Re: ZKS economic analysis
Apologies for the long delay, but I have been "disconnected" for the last ten days. [EMAIL PROTECTED] writes: [a bunch of straw-man crap about how corporations are voluntarily implementing privacy-sensitivity in their information collecting practices, completely missing the point and utterly ignoring the fact that this thread grew out of HIS post containing this statement:] [from 00/7/19, scolding Tim May:] Nobody ever said "there will be no private databases". What are you, some kind of illiterate bimbo?? What the CFIP says is "there should be no SECRET databases of PERSONAL information".. for somebody who claims to be versed in the arcane art of cryptography, you seem to have problems handling short English sentences ... He has now wandered off into tiresome explanations of how amazon.com and their ilk are allowing customers to "control" how amazon uses their personal information. Companies are embarking on these projects w/o legal prodding from Washington for the simple reasons of building customer acquisition and retention through a trusted brand, and to (hopefully) vastly reduce their direct marketing expenditures-- (again, for Tim May's clarification, since he desparately needs it, this is wholeheartedly capitalist...) *Secret* databases were the subject under discussion. Your argument simply doesn't hold water. There are only two ways to handle this problem (if indeed it should be characterized as a problem"). First, regulate by law the creation and use of such databases. This is the "European solution" and, as a form of property theft, is something that should be repugnant to all cypherpunks. Market forces (together w/ code) are far far stronger (and move far far faster) than laws, at least in cyberspace..What is happening w/ CFIP in Silicon Valley is just that.. most e-commerce players are trying, in some way or other, to build a "web of trust" - one could imagine that in 3 or 4 years, an e-commerce player that doesn't abide by CFIP would be driven out of business by market forces alone (w/o any government regulation) Again, *secret* databases would not be subject to public scrutiny and/or discussion. Hence, it is difficult to see what "market forces" would apply there. This is why we need cash (and e-cash). Corporations will almost always agree to forgo information about you if it might lose them a sale. And, in the absence of law as an obstacle, the market will, over time, get rid of those corporations that don't work this way. I have a degree in applied math, and I've looked over some of the e-cash papers -- they're cool and nifty. There are also lots of problems w/ cash in general, and e-cash in particular. If I start buying stuff w/ e-cash on the Internet, stuff had better start showing up on my doorstep, which means someone somewhere had to have my address, which means something somehow wasn't quite anonymous.. You'd think that someone with a degree in applied math would not be unaware that there are many goods that do not require physical delivery (music, software, movies, and of course porn). With an anonymous payment method, all of these can be bought and sold completely over the net without any personal information being provided. e-cash might be big, or it might not.. many economists are negative on cash in general (whatever form it takes), since it has many problems in general (far outside the scope of "anonymity" that cypherpunks so crave) that I won't get into here.. In general, though, cash is an extremely boring currency to use on the Internet. Cash wasn't invented (in the real world) so that people could transact "anonymously" (b/c they can't, even w/ cash, which I've pointed out in an earlier posting).. it was designed so that we wouldn't have to barter.. The Internet has the opposite problem: we haven't even STARTED to barter on the Internet yet.. we DON'T know what is currency and what isn't.. Degree or no, you clearly haven't thought about this very much and your blather about the "problems" with cash and what some economists may or may not think is therefore unlikely to be well-informed. You are hereby sentenced to read thirty hours of Hettinga-rants on settlement costs in digital commerce transactions. I would also point out that although e-cash + anonymous payments have existed since the 60s, profile-based payment schemes like frequent flier miles, supermarket rewards, etc, have proven far more popular as alternate currencies.. This must have been on that proto-Internet Al Gore invented. In any case, any and all non-anonymous pseudo-currencies are irrelevant to the discussion at hand and in general completely uninteresting to cypherpunks. This is my last post for a while - I've got a software company to run, board meetings to attend, US senators to meet, etc..etc.. I'll be back in 6 months or so and we'll see which scheme won - the CFIP of the nyms -- (in the meantime I'll see what I can do about
Re: ZKS economic analysis
Degree or no, you clearly haven't thought about this very much and your blather about the "problems" with cash and what some economists may or may not think is therefore unlikely to be well-informed. You are hereby sentenced to read thirty hours of Hettinga-rants on settlement costs in digital commerce transactions. Doesn't the constitution ban cruel and unusual punishments? -- A quote from Petro's Archives: *** Today good taste is often erroneously rejected as old-fashioned because ordinary man, seeking approval of his so-called personality, prefers to follow the dictates of his own peculiar style rather than submit to any objective criterion of taste.--Jan Tschichold
Re: ZKS economic analysis
[EMAIL PROTECTED] wrote: Calling a system whose central premise is "there shall be no private data bases" a "noble goal" is precisely like calling communism a noble goal. (Mind you, many analyses of communism start with this approach, e.g., "While communism is a noble goal, it cannot work, blah blah blah.") Tim May lives in (or near) Santa Cruz, California. Based on this fact, + his response, I'm going to make the inference that he's some kind of sorry hippie throwback who has no firsthand knowledge of anything happening on planet Earth outside the sanctity of his closed, looked doors -- I will, therefore, forgive his sorry ass communism comparison since he clearly has no understanding of communism (nor apparently, capitalism; but then again, hippies rarely do...).. Communism is NOT a noble goal, and you're right about one thing, it won't ever work-- 20,000,000 people were slaughtered under Stalin alone. That's 20,000,... My own parents were political refugees who fled to the US in the late 60s from eastern Europe for the sake of their lives.. many of my closest relatives were killed by communists for speaking out in support of democracy and capitalism.. I don't take comparisons to communism lightly and I'm frankly offended by the comparison, as would be a very significant fraction of this planet's population.. Nobody ever said "there will be no private databases". What are you, some kind of illiterate bimbo?? What the CFIP says is "there should be no SECRET databases of PERSONAL information".. for somebody who claims to be versed in the arcane art of cryptography, you seem to have problems handling short English sentences ... To help you understand this further, what it means is that if there's a database out there, somewhere, collecting personally identifying information about me, I should know about its EXISTENCE. The mere fact that this database exists should not be a secret to society at large (COMMUNISM CHECK: nope, nothing communist about this so far...) So let's use the DoubleClick database as an example.. if there's information in there that be tied to me directly (that is, to the bundle of carbon atoms that are sitting at this keyboard, typing..), then I should (a) know about it and (b) I should have ACCESS to that information - I should see all the info about me that has been collected, I should be able to edit it for accuracy, and I should be able to set constraints on how that information is used (COMMUNISM CHECK: nope, still nothing communist). This doesn't mean that I get to see the personal info about Tim May, you twit.. hello, this is where the "cryptography" comes in -- you know "PKI", "authentication" ... all that great stuff.. Tim May gets to see the information about Tim May, and about nobody else -- BUT, he does get to see, and set preferences about the informatoin about him specifically (although, of course, about no one else) Now you're ready for a lesson in communism/capitalism - the big difference between these two systems is how they regard property rights - simply put, capitalism recognizes individual right to hold property, and communism doesn't .. what I'm advocating is the "privatization" of personal information. I'm advocating that personally identifying information be regarded as the "property" of the bundle of carbon atoms to whom it belongs.. (this is not the current status quo, online or offline) the greatest prosperity in human history has been created when private people and organizations can order their affairs using private property and contract law -- last time I checked, anybody who advocates the "privatization" of anything is a capitalist, not a communist -- if we were to launch into a discussion on intellectual property, I might be more "communist" in my leanings -- Ultimately, American law does not recognize individual ownership of ideas.. copyrights and patents exist to economically incentize the creation of new ideas and science.. these rights grant the producers of intellectual property a (time) limited monopoly to the recreation of the idea in exchange for having produced the idea. After a limited time, the idea flows into the public domain. This IS communism (in so far as IP rights are not protected like ordinary property rights are), and it is at the heart of the Constitution... that, however, is another discussion - what we're currently talking about is personal information, and how to privative it (the purchase and sale of personal information is a $600 billion economy in the US alone -- I'm confident that no privacy business model that does not monetize the transfer of personal info will ever succeed - note that personal information must first be "privatized" before it can be "monetized") IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally
ZKS economic analysis
So I'm still trying to wrap my head around the ZKS business model.. There would seem to be two "threats" that ZKS defends against: invasion of privacy by (a) government and (b) by corporate interests. That ZKS defends against the government intrusion is boring.. There exist free, open-source projects (PGP, remailers, FreeNet) that already address this issue -- in cyberspace, opposition to government censorship and abuse has largely been grass-roots in nature, exactly like it is in the real world... Also, its uncertain that there's much of a business model in protecting people from government tyranny.. So that leaves the economic angle: how to make money helping people protect their personal information from corporate interests. This is much more interesting, since it involves money and since personal info is worth BIG BIG bucks on the Internet. The fact that I can't see how ZKS enables this "economic privacy" was the subject of my first posting.. My thoughts on/definition of privacy is shaped in large part by the Code of Fair Information Practices (CFIP). The CFIP was drafted in the early 1970s by Congressional commission headed up by Elliot Richardson, the Sec of Health, Education and Welfare under Nixon. It remains, arguably, the most profound American thinking on the topic of computers and privacy, and, ironically, has been largely ignored in the current debate surrounding online privacy. Code of Fair Information Practices (taken from "Database Nation", by Simson Garfinkel): (1) There must be no secret databases of personal information (2) There must be a way for individuals to determine what personally identifying information (PII) has been collected, and how it is being used (3) There must be a way for individuals to prevent PII collected for one purpose from being used for another purpose, w/o the individuals consent (4) There must be a way for individuals to audit and correct collected PII (5) Any organization storing, creating, maintaining records of PII must take adequte security precautions to protect the integrity of the data. (Privada and ZKS score a glaring 0 out of 5 in terms of enabling the CFIP (and hence, by corrolary, privacy)) Taken literally, this means far more than a Web site privacy policy. A Web site privacy policy might be the "meta-information" that goes into the CFIP, but the CFIP means consumers should have access to all the "real" information in the databases... If ZKS enabled the CFIP, then by installing a client, I should be able to go to DoubleClick and magically see all the personally identifying information they have on me; I should be able to go Honda.com and see all the personally identifying interactions the company had with me leading up to my purchase of a new Accord; I should be able to set limits on what these companies can do w/ this personal info; I should be able to audit the personal info and make sure its accurate.. this is the essence of online privacy and clearly ZKS does not enable this - While several people responded telling me that ZKS/Privada are far less invasive than forcing corporations to open their databases, it's not at all clear to me that this is the case. Society is shaped by more than just technology and laws (which seems to be a meme that runs on cypherpunks). Market forces and social norms are just as important, and I believe there are some very powerful economic incentives pushing companies to provide more open access to their customer databases than before. One obvious incentive is the tremdenous cost of customer acquisition. The best direct-marketing techniques only net roughly a 2% response rate. This means 98% of the money companies earmark for direct advertising is a waste. The Internet, a more "perfect" communications medium, was supposed to fix this, and allow advertisiers to target consumers better -- instead, only 0.5% of all surfers click on banner ads.. even worse than in offline direct advertising media -- Something went wrong, and privacy is probably near the center of it -- It seems reasonable that by allowing consumers greater control over their personal information stored in corporate databases, companies would gain greater knowledge of how and when and if consumers wish to be contacted, as well as gaining more accurate information about their consumers. (Forrester estimates that 70% of all online forms are filled out with false info). Companies have a powerful need to reduce online acquisition costs, and this need acts as a powerful economic vector pushing companies to release more control of personal information assets to the individuals to whom they belong - this same economic vector pushes "against" business models like ZKS.. It's difficult for me to imagine "privacy business models" that don't include some notion of: (a) monetizing the flow of personal information and (b) an overall reduction in the amount of advertising seen by the consumer (advertising, to me, is merely a measure of how inefficient a
Re: ZKS economic analysis
At 11:19 PM 11/16/00 -0800, [EMAIL PROTECTED] wrote: That ZKS defends against the government intrusion is boring.. There exist free, open-source projects (PGP, remailers, FreeNet) that already address this issue -- in cyberspace, opposition to government censorship and abuse has largely been grass-roots in nature, exactly like it is in the real world... Also, its uncertain that there's much of a business model in protecting people from government tyranny.. The cool thing about ZKS's business model is that it claims to make running remailers sufficiently worthwhile for ISPs to do themselves that there should be a large number of them Real Soon Now, and they'll be unlikely to close them down on the first complaint because they're making money. The main governmental attack isn't tyranny, it's subpoenas from lawsuits by people who don't like things you wrote. Tyranny attacks have higher technical quality, but volume can be a real killer. Addressing the "protection of personal information" issues is a long discussion for later. From a theoretical standpoint, encrypting messages has been Done Now, but stopping traffic analysis is much harder, and it's much much harder in practice. Similarly, untraceable outbound email is much harder than untraceable inbound. And deploying a Pipenet that performs efficiently for thousands of users is still tough. The good thing about cryptography and universal communication connectivity is that a grassroots effort _can_ provide effective security. The catch is that widespread protection that's scalable enough for everyone to use requires more infrastructure than a grassroots effort typically produces unless you've got other hooks encouraging widespread deployment. Over the last half decade, there have typically been about a dozen remailers, and shutting down anon.penet.fi didn't need a government tyranny attack - Scientologists could do it. (Yes, they used government to help, but a serious government attack could easily take down the whole thing.) And one individual got a dozen or so remailers shut down by complaing to ISPs after forging Usenet attacks on himself through the remailer network. And that doesn't even count the potential uses for spammers if they were smarter; dealing with that sort of heavy abuse is one thing that makes remailer ops quit. I don't know if their business model will succeed or fail - it depends a lot on implementation quality and on marketing efforts, and on deploying enough stuff (and getting enough customers) to bootstrap other activities that use it. Some of that's protecting people from government tyranny, some is letting you surf without getting spammed (anonymizer does this too), some of this is letting your kids chat on line without risking Bad Things and letting your kids say Stupid Teenager Things now without it haunting them the rest of their lives (e.g. not getting into college because of that misdemeanor copyright violation from trading MP3s, or saying Harvard's Hockey Team sucks...) There are other business models that might work - building remailers into Napster? Anonymizer.com works well, though it could be shut down - what if Apache shipped with an anonymizer module that was enabled by default? (And what would the spammers or other abusers figure out to do with it? :-) Usenet supports a wide ecology of ways to build anonymous connections, though they're slow and not highly efficient, and Usenet's in a "Nobody goes there because it's too crowded" kind of decline. Anonymizers plus not-overly-Javascripted Free email systems are enough to keep out most attackers, though they probably won't stop a government attack if you're using it over a long period of time. Will ZKS succeed? I hope so, and more power to them - but they'll need to get their product more distributed, and probably more polished, and get their marketing engine in gear before their previous PR splashes fade away. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639