Hi all,
This is to comment on the rumour circulating here that I strongly
oppose payee anonymity. Some of the "Fuck this and/or Stefan"
- type remarks suggest that there is a misunderstanding.
What I said in my interview with Declan last week at FC2000 was
that I (personally!) believe that fully anonymous electronic cash
is likely not acceptable in a large-scale electronic cash system
*** intended to be a replacement for tangible cash ***. Here are
the main reasons why I believe this to be the case:
-- Payee traceability protects consumers against remote extortion,
since they can always cooperate with the bank to allow tracing of
their payments to the account of the recipient. (This account may
be anonymous, by the way.)
-- As a 1996 NSA report points out, ``The ideal situation (from the
point of view of privacy advocates) is that neither payer nor payee
should know the identity of the other. ... It turns out that this
is too much to ask: there is no way in such a scenario for the
consumer to obtain a signed receipt. Thus we are forced to settle
for payer anonymity.''
-- On a related note, if the payee is anonymous to the payer, the
latter cannot complain about bad goods or service. Even though a
fraudulent or negligent payee may be able to repudiate the claim,
in many applications it is desirable that consumers can at least
make warn others about the behavior of an unscrupulous payee, or
that an investigation can be instigated.
-- Absent payee traceability, it is unclear how to the payer can
recover when the connection with the payee is permanently lost.
(Likewise, payment disputes cannot be settled, but payment dispute
settlement reduces payment finality and therefore is not necessarily
a desirable property. Most cash payments cannot be repudiated either.)
-- Payee untraceability requires the cooperation of the bank at the
time of the payment, not for clearing/authorization but to issue
electronic money from account. It does not work in off-line payments.
-- In a system in which users hold smartcards or the like, the presence
of an internal clock may be hard to detect, yet it would likely be
sufficient to defeat any measures for payee untraceability.
Note that most of these concerns relate to security for users. To
evaluate he importance of these concerns it is important to note
that:
-- with payee traceability, third parties do *not* have the power
to trace a designated payment (or deposit) to the payer. The only
party to have this power is the payer, who hereto needs / may need
the assistance of the bank.
-- Moreover, it is possible to ensure that the payer on his/her own
cannot learn the "identity" of the payee, and the payee can even
prevent the payer from linking different payments to it.
-- All that a third party can do is formally approach a person and
request access to his or her transaction log. Each consumer is
at all times in full control over his or her own privacy; the consumer
can fully control how much is disclosed, and can refuse to cooperate
by challenging the court order or search warrant. In extreme situations
the consumer can destroy or hide the device.
In closed systems the above concerns will generally not be sufficiently
important to protect against payee untraceability. I am not opposed to
full anonymity in all circumstances.
Regards,
Stefan Brands
