On closer inspection ... :)
> However how could one prevent people from selling empty devices, or
> swapping empty devices, or selling pre-loaded devices. If the
> blackmailer arranges to purchase a card (by paying a street person to
> provide his true name for example), then he can have the extortion
> proceeds paid to the street persons card, pay it into street person
> A's true name account, then take the money out again, pay his own
> card. Then the black mailer can physically destroy the street persons
> card, removing all possibility of the bank further tracing the money.
Not only is this "attack" is a far cry from "digital extortion", it
does not work. One can only get money out of the account by using
the chipcard of the account holder. (The bank encloses a chipcard
secret into each coin it issues from the account, ensuring that the
help of the chipcard with that particulatr secret is needed.)
On a related note: the chipcard would have (live) biometric identification
(preferably on-card, which is about to become feasible), which has not
been taken into account either here. (The biometric protection also helps
users to protect themselves against theft and loss.)
> (The black mailing scenario usually involves large amounts of money,
In the physical world, so far, yes. But not necessarily in the new brave
world of fully-anonymous digital cash.
> and so it might seem that the flow could be traced by volume alone.
> However by using a number of cards and demanding the payment in
> smaller coins, the blackmailer can probably hide the transaction.
Again, this does not apply.
> ...
> I hope the above shows how it is difficult to impossible ultimately to
> prevent the determined terrorist from obtaining anonymity whatever
> technical means are build.
The presented scenarios don't apply to my system designs...
> It seems a shame to inconvenience all the legitimate users desiring
> payee anonymity to protect against something which is ultimately
> impossible.
It is not at all "ultimately impossible", it is very easy to prevent
payee anonymity ...
> If instead people are encouraged to be pseudonymous, and hold assets
> pseudonymously, it would appear that you can't black-mail a pseudonym,
> so doing as many things as possible pseudonymously appears to reduce
> the risk of being black-mailed. If a person has a low profile in
> meatspace,
I don't believe that one should design systems in which users are only
assured of some basic protection in case they keep "low profile". That
does not match my idea of what privacy and freedom are about ...
> Another observation is that most people don't have enough money to
> make it worth attempting to blackmail them anyway -- there are
> after-all risks to the blackmailer, as some physical actions have to
> be taken.
Indeed, this was my point, as long as the extortioner would have to
take some physical action my primary concern is removed. With the
2-way anonymity promoted by Tim and others, though, no physical action
would ever be needed.
> So someone with some millions to protect can probably already protect
> himself using some kind of legal contract arrangement where he has a
> discretionary trust which will not pay black mail demands.
I have my doubts as to whether one should be able to pay millions of
dollars in a fully 2-way anonymous manner, to put it mildly. This
is not a suck-up to anyone. The "total financial privacy, no taxes,
no government, etc" ideal promoted by some on this list to me is a
selfish and anti-social goal that will result in social and economic
instability.
S t e f a n
