The CDA and Mrs. G vs. the MTB and Mr. T. -- SINless DBCs?

Robert Hettinga
44 Farquhar Street, Boston, MA 02131



Boston, Massachusetts


Recently, Mark Twain Bank (MTB, for short) of St. Louis, Missouri, cancelled the ecash accounts of known pornographers. We haven't heard anything about this from Frank Trotter (Mr. T, for short), the bond trader who runs MTB's ecash program, or anybody else at the bank, for that matter, and it dawns on me today that we shouldn't really expect to. MTB is completely within its rights, as any bank is, to refuse an account to anyone, for any reason whatsoever, except where required not to do so by statute. Now, there's a paradox, yes?

Fortunately, we don't have to do too much tweaking to get an underwriting system for digital bearer certificates (DBCs, for short) which gets us around around the current unpleasantness, one which scales nicely into a totally anonymous system, and which still allows heavily regulated (and censored) banks of deposit like MTB to profit quite well from cash-settled digital commerce on the internet.

An interesting thing about this particular epsiode of self-censorship is that MTB did this before the Communications Decency Act (CDA) made offensive discourse -- of any kind, anywhere on the net -- illegal in the United States. As an aside, the CDA reminds me of the old chestnut about politically correct Cambridge (Massachusetts) during the first convulsions of second-hand-smoke mania: "In Cambridge, it's illegal to smoke in Boston."

MTB, or its antecedants, has probably always cancelled a pornographer's bank account upon discovery, and has been doing this since long before computers existed, much less geodesic public networks. Rather than excoriate Mr. Trotter and company for bobbling the future, we should remember that Robert Heinlein's famous nosy-spinster next-door neighbor, Mrs. Grundy (Mrs. G, for short), also lives in Missouri. I spent middle-to-late adolescence there, and believe me, having moved late one July in the mid-1970's from Anchorage, AK to Ballwin, MO -- which I once likened to going from Haight-Ashbury to Happy Days in a single plane ride - -- I have first-hand knowlege. Mrs. Grundy, god bless her whalebone corset, is a pivotal fact of the universe in Missouri, which, also from personal experience, is a great place to be, er, from. Don't get me wrong. I mean, some of my best friends are from Missouri. I just wouldn't let my daughter move there.

Anyway, as a bank of deposit, MTB does lots of business with Mrs. Grundy, thank you very much, and, frankly, it does a lot more business with Mrs. Grundy than it does with the net. Frank is following the imperatives of his market, and, he is no fool.

Lots of moneypunks out there would say that this only highlights the need for more issuers of ecash, in locations safe from government interference, where they can issue digital cash certificates to whomever they choose. This is, of course, the concept of jurisdiction-shopping, or, as Eric Hughes likes to call it, "regulatory arbitrage". I've been giving this some thought, lately. Advocates of jurisdiction shopping forget, of course, that there is no real bandwith, much less competitive free-market bandwidth, in places like Vanuatu, or the Cayman Islands, or probably even Leichtenstein. *.li domains are more likely to get bandwidth faster than the Small Island Nation (SIN, of course ;-)) of one's dreams. If we lived here, we'd be home now. The market, in it's current state, is efficient. Big drag.

On the other hand, statists argue that nation-states should pass legislation (so, what else is new...) saying that issuers of digital cash should not be liable for the acts of people using their product. After all, we don't restrict the sale of cars to known bank-robbers, do we? Actually, I've used a straw man here, though a necessary one, as there are more f*cking statists out there than there are eL33t mone$ypunk d00ds. Almost by definition, there's no legislative constituency for digital cash, so legislation mandating its liberal issuance sounds more than a little silly. Ecash is under the regulatory radar for the moment, probably because the market is virtually nonexistant. Regulatory stipulation of ecash non-liability actually puts yet another's camel's nose under the tent of banking freedom, which is what we're really fighting for here, right? No need to put one nose there before its time...

What moneypunks and (imaginary) statists fail to realize is something that lots of cypherpunks, particularly Eric -- and Tim May -- have been saying all along. The problem should be solved, not by laws, or even regulatory arbitrage, but by cryptographic protocol. That way, it doesn't matter where the bank is, or who its customers are. Unfortunately, even though we have Eric's great open books idea, so that we might be able to anonymously audit an anonymous bank's books, and we have good hope of location-blinding someday, with things like web-proxies and maybe even IP-spoofing, it doesn't seem like we're really there yet. There's another problem, though. What happens when a previously-secret bank is exposed for the feelthy porno-grubbing perverts that they really are? Enter Mrs. Grundy. We're back to square one, or, more properly, in a low-bandwidth SIN (heh...).

Someday, when we have truly anonymous banks, probably through some combination of SINs-with-bandwidth and strong two-way anonymity, legal or not, all of what I'm about to say will be moot. In the meantime, I have a quick-and-dirty fix, using what we have now. The trick is to use the right kinds of organizational entities to do the right things, and stay under the regulatory radar as long as possible. That is, until SINs-with-bandwidth exist and force the issue. By then, the digital bearer certificate market will be too big to control by state-sanctioned force, we hope.

To do this, I will, for the final time (Really. Honest to god. I'll include it by URL-reference next time. ;-)), trot out my current world-according-to-Hettinga market model for digital bearer certificates. This won't hurt a bit. Really. Well, maybe just a little...

Remember, we're talking about a many-to-many relationship between each type of entity below. In addition, anyone who sells something is assumed to have competition. In fact, the more there are of any given entity, the more robust a given DBC market would be. Finally, there's nothing new here to anyone who knows how securities are presently issued, except that the intermediaries (like exchanges, market makers, etc.) can be much smaller and more decentralized, because lower net-borne transaction processing and distribution costs reduce barriers to entry. It ain't rocket science, folks.

1. Protocol Designers. People like Chaum, Shamir (MicroMint), etc., who develop cryptographic e$ protocols.

2. Underwriters. Markets, issues, and validates the DBCs they issue, in this case, ecash. Charges fees to ecash buyers, redeems ecash certificates at "par". Exchanges for other denominations or expired cash are probably free. In addition, underwriters should have some kind of cross-issuer clearing arrangement, so that certificates of the same type issued by different underwriters would look all the same to the user. This should be peer-to-peer, with their trustee (below) acting as trusted intermediary, settling exchanges off the net. They could also all agree to use a central clearinghouse, but that becomes a major failure-point for the entire system, and a possible target of Mrs. Grundy, or worse, her more er, avuncular, associate, the nation state, sometime in the future. Cross-issuer clearing could also be a non-issue with inter-certificate standards, enough bandwidth and the right kind of client software.

3. Trustees. Real-live banks of deposit. Each one has wire connections to SWIFT, probably to the ATM system, and holds the collateral account for the funds on the net. Responsible to the users of ecash, even though the users are anonymous. Pays seignorage (interest on the collateral account) to underwriters, maybe protocol designers. Charges account, transaction fees to same. Insert MTB, or an equivalent, here.

4. Buyers/Sellers. People who buy and sell stuff using ecash, on- or off- line. Merchants can be called a high-volume subclass of on-line users, and they probably have special software and relationships to issuers.

5. Software Developers. Develop and sell software to underwriters, trustees, buyers/sellers under license to designers, where necessary.

My favorite transaction model for purchasing and redeeming ecash involves a waterb^h^h^h^h^h^h, er, secure web-page, a card-swiper, a trustee bank with a SWIFT and ATM link, and an underwriter. By the way, Goldberg, Shostack, Parekh(?), and the hardware guy who does HP-XXX crypto -- forgot your name, very sorry -- have some king-hell ideas for card-swipers that emulate floppy disks, both in hardware and software, and output an encrypted DOS-readable file to be read by whatever application needs it. They figured all this out, right there in front of me, between trips to the nosh table at the trade-show section of CFP96. I was so impressed, I bought their dinner later on. Talk to them about development rights. ;-).

Anyway, the buyer goes to the underwriter's web-page, punches in the amount desired, swipes his ATM card and punches in his PIN. This information is read and encrypted by the card swiper, and is sent through the underwriter and the trustee, ala Cybercash, to the buyer's bank. The trustee gets a transaction confirmation to issue cash from the buyer's bank on the ATM network, just like an ATM machine does, to be settled on SWIFT later. The trustee then issues a confirmation to the underwriter, who issues the ecash, which is stored by the buyer until use.

Redemption does the same thing in reverse.

The neat thing about this business model is that it's not only robust -- Metcalfe's law talks about the value of a network being directly proportional to the numbers of nodes connected to it, and that certainly maps well to financial networks like this -- but every one of the players in it can eventually be anonymous on the net side. The relationship between the buyer of ecash and his off-net bank is probably biometrically identified, but that's what we have over there anyway, and it certainly that can be changed someday, SIN-wise, as soon as some fiber is pulled or the sattelites fly. The trustee bank cannot see who the buyer/redeemer is, because the transaction can be blinded through to the buyer's off-net bank. The underwriter certainly doesn't need to know anyone's identity on the net side, because of the blind signature protocol, or on the trustee side, because it can only get its financial ability to issue certificates from its trustee, who we've shown doesn't know who the money's from, either.

To repeat, this can scale into a system where nobody has to know anybody to reliably transact business on a cash basis. Trustees, underwriters, protocol designers, buyers/sellers (transactants?), software developers: No one.

The real beauty of this in the present environment, where Mrs. Grundy is such a "pivotal fact of the universe", is that the trustee bank, a bank of deposit like Mark Twain Bank, is abstracted completely away from transaction events. The only account Mark Twain has to deal with is a trustee account, one for each underwriter, and, if the underwriters have any sense about protecting their liability against key theft (Hello, Mr. Borenstein...), one for each underwriter's DBC issue, each issue with its own expiration date. This account sees nothing but debits and credits, irrespective of their pornographic content, for the day's traffic on and off the net. The bank can be in any current legal jurisdiction, for the time being, anyway, because it's just taking money on and off its books based on SWIFT and ATM transactions, just like any normal bank would do. The only difference is its network connections to its DBC underwriters, which are no different from it's other on-line connections, analog and digital, with all its other customers.

Now, the ability to do this may change, especially if the volume of cash business on the net gets high enough for nation states to begrudge the seignorage being made by the bank and its customers this way, or, more likely, if the local Mrs. Grundy is FUDded by the media into banning cash-settled internet commerce on, heh, principal. Hopefully, by that time, maybe small island nations will have enough bandwidth. Or, better yet, utter two-way anonymity will allow banks to become invisable, at least as far their contacts with other entities on the net are concerned, which means they could again be anywhere, and functionally out of the reach of the law.

Finally, as much as I'm rooting for Mr. T at MTB, he is still stuck doing business with Mrs. G, who may actually be on his board or management, and not just in his customer base. And, don't forget the legal consequences of a creatively-applied CDA. There is even a silly sod or two on the ecash email list at the moment, talking seriously about age-differentiated ecash, god help us all, not to mention the Mormon-from-hell who wants to us to include a minor-flag in IP packets, of all places. (I really suppose I should talk, as I'm all for sticking micromoney on packets to pay for routing them someday...)

The point is, unless Mr. T can figure a way to financially unwind his underwriting role now, he's probably stuck as a combination underwriter/trustee, which actually has some advantages, one being the innecessity to report any information to the ecash userhood about actual contents of the ecash "mint" collateral account (Backed by the Full Faith and Credit of the Mark Twain Bank, of course...). But, it does him absolutely no good with regard to the aforementioned "grundiness": in his client base, on his board, or management heirarchy, or maybe even in his own moral paradigm, god bless him.

However, it doesn't mean that somebody, or, better, lots of somebodies, can't step in and implement either side (but not both!), of the trustee / underwriter model, sidestepping the problem of Mrs. G completely. It also seems to me that doing this would be much easier if someone was a trustee exclusively, from scratch, but I may be wrong.

So, I guess I'm hoping, possibly in vain, that someone at Digicash will wake up one morning and do what they did on the software side: get out of the manger with the other monopoly dogs like Microsoft, and break up the functionality of their business model some more, so that the more prosaic bovine entities of the banking world, i.e., institutional trustees (sorry, ladies...) can have their breakfast.

I bet there are whole bunches of successful institutional trustee banks out there, who could hold hold the money while it's on the net, and, as long as they don't have to do much else with it except communicate electronic transaction confirmations back and forth to an underwriter, would love to do so. This kind of business is something they already understand quite thoroughly.

If not, I bet there are more than a few pioneers out there who actually understand ecash and other DBC technologies, and would get into the business of being a trustee as their primary focus of business. Certainly Mr. T himself is an existence proof of that, his adventures in Grundyland notwithstanding.

Also, turning scads of independent underwriters loose on the net to bash away at the problem of marketing cash-settlement digital commerce might do wonders for David Chaum's mortgage payments on that brand-new Digicash building.

So, even though Mrs. Grundy currently has her bloomers in a bunch, CDA or no, and is letting Mr. T and MTB know all about it, Mr. T, or someone like him, can still save the day, for a while, anyway, with SINless DBCs.

.....Which is the plaintext of the title, I believe...



Bob Hettinga


Updated: April 23, 1996


[ Back to the previous Rant ] | [  home page ] | [ On to the next Rant ]