The Monster from the Crypt:
Impacts and Effects of Digital Money
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 27 June 1997
? Xamax Consultancy Pty Ltd, 1997
This paper was presented at a plenary session of QuestNet'97, Brisbane, 4 July 1997
An earlier version was presented at the Computers, Freedom & Privacy Conference (CFP'97), San Francisco, 12-14
March 1997, on a panel comprising Michael Froomkin (a Uni. of Miami Law Professor), Chief Cypherpunk Tim
May ('national borders are just speedbumps on the information superhighway) and David Chaum (Mr Digicash)
This paper is at http://www.anu.edu.au/people/Roger.Clarke/EC/Monster.html
The term 'digital money' encompasses stored-value cards based on chips, plus net-based payment mechanisms. It is set to have substantial impacts on financial services industry, plus flow-on effects on society as a whole. Depending on a whole host of factors, these may be evolutionary, or utterly revolutionary.
The paper first presents an analysis of direct impacts. Whether existing financial institutions sustain control of the payments marketplace, or lose share to new players, depends on whether open schemes eventuate; whether the risk of failures and scams is managed; and whether transaction risk is limited to very short durations. Second-order effects will be mediated by existing industry and social structures. The intrinsic supra-jurisdictionality of digital payment schemes appears likely to reduce the importance of national regulators, and the capabilities of national tax collection agencies. This will stimulate a last-gasp attempt by nation-states to impose their waning power on the populace, in particular through dataveillance technologies.
Public services, funded through taxation imposed on captive audiences by nation-states, will prove unsustainable. But the coming breakdown in established authority does not mean the end of civilisation as we know it. Law and order will be sustained within geographically localised communities; and federations of similarly-minded communities will form strategic relationships to keep portions of the world relatively safe for their members.
In this paper, I use the term 'digital money' to encompass both chip-based stored-value cards, and net-based payment schemes.
Chip-based payment schemes are described in a hard-copy publication by this author, excerpts from which are at http://www.anu.edu.au/people/Roger.Clarke/EC/CBPSBk.html.
Net-Based Payment Mechanisms are described in a web-page maintained by the author, at
This page provides the following classification of net-based payment mechanisms:
; evolutionary approaches:
; credit-card details;
; debit-card details;
; revolutionary approaches:
; electronic value-token creation and passing (cash-like), including micropayment schemes;
; electronic payment instructions (cheque-like);
; integrated approach:
; stored-value card payment.
Transactions using digital money may be fully identified as to payer and payee, or fully anonymous. They may, alternatively, be 'pseudonymous'. I use this term to imply the use of an identifier for a party to a transaction, which is not, in the normal course of events, sufficient to associate the transaction with a particular human being. The data may, however, be indirectly associated with the person, if particular procedures are followed. (Note that some other authors use it rather differently, importantly Ian Goldberg, David Wagner and Eric Brewer at Berkeley).
The paper assesses digital money's likely direct impacts and less direct, second-order effects. In order to do so, it first considers the possible patterns of development and application of digital money technologies. A key assumption underlies the analysis. Digital money is entirely dependent on the impenetrability of 'strong' cryptography. This paper assumes that there will be no quantum leap in crypto-cracking techniques that catches up the lead that cryptography has over them, nor even strongly credible rumours to that effect. If that assumption proves to be incorrect, the security of electronic payment mechanisms would be undermined.
The Crystal Ball
Privacy and Smart-Card Based Schemes
The time has passed when we could afford to simply pontificate on the impacts and effects of powerful technologies. It is essential that we apply the tools at our disposal, in order to get a grip on our future. This section considers the state of play in the area of digital money, in order to highlight some key features of the emergent marketplace, and infer whether digital payments mechanisms are likely to be highly concentrated among a few players, or highly fragmented among many.
Starting Point for the Analysis
There are many existing forms of payment mechanism, each with characteristics that fit some need of corporations or individuals. Tele-commerce (e.g. telephone ordering of goods and services) has already spawned refinements to existing mechanisms.
Electronic commerce, the conduct of trade using telecommunications infrastructure and tools, takes place in substantially different contexts from conventional trading, and hence demands substantial refinements to existing mechanisms, or (more likely) new mechanisms.
The marketspace offers significant advantages over conventional physical marketplaces. It supports the negotiation for and settlement of contracts for physical goods (but not their delivery, maintenance and replenishment). For digital goods, on the other hand, it supports the entire process of electronic commerce, from discovery of suppliers, through selection of supplier, delivery and settlement, through to after-sale service.
The Invention Phase
Digital money services initiatives abound, as was evidenced by the long list of products and product-types referenced in the introduction. These will enable payment via the open Internet, and using other elements of the emergent information infrastructure (including such proprietary networks as may survive, closed segments of the Internet, and developments on the cable TV model).
The Adoption / Innovation Phase
The payments marketplace is large and diverse. Like other large marketplaces (e.g. cars, car-engines, pharmaceuticals), there is a great deal of difference between inventing something, and refining the invention, integrating it with existing infrastructure, and implementing it. This process is commonly referred to as the 'innovation' or 'adoption' phase.
New payment mechanisms may be a adopted by existing organisations, as extensions or adjuncts to their existing services. Alternatively the innovation process may be driven by new players entering the market. The following two alternative scenarios therefore need to be considered:
1. Prudentially supervised banks dominate the existing payment systems of each major country. Those banks,
through the payments processors and brand-owners Visa and MasterCard, also dominate consumer
payments that have an international dimension. One possible path is that digital money technology
developers will place their products almost exclusively with established financial institutions. Initial
services would therefore be available through conventional channels, and alternative providers would be
small niche-players, unless and until they established recognisable competitive advantages. This scenario
then bifurcates into two sub-paths:
1. the financial institutions continue to (by and large) respect the wishes of national regulatory bodies;
2. the financial institutions, whose payment schemes would no longer be primarily within any one
nation-state, progressively shrug off the controls imposed by national regulatory bodies;
2. Large banks move slowly. This creates a window of opportunity, such that small, new entrants use the
new technologies to establish themselves as non-supervised electronic bankers. This scenario sees
widespread early use of these new players. It then bifurcates into two alternative paths:
1. a few well-publicised failures and scams result in a large-scale movement by consumers back
towards supervised financial institutions; or
2. to manage the risks of failure, fraud and large-scale theft, the majority of new players form their
own self-regulatory body (by definition international in nature), and establish standards, audit
requirements and insurance mechanisms. These mitigate the inevitable collapses. The new players
retain a substantial market-share, and the result is a new world order among financial institutions. Which Path?
The following factors appear to be critical in assessing which of these scenarios is most likely to eventuate:
1. the speed with which the large financial institutions move, and hence the size of the opportunity window
for new entrants. During the last year, there have been many signs of urgency among the large players;
2. the degree to which digital money technologies are openly available. Many inventors, including both
Digicash and Mondex, appear to have adopted the strategy of dealing with large, existing players, at least at
this stage of development;
3. the capital requirements to establish schemes and to reach potential customers. At this stage these still
appear to be large; but on the other hand the economics of market reach is greatly changed by the net;
4. the scale of early adoption, in terms of numbers of people, numbers of transactions and value of
transactions. The dramatically steep take-up rate of the web generally needs to be contrasted against the
much more reticent behaviour patterns evident when it comes to making purchases and payments on the
5. the timing and appropriateness of actions by regulators. There is a serious disincentive involved in
being subject to prudential supervision, because it imposes significant capital requirements, cost, and
bureaucratic inconvenience and delays. On the other hand, prudential supervision acts as a 'barrier to entry',
and limits the rate with which newcomers change the pattern of the financial services marketplace. The potential for digital money to function with limited regulatory interference is being aided and abetted by at least some central banks. The Chair of Australia's Reserve Bank (with similar responsibilities to those that Allan Greenspan has in relation to the U.S. Federal Reserve) stated in early February 1997 that he viewed stored-value cards not like currency, cheques or loans, but rather like travellers' cheques: they are not a proper financial instrument, and hence do not require the Reserve Bank's direct supervision. The implication is that at least some forms of net-based payment schemes are perceived by the Reserve to have similar non-money characteristics. Hence financial services organisations that offer only those kinds of payment facilitation would not be subject to prudential supervision.
As the competition warms up, it could be that regulators will deny existing banks a 'prudential-supervision' barrier to entry to the market by new players, and even force the existing institutions to fight holding one hand behind their backs.
Moreover, it is unclear at this stage to what extent prudential supervision will actually provide greater security of services, and whether consumers will actually (a) understand, and (b) value, the 'comfort-zone' that supervision is meant to provide.
I speculate that one particular feature of net-based payment technologies may be particularly critical. This is their ability to conduct all settlement and clearance procedures within a very short time, measured in seconds
(using the transaction-boundary and two-phase-commit concepts conventional in distributed database systems). If this feature is offered, then most consumers will have only one a limited amount and proportion of their funds at risk at any one time, and the incentive to an electronic bank to 'stage a heist' will be much lower than it would be if it held substantial 'float'. As a result, the need for prudential supervision is far less, the image-advantage that prudential supervision provides to established financial institutions is very limited, and the established players have to use other ways to compete with the new entrants.
The first implementations of new stored-value card and net-based payments schemes involve substantial capital investment. Existing large financial services providers appear likely to be heavily involved, but additional large corporations may become involved, such as telcos, GM and Ford. The relationship between the payment services multi-nationals, Visa and MasterCard, and the financial institutions that own them, may also go through some changes, including re-consideration of their present constitutional arrangements.
As standardisation occurs, the capital investment needed to launch a new service seems likely to decrease. This will enable smaller players to offer services, perhaps only in niches, but perhaps across whole market-segments. This advantage for small players will be all the greater if the schemes are relatively open. Elements are emerging of an open system that would facilitate large numbers of small players, including:
; software agents that enable payers and payees to negotiate which payment mechanism to use (in particular
W3C JEPI); and
; clearing mechanisms that enable payees to convert into usable value electronic payments made in
whatever forms are convenient to payers.
Because there are so many factors involved, it will be some time before it is clear whether digital payments will lead to more concentrated or more fragmented marketplaces in payment services.
This section considers ways in which digital money will directly affect consumers and corporations. Benefits and Disbenefits for Consumer Segments
Superficially, digital money would appear to offer substantial advantages to net-dwellers, through enhanced
convenience, time-savings and the ability to buy and sell in many marketplaces, and in the emergent marketspace.
For non-net-dwellers, there may be equity disadvantages if digital money were to significantly displace existing
payment mechanisms. This is a variant of the arguments concerning the unavailability of credit-cards to members of lower socio-economic groups, and the information-rich/information-poor dichotomoy.
There is, of course, a considerable risk of greater intrusions into individuals' behaviour by financial services
organisations, and by the government surveillance apparatus that stands close behind them. Information privacy protections are seriously inadequate in some countries, and all-but non-existent in others. An Appendix to this paper
provides access to an analysis of the privacy implications of stored-value cards.
Benefits and Disbenefits for Corporate Users
It appears likely that the needs of small enterprises, and perhaps also medium-sized enterprises, may be well-served by much the same capabilities as are delivered to consumers.
It is to be expected, however, that large corporations and government agencies will continue to take advantage of more sophisticated services offered by established financial services institutions. They may, however, make considerable use of digital money for small-scale and spontaneous purchasing, as they have done during the last decade with credit-cards.
This section groups together a range of second-order effects. The discussion is necessarily even more diffuse and uncertain than was the case in the preceding section. It largely overlooks the many other changes that are occurring, driven by factors other than digital money. These not only have their own penumbra of second-order effects, but will also interact with the ripples arising from digital money.
Digital money is part of the general tendency towards substitution of labour-intensive work by 'high-tech / low-labour' processes. The workplace impacts are inevitable:
; fewer people will be employed in the delivery of payment services;
; the posts that remain will demand greater educational background and higher-order skills; and
; the existing trend in large financial institutions away from large numb numbers of manned branches will be
These developments may, however, be complemented by a strengthening of the role of community-based organisations such as credit unions and Raiffeisenkassen.
A challenge for corporations will be to enable digital payment by employees on the organisation's behalf, without undermining the authorisation procedures on the one hand, and compromising technical (e.g. firewall) precautions on the other.
In some senses, banks have been working towards close and multi-faceted relationships with their clients. This has, however, been primarily in relation to corporate clients, and wealthy and high-income consumers. The decreased need for, and affordability of, person-to-person relationships, may see a tendency towards a wholesale-retail or local-agent-intermediated mode of interaction between consumers and financial institutions. Various kinds of community-based organisations (together with remaining highly dispersed service organisations such as post offices, petrol stations and car-hire chains) may then fulfil the remaining counter-service role. The features, the costs, the freedom to choose among diverse payment services, and the balance between consumer interests and service-provider power will depend a great deal on the dynamics of the marketplace discussed earlier. Trans-, Extra- and Supra-Jurisdictionality
Significant difficulties have always existed in relation to 'trans-jurisdictional' commerce, i.e. business activities that cross jurisdictional boundaries. In some cases, in particular where elements of a transaction are quarantined in jurisdictions that do not recognise international conventions, the behaviour is already effectively 'extra-jurisdictional', in the sense that it is incapable of prosecution in any court of law.
Electronic commerce in general, and digital money in particular, are lifting the art of regulatory avoidance to new planes.
The term 'supra-jurisdictionality' usefully conveys the way in which business conducted in virtual marketspaces may be subject to no existing legal jurisdictions at all. In the imagery popularised by John Perry Barlow, it is a new 'electronic frontier'; it is currently lawless; and it may prove to be even less capable of subjugation by formal legal architectures than is the kind of business currently conducted in or through regulatory havens. This is inevitable not just in the case of fully anonymous schemes. Pseudonymous schemes may also create barriers for law enforcement agencies, because the means of associating the indirect identifier with the person concerned may require access to data outside the jurisdiction in question. Even identified digital money may present challenges, because of definitional issues, and because some aspects of transactions may be undertaken (accidentally or intentionally) outside the jurisdiction.
Extra-jurisdictionality was a major problem long before the advent of the Internet, with regulatory havens used by trans-national corporations (e.g. Panamanian registered ships), and individuals (e.g. countries with limited extradition treaties). The difference is the ease with which domestic regulation will be able to be avoided, and the much lower cost threshhold, which will make it available to smaller corporations and less wealthy people. Impacts on Regulatory Agencies
Jurisdictionally-bound regulatory agencies extend their reach through bilateral agreements with other jurisdictions (such as extradition treaties and double-taxation agreements), and multilateral arrangements through international associations (such as Interpol). This has had modest success, but also many failures. These have been due to the large numbers of countries and sub-national jurisdictions; to differences among legal systems, cultural values, religious beliefs and political ideologies; and to the financial advantages of a jurisdiction acting as a regulatory haven.
Search warrants and extradition applications need to be dealt with by an agency with appropriate powers in a physical location. In supra-jurisdictional cyberspace, no-one can hear a regulator scream with frustration: there is simply no local regulatory agency with which to negotiate.
Genuinely supra-jurisdictional payment mechanisms mean that corporations and consumers alike will have no recourse to conventional courts in order to gain retribution for foul play. But this is not all that great an incentive to stay within jurisdictions: the simple fact is that litigation is used in only a small proportion of instances in which transactions 'go bad'.
It is unlikely, however, that corporations and individuals will be comfortable transacting in an unprotected environment. Regulatory agencies appear likely to be of much less consequence than they are at present, but alternative control mechanisms will be sought. Two primary alternatives exist:
; rely on 'self-regulation', through industry associations that control common infrastructure such as clearing
; reduce the risks that are involved in payment schemes.
Impacts on Taxation Agencies
Taxation authorities and their advisers are currently performing stocktakes of the bases on which taxes are levied. Few forms of revenue are unaffected by the Internet; for example:
; income taxes. For many classes of worker, income can be obscured. As contract-based work replaces
employment, and small employers replace large ones, the ease increases with which pay-as-you-earn tax
collection can be subverted;
; bank deposit taxes. These are presaged on the assumption that it is necessary, or at least convenient, to
deposit funds into a local bank account. But netting of funds flows in order to reduce taxation is readily
performed now by cash-handling organisations such as shops; and with digital money it will become much
more mainstream. Meanwhile, large corporations already conduct tax arbitrage between State jurisdictions,
and even small corporations and individuals will now be able to do so internationally;
; gambling taxes. Real casinos can be, and are being, supplemented, and to some degree replaced, by virtual
; sales taxes, excise duties, customs duties and value-added taxes. These may continue to be effectively
levied in respect of physical goods; but digital goods will be much more difficult to monitor. Digital goods
are an area of substantial growth in economic activity, and to some extent are substitutes for taxable
physical goods (e.g. transmissions for films, videos and CDs).
Among the many implications of electronic commerce is the democratisation of economic escape hatches. The facilities that have been available to 'the rich and powerful' to avoid inconvenient laws are increasingly within the reach of the general public. It will be surprising if they don't enthusiastically adopt them. Digital money lowers the threshhold at which opportunities can be exploited. In the near future, not only the wealthy and high-income corporations and individuals will utilise opportunities to place monetary flows, profits and assets beyond the grasp of national taxation agencies.
As the number of companies and individuals reaping the benefits of tax-avoidance strategies increases, the proportion of the country's nominal tax-base that is liable to slip through the sieve will increase dramatically. It is not easy to see what new taxes can readily be imposed to make good the shortfalls.
Some countries, such as Australia, have enjoyed a fairly strong tax-payment morality. This has been at risk because of the increasingly apparent ability of major corporations to avoid tax. Payment morality will become very seriously threatened as the extent of leakage from the nominal tax-base increases. It will become much more mainstream for people to have a proportion of their income streams and assets visible to taxation authorities, and a proportion obscured, in order to ensure that they do not bear an unreasonable share of the jurisdiction's taxation load. Taxation agencies will see themselves as being forced to rely increasingly heavily on surveillance as a means of pressuring people and companies into keeping their activities visible, and paying taxes.
Increased Use of Dataveillance Technologies
Information technology has delivered to corporations and government agencies the means to process and store vast quantities of data. One of the main purposes to which it is being applied is the surveillance of individuals through the transactions that they engage in. For this concept I use the term dataveillance.
Particularly since the middle of the twentieth century, there has been a marked trend towards increasingly data-
intensive relationships between individuals and the organisations with which they deal. A great many data-trails
are already available.
Identified digital money might well result in very substantial transparency of consumers' economic behaviour. This will enable marketers to manipulate them to a yet greater extent. It is important to appreciate that a very significant proportion of the transactions that will be conducted with digital money have hitherto been undertaken anonymously. These technologies therefore harbour the potential to dramatically assist the repressive state. People's behaviour will also become more transparent to government agencies, opening them up to greater oppression and repression. The desperate straits to which government will be reduced by the shrinking tax-base will inevitably result in attempts to apply dataveillance capabilities yet more energetically. This will in turn drive the miscreants further into the black economy, and engender distrust in government among the population generally. Of course, technologies are feasible, and some have been delivered, which provide anonymous digital payment, or
in which one side of the payment is anonymous. It is important that these alternatives be available. There are,
however, real public interests in having some degree of traceability of funds flows. Much more effort therefore needs to be invested in pseudonymous electronic payment mechanisms, which provide an indirectly identified trail.
Technical, organisational and legal measures are then needed to protect the means of linking the indirect identifier to the individual person.
Parallel to this, the widely-used concept of 'user authentication' needs to be generalised. In some circumstances,
the identity of the individual is indeed at issue, and 'user authentication' is appropriate technology. There are many circumstances, however, in which the identity of the person is not relevant. In such cases, 'user authentication' is merely a poor implementation of what is really needed: 'eligibility authentication' (to ensure that the person has a
characteristics that render them eligible to conduct a particular kind of transaction), or 'value authentication' (to
ensure that what they proffer as payment is what it purports to be). It would be more effective to implement these kinds of authentication directly.
Impacts on the Funding of Public Services
Public services are largely funded through high taxation rates applied to captive audiences. Governments appear likely to lose control of cash manufacture, and hence their considerable interest revenue from seigniorage. As payments migrate from monitorable and therefore taxable mechanisms to supra-jurisdictional mechanisms, nations' tax-bases will shrink.
Governments will have to reduce the services they provide, run even larger deficit budgets, find new ways to levy taxes, and/or increase existing rates still further. Their revenue-gathering will be less effective, and will be perceived by the remaining taxpayers to be inequitable.
In the new, electronic context, the twentieth century edifice of nation-state provided public services may prove to be unsustainable.
The Breakdown of Established Authority
The near-futures imagined by science fiction novelists of the 'cyberpunk' genre perceive that untaxability will result in ungovernability. They envisage that there will be a breakdown of government-imposed law and order; that the 'hyper-corps' will retreat inside corporation-controlled enclaves; and that less polite society will slide towards high-tech, but fairly chaotic tribalism.
As Gibson and Sterling stress, these are not imagined futures, but rather cold-blooded assessments of Brooklyn and The Bronx (of almost any decade), the Italian black economy, the Beirut of the 1980s, the 'once-was-Yugoslavia' of the 1990s, and post-Gorbachev Russia, where (as Esther Dyson told us at CFP'95), the official police compete with various mafiosi as but one of a range of alternative protection agencies.
The supra-national nature of electronic payment mechanisms may be a primary factor in the nation-state becoming a fleeting footnote in social history, roughly from 1870 to 2020. If so, what will be the dominant pattern that emerges: the multi-national blocs of George Orwell's '1984'? Those of the advertising rhetoric of the European Union? A pan-world government (League of Nations Mark III)? Multiple local governments run by alternative semi-criminal organisations? Or the tribal anarchy foreseen by cyberpunk sci-fi authors?
The Crystal Ball
The preceding sections are highly risk-prone attempts to analyse the future. They are, however, based on a reasonable background in electronic commerce and in payment systems, and an amount of systemic reasoning. At this point, a little raw speculation is in order. My prognostications are based on a couple of observations: (1) Place Matters
At least for the foreseeable future, people will continue to exist IRL / in 'meatspace'. Indeed, a current challenge facing each of us is to establish a balance between the real and virtual components of our lives. (2) People Like Law and Order
Within the real world, most people seek out safe places within which they and their families can enjoy the fruits of advanced society. They therefore place a high premium on law and order in their local area, and will continue to do so. Some of what they pay for will benefit no-one but themselves; but they will inevitably contribute towards some common goods and services.
(3) Geographically Localised Communities Are Not Dead
The forces that are rendering the nation-state unsustainable and irrelevant are not undermining the need for, and the possibility of, conventional communities based on physical co-location.
(4) It Is Feasible to Motivate Meaningful Participation in Local 'Official Society'
Incentives, in the form of particular mixes of freedoms and controls, can be created by local communities, to encourage corporations and individuals to operate within their local society's rules. The days of the nation-state as the primary means of social organisation may well be numbered; and communities appear likely to become the primary form of social organisation.
(5) Communities Can Form Associations based on Style
People travel. They like other places to have the kind of law and order that protects them. The probability is, therefore, that people will value coalitions of communities in which they 'feel safe'.
Theories of strategic advantage and alliance have been in vogue among corporations for some time, and attempts have been made to apply them at national level. Communities will apply those same principles to inter-community patterns. There is scope for reciprocal arrangements, and harmonisation of law between partner communities. This creates the possibility for communities to cross-promote the particular balance between orderliness and dynamism that their systems offer.
The concept of 'jurisdiction-shopping' has hitherto been used only as a pejorative, to describe the selection of that jurisdiction in which a case has the greatest chance of being determined in the individual's favour. It will become a positive marketing tool, whereby communities will construct mixes of freedom and regulation, in order to attract sufficient of the kinds of businesses and people that they need in order to be economically and socially self-sustaining.
The implications of the Cypherpunk / Crypto-Anarchist lines of argument are enormous, and the benefits of their vision (juicily) exaggerated.
It would be very helpful to us slow thinkers if Eric Hughes, Tim May, and their considerable band of fellow-travellers, could distinguish their systemic arguments (of the form: "technological feature X gives rise to social change Y") from their moral arguments (of the form: "the fact that social institution Z will be harmed by this change is a good thing").
Outsiders can see a great deal wrong with American society; but we're not sure that a complete revolution is the only, or the best, way to solve the problems. Some other countries run in a manner that better services the perceived needs of the populace; very few people in Australia want to see desperate struggles as a way of life, but rather we want progressive changes to build on the solid base, without shaking its foundations.
The analysis presented in this paper suggests that control over digital money services will be determined by a few key factors. The fate of the nation-state is indeed sealed by electronic commerce in general, and digital payments in particular. But anarchy will not prevail. Nation-states will be replaced by governments based on geographical communities, and confederations among them.
; a paper on privacy issues arising from stored-value cards, at
; a web-page maintained by this author, identifying issues arising from net-based payment schemes, at
; 'Regulating Financial Services in the Marketspace: The Public's Interests', at
; papers on identification, anonymity and pseudonymity in consumer transactions, a summary at
http://www.anu.edu.au/people/Roger.Clarke/DV/AnonPsPol.html, and this author's CFP'95 paper on the
topic, at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperCFP95.html
; a list of data-trails, at http://www.anu.edu.au/people/Roger.Clarke/DV/Trails.html
; 'A 'Future Trace' on Dataveillance: Trends in the Anti-Utopia / Science Fiction Genre', at
; 'The Digital Persona and Its Application to Data Surveillance', in The Information Society 10,2 (June
1994). At http://www.anu.edu.au/people/Roger.Clarke/DV/DigPersona.html
; 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info.
Technology & People 7,4 (March 1995). At
; 'Issues in Technology-Based Consumer Transactions' Invited Address to the Annual Conference of the
Society of Consumer Affairs Professionals (SOCAP), Melbourne, 26 September 1996, at
Appendix: Privacy and Smart-Card Based Schemes
A paper on privacy issues arising from stored-value cards is at
The threats are summarised as follows:
1.The Front-Line Concerns
1.Greatly Increased Intensity of Transaction Trails
'whereas your credit-card and debit-card generated a trail of 5-10 transactions per month, or perhaps per
week, your smart card can enable the recording of your whereabouts and what you were doing 5-10 times
1. Exploitation of the Transaction Trails
1. by government agencies for purposes which were not original purposes for which the data
was gathered, which increases the risk of misunderstanding and misinterpretation due to differing
data definitions and inadequate data quality standards, and represents oppressive use of the State's
power over individuals
2. by consumer marketing corporations to better target prospects for their goods and services,
involving the exercise of information-based power to manipulate consumers and compromise their freedom
2. The Risk of 'Function Creep'
3. Potential for Operation Without Consumer Consent
1. 'Proof of Identity' Concerns
1. 'Proof of Identity' in Relation to the Acquisition or Use of a Card
2. Use of a Smart Card as Multi-Purpose 'Proof of Identity'
2. Other Areas of Concern
1. Access for Audit and Risk Management Purposes
2. Casual Disclosure of Personal Data
The paper also examines the trade-offs that are possible between privacy and other interests, and a taxonomy of scheme-types, classified according to their degree of privacy threat.
The conclusions reached are that:
; there is ample evidence of appreciation by services providers that privacy represents a serious threat to the
viability of smart-card schemes;
; there is a need for action to overcome the lack of awareness and understanding of the technology and of the
schemes applying the technology. This is an urgent matter, in order to ensure that they can be satisfied for
minimum additional cost;
; scheme designers and operators will only become adequately sensitive to consumers' needs, especially in
relation to particular classes of consumer market segments (such as low-income earners, people who have a
poor command of the english language, and people with relevant disabilities), if public participation is
enabled, through such means as impact statements, prior consultation with, and participation in the design
by, affected parties;
; consumers need an effective choice between identified schemes on the one hand, and anonymous or at least
pseudonymous schemes on the other;
; pseudonymous schemes depend on the establishment of legal protections against access to the index of
identities. Access would be by way of search warrant or consent of the individual concerned. Legislative
action is necessary to provide these protections;
; conditions of contract applicable to schemes need to be assessed by consumer interest groups prior to
launch, and subjected to continual re-assessment;
; [in Australia at least - see this author's report on the recent MasterCard survey], general support exists for
the proposition that privacy laws are urgently needed to regulate the private sector generally; ; in relation to the regulatory scheme:
; market forces alone would be unlikely to result in outcomes acceptable to the Australian public,
and hence some policy measures are essential;
; awareness and educational campaigns would not be a sufficient pre-condition for appropriate
balances to be found;
; dependence on moral suasion may be a valuable adjunct to other measures, but is very unlikely to
fully satisfy the public need;
; because of the wide diversity of applications and industry sectors, voluntary codes would be
unlikely to satisfy the need;
; enforceable codes of conduct, predicated on legislation establishing at least OECD-level standards
of privacy protection on the private sector, appear to offer an effective and workable solution to
the public need;
; the most effective approach would be a code of practice negotiated among relevant parties
including regulatory agencies and advocacy groups, administered by the industry, and subject to
overview and sanctions by an appropriate 'watchdog' body.
This author has been involved as a member of an Asia-Pacific Smart Card Forum Sub-Committee to prepare a Code
of Practice in relation to smart card schemes. This is due for public release in March, but there was no web-ready
version at the time of writing.