Searching for the term "Big Business" in the original cpunks archive I found the below quoted discussion. It's pretty interesting because it deals with chaum, closed source hardware...and all the usual stuff. And notice the screeching noises that metzger makes when Hughes doesn't toe the corporatist party line. As to metzger, the guy is a typical fake libertarian and true fascist with a german sounding surname, so I'd bet a couple of cents he belongs to the jooish master race. And funnily enough, it turns out that metzger used to use this address <pmetzger@lehman.com> - yep! that's the arch jew thieves lehman brothers. So a corporate fascist at lehman brothers hates cryptocurrencies while posing as 'libertarian'? Who would have thought that... 1 ------ From: hfinney@shell.portal.com Date: Mon, 23 Aug 93 10:35:19 PDT Subject: Chaum on the wrong foot? A lot of our discussion is influenced by the ideas of David Chaum. He pioneered technology which could protect individual privacy while allowing very flexible sorts of credentials and guarantees. He has also played a big role in the various proposals for digital cash. But I think that Chaum has gone off in the wrong direction in the last few years. More and more he is concentrating on protocols which rely on a tamper-proof, hardware implementation of a cryptographic protocol which he calls an "observer". This observer chip would sit in your computer (which could be a Newton-style PDA or a smart card) and would play an important part in the exchanges of information, cash, or credentials which you would make with others. The observer basically makes sure you are telling the truth in your transactions, that you are not double-spending your digital cash, or not claiming a credential which you don't have. Now, this approach has the obvious advantage that it allows solving certain problems which can't be solved otherwise. There appears to be no way to provide for secure, off-line digital cash, for example, other than with something like an observer. But it has the equally obvious problem of relying on a tamper-proof chip as a necessary part of the protocol. Recently it seems that many of the papers out of his group are designed to explore observer-based protocols. This means that these ideas are not useful for software-only implementations. One of the (relatively few) strengths that we and the forces we represent have is that free software can be spread very far and very fast, making it hard for those opposed to privacy to successfully stop our efforts. Any technology based on special chips is going to lose these advantages. Another problem with the observer is psychological. Although Chaum goes to great lengths to design his cryptographic protocols so that even a cheating observer can learn effectively NOTHING about the computer user that would compromise his privacy, people may still feel uncomfortable about having a mechanical "conscience" in their pocket. People want to feel in control of their computers, and I think supporting this control is a big part of the Cypherpunks philosophy. A related point is that there have already been comparisons on sci.crypt between Chaum's observers and the Clipper chip, in that both rely on tamper-resistant technology to implement features which are not entirely in their owner's best interests. Assuming we do manage to successfully defeat Clipper, the taint of this association may increase resistance to observers. I wish Chaum and his group would stop directing their efforts towards protocols which require an observer chip to be effective. Granted, there are some things that don't work as nicely without observers. But I think that a realistic appraisal of the pros and cons suggests that non-observer protocols are more likely to further our ultimate goal of personal privacy. Hal Finney hfinney@shell.portal.com 2 ------ From: tcmay@netcom.com (Timothy C. May) Date: Mon, 23 Aug 93 15:45:21 PDT Subject: No digital coins (was: Chaum on the wrong foot?) There is no silver bullet! Here are some comments about why there are no easy to use "digital coins," and why the digital money protocols are so complicated and involve banks, tamper-resistant modules, and other things that may not be make difficult some of our Cypherpunks goals. I agree with Hal Finney's basic point about David Chaum's current direction: it is not precisely the direction I'd like to see. However, in Chaum's defense, his is only one group and can only do so much. I don't see other groups pursuing digital cash with the same vigor and depth, save for the occasional paper about "electronic wallets" and so forth, and so Chaum is doing what he is doing. It is possible that someone here in Cypherpunks will develop some form of competing system. (Bear in mind, though, that these protocols are notoriously complicated, and involve issues of forgery, spoofing, denial (that a transaction occurred), tax laws, and so on.) One of Hal's points deserves special comment: (speaking of the observer protocol)

Now, this approach has the obvious advantage that it allows solving certain problems which can't be solved otherwise. There appears to be no way to provide for secure, off-line digital cash, for example, other than with something like an observer.

There are no digital coins. A physical piece of gold, the canonical piece of money, is essentially imposssible to counterfeit/forge, so coins can be passed from person to person, person to shop, to banks, to tax collectors, etc. It is the ultimate "bearer instrument." Importantly, the flow of such money is "conservative" in that the total amount of such money is constant...no amount of trickery or protocol complexity can increase the amount present, and only loss of the physical coins can reduce the amount. Paper currency is ostensibly a parallel to physical money (at least in countries on a gold or silver standard, which the U.S. is not any longer). Strong currencies (DM, yen, dollar, SF...though this is all debatable) still have some of the "conservative" nature, because the bills/notes are very difficult to counterfeit and are exchanged as physical items or tokens. I won't get into things like VISA transactions, promissory notes, etc., except to say they are quite a bit less "tangible" (anyone who has gotten unexpected VISA transactions, triggered by someone out there, understands that the transactions are much less straightforward and tangible). A problem with digital money has always been that there apparently is no close equivalent to a digital coin, a token which can be passed around freely, as a quarter or a dollar bill can be. The reasons are obvious: a cryptographic number can be trivially duplicated (counterfeited/forged) and presented to a second or third person. Thus, the receiver of such a piece of digital money must confirm that it has not already been spent, that some bank will redeem it for "real" money, etc. Digital coupons have this same problem. (Real coupons are made fairly counterfeit-resistant, as are such things as lottery tickets. Lottery tickets also use a clever scheme whereby the winning number, the thing that gets announced, is hashed/transformed into another number with a secret key, and this second number is also printed on the ticket, but would-be spoofers are unable to generate the second number.) The complicated Chaum protocols, which now are going in the direction of the tamper-resistant "observer" chips (in smartcards, PDAs, etc.), address these issues of spoofing, denial, counterfeiting, etc., in various ways. Later, Hal makes another good point:

A related point is that there have already been comparisons on sci.crypt between Chaum's observers and the Clipper chip, in that both rely on tamper-resistant technology to implement features which are not entirely in their owner's best interests. Assuming we do manage to successfully defeat Clipper, the taint of this association may increase resistance to observers.

I wish Chaum and his group would stop directing their efforts towards protocols which require an observer chip to be effective. Granted, there are some things that don't work as nicely without observers. But I think that a realistic appraisal of the pros and cons suggests that non-observer protocols are more likely to further our ultimate goal of personal privacy.

It seems likely to me that even now a group within the bowels of the NSA and NIST is developing a "digital money clipper" (a euphonious pun?), that is, a standard for digital money with similar sorts of backdoors, emergency doors, etc., that Clipper has. NSA/NIST surely knows of the pressures for digital money, and could plan to introduce their own standard. Instead of "LEAFs" for the FBI and other law enforcement, this one could have "IRS observers" and "money-laundering observers" (this is wild speculation, I'll grant you) which tie-in to currency exchange reporting, sales tax, and income tax law enforcement systems. It may be that Chaum, who is eager to actually get some sales to groups within Europe and elsewhere, is already responding to some pressures for "accountability" (the digital money version of "wire-tappability") by various European governments and the observer protocols are an effort to satisfy some of these concerns. (I am not accusing Chaum of anything, just speculating that some groups developing digital money--and Chaum is the clear leader here--may have market or legal constraints which are shaping their focus away from the digital money = untraceable cash = crypto anarchy direction many of us favor.) A "Cypherpunks digital money" system may be more urgent than ever. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. 3 ------ From: hughes@ah.com (Eric Hughes) Date: Mon, 23 Aug 93 18:41:41 PDT Subject: Chaum on the wrong foot? I applaud Hal's insight into Chaum. I was in Amsterdam last year for a few weeks working for/with him, and I can substantiate what Hal says. I was only there for six weeks, which was supposed to have been the start of a longer relationship, but I got out.

But I think that Chaum has gone off in the wrong direction in the last few years. More and more he is concentrating on protocols which rely on a tamper-proof, hardware implementation of a cryptographic protocol which he calls an "observer".

The observer, owned by the user, opens a communications channel to a chip and to a central computer, both controlled by some company. The observer then mediates the communication between the chip and the central computer to make sure that no privacy information leaks out.

There appears to be no way to provide for secure, off-line digital cash, for example, other than with something like an observer.

This statement, while certainly true in Chaum's mindset, I no longer believe to be true. The question hinges on what 'security' means. To Chaum, it means that fraud losses are a mathematically perfect zero. To a real business, however, the losses must be bounded. The smaller the bound, the better, of course, but real financial service companies can and do tolerate some loss due to (technological) fraud. If the cost of the perfect system is more than the losses from fraud, there's no point in deploying it. Make no mistake, the observer system is expensive. The reasons smart cards are not more widely deployed is that they're too expensive per card. The observer protocols requires both a smart card and a small hand-held computer!

This means that these [observer] ideas are not useful for software-only implementations.

Not only not useful, but totally inapplicable. The observer model relies upon the fact that the computations inside the chip are unknown to the user. This just can't be the case with a software-only system.

I wish Chaum and his group would stop directing their efforts towards protocols which require an observer chip to be effective.

This just won't happen. The observer protocols are *patented*, you see. Anyone can design and build observers, because the spec is public, but you've got to pay up. Chaum seems to be basing his whole strategy for the future on observers. I think it's a gross strategic mistake.

I think that a realistic appraisal of the pros and cons suggests that non-observer protocols are more likely to further our ultimate goal of personal privacy.

Amen. Eric 4 ------ From: hughes@ah.com (Eric Hughes) Date: Mon, 23 Aug 93 19:27:04 PDT Subject: No digital coins (was: Chaum on the wrong foot?) Tim:

There are no digital coins.

Gold obeys a mass conservation law. Information as such does not. Everything unique about digital money stems from this basic observation. Here is a thought problem to illustrate. If money were required to be able to be xeroxed, would you be able to make a monetary system? The answer is yes, but it doesn't act the same way as a coinage system.

A problem with digital money has always been that there apparently is no close equivalent to a digital coin, a token which can be passed around freely, as a quarter or a dollar bill can be.

It is a problem only if you want to design a digital coin. Once you rid your mind of the need for that, it's not a problem but a design constraint.

It may be that Chaum, who is eager to actually get some sales to groups within Europe and elsewhere, is already responding to some pressures for "accountability" (the digital money version of "wire-tappability") by various European governments and the observer protocols are an effort to satisfy some of these concerns.

No. This is way off the mark. Chaum's complete and overriding goal is privacy, sometimes to the exclusion of other desiderata. The observer protocols sacrifice nothing in the way of privacy, but perpetuate and reinforce the subservient economic relationships between individuals and large financial institutions. The system is assymetrical; the central computer talks to its chip through the observer. There is no room here for person to person interactions. The barrier to entry to deploy chips is high, as well. In other words, the observer protocols preserve chasm of relative size of Big Business over and above the individual. This is a benign oversight, to be sure; all the individuals look alike. (You thought you were a number before? Now you're a _random_ number!) Nevertheless, the observers are not egalitarian; they are the model of cable TV as opposed to the telephone network, of newspapers as opposed to electronic mail. Chaums got privacy down, but I don't want the rest of his world. No way. Eric 5 ----- From: "Perry E. Metzger" <pmetzger@lehman.com> Date: Tue, 24 Aug 93 07:16:50 PDT Subject: Re: No digital coins (was: Chaum on the wrong foot?) Eric Hughes says:

No. This is way off the mark. Chaum's complete and overriding goal is privacy, sometimes to the exclusion of other desiderata. The observer protocols sacrifice nothing in the way of privacy, but perpetuate and reinforce the subservient economic relationships between individuals and large financial institutions.

In what sense are you "subservient", Mr. Hughes? The institution and you have a contractual relationship in which they hold your money for you and in exchange handle all sorts of inconvenient tasks, in exchange for your having to pay them for performing these tasks by letting them lend out your money. You can usually touch your money at any time, though. Doesn't seem to be terribly abusive. What do they do to you that's so bad? Charge you for performing services? Shudder -- how horrible! Capitalism! Ohmygod! In any case I see no reason that small groups couldn't start digital cash issuing organizations, just as very small groups can also form banks -- you'd be suprised how small some credit unions are. Although the cost of the infrastructure is high to DESIGN, it will presumably be commercially available to any entity that wants to deploy it.

In other words, the observer protocols preserve chasm of relative size of Big Business over and above the individual.

What is wrong with large organizations per se? Perry 6 ------ From: hughes@ah.com (Eric Hughes) Date: Tue, 24 Aug 93 11:15:28 PDT Subject: No digital coins (was: Chaum on the wrong foot?)

Charge you for performing services? Shudder -- how horrible! Capitalism! Ohmygod!

I count this comment as an intentional misreading of my position. I am not a libertarian, nor is it likely that I ever will be. I've also read E. F. Schumacher's _Small is Beautiful_ and thought much of it was just plain wrong, or, at best, unprovable. I read your words as an attempt to enforce a sort of libertarian political correctness, as insulting as that phrase will no doubt be to you. The agenda of privacy is orthogonal to most partisan political positions. As strong as the libertarian presence is on this list, it is by no means the only view. It is precisely because cypherpunk issues cut clean across the political spectrum that they are so powerful. I expect no one here to wear seamless garments of any cut or cloth. There are many on this list whose personal agendas call for making the world safe for greater accumulations of capital. This is not at all my agenda, yet I have put aside my repugnance at this in pursuit of a common goal. While I expect no one to hold to any particular view, I do expect that everyone here treat opposing views with respect, or better yet, with silence. The cypherpunks list is about creating privacy. We assume that everyone here wants the availability of more privacy than they currently have. We need not debate the particulars of these reasons, nor need we suppress the statements of these reasons. I am perfectly happy with individuals stating their own reasons for desiring privacy; these statements are powerful and useful, yet they should not engender debate on this list as to their propriety. Should anyone insist on debating belief, private e-mail is always available. I know that when the goals of personal privacy are achieved that the people and opinions that currently cohere on this list will fragment and splinter. I do not want this dispersal to happen, however, before our goals are acheived. Disrespect for each other, or, in other words, bone-headed stupidity, will certainly accomplish a premature dissolution. Let us work together while we need to, and no longer. Eric