Re: Geodesic Payment Systems? (was Re: Meeting notes from ANSI X.9 Meeting onElectronic Payment)
Once again, Hettinga shoots from the hip, and hits an expert instead... ;-) At 9:07 AM 12/5/95, Nathaniel Borenstein wrote:
There are some interesting unspoken assumptions here. To calculate anyone's "cost" on a transaction requires the complex amortization of costs over many transactions, with assumptions/projections about the transaction volume. I have no idea where you came by either of your numbers, MTB's or FV's, but I can tell you that your guess about FV is off the mark. And I'm sure that MTB is no more eager than we are to publicly dissect all the underlying cost structures, so I have no idea what the 50 cents that you cite really means.
The 50 cents actually comes from this week's InfoWorld, Bob Metcalfe's column. I have know idea where he got the 50 cents, but he did say digital cash, so i expect that he means MTB.
To be perfectly clear: our minimum service charge is 30 cents, not 5 dollars. If we didn't think it was worthwhile to take transactions that small, we wouldn't do so.
Fine. Are we including the cost of the credit card transaction to the consumer? Fees, interest, that stuff? There are lots of hidden costs in a book entry system. With a bearer-certificate system, the price is the spread between the certificate's bid and asked prices for (a traveller's check, for instance, is asked at a primium, and redeemed at face value, for instance. That's all the cost of using them.)
A true geodesic structure is self-supporting and self-structuring. A cryptographic infrastructure can and should be similar, I agree completely. However, a *monetary* infrastructure needs convertability, and the points of conversion are always the best targets of attack for criminals. (I've been casting about for an analogy to physical geodesics, and it's hard to find one. The best I can come up with is to imagine that in order to convert a carbon buckyball to a more conventional set of carbon molecules, you had to do it through a service bureau that was capable of error, fraud, or subversion by outside criminals. This would ONLY matter if you ever wanted to do such conversions, but it would matter a lot then, especially if you had to suffer a serious financial loss if you got the wrong carbon molecules at the end of the process.)
Sometimes I feel like I'm beating this geodesic metaphor like a dead horse sometimes... ;-).
IF you wanted to settle for a totally non-convertible economy (like rubles in the old Soviet Union, or like the LETS system on the net today, as I understand it) then you could build it geodesically.
Really?
But if you want to be able to convert back and forth between Internet payment systems and non-Internet payment systems, it can never be truly geodesic. It will always be attackable at the points of conversion. (You may "trade digital certificates", but how do you know the ones you're receiving were obtained for legitimate real-world value?) Because of this, the underwriting financial institutions, who have a very reasonable desire to limit their own risk, will inevitably seek the protection-by-traceability offered by something less than perfect anonymity. We may not like it, but it's a very natural position to be taken by those who are actually bearing the financial risks at the point of conversion.
That may be true, Nathaniel, but just because the people who bring the money off the net need to be identified to the digital cash underwriter's (actually the underwriter's bank's) satisfaction, doesn't mean that the trades on the net can't be totally anonymous. We've gone over this before. Let's build a model to talk about this, and then you'll see what I mean. Suppose I open an anonymous bank account with ATM card. Then, on the net, I buy digital cash from a digital cash underwriter. The web-page reads my ATM swipe and PIN, and then pumps it (without the underwriter being able to read it) through to my bank, who says to the underwriter, "Yup, there's money here, send it to him, and I'll wire it you (now/overnight/whatever)." The digital cash underwriter then issues me my digital cash, and I put it on my hard drive. I buy stuff on the net. I sell stuff on the net. Sometimes I go online with the trade to check my buyers' cash, sometimes I don't. Element of risk there, but this risk can be made accountable. It's probably always going to be cheaper to do offline transactions, but there's the possibility that when I cash in that money, it has been spent already. Fair trade. It's probably quantifiable and thus can be dealt with. We won't know till we have data. Being an astute businessman (you can tell this is a model, right?), I end up with positive cashflow. So, that money I don't invest with a portfolio manager on the net by buying anonymous bearer certificates for his mutual fund, ;-), I decide to take off of the net and buy Netscape puts, March 1996, $10. So, I go to the underwriter's page (maybe I go to multiple underwriters' pages, or maybe there's an enterprising third-party money changer who honors all comers for a cut), and I cash out. I swipe my ATM and punch my PIN, and my bank says to the underwriter "OK, I know that account, how much are you sending me?", and the underwriter says how much, and how and when the money would arrive (wire? Rollerblade messenger? bunch of militia types in a purple Hummer?, anyway...). And there's money back off of the net. In this model, there's no reason why I can't send an anonymous software agent to buy stuff for me, why I can't buy anonymously or sell anonymously. So, given that model, what's the problem? Now, I've also been thinking about something else. Wei Dai has been talking about how anonymity will always cost more, and certainly, in the model above, there's a certain risk with doing off-line transactions. You don't know if the cash in the transaction is double-spent, like I said above, but that "special stuff" has to be done to accomodate anonymity, which will always cost more. I'll come back with a whole blather on this next week when I get back from the CyberDog Kitchen (I'm here, and Gromit says "hi"), but I think it comes from what the default mechanism for commerce is going to be, threaded, audit-trailed x.blabla or anarchic, geodesic, bearer-certificates. I bet you can guess where I'm going to come down on this... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA (617) 958-3971 "Reality is not optional." --Thomas Sowell The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/
Phree Phil: Email: zldf@clark.net http://www.netresponse.com/zldf <<<<<
[I'll respond to several people's comments on this thread all at once.] Excerpts from mail.limbo: 6-Dec-95 Re: Geodesic Payment System.. Robert Hettinga@shipwrig (6688*)
To be perfectly clear: our minimum service charge is 30 cents, not 5 dollars. If we didn't think it was worthwhile to take transactions that small, we wouldn't do so.
Fine. Are we including the cost of the credit card transaction to the consumer? Fees, interest, that stuff? There are lots of hidden costs in a book entry system. With a bearer-certificate system, the price is the spread between the certificate's bid and asked prices for (a traveller's check, for instance, is asked at a primium, and redeemed at face value, for instance. That's all the cost of using them.)
This includes *everything*. The 29 cents plus 2% includes all credit-card related fees.
That may be true, Nathaniel, but just because the people who bring the money off the net need to be identified to the digital cash underwriter's (actually the underwriter's bank's) satisfaction, doesn't mean that the trades on the net can't be totally anonymous. We've gone over this before.
Yes, this is absolutely true. I didn't mean to imply otherwise. The question is whether or not the possibility of true anonymity in the net transactions might widen the door for fraud on the conversion. I think that it does, in the sense that there's no good way to answer the question, "is it reasonable for Robert Hettinga to be cashing in $2 million of ecash today?" In a non-anonymous system, audit trails could be called up automatically on any "suspiciously large" transaction, and this would help to limit fraud (along with some other, less desirable social consequences). I'm not saying that this kind of accountability would necessarily be a good thing, merely trying to explain why banks are leery of true anonymity.
So, given that model, what's the problem?
None at all, if you can find an underwriter who is comfortable with the fact that his investigative options will be limited in the case of suspiciously large or suspiciously frequent "cash out" events from a given customer. Apparently Mark Twain Bank finds that risk acceptable. I'm sure the larger banks will be watching quite closely. Excerpts from mail.limbo: 6-Dec-95 Re: Geodesic Payment System.. Wei Dai@eskimo.com (1462*)
..... There's a good reason that most companies have "Ltd" after their name instead of "Unlimited", in those countries where that's the naming convention.
I find this argument totally unconvincing. No risk is unbounded. The worst thing that can possibly happen is that a nearby star goes supernova and completely destroys the earth. Yet markets handle this low-probability risk quite well.
The direct cost of a break-the-bank catastrophic failure is bounded by the amount of capital the bank has. This is because the market will not accept more liabilities (real or forged) from the bank than its capital. There may be other indirect costs resulting from dislocations, but these should also be proportional to the size of the bank. Therefore your argument is really against centralization and for diversification and distribution.
I'm sorry, when I said "unbounded" I was talking in a practical sense. Very few banks are willing to undertake a venture in which there is a very-low-probability risk of a failure that is only bounded by their total asset pool. Technically, you are correct, that is always the practical bound. From a bank's perspective, however, "enough to break the bank" is a good working definition of "unbounded risk". They like their risk bounded at a slightly lower threshhold... :-) Excerpts from mail.limbo: 6-Dec-95 Re: Geodesic Payment System.. "E. ALLEN SMITH"@mbcl.ru (1656)
The risk in question is not infinite-cost. If the person who gets ahold of the keys starts simply making lots and lots of money, in a free market the prices in digital cash for everything will start going up. This phenomenon will be spotted, and those taking the particular variety in question will stop accepting it. Losses are limited to however much was out there at a given time, and if there are multiple systems with free-market interconversion between them, that may not be very much. People will move out of a decaying monetary system if: A. the new system is as easy to get as the old; and B. the new system is as easy to spend as the old. If the person who gets the keys simply uses them on a small scale, then the resulting inflation and loss of value can simply be dealt with using the discount mechanism. It's no longer infinite risk.
Basically, the criminal in this scenario has a choice between greed and vandalism. If he's motivated by greed, and he's clever, he'll push things slowly in the inflationary direction, as you describe. If he's a vandal or terrorist at heart, however, he might get more satisfaction out of generating the equivalent of overnight inflation at the billion-percent level. That's not a decaying monetary system, it's a suddenly-collapsing monetary system. The only difference between those two scenarios is the quantity of bad money the criminal chooses to print and distribute. (Note that this is very different from physical counterfeiting, where the logistics of actually feeding trillions of dollars into the money supply are quite daunting, and make the catastrophic-vandal scenario more or less impossible.) Excerpts from mail.limbo: 6-Dec-95 Re: Geodesic Payment System.. Peter Monta@qualcomm.com (892*)
Why "the bank", rather than "all banks"? If there is a single cryptographic point of failure in a widely used ecash system, it seems unlikely that diversity would buy you anything. The worry would not be the compromised keys of a single bank, but rather, say, an effective cryptanalysis. I would put this in the supernova class; it may be just as unlikely.
There's a big difference between breaking the algorithm and stealing the keys. To break a cryptographic algorithm requires either a revolutionary mathematical discovery or the discovery of a subtle coding flaw. The former is in the supernova category, and the latter is probably in the "major hurricane" category. However, stealing the keys is a relatively simple computer crime. You break into a computer somewhere and steal some information. It only breaks a single bank, but that's enough to satisfy most criminals..... -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> | (Tense Hot Alien In Barn) Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON: FAQ & PGP key: nsb+faq@nsb.fv.com | http://www.netresponse.com/zldf
Nathaniel Borenstein <nsb@nsb.fv.com> writes:
Excerpts from mail.limbo: 6-Dec-95 Re: Geodesic Payment System.. "E. ALLEN SMITH"@mbcl.ru (1656)
The risk in question is not infinite-cost. If the person who gets ahold of the keys starts simply making lots and lots of money, in a free market the prices in digital cash for everything will start going up. This phenomenon will be spotted, and those taking the particular variety in question will stop accepting it. Losses are limited to however much was out there at a given time, and if there are multiple systems with free-market interconversion between them, that may not be very much. People will move out of a decaying monetary system if: A. the new system is as easy to get as the old; and B. the new system is as easy to spend as the old. If the person who gets the keys simply uses them on a small scale, then the resulting inflation and loss of value can simply be dealt with using the discount mechanism. It's no longer infinite risk.
Basically, the criminal in this scenario has a choice between greed and vandalism. If he's motivated by greed, and he's clever, he'll push things slowly in the inflationary direction, as you describe. If he's a vandal or terrorist at heart, however, he might get more satisfaction out of generating the equivalent of overnight inflation at the billion-percent level. That's not a decaying monetary system, it's a suddenly-collapsing monetary system. The only difference between those two scenarios is the quantity of bad money the criminal chooses to print and distribute. (Note that this is very different from physical counterfeiting, where the logistics of actually feeding trillions of dollars into the money supply are quite daunting, and make the catastrophic-vandal scenario more or less impossible.)
A few rambling thoughts on the same subject: I see a couple of risks that a potential customer would consider (akin to the risks of owning a real-world exotic currency): 1. The risk that she'll accumulate some electronic money and won't be able to exchange it conveniently for something else (goods, services, other forms of money). Imagine holding a quanitity of central-african francs or belarusian zaichiks in a rural area in American Midwest. This currency may be worth a lot in some geographical areas (like New York City), but no bank will take it in the accursed fly-over :). (Someone I know brought back some sheqels from a trip to Israel and had lots of trouble finding a bank willing to exchange those for US dollars.) Likewise if your interner connection suddently goes under, you may not be able to trade your electronic cash until it's restored. 2. The risk that the electronic money will lose its value, e.g., because someone issues a lot of it. In real life, this is comparable to the situation where you own, e.g., a pile Mexican pesos, and the government of Mexico decides to print a lot of pesos, while changing the exchange rate so now you can get more pesos for a dollar than you could when you got your original pile. Hence, your pile is worth fewer dollars than it did before. In real world, gold, silver, beads, fishhooks, whale teeth, whiskey, seashells, cigarettes have all been used as money (medium of exchange / store of value) because the users could be certain of their scarcity. There's the risk that someone will find a way to forge electronic money so its exchange rate will fall. I see an entrepreneurial opportunity in these risks. I'm not necessarily going to do it myself, but perhaps someone will find this idea useful. First, let us recall how in real life currency owners limit their risks by hedging. A most common hedge is an option. Let's suppose that I hold $1M worth of DEMs, and can currently readily exchange them for USDs at, say, 1.40. I enter into a contract with, say, my good friend Alexplore, specifying 2 things: 1. I now pay Alexplore $1,000 (Hey, I'm making this up!!!) 2. At any time during the next 3 months I can give Alexplore my DEM's and he'll give me back USD's at, say, 1.35. (Of course, the contract specifies the maximum amount of DEM's I can force him to buy from me.) If the exchange rate never falls below 1.35 during the 3 months, I let the option expire and Alexplore keeps the money; my loss of $1000 is his gain. If the exchange rate does fall below 1.35, I'll probably excersice the option. My loss is limited to the change from 1.40 to 1.45; any further loss is Alexplore's (partially offset by the $1000). Alexplore is betting that the exchange rate won't hit 1.35; I'm just limiting my potential losses. In effect, Alexplore had sold me an insurance policy with a small deductible. Another an example familiar to most people is insuring one's car or a house. Suppose I own a house worth $200,000 (we actually don't) and buy a fire insurance for $1000. If the house doesn't burn down within a year, the insurance premium is my loss and the insurer's profit. If it does burn down, I probably have a claim against the insurer. Of course, there's an additional small risk that the insurance company will go under or renege on the contract. Moreover, the insurer can insist that, e.g., the house be inspected for fire code violations before the policy goes into effect. How then can this insurance of assets be emulated with electronic money? Well, an individual or an organization X that's fairly confident that electronic money is "safe" could offer offer the following contract: a money-holder Y pays X an sum of real or electronic money. During a fixed period of time Y may chooses to ask X to exchange some electronic money (up to a maximum amount based on the initial payment) for real money at an agreed-upon discounted rate. For example, Y might pay X $10 for the right to ask X to accept up to $1000 of (dollar-denominated) electronic money at the rate of 90c of "real" money per electronic dollar. The exchange rate is discounted so Y won't choose to exercise the option until there's a real problem with the money (a deductible of sorts); and the payment required to insure a certain amount of electronic money is negotiated based on X's and Y's perceptions of the risks involved. If electronic money works as well as many of us hope it will, then X just made $10 for nothing. But if the money goes bad, then X has assumed most of Y's risk. X may impose security conditions on Y; e.g., only insure the money that was received using an X-approved encryption. For added assurance, X should be independent from the organizations that now issue electronic money. X also has to convince Y's that he has the resources to satisfy the claims if the shit hits the fan. Keep in mind that X assumes a tremendous liability and hopes never to pay up. In the 80's many elderly investors essentially insured others against a sharp drop in the market. They were badly hurt during the crashes of 87 and 89. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
participants (3)
-
dlv@bwalk.dm.com -
Nathaniel Borenstein -
rah@shipwright.com