ecash developer software liability, round 809834
(round 809834 because I'm sure this has been discussed 809833 times at least on this and other lists, but google hasn't found anything interesting for me) (I was going to try to make a long posting on what I felt were the good and bad of the state of play of ecash software development at the end of 2001, but then I spent a few minutes poking through cypherpunks archives and realized that's not much new to say which wouldn't need to be explained in context not a lot of people have. I'd rather spend the time this freezing winter day developing some useful software instead. (configuring some semi-useful software, rather, right now) So instead just a few questions.) What exactly *is* the legal or security liability if a person of independent/offshore means develops and delivers an electronic cash system in an open-source fashion, optionally with no continuing personal involvement in development, or optionally with continuing personal software development involvement but no operational involvement? How much of a difference do the various levels of removal make? (in place of "ecash" feel free to substitute "anonymization", "datahaven", "p2p", "assassination politics bot", etc....the argument is probably generalizable to any unpopular code which involves money and privacy.) I'm unconvinced it's possible to develop any large piece of software in a truly anonymous manner; anyone who *could* develop ecash has enough information available about them online to understand what they did, especially for something as intellectually complex as a workable, vs. minimum-effort, ecash system. There is a small enough number of people who could develop such a thing that a bit of research would show which ones spent every day for the past 3 months shirking other professional responsibilities and contacting credit card processors, writing code, etc. (plus, of course, ego reasons make it unlikely the developers of such a thing could remain anonymous)
From nothing I've seen is the risk anywhere near as substantial as some would suppose. Worst case with ecash is that it is ONLY used for criminal operations; perhaps the ecash operator could be attacked under RICO? I think perhaps the developer could be named if there were more than arms-length interaction between developer and operator, but this becomes more difficult if post-development the developer disclaims ownership. Lets say it is used by real terrorists to finance the purchase of weapons for a weapon of mass destruction, in a single transaction, with no other uses. As long as the developer is not linked to the operation of the system, and the operator of the system is not linked to the end parties, I can see legal or extralegal harassment. (I am perhaps naively assuming US law is the only law which matters; this may not be the case)
But what is the absolute worst thing that will happen? Extralegal quasi-governmental execution? Indefinite imprisonment without trial? Successful prosecution under some law? Asset seizure? Being declared a bad person by Ashcroft in a press conference? Not getting invited to FBI agent parties? Scorn and slight regard? You can't "unwrite" code, and if something is done and shut down, but doesn't fail for fundamental reasons, it's just a matter of time before someone else picks up the still-shiny unbroken tools and starts again, perhaps a bit more carefully. If people stopped slanging rock every time someone on the corner got knocked, the ghetto would have a lot fewer BMWs. The DMCA/Dmitri case is certainly one of the most recent, but the end result was effectively nothing. I would be annoyed by spending a year in a federal jail, but it wouldn't seriously impact my life. Being convicted of a felony would be slightly more unpleasant, but not substantially so -- not that I'm convinced there's much which would stick. I don't really need to worry about asset forfeiture, being declared "evil" by Ashcroft would be worth it, and I doubt I'd get invited to FBI parties anyway. Being murdered by the state would also be unpleasant, but is at least fairly rare and unlikely. A media/government character assassination attempt would be unpleasant as well, but would be difficult to make stick given the disrespect large segments of society have for the government and media already. If the risks of developing ecash really are overblown, perhaps that will make it more likely people would actively develop software. That is, aside from the standard "ecash is a complex system technically", "we need money to buy aeron chairs and feed ourselves", "you need to be able to both develop and operate a system to bootstrap, and these are different skills", "it's easier to spend time debating why such a system can't be done or hasn't been done than to actually develop it", "how will anyone make money from it?", "writing code is hard, let's go shopping", "crypto-export regulations", "many have tried, all have failed", "the actual lack of any clear market demand for such a system, and active opposition on many grounds by those necessary to deploy widely", "if I wait long enough someone else will do it for me, and I am lazy", "moral doubts about the goodness of a world with such a system", "the patent thing", "x, y, and z will sue civilly", "writing papers and going to conferences/grad school/etc. is more fun than writing code", and "the fact that a lot of crypto-software developers are even flakier than normal software developers." (I don't think just releasing code is productive, but I think there is a code+limited deployment which would be productive, and is not substantially more effort. I think there are certain technical decisions which must be made by an ecash system with some knowledge of how things are done in practice, but there have been ~10 attempts at developing such things in the past, with lots of info available by talking to the developers or being involved. Mainly what is important is to do as little work as possible, the ultimate goal of any software engineer, and to make sure that as little work as possible is required to use the system. There are certain very minor design, API, and UI decisions which would logically have a very large impact on user perception (end user and developer), adoption rate, and terminal success. I also believe in "start small and imperfect, iteratively improve in a mostly hill-climbing fashion" and some other very simple rules of [open source/internet] software development which have not been followed by previous projects (some of which I've learned myself at some cost). I share the belief that a capitalized, startup-style, large and collaborative project is entirely the wrong way to go about things, and would not invest $1 of my own money in such a thing, but I disagree that it requires any substantial technical *programming* skill beyond any other moderately-complex network + crypto programming library; mainly one needs to know how to avoid doing work. Since to be useful the system must be integrated into applications, a lot of thought needs to go into how to design it to encapsulate nastiness, and integrate with a wide variety of applications. The number one thing required to successfully develop and deploy an electronic cash system today, though, is being simultaneously smart enough to be able to do it, but stupid enough to do it anyway, even given the past failures, lack of rational economic motive, and potential risks. People often do irrational things; sometimes this is constructive, other times it is not, but it's usually interesting, at least to me.) -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
-----Original Message----- From: owner-cypherpunks@lne.com [mailto:owner-cypherpunks@lne.com]On Behalf Of Ryan Lackey Sent: Sunday, December 23, 2001 8:01 AM To: cypherpunks@lne.com Subject: ecash developer software liability, round 809834
[There isn't much new to talk about so instead...]
... just a few questions.
What exactly *is* the legal or security liability if a person of independent/offshore means develops and delivers an electronic cash system in an open-source fashion, optionally with no continuing personal involvement in development, or optionally with continuing personal software development involvement but no operational involvement? How much of a difference do the various levels of removal make?
I think I can speak to this with some degree of experience. Legal liability is the big issue. By "continuing personal involvement" I will assume you mean acting as an officer of the company. The most serious level of legal liability that concerned me was the potential for criminal and civil sanctions for money laundering. I am constantly amazed by the level of self-denial cypherpunks have when it comes for legal liability in this regard. (Usually this is justified with some cutesy-clever technical argument- as if no one had been watching the Napster, eGold or RIAA developments at all over the last few years). Money laundering is a slam dunk for prosecutors and very tempting to use because of its connotations to a jury/defense counsel. It is simple to allege. It also has MAJOR impact on potential sentencing. Consider: "Analyzing actual cases, the working group found that money laundering charges most often involved a relatively routine financial transaction (e.g., depositing, wiring, transferring, withdrawing money) that was essentially "incidental" to an underlying crime (e.g., a fraud, gambling offense, or drug sale) that the defendant charged with money laundering had also committed. The working group concluded that while the underlying crime usually appeared to be the real gravamen of the overall offense conduct, a money laundering count could generate a guideline offense level that was quite different from that of the underlying offense, and, as a consequence, greatly influence the sentence." "With respect to what the working group categorized as "white collar" offenses (i.e., fraud, embezzlement, import/export violations, and copyright infringement), the working group found that the addition of a money laundering count raised the defendant's offense level 96% of the time, and frequently to a significant degree. For example, in one reasonably typical case examined by the working group, the defendant had committed a fraud and deposited the proceeds of the fraud in the bank. Consistent with court decisions construing the money laundering statute, the government charged the deposit of the fraud's proceeds in the bank as money laundering, in this case for "promoting" the fraud by allowing the defendant access to the funds for personal use. Pursuant to the fraud guideline (2F1.1), the offense level for the underlying fraud was 19 (guideline range of 30-37 months for defendants with no criminal history). Pursuant to the money laundering guideline (2S1.1), the offense level for the money laundering offense - - here, promoting the fraud by depositing the fraud's proceeds in the bank for personal use was 28 (guideline range of 78-97 months for defendants with no criminal history). Thus, the addition of the money laundering count in this case substantially increased the defendant's sentence." (United States Sentencing Commission Report). While this might not directly impact the person running or developing the system it certain serves to discourage users of the system after a single allegation has been made. Customer flight would be awfully dramatic I suspect. This makes a system which is bound (by design and definition) to be political unpopular also highly subject to political interference. It's the civil provisions that I find more alarming though. One dollar of laundered money in an account subjects the entire account to seizure. That's not a good thing and assuming any ecash system had correspondent bank relations (a safe assumption if you know anything about financial systems. No. Ecash for widespread public use is just not a viable proposition at this point. Even less so after 911.
(in place of "ecash" feel free to substitute "anonymization", "datahaven", "p2p", "assassination politics bot", etc....the argument is probably generalizable to any unpopular code which involves money and privacy.)
I believe it is. Given the current state of the law money laundering might as well be the anonymization of transactions for unpopular purposes (the entire purpose of ecash). It is a political definition, not a technical one- much as "terrorism" has become.
I'm unconvinced it's possible to develop any large piece of software in a truly anonymous manner; anyone who *could* develop ecash has enough information available about them online to understand what they did, especially for something as intellectually complex as a workable, vs. minimum-effort, ecash system. There is a small enough number of people who could develop such a thing that a bit of research would show which ones spent every day for the past 3 months shirking other professional responsibilities and contacting credit card processors, writing code, etc. (plus, of course, ego reasons make it unlikely the developers of such a thing could remain anonymous)
I assume that the suggestion is that a smaller operation, a grassroots one, would somehow fare better. I don't believe this is the case. More below.
From nothing I've seen is the risk anywhere near as substantial as some would suppose. Worst case with ecash is that it is ONLY used for criminal operations; perhaps the ecash operator could be attacked under RICO?
Money Laundering is its own RICO. (See e.g. Elkan Abramowitz, Money Laundering: The New RICO?, N.Y.L.J., Sept. 1, 1992). Again and again, here and elsewhere I've cited cases and statutes that make it pretty clear that innocent third parties easily become the victims of money laundering prosecutions and lose their businesses, their checking accounts, college funds, their homes, etc. simply because their family run travel agency accepted a check from a drug baron they had never met to pay for his trip to South America. An ecash system, particularly a small one, simply has no chance once it is used for child porn once or twice. A large bank might get away with it the way large banks do. Hawala systems are effectively 100% certain to be subject to laundering charges when discovered operating in the United States. They are not much more than primitive ecash systems. The timing for suggesting that such a system would have any legal lifetime is pretty bad given the current environment. The trend in such things in the United States is moving strongly AGAINST financial privacy, not towards it.
I think perhaps the developer could be named if there were more than arms-length interaction between developer and operator, but this becomes more difficult if post-development the developer disclaims ownership. Lets say it is used by real terrorists to finance the purchase of weapons for a weapon of mass destruction, in a single transaction, with no other uses. As long as the developer is not linked to the operation of the system, and the operator of the system is not linked to the end parties, I can see legal or extralegal harassment. (I am perhaps naively assuming US law is the only law which matters; this may not be the case)
U.S. law is probably the most extreme, so that might be a safe assumption. (Perhaps Britain would be nearly as bad). What is missed here is that "the developer is not linked to the operation" is a very optimistic assumption. It's the developer that will have to consult on the implementation, on the security provisions, on deployment, designing against the threat model. Anyone who believes this process won't trigger the "knew or should have known" provisions is kidding themselves. Invoking the Terrorist example is probably extreme for discussion purposes but I doubt that anyone here, if they were to really think it out, would believe that the author would not be detained in a Federal Detention "Submarine" for weeks at a time in this case- direct involvement or not. The threshold for detention these days seems to be "knew someone who once met a terrorist."
But what is the absolute worst thing that will happen? Extralegal quasi-governmental execution? Indefinite imprisonment without trial? Successful prosecution under some law? Asset seizure? Being declared a bad person by Ashcroft in a press conference? Not getting invited to FBI agent parties? Scorn and slight regard? You can't "unwrite" code, and if something is done and shut down, but doesn't fail for fundamental reasons, it's just a matter of time before someone else picks up the still-shiny unbroken tools and starts again, perhaps a bit more carefully. If people stopped slanging rock every time someone on the corner got knocked, the ghetto would have a lot fewer BMWs.
I suppose if someone wanted you badly enough they would make arguments which included conspiracy, money laundering, conspiracy to commit terrorism, conspiracy to commit murder, conspiracy to... [fill in the blank]. The BEST case scenario in the case that they wanted you badly enough (and doubtless this would happen in the example you cite) is that you turn states evidence, show them the best way to break or introduce a break/trojan into the system and fall into the pit of witness relocation, looking over your shoulder for the rest of your life wondering when the missing remnants of terrorist group X will come calling. There is that other cute clause too. "Material witness." Oops.
The DMCA/Dmitri case is certainly one of the most recent, but the end result was effectively nothing.
I'm not sure Dmitri would agree. Regardless, the issue was much different. Dmitri wasn't a U.S. Citizen. I daresay the situation would have been entirely different (worse) if he were. This was effectively a civil, not a criminal action, despite DoJ noise to the contrary. You're not dealing with the prosecutors in the organized crime/money laundering group who are a lot more cut-throat (and a lot more experienced at cutting throats). Copyright and DMCA are a fairly new area and attract young and inexperienced prosecutors. The result is a certain uncertainty and experimentalism with techniques and legal theory. None of these failings will afflict a prosecutor in the money laundering/organized crime sections of DoJ. These people play for keeps.
I would be annoyed by spending a year in a federal jail, but it wouldn't seriously impact my life.
I submit that this belief indicates you've never seen the inside of a federal prison. Remember also that terrorists don't go to Danbury. They go to the Supermax in Colorado. Also, most states have money laundering statutes too. You'll be lucky not to do time in both a state and a federal prison during the course of your ordeal if things get nasty enough.
Being convicted of a felony would be slightly more unpleasant, but not substantially so -- not that I'm convinced there's much which would stick.
Doesn't have to stick. Why would you think it has to stick? People are incarcerated on little or no evidence all the time, particular if they are involved in politically unpopular activities- otherwise totally legitimate. (No more guns for you either as a convicted felon).
I don't really need to worry about asset forfeiture, being declared "evil" by Ashcroft would be worth it, and I doubt I'd get invited to FBI parties anyway.
Asset forfeiture can include garnishment. That can last quite a while. I doubt you want to be big enough a deal to be known by name to Ashcroft. I'm sure it might be interesting to be a famous hacker a la Mitnick and bask in the glow of contraries rebellious reputation you'd gain among all 17 year old suburban males running a Morpheus supernode with all the albums of Metallica ever pressed. I doubt its worth it.
Being murdered by the state would also be unpleasant, but is at least fairly rare and unlikely.
Agreed.
A media/government character assassination attempt would be unpleasant as well, but would be difficult to make stick given the disrespect large segments of society have for the government and media already.
You haven't been watching the last 3 months have you?
If the risks of developing ecash really are overblown, perhaps that will make it more likely people would actively develop software. That is, aside from the standard "ecash is a complex system technically", "we need money to buy aeron chairs and feed ourselves", "you need to be able to both develop and operate a system to bootstrap, and these are different skills", "it's easier to spend time debating why such a system can't be done or hasn't been done than to actually develop it", "how will anyone make money from it?", "writing code is hard, let's go shopping", "crypto-export regulations", "many have tried, all have failed", "the actual lack of any clear market demand for such a system, and active opposition on many grounds by those necessary to deploy widely", "if I wait long enough someone else will do it for me, and I am lazy", "moral doubts about the goodness of a world with such a system", "the patent thing", "x, y, and z will sue civilly", "writing papers and going to conferences/grad school/etc. is more fun than writing code", and "the fact that a lot of crypto-software developers are even flakier than normal software developers."
See, all the arguments you make by comparison apply equally to Napster. (Particularly insofar as they ignored the potential liabilities and civil actions when they designed the system). Let's face it, if there's no market for ecash what's the point in developing it. Cypherpunks are remarkable socialist when it comes to ignoring market forces in order to favor the develop a "cool" and esthetically pleasing system that no one will use. This is unfortunate.
(I don't think just releasing code is productive, but I think there is a code+limited deployment which would be productive, and is not substantially more effort. I think there are certain technical decisions which must be made by an ecash system with some knowledge of how things are done in practice, but there have been ~10 attempts at developing such things in the past, with lots of info available by talking to the developers or being involved.
Legal problems or not, and different members of this list will have different views about how realistic it is or isn't to be harassed over writing some code. In the end it makes little difference. The problem with ecash is that it doesn't do enough things significantly better than current solutions for a retail system. It does some things much worse. I've always believed that the best deployment would be in a interbank role, where clearing and settlement actually have important time components- counter-party credit, Herstatt risk, etc. and the sums are large enough to make small to moderate improvements in performance important.
Mainly what is important is to do as little work as possible...
Coding is hard, let's go shopping?
the ultimate goal of any software engineer, and to make sure that as little work as possible is required to use the system. There are certain very minor design, API, and UI decisions which would logically have a very large impact on user perception (end user and developer), adoption rate,
In other words the market for it?
and terminal success.
I also believe in "start small and imperfect, iteratively improve in a mostly hill-climbing fashion" and some other very simple rules of [open source/internet] software development which have not been followed by previous projects (some of which I've learned myself at some cost). I share the belief that a capitalized, startup-style, large and collaborative project is entirely the wrong way to go about things, and would not invest $1 of my own money in such a thing...
"Start-up" is the part that trips it up, not "large and collaborative project." At least, insofar as "start-up" means "spend untold millions hiring 150 recent college grads for $120,000 a year, trying to beat Microsoft for 'most opulent campus' hiring a 'start-up advisory' firm to clean the mess up after your third failed follow-on financing and otherwise acting like idiots." Competent firms, and competent managers don't do such things. (Granted they are few and far between since 1997). Don't paint dot-coms with a brush so wide it slathers legitimate ventures as well. As for small ecash projects you might want to consider something. Historically there is a certain group of firms that are among the, if not _the_, most stable and reliable financial institutions. Those are closely held private banks. In Switzerland, Austria, and once in Italy, these are subject to unlimited liability. (Usually they are unlimited general partnerships). That means that the owners are fully liable for all the liabilities of the bank to the extent of their entire set of business AND personal assets. Usually they are run by well known families with substantial fortunes. I am not aware of any of these institutions failing (or indeed failing to make a profit) since they have existed (provided there was an heir apparent to the institution in existence- eliminating the "last round" problem). At the same time these firms provide little, or indeed NO disclosure over their activities or holdings either to depositors, or to authorities. One firm I know of pays the same amount in taxes every year, even if they owe less, to prevent any reverse engineering of profits. This same firm returns 17%-20% regularly on their "Silver Fund" for which no prospectus or description is available- even to investors. All this illustrates an important principal. Secrecy and limited liability, by necessity, have a zero sum relationship. As you increase secrecy you must decrease limited liability in step. "Secret, Limited Liability, Successful, pick two." The combination of limited (non-existent) liability and secrecy is simply an impossibility for a financial organization. "A Small unknown and poorly financed firm" might as well be limited liability for our purposes- no one is going to see a dime back from it if it fails. Also, note that unlimited liability has a much stronger assurance quality. (See e.g., Enron, FDIC insurance for the failure of "disclosure" to properly compensate for limited liability or moral hazard). Additionally, based on my experience doing business with cypherpunks there is no hope for "business credentials without identity" amongst those who should be the most receptive to it. (The due diligence demands of cypherpunks I've encountered in the business world far exceed those I endured at the hands of European banking authorities). Then again, perhaps the paranoia of cypherpunks types is better developed than that of European banking authorities. (That could be taken many ways, depending on your view of European banking types). I suspect that you might find that a small ecash project, which by its nature would appeal to cypherpunks as clear (and perhaps the only) first adopters will find that most cypherpunks "would not invest $1 of my own money in such a thing." That should be all that needs to be said about the viability of a "small ecash project." Perhaps one might make a distinction between the development of an ecash system and its deployment, but I doubt it will make much difference. The basic tools of ecash have been floating about for some time. [...]
The number one thing required to successfully develop and deploy an electronic cash system today, though, is being simultaneously smart enough to be able to do it, but stupid enough to do it anyway, even given the past failures, lack of rational economic motive, and potential risks. People often do irrational things; sometimes this is constructive, other times it is not, but it's usually interesting, at least to me.)
I submit that we should endeavor to find a motivator a bit more solid than that it would entertain the developers. It sounds suspiciously as if you might need an entertainment center in your dot-com campus. Entertainment for the developers is, of course, what the firm is in business for. (From what I know of you that's a bit shocking to hear. If that's all the case then just write the damn thing and distribute it via usenet, Mr. Lackey).
-- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
[How...1997] Quoting Black Unicorn <unicorn@schloss.li>:
Legal liability is the big issue. By "continuing personal involvement" I will assume you mean acting as an officer of the company.
I was trying to distinguish involvement as an officer in a development company vs. a deployment company, but yes.
[money laundering liability for users and/or operators, seems clear]
While this might not directly impact the person running or developing the system it certain serves to discourage users of the system after a single allegation has been made. Customer flight would be awfully dramatic I suspect. This makes a system which is bound (by design and definition) to be political unpopular also highly subject to political interference.
It's the civil provisions that I find more alarming though. One dollar of laundered money in an account subjects the entire account to seizure. That's not a good thing and assuming any ecash system had correspondent bank relations (a safe assumption if you know anything about financial systems.
No. Ecash for widespread public use is just not a viable proposition at this point. Even less so after 911.
I am not as interested in the risks to a monolithic electronic cash system, holding accounts at Bank of New York and a few others, developed internally, where all user funds are pooled, but rather the most distributed system feasible. While the only way I can see to get a system deployed is for a single organization to develop software, and another or the same to operate or contract for the threshold number of services required to provide a decent end-user experience, the system could easily metastasize and decentralize when required. This has been the case with several fielded payment systems already. [based on the Ian Grigg 5-part model from FC99, Ian Goldberg/etc. change-maker model, and general best practice for ecash in 2001:] 1) a market which holds no physical assets, trading as a piece of software Since this component has no physical assets, it would seem only a technical challenge to keep it operating in the face of attack. 2) software developers developing code to a published specification, such that end-users can develop their own software, or select from competing vendors. This would allow some of the more "research" aspects to be undertaken by developers arms-length or more from those providing customization work to potentially at-risk clients. Open source and network software has many precedents here; gaming software in particular, given the US legal situation and tinges of money laundering risk. 3) issuers Aside from traditional forms of risk, issuers could differentiate themselves based on regulatory compliance or regulatory risk. Conceivably, entirely underground currencies (the "gold-denominated, opium-backed burmese opium futures" of yore) could operate, maintaining backing in effectively There is little or no reason for the issuers to have any contact with the developers, or with the market, or indeed even with end users -- only with (possibly anonymized and/or arms-length) the change-makers, or with server operators (again, possibly nothing but arms-length) 4) operators of servers A reasonable electronic cash system would be turnkey, at least at the scales likely initially. The only transactions a mint should do can be enumerated in a 1-page API. Integration with existing back-office banking systems, external payment systems, etc. is complex, but not necessary with the change-maker optimization. Assuming ultimate liability held by a single individual per currency, with only very large and infrequent transactions between backing store for currency, and bulk sales to change-makers, most of the access control or automated transactions can be deferred; a simple authentication and direct (logged) double-entry modification of values is enough. These parties would not need to hold any financial assets other than those required to maintain servers. One could further refine to "colocation provider" who sells a server, and a "systems operator" who, fully anonymously, installs and operates electronic cash software on those servers, connecting via anonymized ssh, paying for physical services in cash, etc. 5) [optional] holders of backing assets for issuers In the case of unlimited-liability by an issuer, the need for an external party to hold assets for the issuer is reduced. If the rate of transactions is reduced sufficiently, ease of holding large assets without risk (the trivial case is Cryptonomicon-style direct holding of large physical assets; for development purposes, I could easily hold up to USD 10m-50m in physical assets in a spare machine room without substantial upgrades to security...2-3 day latency, or issuance against personal liability, or issuance against large physical assets.) For reasons of auditiability, it is of course desirable to separate the trustee of such assets from the other parties, but this is just an optimization (which would decrease the discount at which an issue may trade; do it when the cost is exceeded by the benefit) 6) end-users This is perhaps the most complex issue, and probably worthy of a separate discussion. This is one area I think most ecash systems have failed at. You propose using banks themselves as customers; perhaps this is interesting, but I'm not convinced they would adopt a system in a realtime timeframe. I'd love to be proven wrong. I know of several legitimate applications which have market demands for certain restricted forms of electronic cash which would be early adopters, provided certain performance and reliability specs were met, with a certain degree of end-user usability. All of which could be achieved by the proposed system in a very early stage. 7) "change makers" Participants who hold one or more forms of electronic cash, operating as banks, corporations, or informal traders, and can exchange electronic cash for something of value, and optionally vice versa, with at least some subset of users. These could easily be arms length from everyone else, evanescent, and the collapse of one would have no serious consequences. I assume the electronic cash system, as the law is written today, WOULD be sufficient to serve as a "firewall" between change-makers handling the same currencies, and certainly against change-makers handling diverse currencies. This is the #1 question I have. If this is the case, then I think an electronic cash system is completely viable even post 2001-09-11. As long as shutting down one change maker's bank accounts would not affect other change makers, a system could withstand most of the "obvious" attacks. 8) supporting services Ratings services, tickers, derivative instruments, consulting for merchants, etc. are all services which could be done easily by arms length entities.
I assume that the suggestion is that a smaller operation, a grassroots one, would somehow fare better. I don't believe this is the case. More below.
I am suggesting a distributed system where each participant is expendable is far better from a deployment standpoint than a monolithic system. I am suggesting that for development purposes, a small, grassroots organization *is* vastly superior to a larger one.
Money Laundering is its own RICO. (See e.g. Elkan Abramowitz, Money Laundering: The New RICO?, N.Y.L.J., Sept. 1, 1992). Again and again, here and elsewhere I've cited cases and statutes that make it pretty clear that innocent third parties easily become the victims of money laundering prosecutions and lose their businesses, their checking accounts, college funds, their homes, etc. simply because their family run travel agency accepted a check from a drug baron they had never met to pay for his trip to South America. An ecash system, particularly a small one, simply has no chance once it is used for child porn once or twice. A large bank might get away with it the way large banks do.
I think a large bank's protections would rapidly boil away in the heat if they intentionally developed or deployed a system designed to go against the anti-privacy trend of the past 50 years. But of course they have no incentive to do so in the first place. I'm willing to accept that a change maker could be shut down easily if it were used for an unpopular purpose. The other participants would seem much more difficult to attack. And provided attacking one does not automatically take down other unrelated competitors at the same level, it shouldn't affect the whole system; the system will build in discounts based on risk.
Hawala systems are effectively 100% certain to be subject to laundering charges when discovered operating in the United States. They are not much more than primitive ecash systems. The timing for suggesting that such a system would have any legal lifetime is pretty bad given the current environment. The trend in such things in the United States is moving strongly AGAINST financial privacy, not towards it.
The only real risk is if the *demand* for financial privacy decreases, not if the cost to provide financial privacy increases. Perhaps if cost is driven past what customers are willing to pay for widespread applications, but I think there are enough high-value applications in the underground economy to support even a relatively expensive system. And if a given hawala trader is shut down, but cannot identify other hawala traders, except that they all use torn federal reserve notes as tokens, no action will be taken against the fed; others hawala traders will raise their rates to compensate, if risk is judged to be higher.
U.S. law is probably the most extreme, so that might be a safe assumption. (Perhaps Britain would be nearly as bad). What is missed here is that "the developer is not linked to the operation" is a very optimistic assumption. It's the developer that will have to consult on the implementation, on the security provisions, on deployment, designing against the threat model. Anyone who believes this process won't trigger the "knew or should have known" provisions is kidding themselves. Invoking the Terrorist example is probably extreme for discussion purposes but I doubt that anyone here, if they were to really think it out, would believe that the author would not be detained in a Federal Detention "Submarine" for weeks at a time in this case- direct involvement or not. The threshold for detention these days seems to be "knew someone who once met a terrorist."
This is the only area where I disagree substantially; I think a system could easily be developed such that initial developers were not necessary to continuing maintenance, implementation, security, etc. With a reasonable degree of initial effort, and a background in easily-modified open source development, at least. This does make it much more difficult for ecash developers to extract revenue from sale of software, which is why it hasn't been done in the past, but perhaps this is one of the many cases where it's far easier to accomplish something if you don't care about who gets the credit or benefit for it. Certainly arrest or questioning could be used as a harassment tactic, but I don't see much potential for successful prosecution here. Both are bad, but conviction is worse.
I suppose if someone wanted you badly enough they would make arguments which included conspiracy, money laundering, conspiracy to commit terrorism, conspiracy to commit murder, conspiracy to... [fill in the blank]. The BEST case scenario in the case that they wanted you badly enough (and doubtless this would happen in the example you cite) is that you turn states evidence, show them the best way to break or introduce a break/trojan into the system and fall into the pit of witness relocation, looking over your shoulder for the rest of your life wondering when the missing remnants of terrorist group X will come calling. There is that other cute clause too. "Material witness." Oops.
Certainly a developer in this case has every incentive to publish *every* known vulnerability immediately, simply to avoid this kind of pressure. Perhaps this would be an interesting general security principle for full disclosure -- full disclosure to prevent being blackmailed. Assuming arrest or questioning regardless, I don't see how the probability of conviction on felony charges for simply writing software to do bits is high enough to change anyone's actions. Seizure of assets, arrest, etc. would definitely be enough to deter many people.
I would be annoyed by spending a year in a federal jail, but it wouldn't seriously impact my life.
I submit that this belief indicates you've never seen the inside of a federal prison. Remember also that terrorists don't go to Danbury. They go to the Supermax in Colorado. Also, most states have money laundering statutes too. You'll be lucky not to do time in both a state and a federal prison during the course of your ordeal if things get nasty enough.
I think this is a risk/reward/accessibility thing. If each component of a system is broken down into individual components with some legal protection between layers, it's much easier. Anyone who could implement all of the pieces and operate them all is a very small set. These people would most likely face substantial risks (if they break any law in the process, they could be convicted; and simply an attempt at prosecution or even a civil lawsuit could be crippling), and there would be little incentive for them to do so. However, if each component is analyzed separately, it opens up a much larger set of potential participants, and the risk/reward profile of each is better. Software development is about as risk free as anything in the system; the reward is perhaps lower, but the level of skill is relatively high compared to some of the operational actors, so that increases the likely reward. The highest risk components are also the least skill-intensive, and could have effectively unbounded rewards (set by the market and competition). This is as it should be. In drugs, high profits belong to those who control monopoly assets, have large amounts of capital, etc. ("high 'skill'"), and they are relatively low risk. Highest risks probably belong to individual street workers or couriers, which are very low skill, but moderately high reward, depending on risk.
Being convicted of a felony would be slightly more unpleasant, but not substantially so -- not that I'm convinced there's much which would stick.
Doesn't have to stick. Why would you think it has to stick? People are incarcerated on little or no evidence all the time, particular if they are involved in politically unpopular activities- otherwise totally legitimate. (No more guns for you either as a convicted felon).
Conviction, yes. But you've not shown how software developers, or indeed most of the participants, would be subject to anything but civil or criminal-harassment, and it appears the balance of evidence is that those who just develop software are unlikely to be convicted. I personally would be far more unhappy with being arrested and convicted immediately for 1 year, than arrested, held without trial or conviction for 2 years, and then released. This is why developing software or hardware is more attractive to me than couriering drugs or money.
Asset forfeiture can include garnishment. That can last quite a while. I doubt you want to be big enough a deal to be known by name to Ashcroft. I'm sure it might be interesting to be a famous hacker a la Mitnick and bask in the glow of contraries rebellious reputation you'd gain among all 17 year old suburban males running a Morpheus supernode with all the albums of Metallica ever pressed. I doubt its worth it.
Hah :) "Hacker" is rather limiting. Electronic cash, if it enhances the underground economy, is far more meaningful politically than any non-economic online activity like trading files. Of course, success in this is directly related to unpopularity with the government.
(I don't think just releasing code is productive, but I think there is a code+limited deployment which would be productive, and is not substantially more effort. I think there are certain technical decisions which must be made by an ecash system with some knowledge of how things are done in practice, but there have been ~10 attempts at developing such things in the past, with lots of info available by talking to the developers or being involved.
Legal problems or not, and different members of this list will have different views about how realistic it is or isn't to be harassed over writing some code. In the end it makes little difference. The problem with ecash is that it doesn't do enough things significantly better than current solutions for a retail system. It does some things much worse. I've always believed that the best deployment would be in a interbank role, where clearing and settlement actually have important time components- counter-party credit, Herstatt risk, etc. and the sums are large enough to make small to moderate improvements in performance important.
I believe there are some applications for electronic cash which, if it met certain minimal standards, would be sufficient to make it self-supporting. These applications are relatively free adopters of new technologies, especially compared to financial institutions. Gaming and pornography would be highly suitable, given recent actions by credit card issuers, complete security failures by ccbill and others, inherently high fraud rates, etc. I don't think anyone has seriously proposed ecash as a retail widespread purchasing system to compete with credit cards since the mid 1980s. Applications in equity markets are also interesting. Micropayments seem to be a waste of time, although there are some applications for which they might be suitable (specifically, the "electronic postage paid to recipient of email to read it, as a bond against spam" is one of the most interesting ideas I've seen, and given the right software and UI, could actually be interesting and worthwhile...I would put 2-3 months into it if there were a pre-existing electronic cash system to integrate) There are numerous underground economy applications which are interesting from both a market sense and a political one.
Mainly what is important is to do as little work as possible...
Coding is hard, let's go shopping?
Indeed, code or protocol re-use, elimination of complexity, etc. are good for all software projects, especially "cypherpunk" ones.
All this illustrates an important principal. Secrecy and limited liability, by necessity, have a zero sum relationship. As you increase secrecy you must decrease limited liability in step. "Secret, Limited Liability, Successful, pick two." The combination of limited (non-existent) liability and secrecy is simply an impossibility for a financial organization. "A Small unknown and poorly financed firm" might as well be limited liability for our purposes- no one is going to see a dime back from it if it fails. Also, note that unlimited liability has a much stronger assurance quality. (See e.g., Enron, FDIC insurance for the failure of "disclosure" to properly compensate for limited liability or moral hazard).
This is a very very good point. I am proposing separating pieces of a fielded system such that each can have its own secrecy/limited liability profile (assuming they all want to be successful). Issuers, perhaps, can be of both kinds. Software developers are, for the most part, non-secret, but limited liability. Change-makers can, through technical restraint, be completely "open" in certain ways -- to make it clear that they must make good on transactions -- and completely secret in others. Markets, operators, etc. are fairly impotent to do anything outside very limited technical tasks, which should be widely publicized. I would argue that technical "code-based prohibition preemptively, vs. prosecution after the fact", or "code not laws" is about the same as "limited liability vs. secrecy" -- after all, isn't removal of ability to do something a traditional way to reduce liability, as an insurer?
Additionally, based on my experience doing business with cypherpunks there is no hope for "business credentials without identity" amongst those who should be the most receptive to it. (The due diligence demands of cypherpunks I've encountered in the business world far exceed those I endured at the hands of European banking authorities). Then again, perhaps the paranoia of cypherpunks types is better developed than that of European banking authorities. (That could be taken many ways, depending on your view of European banking types). I suspect that you might find that a small ecash project, which by its nature would appeal to cypherpunks as clear (and perhaps the only) first adopters will find that most cypherpunks "would not invest $1 of my own money in such a thing." That should be all that needs to be said about the viability of a "small ecash project."
Perhaps one might make a distinction between the development of an ecash system and its deployment, but I doubt it will make much difference. The basic tools of ecash have been floating about for some time.
The reason I'd be unwilling to invest any money (but not necessarily time or other resources) into an ecash software development effort is the "moral hazard" of externally-funded startups, as . Perhaps it's that I've seen some of the worst of the dotcom boom from California and am still reacting to it. I think the only productive ways to introduce external capital to electronic cash would be: * Providing non-divertable resources (computer time, office space, etc.) to development efforts, perhaps based on progress. While I think 20 people making $200k/year in a luxury office in San Francisco could easily waste $15m furnishing an office (12 Entrepreneuring...), there are only so many cheap laptops, dormitory-grade accomodations, and rackmounted servers you can use to enhance your quality of life; 1 Bentley is worth more than 80 Cutlasses. If the funds go to actual tools for the development of software, and are meager enough to not be a desirable end in themselves, a lot of the apathy hazard disappears. Of course, the resources needed to develop this are exceedingly modest. It's easier for me to divert some of the capital and facilities I have now to work on projects such as this than to do anything else; office space, hardware, accomodations, servers, etc. in the north sea cost me effectively nothing for even a moderately-sized development effort. (until maybe September 2001, though, my time has been very limited) * Providing financial rewards based on public accomplishment of milestones. If there were funds which would be paid based on "electronic cash included by default with shipping versions of MS IE", only successful efforts would raise money. I can put some money toward this if anyone else wants to develop a system (although specifying the winning conditions is complex). Of course this does possibly put the funds of those providing the prize at risk. One reason why I'd be reluctant to do this (plus that if I did it, it would be on the scale of thousands or tens of thousands, which is perhaps not sufficient motivation for anyone), is that "task market" systems have all failed in the past. This is different in that it is more a "bounty" a la lindbergh or x-prize, vs. a generalized system. However, coming up with a good external specification and judging for this is more complex than the conditions for either of these aeronautical feats. * Ensure that once a system is developed, it can actually be deployed; I'm sure amateur development efforts in ecash would have gone ahead long ago if developers had not been concerned with deployment, legal issues, etc. If it were *just* a software development effort with a defined deliverable, it's interesting to people with a different risk/reward/skill profile than "develop this and maybe it will get deployed, maybe it will be shut down by patents, maybe it will be shut down by the authorities, maybe it will be used by enough users, maybe you will get some reward." The tools that exist today are beyond the ability of those with the risk/reward/skill profile to be willing to use them to be able to use them. Thus, there is no ecash deployed. If ecash could be reduced to a "push this button" level of skill, I believe at least one of each necessary actor would find it within his risk/reward profile to operate. I certainly find it within my risk/reward profile do any but not necessarily all of hosting ecash servers for others, run a trial currency as an issuer, participating as a user, operating a limited market, and perhaps even acting as a change maker on an informal basis. (but doing all of these is obviously poor).
I submit that we should endeavor to find a motivator a bit more solid than that it would entertain the developers. It sounds suspiciously as if you might need an entertainment center in your dot-com campus. Entertainment for the developers is, of course, what the firm is in business for. (From what I know of you that's a bit shocking to hear. If that's all the case then just write the damn thing and distribute it via usenet, Mr. Lackey).
Well, in the split system, I think "writing code for entertainment value only" could easily be sufficiently high motivation for one of the many people who can develop such software to do so. Certainly, it has been in the past, for Pr0duct Cypher and others. I believe if the problem were reduced to *strictly* a "write code" one, ecash could be developed as easily as any other fairly complex network/cryptographic system which touches on finance -- more difficult, surely, than ssleay or , but less difficult than an ERP system, and probably less complex than NCSA Mosaic (given the right background). Very few people participate in high-risk activities, even low skill/capital ones, without being paid -- almost every drug dealer I know is in it for financial reward (with some lsd/e/hallucinogen dealers perhaps being more interested in political or social change). In the system I propose, the high risk components are competitive and compensated, other components are low risk with acceptable reward and relatively low skill, but there unfortunately remain some low-risk, high-skill, uncertain reward components, most specifically initial development and stage-0 deployment of test systems. The only motivation I can see which will actually be sufficient for ecash software to be developed is if the developers find the exercise itself intellectually rewarding, and the potential consequences worthwhile. Ecash development is not a *rational* economic choice, at least in terns of short term rewards. Throwing money or toys at the problem is not going to change this, as I may be overly cynical, but I think the probability of a product goes down proportionate to the amount of money invested over the bare minimum necessary; and for ecash that is $0. (perhaps the corollary is that those who could most easily develop ecash at this point have "lack of ecash" costs as a substantial existing item, and thus *could* spend up to that amount to develop it without causing negative feedback; but this is a pretty tortured argument, there are agency problems, etc. Although, I suppose the cost to me personally of not having ecash is in excess of USD 500k, in that havenco can really only go public on an ecash-based market, and I can only easily realize value from my equity through such an offering, discounted of course for ecash deployment costs, risk, forgone value from private sale, etc.) If the probability of any individual developer finding this to be sufficient reward is too low for one's taste, one should attempt to increase the set of efforts which could possibly develop the software. Perhaps the dotcom collapse, by putting a lot of people back onto the job market with uncertain prospects, will increase this set; perhaps better programming environments which lower the skill required to do cryptographic and network programming will do it; perhaps the expiration of patents and dying down of patriotic hysteria will reassure developers; perhaps legal analysis of the risks to pure developers will lower it; perhaps high visibility persecution of p2p systems, dmca-violating tools, etc. will motivate a new generation of programmers; perhaps computer science education will improve. (I personally find working on such software very interesting and rewarding, even if it is destined to do nothing more than be a published, working, but unused curiosity, but despite this, external circumstances have caused me to focus on "my real job" for much of the past year. I'm quite happy to spend some of my spare time working on such a system, and hope this spare time increases in the future, but I think there are some other, smaller, more easily accomplished and deployed systems which I will release first -- mail and associated utilities, perhaps a simple proxy, productization of some internal management and automation tools, and thus the process will be a bit slower than it could be. If someone else were to develop a suitable system first, it would save me quite a bit of effort, obviously, and I could contribute what I have so far, but I'm not exactly holding my breath for this.) -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
-- On 23 Dec 2001, at 21:39, Black Unicorn wrote:
While this might not directly impact the person running or developing the system it certain serves to discourage users of the system after a single allegation has been made. Customer flight would be awfully dramatic I suspect.
You are as usual full of shit. If this was so, ever banking haven, e-gold, and the rest, would be out of business. You have remarkable confidence not only in the effectiveness of laws to deter those things they directly prohibit, but even those things that are sort of vaguely like those things they directly prohibit "Mr Happy Fun court will not be amused" Every business continually commits numerous major illegal acts, and every day must do innumerable acts that would doubtless fail to amuse Mr Happy fun court. So much is illegal that legislation has little effect even on those things the legislation directly prohibits. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG RCj1DCzyAm8eidKtmn0RmSg1ebiKI6xeOOtvT5bR 4c+XBSZ+Aswf6s7TUkkppDwFOhFFZSclReM4DxJK8
-----Original Message----- From: owner-cypherpunks@lne.com [mailto:owner-cypherpunks@lne.com]On Behalf Of jamesd@echeque.com Sent: Monday, December 24, 2001 10:04 PM To: Ryan Lackey; cypherpunks@minder.net; Black Unicorn Subject: Re: Liability, economic realities and self delusion in ecash developers. Or: Why not "just write ecash" (again).
-- On 23 Dec 2001, at 21:39, Black Unicorn wrote:
While this might not directly impact the person running or developing the system it certain serves to discourage users of the system after a single allegation has been made. Customer flight would be awfully dramatic I suspect.
You are as usual full of shit.
If this was so, ever banking haven, e-gold, and the rest, would be out of business.
You have remarkable confidence not only in the effectiveness of laws to deter those things they directly prohibit, but even those things that are sort of vaguely like those things they directly prohibit "Mr Happy Fun court will not be amused"
Every business continually commits numerous major illegal acts, and every day must do innumerable acts that would doubtless fail to amuse Mr Happy fun court. So much is illegal that legislation has little effect even on those things the legislation directly prohibits.
So what's your point?
Quoting jamesd@echeque.com <jamesd@echeque.com>:
On 23 Dec 2001, at 21:39, Black Unicorn wrote:
While this might not directly impact the person running or developing the system it certain serves to discourage users of the system after a single allegation has been made. Customer flight would be awfully dramatic I suspect.
You are as usual full of shit.
I would say "overcautious", at worst. Lawyers tend to be. Entrepreneurs tend to be overoptimistic and risk-taking. It seems to balance out over time. I think there are more "entrepreneurs" of various legal and illegal forms in prison than lawyers. But, few innovations come from lawyers, either.
If this was so, ever banking haven, e-gold, and the rest, would be out of business.
Banking havens have folded in the past 30 years. No one provides anonymous banking to joe random off the street anymore. They may provide certain levels of privacy, but with various levels of protection against drugs, money laundering, etc. Others may allow things to slip through the cracks due to incompetence, but will eventually shut. A monolithic ecash system doesn't have the flexibility to allow individual actors to change or fold without affecting the system; a decentralized one does. If you assume a monolithic system, a single investigation could have some risk of shutting it down. An ecash system is about providing a higher level of anonymity than even the richest people in the world can have today, to every random user connecting from home, in the normal course of operations. And continuing to transact business regardless of what happens. This is completely impossible for any kind of monolithic entity to do.
You have remarkable confidence not only in the effectiveness of laws to deter those things they directly prohibit, but even those things that are sort of vaguely like those things they directly prohibit "Mr Happy Fun court will not be amused"
Prohibitions on anonymous financial transactions are not just some minor law; they're not even a major law. This is *the* regulatory issue of the past 50-100 years. (along with the supremacy of the federal state). It is bigger than the war on drugs, bigger than the war on terrorism, etc. An anonymous electronic cash system, in aggregate, is a direct threat to the nation state. That's why otherwise intelligent people have spent nearly 20 years building systems which have this as a pre-requisite, wasting millions of dollars in futile efforts to develop/deploy, etc. I still think the most likely result is that a system will be distributed and not deployed, or deployed but not widely used, and thus mainly ignored, but not for regulatory reasons, simply for trust, software engineering, market, etc. reasons. But I'd like to give it a shot. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
participants (3)
-
Black Unicorn -
jamesd@echeque.com -
Ryan Lackey