Tim May et al did a great analysis of this following a Bay Area cypherpunks meeting in August of 2001. Following is a tutorial I wrote that attempts to condense our views.
----begin tutorial
AN E-CASH MARKET TUTORIAL
Unlike PayPal, which leveraged a vast, well branded and well run existing infrastructure, rolling out a new digital currency is a significant standalone undertaking. The main reason why digital currencies failed is they almost all tried to address poor value propositions. By failing to acknowledge the "high-value" markets for untraceability, characterized by such things as Swiss bank accounts and income-hiding, porn-trading rings, and information markets, the whole technology of privacy/untraceability gets ghettoized into low-value markets like "untraceable subway tokens" (wow, gee!), weak versions of proxy surfing tools, and boring attempts to get people to
use digital money for things they don't mind using Visa and PayPal for.
Plot "Value of Being Untraceable in a Transaction" on the X-axis. This is the perceived _value_ of being untraceable or private. Start with "little or nothing," proceed to "about a dollar" then to "hundreds of dollars" then to "thousands" then to "tens of thousands and more." (The value of being untraceable is also the cost of getting caught: getting caught plotting the overthrow of the Crown Prince of Abu Fukyou, being outed by a corporation in a lawsuit, being audited by the IRS and them finding evaded taxes, having the cops find a cache of snuff films on your hard disk, and so on.)
Some examples: People will demonstrably get on planes and fly to the Cayman Islands to open bank accounts offering them untraceability (of a certain kind). It is demonstrably worth it to them to pay thousands, even tens of thousands, of dollars to set up shell accounts, dummy corporations, Swiss bank accounts, etc. For whatever various and sundry reasons. (They may be Panamanian dictators, they may be Get Rich Quick scamsters, they may be spies within the FBI or CIA.) They expect a "value of untraceability" to be high, in the tens or hundreds of thousands...or even much higher. Even their lives. Call this the "Over $100K" regime.
I cite this because it disputes directly the popular slogans: "People won't pay anything for privacy or untraceability." (In fact, people pay quite large sums for privacy and untraceability. Ask Hollywood or corporate big shots what they pay not to be traced.)
People will also pay money not to be traceable in gambling situations. They gamble with bookies, they fly to offshore gambling havens, and so on. The _value_ to them is high, but not at the level above. If they're caught, they face tax evasion charges, maybe. Call this the "$1K-10K" regime. (The spread is wide, from low-rent bookie bets which even the IRS probably doesn't care much about to schemes to avoid large amounts of tax.)
At lesser levels, some choose to pay cash for their video tape rentals (with deposits arranged) just to avoid leaving a paper trail. (Bet Justice Thomas wishes he had.)
And then at very low levels there are the cases where the benefits of untraceability are worth little or nothing to most people. I call this the "millicent ghetto." Actually, the ghetto begins down at around a dollar or less. Sadly, a huge number of the proposed "untraceable digital cash" systems are targeted at uses deep down in this ghetto. (Perhaps because they have no hint of illegality?)
On the Y-axis. Plot here the _costs_ of achieving untraceability for these levels of achieved. This is the cost of tools, of using the tools, of delays caused by the tools, etc. For example, flying to the Cayman Islands to personally open a bank account may cost a couple of days in time, the airfare, and (more nebulously) the possible cost of having one's photograph taken for future use upon boarding that plan for Switzerland or the Caymans.
Lesser costs, but still costs, would be the costs of using Freedom (much frustration, say most of my friends who have tried to use it), the costs of getting a digital cash account and actually having it work the way it should, and just the overhead/costs of using PGP.
Now on this X-Y graph plot the "blobs" where benefit/cost clouds of points are found. The 45-degree line is where the "costs" equal the "benefits." (These values change somewhat in time, of course, but the general point is still clear I expect.) Anything _below_ this 45-degree line is "cost effective": benefits > costs. Anything _above_ this line is NOT cost-effective: costs > benefits.
(In the economics of black markets, or illegal activities, we can expand these terms a bit. For example, "costs = costs of being caught x chance of being caught." An illegal action which will result in a $100K fine but which is only expected to be caught 1% of the time has a resultant cost of $1K. This is the "expected cost." Obviously, the idea of crypto and untraceability tools is to alter the equation by reducing the chance of being caught.)
RATIONAL ACTORS
The obvious point is that rational actors never pay more for untraceability than they get back in perceived benefits. Someone will not pay $1000 for privacy/untraceability technology or tools that only nets them $500 in perceived benefits. They won't spend $1.00 in tools to net them 10 cents in perceived benefits.
THE SWEET SPOT
The "sweet spot" for privacy/untraceability tools is out of the "millicent ghetto" so much of the focus has been on, and is even out of the "private Web surfing to avoid company tracing" ghetto, roughly at the tens of dollars levels. (It is hard to imagine how the "cost" of having Pillsbury know your baked good preferences is more than some trivial amount. This is the "ghetto" of low value transactions. However, not having the FBI know your are interested in "Lolita" images can be worth many hundreds of thousands of dollars in terms of avoided jail time, fines, loss of employability, etc.
(Do I think many pedophiles will, accordingly, pay hundreds of thousands for technologies to make them untraceable? Of course not, for reason psychologists are familiar with. But they'll pay some amount, and that amount may dwarf the aggregate value of what all of the "millicent ghetto" dwellers will pay. Interestingly, ZKS Freedom as ORIGINALLY SPEC'D would have provide this "pedophile-grade untraceabilty" (to coin a phrase).
Things start to get "interesting" at the thousands of dollars for tools for tens or hundreds of thousands of dollars in benefits. (By the way, the same applies to crypto per se. The military has "crypto specialists" and "crypto shacks" on board ships. But these cost a lot of money in training, procedures, and equipment. Millions of dollars a year for a ship, for example. Do the math. Real crypto is more than just strength of algorithms and keys: it's this economic trade-off. Too much of "why don't people use crypto more?" whines fails to see this basic point.)
The "sweet spot" often, practically by definition, involves putatively illegal activities: child porn, plotting revolution in Saudi Arabia, selling corporate secrets, distributing banned materials, etc. Only in these situations are the "costs of failure to be untraceable" high enough to make spending money and time learning to be untraceable worthwhile. It is not surprising that "those with nothing to hide" tend to put their money into their local bank branches under their own names while "those with something to hide" tend to open Swiss bank accounts.
Again, draw this region as a blob far to the right on the X-axis and, we hope, not very high up on the Y-axis. Meaning, advances in crypto, remailers, digital money, etc. will make this "sweet spot" truly sweet.
CORPORATIONS AND ACADEMICS FOCUS ON THE "GHETTO" NEAR THE ORIGIN
Still, corporations and academics focus on the "near the origin" blobs: millicent payment schemes, slight Web surfing untraceability tricks, subway tokens, etc. Because to focus on the real sweet spot is to admit to working on crypto anarchy, untraceable revolutionary cells, child porn rings, all that good happy stuff. The stuff people want to be untraceable for--and are willing to pay for.
This is the failure of nerve that all corporations and "reputable" academics face.
CONCLUSION:
Draw this graph I outlined. Think about where the markets are for tools for privacy and untraceability. Realize that many of the "far out' sweet spot applications are not necessarily immoral: think of freedom fighters in communist-controlled regimes, think of distribution of birth control information in Islamic countries, think of Jews hiding their assets in Swiss bank accounts, think of revolutionaries overthrowing bad governments, think of people avoiding unfair or confiscatory taxes, think of people selling their expertise when some guild says they are forbidden to.
Most of all, think about why so many efforts to deploy digital cash or untraceability tools have essentially failed due to a failure of nerve, a failure to go for the brass ring.
Almost all common consumer financial instruments began life as tools for business or the wealthy (e.g., credit cards for businessmen and traveller's cheques to replace cumbersome letters of introduction and credit for wealthy travelers in the late 19th century). In that light, focusing an entirely new financial instrument on consumers is not at all an obvious play.
------end tutorial
> What else can we extract? Well, we can see the cash flow to the
> organisation. So a competitor can work out how much money e-gold are
> making, which is why companies generally don't like doing this. (But,
> don't kid yourself, a savvy business plan writer can work it out
> anyway, close enough.)
It would be interesting to see this published as well.
steve
Posted by Steve at June 27, 2004 01:42 PMIt's an interesting analysis, but it's fundamentally flawed. Time doesn't permit a full dissection, but here's a quick list of shortfalls.
1. Governance. Most threats to systems take place from within. Digital cash systems - specifically, blinded tokens - fall to insider attacks. The best way to cope with these attacks is traceability, which leads you away from blinded and across to nymous.
2. Business structure. Businesses set up to deliver privacy all fail simply because it is a feature, not a foundation. Those guys flying to Caymens didn't fly to buy a privacy product, they went to buy a banking product. One with a privacy feature. So, first and foremost, payment systems have to deliver safe payments, and later on they can think about privacy. See 1. above. Also see FC7, whereby layer 7 is the application, and layer 6 is the mere payment system.
3. Privacy is integral with traffic analysis. In fact, in pretty much all cases of successful privacy, it works by hiding in the noise. And, it can do so successfully without much in the way of crypto or other stuff. The import of this is that a business has to sell a thousand other transactions in order to sell one private one. So it is a payment systems business, not a privacy business. And, it makes its money off the people who aren't paying for privacy. So why bother?
4. A private transaction is a risky one - it involves a tiny fee (!) for a high potential cost. If one can identify the people who want really private transactions, one has also identified the people who will incur the business high costs. Generally, much higher than the transaction was worth.
Posted by Iang at June 27, 2004 03:18 PM