The Kinder Gap: Cybercash

Cyber Cash is not one of Johnny’s many cousins. Cybercash is a move from paper money to electronic bits, completing the shift from the gold standard to a symbolic paper standard to, as Alvin Toffler coined it in PowerShift, the super symbolic standard where money is merely a representation in computer memory of a government’s standing in the world economy.

Rather than carry coins and bills, we’ll carry cards--like credit cards or bank cards--and we’ll use these cards to pay for everything and anything. Many proponents claim that it will end crime: there won’t be any cash to steal, and hot items will still have to be fenced, at which point cybercash comes into play and computers can trace the transaction.

As a panacea, cybercash is shortsighted. Even on the surface, it won’t stop rape and other forms of violence. It can only affect crimes in which cash is involved and is irreplaceable. But there is no such thing. What is cash? Is cash a changing word? For cybercash to work on a universal scale, it must be easily used. Any individual needs to be able to accept cybercash from another individual as easily as transferring dollar bills from one wallet to another. If merchants and individuals can accept cybercash, criminals can force merchants (and individuals) to give up cybercash.

The biggest burglar--and the strongest proponent of cybercash--is the Internal Revenue Service. The IRS foresees a day when you never file a tax return. They’ll just collect all the data about what you earned and automatically deduct from your cybercash cache what they think you owe. Sales taxes will also be transformed: state and local governments ^(!) do not tax money that they don’t see. When you buy a stereo from your brother-in-law, or pick up some junk at any of the numerous yard sales on a given weekend, you don’t pay any taxes. It’s not because they don’t want to tax these sales, it’s that they can’t. Some states even expect you to voluntarily tell them what you bought and how much you paid for it. ^(!)

In a central system of electronic cash, you have no choice. Whenever money traverses the cash net, Uncle Sam or his nieces and nephews in the states will automatically take their cut. The United Nations also sees an opportunity: the bureaucrats there hope to be able to impose a tax on international electronic currency transactions. ^(?)

Some forms of cybercash are already here. Banks and financial institutions deal directly with digital transactions. No paper money gets transported anymore. I rarely use cash. I have a credit card and an ATM card that looks like a credit card, and I can use them just about anywhere. My paycheck is deposited automatically into my checking account.

Credit cards are credit. The money in them doesn’t really exist, at least for me. Bank cards are different. They’re really cash--they represent the cash that I’ve got in my banking account. These forms of electronic cash have major drawbacks, however. They’re easily traced and easily faked, and they have my entire balance. If someone steals my ATM card (and somehow gains my PIN number, say, by watching over my shoulder when I make a transaction, using binoculars or mirrors, or by pointing a knife at my throat and just asking me), they’ve got my checking account. Now, most state laws limit the amount that you can lose from stealing, so that I might only lose $50 if a thief spends the $1,000 in my checking account. But that just means that the bank loses it instead. The bank would probably prefer that I lose it, just as if the thief had stolen $1,000 from my wallet.

If the thief just gets your number, and not your signature, you aren’t liable for anything: any credit card transactions that occur without a signature, and that turn out to be fraudulent, you are not liable for. This includes on-line transactions. This is one of the reasons credit card companies and businesses are pushing for encryption. It isn’t there to protect the consumer, it’s to protect the credit card company.

There are other problems with these cards. If I found out that my bank had hired a private detective to watch my every move, I would be furious. But they don’t have to: I tell them my every move every time I use the card. And given the security of most computer systems, I’ve also told anyone who really wants to know. There is no privacy with credit cards and bank cards. Why do you think they’re giving the card to me for free? They expect to make money off of the information I’m giving them.

In essence, there are four ways that electronic cash could be implemented. The electronic cash can be centralized or distributed, and it can be private or public. My credit cards and bank cards are centralized and public. The ‘real’ cash is all held at the bank, and the transactions I make with the cards are not private: the bank knows about them, and anybody who can access the bank knows about them, including the IRS.

When we move into ‘true’ virtual cash--electronic cash that doesn’t represent a piece of non-existent paper--it looks as though it will be distributed. In most of the cases where virtual cash is implemented now, the card itself holds the money. The telephone companies sell phone cards, which are good for a specific amount of money. If the cards are stolen, you only lose the amount of money ‘left’ on the card. Likewise, you can give the cards to someone--a son or daughter at college, for example--and be assured that they’ll only spend what exists on the card. Some of the companies that sell these phone cards commission art and photographs for them. When empty, these cards have actually become collector’s items!

Vending cards, cards with a specific amount of money to be used in the company’s vending machines, are also distributed electronic cash. The card itself is the money. When emptied, the card is worthless, although they can be ‘rejuvenated’ for a fee. Vending cards and phone cards are semi-private. The person who originally purchased the card is known, but there isn’t any way of telling who actually used the card if the card is passed from person to person, except with standard gumshoe detective work. The information isn’t automatic.

In other forms of distributed cash, the information is automatic. With most forms of ‘smart’ cards, you are the only person who is authorized to use the card. If you want to give someone else some money, you ‘download’ cash from your card to their card, and this information may or may not be tracked. This type of card is available as a Visa card from NationsBank, Wachovia, and First Union, and they expect it to be readily accepted at the 1996 Summer Olympics in Atlanta. ^(?)

David Chaum, founder of the Dutch company DigiCash b.v., ^(?) has been an advocate of virtual money for over a decade. He’s also an idealist; his biggest contribution to the debate has been the question, How can we do this and still maintain individual privacy? As a result of answering that question, he holds the important patents for what’s called anonymous cash and many forms of virtual cash transactions. He’s developed techniques, as an outgrowth of public key cryptography, ^(!)) that allow banks to authorize digital cash transactions without knowing who is taking part in the transaction, and has mathematically proven that those transactions are reliable and secure.

He stands to become very rich when virtual cash is implemented world-wide, but he’s been holding out selling his patents until a deal comes along that protects the individual liberties that he feels are important. DigiCash made its name creating a ‘toll card’ for motor vehicles. The smart card slips into a device on the vehicle’s windshield. As cars pass the toll booth, a scanner automatically checks the card and debits the toll. The system is also anonymous: the Dutch government isn’t able to use it to keep track of where its citizens travel.

That’s the kind of thing that’s important to David Chaum. As part of an interview with Steven Levy of Wired magazine, he pointed out a place where Nazis rounded up Jews to be sent to concentration camps, as an example of what happens when you give government too much power. In places like Thailand, for example, “smart cards” are used to keep track of everything from an individual’s ancestry to their voting records. ^(?)

There’s no reason that we’ll have only one form of electronic cash. Right now, there are all sorts of it: vending cards, credit cards, bank cards, phone cards. There’s no reason that private industry can’t continue to market multiple means of using virtual cash. So we’ll be able to continue using public, centralized cash when we need credit (credit cards). We’ll also use it, in the form of bank cards or automatic deductions, when we want the cash flow to be traceable, for example, when paying a telephone bill. When buying lunch, or buying a newspaper at the newsstand, we’ll use a private, distributed ‘smart’ card.

Two things have to be sorted out before we move to a completely digital economy: who is going to back the digital cash, and who is going to pay for it? Backing is a very touchy subject. Even paper money isn’t backed by anything tangible anymore. It’s backed by the good name of the government that prints it. It may end up that governments will back digital cash just like they back paper cash. Digital cash can also, however, be backed by the private company that makes the card. The latter is not unlikely; it’s what happens now, although we expect that the phone card or vending card is backed by the company because the company ‘still has’ the cash that we gave them in exchange for the card. That’s an element of trust, however, and if the company you bought your phone card from goes out of business you may well be out of luck.

Digital cash may evolve out of this. As less and less paper exchanges hands, you’ll be buying that phone card with money from a smart card that you bought from a bank, who got their money in digital form from the federal government, and you’ll have paid for it with money that was deposited directly into your account by your employer.

How will digital cash be paid for? Someone has to pay for the smart card, and someone also has to pay for the computer networks that transmit the bits and bytes of digital cash. It will probably be a combination of the ways that electronic cash is paid for today. When you buy a money order, you pay a fee to get the money order. There may be a fee for getting your smart card refilled. With your credit card, you may or may not (really, you shouldn’t, anymore) be paying an annual fee. Merchants also pay, for the privilege of being able to accept your credit card. Companies that make smart cards may charge a ‘royalty’ to merchants, depending on how often their card is used, and how much it’s used for. Digital cash might even be paid for in the way that checking is paid for: while your money is sitting in the bank, it’s making money, as interest, for the bank. Your digital cash, until it gets used for a purchase, is also just sitting somewhere. The smart card transactors can gain interest on this idle money.

Selling Yourself

Cybercash can also be paid for by selling information. Every time you use cybercash, some kind of information is also trading hands. For the more private forms of cybercash, it may not be much more, if any more, than what changes hands with paper cash purchases. But with bank cards, credit cards, and check cards, you are giving away, for free, information worth a lot of money. Merchants, distributors, manufacturers, and banks are fighting over this information today. They all want a piece of it. Hell, they each want all of it. And it ain’t even their information. It’s yours. This is information about your spending habits, your payment habits, and your interests that they’re selling. You’re giving it away for free, especially if you’re paying a fee for your credit card on top of it all.

In Florida and California, retail chains have fought blistering legal battles with banks over this issue. The central question their lawyers are asking one another is: “Who owns the customer data?”

The legal answers are not yet in. But one thing is certain: No one is asking the customer.

When it finally happens, there isn’t going to be any choice. You’ll have to take part, and you’ll have to pay whatever the fee is, whether cash or information. As Pascal Zachary said about Bill Gates getting into the Cybercash industry, “He gets rich, ‘cause you exist”, ^(?) like bankers today. You have to have their service to survive in the modern world.

There’s so much information passing between you and the computers on the “other side” that some of it still gets lost. There’s really so much information that the stores and banks, like the system administrators on computer networks, just don’t know what to do with it all. I’d hazard that most of the information you ‘give’ is routinely ignored. Things like time of day, which checkout lane you’re in, who your cashier is, the total weight of your purchases, how your purchases compare to those of the person in front of you and behind you... stuff that seems so inanely trivial, who would want it? Given time, someone will want all of that and more. Some of it you desperately want to get lost. Many bank cards require passwords--usually called ‘PIN’ numbers--in order to ‘use’ your ATM card, whether at a merchant or a magic wall. When you give an incorrect password, you’re handing out very valuable information: you’re telling a complete stranger what you think your password is.

I’ve got quite a few passwords: a bank card, two credit cards, at least four computer accounts, and a voice mail account, just offhand. Since I see the dangers in having the same password for each purpose, I use a different password for each. But that gets hard to juggle as well: just this morning I tried to get my voice mail using my bank card password. It’s not the first time I’ve used the right password in the wrong place, and it probably won’t be the last. I doubt very much that AT&T, in this case, kept track of my incorrect password, and I don’t know what they’d do with it if they did. I don’t see AT&T sneaking around in the middle of the night emptying out the checking account of a hack writer.

Today.

But who knows what AT&T is going to be doing tomorrow? They still won’t be stealing from my checking account, but that doesn’t mean they won’t want the information. Do I commonly use the wrong password? The same wrong password? Why do I keep doing that? Is it for another voice mail account that I use more often than AT&T’s? That’s something they’d like to know.

And if I do the same thing at an ATM machine? Sure, I don’t expect Mission Federal Credit Union to keep track of my ‘invalid passwords’. But Mission Federal has nothing to do with the ATM machine. Just because I trust my bank, doesn’t mean I should trust some odd-named machine in the middle of Horton Plaza. The bank doesn’t own this ATM. They probably don’t even know who does.

Even our mistakes are valuable in the information age. Everything is information, and everything we do tells someone else something about ourself. Everything that can be recorded can be sold. If there are no fees, no interest, and no merchant charges, there is still a lot of money to be made by cybercash providers.

How it will actually happen is anyone’s guess. Cybercash may be private or public, centralized or distributed (although probably distributed, because it limits the liability of financial institutions), but we will get digital money. Paper money is already outdated and it is getting worse every day. As Alvin Toffler says in the highly recommended PowerShift, “Except for economically backward countries and quite secondary uses, paper money will go the way of the coral shell and copper bracelet currency.”

Paper money has to go simply because current technology--high resolution computers and printers--can forge normal paper money too easily, and tomorrow’s technology is only going to get better. It has to go because it is simply to slow to transact using paper cash in a world of computer networks. The important question from the customer’s and individual’s standpoint is whether digital cash will improve our privacy, degrade it, or remove it.