signatures (Chaum, Brands) http://www.digicash.com/ http://www.digicash.com/publish/pu_sc.html 5. or agnostic server (Doug's paper) (blinding as well, just avoiding Chaum's patents) http://www.communities.com/paper/agnostic.html 6. anarchy - remailer net, blacknet type operation I would discount 1 & 2 as outright undesirable, and already available anyway. 6 would cause the regulators to throw a fit. Of the remainder 3, 4 & 5, I think the most likely to be acceptable to regulators is 4: clipper-cash. Next come 4 & 5. Chaum's blinding, and Doug's agnostically blinding proposals. What do people think of clipper-cash? Basically it sets of a scheme where you have an ombudsman who is supposed to be acting on the consumers behalf. Revoking privacy requires the cooperation of both the bank and the ombudsman - the bank on it's own can't strip your privacy. Down side: to get such a scheme past regulators the ombudsman would probably end up being a government body, or one beholden to government, such as banks are with all the current banking regs, re Doug's last two posts on the subject. The problem with clipper-cash see is that it is just as the name implies: private until you are investigated, or until the regulators decide to go on a fishing spree. But better than no anonymity. Technologically it would be possible to have multiple ombudsmen, or even have the recovery key be secret share split amongst ecash users in such a way that some chosen percentage of agreement would be required before cash could be traced, or revoked (made worthless). I would presume that the more ombudsmen there are, and the less amenable they are to government pressures, the less likely the payment scheme would be to be acceptable to the banking regulators. Does clipper cash satisfy any cypherpunk goals? Or is it the ecash equivalent of the hated clipper, and clipper II initiatives? A blinding agnostic or openly blinding signature based server would obviously be preferable, but could you get such a system approved by the regulators? These are just questions, to see what people think are the optimal configurations from a cypherpunks perspective, and how close to these ideals a payment system could be and still get past the regulators. Adam -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMHwDaSnIuJ1VakpnAQHS9wQAmVqEtZI4gNLWtory4adCvkZ1hKDYleXJ i2SM/HzvqreyVGyPyYEVWqwNasOYoUvUH/lJBt0DNjnAk1xzU2xFcjKxjjA9sOH8 tUxPbAPBNK9UJIMqMHUPCz33KDd0KYeHDJXYvW1Or+JUxRKQD065hBZZLIJqf3+K DXcMlD4qifU= =01vA -----END PGP SIGNATURE-----
aba@atlas.ex.ac.uk writes:
Technologically it would be possible to have multiple ombudsmen, or even have the recovery key be secret share split amongst ecash users in such a way that some chosen percentage of agreement would be required before cash could be traced, or revoked (made worthless).
I don't rember if any key-splitting schemes currently allow it, but how about this: the escrow agencies would be the courts, requiring one assent from each judge on the appeals chain. As each judge rules against the defendant or denies the appeal, he adds his piece of the key to the ruling. When you reach the top of the chain, then *and only then* can you be traced. I'm not really sure if this would apply in the ecash situation, since you don't have a defendant until you've done the trace, but it sounds like a legitimate safest solution in the case of GAK. One can hardly argue that the government has illegally revealed the keys when the whole legal system has approved it. NB: I'm *strongly* opposed to GAK in principle. I don't personally think there's any such thing as a "legitimate need for law enforcment" to listen in on private individuals. A free man shouldn't have to arrange for his life to be convenient for his servants --- private or civil, it should be the other way around. I'm just nothing that, working from the common notion of "legal", this system would make illegal key seizure unlikely.
Scott Brickner writes:
I don't rember if any key-splitting schemes currently allow it, but how about this: the escrow agencies would be the courts, requiring one assent from each judge on the appeals chain. As each judge rules against the defendant or denies the appeal, he adds his piece of the key to the ruling. When you reach the top of the chain, then *and only then* can you be traced.
JAK (Judicial Access to Keys) sounds as though it wouldn't give the LEAs a chance to pre-emptively snoop on message traffic before prosecution, unlike POTS wiretaps and Clipper. I don't see the govt. ever favoring such a scheme that doesn't help the LEAs to "gather" evidence to justify an indictment. They will probably skip JAK instead <ducking ;>.... -Futplex <futplex@pseudonym.com>
On Thu, 12 Oct 1995, Futplex wrote:
Scott Brickner writes:
I don't rember if any key-splitting schemes currently allow it, but how about this: the escrow agencies would be the courts, requiring one assent from each judge on the appeals chain. As each judge rules against the defendant or denies the appeal, he adds his piece of the key to the ruling. When you reach the top of the chain, then *and only then* can you be traced.
JAK (Judicial Access to Keys) sounds as though it wouldn't give the LEAs a chance to pre-emptively snoop on message traffic before prosecution, unlike ^^^^^^^^^^^^^ ^^^^^^ POTS wiretaps and Clipper. I don't see the govt. ever favoring such a scheme that doesn't help the LEAs to "gather" evidence to justify an indictment. They will probably skip JAK instead <ducking ;>....
I think that the bigger concern would be that a small set of judges at each level would be designated JAK judges (god forbid that they all have some idea of what the issues are ...). Then LEA would be certain to present only the most egregious cases to them until they got in the habit of signing off on them. Then, the marginal requests for access would slide through. I think Futplex insinuated that this would occur post charge rather than pre charge, to which LEA would never agree. You can't indict without evidence (at least in theory :-)) and and if you're going to get blown out of the water as soon as the encrypted traffic is decrypted by the defendants for trial ... well, let's just say it is better to lose early and quietly than later and in public. All this said, and after much personal wailing and gnashing of teeth, I *personally* believe GAK/MKE/JAK etc. is unworkable and should be quietly dropped. With so many ways around key escrow, especially the existence of PGP, I think the horse has left the barn. The issue won't be dropped, of course, at least in the short run. I appreciate all the thoughtful replies to my "Cypherpunks Key Escrow" proposal, and will ignore the few that were, ahem, not so thoughtful. I've been avoiding posting about this for weeks due to my own indecision, my workload, and a sprained wrist which makes typing an adventure, but when directed to "write an article for [a law enforcement magazine] that is pro-MKE," I had to reach a personal decision about this. I am generally very open about what I think/believe etc. and have few secrets from my friends. I get the impression that the majority of you have a different view about your personal life, but that's why Baskin-Robbins has 31 flavors, not one. I also strongly believe that you gravely overestimate the threat of MKE, probably overestimate the interest LEAs have in your personal affairs, and have little idea how hard it is to get court approval for wiretaps, and presumably access to escrowed keys. I did mention to my U.S. Attorney that the proposal that "other lawful authorities" [besides judges] could grant access to escrowed keys was especially bothersome. He took it well, and said that was a legitimate point (that I don't think will go anywhere). Now understand that, as a lawyer, I get paid to say what my client (the USA) wants me to say, within certain bounds, so I will write the article. My heart will not be in it, though. I would appreciate it if you wouldn't send this to Janet Reno or otherwise use it, with attribution, at least until I find a new job! :-) I stay in enough trouble here without this being circulated through the Department and placed in my personnel file. Lest there be any doubt: I SPEAK ONLY FOR MYSELF on this issue. The Department's and the Administration's* position has not changed to my knowledge (except as has previously been discussed in this forum). ***** *Some of you like to blame the Clinton Administration for all of this. Be mindful that all this started in the Bush Administration or earlier. There's plenty of blame to go around. I encourage the Cypherpunks anarchy to use its recent successes with Netscape, and soon with MS, together with its concommitant increase in credibility to educate the public and the politicians. EBD
-Futplex <futplex@pseudonym.com>
Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!
participants (6)
-
aba@atlas.ex.ac.uk -
Brian Davis -
futplex@pseudonym.com -
Scott Brickner -
sdavidm@iconz.co.nz -
Thomas Grant Edwards