Credentials, Reputations, and Anonymity

[tcmay@netcom.com (Timothy C. May)]

Hal Finney wrote:

> I thought Blanc Weber made a good point when he wrote:

I learned a while back that Blanc is a woman. She's never corrected
this public misperception, that I recall seeing, so maybe I'm out of
place doing it here, but I've gone and done it anyway.

(Blanc's point elided)

> This is similar to Tim May's suggestion for a credential-less society
> (as far as possible).  Rather than trying to carry around a lot of
> baggage in the form of certifications, credentials, reputations, etc.
> (anonymous or not), people structure their affairs in such a way that
> transactions can be completed using just the information at hand.
> Blanc's idea for immediate demos to demonstrate competency could tie
> into this nicely.

Yes, I think "locality" is generally a big win. Locality means local
clearing, immediacy, and self-responsibility. Caveat emptor, and all
that. Not perfect, of course, but generally better than a non-local,
non-immediate system in which contracts are negotiated, credentials
must be produced (often demanded by the government--here in Santa Cruz
one needs a license to be a palm reader!). 

There are cases where time-binding is needed, where contracts must be
negotiated, but the modern trend to make everything into a non-local,
accounting-centered deal seems wrong-headed.

> I didn't quite follow the rest of Blanc's message (a problem I have, I'm
> afraid, with many of his postings) but I do agree that there are problems
> with the use of reputations as a catch-all to solve the problems of
> anonymity.  Faced with the ease of unpunished cheating in an anonymous
> relationship, people introduce the idea of reputations, sometimes called
> "reputation capital", and assert that cheaters would in fact be punished
> by damage to their reputations, the loss of reputation capital.

I don't think reputations solve all problems. Enforcement of contracts
with threats of sanctions (economic, physical, etc.) is often needed.
One doesn't pay $20,000 for a new car, not get the car because the
dealer welched, and simply say: "Boy, his reputation is mud now."

(I won't go into the various common-sense ways of dealing with this,
nor point out that such massive frauds are rare, for various reasons.)

My main point is a simple one: Let there be no laws which dictate what
protocols people use for transactions. If Alice and Bob are content to
use each others' "reputations" as a basis for doing business, let no
third party step in and force them to use "credentials."

How it all works out, with flaws and all, is not something we can
predict. I'm not saying Hal's doubts about how reputation will work
are unwarranted, or unwelcome...indeed, such questioning is needed.

> What is this stuff, reputation capital?  What does it look like?  How can
> it be measured?  How much is it really worth?  I think this concept needs
> to be clarified and examined if it is to serve as one of the principle
> foundations of pseudonymous commerce.  (I know there is a concept in
> modern finance which attempts to measure the economic value of a firm's
> reputation, called, I think, "good will", but I don't know how similar
> that would be to what we are talking about.)

Economists ought to be thinking about these things, a point economist
David Friedman agreed with me on a couple of years or so ago. The
study of anonymous markets, in which conventional sanctions are
difficult to apply, should be an exciting area to explore.

> One question is, to the extent that a "piece of reputation capital" is an
> actual object, a digital signature or token of some sort, how heavily
> linked is it to a given owner?  If I run two pseudonyms, Bert and Ernie,
> and Ernie earns a piece of reputation capital, can he securely transfer
> it to Bert and have Bert show it as his own?

"Webs of trust" are partial examples of this, with Alice signing Bob's
key and thus saying "I trust this key, so if you trust me, you should
also trust Bob." While this does not yet extend to more substantive
issues (such as saying "I vouch for this transaction"), it gives us a
hint about how this may work.

We've had some good discussions in Cypherpunks physical meetings, with
noted agorists Dean Tribble, Norm Hardy, Mark Miller, etc., on this
very topic: the transitive properties of reputation capital. It seems
to work, based on analogies with criminal markets (where they
obviously can't go to the courts), and with comparisons to primitive
trading societies. The "Law Merchant," as you'll recall (Benson's "The
Enterprise of Law") was extra-national, and only "my word as a captain
is my bond" worked to ensure completion of trade arrangements. It
worked well, too.

(As I've said before, the fallback position of relying on the State
has displaced ordinary concepts of trust and honor...it is no longer a
"fallback" position, and so trust and honor (= reputation) has become
a joke. I am optimistic that crypto anarchy will see a restoration of
these concepts, back-stopped of course with cryptographic protocols
and unforgeable signatures.)

> On the one hand, we would not want this to be so (or, expressed in less
> normative terms, people would probably be uninclined to put much value on
> reputation capital which had this mathematical structure).  If the
> purpose of reputation capital is to, in effect, punish cheaters, this is
> defeated to a large extent if it can be transferred.  Ernie can earn
> a reputation, cheat, and then have Bert show the good aspects of Ernie's
> reputation while being unlinkable to the bad.  Going back to the earlier
> discussion of anonymous escrow agents this would seem to make it far too
> easy for dishonest agents to succeed.

An unresolved issue, I suspect. Almost no work has been done here, so
we have only our intuitions about how things will work. I have to be
honest here, but I feel no shame about not knowing the answers to
Hal's good points--this is just an area that has had little study,
theoretically or empirically. A clarion call for more work.

> On the other hand, untransferrable credentials are undesirable from the
> point of view of privacy.  That was the whole point of Chaum's work on
> pseudonyms and credentials.  If pseudonym credentials are untransferrable
> we have a problem where information builds up about a pseudonym that is
> very nearly as bad as a completely identified system.  It is true that at
> least the ultimate linkage between pseudonym and physical body is broken,
> but to the extent that your on-line activities _are_ your pseudonym, it
> is no more desirable to allow dossiers to be built up about your on-line
> personality than your off-line life.

Practically, I see almost no way that credentials would *not* be
transferrable. One obvious way is for Len and Mack to share bank
accounts, money, etc.  Len could have a large bank account (a
credential of one sort) and could then "transfer" it (the access
codes) to Mack. Voila!  Credentials got transferred.

More generally, two agents, related or not, can arrange transfers. In
one extreme from, Len could transfer *all* of his codes and numbers to
Mack, allowing Mack to effectively become Len. This is certainly a
transfer of reputation! (And a concern several have raised, a la "But
how do you know who you are *really* dealing with?")


> Chaum's system worked in large part because it was ultimately grounded in
> an identity-based system.  People could have credentials and transfer
> them, but there were limits on the types and numbers of pseudonyms you
> could have.  I think these kinds of restrictions could limit some of the
> problems which arise with transferrable reputation credentials, although
> the general problem of "negative credentials", which is really another
> word for the problem of punishing cheaters, was not fully solved by
> Chaum's approach, at least not in a way that I understood (he wrote as
> though he had solved it).

I agree that much more work is needed. In fact, it's a situation
analogous to the nanotechnology field, where one researcher dominates
a field (Chaum in this stuff, Drexler in nanotech) and the great
mystery is why no more Chaums or Drexlers have appeared!

> One final point I'd make is that Tim's idea about avoiding credentials,
> along with the points Blanc made, is attractive but there do seem to be a
> lot of situations where credentials are shown in life.  When that is
> necessary it is tempting to fall back on a trusted authority, the
> anonymous escrow agent or perhaps Jason Solinsky's cyberspace government,
> but I think you still have the problem of those authorities proving their
> honesty.  So the problems of credentials and reputations are still
> present.

Even with the implications not fully explored, my main point is
(again) that there be no restrictions on *my* ability to try to deal
with other agents on this basis. That there may be some messy
situations is not enough reason to outlaw anonymity; we see messy
situations in our credential-happy society today, with "permission
slips" needed for increasing numbers of transactions.

Anonymity and unlinkable, untraceable transactions gives us the
opportunity to explore these issues, and probably answer Hal's
questions.

A fair trade, I'd say. Even if I don't have a credential authorizing
me to make that statement.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."