Mark Twain Bank (was: Anonymity: A Modest Proposal)
First of all, those who have looked over the MT Bank stuff all know that they are clearly off to a very shaky start. I know of three guys that could have done a _much_ more professional job, almost a year ago. Unfortunately we were rejected by Chaum as insufficiently respectable. So now we get a service that is lame, confusing and expensive -- at least at the bank end. Chaum apparently continues to suffer from the belief that he needs a real bank to issue e-cash. Well, MT Bank is a real bank, but they have managed to violate at least one major Federal Reserve requirement (accounts in the ECash mint are clearly demand deposit accounts -- it would have been trivial to define them differently but somebody apparently wasn't thinking.) A technically-oriented NBFI could have done a much better job, without a lot of the "real bank" baggage, such as minimum deposits ($250, not $2,500, but still pretty steep for someone wanting to spend $.10 on something.) My understanding is that the _bank account_ is FDIC insured, but not the ECash. I could be wrong -- their materials are extremely confusing and hard to follow. As one of my co-workers said today, "It will be interesting to sit back and watch them take regulatory mortar fire." Indeed. I'm really hoping that they pull their act together -- I've already sent in my account application -- but things look really grim at the moment. There are certainly a lot of projects list members are working on that would be greatly enhanced by functioning, popular e-cash. I encourage everyone to give them lots of helpful feedback so that they can turn this around. On another note, I'm hoping that some of you will also bite the bullet, get accounts, and join me attempting to win valuable prizes in Sameer's "Hack Digicash" promotion. I'd rather see one of us find holes in this than see the whole thing melt into the ground. This extremely unprofessional, bungled launch does, I admit, make Mondex (with scads of beautiful marketing literature) look better all the time, although based on some conversations on Sunday, it appears that they may have _extremely serious_ architectural security problems. We'll see how things play out. Later, Doug
With the release of digicash I hope that we can soon make this stuff for-pay and much of the spam problem will be fixed. (Not all of it, of course.) (I am rather hesitatnt to setup an account with Mark Twain though.. $2,500 min balance and not FDIC insured?)
cman@communities.com (Douglas Barnes) writes:
A technically-oriented NBFI could have done a much better job, without a lot of the "real bank" baggage, such as minimum deposits ($250, not $2,500, but still pretty steep for someone wanting to spend $.10 on something.)
I don't believe this is correct. The $250 refers to foreign currency accounts and is not relevant for ecash users. The ecash account has an account opening fee of $11 and a monthly fee of $5 for the low volume user. That is all the minimum there is, as I read it. You can reduce the per-month fee by paying more up front, but it isn't a net savings until you've had the account open for about two years.
My understanding is that the _bank account_ is FDIC insured, but not the ECash. I could be wrong -- their materials are extremely confusing and hard to follow.
It seems that there are three places "your" money can be: in the "World Currency Access" account, where it is insured; in the "ecash mint", a separate account at the bank, where it is not insured and in fact is considered withdrawn (?); and in your ecash wallet on your computer disk. You can transfer funds back and forth between your wallet and the "mint" freely, but transfers are limited between the World Currency account and the "mint" account. It does seem like an odd approach, but perhaps there are some legal reasons for doing it like this. Hal
Someone writes:
My understanding is that the _bank account_ is FDIC insured, but not the ECash. I could be wrong -- their materials are extremely confusing and hard to follow.
I read the entire lengthy contract and found quite a few things which appear to be designed to cover the bank's posterior. 1. Both parties stipulate that their relationship is a business relationship and not a fiduciary relationship. 2. Your account is not FDIC insured. 3. The bank accepts no liability for anything going wrong, although it may, at its sole option, attempt to make ammends. 4. Parties agree to wave a jury trial. 5. Parties agree to binding arbitration. 6. General waffling to the effect that the tiny fees collected imply an equally tiny responsiblity and potential liability on the part of the bank. Now most of this language also appears in the fine print of the First Virtual agreement, so it is not like you have an option of trading on the Internet under the rules which govern your ordinary checking account. One wonders whether signing away all responsibilty on the part of the bank is going to be the standard for using digital money on the Internet, or whether consumers will demand protection when using these new services. One has to be careful that when new technology replaces old, the privacy protection which applied to the old also applies to the new. Good examples of this in the past are the ways in which the rights you have to the privacy of paper mail generally fail to be extended to Email, and of course "regulation E", which exempted bank accounts which were capable of Electronic Funds Transfer from a great deal of the protection which used to govern users of ordinary checking accounts. On the brighter side, Dr. Chaum's success in convincing someone to back DigiCash with actual US dollars certainly makes advances in breaking public key cryptography worth a great more than the tiny prizes currently offered by RSADSI. It will be interesting to see how this all works out in the next few months. Arjen Lenstra is planning on factoring RSA-130 on the Web for a high performance computing conference later this year. This should lead to some very robust estimates for the amount of computing power needed for GNFS to break 512 bit PGP keys. Does anyone know the details of the DigiCash protocol, or how much computing power it would take someone to make counterfeit coins? -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
1. Both parties stipulate that their relationship is a business relationship and not a fiduciary relationship.
Perhaps someone with US legal experience might care to comment on the enforceability of such a clause. Surely the nature of the relationship is defined by its character and not soley by a contract disclaimer.
2. Your account is not FDIC insured.
Good luck then!
3. The bank accepts no liability for anything going wrong, although it may, at its sole option, attempt to make ammends.
Wouldn't it be convenient if such clauses were enforcable?
4. Parties agree to wave a jury trial.
5. Parties agree to binding arbitration.
These seem pretty dangerous to me if enforcable. They would effectively usurp the power of the courts as arbiter. Although I have less confidence in the competence of a jury than that of judges I'm pretty sure that the UK courts would consider such contract clauses in a dim light.
6. General waffling to the effect that the tiny fees collected imply an equally tiny responsiblity and potential liability on the part of the bank.
Hmm, wana bet? This is not a commercial contract between buisnesses it is clearly offering a consumer service. It is not the result of informed negotiation between sides armed with lawyers, it is a very one sided contract. This brings up a major problem with Chaum's schemes, there has to be trust in the financial institution. Contracts such as this do not inspire confidence. Mark Twain bank have a confidence problem in any case, when I mentioned their name as DigiCash licensees to an audience yesterday they laughed.
One wonders whether signing away all responsibilty on the part of the bank is going to be the standard for using digital money on the Internet, or whether consumers will demand protection when using these new services.
Consumers have votes, they are not afraid of regulation. Forget the pap you see spouted by politicians about deregulation, they simply mean remove the regulations that negatively affect our interests, their supporters are likewise. It is ironic that the Credit card cos biggest advantage in cyberspace and other mail order turns out to be the $50 limit on consumer exposure to loss. This is another side of regulation E that people don't mention so often. Lets wait a while and see how long it takes for the Fed to ring up "dear boy, we have a few questions....". Phill
-----BEGIN PGP SIGNED MESSAGE----- An entity calling itself "Phil <hallam@w3.org>" allegedly wrote:
Perhaps someone with US legal experience might care to comment
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
on the enforceability of such a clause.
That's not me, but I have some things to say anyway. If I could figure out how to make DigiCash's SunOS client write money into ASCII files I would attach 2 cybercents to the end of this.
Surely the nature of the relationship is defined by its character and not soley by a contract disclaimer.
I prefer to think that contractual relationships are defined by the explicit stipulations the contract, and the implicit understandings between the two parties (which are unavoidable, since they begin at the semantic or even cognitive level and cannot be described explicitly with our current science/tech, but which should be made explicit wherever possible), and are completely *un*-influenced by the arbitrary opinion of some third organization which happens to own lots of big guns in their geographical regions.
3. The bank accepts no liability for anything going wrong, although it may, at its sole option, attempt to make ammends.
Wouldn't it be convenient if such clauses were enforcable?
Wouldn't be nice if whatever clauses two competent entities agreed to were enforceable? (non-repudiation, reputations, Nick Szabo's "liens"...)
4. Parties agree to wave a jury trial.
5. Parties agree to binding arbitration.
These seem pretty dangerous to me if enforcable. They would effectively usurp the power of the courts as arbiter.
Indeed they do usurp that power, don't they? :-) <I smile happily.> And it's only going to get worse(/better). ((anon)nymity, e-cash, tax evasion, black markets...)
Although I have less confidence in the competence of a jury than that of judges I'm pretty sure that the UK courts would consider such contract clauses in a dim light.
And I, by way of contrast, consider such clauses, which remove business relationships from the realm of violence and into the realm of mutually consensual, organizationally emergent social structures, in a very positive light.
Consumers have votes, they are not afraid of regulation. Forget the pap you see spouted by politicians about deregulation, they simply mean remove the regulations that negatively affect our interests, their supporters are likewise.
And I'm of the opinion that any "regulation" (i.e. threat of force against peaceful parties) negatively affects my interests (all of ours) in the long run. And I too have a vote. Crypto relevance? Much! The overview is that crypto tech will ultimately enable my view of ideal social structure rather than yours. Non-repudiation, e-cash, Nick Szabo's "liens", tax evasion, black markets, (anon)nymity, reputations and (hopefully hopefully) the education/enlightenment of the populace because of powerful non-censorable information access all point this way. Of course, it will be a long, twisted road from here to there (we live in interesting times), but I am ultimately hopeful. I hope this rant is not wholely without value. I do it rarely, so you are safe for another few months now that I have it out of my system. Regards, Bryce signatures follow "To strive, to seek, to find and not to yield." <a href="http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMI6P9/WZSllhfG25AQHl9wQAmOWc0PiNbeKaT0Ow1d63g5bdQ2A0417D nXlv3T4olwymwTiB3oWv4t28LPIkKwl2dCm6xLduk1+8z5t7rwZCUYRc91t7ro58 8y6yZOvSRvupKm9IUu5l/Nhmd2uv4TpHQKq11UfCaxUmXdxeZ8AS5RrB1uq51BUM ctATwNuH08c= =WJ/H -----END PGP SIGNATURE----- rom owner-cypherpunks Wed Oct 25 12:30:03 1995 Return-Path: <owner-cypherpunks> Received: by toad.com id AA28197; Wed, 25 Oct 95 12:30:03 PDT Received: from larry.infi.net by toad.com id AA28174; Wed, 25 Oct 95 12:29:42 PDT Received: by larry.infi.net (Infinet-S-3.3) id PAA04999; Wed, 25 Oct 1995 15:29:21 -0400 Date: Wed, 25 Oct 1995 15:29:20 -0400 (EDT) From: Alan Horowitz <alanh@infi.net> To: Duncan Frissell <frissell@panix.com> Cc: Ian Goldberg <iang@cory.EECS.Berkeley.EDU>, cypherpunks@toad.com Subject: Re: Mandatory ID in California? In-Reply-To: <199510251617.MAA23789@panix.com> Message-Id: <Pine.SV4.3.91.951025152409.3136C-100000@larry.infi.net> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cypherpunks@toad.com Precedence: bulk "States may not authorize arrest...for failing to produce identification..." Kolender v. Lawson 461 U.S. 352 (1983) "...may not compel an answer and they must allow the person to leave after a reasonable brief period of time...." - - ibid California is the Ninth Circuit, no? See, inter alia, Martinelli v. City of Beaumont, 820 F.2nd 1491 (1987). Alan Horowitz alanh@infi.net
On Mon, 23 Oct 1995, Douglas Barnes wrote:
This extremely unprofessional, bungled launch does, I admit, make Mondex (with scads of beautiful marketing literature) look better all the time, although based on some conversations on Sunday, it appears that they may have _extremely serious_ architectural security problems. We'll see how things play out.
MT Bank could clearly benefit from a Linux-type of advocacy and support. There are oodles of people out there with Desk Top Publishing equipment and graphics talents that could help MT/Digicash out. Why should they? Simply, for the benefit of the net (remember that???). Im sure some of the folks on the WEBS mailing list could start with a rehaul of their Web Page. Lets see if we can get at least some pro bono design work for marketing materials for real ecash. Talk it up in the newsgroups and whatever lists you are on. Add it to your already to lengthy <g> .signature. It does appear a clumsy announcement, but nonetheless, congrats to the folks at MT and Digicash for doing their best to make e-commerce a bit more safe.
Later,
Doug
Matt -- Go to http://www.digicash.com/ecash.html then to Mark Twain then open account then *spend, spend, spend*
Hi, You mention architectural problems in Mondex. Do you have any hard info on the specs? I'm trying to find someone who does who is willing/able to talk. One thing that struck me was that each Mondi would need to have both the secret and public parts of a public key incorporated (if thats what they are doing) hence what is the advantage of public key? Yet they have an on chip modular exponentiation device on the new silicon rev... Looking at the secrecy stuff on Mondex, I suspect I would take the same approach, not to protect the core protection but so as to permit a gradual approach to penetration detection. I would expect some type of tripwire to be built into the device such that a fraud attempt apparently succeeds but indicates that there is a problem. Phill
participants (6)
-
Bryce -
cman@communities.com -
Hal -
hallam@w3.org -
Matt Miszewski -
mpd@netcom.com