Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]
Adam Shostack
adam at homeport.org
Tue Sep 17 23:45:38 EDT 2002
On Tue, Sep 17, 2002 at 01:07:43PM -0700, jon at jonsimon.com wrote:
| >Now, lets say you don't tell the customer with known bad
| >software to go away, because you value their business. Are you now
| >culpable in some way? After all, you *knew* that client was
| >comprimised...
|
| As far as I know, banks assume that a certain percentage of their
| transactions will be bad and build that cost into their business
| model. Credit and ATM cards and numbers are as far from secure as
| could be, far less secure than somebody doing online transactions
| from a Wintel machine on an unencrypted connection, let alone an
| encrypted one. Until somebody takes full advantage of the current
| system and steals a few trillion dollars in one day, the problems are
| easier to deal with than a solution. Until that happens, there's no
| reason for banks to go through the pain of dealing with or requiring
| Pd.
And after that happens, and the Fed declares a roll-back of a day,
there still won't be a reason.
Here's a fun thought experiment: How much money could you steal and
launder before you cause a catastophic melt-down of the financial
privacy system, a la the way civil liberties have been set aside in
the wake of 9/11?
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list