Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]

Adam Shostack adam at homeport.org
Tue Sep 17 23:45:38 EDT 2002


On Tue, Sep 17, 2002 at 01:07:43PM -0700, jon at jonsimon.com wrote:
| >Now, lets say you don't tell the customer with known bad
| >software to go away, because you value their business.  Are you now
| >culpable in some way?  After all, you *knew* that client was
| >comprimised...
| 
| As far as I know, banks assume that a certain percentage of their 
| transactions will be bad and build that cost into their business 
| model.  Credit and ATM cards and numbers are as far from secure as 
| could be, far less secure than somebody doing online transactions 
| from a Wintel machine on an unencrypted connection, let alone an 
| encrypted one.  Until somebody takes full advantage of the current 
| system and steals a few trillion dollars in one day, the problems are 
| easier to deal with than a solution.  Until that happens, there's no 
| reason for banks to go through the pain of dealing with or requiring 
| Pd.

And after that happens, and the Fed declares a roll-back of a day,
there still won't be a reason.

Here's a fun thought experiment:  How much money could you steal and
launder before you cause a catastophic melt-down of the financial
privacy system, a la the way civil liberties have been set aside in
the wake of 9/11?


Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list