Internet Banking

[Michael C. Berch]

(First of all, I just wanted to say hello, especially to those of you I
met for the first time at the Cypherpunks BOF last night at Usenix.)

I caught up on the digital banking thread and have a few thoughts
about future banks, financial privacy, and nonregulation issues,
especially how they relate to the way things are done now.  

What is important to me in an ideal bank, in roughly descending order:

1. Security.  The bank will not disappear, steal my money, allow others
to steal my money, or unwarrantedly cut off my access to it.

2. Convenience.  I can easily and reliably spend the money I have on deposit,
deposit funds from elsewhere, and communicate with the bank regarding
my accounts.

3. Privacy.  The bank will not (or, possibly, cannot) reveal details
of my financial situation or transactions to others including the
government.  

4. Credit.  The bank will loan me money for appropriate purposes if
needed (and my credit rating is acceptable).

The financial institutions I currently deal with do a pretty good job
of all of these except (3), which is not their fault but is the
government's.  (Except for crud like banks that use trivial keys like
your SSN for access to banking by phone.)

No. 1, security, is a problem with anonymized, offshore, network
banking.  Today we rely on a combination of reputation and regulation
to provide bank security -- the banks we deal with stress size,
longevity, permanence, etc., in their marketing campaigns, and there
are mandatory reserve requirements and mandatory deposit insurance.
Reputation should translate pretty well in our idealized banking world
-- what is better than the electronic word of mouth of the Internet?
But in a nonregulated environment, there will have to be private
deposit insurance which could easily have some bootstrap problems in
building the initial market.  

Convenience, #2, should be a vast improvement.  Freed from the
necessity and cost of maintaining a network of impressive physical 
edifices of Federal-style architecture, and coupled with more-or-less
ubiquitous networking and computing, banks can concentrate on giving
ultra-fast, efficient transaction services via authenticated e-mail
and customer services via a Web-like server. 

I envision transactions ending up in two big buckets: card services
and "cheque" services.  Cards are for when you are wandering around,
and e-mail "cheques" are for paying regular bills.  The card system,
insecure at it is, is fast becoming universal; I stopped carrying a
checkbook around years ago and use credit cards for all possible
transactions: you get a comprehensive statement at the end of the month with
the names of all your vendors, and you also get a nice premium for
using their transaction services (mine is airline frequent-flyer miles).
In any future banking system one must assume that card-based
transaction service will be the main, if not only, means of
casual transaction, and it will be up to us to to build in the
ncessary privacy and authenticating schemes to make this a trustable
system.  I find it difficult to imagine large-scale displacement of
institutions like VISA, MasterCard, and Amex, simply because they do
what they do (provide instant POS credit authorization, guarantee
merchants quick payment, etc.) very well.

While e-mail "cheques" are attractive because the mail infrastructure
is almost entirely there already, I wonder if they will ever become more
than a small percentage of total transactions, possibly limited to
pre-authorized direct drafts for such things as utility bills, and
maybe mail orders and transactions between individuals.  

#3, privacy, is a very difficult issue because of the regulatory role
of the government.  Because of the degree to which strong financial
privacy threatens government power (especially taxing power; see
previous messages on this) I can easily imagine that (1) banks doing
business in or "touching" the US and most politically similar
sovereignties will not be able to prevent themselves from disclosing
identity and transaction information about their customers, and (2)
people will probably be prohibited from dealing with these banks if
they are in fact beyond the reach of legal process.

This leads to the key question: should one trust (i.e., disclose
one's identity to) or not trust one's bank?  It would certainly be nice 
to be able to trust your bank, as it makes things much easier for all
parties.  They would be able to freely grant you credit (#4 above),
since you could verifiably prove your assets, real property,
employment, etc.  But if you trust your bank, then they may be forced
to disclose your identity to the government under legal process.  Thus
it is probably best to postulate a banking system that does not
require trust.

This complicates #4, credit.  I can envision a system of vouched-for
indirection (not unlike signing PGP-keys) that would allow you (the
borrower) to disclose assets/earning capacity to a trusted third party
that would certify to a lender that you (known to the lender only as a
numbered account) are credit-worthy.  If it can be made possible
to break the traceability link between the credit-vouching agency and
the lender, privacy may be possible.  One problem may be that 
credit-vouching agencies cannot easily be "offshore", since they may
need to examine your real estate (or whatever) though this could be
done, perhaps, by appraisers or other local agents.  

Comments?

--
Michael C. Berch
mcb at net.bio.net / mcb at postmodern.com / mcb at remarque.berkeley.edu