Making Money in Digital Money

[Tim May]

On Friday, April 25, 2003, at 06:50 PM, Adam Back wrote:

> On Fri, Apr 25, 2003 at 03:32:42PM -0700, Tim May wrote:
>> I have a _completely_ different impression of which model has been
>> more prominent around Cypherpunks.
>
> Most people I've noticed prefer to avoid the "and then he goes to
> jail" step because it invites regulation and government involvement,
> is expensive and unappealing.  It also involves a identifying
> registration step to participate which is a barrier to entry.

For now, I only want to say something about this.

Not _exactly_ about this, but about the desire some players have to do 
certain things. These players being:

-- some implementors 

-- and ESPECIALLY some start-up companies working to deploy systems (I 
don't necessarily mean ZK, but if the shoe fits....)

-- and EVEN MORE ESPECIALLY most banks and financial institutions 
connected to these efforts

And here's what they want to do:

-- make money (a noble goal, but sometimes not realizable directly with 
an idea)

-- avoid prosecution under the Freedom from Traitors Act, the 
Anti-Money Laundering Act, RICO, etc.

I think it may just not be possible for some bright programmer to 
develop a solid digital money (henceforth, DM) system and deploy it 
while still making money, avoiding some kind of prosecution or lawsuit 
(civil lawsuits for many different reasons).

A solid DM system, which Adam more or less included in his taxonomy of 
DM proposals, is a substantial threat to many special interests, to 
many governments, to various crime families (Corleone, Bush families), 
and so on. We've discussed the implications so many times it hardly 
bears repeating for me to even start on a laundry list.

In many ways, the situation is a bit analogous to the dawn of printing, 
or to the dawn of radio. Entrenched interests affected, societal 
changes triggered. And while we don't have the Church to worry about 
today, we have millions of lawyers and regulators, ready to pounce on 
anything that has not been done before, ready to file lawsuits and RICO 
prosecutions at anything that smacks of tax evasion, money laundering, 
illegal financial support for outlawed religions, child porn, and on 
and on. Again, I won't compile a laundry list.

If one thinks of "acceptable use policies," or Ebay's neverending dance 
with prosecutors and investigators over things bought and sold on their 
system, or Napster, the nightmare of having several floors full of 
lawyers to deal with these suits and prosecutions must be daunting to 
any established business thinking about providing untraceable DM. (Real 
money, real cash, would never get approval were it being introduced 
today, just as aspirin would never get FDA approval...perhaps a slight 
exaggeration, but the basic point is valid.)

OK, where is this going? To cut to the chase:

* Real DM will likely be introduced in a guerilla fashion, much as 
Pr0duct Cypher anonymously released Magic Money a decade ago. To this 
day, the identity of PC is unknown (though some folks think it must be 
a person with the initials _ _ ...naw, I'll leave the guessing off of 
the archives here!).

* Releasing a DM system anonymously means no credit for the developer, 
except whatever satisfaction he gains from the work, from seeing the 
foundations shaken, and perhaps from a small group of friends who 
suspect it was his work. And he may be able to eventually prove 
authorship, or carefully set the release up so that he escapes 
prosecution.

(Recall that PRZ was hounded and almost indicted for export of PGP when 
quite clearly he was not involved in the export, when that person named 
by Jim Warren (with initials _ _ ) was the one who apparently was a key 
player in the export. Consider the various RICO and Terrorism 
implications of a DM system which makes tax evasion, purchase of child 
porn, etc. suddenly very possible.)

* In my view, not necessarily the view of everyone in the DM community, 
the Big Win for solid DM is in illegal markets, e.g., buying and 
selling child porn, bestiality, snuff images, etc., and in untaxed 
betting, buying and selling corporate information, and all the things 
which untraceability of a very strong form is needed for. Again, this 
laundry list of applications has been around for a long time. (I was 
invited to address a group in Redwood CIty at the home of Phil Salin in 
the summer of 1988, and outlined BlackNet, escrow accounts, contract 
killing markets, data havens, etc. The stuff mentioned in my Crypto 
Anarchist Manifesto, issued that summer.) All well known, and very 
controversial, applications. Applications the Feds will expend great 
amounts of money to try to stop. But it is this kind of an application 
that someone will be motivated to set up an untraceable DM account 
for...casual users will not even bother with PGP, let alone DM.

* These applications are different from the "low value - low 
transaction cost" section of the scatter plot of "value of the 
information being  hidden vs. cost to hide it" graph. At the low end, 
what I have sometimes called the "millicent ghetto," we have anonymous 
payments for subway travel, where the value of untraceability is fairly 
low and where the costs of getting it must then of course be 
proportionately low. This is the area where work on PDAs and smartcards 
touches on DM. Not very Cypherpunkly interesting, in my view.

Higher on the value-cost graph might be remailer uses. Or buying Web 
pages. (Where one is willing to pay a few pennies per article to ensure 
that Big Brother can't compile dossiers.)

And of course far to the right on the value axis and up on the cost 
axis are the uses where the cost of getting caught buying child porn, 
for example, is a multi-year prison sentence. Those in pedophile and 
similar trading rings are likely to be willing to pay a lot for 
protection. (Note that encryption, which they often use, is only one 
part of the total solution: their VISA bills and money orders are 
usually where they get caught. An untraceable DM system is needed. And, 
as we have discussed many times, much more than Chaum's "buyer is 
untraceable" is needed, as the FBI can set up stings to find the 
_sellers_.

(For those squeamish with my use of child porn as an example should 
construct their own examples. ONe wag refers to sellers of images of 
"Women Without Veils" as a Western-friendly example. I like to cite 
selling birth control information: illegal in most Islamic countries. A 
DM system for such uses must be both buyer- and seller-untraceable. And 
probably bank-untraceable, though that's for another discussion.)

* Anyone releasing such a strong DM system should be targeting the high 
end applications, where the needs for untraceability are very high and 
the willingess to pay the costs (in training, in network resources) is 
also high.


* In my view, most who have looked to enter the DM market (such as 
Digicash, Mark Twain Bank, etc.) have shied-away from precisely the 
areas where untraceability meets a real market need. Most people don't 
care much about untraceability of tiny transactions (examples 
abound--even in my own case, I use my bank cards for nearly any 
purchase that is not small change).

* But to release a product which meets these needs is to invite real 
trouble!

(I met with two of the founders of Zero Knowledge entering the 
"untraceable mail" business several years ago. I outlined cases 
including users threatening the PM of Canada and of extortionists 
threatening to blow up a plane. And child porn. I argued that a company 
with a readily identifiable nexus of operation in a major city could 
not survive such uses...the archives contain a discussion of what we 
talked about.)

* Note that "acceptable use policies" and "account cancellation" don't 
work for untraceable mail systems (except maybe after the fact, where a 
nym can be cancelled...not a huge obstacle when nym reputations are 
transferrable and where nyms are purchasable for $10 each per year, or 
somesuch...note that I'm not saying I liked the account orientation of 
Freedom Net, but even with their system the threat of account 
cancellation for violations of acceptable use policy was not terribly 
useful in this context).

A digital money system where the DM may be "cancelled" will not fly. 
For various reasons.  (Imagine your bank telling you that if they think 
you are violating their use policies they may simply seize your money 
and you'll be out of luck.)

OK, again, where is this going?

* It may be that pioneers in this area just won't be able to make any 
money. This is not new. Many discoveries did not enrich the discoverer. 
Sometimes they were recognized in their lifetimes, sometimes not.

James Watt did not hold back on revealing his steam engine until he was 
assured that he would dominate the market. (Actually, James Burke used 
to do a lot of episodes on guys like Watt. I've forgotten whether or 
not Watt ever made a lot of money off of his invention...but I do know 
that the major steamship and machinery companies of the 1800s were not 
named after James Watt.)

I believe David Chaum probably should have skipped the idea of having a 
company of his own and developing products which used his blinding 
techniques. He was already wealthy (and self-financed much of Digicash, 
as I understand the story, losing a lot of his own money in the 
process) so he could simply have licensed the patents and watched the 
fireworks.


For those who really want to be the next Bill Gates, look elsewhere. 
There may be some bucks to be made, but  with many problems. Even with 
some as relatively straightforward as PK crypto, it was touch and go 
for many years with RSA Security (according to my talks with Bidzos, 
and discussed in Levy's book "Crypto"), and it was fortuitous that a) 
software patents had just gotten rolling in time for them to capitalize 
on the confusion, and b) the rise of the Web in the mid-90s and the dot 
com boom happened in time for them to get rolling. (I don't follow 
their finances at all, so I don't know how well their business is 
doing.)

Maybe the dot com crash is the best thing to have happened to our 
little community. Several years ago it seemed that everyone at a CP 
meeting was talking about the latest start-up company, or joining one, 
or starting one themselves. Now, things have come back to reality.

And the reality is that someone or some group will combine enough 
protocols and algorithms, whether they are patented or licensed or not, 
and release a working DM system. Perhaps tied to an offshore bank, 
perhaps to something like PayPal, for redemption.

And if they are smart, they'll stay anonymous. They for sure will not 
be a U.S.-based company, not if they are doing the things we want to 
see done.


--Tim May