[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CRYPTO: Money laundering and traceability
(In honor of the Extropians list discussion elsewhere in this thread I
include an Extropians-style message prefix.)
An issue related to money laundering is money traceability. I posted
something on this a couple of weeks ago but I have a little more
information now.
We are inclined to believe that with cryptographically anonymous
digital cash, "money laundering" will be trivial. A simply sends the
cash to B, and there is no way for the bank or anyone else to link the
two together.
While this is basically true with existing digital cash proposals,
there is one kind of linkage that is possible. A knows and can
recognize the cash which B holds. A and the bank could cooperate so
that if B goes to the bank to deposit his cash (or deposits it
electronically into an account linked to his True Name), B's anonymity
can be broken.
This has good aspects and bad aspects. On the good side, it should
make robbery and extortion harder. If you are forced at gunpoint to
enter your PIN into your cash smartcard, transferring cash to the
robber's "electronic purse" (love that name), then later you can call
the bank and report the numbers of the stolen cash. When the robber
tries to deposit it, he can be caught.
Similarly, this could be a boon to law enforcement "sting" operations.
When the feds pay off the anonymous assassin-for-hire or kidnapper, and
he goes to deposit the cash, again he can be caught.
The other side of the coin, though, is that despotic governments can
use these tools to control and restrict what their people can do. If
the revolutionaries try to use cryptography to isolate and protect each
cell from the others, traceable cryptocash may expose them. Keith
Henson posted the start of an interesting story he was writing last
year, about some eco-activists using cryptography for protection as
they worked to sabotage some polluter. This kind of dramatic scenario
might become less possible with traceable cash.
(It's possible that some banks would allow truly anonymous accounts, so
that even if the cash were recognized as it was turned in, the robber
would not be caught. Still, the bank could refuse to honor the money
in this case, preventing the criminal from profiting by his misdeeds.)
The new information I mentioned comes from a paper by David Chaum in
the Eurocrypt 92 proceedings: "Transferred Cash Grows in Size," by
Chaum and Torben Pryds Pederson. Chaum considers off-line cash systems
where the money does not necessarily have to be returned to the bank
after each transaction. His main conclusion is, as the title suggests,
that the cash must grow in size at each step. But a secondary
conclusion is that under the right circumstances a payor can always
recognize his cash at a later point, even after it has passed through
many hands.
Chaum describes these circumstances as the case where the payor has
infinite computing power, but it appears that the same effect would be
possible if the bank cooperated with the payor, as would be likely in
the kinds of cases I mentioned earlier. The fundamental problem is the
impossibility of having the cash be "re-blinded" as it passes from
Alice to Bob (after it was "blinded" as Alice withdrew it from the
bank). If this kind of multiple blinding were possible, so that
neither Alice nor the Bank could recognize the money that Bob holds,
multiple-spending could not be detected.
Chaum's arguments appear to apply to virtually any electronic cash
system which can prevent double-spending. They suggest that traceable
cash will be the rule in any digicash system. People planning their
future lives of crime under the new regime will need to take this into
account.
Hal