W3C home > Mailing lists > Public > public-webpayments@w3.org > February 2013

Re: Web Payments and Privacy

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 06 Feb 2013 20:40:39 -0500
Message-ID: <51130617.3060003@digitalbazaar.com>
To: public-webpayments@w3.org
On 02/06/2013 06:15 PM, Steven Rowat wrote:
> Thanks Manu, but the layers of complexity are many and because of
> the PA situation it's not easy for me to figure out whether anonymity
> is possible.

Anonymity is possible, in certain configurations. It is also very
important how we define "identification information", and the PDFs
provided do not make it very clear what they mean by that phrase.

If you use a pre-paid debit card to charge a PaySwarm Authority (PA)
financial account, and that debit card is not required to have your name
associated with it in order to run a transaction (which is up to the
debit/credit card network), then you can remain anonymous throughout the
transaction process.

In the future, if you use Bitcoin to fund a PA financial account, you
can remain fully anonymous.

It does depend on the Terms of Service for the PA you're using. This is
true for any 3rd party service that you use to establish an anonymous
transaction. You have to trust, potentially via an independent auditor,
that they're doing what they say they're doing.

> After looking at your KYC link, I have these observations:
> 1. It looks like, at present, KYC and anti-terrorist tracking are on 
> a direct collision course with what the Berlin privacy commissioner 
> asks for (anonymity for web purchases).

It depends on how they define anonymity. My assumption is that they're
defining it like this:

"anonymous purchase": The vendor cannot determine any personally
identifying information about the buyer, such as their name, address,
birth date, religion, etc. through purchases that they perform via the
vendor's website (or a network of vendor websites).

This sort of purchase anonymity is supported via the PaySwarm protocol.

We have thrown the idea of a digital cash solution around as well. It
would be tied to a fiat currency, there would be a public block-chain
(like Bitcoin), but the monetary input into the system would be
performed by people doing deposits via PAs. Instead of mining to put
money into the blockchain, the PAs would deposit money into the
blockchain from customer accounts.

The depositor would specify the anonymous account holding the deposited
funds, and then the PA would purposefully forget which person deposited
funds into the blockchain. This is as close as you can get to anonymous
fiat currency on the Web, afaict.

So, this would not prevent vendors from knowing who is spending money,
it would prevent PAs from knowing who the funds belong to.

> 2. Theft of personal data for the purpose of advertising monetizing 
> can slip into the maelstrom between these two opposing forces and 
> charge ahead unimpeded. I think this is the present state, and seems 
> not a good situation.

Personal data theft is something entirely different. Maybe you mean
re-sale of your demographic information (it's not theft, you "signed up"
for it by using the service without using an anonymizer - terrible, I
know... but that's the current state of things).

If you use an Incognito window and an anonymous PaySwarm account, this
is very unlikely to happen (unless you always use the same anonymous
account to make all of your purchases, and you type your personal
information into a site other than the PA).

> 3. It seems as if PaySwarm is caught in the middle, and to exist it's
> going to have to somehow make itself available to all three groups.
> In other words, it will abide by the law, and if there's no law
> against it, it will get used by the corporations to do what they like
> (which probably is to track people as much as they can).

It's important to know what your PaySwarm Authority is doing with your
information. This is why it's important to read the terms of service.

Personally, Digital Bazaar's business model does not depend on
advertising. Our customers are the people that are using our services to
perform transactions. Our customers are NOT advertisers.

There are other business models that PAs could use that would flip this
model on its head. Buyer beware.

> But in the KYC, or the privacy commissioner's White Paper for that 
> matter, this difference doesn't seem to be appreciated; nor do I see 
> any talk of such a distinction in PaySwarm.

We don't make a distinction in the specifications because it's up to the
PA to guard your identity. Anything more than that and we're in danger
of violating a whole slew of anti-money-laundering and anti-terrorism
banking regulations.

> In other words, I think the major standoff between the anti-terrorist
> and KYC tracking and the web anonymity needs could be solved, and
> perhaps can only be solved, by realizing that they are talking about
> two different demographics.

It does need to be solved. There is no clear path forward as far as I
can see. I also think that the "two major types of transactions" is
overly simplistic. There is a very large swath of spending amounts and
frequencies. It's a continuum, not a step function.

> The anti-terrorists need to track money movements over, say, $10,000 
> US (which is the amount set that the US government requires its own 
> citizens to report if they have accounts in foreign banks).

This is not true at all. Funding for terrorism takes many forms, some of
it through the sale of illegal DVDs and music CDs. Some of it through
subscriptions to fake magazines. All of those transactions are sub-$100

> I realize that for PaySwarm to do this there would probably have to 
> be legislation defining it. I'm assuming that if this legislation 
> existed, PaySwarm could handle it?

Yes, if detailed legislation existed that allowed fully anonymous
cash-like transactions, where even the PA doesn't know who is spending
the money, PaySwarm could handle it.

> Anyone else think this is worth pursuing?

It's definitely worth pursuing. We can't necessarily pursue it right now
because we are in the middle of a commercial launch.

> If so, we might send it back to the Berlin commissioner as a 
> recommendation. It appears they are in a position to recommend 
> anonymity legislation in the EU, and they are approaching us to ask 
> us to be onside. It seems like a good time to get them to listen if 
> we have something to add.

Agreed. Would you mind taking a shot at a reply to them, Steven? We can
kick it back and forth on the mailing list, get some input from other
folks, and then send it back if there is general agreement that it would
be helpful.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Aaron Swartz, PaySwarm, and Academic Journals
Received on Thursday, 7 February 2013 01:41:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:30 UTC