- From: Steven Rowat <steven_rowat@sunshine.net>
- Date: Wed, 06 Feb 2013 15:15:01 -0800
- To: Manu Sporny <msporny@digitalbazaar.com>, public-webpayments@w3.org
On 2/6/13 11:32 AM, Manu Sporny wrote:
>> What's the state of this in PaySwarm?
>
> To the extent allowed by US law, anonymous transactions are allowed
> between a vendor and a buyer in PaySwarm. At no point does our PA
> transmit name or address information, or purchase history, without the
> express knowledge of the financial account holder.
>
> Keep in mind that this anonymity does not extend to the relationship
> that the PaySwarm Authority and the buyer has because credit card
> agreements and banking account agreements do not allow anonymous
> accounts due to Know Your Customer[1] regulations in the US (to my
> knowledge). This is mainly in place to prevent money-laundering,
> terrorism-funding, and other illegal activities.
Thanks Manu, but the layers of complexity are many and because of the
PA situation it's not easy for me to figure out whether anonymity is
possible. It still looks problematic (and different in different
jurisdictions).
After looking at your KYC link, I have these observations:
1. It looks like, at present, KYC and anti-terrorist tracking are on a
direct collision course with what the Berlin privacy commissioner asks
for (anonymity for web purchases).
2. Theft of personal data for the purpose of advertising monetizing
can slip into the maelstrom between these two opposing forces and
charge ahead unimpeded. I think this is the present state, and seems
not a good situation.
3. It seems as if PaySwarm is caught in the middle, and to exist it's
going to have to somehow make itself available to all three groups. In
other words, it will abide by the law, and if there's no law against
it, it will get used by the corporations to do what they like (which
probably is to track people as much as they can).
So I'd like to chunk up and offer a suggestion. I see a missing link,
which I'll try to explain. Forgive me if this is obvious, but it seems
new to me. :-)
In the cash economy (traditional, outside the web), there are two main
streams:
A. Anonymous, for SMALL transactions (we take your cash in paper
dollars, give you the object, and don't ask or care who you are).
B. Full I.D., for LARGE transactions (buying a house or car, or
opening a charge account that allows you to borrow on demand).
But in the KYC, or the privacy commissioner's White Paper for that
matter, this difference doesn't seem to be appreciated; nor do I see
any talk of such a distinction in PaySwarm.
In other words, I think the major standoff between the anti-terrorist
and KYC tracking and the web anonymity needs could be solved, and
perhaps can only be solved, by realizing that they are talking about
two different demographics.
The anti-terrorists need to track money movements over, say, $10,000
US (which is the amount set that the US government requires its own
citizens to report if they have accounts in foreign banks). And the
vast majority of the potential web commerce is the everyday honest
citizens' need to buy things that are worth much much less.
So, I suggest both levels be accommodated appropriately: that for
small purchases, full anonymity, just like the non-web cash economy,
be built into PaySwarm as the DEFAULT situation, not as something that
people have to opt into by setting up a pseudonym. And that, at the
higher level, full and verifiable I.D. be required for people wishing
to transfer money in large amounts.
I realize that for PaySwarm to do this there would probably have to be
legislation defining it. I'm assuming that if this legislation
existed, PaySwarm could handle it?
An advantage of this compromise is that it might be able to straddle
the divide that seems to be occurring between the EU and U.S.
approaches to KYC/privacy at the moment.
Anyone else think this is worth pursuing?
If so, we might send it back to the Berlin commissioner as a
recommendation. It appears they are in a position to recommend
anonymity legislation in the EU, and they are approaching us to ask us
to be onside. It seems like a good time to get them to listen if we
have something to add.
Steven Rowat
Received on Wednesday, 6 February 2013 23:15:26 UTC