(In honor of the Extropians list discussion elsewhere in this thread I include an Extropians-style message prefix.) An issue related to money laundering is money traceability. I posted something on this a couple of weeks ago but I have a little more information now. We are inclined to believe that with cryptographically anonymous digital cash, "money laundering" will be trivial. A simply sends the cash to B, and there is no way for the bank or anyone else to link the two together. While this is basically true with existing digital cash proposals, there is one kind of linkage that is possible. A knows and can recognize the cash which B holds. A and the bank could cooperate so that if B goes to the bank to deposit his cash (or deposits it electronically into an account linked to his True Name), B's anonymity can be broken. This has good aspects and bad aspects. On the good side, it should make robbery and extortion harder. If you are forced at gunpoint to enter your PIN into your cash smartcard, transferring cash to the robber's "electronic purse" (love that name), then later you can call the bank and report the numbers of the stolen cash. When the robber tries to deposit it, he can be caught. Similarly, this could be a boon to law enforcement "sting" operations. When the feds pay off the anonymous assassin-for-hire or kidnapper, and he goes to deposit the cash, again he can be caught. The other side of the coin, though, is that despotic governments can use these tools to control and restrict what their people can do. If the revolutionaries try to use cryptography to isolate and protect each cell from the others, traceable cryptocash may expose them. Keith Henson posted the start of an interesting story he was writing last year, about some eco-activists using cryptography for protection as they worked to sabotage some polluter. This kind of dramatic scenario might become less possible with traceable cash. (It's possible that some banks would allow truly anonymous accounts, so that even if the cash were recognized as it was turned in, the robber would not be caught. Still, the bank could refuse to honor the money in this case, preventing the criminal from profiting by his misdeeds.) The new information I mentioned comes from a paper by David Chaum in the Eurocrypt 92 proceedings: "Transferred Cash Grows in Size," by Chaum and Torben Pryds Pederson. Chaum considers off-line cash systems where the money does not necessarily have to be returned to the bank after each transaction. His main conclusion is, as the title suggests, that the cash must grow in size at each step. But a secondary conclusion is that under the right circumstances a payor can always recognize his cash at a later point, even after it has passed through many hands. Chaum describes these circumstances as the case where the payor has infinite computing power, but it appears that the same effect would be possible if the bank cooperated with the payor, as would be likely in the kinds of cases I mentioned earlier. The fundamental problem is the impossibility of having the cash be "re-blinded" as it passes from Alice to Bob (after it was "blinded" as Alice withdrew it from the bank). If this kind of multiple blinding were possible, so that neither Alice nor the Bank could recognize the money that Bob holds, multiple-spending could not be detected. Chaum's arguments appear to apply to virtually any electronic cash system which can prevent double-spending. They suggest that traceable cash will be the rule in any digicash system. People planning their future lives of crime under the new regime will need to take this into account. Hal