CDR: Re: Public Key Infrastructure: An Artifact...

Greg Broiles gbroiles at netbox.com
Thu Nov 16 19:23:20 PST 2000


On Thu, Nov 16, 2000 at 04:38:53PM -0800, Ed Gerck wrote:
> So, you think that  credit-cards deals would not need names or any real-life id, just assets?

I've never had to show ID to get a credit card; I also have two credit
cards under names (mildly) different from that on my birth certificate.
The issuers don't seem to care. Store clerks very rarely ask for ID,
and they don't seem bothered by the minor discrepancy in textual form
of my name(s), much less the possibility that there may be many other
meat-things using the same text string as their identifier. (My name
isn't that common, but there's at least one other person in California
with it; people with more common names must run into this a lot more
often.) 

I haven't done this myself, but I gather that it's really easy to get
"the system" to adopt a wildly different last name than the one on
your birth certificate, merely by mentioning that you've been married.
It seems to be customary for some people (frequently women, but not
exclusively) to adopt a different name at that time; nobody bats an
eye about this. I'm aware of one person who's got at least 4 very 
different names which she uses in different social settings - one's
the name she was born with, another is a name she assumed after one
marriage, another is a name she assumed after another marriage, and
the fourth is a combination of some of the above names. She doesn't have
ID for all of those names - just uses the one that seems appropriate
to the circumstances. 

> 
> Surely, the merchant gets paid regardless, even  if you use a false name.  But this is not the
> end of id fraud. The bank still goes after the money...and uses the law against fraudulent
> practices to enforce the cardholder agreement, or criminal statues. If Mr. X uses his wife's
> credit-card, Mr. X is technically committing id fraud, and wire-fraud. Of course it works most
> of the time... But when it does not, and someone comes enforcing, someone will ask, did you
> Mr X, uses Mrs X's credit-card, and represent yourself thereby as Mrs X?

I'm not at all ready to accept your "id fraud" or "wire fraud" arguments - 
depending on the fact situation, maybe, but it sounds more like a
variation on unauthorized use of another's credit card .. a charge which
hinges on the *unauthorized* use, not on the difference in identities. It's
not fraud at all for person X to use person Y's credit card, so long as
person X has permission/authority, and doesn't misrepresent the transaction
to third parties.  

Besides, that's got nothing to do with the different parties getting paid -
on the outside, maybe the credit card company can recover some restitution
from a fraudulent user in sentencing after a criminal conviction. The 
parties in the criminal action are the government and the accused, however,
not the credit card company nor the merchant, so I still think that 
the identity of the parties does not turn out to be crucial to successful
completion of the transaction.

Plenty of people skip out on debts where there's no (extra) ambiguity about
identity - and plenty of other people pay debts or fulfull obligations which
are apparently not strictly speaking theirs, but those of a closely 
related entity.

Most of the time, most people "do the right thing", and when they don't, 
the problem isn't likely to be one that's solvable with more intrusive
"identity" practices on the part of one or the other of the counterparties.
(Ed, I think this is your point about how most e-commerce "security"
depends on a violation of privacy.)

The "identity" bugaboo plugs straight into the "then you go to court and
someone goes to jail" protocol debunked famously by Doug Barnes some
years ago - I don't know if his discussion of that is still online, but
it boils down to the insight that courts and litigation aren't very
useful in a commercial context; it's faster and cheaper to either
avoid bad trades proactively, or abandon them quickly in favor of other,
good trades, and not cry over spilt milk.

(And that runs straight into game theory and the Prisoners' Dilemma and
the slow-moving background discussion/argument between Bob Hettinga who
sometimes seems to be saying that anonymity is cheaper than not, and
Wei Dai, who says the opposite.)

--
Greg Broiles gbroiles at netbox.com
PO Box 897
Oakland CA 94604





More information about the cypherpunks-legacy mailing list