Financial identity is *dangerous*? (was re: Fake companies, real money)

[John Kelsey]

>From: Chris Kuethe <chris.kuethe at gmail.com>
>Sent: Oct 13, 2004 1:15 PM
>To: "James A. Donald" <jamesd at echeque.com>
>Cc: cryptography at metzdowd.com,
>	"cypherpunks at al-qaeda.net" <cypherpunks at al-qaeda.net>
>Subject: Re: Financial identity is *dangerous*? (was re: Fake companies,
>real money)

On Wed, 13 Oct 2004 09:27:20 -0700, James A. Donald <jamesd at echeque.com> wrote:
> Two problems:
...

>> It is clear that the world needs a fully cashlike form of
>> internet money, that there is real demand for this, but the low
>> security of personal computers makes it insecure from thieves,
>> and the hostility of national governments make it insecure from
>> governments.

>Agreed. I would hope that users of "iCash" get fully educated on what
>that entails: that that blob of bits is just as much $20 as that green
>piece of paper or that big pile of quarters. And if someone gets it
>and spends it, you may as well have been mugged.

Okay, but there's a problem:  If you want to mug me personally, you have to
show up where I am, catch me unaware, take some personal risk that I'll
fight back or shoot you or something, or that a cop will happen by at an
inopportune moment, or that there's some surveilance camera you don't know
about catching the whole thing on tape.  At the end of that, you've done
one mugging, and made maybe $100 or so.  This is why mugging, armed
robbery, etc., is basically a crime for people who don't think too far
ahead.

If you want to steal anonymous bearer assets from networked computers,
you're going to contrive to do a whole lot of it at once, and you're going
to have enormous incentives to develop new attacks to do so.  I have to
care about attackers everywhere on Earth, and about the most capable
getting past my defenses.  It's not like trying to keep random bored
teenagers from breaking into your house by putting a proper lock on a
properly installed door, it's like trying to keep a team of ex-SEALs,
safecrackers, locksmiths, and demolition experts from breaking into your
house.

Today, most of what I'm trying to defend myself from online is done as
either a kind of hobby (most viruses), or as fairly low-end scams that
probably net the criminals reasonable amounts of money, but probably don't
make them rich.  Imagine a world where there are a few hundred million
dollars in untraceable assets waiting to be stolen, but only on Windows XP
boxes with the latest patches, firewalls and scanners installed, and
reasonable security settings.  IMO, that's a world where every day is day
zero.  All bugs are shallow, given enough qualified eyeballs, and with that
kind of money on the table, there would be plenty of eyeballs looking.

And once it's done, several thousand early adopters are out thousands of
dollars each.  This isn't much of an advertisement for the payment system.
It's anonymous and based on bearer instruments, so there's no way to run
the fraudulent transactions back.  The money's gone, and the attackers are
richer, and the next, more demanding round of attacks has been capitalized.

>People do eventually learn when it costs them something out of pocket.
>Now that they've learned that the white headphones mean "I'm a target
>with an iPod, mug me!" I see a lot of iPod users with boring old sony
>or koss headphones. Right now, insecurity doesn't cost the end-user
>enough. As soon as some virus comes along and wipes out some new york
>times columnist's savings, and he screams about it, then and only then
>will the slightest nonzero percentage of the sheeple pay attention for
>a bit.

They also have to be able to do something about it.  What would you tell a
reasonably bright computer programmer with no particular expertise in
security about how to keep a bearer asset as valuable as his car stored
securely on a networked computer?  If you can't give him an answer that
will really work in a world where these bearer assets are  common, you're
just not going to get a widespread bearer payment system working, for the
same reason that there's probably nobody jogging with an iPod through
random the streets of Sadr City, no matter how careful they're being.

...

--John Kelsey


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'