Governance of anonymous financial services

Mon Apr 2 09:24:23 EDT 2007

Hello,

On 29/03/07 21:30, Steve Schear wrote:
> Here is the situation.  An on-line financial service, for example a DBC
> (Digital Bearer Certificate), operator wishes his meat space identity,
> physical whereabouts, the transaction servers and at least some of the
> location(s) of the service's asset backing to remain secret.  The
> service provides frequent, maybe even real-time, data on its asset
> backing versus currency in circulation. The operator wishes to provide
> some assurance to his clients that the backing and the amount of
> currency in circulation are in close agreement.  The mint's backing need
> not be in a single location nor in the sole possession of the operator.
> 
> I realize this is a governance question but I suspect that crypto/data
> security may play a key role.
> 
> Some questions:
> If independent auditors are used do they need to know the operator's
> identity?

Putting the crypto capabilities aside for a moment, what is the purpose
of auditing an anonymous legal entity?

Auditing, as I see it, can be used to serve two systems:

	1. An intrinsically-enforced reputation system
	2. An extrinsically-enforced legal system

When I take my hard earned money and deposit it with the local branch of
ABC bank, I do it while relying on two things:

	1. The bank is part of a national legal trademarking system that
assures me that this branch having this nice red "ABC" logo, is the same
ABC Bank that all my friends use, along with millions of others, and so
far, they haven't been fooled and their money hasn't yet been stolen.

	This #1 is something I can get from a pseudonym based system that is
accompanied by some auditing I trust, even if the bank is completely
anonymous. In the optimal installation you try to achieve the auditor I
trust will be able to tell me: "This bank, that you do not know where it
is, and so don't I, has the backing for the currency it has in
circulation." I will also be able to tell it's the same bank my friends use.

	2. The bank is part of a legal *enforcement* system, such that if the
bank takes my hard earned money and refuses to give it back to me, the
*human* manager of the bank will be put in *physical* handcuffs and
taken to a physical prison, where he cannot physically exercise his
freedoms, such as go to a pub, see his kids, etc. No web-site extortion,
no reduction of virtual credibility points, not even bad publicity;
jail. Real jail, with non-chosen roommates and bad meals. I want to know
that the enforcement system that the bank is subject to is one that can
lead to real jail before I trust a web-site with my real money. This is
along the lines of the baseball bat that Ian mentioned.

	This is something I cannot get from a system in which there may be
auditing, but there is no chain connecting the digital world (as
intrinsically-enforced as it would be), and the physical world, that
offers better enforcement means, better matching my money's worth.

The enforcement that is offered by the legal system is tied to the
physical world and thus requires identifiability and personal (flesh --
not username) accountability. You can have a system do without it; have
only intrinsic enforcement without tying to the physical world, but I
believe its enforcement will never be strong enough to win the trust of
the masses when it comes to hard earned money.

At the end of the day, say everything works perfectly by your model, and
the intrinsic system can prove that there is a coin of gold for every $x
in circulation. How does the user know that he will ever see the sums he
put in circulation. He has a receipt, of course, but a receipt is just a
bunch of bits. These bits may prove to a third party that justice is
with the user, but what will link this justice back to money if the
bank's owner doesn't feel like paying?

I know this is not completely related to the questions you presented,
but more to the rationale of the entire system. I am just trying to
understand this better.

Regards,
Hagai.

-- 
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web: www.hbarel.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com