Financial identity is *dangerous*? (was re: Fake companies, real money)

John Kelsey kelsey.j at
Wed Oct 13 15:51:22 EDT 2004

>From: Chris Kuethe <chris.kuethe at>
>Sent: Oct 13, 2004 1:15 PM
>To: "James A. Donald" <jamesd at>
>Cc: cryptography at, 
>	"cypherpunks at" <cypherpunks at>
>Subject: Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

On Wed, 13 Oct 2004 09:27:20 -0700, James A. Donald <jamesd at> wrote:
> Two problems:

>> It is clear that the world needs a fully cashlike form of
>> internet money, that there is real demand for this, but the low
>> security of personal computers makes it insecure from thieves,
>> and the hostility of national governments make it insecure from
>> governments.

>Agreed. I would hope that users of "iCash" get fully educated on what
>that entails: that that blob of bits is just as much $20 as that green
>piece of paper or that big pile of quarters. And if someone gets it
>and spends it, you may as well have been mugged.

Okay, but there's a problem:  If you want to mug me personally, you have to show up where I am, catch me unaware, take some personal risk that I'll fight back or shoot you or something, or that a cop will happen by at an inopportune moment, or that there's some surveilance camera you don't know about catching the whole thing on tape.  At the end of that, you've done one mugging, and made maybe $100 or so.  This is why mugging, armed robbery, etc., is basically a crime for people who don't think too far ahead.   

If you want to steal anonymous bearer assets from networked computers, you're going to contrive to do a whole lot of it at once, and you're going to have enormous incentives to develop new attacks to do so.  I have to care about attackers everywhere on Earth, and about the most capable getting past my defenses.  It's not like trying to keep random bored teenagers from breaking into your house by putting a proper lock on a properly installed door, it's like trying to keep a team of ex-SEALs, safecrackers, locksmiths, and demolition experts from breaking into your house.  

Today, most of what I'm trying to defend myself from online is done as either a kind of hobby (most viruses), or as fairly low-end scams that probably net the criminals reasonable amounts of money, but probably don't make them rich.  Imagine a world where there are a few hundred million dollars in untraceable assets waiting to be stolen, but only on Windows XP boxes with the latest patches, firewalls and scanners installed, and reasonable security settings.  IMO, that's a world where every day is day zero.  All bugs are shallow, given enough qualified eyeballs, and with that kind of money on the table, there would be plenty of eyeballs looking.  

And once it's done, several thousand early adopters are out thousands of dollars each.  This isn't much of an advertisement for the payment system.  It's anonymous and based on bearer instruments, so there's no way to run the fraudulent transactions back.  The money's gone, and the attackers are richer, and the next, more demanding round of attacks has been capitalized.  

>People do eventually learn when it costs them something out of pocket.
>Now that they've learned that the white headphones mean "I'm a target
>with an iPod, mug me!" I see a lot of iPod users with boring old sony
>or koss headphones. Right now, insecurity doesn't cost the end-user
>enough. As soon as some virus comes along and wipes out some new york
>times columnist's savings, and he screams about it, then and only then
>will the slightest nonzero percentage of the sheeple pay attention for
>a bit.

They also have to be able to do something about it.  What would you tell a reasonably bright computer programmer with no particular expertise in security about how to keep a bearer asset as valuable as his car stored securely on a networked computer?  If you can't give him an answer that will really work in a world where these bearer assets are  common, you're just not going to get a widespread bearer payment system working, for the same reason that there's probably nobody jogging with an iPod through random the streets of Sadr City, no matter how careful they're being.


--John Kelsey

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list