Problems with anonymous escrow 1

Jason W Solinsky solman at MIT.EDU
Mon Aug 29 16:38:16 PDT 1994


> The obvious problem I see with anonymous escrow agents is that it is
> much harder for them to become and stay trustworthy.  With an
> identified (non-anonymous) agency, you can have a lot of information
> on which to base your judgement.  You can look at its assets, at its
> employees and hiring procedures, at its record.  You look at the
> jurisdiction in which it operates and judge what protection the legal
> system may offer.  You can look at other agencies in that jurisdiction
> and what their track record has been.

Why this dichotomy? A cyberspatial entity is somebody who owns a secret
key. If said entity wants to maximize its anonymity it will reveal
nothing about itself. If said entity wants establish the strongest
possible reputation, it will reveal all (and lock itself into doing so
ahead of time). Since it is enourmously difficult to deal with an entity
with no reputation and since it requires a substantial amount of effort
to establish certified facts about the nature of a cyberspatial entity,
one would expect most (if not all) to exist somewhere in between the two
extremes.

> I would guess that most of that information would not be available
> from an anonymous escrow agent, at least not in a validated form.
> Perhaps some of it could be done with credentials (a blinded statement
> from a reputable accounting firm that (this?) escrow agency has assets
> of $X).  But generally thinking I think it will be very difficult to
> get nearly as much high-quality information about an anonymous escrow
> agent.

Agreed. The forms of information that one might need certified are so
varied that the cyberspatial infrastructure needed to support this
system would be massive. But in the mean time, I would expect insurance
to pick up the slack. Under any such scheme the customer doesn't bother
looking at the entity's credentials... it just looks at the insurance
contract given by the insurance company to the customers of the entity
via a blind signature.

> This leaves the possibility of using its public record to judge
> trustworthiness.  It may be able to offer certified statements (again,
> credentials of a sort) from earlier customers to show that it behaved
> honestly.  Tim has suggested "pinging" such businesses, performing
> various dummy transactions to make sure that they are still behaving
> honestly.  All this can help establish a record, but how well can this
> be extrapolated into the future?

The problem with reputations of this form is that it is difficult to
verify that the customer's opinions were not pre-selected. Otherwise a
business could work under several different pseudonyms, combine only
those pseudonyms receiving rave reviews, and leave you with the
impression that they never had a displeased customer. Of course this
happens to a degree in the real world today. 

> The problem with this is that keys are not people.  People, and
> businesses, have a certain continuity, a certain predictability.  Keys
> do not.  A key may change its personality, literally overnight, and
> you will not have any warning about this.

That sounds an awful lot like a person to me.

> In an identified business,
> if it changes hands, acquires new management, or has some other change
> which might lead to new behavior, you generally have some warning
> (especially if it is a business which is selling trustworthiness, in
> which case it will probably provide customers with an unusual degree
> of access to the business's internals.)  But with an anonymous
> business this is not the case.  An escrow agent who has been as steady
> as the sunrise for years may, without any warning, become totally
> dishonest.  Hidden behind the shield of anonymity there is no way for
> its customers to discover the change.

I strongly refute the notion that anything other than federal regulations
prevent this situation from existing in the real world today... And federal
regulations can be replaced by cybergovernments.

> What are the motivations for an anonymous escrow agency to stay in
> business, to not take the money and run?  Legal sanctions would
> presumably be ineffective.  One proposal is that as long as the
> expected future stream of income is worth more than the current value
> of all contracts being held by the agent, it is worthwhile for it to
> be honest.

This is easy, prevent the agent from taking the money without the
agreement of a set of other parties. Hold money in escrow from the
escrow.

> Again, with an identity-based business these kinds of changes will be
> monitored closely by customers.

A key IS an identity. In terms of dealings with corporations there is
no situation in which the official name of the corporation is any more
useful than the key. When dealing with humans, yes a system which
prevents an individual from every changing names can be very valuable,
but such a system is difficult to maintain and requires of high level
of physical realm support.

JWS






More information about the cypherpunks-legacy mailing list