In Search of El Dorado

by Charles A. Gimon



(Published October 1995)

What is money? Is it the bills and coins in your pocket? For just about all of us, money is a number on a computer tape downtown, and has been for the last thirty years or so. Either way, money is a symbol of value, and the means that we use to exchange items and services. It sure beats barter, anyway.

There are differences, though. For centuries, people used gold as a medium of exchange. Gold is not controversial. If a coin is gold, you can prove it by weighing it, testing it, biting it like an old prospector. Computer accounts aren't as obviously testable. The data itself doesn't have any value alone--you have to rely on double-entry bookkeeping to make sure that the numbers in your books add up, that no value is slipping out the back door. Money in modern accounting springs from the ether like particles and anti-particles in quantum physics.

But in that bookkeeping, you end up keeping track of what everybody's doing with their money: there is no uncertainty principle for CPAs. The unfortunate side-effect of this is that there's no anonymity. Everything you do leaves an audit trail. Inside a company, of course, you want that. Nobody wants the rest of our lives to work that way, though--that kind of record-keeping is best left at the office.

Buying and selling is not as anonymous as it used to be. Things that were bought with cash years ago are paid for by credit card now. Credit cards, no matter what we might fool ourselves into believing, are not real money; they're a promise to pay with real money in the future. Credit transactions mean that you have to keep track of who made the promise to pay, so you can hold them to it. It's convenient, and sometimes it's the best option (how many people pay cash for a house?), but here again, there's no anonymity.

Being anonymous is more important than ever these days. Personal info can be combed from billing statements and checking accounts, find its way from database to database, and make even the dullest aspects of our lives bits of information to be sold by the line. A list of what you buy becomes a list of likes and dislikes; a list of credit card transactions can follow your movement across the country.

Now, with cash, that's never a problem. Cash can be tested for authenticity on the spot. Cash isn't a promise to pay, it's payment. And with cash, it doesn't matter who's paying and who's getting: cash can be anonymous.

If you could combine the advantages of electronic funds with the anonymity and solidity of cash, you'd end up with the holy grail of modern money: e-cash. A lot has been said about e-cash in the last year. The word "e-cash" has suffered a bit of debasement. Some people say e-cash when what they really mean is a credit card transaction, or a session at a teller machine. Real e-cash is this: electronic money that can be passed along from person to person like cash, that is anonymous like cash, and that has value immediately--it's cash, not a promise to pay later.

The invention of public key encryption nearly twenty years ago made real e-cash possible. Public key encryption is to ecash what security strips and fine engraving are to paper money. The beauty of public key encryption is that is allows for either anonymity or identity, as needed. Encryption can keep the sender and receiver of real e-cash anonymous, while letting the bank that's backing the e-cash certify that it's genuine.

Let's look at an electronic transaction the old way. Bob wants to buy something from Acme Corp. Bob sends a message to Acme (a wire transfer, a paper check, a credit card number) that will OK a transfer of funds from an account that already exists in a bank that back's up all of Bob's transactions. Acme contacts the bank, the bank confirms that everything looks legitimate, the bank transfers the funds. There's at least a short period of time before the funds clear, and every step of the process leaves a record that can be tracked later.

Here's how that would work with e-cash: Bob wants to buy something from Acme Corp. Bob sends ecash (the real thing) to Acme. Acme contacts the bank that backs the ecash to confirm that yes, this is legitimate ecash. Who Bob is doesn't matter, nor does it matter who Acme Corp. is (except that Acme needs to know where to send the stuff). The way that the math works, the bank verifies that the ecash is ecash. Bob's identity isn't revealed unless he tries to spend the same ecash twice--only then will the bank have enough information to pin him down.

Real e-cash isn't in use anywhere right now. It's the gold at the end of the rainbow for Internet marketers, electronic activists, and anyone who's concerned about their privacy. Proposals and schemes for electronic money are popping up like mushrooms. Some of them involve real electronic money, but others are just ways to carry a pre-existing credit card number over the Internet. Some of them are anonymous, some are not. Some of them have impressive corporate backing, others are lying around on virtual paper waiting for somebody to notice them. Everybody who's anybody seems to have their fingers into something.

But because some of the big players in these new schemes are predicting an end to cash--meaning no more coins and bills in your pocket--you should sit up and pay attention. Once the world jumps to a standard, there won't be any going back.

Let's take a look at some of these guys, and what they're really offering.

First of all, the smart card approach: the most advanced smart card proposal at the moment is the Mondex scheme in England. Mondex has been a project of National Westminster and Midland Banks in Britain and British Telecom since 1990. The technical details have been chewed over by a variety of well-known companies, mostly Japanese, including Hitachi, Panasonic, and Oki. As this is being written, Mondex is being tested in Swindon, England.

Mondex is not what purists would consider e-cash. Mondex relies on hardware, not software, for identity and security. You carry a smart card, load it with "cash", and then spend the cash when you plug your card into a merchant's terminal. Mondex is supposed to have the potential to transfer "cash" from card to card as well. Mondex promoters say that the system will be able to transfer funds over the Internet eventually.

Mondex is tight-lipped about its software features, but rumors persist that some information on the cards is carried without any encryption, notably the amount of "cash" that is being "stored" on the card. The security on the Mondex card is hardware-based; if some enterprising person could figure out a way to bypass the hardware "front door" and break in the back, they'd have a license to print money. The Bank of England says that they're satisfied that the hardware security in a Mondex card is strong enough; critics of the card on the Internet remain unconvinced. Yet if the value of the card were being backed up on a central bank computer somewhere, the card itself wouldn't really be holding the value, would it? In the strict analysis, that's not cash.

The proposed ability to transfer funds from card to card is controversial, too. European Central bank gnomes don't like it. That could mean no more central bank clearing, after all. And with a proposal to carry as many as five different national currencies on the same card, the average consumer might never have to pay a cut to the bank to convert foreign money again.

But Mondex is the worst proposed system to privacy advocates. The cards download a transaction log to the bank every time they make contact. You use a Mondex-type card, you leave a trail every time you use it. This isn't a new situation; you leave a trail every time you use a traditional credit card, too. The problem with Mondex is the idea that this card would replace everything right down to your pocket change. Every time you buy anything, anywhere, from a gas pump or a gumball machine, you'll be making a record of where you were and what you were doing, and your Mondex-type card will upload it into who knows what database. And because the Mondex-type cards would replace cash, you won't have any choice. This isn't just Orwellian, it's Mark-of-the-Beast stuff.

Outside of the U.K., the Hong Kong and Shanghai Banking Corp. Ltd. has franchised Mondex for use in several Asian countries, and Royal Bank of Canada has licensed the Mondex scheme-they're planning for a national roll-out of Mondex-type cards in Canada in 1997.

A flurry of smart card proposals hit the U.S. in the summer of '95. Visa has been talking with Microsoft; they've had plans to showcase the "electronic purse" at the '96 Atlanta Olympics, but a lot of the banks in their camp are hedging their bets by signing on for MasterCard's SmartCash as well.

The SmartCash corporate entity was just announced on August 15th of this year. It'll consolidate smart card research by MasterCard and Verifone, and a pilot program is planned for next year in Wilmington, Delaware. Lots of banks have their names on the project, too, but the most impressive name on their team is Jim Bidzos of RSA Data Security, Inc., patent-holders and sellers of strong public key encryption algorithms. Whatever SmartCash ends up being, it's a lot more likely to have privacy protection than some of the other proposals.

The Verifone people are leading the way into the Internet marketplace, too. CyberCash Inc. was founded in August of 1994 by Bill Melton, the same guy who founded Verifone in 1981, makers of those little credit card authorization terminals you see everywhere. The two companies remain closely allied. What CyberCash is doing is a natural extension of what Verifone did--expedite credit card transactions. CyberCash has an Internet credit-card-handling system that's secure and easy to use. You download the software from their web site, give it your credit card numbers, and the software does the rest of the work for you. CyberCash uses public key encryption to protect the information as it goes across the Internet.

Using CyberCash is simple. CyberCash buttons can be integrated into merchant Web pages. Customers are three-mouse-clicks away from ordering. CyberCash handles the transaction, the seller gets the funds, the buyer gets the bill on their regular credit card statement.

CyberCash says that they're planning to expand their offerings to include e-cash in the future. Will it be real e-cash, or a close facsimile of it? Only the public release will tell us for sure, although the use of public key encryption in their credit card product is a good sign. The most important thing about CyberCash, of course, is that they're up and running on the Internet now, and of all the schemes in this article, they're the only one that you can log on and try immediately.

Just to confuse matters, CyberCash announced in July that they'd be teaming up with CheckFree, the electronic bill payment people. Intuit (makers of Quicken) and AOL have a piece of that action as well.

In August, the Financial Services Technology Consortium (FSTC), a monstrosity made of Bank of America, Bank of Montreal, Citibank, Chemical, IBM, Sun, Wells Fargo and even more, announced plans for "electronic checks". These would be digital messages that could be spent the same way you do a check--an order to pay the bearer out of a pre-existing account. They'll be cleared through the Federal Reserve, so they really are pretty much "digital checks". That's "checks", not "cash".

First Virtual Holdings Incorporated has another way to transfer money over the Internet. Their scheme takes credit card numbers from buyers, and checking account numbers from sellers. The strange thing is, First Virtual won't take the information over the Net. Customers have to phone in their credit card number, where it's kept off the Internet, for "security". According to First Virtual, their system goes "beyond issues of cryptography", in spite of the awesome encryption tools available. Whatever First Virtual seems to be concerned about, possibly U.S. government restrictions on exporting cryptography, it hasn't stopped CyberCash from doing the things First Virtual says you can't or shouldn't. Once you're set up, First Virtual and CyberCash look pretty similar to the Web user.

First Virtual's position is hardly a vote of confidence in the Internet. Their spiel almost sounds like: "You can't trust the Net, so keep your card number in escrow with us." First Virtual got some good press for handling donations to the Phil Zimmerman Legal Defense Fund, and they have some impressive people in their offices, including Nathaniel Borenstein of the Electronic Frontier Foundation, but right now their concept can't be more than a stop-gap solution for the paranoid.

In the future, they plan to have "additional methods of paying for information and receiving payment for sales, as well as support for currencies other than that of the United States", maybe even currencies like e-cash.

The only real e-cash is in the proposal by DigiCash of Amsterdam--founder Dr. David Chaum holds the patent on it. Chaum's ecash is in digitally signed "coins" that can be passed from person to person. Chaum himself has said that anonymity is important to him, and he's made it a big part of his e-cash project.

Chaum's ecash is only partially traceable. If you spend his ecash, in theory you could follow the cash as it passes on from person to person until it's deposited back in the bank. Not easy to do in practice, but the mathematics would allow it. The cash couldn't be traced back to the spender, though. Nosy persons or institutions could get a fuzzy idea on who has ecash and who doesn't, and there might still be a way to put "marked cash" into the system. On one hand, this is a privacy concern for e-cash purists. On the other hand, this means that if you pay e-cash for a service, and the company that was supposed to provide the service says you never paid, you can produce the record of the spent ecash just like a receipt or a cancelled check. It's discouraging to potential kidnappers and other scamsters, too.

This one-way tracing also means that if somebody wants to know where the ecash in your electronic wallet came from, they'll have no way of knowing for sure. If all your income is wages from one source, traffic analysis could probably turn up where your money was coming from, but there'd be no way to tell just by looking at the e-cash.

DigiCash has been giving a form of e-cash away all summer; you could register on their web page and get 100 e-cash dollars for free. This original trial "minting" was limited to e$1,000,000. It was just supposed to be a trial, but at one point e$100 was being exchanged at the rate of US$5--for "real" cash.

While individual buyers and sellers will be able to hand around DigiCash's e-cash independently and semi-anonymously, the main support of this e-cash proposal would be "banks" to back up each issue of e-cash, and provide e-cash certification on demand. These backing banks will need decent reputations and the trust of the general public in order for the whole thing to work. The idea has been floating around that small-time entrepreneurs could start a "bank" to back e-cash on their own, like prospectors minting their own gold tokens in old California. However, it's been reported that DigiCash wants $250,000 (apparently in non-ecash funds) and 10% of net profits in exchange for the bank server software. This is what you'll have to pony up if you want to issue and back ecash on your own, say if you were thinking about turning the spare computer in the bedroom into the First Cyberspace National Bank.

This puts Chaum in the odd position of needing to make big-spending customers out of the people in the monster bureaucracies that his inventions could put out of business. And since Chaum holds the software patents, he could conceivably be in a position to become the main money-certifying authority in cyberspace, an unholy union of Bill Gates and Alan Greenspan. Dr. Chaum has been a favorite of libertarian and anarchist types on the Internet; the actual details of his plans suggest to some that he's selling out, but it's more likely that he's trying to get a realistic e-cash system accepted by big business and government before they put all their money on an electronic money program that destroys privacy.

DigiCash's other projects do inspire confidence in their motives. The CAFE project (Conditional Access for Europe) involves DigiCash smart cards for both payments and identification, but only when you want to use it for ID. These smart cards use "dynamic public key signatures on an ordinary low-cost smart card". This is where the public key encryption comes in handy. If you need to identify yourself, you can use the card for that, but it won't give away your identity every time you use it (like today's credit cards--and Mondex--do).

The CAFE smart cards won't be proprietary, so people will be able to buy them anywhere. The card itself will be smart enough to manage transactions, which is supposed to protect the privacy of card-holders, but it also means that the terminals you plug the card into don't have to be very smart, which keeps hardware costs down for merchants. They're even putting some kind of infra-red capability into the cards, to allow what DigiCash calls a "point-and-pay" system--zap whatever it is you want to buy, just like you were pointing a TV remote, and it's yours (until your ecash runs out).

DigiCash is also promoting the use of their smart cards for pay phones and highway tollbooths--both places where people don't want to be tracked every time they plug a card in a slot. DigiCash started out in business in 1990 working on anonymous electronic tollbooths for Dutch highways.

Dr. Chaum went before Congress on July 25th of this year to talk about e-cash."We are being forced to decide between two very different kinds of electronic payment technology. The core values we as a nation have fought for, and continue to stand for, are at stake. As a consequence of choosing one of the two directions, these values will be profoundly eroded; by choosing the other direction, however, they will be preserved and likely extended." Again and again, Chaum's public statements and working projects have championed the rights of the individual against monolithic governments and institutions. No matter how likeable Chaum and DigiCash might be, there's still the issue of decentralization. Chaum's got a lock on the patents. What happens if, heaven forbid, Chaum should be killed in an untimely accident, and the patents were bought out by an Ivan Boesky type?

For the everyday shopper on the Internet, all these proposals are easy. No forms, no stamps, no 1-800-numbers, just click the mouse, sit back and wait for your order to come in. The future world of e-cash has raised hopes for those types who see the wired world as a place to make changes in society. Things that were expensive or bureaucratic to do before, like wire transfers or currency exchange, will be either cheap and instantaneous, or outdated. With widespread person-to-person transfers of funds, central banks like the Federal Reserve might wither away. The most adventurous crystal-ball-gazers are even saying that with universal, anonymous e-cash, the government would never be able to follow money around the economy again, and even taxation itself could become extinct.

That's a pretty spicy topic for discussion, and you can bet that somebody in the Treasury Department is not at all happy with those sorts of predictions. Critics of e-cash are quite ready to trot out their worst-case scenarios, most of them involving money-laundering, kidnapping and extortion. It's widely assumed that the reason Chaum put one-way anonymity in his DigiCash scheme was to prevent kidnappers from being able to take advantage of the e-cash system.

For good or for evil, the push for electronic money is on, but the general public hasn't been paying attention to the plans. A lot really is at stake here, and the only way to ensure a decent standard for electronic money is for the market (that means everybody) to support the good schemes and reject the bad ones. When everything finally shakes out, hopefully we'll end up with real e-cash, and not fool's gold.

If you'd like to pursue the matter further, here are some web pages to connect to:

Digicash in the Netherlands.

CyberCash Inc.

First Virtual

Michael Peirce's digital money page at Trinity College, Dublin, Ireland

Mondex in the UK.

Charles A. Gimon teaches an Intro to the PC class at the English Learning Center in South Minneapolis. He can be reached at or
Back to my net writings.
Back to my home page.