Re: cypherpunks digicash bank?

[aba@dcs.exeter.ac.uk]

Doug Barnes <cman@communities.com> writes on cpunks:
> I strongly recommend that anyone considering licensing from Chaum
> first read my paper on some interesting aspects of his basic blinding
> patent. The paper is at: http://www.communities.com/paper/agnostic.html

Yeah, I read that when it was first posted, a very interesting
approach.  And possibly a way to get around both regulations and
Chaum's patents.  It is a more anarchistic, less offical approach, not
that I disagree with anarchistic approaches, or blowing off patents :-)

Just I got to thinking well what's $150k?  Not much perhaps if looked
at in the right way, a pittance compared to the kind of money the
likes of netscape are playing with.  And it buys some acceptability,
people do not need to obtain their anonymity after the fact, and
everyone uses the anonymous feature, rather than just cypherpunks
types.  I was thinking that the $150k might make all the difference to
the success of such a project, due to the privacy built-in as
standard.

> I will be putting up another short paper on anonymous currency
> management within the next few days.
> 
> Also, I strongly recommend that anyone serious about this not use the
> word "bank", 

you are right.

> and take the time to figure out how to structure the service as an
> NBFI (non-banking financial institution) and not a "bank".  Note
> that NBFIs are still regulated, and you will, at minimum, need to
> consult with your state banking regulators as well as the IRS (who
> also regulate money transmitters, i.e. issuers of traveller's
> checks, moneygrams, etc.) Note that the BSA (Bank _non_ Secrecy Act)
> does in fact apply to money transmitters, and you should be sure to
> educate yourself as to the implications of this.

Now this is the fatally weak point in my discussion, the political and
legal impliciations.  My only comment was to get legal opinion, and to
move the bank outside the US if this proved a problem.

I suspect the state banking regulators, and the IRS, would stomp on
the idea because they won't like the anonymity aspect, they would have
particular ease in doing this, particularly to a small group.

Even an identity agnostic bank (whoops must loose that 'bank' term
... 'agnostic payment system' perhaps:-) would have similar problems,
but at a later stage.  Aka you get your system nicely set up, have
some dastardly cypherpunks implement a way to hack your bank to get
anonymous payments (a complete suprise to yourself of course!).  Now
the regulators notice, and presumably make you change your bank code
to disable this possibility?

> I will be covering some aspects of these issues at length in my trip
> report on the anti-money-laundering conference I recently attended,
> which was a real eye-opener in a number of ways.

I will read with interest.

Three basic approaches I see:

1. go by the book, license the blinding stuff from Chaum, perhaps
agree to limits of $10k on individual transactions as in cash (that is
the limit in the US where you have to report cash transactions I
think?)

2. forget Chaum's patents with an agnostic server.  Problem is here
that it only provides anonymity for those happy to bend the rules, and
get 'blackmarket' cypherpunks technology which plugs and plays with
the bank.  Long term, this would be open to pressure from the banking
authorities, the IRS etc they would come and force you to do something
to close the loop hole.

3. Completely underground, anon remailers, decentralised cashing.

The problem as I see it is with options 2, and especially 3. you'd
have a job to get widespread acceptance, and adoption of blinded cash
as a payment system.


My previous post was based on 1.  The problems are still political and
legal, but less than with 3, and with anonymity for everyone as stated
aim, and hence not as readily removable by regularatory coercion of
the bank afterwards, leaving you with yet another non-anonymous
scheme.  My thought is that if you offered to restrict it to $10k
individual transactions (I know it sucks) then the similarity with
current physical cash is close, and there is little to complain about.
If it is payee anonymous only (you've got to start somewhere), there
is little opportunity for abuse of the type Freeh and co scream of,
paying hit men etc, as the hitman has to cash his money sometime, and
if it's unusually large, etc, it is the exact same situation as
ordinary cash.

They won't like it of course.  If it's too unpopular you could try say
Switzerland?  Some other banking haven?

What are your estimates of the paletability of the above to banking
regulator types?

The stuff about two versions of 100$ bills one for outside and one
inside the US a while back does not bode well for ecash payments with
*any* anonymity, but I think the above would be demonstrably hard to
use for nefarious purposes, and hard to go completely unaccountable.
(Modulo the proto coin tricks, and hijacked cash clients to force
others to do your cashing).

I reckon the recipient anonymity stuff, can be added after the fact by
people offering cashing services, cash is fluid, once you've got a
system set up.  Duncan Frissell had a nice sig to the effect of it
being hard to keep track of millions of private IP connected people,
all doing added services, such as providing anonymity.  At any event
the above system would be much preferable to the current offerings of
electronic cheques, electronic CC payments, and the lame ones which
claim privacy, but when examined turn out to be just private to the
extent that you trust a commercial bank to respect your privacy!
You've got to start somewhere, if this worked you could try for stage
2 later, fully anonymous, but at the moment there is *nothing*, and
there is surely a crying need for a decent ecash payment system.

Adam
--
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2)