[LINK] Kaching a Cash Register for CommBank?

Roger Clarke Roger.Clarke at xamax.com.au
Wed Oct 26 20:27:45 AEDT 2011 

>$quoted_author = "Roger Clarke" ;
>>  [I haven't had time to wrap my mind around CommBank's announcement of
>>  an NFC-based payment scheme for mobile phones, but it sounds like
>>  another highly intensive consumer data-trail.]
>
At 10:57 AM +0200 26/10/11, Martin Barry wrote:
>Is there any other way to do electronic transactions?
>"Freeing" ourselves from carrying cash removes the ability to make the
>physical security trade off that gains almost complete anonymity because
>there is no longer a physical token that when exchanged transfers the stored
>value to someone else.
>If "stored value" is just some data then you need an audit trail to prove
>that the value exists.

'Excellent question!', as those skilled in the art of presentation say.

Ooh, deja vu all over again.  It's *years* since I worked in this space.

I did a quick check of this 1995 document:
http://www.rogerclarke.com/EC/EPMEPM.html

That identifies ECash, NetCash and Millicent.

Michael Pierce's 1996 comparison paper is still up!
http://www.w3.org/Conferences/WWW4/Papers/228/

Yes, such schemes include a banker.

No, the banker isn't an intermediary.

That is to say, the merchant doesn't need to (and, in a conformant 
scheme, doesn't) pass any information about the transaction to the 
banker - just the id of the coin used to make the payment.  The 
banker confirms or denies the validity of the coin, and cancels it. 
The coin is cryptographically-protected, hopefully;  although some 
micro-payments schemes prefer to just 'wing it'.

Yes, the merchant knows (something about) the identity of the buyer; 
and a frequent customer exposes a data-trail and hence profile to the 
merchant.

But the vast majority of people who value privacy prefer society to a 
desert island.  What they want is to minimise the exposure of their 
data-trails.


There was a second article in Delimiter on the topic.  (I posted it 
to the privacy list, but figured it was getting marginal for link):

CBA's Kaching app raises privacy concerns
Delimiter
http://delimiter.com.au/2011/10/26/cbas-kaching-app-raises-privacy-concerns/
Renai LeMay
Wednesday, October 26, 2011 11:42


-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list