- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 06 Feb 2013 20:40:39 -0500
- To: public-webpayments@w3.org
On 02/06/2013 06:15 PM, Steven Rowat wrote: > Thanks Manu, but the layers of complexity are many and because of > the PA situation it's not easy for me to figure out whether anonymity > is possible. Anonymity is possible, in certain configurations. It is also very important how we define "identification information", and the PDFs provided do not make it very clear what they mean by that phrase. If you use a pre-paid debit card to charge a PaySwarm Authority (PA) financial account, and that debit card is not required to have your name associated with it in order to run a transaction (which is up to the debit/credit card network), then you can remain anonymous throughout the transaction process. In the future, if you use Bitcoin to fund a PA financial account, you can remain fully anonymous. It does depend on the Terms of Service for the PA you're using. This is true for any 3rd party service that you use to establish an anonymous transaction. You have to trust, potentially via an independent auditor, that they're doing what they say they're doing. > After looking at your KYC link, I have these observations: > > 1. It looks like, at present, KYC and anti-terrorist tracking are on > a direct collision course with what the Berlin privacy commissioner > asks for (anonymity for web purchases). It depends on how they define anonymity. My assumption is that they're defining it like this: "anonymous purchase": The vendor cannot determine any personally identifying information about the buyer, such as their name, address, birth date, religion, etc. through purchases that they perform via the vendor's website (or a network of vendor websites). This sort of purchase anonymity is supported via the PaySwarm protocol. We have thrown the idea of a digital cash solution around as well. It would be tied to a fiat currency, there would be a public block-chain (like Bitcoin), but the monetary input into the system would be performed by people doing deposits via PAs. Instead of mining to put money into the blockchain, the PAs would deposit money into the blockchain from customer accounts. The depositor would specify the anonymous account holding the deposited funds, and then the PA would purposefully forget which person deposited funds into the blockchain. This is as close as you can get to anonymous fiat currency on the Web, afaict. So, this would not prevent vendors from knowing who is spending money, it would prevent PAs from knowing who the funds belong to. > 2. Theft of personal data for the purpose of advertising monetizing > can slip into the maelstrom between these two opposing forces and > charge ahead unimpeded. I think this is the present state, and seems > not a good situation. Personal data theft is something entirely different. Maybe you mean re-sale of your demographic information (it's not theft, you "signed up" for it by using the service without using an anonymizer - terrible, I know... but that's the current state of things). If you use an Incognito window and an anonymous PaySwarm account, this is very unlikely to happen (unless you always use the same anonymous account to make all of your purchases, and you type your personal information into a site other than the PA). > 3. It seems as if PaySwarm is caught in the middle, and to exist it's > going to have to somehow make itself available to all three groups. > In other words, it will abide by the law, and if there's no law > against it, it will get used by the corporations to do what they like > (which probably is to track people as much as they can). It's important to know what your PaySwarm Authority is doing with your information. This is why it's important to read the terms of service. Personally, Digital Bazaar's business model does not depend on advertising. Our customers are the people that are using our services to perform transactions. Our customers are NOT advertisers. There are other business models that PAs could use that would flip this model on its head. Buyer beware. > But in the KYC, or the privacy commissioner's White Paper for that > matter, this difference doesn't seem to be appreciated; nor do I see > any talk of such a distinction in PaySwarm. We don't make a distinction in the specifications because it's up to the PA to guard your identity. Anything more than that and we're in danger of violating a whole slew of anti-money-laundering and anti-terrorism banking regulations. > In other words, I think the major standoff between the anti-terrorist > and KYC tracking and the web anonymity needs could be solved, and > perhaps can only be solved, by realizing that they are talking about > two different demographics. It does need to be solved. There is no clear path forward as far as I can see. I also think that the "two major types of transactions" is overly simplistic. There is a very large swath of spending amounts and frequencies. It's a continuum, not a step function. > The anti-terrorists need to track money movements over, say, $10,000 > US (which is the amount set that the US government requires its own > citizens to report if they have accounts in foreign banks). This is not true at all. Funding for terrorism takes many forms, some of it through the sale of illegal DVDs and music CDs. Some of it through subscriptions to fake magazines. All of those transactions are sub-$100 transactions. > I realize that for PaySwarm to do this there would probably have to > be legislation defining it. I'm assuming that if this legislation > existed, PaySwarm could handle it? Yes, if detailed legislation existed that allowed fully anonymous cash-like transactions, where even the PA doesn't know who is spending the money, PaySwarm could handle it. > Anyone else think this is worth pursuing? It's definitely worth pursuing. We can't necessarily pursue it right now because we are in the middle of a commercial launch. > If so, we might send it back to the Berlin commissioner as a > recommendation. It appears they are in a position to recommend > anonymity legislation in the EU, and they are approaching us to ask > us to be onside. It seems like a good time to get them to listen if > we have something to add. Agreed. Would you mind taking a shot at a reply to them, Steven? We can kick it back and forth on the mailing list, get some input from other folks, and then send it back if there is general agreement that it would be helpful. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Aaron Swartz, PaySwarm, and Academic Journals http://manu.sporny.org/2013/payswarm-journals/
Received on Thursday, 7 February 2013 01:41:10 UTC