In the first article of this series we saw how the mathematics of public key cryptography could be used to create secure payment mechanisms that are analogous to bank issued notes or to bills of exchange and cheques.[1] Because of the emphasis on small payments, the methods are usually referred to in the computing literature as "digital coins".
Public key cryptography combined with the keeping of a register of "spent" coins permits us to identify who "possesses" the coins or, if we think in terms of negotiable instruments, the "holder" of the instrument.
In each case the essential feature of the methods is that public key cryptography allows us to translate some of our "paper" notions such as signature and possession into the realm of pure electronic messages. Using public key cryptography we can be certain that a message has not been altered, we can identify those parties who have agreed to the message by means of adding their digital signature and we can identify a unique person who "possesses" the message.[2]
Without going into the cryptographic details, the next step in the process is the introduction of "blind signatures".[3] These are cryptographic methods which allow us to ensure that the digital coin is genuine, that it is being received in payment for a particular service and that it has not previously been spent, but it does not allow us to identify the payer or any previous "holder" of the digital coin.
Blind signatures permit, in other words, the electronic equivalent of cash. Payments made by such methods leave no trail. This method is now being trialed in the USA and Europe by the DigiCash group in cooperation with local banks.[4]
Anonymity can be achieved even without the introduction of "blind signatures" if coin issuers are prepared to exchange valid coins for new ones.[5] Consider: a customer A is issued with coins by a bank B. Since each coin is identified by serial number the bank could build a spending profile of the customer by noting which merchants return the identified coins. If, however, B or some other bank is willing to exchange coins for new ones then the owner of the new coins may be unknown since all that is needed is a network address in order to conduct the transaction. The owner of the new coins would be unknown.
The motivation behind these developments is to provide a cheap, secure, anonymous method of making small payments via the internet. Payments as small as a fraction of a cent are contemplated by would-be vendors of small amounts of valuable information. It must be appreciated however that this motivation in no way limits the potential of the end product. There is no obvious limit to the size or number of payments which could be made using the methods. The consequences of this will be examined later.
It might be useful at this point to summarise the concept of the "digital coin". A digital coin is a message which is digitally signed[6] by the issuing bank or other organisation. The contents of the message identify
It is certainly true that all of the problems raised by smart cards are equally applicable to the introduction of digital cash. These problems have been discussed recently both in this Journal and in a paper issued by the Australian Payments Systems Council. Major issues which must be addressed (or settled by default) include:
These restraints do not apply to digital cash. Anyone with a computer could theoretically become an issuer of digital cash. Certainly any bank anywhere in the world could establish itself as an issuer of digital cash. Provided there is some commercial mechanism whereby a merchant can be reasonably assured of obtaining ultimate value these digital coins could be used by anyone anywhere in the world to make purchases over the internet.
Further, the parties need not be in any long term contractual relationship with each other. A holder of digital coins issued by one bank is (or may be) free to exchange them for coins issued by a different bank. Issuers are encouraged to make such exchange arrangements since it increases the value of their own coins. The free exchange of coins makes the whole system more attractive to merchants since it broadens their effective consumer base.
In a system that allows the free exchange of digital coins it may be necessary to determine the legal nature of a digital coin. This is because the relationships may no longer be directly controlled by an express contract. To illustrate, a merchant may confidently accept a credit card or a smart card in payment because he or she knows that the contract that they have with the card issuer will guarantee that they receive value for the transaction. No appeal to the general law is necessary.[9]
By contrast, a merchant who is offered digital coins in payment may have no contractual arrangement with the issuing bank. If the system is to flourish, the merchant must be able to rely upon some general law which governs the relationship of the parties.
All of the proposed methods of implementing payments over the internet share the characteristic that there is an "issuer". Digital coins are "issued" by a "bank" to a customer who then uses the coins via electronic messages to pay for goods or services via the internet. In order to have legal effect, we must treat the issuer as a promisor who has promised to make or to guarantee payment.
To whom is the promise made? This will depend upon the particular implementation of the payment mechanism. An issuer could make it a condition that merchants may only accept payment by prior arrangement. This would re-establish the contractual restraints which are lacking in the general model. However, for the commercial reasons outlined above, this is unlikely to be a stable long term solution. In real life schemes for "digital coins" it seems that the issuer must be taken to promise at least to anyone who takes a valid coin in good faith and for value that the coin will be met.
Even that interpretation is not wide enough to make the anonymous payment schemes work. In such a case it must be taken that the issuing bank promises to give value for any valid coin to anyone who presents it for payment.[10]
The obvious analogy is with the now obsolete bank note. Until this century the bank note was the common and widely recognised currency.[11] It is a nice tribute to the law that many of the problems which may be encountered with digital cash may be solvable by looking to the law of a payment system which has been obsolete for the last 90 years.
However, it was never considered that a bank note issued by an obscure foreign bank could be regularly used for payment locally. Digital cash releases us from the confines of geography and in so doing introduces a whole new set of problems that were not relevant to bank notes and which have little relevance to payment by credit card or smart card.
The issuing bank, the payer and the payee may have no geographical connection whatsoever. It is perfectly plausible that an Australian purchaser could pay a Bolivian supplier by means of digital coins issued by a Mongolian bank. In such a case which law will we use to settle disputes when the transaction goes wrong? How can we even begin to ensure integrity of the payment system or to implement consumer protection policies? How can we control and detect money laundering schemes?
Interesting questions. They will be addressed in the third and final paper of this series.
Please send inquiries & questions to alan@austlii.edu.au.
Copyright © 1997 Alan L Tyree
Last modified: Tue Oct 14 18:06:42 EST 2003