Financial Cryptography

The Favour Economy - Pressed Flowers get Laminated

In the world of community currencies, Pressed Flowers have resiliance. To my continuing surprise, the humble floral unit has legs! Last night, under the add-on, flowers were reserved, catalogued and most importantly traded.

Some months ago the Vienna artists' community took children to the hills near Baden to collect flowers. These were pressed in the sleeves of books and a more crude version of a flower press awaiting tonight's events. Now, the pressed flowers have been reserved by recording them all and preparing them for distribution.

Yet such a community setting. Overhead in the scaffolding in Wallensteinplatz, a performance by a popular Astrian warbler AustroFred (singing songs by Queen in German. "Under Pressure" sounds like "Amadeus" ...). Underneath, a gang of artistic financial cryptographers catalogued and laminated hundreds of pressed flowers. They are now official floral reserves of the FlowerBank.

This crazy little thing called trade. A dance group was paid in pressed flowers. Their dance presented flowers to the audience, and each audience participant was encouraged to take the fresh flower and bail it in to the FlowerBank for pressing and future conversion for more liquidity.

Pricing the laminated pressed flowers was an issue that wasn't resolved beforehand. After the performance (and flower bank revitalisation) a lengthy negotiation meandered between the supply factor of time for complete flower pressing in volunteer labour (about an hour) and the investment of the performers (about 2 hours each). Eventually, trading parties settled the price at PF8, or PF2 per performer.

(The rain started but nobody cared. The wind blew the stock of reserves around. Pandemonian, but ... The show must go on!)

This is Europe so the kids are out on the streets until the early hours. At least, this was the Turkish community. Keeping children focused turned out to be a simple matter of pure bribery (anything for sugar). In exchange for writing out the leaflets describing the terms of trade, flowers were paid and kids were well behaved, for once.

The reserve units were accepted for meals and icecream and I converted my wages in laminating into a dinner of fried meat, noodles, basil, and peanuts. Delish! A plate cost PF2 and icecream only PF1 although there was some debate about that.

In the event, the flowers economy all went to pot. Some insisted on keeping their flowers and forewent the benefit of the further trade. Kids on the other hand raided the local park for flowers, traded them in for precious reserves and then traded those for meals but not the icecream. Snip, snip, snip. Another myth bites the dust.

It gets more Austrian. Rumour has it that one of the kids, Nenad of age 10, has responded to the critical shortage of flowers and has started his own bank with pressed leaves. Already adults are speculating on when pressed insects will emerge, and the rate of exchange between leaves and flowers.

Opinion aside, the essential metaphor here is a 'favour currency' which records our good deeds. This is a soft issue in that it really doesn't matter if we get the exchange rate askew or the float adrift. What matters is that the system supports the actions - when a favour is paid for, it stays paid. When it isn't paid, the system does not get in the way of denying people's intent to avoid a direct recording of the event.

Payment news - two classic story endings and a new start

In payment news, two stories are ending. Jim reported on the Blind Signature patent expiry party:

Guest of honor David Chaum challenged us: How to change the world for the better by implementing new protocols.

I like to think that is what FC is about; but I'm also old enough and bloodied enough to know that without revenues we can't sustain the cash flow to employ the programmers to write the protocols to change the world for the better....

And, over in Congress, the CEO of CardSystems is moaning that his company might be out of business if Mastercard were to follow Visa and Amex in dropping them from the credit card processing business.

The head of a payment processing firm that was infiltrated by computer hackers, exposing as many as 40 million credit card holders to possible fraud, told Congress yesterday that his company is "facing imminent extinction" because of its disclosure of the breach and industry's reaction to it.

"As a result of coming forward, we are being driven out of business," John M. Perry, chief executive of CardSystems Solutions Inc., told a House Financial Services Committee subcommittee considering data-protection legislation. He said that if his firm is forced to shut down, other financial companies will think twice about disclosing such attacks.

A curious response - as the company offers little or nothing positive to the damage that it has potentially done to 240,000 credit card holders, I'm not sure what there is to say! (What was the average cost of identity theft to the victim, again?(

There's little help from the credit card companies:

Credit card companies say they are trying to stave off unneeded panic. And costs are an issue as well; if a new card costs $30 to create, 40 million cancelled cards would cost $12 billion to replace.

"Obviously." Seriously, this company must die. Like Arthur Andersen, the message has to be sent. Regulation didn't work. The Regulator didn't do anything. Contracts didn't work. Audits do not work, whether it was by Cable & Wireless or Mickey Mouse. Pontifications by a myriad of security experts didn't work.

Nothing worked - and it's time to form a hanging party and go get us some bandits. (If it's any consolation, when the users get to a-lynching in civil courts, CardSystems will appreciate the humane way out.) The Chistian Science Monitor goes on to report that considered thought and intelligence seen in Washington DC:

But state lawmakers were skeptical. "It seems there's a very paternalistic theme to those comments, which is 'We know what's best for consumers,'" said Massachusetts state Rep William M. Straus.

He said the issue should be turned over to the victims of ID theft: "Would they trade a 10 percent discount from Sears for everything they've been through?"

Now there's a thought! In closing, looks like ePoints made a big splash in the New Scientist:

The ePoints system set up by Agnes Koltay and Daniel Nagy is different. It allows anonymous person-to-person transactions over the web, and though the software itself costs money, Nagy says every subsequent transaction will be free. Charles Cohen, founder of failed e-currency Beenz, supports this thinking. People will only adopt new payment systems if they are free, he says.

To use ePoints, a person requests an ePoint "note" - in reality an encrypted code that represents some amount of ePoints - from an ePoints issuer. The issuer is the person or body that administers the system and ensures that ePoints aren't duplicated. The issuer cryptographically signs each ePoint note in exchange for some money of equivalent value in another currency, say pounds or dollars, or for some work done, or as payment for some other service.

When someone spends ePoints, the person receiving them in payment contacts the issuer to verify they are not counterfeit. The cryptographic algorithms ensure the issuer cannot tell where the ePoint originated, nor the chain of hands it has passed through, only that he has been asked to confirm an ePoint is authentic.

But anonymity alone is not going to make people use it. If ePoints is going to catch on, it will have to find a niche that makes it attractive to a large pool of users. That's where ePoints' cheap and borderless nature comes in. ePoints can be seen as an international electronic currency and this, Nagy and Koltay believe, along with security and anonymity, will provide the niche it needs.

ePoints may also be attractive to companies that want an electronic method for handling payments of a few pennies. Credit card companies charge a minimum fee for each transaction they process, and for transactions of less than a few dollars this can represent a large slice of the total. In return, credit card companies provide a high level of security. But as Nagy points out, this is overkill when only small sums are changing hands. A penny transaction should not need a lot of security, Nagy says. A thief will gladly invest five pennies of effort to steal a credit card, but no smart thief will spend five pennies to steal a one-penny ePoint.

Nagy and Koltay are not the only ones aiming at the micropayments niche. In spite of the rocky beginning of digital cash in the 1990s, several alternative micropayment systems have sprung up, including Peppercoin, PayCash and Open Money.

And recently a big name has shown interest. Nagy says a test version of the entire ePoints software system was recently downloaded by engineers at Google. News reports suggest the company will soon launch a competing service to PayPal. As with a cash transaction, only the two parties to the transfer need know each other's true identity.

The rest of the article is well worth reading as well.

How to do Hayekian Private Issuance

Robert Murphy defends Hayek's proposals for private issuance against Mises and Rothbard. Such is of course welcome but bemusing; as it does not take into account modern developments in the financial cryptography world, it seems quaint and historical. This is now a solved problem, and I suppose if I'd thought about it I would have written a paper on it!

Private issuance of monies by corporations is easy and within reach of all. The technical problems are solved, as are the economic interests and the value feedback equations. I know this because I - or my company - have been issuing for two (oops not four) years now, and even though our scale is tiny, it still works so efficiently that I cannot see a circumstance where the company would choose not to issue.

Corporate issuance works like this:

A company creates a contract that redeems for any service the company offers. Not gold, not a basket of Walmart items, etc etc. It redeems in its own services and units. All commercial companies have some sort of service or good, by definition, although I grant non-profits sometimes do not. This of course means we need an external unit of account, but that's no problem.

Then, the corporation pays all its people in the issue. Every month their paychecks come in the corporate unit. As this is a digital operation, it is painless and quick.

Finally, all purchasers to the company are instructed to pay all invoices in the corporate issue. In order to get their corporate units they contact the employees and arrange a trade. Purchasers might have gold, dollars or some other unit, and employees often need exactly those things. A trade is arranged, the value moves from the employees to the purchasers, and then back to the company as the invoice is paid.

All else is evolution. How does the company pay for bills in local national currency? Simple - we post a bill on the notice board (perhaps virtually) with an offer of X+1% in the corporate unit to get it paid. Maybe we need to up the number to 2% the next day, but soon enough someone will decide to do take the profit.

How do buyers find sellers? In our small scenario by word of mouth. But markets would no doubt spring up once a threshhold is reached, and a market is nothing but a mailing list or a chatroom.

How does a big purchaser deal with lots of little sellers? Someone stands in as an intermediary, of course, a process that we have seen arise in recent times. How do profits get taken? How do shares dividends get paid? Taxes, etc etc - all the same way. These are all bills.

How is accountancy handled? This is perhaps the best bit. The system is its own accountancy system. Everyone has their own books for their own transactions (a la Triple Entry Accounting in FC++ #2) and the need to keep a separate book of accounts disappears.

How is bankrupcy handled? Perhaps testament to the power of this system, it works as well in times of lean payments as it does in boom time. That's because of the strong recording capabilities of the digital payments system means that what was liquid converts seamlessly into debt, thus relieving everyone of the need to account for their position. In fact, we originally floated the new issue in a time of quasi-bankrupcy, and within a single weekend, every employee had converted their notes, their promises, their deferred invoices into corporate issue. Because it was so much easier and so much clearer.

Is it efficient? On a small scale, for users, it can be about as much work as dealing with the average invoice, per transaction. As scale ramps up, it reduces to about the same order of cost of getting a coffee out of a coin-powered machine.

For the issuer, it has one final magic component - it raises long term financing on floating terms. Nominally at zero percent, the costs of holding and converting and indeed financing the working capital are worked out in the exchange rate between the corporate rate and local units. Your employees are your investment bank; it's painless and obviates the need for a CFO until you've added another two zeros to the revenues. Yet another saving.

"Acceptable Risk" - a Euphemism for Selling Fraud?

The "acceptable risk" concept [writes guest financial cryptographer Ed Gerck] that appears in recent threads has been for a long time a euphemism for that business model that shifts the burden of fraud to the customer.

The dirty little secret of the credit card industry is that they are very happy with 10% of credit card fraud, over the Internet or not.

In fact, if they would reduce fraud to zero today, their revenue would decrease as well as their profits. So, there is really no incentive to reduce fraud. On the contrary, keeping the status quo is just fine.

This is so because of insurance -- up to a certain level, which is well within the operational boundaries of course, a fraudulent transaction does not go unpaid through VISA, American Express or Mastercard servers. The transaction is fully paid, with its insurance cost paid by the merchant and, ultimately, by the customer.

Thus, the credit card industry has successfully turned fraud into a sale. This is the same attitude reported to me by a car manufacturer representative when I was talking to him about simple techniques to reduce car theft -- to which he said: "A car stolen is a car sold." In fact, a car stolen will need replacement that will be provided by insurance or by the customer working again to buy another car. While the stolen car continues to generate revenue for the manufacturer in service and parts.

Whenever we see continued fraud, we should be certain: the defrauded is profiting from it. Because no company will accept a continued loss without doing anything to reduce it. Arguments such as "we don't want to reduce the fraud level because it would cost more to reduce the fraud than the fraud costs" are just a marketing way to say that a fraud has become a sale.

That's because fraud is an hemorrhage that adds up, while efforts to fix it -- if done correctly -- are mostly an up front cost that is incurred only once. So, to accept fraud debits is to accept that there is also a credit that continuously compensates the debit. Which credit ultimately flows from the customer -- just like in car theft.

What is to blame? Not only the twisted ethics behind this attitude but also that traditional security school of thought which focus on risk, surveillance and insurance as the solution to security problems.

There is no consideration of what trust really would mean in terms of bits and machines[*], no consideration that the insurance model of security cannot scale in Internet volumes and cannot even be ethically justifiable.

"A fraud is a sale" is the only outcome possible from using such security school of thought. Also sometimes referred to as "acceptable risk" -- acceptable indeed, because it is paid for.

Cheers,

Ed Gerck

[*] Unless the concept of trust in communication systems is defined in terms of bits and machines, while also making sense for humans, it really cannot be applied to e-commerce. And there are some who use trust as a synonym for authorization. This may work in a network, where a trusted user is a user authorized by management to use some resources. But it does not work across trust boundaries, or in the Internet, with no common reporting point possible.

Liability for Software - is the end of the Security Industry a bad thing or a good thing?

I've been thinking about software liability a bit and just the other day had a bit of a revelation. If security software came with liability it would destroy the security industry. That's the good news :-) The bad news is that we'd also get some regulation to boot, which would slow things down, as Marcus Ranum points out (by way of Eric Marvets).

My revelation occurred like this. In the closing stages of a small security job for a friend, I discovered that the intellectual property was being handled with a handshake. This didn't worry me from a property point of view simply because the <1000 lines of code written weren't worth enough to argue about, it was the process and knowledge that was being charged for.

But the absence of a proper transfer contract did worry me from a liability point of view. So I wrote in that there was zero liability. And the discussions started ... it was during that discussion with the client that I realised that the reason I had written zero liability - and left the client high and dry to fend with what could well have been buggy, incomplete, snake-oil nonsense written by a script kiddie, for all the client knows - was that if there was any liability, the price would have to go up.

And, significantly! The price would sky rocket because the mere presence of a letter from a lawyer would probably wipe out not only the profits from the job but the entire revenues (quick reality check, ask your lawyer what their retainer would be for a software liability action).

So we - me as supplier, the client as user, and the entire industry - are faced with a choice. Either supply the product at price X and go with zero liability, or supply the product at price Y and assume some liability.

What's the ratio between X and Y? For me it was at least double. Probably more like 3-4 times. It's so significant that I know the client wouldn't pay so they only have one choice: either they pay for no liability and get the security, or they don't get the security work done at all.

So what would happen if liability were added to software? Marcus suggests Microsoft Windows would go to $1000 per copy, citing the medical industry's experience. It's a number!

Clearly Microsoft Windows would go up in price. Just as clearly, people would switch to open source product, which cannot as easily carry liability because there is no _for consideration_ contract, and their $1000 laptop would stay a $1000 laptop [1, 2]. And, as it happens, the secure Operating Systems are the BSDs so not only will they suddenly find more popularity, we'd get more security into the bargain as well as more people start to use these products, probably via the hard route of Linux, which would be also forced to get serious about security.

This of course is the argument of the liability people - make software cope with its insecurity by properly pricing the cost of security such that it more correctly allocates society's resources. With the added wrinkle of open source of course. The problem with taking this path is that, no matter how desirable you find the notion of supporting open source, subsidies are a net 'bad' as an assumption in economics. That is, most every theory and study in economics shows that subsidies cost society more than they make. Which is to say that letting the market find the way to produce secure software is still a better bet than installing a permanent subsidy for open source into place.

This market process may already be on the move, says Eric Marvets:

[Microsoft's] marketing department is quietly getting ready and now all that's left is for the product to hit the market. These may all be coincidences, but I think it's a masterfully crafted business plan mid-execution.

Microsoft is rejigging everything in place for a shift to a more security-oriented focus (quietly...).

Will it work? Who knows. But one thing is clear - the market is pushing Microsoft in the direction of further security. What we need is happening, in the market. The question of whether regulators can do better is really a tough one, and experience and theory says No. So in promoting why adding liability would improve our net security, the question to ask is why it would work this time when the combined weight of economics and experience is against it?

1. Open source suppliers can carry liability, but lets ignore the edge cases here.
2. Countries with poorly developed intellectual property laws would still use Windows, as they also don't enter into contracts for consideration.

Fear-commerce, something called Virtualisation, and Identity Doublethink.

According to pipeline, "E-commerce is buried beneath a blanket of fear. Online purchases, according to some observers, are down by nearly half; Internet banking by nearly a third." I'm not sure I believe that bad, but has anyone heard any stats? Seen any drop-off? This second CNN article disagrees, but a survey from Pew (Register reports) says that 90% of americans have done at least one thing to deal with the current threatening online environment:

The survey found:
* 81 per cent of net users say they have stopped opening unsolicited email attachments Half those quizzed (48 per cent) say they have stopped visiting potentially dodgy web sites out of spyware concerns
* A quarter (25 per cent) of those questioned said they have stopped downloading music or video files from peer-to-peer networks in order to avoid getting unwanted software programs on their computers.
* A minority of surfers (18 per cent) say they have changed the web browser software they use in order to avoid malware attack

The same survey also found suggestion that people are ignoring the security advice of suppliers such as Microsoft, which makes perfect sense to me, as their advice on security has to be politely termed as 'conflicted'. Lynn Wheeler reports on on their claim that they are doing "virtualisation" and security has to wait until that is done. Seeing as I don't understand those words, I can't comment on how plausible this excuse is!

Microsoft confirms plans for virtualization hypervisor - Computer Business Review
(Anne & Lynn Wheeler, Wed Jun 29 16:03:10 2005)
i'm at annual ieee chip conference ... it is invitation only so they can talk about non-public information. late yesterday the senior engineer from amd, gave a talk on futures. he was introduced as having spent some amount of his career starting in '62 building cryptographic hardware at nsa and having been one of the primary co-authors of the orange book. he didn't mention security in his talk ... but in the Q&A afterwards somebody asked about security. He commented that you probably aren't going to really see it until virtualization.

Turns out this is what i did during the 60s and 70s ... and i got con'ed into be chair of next year sessions on "security, authentication, partitioning, and virtualization". slightly indirect reference.

Also from Lynn, for those interested in the background behind the CardSystems breach, here's a good article. Yes, it really does say that Cable and Wireless are their security auditor...

And over in Australia, it seems that the notion that centralised identity means easy identity theft is starting to gain traction:

But Mr Ruddock told a security technology conference in Sydney today a national ID card could actually compromise Australians' security.

"We haven't supported an approach where all personal information is centralised on one database and a single form of identification is used," Mr Ruddock told the gathering of government, security and business leaders.

Such an approach could actually increase the risk of identity fraud because only one document would need to be counterfeited to establish an identity.

It is significant that people are starting to think about the problem. Consider the British view:

When the experts were asked whether the government's all-singing and dancing electronic ID card would solve the problem, there was hollow laughter all around. It would simply locate all identities in one place, creating an El Dorado for phishers.

The hollow laughter reflects the British Government's current claim that an identity card will stop terrorism, benefit fraud, and make a nice hot cup of tea, all for the bargain price of 100 of their quaint old sterling pounds.

A rather sterling performance by the London emergency services in this morning's tube and bus bombings focusses attention on the terrorist threat. Dare we ask: would the bombers would have had to show their identity to get on the bus? I don't think so, and I'm personally very impressed with the concentration by the Brits on the real issues: setting up crime scenes, getting the areas cleared and people back to work, and refusing to play the media's game of spreading panic and mayhem.

Finally, Tao describes how banks in america are now employing computers to phone you up to ask you about your credit card transactions. I wonder if such computers are too expensive for phishers, or whether they are well enough funded to overcome that barrier already?