Governance of anonymous financial services

Allen netsecurity at
Fri Mar 30 00:23:17 EDT 2007


I assume that you mean the owner of the on-line financial service 
when you say "operator," correct? In which case what exactly are 
the auditors going to be looking at when comes time to audit but 
the operator's identity, whereabouts, the servers and a portion 
of the assets are undisclosed?

In a basic sense auditing is to see if the reality behind the 
books matches the books. That the number of sheaves of wheat you 
have in the warehouse match the number you have in the office. If 
you can not locate the reality what are you verifying?

I've been involved after a compliance audit that in reality was 
totally bogus because some aspects of the business in question - 
a financial institution at that - did not have an accurate org 
chart so the unit that was clearly out of compliance in their use 
of private data which wasn't being protected properly didn't even 
get looked at. This is a business with a major physical presence 
and yet the auditor's stamp of approval meant nothing.

I think, rather than governance, this goes to the heart of trust 
in relationships. Governance to me is more the process of 
verifying that the trust is not misplaced and that audits are 
simply one way, but only one of many ways, of quantifying the 
level of trust one can have in the relationship.

My sense is that cryptography's role in this is to protect the 
assets from external forces, not verifying that insiders haven't 
cooked the books. However, I have been known to be wrong a time 
or two.



Steve Schear wrote:
> Here is the situation.  An on-line financial service, for example a DBC 
> (Digital Bearer Certificate), operator wishes his meat space identity, 
> physical whereabouts, the transaction servers and at least some of the 
> location(s) of the service's asset backing to remain secret.  The 
> service provides frequent, maybe even real-time, data on its asset 
> backing versus currency in circulation. The operator wishes to provide 
> some assurance to his clients that the backing and the amount of 
> currency in circulation are in close agreement.  The mint's backing need 
> not be in a single location nor in the sole possession of the operator.
> I realize this is a governance question but I suspect that crypto/data 
> security may play a key role.
> Some questions:
> If independent auditors are used do they need to know the operator's 
> identity?
> What aspects of good governance can be brought to bear on this situation 
> so that the operator's interests are more aligned with its clients?
> Has anyone explored this from a math-crypto view?
> If the backing is distributed among a multitude of holders (e.g., in a 
> fashion similar to how Lloyds backs their insurance empire), who's 
> identities are kept secret until audit time and then only a few, 
> randomly selected, names and claimed deposit amounts are revealed to the 
> auditors, might this statistical sampling and the totals projected from 
> the results be a reasonable replacement for 'full asset' audit?  To 
> protect the identities of the holders could a complete list of the 
> hashes of each name and claimed deposit be revealed to the auditors, who 
> then select M of N hashes whereupon the operator reveals only those 
> identities and claimed deposits work cryptographically?
> Steve
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list