From declanm@netcom.com Fri Sep 29 14:38:28 1995 Return-Path: Received: from po5.andrew.cmu.edu by mail3.netcom.com (8.6.12/Netcom) id LAA27306; Fri, 29 Sep 1995 11:27:02 -0700 Received: (from postman@localhost) by po5.andrew.cmu.edu (8.6.12/8.6.12) id OAA21403; Fri, 29 Sep 1995 14:21:36 -0400 Received: via switchmail; Fri, 29 Sep 1995 14:21:36 -0400 (EDT) Received: from pcs32.andrew.cmu.edu via qmail ID ; Fri, 29 Sep 1995 14:19:00 -0400 (EDT) Received: from pcs32.andrew.cmu.edu via qmail ID ; Fri, 29 Sep 1995 14:18:41 -0400 (EDT) Received: from mms.4.40.Nov..4.1993.10.34.00.sun4c.411.MacMail.0.9.CUILIB.3.45.SNAP.NOT.LINKED.pcs32.andrew.cmu.edu.sun4c.411 via MS.5.6.pcs32.andrew.cmu.edu.sun4c_411; Fri, 29 Sep 1995 14:18:40 -0400 (EDT) Message-ID: Date: Fri, 29 Sep 1995 14:18:40 -0400 (EDT) From: "Declan B. McCullagh" To: Fight Censorship Mailing List Subject: Sirbu On Digital Commerce Cc: Jonathan.Hardwick@cs.cmu.edu References: <44gpn1$gm1@cantaloupe.srv.cs.cmu.edu> Status: RO X-Status: I'm going to try to catch the second half of Sirbu's talk, which should last an hour. (PSC is the Pittsburgh Supercomputing Center) -Declan ---------- Forwarded message begins here ---------- From: prs+@N2.SP.CS.CMU.EDU (peter steenkiste) Newsgroups: cmu.cs.scs Subject: PSC/CS seminar 9/29: Marvin Sirbu Date: 29 Sep 1995 12:44:17 GMT Organization: Carnegie-Mellon University, School of Computer Science The abstract for the PSC/CS seminar on 9/29 (today) is appended: When: Friday, September 29, 4pm Where: 3rd Floor Conference Room, Mellon Institute Building ----------------------------------------------- Digital Commerce Marvin Sirbu Engineering and Public Policy Carnegie Mellon University The Internet is increasingly being used to support all phases of commerce from product identification and selection to ordering, delivery, payment and after sales service. In this talk I will discuss some of the emerging uses of the Internet in support of commerce, with special attention to payment mechanisms, including the NetBill payment system being developed at CMU's Information Networking Institute. From declanm@netcom.com Fri Sep 29 19:04:47 1995 Return-Path: Received: from po5.andrew.cmu.edu by mail5.netcom.com (8.6.12/Netcom) id QAA11057; Fri, 29 Sep 1995 16:12:37 -0700 Received: (from postman@localhost) by po5.andrew.cmu.edu (8.6.12/8.6.12) id TAA06050; Fri, 29 Sep 1995 19:10:25 -0400 Received: via switchmail; Fri, 29 Sep 1995 19:10:21 -0400 (EDT) Received: from pcs6.andrew.cmu.edu via qmail ID ; Fri, 29 Sep 1995 19:08:58 -0400 (EDT) Received: from pcs6.andrew.cmu.edu via qmail ID ; Fri, 29 Sep 1995 19:08:32 -0400 (EDT) Received: from mms.4.40.Jun.13.1995.15.25.44.pmax.ul4.MacMail.0.9.CUILIB.3.45.SNAP.NOT.LINKED.pcs6.andrew.cmu.edu.pmax.ul4 via MS.5.6.pcs6.andrew.cmu.edu.pmax_ul4; Fri, 29 Sep 1995 19:08:32 -0400 (EDT) Message-ID: Date: Fri, 29 Sep 1995 19:08:32 -0400 (EDT) From: "Declan B. McCullagh" To: Fight Censorship Mailing List Subject: Sirbu on DigiCash, NetBill, and Iraqi Terrorists Reply-To: fight-censorship+@andrew.cmu.edu Status: RO X-Status: So I went to Marvin Sirbu's "Digital Commerce" talk this afternoon, which was attended by about 45 people and wasn't about digital commerce as much as it was about the benefits of Sirbu's NetBill project. NetBill is the Information Networking Institute's cash cow, funded by the deep pockets of Visa and Mellon Bank. Sirbu started by talking about "What is Electronic Commerce" and predicted that in ten years, 20 percent of worldwide transactions will take place via the WWW, then quickly moved on to listing the virtues of NetBill over the competing proposals: Netscape "secure" credit card transactions, CyberCash, First Virtual, digital checks, and DigiCash. He was especially against DigiCash, stressing that it requires all DigiCash users to trust the digital cash bitstream-generating entity. Since DigiCash allows for anonymous transactions, the U.S. doesn't want it and won't support it. Sirbu dismissed questions about the possibility of Switzerland using DigiCash. There was also a brief discussion, sparked by a question from the audience, about Iraq using DigiCash to disrupt the economies of the West. "I just got a call today from someone in the Secret Service who is preparing testimony for Congress next week. They wanted to learn more about DigiCash," Sirbu said. NetBill, on the other hand, requires users to set up an account on a centralized bank. Briefly: web user asks merchant for information product, sends NetBill account, merchant sends encrypted info product to user, contacts NetBill central bank to debit account, if account valid, returns decryption key to user so user can decrypt information product. NetBill authentication/encryption/transaction libraries will be compiled into web clients and browsers. Sirbu stressed that all NetBill transactions are fully subpoena'able. NetBill will start a pre-commercial trial in early 1996 using real money. Information will be provided by MIT's Network Multimedia Information Service, University of Illinois Digital Library, Thompson Publishing, and CMU. The NetBill hype was generally dry, but Sirbu got a laugh one time when he said, "Here's where I send a message to a merchant saying I want goods or software or a porno GIF or something." -Declan PS: Does anyone (Stanton?) who knows more than I do want to comment on DigiCash vs. NetBill, etc? Replies set to the mailing list. From declanm@netcom.com Fri Sep 29 22:59:40 1995 Return-Path: Received: from po4.andrew.cmu.edu by mail4.netcom.com (8.6.12/Netcom) id WAA17578; Fri, 29 Sep 1995 22:25:30 -0700 Received: (from postman@localhost) by po4.andrew.cmu.edu (8.6.12/8.6.12) id BAA03172; Sat, 30 Sep 1995 01:24:10 -0400 Received: via switchmail for fight-censorship+@andrew.cmu.edu; Sat, 30 Sep 1995 01:24:09 -0400 (EDT) Received: from po3.andrew.cmu.edu via qmail ID ; Sat, 30 Sep 1995 01:22:22 -0400 (EDT) Received: from eff.org (eff.org [140.174.2.70]) by po3.andrew.cmu.edu (8.6.12/8.6.12) with ESMTP id BAA28448 for ; Sat, 30 Sep 1995 01:22:12 -0400 Received: (from mech@localhost) by eff.org (8.6.12/8.6.6) id BAA10078 for fight-censorship+@andrew.cmu.edu; Sat, 30 Sep 1995 01:22:11 -0400 From: Stanton McCandlish Message-Id: <199509300522.BAA10078@eff.org> Subject: Re: Sirbu on DigiCash, NetBill, and Iraqi Terrorists To: fight-censorship+@andrew.cmu.edu Date: Sat, 30 Sep 1995 01:22:10 -0400 (EDT) In-Reply-To: from "Declan B. McCullagh" at Sep 29, 95 07:08:32 pm X-EFF_General_Info: info@eff.org X-PGP: Support Phil Zimmermann legal defense fund (email dubois@csn.org) X-Perl: Support Randal Schwartz legal defense fund (email fund@stonehenge.com) X-Censored: Support Arthur Halavais legal defense fund (email rhal@crash.cts.com) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 5837 Status: RO X-Status: > Sirbu started by talking about "What is Electronic Commerce" and > predicted that in ten years, 20 percent of worldwide transactions will > take place via the WWW, then quickly moved on to listing the virtues of > NetBill over the competing proposals: Netscape "secure" credit card > transactions, CyberCash, First Virtual, digital checks, and DigiCash. > > He was especially against DigiCash, stressing that it requires all > DigiCash users to trust the digital cash bitstream-generating entity. > Since DigiCash allows for anonymous transactions, the U.S. doesn't want > it and won't support it. Sirbu dismissed questions about the possibility > of Switzerland using DigiCash. This guy is a clueless nut. Almost ANY crypto-knowlegeable person can tell you that DigiCash's Ecash [DigiCash is the company, Ecash is the system] is cryptographically secure. I think Sirbu is mightily confused, and is fusing arguments against Clipper (a secret-algorithm system) and Ecash and other DigiCash products, which use publicly reviewed, tested and available algorithms. Sirbu is right that Ecash, and DigiCash smartcards, and DigiCash road toll payment systems, unlike all of the US counterparts I've yet seen, are anonymous, and that the US government and the US banking/credit industry don't like that. That is NOT a flaw in DigiCash's systems. It's a flaw in the US government and financial industry. Switzerland, hell. As of this week, Ecash is out of the test phase and is real money - they have a deal with a US bank, and are about to expand it to more US and foreign banks (presumably the ones that aren't so big-brotherish that they fail to see the merits of the DigiCash proposed standards.) > There was also a brief discussion, sparked by a question from the > audience, about Iraq using DigiCash to disrupt the economies of the > West. "I just got a call today from someone in the Secret Service who is > preparing testimony for Congress next week. They wanted to learn more > about DigiCash," Sirbu said. This sounds like a crock of shit, but if you have any more information on this, or find any, please inform me ASAP. I'm not aware of any such hearing, but if there's to be one, I need to get on it. The crock is the Iraq scenario. How could Ecash "disrupt the economies of the west" any more than paper cash? It's ludicrous (and it's equally ludicrous to propose that Iraq is going to do it, given their current level of connectivity. Ecash is a WWW-based system, and, well, Iraq just don't cut the mustard when it comes to online participation, I'm afraid. Like I say, I think Sirbu is off the deep end, and really has no idea what he's talking about. (A less charitable view would be that he has plenty idea what he's talking about and is deliberately misrepresenting the facts to keep his bank funding.) > NetBill, on the other hand, requires users to set up an account on a > centralized bank. Briefly: web user asks merchant for information > product, sends NetBill account, merchant sends encrypted info product to > user, contacts NetBill central bank to debit account, if account valid, > returns decryption key to user so user can decrypt information product. > NetBill authentication/encryption/transaction libraries will be compiled > into web clients and browsers. Sirbu stressed that all NetBill > transactions are fully subpoena'able. I like this guy less and less the more I hear about him. Funny thing is, BTW, "his" NetBill system is in no way novel. Most if not all e-commerce systems rejected this model out of hand because it's a pain in the ass for the user. Why should I have to wait minutes, perhaps days if someone's server is down, to be able to check out what I just bought? If things are a pain for consumers, they go consume something else. > NetBill will start a pre-commercial trial in early 1996 using real > money. Information will be provided by MIT's Network Multimedia > Information Service, University of Illinois Digital Library, Thompson > Publishing, and CMU. Here's my prediction: Ecash, First Virtual, and an improved Netscape (or other actually-secure browser for credit card purchases) is going to walk all over this. NetBill and other harebrained schemes, like debit card reader PC peripherals simply don't stand a chance. FV will succeed (and is succeeding already, despite it's inherent security) because it's convenient in the sense that you don't have to open new accounts, per se, you just have have a credit card and be willing to let FV deal with the transaction. NS will succeed because it's even more convenient - no middleman at all, just your credit card and the merchant. Ecash will succeed because it is truly secure, preserves anonymity (remember - all Rimm jobs aside, we all know that one of the, if not THE, most lucrative online niche markets is sexually explicit material), and is not centrally controlled. NetBill will fail for several reasons, including its name (everyone hates bills), it's damned inconvenience, it's central control, and it's built-in lack of security. > PS: Does anyone (Stanton?) who knows more than I do want to comment on > DigiCash vs. NetBill, etc? Replies set to the mailing list. You bet I do. Ask gnu@eff.org (John Gilmore) - he can probably go into a lot more cryptographic detail on this than I can. NB: Some of you may have noted the recent news about the NS/MS/Visa/MC cyber-cash deal falling apart. I for one am damn glad it did - it gives Ecash more time to propagate. -- Stanton McCandlish
mech@eff.org

Electronic Frontier Foundation

Online Activist