January 26, 2006
US District Court uses digital signatures
Highlighting an order by Judge Collyer in the previous entry, we find her order duly signed:
ORDER As agreed by the parties in open court on January 13, 2006, it is hereby ORDERED that Suntrust Account Number 1000..... and Regions Bank Account Number 6709.... shall be unfrozen; however, the United States shall retain control of the funds previously seized from those accounts pursuant to the warrant issued by Magistrate Judge Facciola in Case No. 05-664 M-01 (JMF) on December 14, 2005.
SO ORDERED.
Date: January 13, 2006 /s/
ROSEMARY M. COLLYER
United States District Judge
The digital signature appears on the paper as /s/.
Discuss.
G&SR / e-gold case in Washington DC court
The case against G&SR, operators of the e-gold payment system, has been filed in Washington DC courts. Here are some of the filings, apparently from the PACER system, which is a US Government site for court documents.
I've only briefly read parts, so far. The USG's case is based on the Money Transmitter Licensing requirement.
16. Title 18, United States Code, Section 1960 provides that: (a) Whoever knowingly conducts, controls, manages, supervises, directs, or owns all or part of an unlicensed money transmitting business, shall be fined in accordance with this title or imprisoned not more than 5 years, or both. (b) As used in this section (1) the term “unlicensed money transmitting business” means a money transmitting business which affects interstate or foreign commerce in any manner or degree and (A) is operated without an appropriate money transmitting license in a State where such operation is punishable as a misdemeanor or a felony under State law, whether or not the defendant knew that the operation was required to be licensed or that the operation was so punishable; (B) fails to comply with the money transmitting business registration requirements under section 5330 of title 31, United States Code, or regulations prescribed under such section; or (C) otherwise involves the transportation or transmission of funds that are known to the defendant to have been derived from a criminal offense or are intended to be used to promote or support unlawful activity; (c) the term “money transmitting” includes transferring funds on behalf of the public by any and all means including but not limited to transfers within this country or to locations abroad by wire, check, draft, facsimile, or courier.
Pretty broad writings! Apparently in response, G&SR published two letters, the second of which announces:
In an emergency hearing in US District Court January 13, 2006, the freeze order on G&SR's bank accounts was lifted. Though numerous criminal claims had been made in obtaining the search and seizure warrants, the Government has not sustained these allegations and the only remaining claim is a contention that G&SR has operated as a currency exchange without the proper license. G&SR had previously proposed to the Government that e-gold be classified for regulatory purposes as a currency, enabling G&SR to register as a currency exchange. In a Treasury report released January 11, 2006, however, the Department of Treasury reaffirmed their interpretation of the USC and CFR definitions of currency as excluding e-gold.
So G&SR would then agree that the case turns on whether they are a money transmitter or not, and they make this case more forcefully in Document 4 before the judge. However it is becoming clear that G&SR have been less than forthcoming, and have not advised their customers of the true position. Document 4 in the above list says:
ORDER As agreed by the parties in open court on January 13, 2006, it is hereby ORDERED that Suntrust Account Number 1000..... and Regions Bank Account Number 6709.... shall be unfrozen; however, the United States shall retain control of the funds previously seized from those accounts pursuant to the warrant issued by Magistrate Judge Facciola in Case No. 05-664 M-01 (JMF) on December 14, 2005.
SO ORDERED.
Date: January 13, 2006 /s/
ROSEMARY M. COLLYER
United States District Judge
(Sidenote of FC interest - I've created a good facsimile of Judge Collyer's signature. It is literally typed in as /s/ in the PDF. Whether it is a digital signature or not turns then on whether they still use mechanical typewriters in the District courts!)
No mention of the third bank account by the judge. And no mention by G&SR that their (accounts oops) funds remain under USG control and have been so since 14th December! (Which effectively means that G&SR is under control of the government. Oops, I grant this is no longer sustainable.)
In the earlier 6th Jan letter from Dr Jackson, he wrote:
There were other direct interventions as well that I am not yet at liberty to discuss that nearly crippled OmniPay's ability to honor its obligations to and on behalf of users.
So we now have pretty clear indications that a lot is going on. Whether G&SR have been advised or instructed to keep mum is unclear (and I'm skeptical, especially given the content and tones of the letters). But at the least it makes it rather difficult to carry on business, a point G&SR makes in Document 3. Is G&SR able to deliver on its business undertaking? If it is unable to control its funds under seizure or make any statements adverse or otherwise as to its credit position, then what form of exchange can they reliably do?
And what about e-gold in all this?
For those wondering what the fuss is all about, a few brief remarks of explanation. e-gold, the payment system, is one of the more successful ventrures in the field. It independently re-developed and championed the centuries old approach of escrow of value as epitomised by the gold bars held in vaults. This tool makes a pretty fair stab at establishing a base of governance for issuance of digital currency.
In the late 90s, e-gold made several moves designed to improve the standard of governance - moves that I had a lot to do with through my involvement approximately mid 1998 - mid 2000. Firstly, a co-signatory to the metal was created. Secondly, all physical assets were progressively migrated out of the filing cabinet and into secure vaults at repositories. Until this was done, the substantial part of the value was in "Macotta Delivery Orders" which were directly signable by Dr Jackson. These changes gave a separation of roles aspect that formed two of the parties in my five parties model, the independent vault and the co-signatory. To be fair, Dr Jackson had already understood the importance of the fifth party - the public - in governance by inventing his Examiner page to show his claims of the bars and metal under management.
In addition to protection of the gold, I also considered it essential to protect the digital issuance in a like 5PM system. e-gold only started on this process, before getting sidetracked on what could be stated loosely as "offshore strategies". Although the digital systems should have been placed under independent control, they remained in-house. Although an independent Mint role for creation of new digital float should have been done, I have never heard of it being so.
And the entire payment system should have separated from the risky business of exchange operations. Instead, e-gold Ltd was formed in Nevis, and gold was transferred under dubious legal circumstances to Trusts in Bermuda - completely at odds with the user agreement at the time. Notwithstanding all this legal manouvering, the substance of e-gold remained firmly in-house, in Florida, and firmly under control of Dr Jackson.
If e-gold had solidly and strongly separated itself from the highly lucrative exchange business - deliberately left where the market was in the USA - then G&SR could have disappeared and e-gold would have carried on. Now however, wherefor goes G&SR, there too follows e-gold. To all intents and purposes, they are both likely locked in a deadly embrace with the USG.
January 23, 2006
DigSig News - Notaries apply for an old Franchise, Colorado does PK with BRNs, old anecdote
MIT and the National Notary Association released a white paper on how to use notaries and cryptographic digital signatures (a.k.a. digsigs). The press release is a curious throwback to a decade ago where organisations aspirated deeply and warned that unless something was done immediately, fire, flood and pestilance was sure to strike eommerce.
Many paper-based transactions, from real estate conveyances to international adoptions to last wills and testaments, are notarized in order to prevent, detect and prosecute fraud. As government agencies and industry move toward a complete paperless workflow, electronic documents will need to receive the same level of security as their paper counterparts. However, Greenwood warns that laws and regulations to guide Notaries in the performance of electronic notarizations are lacking and must be immediately addressed to ensure the protection of property rights in the 21st century."Those who regulate Notaries Public would be derelict in their duty if they failed to effect the rule-making necessary to transition to a reliable system of e-notarization," Greenwood writes. "Failing to exercise oversight and control in this area would be akin to failing to provide and enforce safety rules for hydrogen or hybrid cars because the new technology is different from the old."
Cryptographic digsigs can work fine as indicators of human intent without laws, without notaries, and without fuss, once you get into the core of the application. On the other hand, a law put in place can set us back a decade or more. One of the reasons why we do not see digsigs used more often is because of the early franchise-building Utah models that were popularised in the mid 90s.
To my knowledge, courts and lawyers have this all wrapped up as they know that a signature is an indicator of intent, and the intent rules, not the mark. Efforts to regulate this long-known legal principle are therefore likely no more than franchise building, and should be summarily rejected for what they are.
Luckily the PDF that Daniel Greenwood wrote is far more clear on what a digital signature can be. Here's one fascinating snippet:
The state of Colorado has pioneered a simple but effective solution to enable state regulation of electronic notarization.26 It is called the Document Authentication Number, or DAN, and works like this:In Colorado, this is an eleven-digit accounting number issued to each notary by the Secretary of State's accounting system. This number can be accessed and referenced by anybody. Like a white pages entry, it is unique but publicly accessible identification. The number will be searchable online to verify a notary's name, commission number, commission expiration date and other important information.
Second, each notary is issued multiple random numbers generated by the Secretary of State, who keeps a copy of each such number. Unlike the first number, these are kept confidential. They should be secured, just as is the notary's seal for paper-and-ink notarizations. One of these random, confidential numbers is used by the notary to ``brand'' every discrete eNotarization. The notary also has, associated with each confidential number, the relevant data that appears on the respective official seal, such as name, title, jurisdiction and commission expiration date. When used together, the Document Authentication Number and a randomly generated number assigned by the Secretary of State constitute the notary's electronic signature for a particular notarization.In order to execute an eNotarization, the Colorado notary would simply affix to the electronic document both the private and public numbers, along with the pertinent commission information. This could be done by manually ``copying and pasting'' the data from a document or spreadsheet or through easy-to-use software. Thereby, the notary has tied the document to the electronic notary signature. In effect, an electronic notarization has occurred.
Nice! Public / private digital signatures with just a bunch of big random numbers (BRNs). That shows extraordinary flair by Colorado, and one wonders how they managed to slip that one past all the franchise builders, cryptography guildsmen and other worryworts.
I was reminded the other night of an anecdote about digsig laws. Some years ago, I was asked to (informally) advise a small nation on digital signatures. I read the two page draft law, and said, that's fine, but you don't need that, and here's why... (Insert blah blah here as above.)
It was then explained to me that the purpose of the law was not to regulate digital signatures, but to fill the spot, as a certain other friendly but elderly country of masculine sibling nature was pushing to put in place a regime of another sort. This action was recognised as a complete agenda push by the helpful elder sibling, and therefore a defensive action was needed: "we already have a digsig law, thanks, we don't need yours."
At which point I then understood. Fine, put in place your digsig laws, but stick to the tiny model: a digital signature should not be rejected by courts solely on the basis that it is a digital signature. End of story. Meanwhile, let the private sector get on with working out how to do this.
January 21, 2006
Szabo on the Contract v. the Note
It has often been to my regret that a fuller treatment of contracts as the keystone to financial cryptography has been beyond me. But not beyond Nick Szabo, who posts on a crucial case in the development of the negotiable instrument as a contract of money. He suggests two key differences:
Negotiable instruments – checks, bank notes, and so on – are promises to pay or orders with an implied promise to pay, and are thus contracts. But they differ from contracts in two important ways. First is the idea of “merger.” Normally, a contract right is an abstraction that is located nowhere in particular but belongs to a party to the contract or to a person to whom that party has assigned that right. Possessing a copy of a normal contract has nothing to do with who has rights under that contract. But in a negotiable instrument, the contract right is “merged” into the document. Assignment of that right takes place simply by transferring the document (in the case of a bearer instrument) or by indorsing (signing) and transferring it.The second big way negotiable instruments differ from contracts is the “good faith purchaser” or “holder in due course” rule which is illustrated by Miller v. Race. In a normal sale of goods under common law, the new owner’s title to the goods is at risk to the contractual defenses of a prior owner. ...
In short, with a normal contract, even once assigned - sold - to new parties, there are defences to get it back. Yet in the case of Miller v. Race in the halcyon days of London's note banking, Lord Mansfield declared in 1758:
A bank-note is constantly and universally, both at home and abroad, treated as money, as cash; and paid and received, as cash; and it is necessary, for the purposes of commerce, that their currency should be established and secured.
It is these instruments that we commonly issue on the net. Although issuers sometimes have the technical capability to return them, subject to some good case, they often declare in effect that they are indeed negotiable instruments and the current holder is "holder in due course." Especially, the digital golds and the digital cashes have so declared, to their benefit of much lower costs. Those that aren't so resolved - the Paypals of the world - inflict much higher fees on their users.
January 19, 2006
The node is the threat: Mozilla, the CIA, Skype, Symantec, Sony, .... and finally a WIRE THREAT: Bush
 | Firefox reaches around 20% market share in one "weekend" survey in Europe. Bull-rating! If this keeps going on, I'll run out of predictions by the end of January.
In other news, a Firefox developer caused a furore on slashdot by adding a URL tracking feature. Firefox needs to meet the interests of parties other than yourself in your browsing habits. In this case, it is probably Google; the fact that the developer put the feature in without any way to turn it off is telling. |
Readers will recall a recent thread on governance in non-profits which goes some way to explaining this confusion (1, 2). Mozilla now has two interested groups - those that supply money and those that don't. How Mozilla brings itself to reconcile the conflicts between these two groups is worth watching - but also difficult to divine, as Mozilla have a fairly consistent policy of debating in secret and announcing later (the root list policy was a notable exception!).
The threats situation is daily growing more complex. Let's review more evidence (as if it is needed) on threat models. Over in Milan, prosecutors have revealed some details of the CIA kidnapping case. The alleged kidnappers left behind disk drives with emails that warned the agents to get out of Italy, as well as indicated who was the leader of the kidnapping crew.
On June 23, the day the warrants were issued, police searched the villa in the Italian wine region of Asti where Lady had retired with his wife at the end of 2003. From the hard drive of one of his computers police recovered the e-mail message, which someone had attempted to delete, plus other documents they say establish Lady as the organizer of the kidnapping.
The prosecutors have distributed 22 search warrants throughout Europe and intend to seek extradition from the US next. One of the alleged kidnappers was reached by reporters in Washington DC, but her name was not published at the request of the CIA, who say she is still active and undercover. (Which would then put the reporters in the curious position of obstructing justice if they ever travel to Europe!)
Back to threat models. That email on that drive! Darn it, the threat is on the node, says I. For a long time now I have been asserting that _the node is the threat_ and I've conducted a search for evidence that there is any threat to the wire. Long, boring, and ultimately futile was the quest! But now, I can at last reveal the quest may be over:
The Bush administration is engaged in the novel legal experiment of ordering illegal wiretaps so as to show why it needs the facility to harvest Americans' conversations without a court supervision. We now have an Executive Order, no less, mandating the NSA to threaten the wires of civilian America. Now, in times past one could have said that the NSA would have been strictly interested in bad guys outside the country, giving some protection to the populace who weren't plotting the overthrow of the USA. But those days are gone, even inside supporters of the administration are admitting that these extraordinary powers are desperately needed to get back at the internal enemies that made life so difficult for them in the past years. And I'm not just referring to the democrats or democracy. So this means we have bona fide evidence of a major eavesdropping threat to the wire - albeit one to Americans only.
Still, even with this stunning Executive Order, no less, the threat to the node remains more severe, I claim. News just in from Skype in China:
Skype had a dilemma. The Internet telephony and messaging service wanted to enter China with TOM Online (TOMO), a Beijing company controlled by Hong Kong billionaire Li Ka-shing. Li's people told their Skype Technologies (EBAY) partners that, to avoid problems with the Chinese leadership, they needed filters to screen out words in text messages deemed offensive by Beijing. No filtering, no service.At first Skype executives resisted, says a source familiar with the venture. But after it became clear that Skype had no choice, the company relented: TOM and Skype now filter phrases such as "Falun Gong" and "Dalai Lama." Neither company would comment on the record.
First blood! This might be the first news that Skype is not protecting its users, which might explain why that other panda-shaped company, eBay, was ready to buy it. OTOH, the news comes from BusinessWeek, who aren't exactly above a hatchet job for political favours.
Either way, Skype was good while it lasted. In the department of corporate attackers it seems that Symantec has also been caught out installing root kits on Windows machines. They issued a patch, but not before saying that they were unaware of any hackers taking advantage... Oh, and poor old Sony, another corporate attacker caught with its hands in the root kit cookie jar has waved the white flag:
Federal judge Naomi Rice Buchwald gave tentative approval on Jan. 12th to a settlement in one of the many lawsuits filed against Sony over the rootkits. The settlement terms included offering cash payments or free music downloads to buyers of the affected CD's, and prevents Sony from selling any CD's with copy-protected software until 2008 at the earliest.Lawsuits filed by Texas Attorney General Greg Abbott and the Electronic Frontier Foundation against Sony are still going ahead.
Thank heavens someone is taking on the attackers. Security observers (I no longer use the term 'security expert', a new year's resolution) scurried for cover in case they were asked to suggest whether a crime had been committed. Windows users may as well get used to it - with friends like that, they're not in dire need of new enemies.
January 18, 2006
How Many Transactions?
Often people expect your transaction systems to be scaleable, and fast and capable of performing prodigous feats. Usually these claims reduce down to "if you're not using my favourite widget" then you are somehow of minimal stature. But even when exposed as a microdroid sales tactic, it is very hard to argue against someone that is convinced that a system just must use the ACME backend, or it's not worth spit.
One issue is transaction flow. How many transactions must you handle? Here's some numbers, suitable for business plans or just slapping on the table as if your plan depended on it. Please note that this is a fairly boring post - only read it when you need some numbers for your b-plan. I'll update it as new info comes in.
Earlier Wednesday, the Tokyo exchange had issued a warning it would stop trading if the system capacity limit of 4 million transactions was reached. As it reached 3.5 million about an hour before the session's close, it announced it would stop trading 20 minutes early.
According to the 2004 fourth-quarter report issued by Western Union's parent company, First Data Corp., an estimated 420 Western Union transactions occur every minute each day -- amounting to an average of seven transfers every second of the year.
Craig's stellar plotting system for e-gold's transaction flow gives us loads of 34k per day last I looked. Also Fee Income.
eBay's annual report for 2005 reported that "PayPal processed an average of approximately 929,000 transactions per day during 2004." There are contradictory numbers here and here: Total number of payments grew to 117.4 million, up 41 percent year over year and 4 percent vs. the prior quarter. This would imply 320k transactions per day, but we don't expect Paypal to be accurate in filings to the SEC.
Payment News reports:
Robin Sidel reports for the Wall St. Journal on how credit card issuers are now pursuing the market for smaller payments less than $5:....The market for transactions valued at less than $5 accounted for $1.32 trillion in consumer spending in 2003, representing more than 400 billion transactions, according to research by TowerGroup, a unit of MasterCard International Inc. By comparison, Visa processes a total of about $2 trillion of global transactions each year.
During the busiest hour on December 23 [2005], Visa processed an average of 6,363 transaction messages each second. That's a 14 percent increase over the average of 5,546 transaction messages per second Visa processed during the peak hour on December 24, 2004. Consider that Visa's payment network, VisaNet, can process more transactions over the course of a coffee break than all the stock exchanges of the world in an entire day.
Nice quip! I'll check that out next time I get my exchange running. In closing, let's let Lynn Wheeler have the last word. He reports that the old white elephant of transaction processing, SET, performed like this:
...If even a small percentage of the 2000 transactions/sec that typically go on were to make the transition to SET, the backend processing institution would have to increase their legacy computational processing capability by three orders of magnitude. The only way that SET could ever be succesful was if it totally failed, since the backend processing couldn't build out to meet the SET computational requirements. It was somewhat satisfying to see the number of people that the thot stopped them in their tracks.The best case demo of SET at a show a year later was on an emulated processing environment with totally idle dedicated boxes. The fastest that they could get was 30 seconds elapsed time, with essentially all of that being RSA crypto computational processing. Now imagine a real-world asymmetric environment that is getting 1000 of those a second. My statement was that a realistic backend processing configuration would require on the order of 30,000 dedicated machines just doing the RSA crypto processing.
There were then remarks from the workstation vendors on the prospect of selling that many machines, and somebody from RSA about selling that many licenses. From then on my description that SET was purely an academic toy demo, since nobody could ever take it as a serious proposal with operational characteristics like that.
private email, 14th December 2005. Note how he's talking about the mid 90's, using 10 year old figures for credit card processing networks like Visa.
January 17, 2006
Bill Monk - LETS goes commercial
The age old idea of LETS just went commercial in Seattle, called Bill Monk as reported in mainstream commercial blog PaymentNews. Oddly, the owners thought it was a new idea! Even odder, the LETS people never thought of opening it up to a wider audience.
Here's how the blog describes it:
When John and I talked on the phone, he was as surprised as we had been that, to the the best of our knowledge, there have been no other ventures that offer a centralized way to track informal debts. There have been lots of standalone apps (not to mention spreadsheets) for splitting bills and recording debts, but they weren’t centralized. And there have been several stabs at offering friends the ability to settle-up with one another with real cash or e-cash (of which PayPal is the most successful), but those are formal and pretty heavy-weight. One advantage of informal debts is that you can use a past debt as an informal currency for a future purchase. For example, my girlfriend owes me $100 for a deposit on a ski cabin; since then, she’s been picking up all our restaurant tabs and has beat down the debt to $30.
Google on LETS, guys. Might not be quite what you expected, but it numbers in the 1000's of systems and the history goes back nearly a century. John mentioned above covered it in the Seattle Post-Intelligencer.
So how does an open LETS function? Probably just as well as an ordinary one, but with the caveat that you don't have to accept the "social debts" from someone you don't know. So there are sub-communities within the space rather than one cohesive community/space.
This probably means that GP is reached later due to the lesser cohesion/liquidity as compared to LETS. Mary Fee has proposed that GP is reached around 200 for a LETS (she didn't actually say that, Mohsin Jaffer interpolated her experience). But I would also caution that this is not likely to mean that GP's arisal will be any the less traumatic. One to watch, to prove or disprove the 200 metric.
In contrast, in Todd Boyle's home town of Seattle, Bill Monk has a business. That could take it a fair bit further. Digging a bit further, I found it uses SMS to communicate:
That's got to be worth a bull! They integrate with email as well...
On an a similar note, seeing as I've got the attention of the LETS people, it occurred to me that I could create a new server that had no zero limit. Currently Ricardo rejects when payments would take it below zero. But for LETS this is no use. (As it has security implications I'd have to set aside a separate server and institute additional precautions.) So, is anyone out there interested in running a Ricardian LETS? Write the contract, dude!
Remittances - the bane of the Anti-Money Laundering Authorities
Adam points to Ethan's musings on the dire need to move many small payments across borders. It's a good analysis, he gets it right.
Remittances has been huge business for a long time. However it didn't burst onto the international agenda until 9/11 when it was suggested that some of the money was moved using Hawala. Whether that was found to be true or not I never heard - certainly most of it was sent through the classical banking channels. Not that it made any difference; even the Congressional committee remarked that the amounts neeeded for 9/11 were too small easily trace.
No matter, suddenly everyone was talking about remittances. The immediate knee-jerk reaction was to shut down the Hawalas. Of course, this got a huge cheer from anti-immigrant interests, and Western Union, who provides the same service at about 5 times the cost.
Unfortunately, shutting them down was never going to work. Remittances is such a large part of the economy it has to be recognised. The effect is so large, it is the economy in some senses and places. (I recall Ecuador numbers its exports as oil, remittances, and fruit, in some or other order. Other countries do something similar, without the oil.) Africa Unchained reports:
According to a recent report (Migrations and Development) by the International Development Select Committee (UK), over $300 Billion was sent from developed to developing countries in 2003 by diasporas living in the developed countries. Global remittance, the report maintains is growing faster than official development assistance from the developed countries, also global remittance is the second largest source of external funding for developing countries, behind Foreign Direct Investment (FDI), and also accounts for as much as 27% of the GDP for some African countries.
But these economies and their remittances will always now be cursed by the need to give lip service to the anti-money-laundering (AML) people. Of course money laundering (ML) will go on through those channels, but whether it is more or less than through other channels, and whether it is likely to be more obvious than not is open to question. From what I can tell, ML would be hard to hide in those systems because of the very cautious but "informal" security systems in place, and no operator wants the attention any more.
What is not open to question is that the attention of AML will dramatically increase the costs of remittances. Consider adding a 2% burden to the cost of remittances, which is easy given the cost disparity between the cheaper forms and Western Union. If remittances happens to generate half of the cash of a country, then the AML people have just added a whole percentage point of drag to the economy of an entire underdeveloped nation.
Gee, thanks guys! And there is another insidious development going on here, which is also mentioned above:
Hundreds of creative efforts are underway across the developing world to solve these problems with remittance. To address safety issues, MoneyGram is offering delivery services of money transfers in the Phillipines, bringing money to your door instead of forcing you to come and collect your funds from an office in town. Alternatively, if your recipient has an ATM card, they will transfer the deposit to her account. A new remittance strategy - goods and service remittance - addresses the safety, cost and misuse issues simultaneously. Instead of sending money home, make a purchase from a store or website in the US or Europe, and powdered milk, cans of corned beef or a live goat is delivered to your relatives. Manuel Orozco, an economist with the IADB, estimates that as much as 10% of all remittance happens via goods and services.Mama Mike’s - a pioneer in goods remittance - offers online shoppers the ability to buy supermarket vouchers and mobile phone airtime for relatives in Kenya and Uganda, as well as more conventional gifts like flowers and cards. SuperPlus, Jamaica’s largest supermarket chain, goes even further, allowing online shoppers to fill a shopping card for their relatives and arrange for them to pick up the order in one of the SuperPlus stores around the country. SuperPlus is a partner with both Western Union and MoneyGram and has been promoting its supermarket remittance service through Western Union and MoneyGram stores in New York City, home to a large Jamaican diaspora. Goods remittance services generally don’t charge a fee, making their profit off goods sales instead.
Spot it? The ones who benefit most from the push for AML are the large transnational corporations that come in and provide a "creative effort." They get a free pass, and help from authorities because they say all the right words. Today's pop quiz: is Western Union is more likely to stop ML than informal methods of remittances? Would Western Union be able to close down any troublesome competitor with the right noises?
Depending on your answers, it's either the noble fight, or just another traumatic security agenda being captured and turned into a _barrier to entry_ to squeeze the small guys out of a very lucrative business.
January 16, 2006
Exploit Feeds - a public service or a commodity with a price?
Ben discusses the monetary conflicts behind disclosure entities like CERT, NISCC and Tipping Point. Several of these acquire exploits for free and ship them off to favoured friends according to some metric which isn't clear - and may not be "fair" whatever that means. Guess who these are? The non-profit ones. In contrast, the profit seekers simply pay for exploits and sell the information to their subscribers.
So, what’s wrong with this picture? Well, my original objection to CERT and NISCC was that they obviously have to choose who gets the early announcements, and there’s no fair way to do that. Even worse, if you’re going to claim to protect criticial infrastructure, then you have to include the vendors who supply that infrastructure. Of course, these vendors then get to exploit that information commercially - it gives them an edge on their competitors. And since you don’t get to supply criticial infrastructure unless you are huge, this creates an artificial bias towards huge companies.
Shades of Sony root kits, shades of Diamond Governance. Is paying for exploit information better than the alternate? I think it is for these reasons - it is objective, and it is available on non-discriminatory grounds. If you have a need, then pay to have that need met.
However, that's not the worst of it, and this is what became clear to me last night. What's worse is that many of those subscribed to these early announcement services have an interest in using these exploits. In the case of the CERT/NISCC model it will be the military and TLAs that will be in the market for useful exploits. Of course, they will still have access in the commercial cases, perhaps even at reduced rates (never hurts to keep the government happy, right?) - but worse still, commercialisation of the exploit market gives easy access to criminals (I’m sure that some do even in the CERT/NISCC model, but it must be harder to get that than by simply forking out money).
Once again, the commercial model wins, I suspect. Why? Because we know who is getting it to some extent, as the seller will perform some level of due diligence, starting with the top customers. OTOH, the CERT-like supplier of exploits will be all tangled up in other non-objective models, and won't be easily able to figure out who's using it for nefarious purposes.
Open governance could solve this fairly easily by just revealing who is on the list and at what delay. Then, the rest of us could watch for correlations between early exploit usage and those who were told in advance. That's my call, at least; but Ben promises more comments later on this.
January 09, 2006
Arbitration Arises on the net
Daniel points to the arisal of 'Robot agents' to manage arbitration proceedings:
"Robot agents digest all the information and make proposals to the parties. Once the arbitrator is agreed upon, the robot agent finds a suitable meeting date for everybody," said Jacques Gouimenou, managing director of Tiga Technologies, the company behind e-Dispute, speaking with ElectricNews.Net. "Our system reduces delays and costs. It is also very secure."
As far as I can tell from the article, the author got it wrong as the agent does not do the arbitration itself. What the robot does is to automate or facilitate the case management process in an arbitration, which includes for example selecting the arbitrator. Once that is done, the arbitrator takes charge. Certainly a valuable service, but it should be borne in mind that it is unlikely that a robot could ever arbitrate human disputes (c.f., smart contracts).
Some other quick scattered but old notes. Arbitration is starting to make its mark in small dispute resolution over the net. See The Cheese Dreams case and also WikiPedia's Arbitration Committee.
In IP news a while back, Google won a typosquatting case (link lost) in the arbitration forums. What's news here is the appropriateness of using Arbitration for Internet disputes - see the use by WebMoney which has extended the basic model that was written but never used by e-gold.
Daniel also wrote a while back:
... the most popular russian auction site at http://www.molotok.ru/ which is somewhat affiliated with WebMoney (they use the same arbitration service run by WM). PayPal/eBay refuse to do business in Russia because of the high levels of fraud and the slow and largely ineffective court system. WM's design is sound enough to accomodate for all that; their fraud levels are actually lower than those in PayPal (for obvious reasons; from a technical point of view, WM is far more secure). I'm wondering how money@mail.ru is hoping to survive with their password-based security and no arbitration service.
January 06, 2006
easy call #1 - USG to maintain control of Internet
Well, that was easy! I mentioned in my 2006 predictions that the USG controls enough of the Internet to have it's way, and it won't give that up. Now the administration has come out and defined its policy in definite terms, an unusually forthright step.
 | U.S. Principles on the Internet's Domain Name and Addressing System
The United States Government intends to preserve the security and stability of the Internet's Domain Name and Addressing System (DNS). Given the Internet's importance to the world's economy, it is essential that the underlying DNS of the Internet remain stable and secure. As such, the United States is committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file. |
Etc, etc. Read the Register's commentary to see more background on who is suggesting otherwise. Curiously though, they missed one issue when they said that the US would let other countries run their own ccTLD domains. That's not what it said at all. Rather, the US has said that it recognises the other countries' interests while retaining the controlling role. (Icann falls into line.)
Why was this an easy call? The style of the current administration might be blamed by many, but the underlying issue is that this is the make-up of Washington policy and practice, going back decades or even centuries. The Internet will not be let go. The only thing that will shake this intent is complete and utter collapse of the USG, something pretty unlikely, really, regardless of what the conspiracy buffs over at IcannWatch think.
(For those looking for more meat, there was a Cook report on this about a decade ago. Also, see the snapshot of Internet Governance forces from a decade back in the GP4.3 case study on phishing. See also the Register on .al ccTLD.)
January 04, 2006
Open governance, bicycle helmets and certifying authorities
Over on "old thing new thing" a blogger asks whether users would know the difference between one bicycle helmet certifying authority from another.
Microsoft should allow orgs that are peers of WHQL [to] certify drivers and allow drivers to obtain certs from any such org or set of such orgs as they choose. Over time users would know which orgs were on the ball and which had agendas.Would they?
Yes, they would. But not through the mechanism that was described.
In any market there are 90% of the people who know next to nothing about it. That's the "buy bicycle helmet with XXX certification" crowd as described in the post. These people rely on the 9% who do know.
The 9% who do know are those who are more interested amateurs and less interested insiders. This group knows about all gossip and chitchat and what is good and what is bad and who is on the up and who is on the skids. This group is the one that warns everyone when a particular standard or organisation is "not good" and others are "good."
Then there is the 0.9% who actually really truley know. They understand the field, in depth. These are the ones who make the determination that certain things are not good, and they write long and detailed arguments on the problem. Rants. They scan looking for facts and events and what-have-you and integrate them into the ongoing argument. They debate back and forth with their opponents until a consensus is achieved.
Finally, this small group of critics pass the results on to the 9% who spread it more broadly.
(The remaining 0.09% are the people who actually discover and predict the failures before anyone else ... but nobody listens to them until enough evidence has accumulated. These are the crazies who are eventually proven right, but nobody remembers that part. When the questions are raised they are there in advance with the facts and stories for the 0.9% to debate and put into a more accessible format. We don't like to admit this group exists, and we'd never credit them with influence.)
This is called open governance. It happens when regulators are not present. It works in the unregulated currency field. And it will probably work with Certification Authorities, but only if the browsers step aside from the judgment game and put the name of the CA on the chrome.
Only when the users have reason to ask the 9% what Verisign means, will the 9% ask the 0.9%. (Etc.) But it has to happen in a "pull" fashion, there has to be a question to ask before any debate on governance can start.
Non-profits and Fraud - case #1
I took a lot of flak from the Diamond Governance story, so it behoves to move forward and make the point more clearly. The essential point is that there are less interested stakeholders in non-profits, and therefore governance likely needs to be stronger.
Another way of putting it is that if fraud is your thing, non-profits are fertile territory. Or if you think non-profits mean trust, you are fertile territory.
Why this is will take more than a blog entry to write up, and as Jean points out there is lots of study in governance for non-profits. However, I'm aware of a bunch of fraud patterns, and I'll post those for when I see them. Here's one I've been aware of for a couple of years. It is based on certain daft legal provisions, and would disappear in an instant if the law were changed.
The government sued AmeriDebt and Andris Pukke two years ago, seeking $172 million in damages.Regulators accused the Germantown- based nonprofit of charging excessive and poorly disclosed fees to consumers seeking help managing their debt and then channeling millions to Pukke's for-profit company, DebtWorks.
AmeriDebt once was one of the nation's largest credit counselors but is now out of business.
AmeriDebt was a non-profit. That's because there is some stupid law that says that a non-profit can do debt consolidation and gain certain privileges over a for-profit firm in the same business. A subsidy, in other words. So, obviously at least in hindsight, a smart operator starts a non-profit, consolidates a lot of debt for a lot of stricken people, and then funnels the cash somewhere else. Here's some more hints:
As consumer debt skyrocketed over the past two decades, a new breed of credit counselor emerged, one that relied heavily on television advertising to promote its services and toll-free telephone lines to dispense advice, replacing the person-to-person consultations offered by older firms.As more aggressive firms proliferated, so did consumer complaints, prompting the Internal Revenue Service to begin auditing 60 credit-counseling organizations, including AmeriDebt, in late 2003 to see if they were misusing their tax-exempt status to benefit their owners. Those audits continue.
"Non-profit" equals no taxes, no audits, no owners. Now fill it with cash and see what happens. Likely, I will take yet more flak for this. All I would ask is, do you believe that a non-profit is safe from fraud because it is doing good works?
January 01, 2006
Rights in the New Year
Pennies for the New Year: An effort to document the ontology of the Rights layer:
Anonymity, Unlinkability, Unobservability,Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology (Version v0.24 Nov. 21, 2005)
Also, IFCA have published their list of accepted papers for FC06 in Anguilla this February. Unfortunately, there are no abstracts posted that I saw, so titles only for the browsing.
From the real estate / property market, someone has taken on the brave step of offering individual issuance capabilities to house owners.
Todd points at an interesting paper on accounting for p2p systems with the goal of distributed accounting:
PeerMint: Decentralized and Secure Accounting for Peer-to-Peer ApplicationsAbstract. P2P-based applications like file-sharing or distributed storage benefit from the scalability and performance of completely decentralized P2P infrastructures. However, existing P2P infrastructures like Chord or Pastry are vulnerable against selfish and malicious behavior and provide currently little support for commercial applications. There is a need for reliable mechanisms that enable the commercial use of P2P technology, while maintaining favorable scalability properties. PeerMint is a completely decentralized and secure accounting scheme which facilitates market-based management of P2P applications. The scheme applies a structured P2P overlay network to keep accounting information in an efficient and reliable way. Session mediation peers are used to minimize the impact of collusion among peers. A prototype has been implemented as part of a modular Accounting and Charging system to show PeerMint’s practical applicability. Experiments were performed to provide evidence of the scheme’s scalability and reliability.
13 reasons why security is not a "Requirement"
Jeremy Epstein asked someone why they didn't ask "is it secure?" in the evaluation of a security product. This someone, a government procurer, had no answer other than surprise! Why is this, more generally, Epstein asks? Here's his list:
- People assume the vendor takes care of it.
- They don't know that they should ask.
- They don't know what to ask for.
- They're uncomfortable with the technology.
- They've made a conscious risk assessment.
- They think they're safe.
- They use vulnerability metrics.
- They simply don't believe vendor claims are trustworthy.
- They have reduced security requirements in the POC.
- They don't think it's their job.
- They know that their organization doesn't care.
- They think standards take care of the problem.
- They perform their own testing.
Check the main article for his reasoning on all of these questions. It is encouraging to hear such open questioning of the security world; readers here will know that I advance the Hypotheses that neither vendor nor purchaser know whether a product is "secure". See 8 and 3 above, in that order.
One quibble. In asking "why not," we do enter a troublesome area, scientifically speaking. There are always a hundred reasons not to do something but figuring out which are the real factors and which are the rationalisations is hard. Generally, we as people do better at answering why we actively do something in the positive sense, than why we don't.
If the question had been placed in the context of one of requirements ("why are you buying a security product") and results ("did the one you purchased meet your requirements") then more sense might have come out of it. Which is to say that not all security requirements should be viewed through the narrow lens of security but perhaps through the wider lens of procurement.
Quibbles aside, an encouraging development.