-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 9:49 AM -0400 10/12/04, John Kelsey wrote:

Hmmm. I guess I don't see why this story supports that argument all that well.

More like the straw that broke the camel's back, admittedly. A long time ago I came to the conclusion that the closer we get to transaction instantaneity, the less counterparty identity matters at all. That is, the fastest transaction we can think of is a cryptographically secure glop of bits that is issued by an entity who is responsible for the integrity of the transaction and the quality of assets that the bits represent. Blind signature notes work fine for a first-order approximation. In other words, an internet bearer transaction. In such a scenario, nobody *cares* who the counterparties are for two reasons. The first reason is existential: title to the asset has transferred instantaneously. There is *no* float. I have it now, so I don't *care* who you were, because, well, it's *mine* now. :-). Second, keeping an audit trail when the title is never in question is, in the best circumstances superfluous and expensive, and, in the worst, even dangerous for any of a number of security reasons, depending on the color of your adversary's hat, or the color your adversary thinks his hat is, or whatever. Keeping track of credit card numbers in a database is an extant problem, for instance, with a known, shall we say, market cost. We'll leave political seizure and other artifacts of totalitarianism to counted by the actuaries.

Clearly, book entry systems where I can do transactions in your name and you are held liable for them are bad, but that's like looking at Windows 98's security flaws and deciding that x86 processors can't support good OS security.

I'm walking out on a limb here, in light of what I said above, and saying that when there's *any* float in the process, your liability for identity theft increases with the float involved. Furthermore, book-entry transactions *require* float, somewhere. They are debt-dependent. Someone has to *borrow* money to effect a transaction. (In a bearer transaction, the shoe's on the other foot, the purchaser is *loaning* money, at zero interest, but that's what the buyer wants so the system compensates accordingly, but that's another story.) Because the purchaser has to borrow money to pay, and because you *cannot* wring the float out of a transaction (that is, you can get instantaneous execution, but the transaction clears and settles at a later date; 90 days is the maximum float time for a non-repudiated credit-card transaction, for instance), I claim that book-entry transactions will *always* be liable for "identity" theft. Put another way, remember Doug Barnes' famous quip that "and then you go to jail" is not an acceptable error handling step for a transnational internet transaction protocol. I would claim that enforcement of identity as a legal concept costs too much in the long run to be useful, and that the cheapest way to avoid the whole problem is to go to systems which not only don't require identity, but they don't even require book-entry *accounts* at all to function at the user level. Financial cryptography has had that technology for more than two decades now, so long that the patent's about expired on it, if it hasn't already.

The aspect of this that's generally spooky is not the existence of book entry payment systems, it's the ease with which someone can get credit (in one form or another) in your name, based on information they got from public records and maybe a bit of dumpster diving, some spyware installed on your machine, or a phishing expedition. How the payment systems are cleared isn't going to change that, right? (I know you've thought about this stuff a lot more than I have, so maybe I'm missing something....)

See above. When you use book-entry transactions, by definition, you need identity. Biometric, is-a-person, go-to-jail-if-you-lie-about-a-book-entry identity. With bearer transactions, digital/internet or otherwise, you don't have identity. You don't *need* identity to execute, clear, and settle the transaction, primarily because all three happen at once. There's no float between the three activities. You don't have to send someone to jail if they lie, because the transaction never executes in the first place if they do. Now, there are tradeoffs. The first one is key management, which as Schneier likes to point out, is a hard problem. Personally, I think that if you don't have to associate a key with a flesh-and-blood body in meatspace, a whole continent full of problems just disappears. In a bearer transaction, it's orthogonal to the issue of security anyway, and all it does is cost you money to do for no added benefit. The second one is security of the digital bearer notes and coins themselves, which, frankly, scares people in the finance business most of all. However, I would claim that all organizations, and even people :-), do their *database* and document backups already, and that proper system hygiene will evolve, particularly if literal money is involved. Frankly, there already is a market for distributed data storage, and there are even working systems using m-of-n distributed data storage, which would be the most secure way to solve the problem. And, as we all know, digital bearer transactions are the best *way* to pay for those kinds of m-of-n services anyway, so it feeds on itself nicely. I think that it's less of a chicken-and-egg problem than it used to be, and I think that reality is catching up to all the theory we've kicked around on these lists for more than a decade now. The ultimate solution to the problem of identity theft is to not use identity at all, and, frankly, not even to use book-entries at all. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc sc4xGjfFFKMysKjV2hRDjSsy =C/Ar -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'