Comments for The_world_that_encryption_and_networking_creates

Comments page

(You may have to reload this page to see new comments or modifications to the source paragraph. Also note that the source section may have been edited since some of these comments were made.)

Original Paragraph:

The world that encryption and networking creates requires a way of making payments–ideally without having to reveal the identity of payer or payee. The solution, already worked out in theory but not yet fully implemented, is ecash–electronic money, privately produced, potentially untraceable. One minor implication is that money laundering laws become unenforceable, since large sums can be transferred by simply sending the recipient an email.
Source: http://patrifriedman.com/prose-others/fi/commented/Future_Imperfect.html#The_world_that_encryption_and_networking_creates_r

Add a comment

Comments:

[Fri Mar 5 23:35:30 PST 2004-64] Leopold (NOSPAMleopold_the_cat@yahoo.com.NOSPAM):
The goverments do not allow untraceable transactions and most people do not want them.

[Tue May 25 14:04:54 PDT 2004-145] Anonymous:
Leopold, how do they prevent them without mandating government crackable encryption? The protocols for anonymity are hidden from the government. The entry node to such anonymous networks will be disposable so as fast as the government finds them and shuts one down (an expensive activity) another one will appear. Once attached to an entry point, the protocols can be provably strong.

You may have a point about the majority of people not wanting them, but if high value transactions are the norm, then it isn't about how many people, but about what type of transactions take place.

There are many obvious high value transactions that require anonymity from government over sight.

[Mon Jul 19 10:17:52 PDT 2004-200] Scott Pavelle (NOSPAMscottp@pavellelaw.com.NOSPAM):
One often-overlooked issue with e-commerce and the rest of the digital revolution is the law of evidence. If we form a contract based solely on an exchange of word processing files, and the two files "somehow" say different things when our disput ends up in court, how is it possible to determine which was the original form and which one was altered? The original exchanges of email are just as easy to alter.

The same issue arises with digital photographs. Anything that can be seemlessly and undetectably edited on a computer can be forged or falsified by anyone with sufficient know-how.

[Sat Aug 21 09:12:08 PDT 2004-233] martin:
Scott,

The solution is to have both parties sign the document digitally. Afterwards it's possible to establish that they signed it (more precisely: that their secret keys were used to create the signed document), *and* that the signed document hasn't been altered.

[Fri Oct 29 15:48:56 EDT 2004-302] jomama:
...and virtually impossible to forge, unlike the standard signature.

[Thu Apr 28 02:25:22 EDT 2005-117] Ray Blaak (NOSPAMrAYblaaK@STRIPCAPStelus.net.NOSPAM):
> (more precisely: that their secret keys were used to create the signed document)

There's the rub. What if I convince your computer to sniff your keystrokes to ultimately let me have access to your secret key?

As soon as you and the rest of society put your trust in the secret keys, those who can steal them can cause quite a bit of havok.

Don't put too much trust in anonymous networks either. If the system can get messages to you then in theory you can be traced. Consider the simple case of someone emailing a virus-laden document to your anonymous id, such that when you open it, your real identity is sent back in the clear.

To make encryption based identities work requires a lot of work, careful attentition to detail, and more than a healthy amount of paranoia. It's far too much trouble for most people I expect.

So fine, put all the grunt work into easy-to-use smart cards that are carried around, slipped into readers for transactions, etc. But then *don't* lose those cards! *Don't* get mugged. The consequences would be far more serious than losing a bit of cash.

[Thu Aug 10 15:06:20 PDT 2006-221] Sean Lynch (NOSPAMseanl@literati.org.NOSPAM):
> There's the rub. What if I convince your computer to sniff your keystrokes to ultimately let me have access to your secret key?

With regular signatures, nonrepudiation is provided with a witness. There is an analogy with digital signatures. GPG with a key stored on a hard drive and decrypted using a passphrase typed on the computer's keyboard won't cut it for many situations. Fortunately, the technology already exists (http://www.kernelconcepts.de/products/security-en.shtml) to get around the private key theft problem.

Add a comment:

We'd love to get your feedback. Name and email address are optional. Email will be listed with the comment, but munged to foil spammers. Comments may be deleted by the sysadmin.
Currently, all HTML tags are forbidden for security reasons. This will be improved later.
Back to original paragraph
View all comments on Future_Imperfect.html for this day, week, month.

Read about the SOCS commenting package