Re: Web Payments and Privacy

On 2/6/13 5:40 PM, Manu Sporny wrote:
> Agreed. Would you mind taking a shot at a reply to them, Steven? We can
> kick it back and forth on the mailing list, get some input from other
> folks, and then send it back if there is general agreement that it would
> be helpful.

Certainly I'll give it a go. I expect the list to suggest major 
revisions, which is good because it will allow me to learn some things 
about what's actually going on. :-)

Here's a proposed draft:
+++++++++++++++

From: Web Payments Community Group
(public-webpayments@w3.org)

To: Alexander Dix, Chairman, IWGDPT
(International Working Group on Data Protection in Telecommunications)

Dear Mr. Dix,

Thank you for your interest. We have received, read, and discussed 
your letter and the Working Paper on Privacy and Electronic 
Micropayment on the Internet.

We are in agreement with the recommendations in the Working Paper. 
This group does not have legislative responsibility of any sort, but 
we agree that having an anonymous option both by legislation and 
technical capacity is ideal.

The system currently being discussed and developed by us has already 
been designed to have that anonymity capability in several ways. There 
will be a network of PaySwarm Authorities (PA), where the user will 
create an account. Basic user-data anonymity could be achieved by 
using a pre-paid card, by using a non-traceable currency like Bitcoin 
to create the account, or, probably most important, could be offered 
as part of the Terms of Service of that particular PA. In fact the 
first  demonstration PA operates in this manner, and it's expected 
others will.

So it seems to us that the technical side is not overly problematic. 
The political problem is more difficult. What we produce will have to 
follow the locally applicable laws in all jurisdictions.

As you are certainly aware, the US and other countries operate with 
Know Your Customer legislation (KYC), and you indicate in your Working 
Paper there is proposed legislation in Germany of a similar nature 
that essentially prohibits anonymity. The KYC and anti-terrorist 
efforts are in some ways almost directly opposed to the anonymity 
needs. If a stand-off between these two factions continues, the 
unhealthy surreptitious use of data-mining to support advertising will 
probably continue also, and possibly increase.

We have one general suggestion for how this stand-off might be 
resolved in legislation: institute a tiered system, for example as 
follows:

     1. SMALL money transfers and purchases (which will by default 
have  anonymity as an option).
     2. LARGE money transfers and purchases (which will require 
traceable I.D.)
     3. LEGAL WARRANT: Purchases of ANY SIZE that show enough evidence 
of possible wrongdoing to trigger a legal warrant to force I.D. to be 
used.

Perhaps it would be both politically acceptable and technically 
feasible to have such a system. The cross-over amount would be set by 
legislation. The huge bulk of human purchases on the Internet could be 
made at level one, anonymously (if the user chooses), while large 
transfers or suspect situations would require traceable I.D.

What constitutes 'large' would require discussion, but for the sake of 
argument perhaps something in the range of $2500 US would allow most 
consumer commerce to be carried on anonymously if so chosen.

  Sincerely,

A.A,
X.X,
Y.Y,
Z.Z.
(for)
Web Payments Community Group

Received on Thursday, 7 February 2013 18:03:23 UTC