First, powerful types of encrypted passwords called digital signatures must be developed that efficiently confirm either the identities of those involved or their masked right to shift resources and wealth about.
Second, use of encrypted passwords will not remove the need, especially in commerce, for confirmation that a party to a transaction is trustworthy, or otherwise capable of living up to his or her obligations. In traditional marketplaces, this was achieved either through personal reputation or by having someone vouch for you. In a world of secret identities, “vouching” will grow increasingly important. “Many cryptographic protocols for secure electronic transactions require at least one trusted third party to the transaction, such as a bank or a certification authority (CA),” writes A. Michael Froomkin, professor of law at the University of Miami, who has analyzed some of the difficulties involved in replacing reputation with ciphered identities. According to Froomkin, these new roles and protocols, partly cryptographic and partly social, “require new entities, or new relationships with existing entities, but the duties and liabilities of those entities are uncertain. Until these uncertainties are resolved, they risk inhibiting the spread of the most interesting forms of electronic commerce and causing unnecessary litigation.”
In other words, it is far too early to be certain that any of the most highly touted techniques will work as planned.
CAs might arise out of corporate commerce—perhaps by extending the role of today’s banks—or else they might be licensed by state legislation. The latter approach was pioneered by the Utah Digital Signature Act of 1996, which attempted to foster the same role for encrypted passwords in cyberspace that notaries have long performed in the age of paper documents. Other such agencies already exist, using cipher codes to confirm transactions for major banks and brokerage houses. But that is a far cry from generalizing the same approach, as some now envision, to an economy where every purchase now handled by cash or credit card would be carried out by strings of bytes and bits, and where every paper receipt would be transformed into a set of secret codes, exchanged at the speed of light.
Predictably, many libertarian-leaning netizens dislike the idea of state regulation, or the licensing of certification authorities. They sniff a malodorous similarity to the Clipper chip notion of “key escrow” (see chapter 7) in the very idea that some specially sanctioned agency—or collection of agencies—may keep registries of identities and ecash key codes.
Moreover, there are problems of liability. In case of fraud, should responsibility for false charges fall on the certifying authority (as in credit card theft, when the customer pays just a basic $50 charge)? That would boost the cost of purchasing each digital signature. So maybe the risk should be borne instead by the person owning the keys—the customer. (Ah, but then should Grandma lose her house, just because she chose a poor password?)
Under the Utah law, there is a legal presumption that the person who uses a particular digital signature is the owner. Digitally signed transactions are given the same evidentiary weight as handwritten ones that were physically witnessed by a notary public—a legal step that may be premature, given that the technology is untested.
In fact, as we see throughout this book, there are a myriad potential ways that electronic encryption systems might be broken, compromised, or bypassed. (How will you establish ownership of your ecash if someone else uses a hidden camera to steal your passwords even as you type them?) This new, computerized realm does not eliminate all opportunities for predators. It just changes the type of jungle we must warily pass through, shifting all the landmarks, taking us into strange new territory.
In chapter 10, we will discuss the possibilities of cyberwar—in which a frail and complex society may fall victim to deliberately or accidentally triggered breakdowns of essential systems, including power networks, transportation, or emergency services. Above all, no target is more tempting than the luscious flow of billions of dollars through slender electronic conduits.
Electronic cash enthusiasts promise utter security, and seem willing to bet our civilization on it. Should the rest of us make the same wager?
Again, many smart people tell me this is the way of the future, and I cannot say they are wrong. The aim of this book is not to demolish “opponents” or to prove that candor is always superior. (There are no Platonic essences, and even a good idea is wrong some of the time.) My aim all along has been to suggest that the promoters of anonymity and secrecy are basing their zeal on untested assumptions and bear a burden of proof before we consign our destiny to their transcendental vision of salvation through encryption. Moreover, this book tries to offer alternative approaches that may be worth considering, approaches that make use of openness.
Consider the markets that human beings have used for millennia—the bazaar, the trading post, the shops on Main Street. In those primitive days, no digital record kept track of each transaction. Yet there was memory, and some degree of accountability.
Reputations were involved, and not only on the part of merchants. Customers belonged to communities and went unmasked. Even when clerk and customer were strangers to each other, there was the implicit right of a victim to make a scene, complaining to the manager, to other customers, or to the police. If either party tried to “pull a fast one,” word might get out. True, this was an imperfect recourse. In any single case, a slick-talking clerk might prevail over the customer he shortchanged. But how many times could this happen before management saw a trend and realized that they must eliminate a threat to the store’s precious reputation?
Encryption enthusiasts keep claiming that anonymity is the “default condition” in a cash economy, where untallied and untraced bills are exchanged between participants who are mutually unknown. But this is simply untrue when it comes to the thing that matters most—overall accountability between merchants and their customers! Normal people are kept reasonably honest, in part by the values that our parents instilled and in part by the likely damage our reputations would suffer if we betray the trust of others too often.
In fact, almost all of the villainy that afflicts today’s cash economy occurs because it is partly anonymous! The new electronic age could help to eliminate this source of unaccountability. But instead, encryption aficionados want to go the other way and make the whole thing anonymous, eliminating what little certain accountability we already have—the link between normal people and the consequences of their actions. The new world of electronic commerce should not blithely abandon this connection between cause and effect.
In fact there is a way that it might be carried forward into the age of ecash, a way that is so simple—yet so counterintuitive—that nobody I know of has suggested it until now.
Why not have most transactions take place in the open?
Consider this possibility. Let us define an “open transaction” between two parties as an exchange that is immediately “announced” or broadcast across the Internet. In particular, a notification streaks toward both of the parties invoked—a form of electronic receipt that is sent to the official home base that each person or group maintains for accountability purposes. This electronic address cannot be hacked because it stands in open view at all times, checked—routinely, randomly, and redundantly—as often as anyone wishes. It is permanent, a name.
The announcement also goes to as many other individuals or groups as either party might choose, so that it is common knowledge. This message—an attestation that a bargain has been struck—requires no secret codes, no potentially fragile ciphers, since it is not the same thing as the transaction itself. When each participant in the deal gets such a message, he or she can do one of three things: • Confirm the transaction. (In most cases, the message-blip will be received just an instant after you strike an agreement, simply restating its terms.)
• Repudiate it. If the announcement comes as a surprise, it means someone is trying to spend your money! Repudiation automatically forbids the transfer and unleashes electronic sleuths to
begin tracing the source of the bogus deal.
• Do nothing—in which case the transaction is either confirmed or repudiated automatically, depending on the user’s default choice.
Notice how this system differs from encrypted security, while achieving the same aims. Unscrupulous parties are thwarted because they will accomplish nothing by attempting to forge a false transaction. It will be canceled anyway, and nothing will be gained except to attract attention from the authorities. Because the confirmation request was broadcast, the thieves cannot prevent you from receiving it, or deny you an opportunity at repudiation.
Transactions can be verified or rejected swiftly, or else each person can set his or her personal banking system to digest mode, allowing confirmation or repudiation of accumulated deals to take place on a once-a-day basis, or even once a week—just as nowadays you might set a special time aside to balance your checkbook. No money officially changes hands until your scheduled “clearing” time arrives. Companies that want your business will have to accustom themselves to such measures, adapting to a human pace.
(Professor Froomkin describes an old-fashioned encryption-based approach to achieving the same end. According to Froomkin, “a transactional certificate attests to some fact about a transaction. Unlike an identifying certificate or an authorizing certificate, a transactional certificate is not designed to be reused or to bind a fact to a key. Instead, the certificate attests that some face or formality was witnessed by the observer.” In other words, Froomkin would use an encrypted certificate to confirm that a transaction took place. The problem with his approach is that it relies on the same ornate and unproved technology as all other forms of encrypted certification. In contrast, the openbroadcast approach provides a workable backup that is both simple and redundant, in case all forms of encryption prove less reliable than expected.)
Now I am fully aware that the open method will not do for some kinds of transactions. We aren’t talking about perfection here. Small daily purchases with your pocket smart card could be set to “automatic-confirm.” Moreover, even a believer in openness will have some arrangements that he or she prefers to handle with notarized seals and security envelopes. Certain deals will be better handled by encrypted ecash methods, even if those methods turn out to have flaws and potential drawbacks.
But consider how much better ecash will work if 95% of commercial transactions were openly announced, as just described. Insurance and liability problems would lessen. Authorities or commercial agents could concentrate on protecting the smaller number of cipher-secured trades, while the rest are safeguarded by openness. Villains who do succeed in stealing ecash would not be quite as seamlessly invisible as they might like when they try to spend it in a mostly open economy. Moreover, by reducing the total number of potential “prey” transactions in the marketplace, we will also decrease the overall number of predators. When there aren’t many shadows, there will be fewer places for knaves to lurk, or to practice their skills by victimizing others.
The second advantage to a transparency option would be that it is robust (a theme we will reiterate later). If only a small fraction of commercial deals are encrypted, no undiscovered flaw in the ciphering software can be used to steal the whole bank or to topple an entire economy. Suppose some virus, or logic bomb, or a nuke in downtown Manhattan, temporarily cripples the financial networks. If 95% of exchanges were already open and recorded on countless durable disk memories around the world, the total economy could be reconstructed almost instantly.
Those who had chosen the romantic habit of using secret codes for every purchase could then spend years suing each other, while the rest of us went back to business with nary a pause.
Finally, this approach might actually give people what they want. While supporters of encrypted and anonymous ecash claim that secrecy is a vital concern, their passion may not be widely shared. In August 1995, Roy Weiller, a New York business consultant from the Management School of Imperial College in England, surveyed attitudes about money and the Net and found that typical respondents rated “security” only fourth in their list of concerns. Foremost, people wanted a form of electronic payment that was “widely accepted;” second, easy to use; and, third, portable.
Anonymity scored dead last out of eight desiderata.
Again, I do not claim this solution is perfect, only that it merits discussion alongside the one that is so cheerfully assumed to be “obvious.” Given that secrecy’s glaring flaws are evident in both history and human nature, perhaps a second option should also be on the table. We might develop it in parallel, just in case cypherphilia lets us down, like so many utopian schemes that came before it.
Millions of expert-worker-hours have already gone into perfecting the encryption-anonymity option, without coming anywhere near perfection so far. It might be interesting to see what the transparency option would look like, if even 1 % of the same skilled effort went into designing systems based on openness and frank accountability.
CHAPTER SEVEN
THE WAR OVER SECRECY
We, the people, have not granted each other total freedom: one person’s freedom could be another’s oppression were it not for laws against such crimes as murder, rape, discrimination, extortion and robbery.... We expert our government to use its authority to upheld our laws and serve justice. We hold it accountable when it misuses that authority.
DOROTHY DENNING
When encryption is outlawed, figmujjo icy hwxish.
A LEGENDARY (ANONYMOUS)
INSCRIPTION ON THE NET
In 1995 and 1997 I attended the Computers, Freedom and Privacy (CFP) conferences held at a hotel near San Francisco International Airport. CFP conventions feature panelists and speakers from around the world who share technical, legal, and political knowledge about aspects of electronic privacy, anonymity, and data security. The meetings also serve as rallying points for those who oppose certain government initiatives, such as the Clipper chip proposal, that might seek to limit the use of cryptography (“crypto”) in daily life.
Members of the Electronic Frontier Foundation (EFF) make an appearance at every CFP conference. This activist society was founded in 1990, partly in response to the infamous Steve Jackson Games fiasco, when overzealous federal agents, following a dubious trail of guilt by association, raided and nearly destroyed an innocuous manufacturer of roleplaying games, in part because one of its titles, Cyberpunk, happened to depict fictitious hackers at work and play. EFF activists rallied with welljustified anger over this flagrant abuse of power, forcing accountability and reparations from those responsible, and setting the tone for later clashes with the federal government. (In chapter 4 we encountered EFF as part of a coalition opposing the National Information Infrastructure Copyright Act [NIICA], which it sees as a threat to unfettered flow of information.)
Also in attendance at each CFP are certain colorful and irrepressible Net aficionados who call themselves “cypherpunks,” partly from cipher, a class of secret coding techniques, and in part as a tribute to cyberpunk authors of vivid, hard-boiled science fiction stories—William Gibson, Bruce Sterling, Neal Stephenson, and others—whose tales are often filled with glossy images of computerized gadgetry, set in near-future worlds more dour and forbidding than Blade Runner. Cypherpunks enthusiastically promote the notion that widespread use of encryption will help ensure freedom in the coming electronic age.
Among the invited attendees at both CFP 95 and CFP 97 were envoys of major corporations, including many involved in the credit and banking industries. Others came from companies that specialize in gathering, collating, and selling data about average Americans. One might have expected these representatives to tread lightly at such a gathering. But in fact, several firms were listed as corporate sponsors. Moreover, their representatives were as brashly indignant as anyone there, crying out that corporate America needs crypto, not just for the security of electronic cash transactions, but in order to keep their meetings, deliberations, documents, and reco
rds secret from rivals, snoops, their employees, and especially the government.
It was fascinating to observe some of the most vociferously anti-authority cypherpunks heaping lavish praise on these corporate speakers, and then turning to denounce officials from the National Research Council, who had flown in to hear testimony at a special evening hearing. As I watched the bleary-eyed bureaucrats endure a five-hour session of relentless lambasting in which speaker after irate speaker denounced Big Brother officials in ringing tones worthy of Thomas Paine, it dawned on me that (1) these cypherpunks were among the most brilliant, articulate, knowledgeable, and boisterous T-cells our society could brag about producing so far; and (2) they had little sense of irony.
Recall chapter 5, when we discussed how suspicion of authority runs through nearly all modern American myths. Among those imbued with this belief, the difference between the political left and right often boils down to where you perceive would-be authoritarians trying to accumulate dangerous amounts of power. This tendency was evident during the late-night hearing at CFP, as crypto supporters joined slickly dressed corporation consultants berating those rumpled officials until wee hours of the morning. In decrying grievous federal power grabs, Eric Hughes, Tim May, and their colleagues kept citing cyberpunk novels that warn about dark dystopias to come.
Yet, in fact, a closer look at those novels reveals that they nearly always portray future societies in which governments have become wimpy and pathetic! Popular science fiction tales penned by Gibson, Williams, Cadigan, and others do depict Orwellian accumulations of power in the next century, but nearly always clutched in the secretive hands of a wealthy or corporate elite.