Consumer Payments Market Space

1
(No Transcript)
2
Privacy Technology
Analysis and Mechanisms
David Chaum
3
Privacy is fundamentallyimportant!!!

• Is essential for democracy
• Needed for participation without fear of
  retribution
• Is a fundamental human right

4
OUTLINE

• Analysis
• Policy
• Economic
• Solution Mechanisms
• Legal
• Technological
• Privacy Technology

5
Policy Analysis

• The actors and macro considerations

6
Hierarchy of IT Needs of Humans

• Self-Worthrelation to artificial
  intelligence, etc.
• Privacyidentity, credential role protection
• Interactioncommunication, exploration, commerce
• Securityuptime, robustness, no hacking
• Processingstorage, interface, crunching

Maslows Hierarchy of Needs
7
Policy Issues
8
Economic Analysis

• These days,
• everybodys an economist!

9
Monetizing privacy

• Various schemes proposed (even 20 years ago)
• Consumers pay for privacy protection services
• Consumers are paid for use of their
  privacy-related data
• A brokerage of privacy related data

10
Imbalance in desire for privacy/data

• Individuals discount present value of privacy
  protection in transactions
• Explains anomalous behavior of consumers when
  confronted with cost or inconvenience
• Practices and potential dangers unknown
• Organizations value personal data
• Overestimate future potential of data
• Discount exposure to organization
• An organization not too concerned about dangers
  posed to consumers that it is not accountable for

11
Imbalance in size/power of entities

• Organizations have lots of leverage
• Their are few sources of mass products and
  services
• Consumers dont have much choice for many
  products or services
• High relative cost of change of practices for
  consumers

12
Legal mechanisms

• Powerful but dont work well directly

13
Legal mechanismsevolution

• Originally based on codifying legitimate
  expectation of privacy
• People should be able to review and amend data
• No erosion of privacy due to technology
• Best privacy protection practical

14
Legal mechanismscapabilities

• Accountability after the fact is ineffective
• Hardly able to address
• Covert/clandestine abuse
• Abuse of public or leaked data
• Corporate shield
• Undoing damage done to people
• Can cause creation and use of infrastructure

15
Technological Mechanisms

• The directly-effective mechanism

16
Locus of privacy-related controlThe critical
architectural choice
Organization x
infomediary
17
Locus of controlThree choices

• At organizations
• Weak benefit/effect for consumers
• Clandestine abuse, leaks, reversibility
• Mollify/diffuse the issue prevent effective
  solutions
• At an intermediary
• Create infrastructure with single point of
  failure
• Full cost but little true benefit
• Dangerous concentration
• At the individual
• Privacy technology the only good solution

18
Old paradigmassumptions/model proven false!

• Believed to be a zero-sum game, privacy v.
  security
• ID believed needed for security against abuse by
  individuals
• ID believed only way to organize data

19
Old Paradigm
20
New paradigm

• Individuals provide organizations with minimum
  sufficient information and proof of its
  correctness

21
Privacy Technology

• Win-Win break of the believed tradeoff

22
New Paradigm
23
Feasibility of a comprehensive solution set has
been proven

• PaymentseCash payments deployed by major banks
  on 4 continents
• CommunicationMix nets, onion routing, etc. have
  been widely deployed
• Credentialsmechanisms implemented on cards and
  by IBM

24
Benefits to organizations (micro)

• Reduced exposure/liability
• Better data
• Cleaner because less deception and garbage
• More willingness to provide data because of
  protections
• All organizations get the data level playing
  field
• Better public image (?) probably wrong!

25
Not easy to get there from here

• Requires lots of users (hard to be anonymous
  alone!)
• Difficult to get the system primed
• Consumers dont want to pay costs
• Organizations tend to resist change

26
Really an infrastructure issue

• Pseudonymity / Anonymity only in numbers (as
  mentioned)
• Communication infrastructure can nullify
  protections
• Way to share data pseudonymously is infrastructure

27
CONCLUSION

• A Privacy Technology infrastructure is the way
  to go and would be hugely beneficial

28
(No Transcript)
29
Kinds of Privacy for Payments
Organization-controlled privacy
Consumer- controlled privacy
No privacy
False privacy
Protection only from merchant
credit cards on the Internet
eCash
Buy/reload card without identification
Advertise consumer privacy
stored-value cards
technology / time
pre-paid phone cards
Government payments, e.g.
transfer-order systems
bank notes coins
30
Consumer Payments Market Space
scheduledpayments
irregularpayments
high value
low value
10
31
Electronic Cash

• You can buy a digital bearer instrument from a
  bank with funds in your account
• You can pay by giving the instrument to the
  payee, who deposits to an account

32
(No Transcript)
33
(No Transcript)
34
zoom in on eCash blinding
35
Privacy and Control over Payments

• Nobody can learn without your cooperation who you
  pay, how much you pay, or when
• You can always prove who received any payment,
  for how much, and when
• Payments can only be made by you and they cannot
  be stopped by others

36
(No Transcript)
37
(No Transcript)
38
Credential Mechanisms

• You deal with each organization under a distinct
  digital pseudonyma public key whose
  corresponding private key only you know
• You obtain a credential as a digital signature
  formed on one of your digital pseudonyms
• You answer the queries you choose to by proving
  you have sufficient credentials

39
(No Transcript)
40
(No Transcript)
41
Wallet with Observer

• A tamper-resistant chip, issued by a trusted
  authority, is carried by the individual
• But the chip can only talk to the outside world
  through the persons PC/PDA
• The two devices perform a multiparty computation
  and thus speak to the outside world with a common
  voice

42
How untraceable-sending works
Mix network
The mix sever decrypts and re-orders inputs
43
Prevents tracing messages back
message 2
44
Cascade of three Mixes
PK3
PK1
PK2
Server 3
Server 2
Server 1
45
Encryption of message
PK3
PK1
PK2
message
Ciphertext EPK1EPK2EPK3message
46
Processing the messages
Server 1
Server 2
Server 3
47
Tracing prevented by any mix
Server 1
Server 3
Server 2
m3
48
(No Transcript)
49
IAO

• The Information Awareness Office (IAO) develops
  and demonstrates information technologies and
  systems to counter asymmetric threats by
  achieving total information awareness useful for
  preemption, national security warning and
  national security decision-making. John
  Poindexter, national security adviser to former
  President Reagan, is the director of the new
  agency. He was a controversial figure both for
  his role in the Iran-contra scandals and for his
  efforts to assert military influence over
  commercial computer security technologies. NSDD
  145 Data Mining.