W3C home > Mailing lists > Public > public-webpayments@w3.org > February 2013

Re: Web Payments and Privacy

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Wed, 06 Feb 2013 15:15:01 -0800
Message-ID: <5112E3F5.8060806@sunshine.net>
To: Manu Sporny <msporny@digitalbazaar.com>, public-webpayments@w3.org

On 2/6/13 11:32 AM, Manu Sporny wrote:
  >> What's the state of this in PaySwarm?
>
> To the extent allowed by US law, anonymous transactions are allowed
> between a vendor and a buyer in PaySwarm. At no point does our PA
> transmit name or address information, or purchase history, without the
> express knowledge of the financial account holder.
>
> Keep in mind that this anonymity does not extend to the relationship
> that the PaySwarm Authority and the buyer has because credit card
> agreements and banking account agreements do not allow anonymous
> accounts due to Know Your Customer[1] regulations in the US (to my
> knowledge). This is mainly in place to prevent money-laundering,
> terrorism-funding, and other illegal activities.

Thanks Manu, but the layers of complexity are many and because of the 
PA situation it's not easy for me to figure out whether anonymity is 
possible. It still looks problematic (and different in different 
jurisdictions).

After looking at your KYC link, I have these observations:

1. It looks like, at present, KYC and anti-terrorist tracking are on a 
direct collision course with what the Berlin privacy commissioner asks 
for (anonymity for web purchases).

2. Theft of personal data for the purpose of advertising monetizing 
can slip into the maelstrom between these two opposing forces and 
charge ahead unimpeded. I think this is the present state, and seems 
not a good situation.

3. It seems as if PaySwarm is caught in the middle, and to exist it's 
going to have to somehow make itself available to all three groups. In 
other words, it will abide by the law, and if there's no law against 
it, it will get used by the corporations to do what they like (which 
probably is to track people as much as they can).

So I'd like to chunk up and offer a suggestion. I see a missing link, 
which I'll try to explain. Forgive me if this is obvious, but it seems 
new to me. :-)

In the cash economy (traditional, outside the web), there are two main 
streams:
     A. Anonymous, for SMALL transactions (we take your cash in paper 
dollars, give you the object, and don't ask or care who you are).
     B. Full I.D., for LARGE transactions (buying a house or car, or 
opening a charge account that allows you to borrow on demand).

But in the KYC, or the privacy commissioner's White Paper for that 
matter, this difference doesn't seem to be appreciated; nor do I see 
any talk of such a distinction in PaySwarm.

In other words, I think the major standoff between the anti-terrorist 
and KYC tracking and the web anonymity needs could be solved, and 
perhaps can only be solved, by realizing that they are talking about 
two different demographics.

The anti-terrorists need to track money movements over, say, $10,000 
US (which is the amount set that the US government requires its own 
citizens to report if they have accounts in foreign banks). And the 
vast majority of the potential web commerce is the everyday honest 
citizens' need to buy things that are worth much much less.

So, I suggest both levels be accommodated appropriately: that for 
small purchases, full anonymity, just like the non-web cash economy, 
be built into PaySwarm as the DEFAULT situation, not as something that 
people have to opt into by setting up a pseudonym. And that, at the 
higher level, full and verifiable I.D. be required for people wishing 
to transfer money in large amounts.

I realize that for PaySwarm to do this there would probably have to be 
legislation defining it. I'm assuming that if this legislation 
existed, PaySwarm could handle it?

An advantage of this compromise is that it might be able to straddle 
the divide that seems to be occurring between the EU and U.S. 
approaches to KYC/privacy at the moment.

Anyone else think this is worth pursuing?

If so, we might send it back to the Berlin commissioner as a 
recommendation. It appears they are in a position to recommend 
anonymity legislation in the EU, and they are approaching us to ask us 
to be onside. It seems like a good time to get them to listen if we 
have something to add.

Steven Rowat
Received on Wednesday, 6 February 2013 23:15:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 6 February 2013 23:15:26 GMT