Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2017
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 27 June 1997
© Xamax Consultancy Pty Ltd, 1997
This paper was presented at a plenary session of QuestNet'97, Brisbane, 4 July 1997
An earlier version was presented at the Computers, Freedom & Privacy Conference (CFP'97), San Francisco, 12-14 March 1997, on a panel comprising Michael Froomkin (a Uni. of Miami Law Professor), Chief Cypherpunk Tim May ('national borders are just speedbumps on the information superhighway) and David Chaum (Mr Digicash)
This paper is at http://www.rogerclarke.com/EC/Monster.html
The term 'digital money' encompasses stored-value cards based on chips, plus net-based payment mechanisms. It is set to have substantial impacts on financial services industry, plus flow-on effects on society as a whole. Depending on a whole host of factors, these may be evolutionary, or utterly revolutionary.
The paper first presents an analysis of direct impacts. Whether existing financial institutions sustain control of the payments marketplace, or lose share to new players, depends on whether open schemes eventuate; whether the risk of failures and scams is managed; and whether transaction risk is limited to very short durations.
Second-order effects will be mediated by existing industry and social structures. The intrinsic supra-jurisdictionality of digital payment schemes appears likely to reduce the importance of national regulators, and the capabilities of national tax collection agencies. This will stimulate a last-gasp attempt by nation-states to impose their waning power on the populace, in particular through dataveillance technologies.
Public services, funded through taxation imposed on captive audiences by nation-states, will prove unsustainable. But the coming breakdown in established authority does not mean the end of civilisation as we know it. Law and order will be sustained within geographically localised communities; and federations of similarly-minded communities will form strategic relationships to keep portions of the world relatively safe for their members.
In this paper, I use the term 'digital money' to encompass both chip-based stored-value cards, and net-based payment schemes.
Chip-based payment schemes are described in a hard-copy publication by this author, excerpts from which are at http://www.rogerclarke.com/EC/CBPSBk.html.
Net-Based Payment Mechanisms are described in a web-page maintained by the author, at http://www.rogerclarke.com/EC/EPMEPM.html.
This page provides the following classification of net-based payment mechanisms:
Transactions using digital money may be fully identified as to payer and payee, or fully anonymous. They may, alternatively, be 'pseudonymous'. I use this term to imply the use of an identifier for a party to a transaction, which is not, in the normal course of events, sufficient to associate the transaction with a particular human being. The data may, however, be indirectly associated with the person, if particular procedures are followed. (Note that some other authors use it rather differently, importantly Ian Goldberg, David Wagner and Eric Brewer at Berkeley).
The paper assesses digital money's likely direct impacts and less direct, second-order effects. In order to do so, it first considers the possible patterns of development and application of digital money technologies.
A key assumption underlies the analysis. Digital money is entirely dependent on the impenetrability of 'strong' cryptography. This paper assumes that there will be no quantum leap in crypto-cracking techniques that catches up the lead that cryptography has over them, nor even strongly credible rumours to that effect. If that assumption proves to be incorrect, the security of electronic payment mechanisms would be undermined.
The Crystal Ball
Privacy and Smart-Card Based Schemes
The time has passed when we could afford to simply pontificate on the impacts and effects of powerful technologies. It is essential that we apply the tools at our disposal, in order to get a grip on our future.
This section considers the state of play in the area of digital money, in order to highlight some key features of the emergent marketplace, and infer whether digital payments mechanisms are likely to be highly concentrated among a few players, or highly fragmented among many.
There are many existing forms of payment mechanism, each with characteristics that fit some need of corporations or individuals. Tele-commerce (e.g. telephone ordering of goods and services) has already spawned refinements to existing mechanisms.
Electronic commerce, the conduct of trade using telecommunications infrastructure and tools, takes place in substantially different contexts from conventional trading, and hence demands substantial refinements to existing mechanisms, or (more likely) new mechanisms.
The marketspace offers significant advantages over conventional physical marketplaces. It supports the negotiation for and settlement of contracts for physical goods (but not their delivery, maintenance and replenishment). For digital goods, on the other hand, it supports the entire process of electronic commerce, from discovery of suppliers, through selection of supplier, delivery and settlement, through to after-sale service.
Digital money services initiatives abound, as was evidenced by the long list of products and product-types referenced in the introduction. These will enable payment via the open Internet, and using other elements of the emergent information infrastructure (including such proprietary networks as may survive, closed segments of the Internet, and developments on the cable TV model).
The payments marketplace is large and diverse. Like other large marketplaces (e.g. cars, car-engines, pharmaceuticals), there is a great deal of difference between inventing something, and refining the invention, integrating it with existing infrastructure, and implementing it. This process is commonly referred to as the 'innovation' or 'adoption' phase.
New payment mechanisms may be a adopted by existing organisations, as extensions or adjuncts to their existing services. Alternatively the innovation process may be driven by new players entering the market.
The following two alternative scenarios therefore need to be considered:
The following factors appear to be critical in assessing which of these scenarios is most likely to eventuate:
The potential for digital money to function with limited regulatory interference is being aided and abetted by at least some central banks. The Chair of Australia's Reserve Bank (with similar responsibilities to those that Allan Greenspan has in relation to the U.S. Federal Reserve) stated in early February 1997 that he viewed stored-value cards not like currency, cheques or loans, but rather like travellers' cheques: they are not a proper financial instrument, and hence do not require the Reserve Bank's direct supervision. The implication is that at least some forms of net-based payment schemes are perceived by the Reserve to have similar non-money characteristics. Hence financial services organisations that offer only those kinds of payment facilitation would not be subject to prudential supervision.
As the competition warms up, it could be that regulators will deny existing banks a 'prudential-supervision' barrier to entry to the market by new players, and even force the existing institutions to fight holding one hand behind their backs.
Moreover, it is unclear at this stage to what extent prudential supervision will actually provide greater security of services, and whether consumers will actually (a) understand, and (b) value, the 'comfort-zone' that supervision is meant to provide.
I speculate that one particular feature of net-based payment technologies may be particularly critical. This is their ability to conduct all settlement and clearance procedures within a very short time, measured in seconds (using the transaction-boundary and two-phase-commit concepts conventional in distributed database systems).
If this feature is offered, then most consumers will have only one a limited amount and proportion of their funds at risk at any one time, and the incentive to an electronic bank to 'stage a heist' will be much lower than it would be if it held substantial 'float'. As a result, the need for prudential supervision is far less, the image-advantage that prudential supervision provides to established financial institutions is very limited, and the established players have to use other ways to compete with the new entrants.
The first implementations of new stored-value card and net-based payments schemes involve substantial capital investment. Existing large financial services providers appear likely to be heavily involved, but additional large corporations may become involved, such as telcos, GM and Ford. The relationship between the payment services multi-nationals, Visa and MasterCard, and the financial institutions that own them, may also go through some changes, including re-consideration of their present constitutional arrangements.
As standardisation occurs, the capital investment needed to launch a new service seems likely to decrease. This will enable smaller players to offer services, perhaps only in niches, but perhaps across whole market-segments.
This advantage for small players will be all the greater if the schemes are relatively open. Elements are emerging of an open system that would facilitate large numbers of small players, including:
Because there are so many factors involved, it will be some time before it is clear whether digital payments will lead to more concentrated or more fragmented marketplaces in payment services.
This section considers ways in which digital money will directly affect consumers and corporations.
Superficially, digital money would appear to offer substantial advantages to net-dwellers, through enhanced convenience, time-savings and the ability to buy and sell in many marketplaces, and in the emergent marketspace.
For non-net-dwellers, there may be equity disadvantages if digital money were to significantly displace existing payment mechanisms. This is a variant of the arguments concerning the unavailability of credit-cards to members of lower socio-economic groups, and the information-rich/information-poor dichotomoy.
There is, of course, a considerable risk of greater intrusions into individuals' behaviour by financial services organisations, and by the government surveillance apparatus that stands close behind them. Information privacy protections are seriously inadequate in some countries, and all-but non-existent in others. An Appendix to this paper provides access to an analysis of the privacy implications of stored-value cards.
It appears likely that the needs of small enterprises, and perhaps also medium-sized enterprises, may be well-served by much the same capabilities as are delivered to consumers.
It is to be expected, however, that large corporations and government agencies will continue to take advantage of more sophisticated services offered by established financial services institutions. They may, however, make considerable use of digital money for small-scale and spontaneous purchasing, as they have done during the last decade with credit-cards.
This section groups together a range of second-order effects. The discussion is necessarily even more diffuse and uncertain than was the case in the preceding section. It largely overlooks the many other changes that are occurring, driven by factors other than digital money. These not only have their own penumbra of second-order effects, but will also interact with the ripples arising from digital money.
Digital money is part of the general tendency towards substitution of labour-intensive work by 'high-tech / low-labour' processes. The workplace impacts are inevitable:
These developments may, however, be complemented by a strengthening of the role of community-based organisations such as credit unions and Raiffeisenkassen.
A challenge for corporations will be to enable digital payment by employees on the organisation's behalf, without undermining the authorisation procedures on the one hand, and compromising technical (e.g. firewall) precautions on the other.
In some senses, banks have been working towards close and multi-faceted relationships with their clients. This has, however, been primarily in relation to corporate clients, and wealthy and high-income consumers.
The decreased need for, and affordability of, person-to-person relationships, may see a tendency towards a wholesale-retail or local-agent-intermediated mode of interaction between consumers and financial institutions. Various kinds of community-based organisations (together with remaining highly dispersed service organisations such as post offices, petrol stations and car-hire chains) may then fulfil the remaining counter-service role.
The features, the costs, the freedom to choose among diverse payment services, and the balance between consumer interests and service-provider power will depend a great deal on the dynamics of the marketplace discussed earlier.
Significant difficulties have always existed in relation to 'trans-jurisdictional' commerce, i.e. business activities that cross jurisdictional boundaries. In some cases, in particular where elements of a transaction are quarantined in jurisdictions that do not recognise international conventions, the behaviour is already effectively 'extra-jurisdictional', in the sense that it is incapable of prosecution in any court of law.
Electronic commerce in general, and digital money in particular, are lifting the art of regulatory avoidance to new planes.
The term 'supra-jurisdictionality' usefully conveys the way in which business conducted in virtual marketspaces may be subject to no existing legal jurisdictions at all. In the imagery popularised by John Perry Barlow, it is a new 'electronic frontier'; it is currently lawless; and it may prove to be even less capable of subjugation by formal legal architectures than is the kind of business currently conducted in or through regulatory havens.
This is inevitable not just in the case of fully anonymous schemes. Pseudonymous schemes may also create barriers for law enforcement agencies, because the means of associating the indirect identifier with the person concerned may require access to data outside the jurisdiction in question. Even identified digital money may present challenges, because of definitional issues, and because some aspects of transactions may be undertaken (accidentally or intentionally) outside the jurisdiction.
Extra-jurisdictionality was a major problem long before the advent of the Internet, with regulatory havens used by trans-national corporations (e.g. Panamanian registered ships), and individuals (e.g. countries with limited extradition treaties). The difference is the ease with which domestic regulation will be able to be avoided, and the much lower cost threshhold, which will make it available to smaller corporations and less wealthy people.
Jurisdictionally-bound regulatory agencies extend their reach through bilateral agreements with other jurisdictions (such as extradition treaties and double-taxation agreements), and multilateral arrangements through international associations (such as Interpol). This has had modest success, but also many failures. These have been due to the large numbers of countries and sub-national jurisdictions; to differences among legal systems, cultural values, religious beliefs and political ideologies; and to the financial advantages of a jurisdiction acting as a regulatory haven.
Search warrants and extradition applications need to be dealt with by an agency with appropriate powers in a physical location. In supra-jurisdictional cyberspace, no-one can hear a regulator scream with frustration: there is simply no local regulatory agency with which to negotiate.
Genuinely supra-jurisdictional payment mechanisms mean that corporations and consumers alike will have no recourse to conventional courts in order to gain retribution for foul play. But this is not all that great an incentive to stay within jurisdictions: the simple fact is that litigation is used in only a small proportion of instances in which transactions 'go bad'.
It is unlikely, however, that corporations and individuals will be comfortable transacting in an unprotected environment. Regulatory agencies appear likely to be of much less consequence than they are at present, but alternative control mechanisms will be sought. Two primary alternatives exist:
Taxation authorities and their advisers are currently performing stocktakes of the bases on which taxes are levied. Few forms of revenue are unaffected by the Internet; for example:
Among the many implications of electronic commerce is the democratisation of economic escape hatches. The facilities that have been available to 'the rich and powerful' to avoid inconvenient laws are increasingly within the reach of the general public. It will be surprising if they don't enthusiastically adopt them.
Digital money lowers the threshhold at which opportunities can be exploited. In the near future, not only the wealthy and high-income corporations and individuals will utilise opportunities to place monetary flows, profits and assets beyond the grasp of national taxation agencies.
As the number of companies and individuals reaping the benefits of tax-avoidance strategies increases, the proportion of the country's nominal tax-base that is liable to slip through the sieve will increase dramatically. It is not easy to see what new taxes can readily be imposed to make good the shortfalls.
Some countries, such as Australia, have enjoyed a fairly strong tax-payment morality. This has been at risk because of the increasingly apparent ability of major corporations to avoid tax. Payment morality will become very seriously threatened as the extent of leakage from the nominal tax-base increases. It will become much more mainstream for people to have a proportion of their income streams and assets visible to taxation authorities, and a proportion obscured, in order to ensure that they do not bear an unreasonable share of the jurisdiction's taxation load.
Taxation agencies will see themselves as being forced to rely increasingly heavily on surveillance as a means of pressuring people and companies into keeping their activities visible, and paying taxes.
Information technology has delivered to corporations and government agencies the means to process and store vast quantities of data. One of the main purposes to which it is being applied is the surveillance of individuals through the transactions that they engage in. For this concept I use the term dataveillance.
Particularly since the middle of the twentieth century, there has been a marked trend towards increasingly data-intensive relationships between individuals and the organisations with which they deal. A great many data-trails are already available.
Identified digital money might well result in very substantial transparency of consumers' economic behaviour. This will enable marketers to manipulate them to a yet greater extent. It is important to appreciate that a very significant proportion of the transactions that will be conducted with digital money have hitherto been undertaken anonymously. These technologies therefore harbour the potential to dramatically assist the repressive state.
People's behaviour will also become more transparent to government agencies, opening them up to greater oppression and repression. The desperate straits to which government will be reduced by the shrinking tax-base will inevitably result in attempts to apply dataveillance capabilities yet more energetically. This will in turn drive the miscreants further into the black economy, and engender distrust in government among the population generally.
Of course, technologies are feasible, and some have been delivered, which provide anonymous digital payment, or in which one side of the payment is anonymous. It is important that these alternatives be available. There are, however, real public interests in having some degree of traceability of funds flows. Much more effort therefore needs to be invested in pseudonymous electronic payment mechanisms, which provide an indirectly identified trail. Technical, organisational and legal measures are then needed to protect the means of linking the indirect identifier to the individual person.
Parallel to this, the widely-used concept of 'user authentication' needs to be generalised. In some circumstances, the identity of the individual is indeed at issue, and 'user authentication' is appropriate technology. There are many circumstances, however, in which the identity of the person is not relevant. In such cases, 'user authentication' is merely a poor implementation of what is really needed: 'eligibility authentication' (to ensure that the person has a characteristics that render them eligible to conduct a particular kind of transaction), or 'value authentication' (to ensure that what they proffer as payment is what it purports to be). It would be more effective to implement these kinds of authentication directly.
Public services are largely funded through high taxation rates applied to captive audiences. Governments appear likely to lose control of cash manufacture, and hence their considerable interest revenue from seigniorage. As payments migrate from monitorable and therefore taxable mechanisms to supra-jurisdictional mechanisms, nations' tax-bases will shrink.
Governments will have to reduce the services they provide, run even larger deficit budgets, find new ways to levy taxes, and/or increase existing rates still further. Their revenue-gathering will be less effective, and will be perceived by the remaining taxpayers to be inequitable.
In the new, electronic context, the twentieth century edifice of nation-state provided public services may prove to be unsustainable.
The near-futures imagined by science fiction novelists of the 'cyberpunk' genre perceive that untaxability will result in ungovernability. They envisage that there will be a breakdown of government-imposed law and order; that the 'hyper-corps' will retreat inside corporation-controlled enclaves; and that less polite society will slide towards high-tech, but fairly chaotic tribalism.
As Gibson and Sterling stress, these are not imagined futures, but rather cold-blooded assessments of Brooklyn and The Bronx (of almost any decade), the Italian black economy, the Beirut of the 1980s, the 'once-was-Yugoslavia' of the 1990s, and post-Gorbachev Russia, where (as Esther Dyson told us at CFP'95), the official police compete with various mafiosi as but one of a range of alternative protection agencies.
The supra-national nature of electronic payment mechanisms may be a primary factor in the nation-state becoming a fleeting footnote in social history, roughly from 1870 to 2020. If so, what will be the dominant pattern that emerges: the multi-national blocs of George Orwell's '1984'? Those of the advertising rhetoric of the European Union? A pan-world government (League of Nations Mark III)? Multiple local governments run by alternative semi-criminal organisations? Or the tribal anarchy foreseen by cyberpunk sci-fi authors?
The preceding sections are highly risk-prone attempts to analyse the future. They are, however, based on a reasonable background in electronic commerce and in payment systems, and an amount of systemic reasoning.
At this point, a little raw speculation is in order. My prognostications are based on a couple of observations:
At least for the foreseeable future, people will continue to exist IRL / in 'meatspace'. Indeed, a current challenge facing each of us is to establish a balance between the real and virtual components of our lives.
Within the real world, most people seek out safe places within which they and their families can enjoy the fruits of advanced society. They therefore place a high premium on law and order in their local area, and will continue to do so. Some of what they pay for will benefit no-one but themselves; but they will inevitably contribute towards some common goods and services.
The forces that are rendering the nation-state unsustainable and irrelevant are not undermining the need for, and the possibility of, conventional communities based on physical co-location.
Incentives, in the form of particular mixes of freedoms and controls, can be created by local communities, to encourage corporations and individuals to operate within their local society's rules. The days of the nation-state as the primary means of social organisation may well be numbered; and communities appear likely to become the primary form of social organisation.
People travel. They like other places to have the kind of law and order that protects them. The probability is, therefore, that people will value coalitions of communities in which they 'feel safe'.
Theories of strategic advantage and alliance have been in vogue among corporations for some time, and attempts have been made to apply them at national level. Communities will apply those same principles to inter-community patterns. There is scope for reciprocal arrangements, and harmonisation of law between partner communities. This creates the possibility for communities to cross-promote the particular balance between orderliness and dynamism that their systems offer.
The concept of 'jurisdiction-shopping' has hitherto been used only as a pejorative, to describe the selection of that jurisdiction in which a case has the greatest chance of being determined in the individual's favour. It will become a positive marketing tool, whereby communities will construct mixes of freedom and regulation, in order to attract sufficient of the kinds of businesses and people that they need in order to be economically and socially self-sustaining.
The implications of the Cypherpunk / Crypto-Anarchist lines of argument are enormous, and the benefits of their vision (juicily) exaggerated.
It would be very helpful to us slow thinkers if Eric Hughes, Tim May, and their considerable band of fellow-travellers, could distinguish their systemic arguments (of the form: "technological feature X gives rise to social change Y") from their moral arguments (of the form: "the fact that social institution Z will be harmed by this change is a good thing").
Outsiders can see a great deal wrong with American society; but we're not sure that a complete revolution is the only, or the best, way to solve the problems. Some other countries run in a manner that better services the perceived needs of the populace; very few people in Australia want to see desperate struggles as a way of life, but rather we want progressive changes to build on the solid base, without shaking its foundations.
The analysis presented in this paper suggests that control over digital money services will be determined by a few key factors. The fate of the nation-state is indeed sealed by electronic commerce in general, and digital payments in particular. But anarchy will not prevail. Nation-states will be replaced by governments based on geographical communities, and confederations among them.
A paper on privacy issues arising from stored-value cards is at http://www.rogerclarke.com/DV/ACFF.html.
The threats are summarised as follows:
'whereas your credit-card and debit-card generated a trail of 5-10 transactions per month, or perhaps per week, your smart card can enable the recording of your whereabouts and what you were doing 5-10 times per day'
- Exploitation of the Transaction Trails
- by government agencies for purposes which were not original purposes for which the data was gathered, which increases the risk of misunderstanding and misinterpretation due to differing data definitions and inadequate data quality standards, and represents oppressive use of the State's power over individuals
- by consumer marketing corporations to better target prospects for their goods and services, involving the exercise of information-based power to manipulate consumers and compromise their freedom of self-determination
- The Risk of 'Function Creep'
- Potential for Operation Without Consumer Consent
The paper also examines the trade-offs that are possible between privacy and other interests, and a taxonomy of scheme-types, classified according to their degree of privacy threat.
The conclusions reached are that:
This author has been involved as a member of an Asia-Pacific Smart Card Forum Sub-Committee to prepare a Code of Practice in relation to smart card schemes. This is due for public release in March, but there was no web-ready version at the time of writing.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 13 February 1997 - Last Amended: 27 June 1997 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/Monster.html