diff --git a/outofcontrol-kevinkelly b/outofcontrol-kevinkelly
new file mode 100644
index 0000000..6a6a13e
--- /dev/null
+++ b/outofcontrol-kevinkelly
@@ -0,0 +1,962 @@
+https://kk.org/mt-files/books-mt/ooc-mf.pdf
+Chapter 12 (pg 176-197)
+E-Money
+ Crypto-anarchy: encryption always wins
+In Tim May’s eyes a digital tape is a weapon as potent and subversive as a shouldermounted
+Stinger missile. May (fortyish, trim beard, ex-physicist) holds up a $9.95 digital
+audio tape, or DAT. The cassette—just slightly fatter than an ordinary cassette—contains
+a copy of Mozart equivalent in fidelity to a conventional digital compact disc. DAT
+can hold text as easily as music. If the data is smartly compressed, one DAT purchased
+at K-Mart can hold about 10,000 books in digital form.
+One DAT can also completely cloak a smaller library of information interleaved
+within the music. Not only can the data be securely encrypted within a digital tape, but
+the library’s existence on the tape would be invisible even to powerful computers. In the
+scheme May promotes, a computer hard disk’s-worth of coded information could be
+made to disappear inside an ordinary digital tape of Michael Jackson’s Thriller.
+The vanishing act works as follows. DAT records music in 16 binary digits, but that
+precision is beyond perception. The difference contained in the 16th bit of the signal is
+too small to be detected by the human ear. An engineer can substitute a long message—a
+book of diagrams, a pile of data spreadsheets (in encrypted form)—into the positions
+of the 16th bits of music. Anyone playing the tape would hear Michael Jackson crooning
+in the exact digital quality they would hear on a purchased Thriller tape. Anyone
+examining the tape with a computer would see only digital music. Only by matching an
+Tim May, cypherpunk.
+177
+untampered-with tape with the encrypted one bit by bit on a computer could someone
+detect the difference. Even then, the random-looking differences would appear to be
+noise acquired while duping a digital tape through an analog CD player (as is normally
+done). Finally, this “noise” would have to be decrypted (not likely) to prove that it was
+something other than noise.
+“What this means,” says May, “is that already it is totally hopeless to stop the flow
+of bits across borders. Because anyone carrying a single music cassette bought in a
+store could carry the entire computerized files of the stealth bomber, and it would be
+completely and totally imperceptible.” One tape contains disco music. The other tape
+contains disco and the essential blueprints of a key technology.
+Music isn’t the only way to hide things, either. “I’ve done this with photos, “ says
+May. “I take a digitized photo posted on the Net, download it into Adobe Photoshop,
+and then strip an encrypted message into the least significant bit in each pixel. When I
+repost the image, it is essentially indistinguishable from the original.”
+The other thing May is into is wholly anonymous transactions. If one takes the
+encryption methods developed by military agencies and transplants them into the vast
+terrain of electronic networks, very powerful—and very unbreakable—technologies of
+anonymous dealing become possible. Two complete strangers could solicit or supply
+information to each other, and consummate the exchange with money, without the least
+chance of being traced. That’s something that cannot be securely done with phones and
+the post office now.
+It’s not just spies and organized crime who are paying attention. Efficient means
+of authentication and verification, such as smart cards, tamper-proof networks, and
+micro-size encryption chips, are driving the cost of ciphers down to the consumer level.
+Encryption is now affordable for the everyman.
+The upshot of all this, Tim believes, is the end of corporations in their current form
+and the beginning of more sophisticated, untaxed black markets. Tim calls this movement
+Crypto Anarchy. “I have to tell you I think there is a coming war between two
+forces,” Tim May confides to me. “One force wants full disclosure, an end to secret dealings.
+That’s the government going after pot smokers and controversial bulletin boards.
+The other force wants privacy and civil liberties. In this war, encryption wins. Unless the
+government is successful in banning encryption, which it won’t be, encryption always
+wins.”
+A couple of years ago May wrote a manifesto to alert the world to the advent of
+widespread encryption. In this electronic broadside published on the Net, he warned of
+the coming “specter of crypto anarchy”:
+...The State will of course try to slow or halt the spread of this technology, citing
+national security concerns, use of the technology by drug dealers and tax evaders, and
+fears of societal disintegration. Many of these concerns will be valid; crypto anarchy will
+allow national secrets to be traded freely and will allow illicit and stolen materials to be
+traded. An anonymous computerized market will even make possible abhorrent markets
+for assassinations and extortion. Various criminal and foreign elements will be active users
+of CryptoNet. But this will not halt the spread of crypto anarchy.
+Just as the technology of printing altered and reduced the power of medieval guilds
+and the social power structure, so too will cryptologic methods fundamentally alter the
+nature of corporations and of government interference in economic transactions. Combined
+with emerging information markets, crypto anarchy will create a liquid market for
+any and all material which can be put into words and pictures. And just as a seemingly
+minor invention like barbed wire made possible the fencing-off of vast ranches and
+farms, thus altering forever the concepts of land and property rights in the frontier West,
+so too will the seemingly minor discovery out of an arcane branch of mathematics come 
+178
+to be the wire clippers which dismantle the barbed wire around intellectual property.
+The manifesto was signed:
+Timothy C. May, Crypto Anarchy: encryption, digital money, anonymous networks,
+digital pseudonyms, zero knowledge, reputations, information markets, black markets,
+collapse of government.
+I asked Tim May, a retired Intel physicist, to explain the connection between
+encryption and the collapse of society as we know it. May explained, “Medieval guilds
+would monopolize information. When someone tried to make leather or silver outside
+the guilds, the King’s men came in and pounded on them because the guild paid a levy
+to the King. What broke the medieval guilds was printing; someone could publish a
+treatise on how to tan leather. In the age of printing, corporations arose to monopolize
+certain expertise like gunsmithing, or making steel. Now encryption will cause the
+erosion of the current corporate monopoly on expertise and proprietary knowledge.
+Corporations won’t be able to keep secrets because of how easy it will be to sell information
+on the nets.”
+The reason crypto anarchy hasn’t broken out yet, according to May, is that the
+military has a monopoly on the key knowledge of encryption—just as the Church once
+tried to control printing. With few exceptions, encryption technology has been invented
+by and for the world’s military organizations. To say that the military is secretive about
+this technology would be an understatement. Very little developed by the U.S. National
+Security Agency (NSA)—whose mandate it is to develop crypto systems—has ever
+trickled down for civilian use, unlike technologies spun off from the rest of the military/
+industrial alliance.
+But who needs encryption, anyway? Only people with something to hide, perhaps.
+Spies, criminals, and malcontents. People whose appetite for encryption may be thwarted
+righteously, effectively, and harshly.
+The ground shifted two decades ago when the information age arrived, and intelligence
+became the chief asset of corporations. Intelligence was no longer the monopoly
+of the Central Intelligence Agency, but the subject of seminars for CEOs. Spying meant
+corporate spying. Illicit transfer of corporate know-how, rather than military plans,
+became the treasonous information the state had to worry about.
+In addition, within the last decade, computers became fast and cheap; enciphering
+no longer demanded supercomputers and the superbudgets need to run them. A generic
+brand PC picked up at a garage sale could handle the massive computations that decent
+encryption schemes consumed. For small companies running their entire business on
+PCs, encryption was a tool they wanted on their hard disks.
+And now, within the last few years, a thousand electronic networks have blossomed
+into one highly decentralized network of networks. A network is a distributed thing without
+a center of control, and with few clear boundaries. How do you secure something
+without boundaries? Certain types of encryption, it turns out, are an ideal way to bring
+security to a decentralized system while keeping the system flexible. Rather than trying
+to seal out trouble with a rigid wall of security, networks can tolerate all kinds of crap if
+a large portion of its members use peer-to-peer encryption.
+Suddenly, encryption has become incredibly useful to ordinary people who have
+“nothing to hide” but their privacy. Peer-to-peer encryption, sown into the Net, linked
+with electronic payments, tied into everyday business deals, becomes just another business
+tool like fax machines or credit cards.
+Just as suddenly, tax-paying citizens—whose dollars funded the military ownership
+of this technology—want the technology back.
+But the government (at least the U.S. government) may not give encryption back 
+179
+to the people for a number of antiquated reasons. So, in the summer of 1992, a loose
+federation of creative math hackers, civil libertarians, free-market advocates, genius
+programmers, renegade cryptologists, and sundry other frontier folk, began creating,
+assembling, or appropriating encryption technology to plug into the Net. They called
+themselves “cypherpunks.”
+On a couple of Saturdays in the fall of 1992, I joined Tim May and about 15 other
+crypto-rebels for their monthly cypherpunk meeting held near Palo Alto, California. The
+group meets in a typically nondescript office complex full of small hi-tech start-up companies.
+It could be anywhere in Silicon Valley. The room has corporate gray carpeting
+and a conference table. The moderator for this meeting, Eric Hughes, tries to quiet the
+cacophony of loud, opinionated voices. Hughes, with sandy hair halfway down his back,
+grabs a marker and scribbles the agenda on a whiteboard. The items he writes down
+echo Tim May’s digital card: reputations, PGP encryption, anonymous re-mailer update,
+and the Diffie-Hellmann key exchange paper.
+After a bit of gossip the group gets down to business. It’s class time. One member,
+Dean Tribble, stands up front to report on his research on digital reputations. If you are
+trying to do business with someone you know only as a name introducing some e-mail,
+how can you be sure they are legit? Tribble suggests that you can buy a reputation from
+a “trust escrow”—a company similar to a title or bond company that would guarantee
+someone for a fee. He explains the lesson from game theory concerning iterated negotiation
+games, like the Prisoner’s Dilemma; how payoffs shift when playing the game over
+and over instead of just once, and how important reputations become in iterated relationships.
+The potential problems of buying and selling reputations online are chewed
+on, and suggestions of new directions for research are made, before Tribble sits down
+and another member stands to give a brief talk. Round the table it goes.
+Arthur Abraham, dressed in heavy studded black leather, reviews a recent technical
+paper on encryption. Abraham flicks on an overhead projector, whips out some transparencies
+painted with equations, and walks the group through the mathematical proof.
+It is clear that the math is not easy for most. Sitting around the table are programmers
+(many self-taught), engineers, consultants—all very smart—but only a single member
+is equipped with a background in mathematics. “What do you mean by that?” questions
+one quiet fellow as Abraham talks. “Oh, I see, you forgot the modulus,” chimes in
+another guy. “Is that ‘a to the x’ or ‘a to the y’? The amateur crypto-hackers challenge
+each statement, asking for clarification, mulling it over until each understands. The
+hacker mind, the programmer’s drive to whittle things down to an elegant minimum,
+to seek short cuts, confronts the academic stance of the paper. Pointing to a large hunk
+of one equation, Dean asks, “Why not just scrap all this?” A voice from back: “That’s a
+great question, and I think I know why not.” So the voice explains. Dean nods. Arthur
+looks around to be sure everyone got it. Then he goes on to the next line in the paper;
+those who understand help out those who don’t. Soon the room is full of people saying,
+“Oh, that means you can serve this up on a network configuration! Hey, cool!” And
+another tool for distributed computing is born; another component is transferred from
+the shroud of military secrecy to the open web of the Net; and another brick is set into
+the foundation of network culture.
+The main thrust of the group’s efforts takes place in the virtual online space of the
+Cypherpunk electronic mailing list. A growing crowd of crypto-hip folks from around
+the world interact daily via an Internet “mailing list.” Here they pass around code-inprogress
+as they attempt to implement ideas on the cheap (such as digital signatures), or
+discuss the ethical and political implications of what they are doing. Some anonymous
+subset of them has launched the Information Liberation Front. The ILF locates schol-
+180
+arly papers on cryptology appearing in very expensive (and very hard-to-find) journals,
+scans them in by computer, and “liberates” them from their copyright restrictions by
+posting the articles anonymously to the Net.
+Posting anything anonymously to the Net is quite hard: the nature of the Net is to
+track everything infallibly, and to duplicate items promiscuously. It is theoretically trivial
+to monitor transmission nodes in order to backtrack a message to its source. In such a
+climate of potential omniscience, the crypto-rebels yearn for true anonymity.
+I confess my misgivings about the potential market for anonymity to Tim: “Seems
+like the perfect thing for ransom notes, extortion threats, bribes, blackmail, insider
+trading, and terrorism.” “Well,” Tim answers, “what about selling information that
+isn’t viewed as legal, say about pot growing, do-it-yourself abortion, cryonics, or even
+peddling alternative medical information without a license? What about the anonymity
+wanted for whistleblowers, confessionals, and dating personals?”
+Digital anonymity is needed, the crypto-rebels feel, because anonymity is as important
+a civil tool as authentic identification is. Pretty good anonymity is offered by
+the post office; you don’t need to give a return address and the post office doesn’t verify
+it if you do. Telephones (without caller ID) and telegrams are likewise anonymous to
+a rough degree. And everyone has a right (upheld by the Supreme Court) to distribute
+anonymous handbills and pamphlets. Anonymity stirs the most fervor among those who
+spend hours each day in networked communications. Ted Kaehler, a programmer at
+Apple Computer, believes that “our society is in the midst of a privacy crisis.” He sees
+encryption as an extension of such all-American institutions as the Post Office: “We have
+always valued the privacy of the mails. Now for the first time, we don’t have to trust in it;
+we can enforce it.” John Gilmore, a crypto-freak who sits on the board of the Electronic
+Frontier Foundation, says, “We clearly have a societal need for anonymity in our basic
+communications media.”
+A pretty good society needs more than just anonymity. An online civilization requires
+online anonymity, online identification, online authentication, online reputations,
+online trust holders, online signatures, online privacy, and online access. All are essential
+ingredients of any open society. The cypherpunk’s agenda is to build the tools that provide
+digital equivalents to the interpersonal conventions we have in face-to-face society,
+and hand them out for free. By the time they are done, the cypherpunks hope to have
+given away free digital signatures, as well as the opportunity for online anonymity.
+To create digital anonymity, the cypherpunks have developed about 15 prototype
+versions of an anonymous re-mailer that would, when fully implemented, make it impossible
+to determine the source of an e-mail message, even under intensive monitoring of
+communication lines. One stage of the re-mailer works today. When you use it to mail
+to Alice, she gets a message from you that says it is from “nobody.” Unraveling where it
+came from is trivial for any computer capable of monitoring the entire network—a feat
+few can afford. But to be mathematically untraceable, the re-mailers have to work in a
+relay of at least two (more is better)—one re-mailer handing off a message to the next
+re-mailer, diluting information about its source to nothing as it is passed along.
+Eric Hughes sees a role for digital pseudonymity—your identity is known by some
+but not by others. When cloaked pseudonymously “you could join a collective to purchase
+some information and decrease your actual cost by orders of magnitude—that is,
+until it is almost free.” A digital co-op could form a private online library and collectively
+purchase digital movies, albums, software, and expensive newsletters, which they would
+“lend” to each other over the net. The vendor selling the information would have absolutely
+no way of determining whether he was selling to one person or 500. Hughes sees
+these kinds of arrangements peppering an information-rich society as “increasing the 
+181
+margins where the poor can survive.”
+“One thing for sure,” Tim says, “long-term, this stuff nukes tax collection.” I
+venture the rather lame observation that this may be one reason the government isn’t
+handing the technology back. I also offer the speculation that an escalating arms race
+with a digital IRS might evolve. For every new avenue the digital underground invents to
+disguise transactions, the digital IRS will counter with a surveillance method. Tim poohpoohs
+the notion. “Without a doubt, this stuff is unbreakable. Encryption always wins.”
+John Gilmore shows of document secured under a Freedom of Information Act request.
+182
+And this is scary because pervasive encryption removes economic activity—one
+driving force of our society—from any hope of central control. Encryption breeds outof-controllness.
+ The fax effect and the law of increasing returns
+Encryption always wins because it follows the logic of the Net. A given public-key
+encryption key can eventually be cracked by a supercomputer working on the problem
+long enough. Those who have codes they don’t want cracked try to stay ahead of the
+supercomputers by increasing the length of their keys (the longer a key, the harder it is to
+crack)—but at the cost of making the safeguard more unwieldy and slow to use. However,
+any code can be deciphered given enough time or money. As Eric Hughes often
+reminds fellow cypherpunks, “Encryption is economics. Encryption is always possible,
+just expensive.” It took Adi Shamir a year to break a 120-digit key using a network of
+distributed Sun workstations working part-time. A person could use a key so long that
+no supercomputer could crack it for the foreseeable future, but it would be awkward to
+use in daily life. A building-full of NSA’s specially hot-rodded supercomputers might take
+a day to crack a 140-digit code today. But that is a full day of big iron to open just one
+lousy key!
+Cypherpunks intend to level the playing field against centralized computer resources
+with the Fax Effect. If you have the only fax machine in the world it is worth nothing.
+But for every other fax installed in the world, your fax machine increases in value. In
+fact, the more faxes in the world, the more valuable everybody’s fax becomes. This is the
+logic of the Net, also known as the law of increasing returns. It goes contrary to classical
+economic theories of wealth based on equilibratory tradeoff. These state that you
+can’t get something from nothing. The truth is, you can. (Only now are a few radical
+economics professors formalizing this notion.) Hackers, cypherpunks, and many hi-tech
+entrepreneurs already know that. In network economics, more brings more. This is why
+giving things away so often works, and why the cypherpunks want to pass out their tools
+gratis. It has less to do with charity than with the clear intuition that network economics
+reward the more and not the less—and you can seed the “more” at the start by giving
+the tools away. (The cypherpunks also talk about using the economics of the Net for the
+reverse side of encryption: to crack codes. They could assemble a people’s supercomputer
+by networking together a million Macintoshes, each one computing a coordinated
+little part of a huge, distributed decryption program. In theory, such a decentralized parallel
+computer would in sum be the most powerful computer we can now imagine—far
+greater than the centralized NSA’s.)
+The idea of choking Big Brother with a deluge of petty, heavily encrypted messages
+so tickles the imagination of crypto-rebels that one of them came up with a freeware
+version of a highly regarded public-key encryption scheme. The software is called PGP,
+for Pretty Good Privacy. The code has been passed out on the nets for free and made
+available on disks. In certain parts of the Net it is quite common to see messages encrypted
+with PGP, with a note that the sender’s public-key is “available upon request.”
+PGP is not the only encryption freeware. On the Net, cypherpunks can grab
+RIPEM, an application for privacy-enhanced mail. Both PGP and RIPEM are based
+on RSA, a patented implementation of encryption algorithms. But while RIPEM is
+distributed as public domain software by the RSA company itself, Pretty Good Privacy 
+183
+software is home-brew code concocted by a crypto-rebel named Philip Zimmermann.
+Because Pretty Good Privacy uses RSA’s patented math, it’s outlaw-ware.
+RSA was developed at MIT—partly with federal funds—but was later licensed to
+the academic researchers who invented it. The researchers published their crypto-methods
+before they filed for patents out of fear that the NSA would hold up the patents
+or even prevent the civilian use of their system. In the US, inventors have a year after
+publication to file patents. But the rest of the world requires patents before publication,
+so RSA could secure only U.S. patents on its system. PGP’s use of RSA’s patented
+mathematics is legitimate overseas. But PGP is commonly exchanged in the no-place
+of the Net (what country’s jurisdiction prevails in cyberspace?) where the law on intellectual
+property is still a bit murky and close to the beginnings of crypto anarchy. Pretty
+Good Privacy deals with this legal tar baby by notifying its American users that it is their
+responsibility to secure from RSA a license for use of PGP’s underlying algorithm. (Sure.
+Right.)
+Zimmermann claims he released the quasi-legal PGP into the world because he
+was concerned that the government would reclaim all public-key encryption technology,
+including RSA’s. RSA can’t stop distribution of existing versions of PGP because
+once something goes onto the Net, it never comes back. But it’s hard for RSA to argue
+damages. Both the outlawed PGP and the officially sanctioned RIPEM infect the Net to
+produce the Fax Effect. PGP encourages consumer use of encryption—the more use, the
+better for everyone in the business. Pretty Good Privacy is freeware; like most freeware,
+its users will sooner or later graduate to commercially supported stuff. Only RSA offers
+the license for that at the moment. Economically, what could be better for a patent
+holder than to have a million people use the buddy system to teach themselves about the
+intricacies and virtues of your product (as pirated and distributed by others), and then
+wait in line to buy your stuff when they want the best?
+The Fax Effect, the rule of freeware upgrade, and the power of distributed intelligence
+are all part of an emerging network economics. Politics in a network economy will
+also definitely require the kind of tools the cypherpunks are playing with. Glenn Tenney,
+chairman of the annual Hackers’ Conference, ran for public office in California last
+year using the computer networks for campaigning, and came away with a realistic grasp
+of how they will shape politics. He notes that digital techniques for establishing trust
+are needed for electronic democracy. He writes online, “Imagine if a Senator responds
+to some e-mail, but someone alters the response and then sends it on to the NY Times?
+Authentication, digital signatures, etc., are essential for protection of all sides.” Encryption
+and digital signatures are techniques to expand the dynamics of trust into a new
+territory. Encryption cultivates a “web of trust,” says Phil Zimmermann, the very web
+that is the heart of any society or human network. The short form of the cypherpunk’s
+obsession with encryption can be summarized as: Pretty good privacy means pretty good
+society.
+One of the consequences of network economics, as facilitated by ciphers and digital
+technology, is the transformation of what we mean by pretty good privacy. Networks
+shift privacy from the realm of morals to the marketplace; privacy becomes a commodity.
+A telephone directory has value because of the energy it saves a caller in finding a
+particular phone number. When telephones were new, having an individual number to
+list in a directory was valuable to the lister and to all other telephone users. But today,
+in a world full of easily obtained telephone numbers, an unlisted phone number is more
+valuable to the unlisted (who pay more) and to the phone company (who charge more).
+Privacy is a commodity to be priced and sold.
+184
+Most privacy transactions will soon take place in the marketplace rather than in
+government offices because a centralized government is handicapped in a distributed,
+open-weave network, and can no longer guarantee how things are connected or not connected.
+Hundreds of privacy vendors will sell bits of privacy at market rates. You hire
+Little Brother, Inc., to demand maximum payment from junk mail and direct marketers
+when you sell your name, and to monitor uses of that information as it tends to escape
+into the Net. On your behalf, Little Brother, Inc., negotiates with other privacy vendors
+for hired services such as personal encrypters, absolutely unlisted numbers, bozo filters
+(to hide the messages from known “bozos”), stranger ID screeners (such as caller ID on
+phones that only accept calls from certain numbers), and hired mechanical agents (called
+network “knowbots”) to trace addresses, and counter-knowbots that unravel traces of
+your own activities.
+Privacy is a type of information that has its polarity reversed; I imagine it as anti-information.
+The removal of a bit of information from a system can be seen as the reproduction
+of a corresponding bit of anti-information. In a world flooded with information
+ceaselessly replicating itself to the edges of the Net, the absence or vaporization of a bit
+of information becomes very valuable, especially if that absence can be maintained. In a
+world where everything is connected to everything—where connection and information
+and knowledge are dirt cheap—then disconnection and anti-information and no-knowledge
+become expensive. When bandwidth becomes free and entire gigabytes of information
+are swapped around the clock, what you don’t want to communicate becomes the
+most difficult chore. Encryption systems and their ilk are technologies of disconnection.
+They somewhat tame the network’s innate tendency to connect and inform without
+discrimination.
+ Superdistribution
+We manage the disconnection of domestic utilities, such as water or electricity,
+through metering. But metering is neither obvious nor easy. Thomas Edison’s dazzling
+electrical gizmos were of little use to anyone until people had easy access to electricity in
+their factories and homes. So at the peak of his career Edison diverted his attention away
+from designing electrical devices to focus on the electrical delivery network itself. At first,
+very little was settled about how electricity should be created (DC or AC?), carried, or
+billed. For billing, Edison favored the approach that most information providers today
+favor: charge a flat fee. Readers pay the same for a newspaper no matter how much of it
+they read. Ditto for cable TV, books and computer software. All are priced flat for all you
+can use.
+Edison pushed a flat fee for electricity—a fixed amount if you are connected,
+nothing if you aren’t—because he felt that the costs of accounting for differential usage
+would exceed the cost of variances in electricity usage. But mostly Edison was stymied
+about how to meter electricity. For the first six months of his General Electric Lighting
+Company in New York City, customers paid a flat fee. To Edison’s chagrin, that didn’t
+work out economically. Edison was forced to come up with a stop-gap solution. His
+remedy, an electrolytic meter, was erratic and impractical. It froze in winter, it sometimes
+ran backwards, and customers couldn’t read it (nor did they trust the company’s meter
+readers). It wasn’t until a decade after municipal electrical networks were up and running
+that another inventor came up with a reliable watt-hour meter. Now we can hardly 
+185
+imagine buying electricity any other way.
+A hundred years later the information industry still lacks an information meter.
+George Gilder, hi-tech gadfly, puts the problem this way: “Rather than having to pay for
+the whole reservoir every time you are thirsty, what you want is to only pay for a glass of
+water.”
+Indeed, why buy an ocean of information when all you want is a drink? No reason
+at all, if you have an information meter. Entrepreneur Peter Sprague believes he has just
+invented one. “We use encryption to force the metering of information,” says Sprague.
+His spigot is a microchip that doles out small bits of information from a huge pile of
+encrypted data. Instead of selling a CD-ROM crammed with a hundred thousand pages
+of legal documents for $2,000, Sprague invented a ciphering device that would dispense
+the documents off the CD-ROM at $1 per page. A user only pays for what she uses and
+can use only what she pays for.
+Sprague’s way of selling information per page is to make each page unreadable until
+decrypted. Working from a catalog of contents, a user selects a range of information
+to browse. She reads the abstracts or summaries and is charged a minuscule amount.
+Then she selects a full text, which is decrypted by her dispenser. Each act of decryption
+rings up a small charge (maybe 50 cents). The charge is tallied by a metering chip in her
+dispenser that deducts the amount from a prepaid account (also stored on the metering
+chip), much as a postage meter deducts credit while dispensing postage tapes. When the
+CD-ROM credit runs out, she calls a central office, which replenishes her account via
+an encrypted message sent on a modem line running into her computer’s metering chip.
+Her dispenser now has $300 credit to spend on information by the page, by the paragraph,
+or by the stock price, depending on how fine the vendor is cutting it.
+What Sprague’s encryption metering device does is decouple information’s fabulous
+ease in being copied from its owner’s need to have it selectively disconnected. It lets
+information flow freely and ubiquitously—like water through a town’s plumbing—by
+metering it out in usable chunks. Metering converts information into a utility.
+The cypherpunks note, quite correctly, that this will not stop hackers from siphoning
+off free information. The Videocipher encryption system, used to meter satellite-delivered
+TV programs such as HBO and Showtime, was compromised within weeks of its
+introduction. Despite claims by the meter’s manufacturer that the encrypto-metering
+chip was unhackable, big moneymaking scams capitalized on hacks around the codes.
+(The scams were set up on Indian reservations—but that’s a whole ’nother story). Pirates
+would find a descrambler box with a valid subscription—in a hotel room, for instance—
+and then clone the identity into other chips. A consumer would send their box to the
+reservation for “repairs” and it would come back with a new chip cloned with the identity
+of the hotel box. The broadcasting system couldn’t perceive clones in the audience.
+In short, the system was hacked not by cracking the code but by subverting places where
+the code tied into the other parts of the system.
+No system is hack-proof. But disruptions of an encrypted system require deliberate
+creative energy. Information meters can’t stop thievery or hacking, but meters can counteract
+the effects of lazy mooching and the natural human desire to share. The Videocipher
+satellite TV system eliminates user piracy on a mass scale—the type of piracy that
+plagued the satellite TV outback before scrambling and that still plagues the lands of
+software and photocopying. Encryption makes pirating a chore and not something that
+any slouch with a blank disk can do. Satellite encryption works overall because encryption
+always wins.
+Peter Sprague’s crypto-meter permits Alice to make as many copies of the encrypted
+CD-ROMs as she likes, since she pays for only what she uses. Crypto-metering, in 
+186
+essence, disengages the process of payment from the process of duplication.
+Using encryption to force the metering of information works because it does not
+constrain information’s desire to reproduce. All things being equal, a bit of information
+will replicate through an available network until it fills that network. With an animate
+drive, every fact naturally proliferates as many times as possible. The more fit—the more
+interesting or useful—a fact is, the wider it spreads. A pretty metaphor compares the
+spread of genes through a population with the similar spread of ideas, or memes, in a
+population. Both genes and memes depend on a network of replicating machines—cells
+or brains or computer terminals. A network in this general sense is a swarm of flexibly
+interconnected nodes each of which can copy (either exactly or with variation) a message
+taken from another node. A population of butterflies and a flurry of e-mail messages
+have the same mandate: replicate or die. Information wants to be copied.
+Our digital society has built a supernetwork of copiers out of hundreds of millions
+of personal faxes, library photocopiers, and desktop hard disks. It is as if our information
+society is one huge aggregate copying machine. But we won’t let this supermachine copy.
+Much to everyone’s surprise, information created in one corner finds its way into all the
+other corners rather quickly. Because our previous economy was built upon scarcity of
+goods, we have so far fought the natural fecundity of information by trying to control
+every act of replication as it occurs. We take a massively parallel copy machine and try
+to stifle most acts of reproduction. As in other puritanical regimes, this doesn’t work.
+Information wants to be copied.
+“Free the bits!” shouts Tim May. This sense of the word “free” shifts Stewart
+Brand’s oft-quoted maxim, “Information wants to be free”—as in “without cost”—to the
+more subtle “without chains or imprisonment.” Information wants to be free to wander
+and reproduce. Success, in a networked world of decentralized nodes, belongs to those
+plans that do not resist either the replication or roaming urges of information.
+Sprague’s encrypted meter capitalizes on the distinction between pay and copy. “It
+is easy to make software count how many times it has been invoked, but hard to make
+it count how many times it has been copied,” says software architect Brad Cox. In a message
+broadcast on the Internet, Cox writes:
+Software objects differ from tangible objects in being fundamentally unable to monitor
+their copying but trivially able to monitor their use....So why not build an information
+age market economy around this difference between manufacturing-age and information-age
+goods? If revenue collection were based on monitoring the use of software
+inside a computer, vendors could dispense with copy protection altogether.
+Cox is a software developer specializing in object-oriented programming. In addition
+to the previously mentioned virtue of reduced bugs which OOP delivers, it offers
+two other magnificent improvements over conventional software. First, OOP provides
+the user with applications that are more fluid, more interoperable with various tasks—
+sort of like a house with movable “object” furniture instead of house saddled with
+built-in furniture. Second, OOP provides software developers the ability to “reuse” modules
+of software, whether they wrote the modules themselves or purchased them from
+someone else. To build a database, an OOP designer like Cox takes a sort routine, a field
+manager, a form generator, an icon handler, etc., and assembles the program instead of
+rewriting a working whole from scratch. Cox developed a set of cool OOP objects that
+he sold to Steve Jobs to use in his Next machine, but selling small bits of modular code as
+a regular business has been slow. It is similar to trying to peddle limericks one by one. To
+recoup the great cost of writing an individual object by selling it outright would garner
+too few sales, but selling it by copy is too hard to monitor or control. But if objects could
+generate revenue each time a user activated one, then an author could make a living 
+187
+creating them.
+While contemplating the possible market for OOP objects that were sold on a “per
+use” plan, Cox uncovered the natural grain in networked intelligence: Let the copies
+flow, and pay per use. He says, “The premise is that copy protection is exactly the wrong
+idea for intangible, easily copied goods such as software. You want information-age
+goods to be freely distributed and freely acquired via whatever distribution means you
+want. You are positively encouraged to download software from networks, give copies to
+your friends, or send it as junk mail to people you’ve never met. Broadcast my software
+from satellites. Please!”
+Cox adds (in echo of Peter Sprague, although surprisingly the two are unfamiliar
+with each other’s work), “This generosity is possible because the software is actually
+‘meterware.’ It has strings attached that make revenue collection independent of how
+the software was distributed.”
+“The approach is called superdistribution,” Cox says, using a term given by Japanese
+researchers to a similar method they devised to track the flow of software through a
+network. Cox: “Like superconductivity, it lets information flow freely, without resistance
+from copy protection or piracy.”
+The model is the successful balance of copyright and use rights worked out by the
+music and radio industries. Musicians earn money not only by selling customers a copy
+of their work but by selling broadcast stations a “use” of their music. The copies are supplied
+free, sent to radio stations in a great unmonitored flood by the musicians’ agents.
+The stations sort through this tide of free music, paying royalties only for the music they
+broadcast, as metered (statistically) by two agencies representing musicians, ASCAP and
+BMI.
+JEIDA, a Japanese consortium of computer manufacturers, developed a chip and
+a protocol that allows each Macintosh on a network to freely replicate software while
+metering use rights. According to Ryoichi Mori, the head of JEIDA, “Each computer is
+thought of as a station that broadcasts, not the software itself, but the use of the software,
+to an audience of a single ‘listener.’” Each time your Mac “plays” a piece of software
+or a software component from among thousands freely available, it triggers a royalty.
+Commercial radio and TV provide an “existence proof ” of a working superdistribution
+system in which the copies are disseminated free and the stations only pay for what they
+use. Musicians would be quite happy if one radio station made copies of their tapes and
+distributed them to other stations (“Free the bits!”) because it increases the likelihood of
+some station using their music.
+JEIDA envisions software percolating through large computer networks unencumbered
+by restrictions on copying or mobility. Like Cox, Sprague, and the cypherpunks,
+JEIDA counts on public-key encryption to keep these counts private and untampered as
+they are transmitted to the credit center. Peter Sprague says plainly, “Encrypted metering
+is an ASCAP for intellectual property.”
+Cox’s electronically disseminated pamphlet on superdistribution sums up the virtues
+very nicely:
+Whereas software’s ease of replication is a liability today, superdistribution makes it an
+asset. Whereas software vendors must spend heavily to overcome software’s invisibility,
+superdistribution thrusts software out into the world to serve as its own advertisement.
+A hoary ogre known as the Pay-Per-View Problem haunts the information economy.
+In the past this monster ate billions of dollars in failed corporate attempts to sell movies,
+databases, or music recordings on a per view or per use basis. The ogre still lives. The
+problem is, people are reluctant to pay in advance for information they haven’t seen
+because of their hunch that they might not find it useful. They are equally unwilling to 
+188
+pay after they have seen it because their hunch usually proves correct: they could have
+lived without it. Can you imagine being asked to pay after you’ve seen a movie? Medical
+knowledge is the only type of information that can be easily sold sight unseen because
+the buyers believe they can’t live without it.
+The ogre is usually slain with sampling. Moviegoers are persuaded to pay beforehand
+by lapel-grabbing trailers. Software is loaned among friends for trial; books and
+magazines are browsed in the bookstore.
+The other way to slay the problem is by lowering the price of admission. Newspapers
+are cheap; we pay before looking. The ingenious thing about information metering
+is that it delivers two solutions: it provides a spigot to record how much data is used, and
+it provides a spigot that can be turned down to a cheap trickle. Encryption-metering
+chops big expensive data hunks into small inexpensive doses of data. People will readily
+pay for bits of cheap information before viewing, particularly if the payment invisibly
+deducts itself from an account.
+The fine granularity of information-metering gets Peter Sprague excited. When
+asked for an example of how fine it could get, he volunteers one so fast it’s obvious that
+he has been giving it some thought: “Say you want to write obscene limericks from your
+house in Telluride, Colorado. If you could write one obscene limerick a day, we can
+probably find 10,000 people in the world who want to pay 10 cents a day to get it. We’ll
+collect $365,000 per year and pay you $120,000, and then you can ski for the rest of
+your life.” In no other kind of marketplace would one measly limerick, no matter how
+bawdy and clever, be worth selling on its own. Maybe a book of them—an ocean of limericks—but
+not one. Yet in an electronic marketplace, a single limerick—the information
+equivalent of a stick of gum—is worth producing and offering for sale.
+Sprague ticks off a list of other fine-grained items that might be traded in such a
+marketplace. He catalogs what he’d pay for right now: “I want the weather in Prague for
+25 cents per month, I want my stocks updated for 50 cents a stock, I want the Dines Letter
+for $12 a week, I want the congestion report from O’Hare Airport updated continuously
+because I’m always getting stuck in Chicago, so I’ll pay a buck per month for that, and I
+want ‘Hagar the Horrible’ cartoon for a nickel a day.” Each of these products is currently
+either given away scattershot or peddled in the aggregate very expensively. Sprague’s
+electronically mediated marketplace would “unbundle” the data and deliver a narrowly
+selected piece of information to your desktop or mobile palmtop for a reasonable price.
+Encryption would meter it out, preventing you from filching other tiny bits of data that
+would hardly be worth protecting (or selling) in other ways. In essence, the ocean of
+information flows through you, but you only pay for what you drink.
+At the moment, this particular technology of disconnection exists as a $95 circuit
+board that can slide into a personal computer and plug into a phone line. To encourage
+established computer manufacturers such as Hewlett-Packard to hardwire a similar
+board into units coming off their assembly line, Sprague’s company, Waves, Inc., offers
+manufacturers a percentage of the revenue the encryption system generates. Their first
+market is lawyers, “because,” he says, “lawyers spend $400 a month on information
+searches.” Sprague’s next step is to compress the encrypto-metering circuits and the
+modem down into a single $20 microchip that can be tucked into beepers, video recorders,
+phones, radios, and anything else that dispenses information. Ordinarily, this vision
+might be dismissed as the pipe dream of a starry-eyed junior inventor, but Peter Sprague
+is chairman and founder of National Semiconductor, one of the major semiconducter
+manufacturers in the world. He is sort of a Henry Ford of silicon chips. A cypherpunk,
+not. If anyone knows how to squeeze a revolutionary economy onto the head of a pin, it
+might be him.
+Anything holding an electric charge w ill hold a fiscal charge
+This anticipated information economy and network culture still lacks one vital
+component—an ingredient that, once again, is enabled by encryption, and a key element
+that, once again, only long-haired crypto-rebels are experimenting with: electronic cash.
+We already have electronic money. It flows daily in great invisible rivers from bank
+vault to bank vault, from broker to broker, from country to country, from your employer
+to your bank account. One institution alone, the Clearing House Interbank Payment
+System, currently moves an average of a trillion dollars (a million millions) each day via
+wire and satellite.
+But that river of numbers is institutional electronic money, as remote from electronic
+cash as mainframes are from PCs. When pocket cash goes digital—demassified into data
+in the same transformation that institutional money underwent—we’ll experience the
+deepest consequences of an information economy. Just as computing machines did not
+reorganize society until individuals plugged into them outside of institutions, the full
+effects of an electronic economy will have to wait until everyday petty cash (and check)
+transactions of individuals go digital.
+We have a hint of digital cash in credit cards and ATMs. Like most of my generation,
+I get the little cash I use at an ATM, not having been inside a bank in years. On
+average, I use less cash every month. High-octane executives fly around the country
+purchasing everything on the go—meals, rooms, cabs, supplies, presents—carrying no
+more than $50 in their wallets. Already, the cashless society is real for some.
+Today in the U.S., credit card purchases are used for one-tenth of all consumer
+payments. Credit card companies salivate while envisioning a near future where people
+routinely use their cards for “virtually every kind of transaction.” Visa U.S.A. is experimenting
+with card-based electronic money terminals (no slip to sign) at fast-food shops
+and grocery stores. Since 1975, Visa has issued over 20 million debit cards that deduct
+money from one’s bank account. In essence, Visa moved ATMs off of bank walls and
+onto the front counters of stores.
+The conventional view of cashless money thus touted by banks and most futurists is
+not much more than a pervasive extension of the generic credit card system now operating.
+Alice has an account at National Trust Me Bank. The bank issues her one of their
+handy-dandy smart cards. She goes to an ATM and loads the wallet-size debit card with
+$300 cash deducted from her checking account. She can spend her $300 from the card
+at any store, gas station, ticket counter, or phone booth that has a Trust Me smart-card
+slot.
+What’s wrong with this picture? Most folks would prefer this system over passing
+around portraits of dead presidents. Or over indebtedness to Visa or MasterCard. But
+this version of the cashless concept slights both user and merchant; therefore it has slept
+on the drawing boards for years, and will probably die there.
+Foremost among the debit (or credit) card’s weaknesses is its nasty habit of leaving
+every merchant Alice buys from—newsstand to nursery—with a personalized history
+of her purchases. The record of a single store is not worrisome. But each store’s file of
+Alice’s spending is indexed with her bank account number or Social Security number.
+That makes it all too easy, and inevitable, for her spending histories to be combined,
+store to store, into an exact, extremely desirable marketing profile of her. Such a mon-
+190
+etary dossier holds valuable information (not to mention private data) about her. She has
+no control over this information and derives no compensation for it.
+Second, the bank is obliged to hand out whiz-bang smart cards. Banks being the legendary
+cheapskates they are, you know who is going to pay for them, at bank rates. Alice
+will also have to pay the bank for the transaction costs of using the money card.
+Third, merchants pay the system a small percentage whenever a debit card is used.
+This eats into their already small profits and discourages vendors from soliciting the
+card’s use for small purchases.
+Fourth, Alice can only use her money at establishments equipped with slots that
+accept Trust Me’s proprietary technology. This hardware quarantine has been a prime
+factor in the nonhappening of this future. It also eliminates person-to-person payments
+(unless you want to carry a slot around for others to poke into). Furthermore, Alice can
+only refill her card (essentially purchase money) at an official Trust Me ATM branch.
+This obstacle could be surmounted by a cooperative network of banks using a universal
+slot linked into an internet of all banks; a hint of such a network already exists.
+The alternative to debit card cash is true digital cash. Digital cash has none of the
+debit or credit card’s drawbacks. True digital cash is real money with the nimbleness of
+electricity and the privacy of cash. Payments are accountable but unlinkable. The cash
+does not demand proprietary hardware or software. Therefore, money can be received
+or transferred from and to anywhere, including to and from other individuals. You don’t
+need to be a store or institution to get paid in nonpaper money. Anyone connected can
+collect. And any company with the right reputation can “sell” electronic money refills, so
+the costs are at market rates. Banks are only peripherally involved. You use digital cash to
+order a pizza, pay for a bridge toll, or reimburse a friend, as well as to pay the mortgage,
+if you want. It is different from plain old electronic money in that it can be anonymous
+and untraceable except by the payer. It is fueled by encryption.
+The method, technically known as blinded digital signatures, is based on a variant
+of a proven technology called public-key encryption. Here’s how it works at the consumer
+level. You use a digicash card to pay Joe’s Meat Market for a prime roast. The
+merchant can verify (by examining the digital signature of the bank issuing the money)
+that he was paid with money that had not been “spent” before. Yet, he’ll have no record
+of who paid him. After the transaction, the bank has a verifiable account that you spent
+$7, and spent it only once, and that Joe’s Meat Market did indeed receive $7. But those
+two sides of the transaction are not linked and cannot be reconstructed unless you the
+payer enable them to be. It seems illogical at first that such blind but verifiable transactions
+can occur, but the integrity of their “disconnection” is pretty watertight.
+Digital cash can replace every use of pocket cash except flipping a coin. You have
+a complete record of all your payments and to whom they were made. “They” have a
+record of being paid but not by whom they were made. The reliability of both impeccably
+accurate accounting and 100 percent anonymity is ranked mathematically “unconditional”—without
+exceptions.
+The privacy and agility of digital cash stems from a simple and clever technology.
+When I ask a digicash card entrepreneur if I could see one of his smart cards, he says
+that he is sorry. He thought he had put one in his wallet but can’t find it. It looks like a
+regular credit card, he says, showing me his very small collection of them. It looks like...
+why, here it is! He slips out a blank, very thin, flexible card. The plastic rectangle holds
+math money. In one corner is a small gold square the size of a thumbnail. This is a computer.
+The CPU, no larger than a soggy cornflake, contains a limited amount of cash,
+say, $500 or 100 transactions, whichever comes first. This one, made by Cylink, contains
+a coprocessor specifically designed to handle public-key encryption mathematics. On 
+191
+the tiny computer’s gold square are six very minute surface contacts which connect to an
+online computer when the card is inserted into a slot.
+Less smart cards (they don’t do encryption) are big in Europe and Japan, where 61
+million of them are already in use. Japan is afloat in a primitive type of electronic currency—prepaid
+magnetic phone cards. The Japanese national phone company, NTT,
+has so far sold 330 million (some 10 million per month) of them. Forty percent of the
+French carry smart cards in their wallets today to make phone calls. New York City
+recently introduced a cashless phone card for a few of its 58,000 public phone booths.
+New York is motivated not by futurism but by thieves. According to The New York Times,
+“Every three minutes, a thief, a vandal, or some other telephone thug breaks into a coin
+box or yanks a handset from a socket. That’s more than 175,000 times a year,” and costs
+the city $10 million annually for repairs. The disposable phone card New York uses is
+not very smart, but it’s adequate. It employs an infrared optical memory, common in
+European phone cards, which is hard to counterfeit in small quantities but cheap to
+manufacture in large numbers.
+In Denmark, smart cards substitute for the credit cards the Danes never got. So
+everyone who would tote a credit card in America, packs a smart debit card in Denmark.
+Danish law demanded two significant restrictions: (1) that there be no minimum purchase
+amount; (2) that there be no surcharge for the card’s use. The immediate effect was
+that the cards began to replace cash in everyday use even more than checks and credit
+cards have replaced cash in the States. The popularity of these cards is their undoing
+because unlike cheap, decentralized phone cards, these cards rely on real-time interactions
+with banks. They are overloading the Danish banking system, hogging phone lines
+as the sale of each piece of candy is transmitted to the central bank, flooding the system
+with transactions that cost more than they are worth.
+David Chaum, a Berkeley cryptographer now living in Holland, has a solution.
+Chaum, head of the cryptography group at the center for Mathematics and Computer
+Science in Amsterdam, has proposed a mathematical code for a distributed, true digital
+cash system. In his solution, everyone carries around a refillable smart card that packs
+anonymous cash. This digicash seamlessly intermingles with electronic cash from home,
+company, or government. And it works offline, freeing the phone system.
+Chaum looks like a Berkeley stereotype: gray beard, full mane of hair tied back in
+a professional ponytail, tweed jacket, sandals. As a grad student, Chaum got interested
+in the prospects and problems of electronic voting. For his thesis he worked on the idea
+of a digital signature that could not be faked, an essential tool for fraud-proof electronic
+elections. From there his interest drifted to the similar problem in computer network
+communications: how can you be sure a document is really from whom it claims to be
+from? At the same time he wondered: how can you keep certain information private and
+untraceable? Both directions—security and privacy—led to cryptography and a Ph.D. in
+that subject.
+Sometime in 1978, Chaum says, “I had this flash of inspiration that it was possible
+to make a database of people so that someone could not link them all together, yet you
+could prove everything about them was correct. At the time, I was trying to convince
+myself that it was not possible, but I saw a loophole, how you might do it and I thought,
+gee....But it wasn’t until 1984 or ’85 that I figured out how to actually do that. ”
+“Unconditional untraceability” is what Chaum calls his innovation. When this
+code is integrated with the “practically unbreakable security” of a standard public-key
+encryption code, the combined encryption scheme can provide anonymous electronic
+money, among other things. Chaum’s encrypted cash (to date none of the other systems
+anywhere are encrypted) offers several important practical improvements in a card-based 
+192
+electronic currency.
+First, it offers the bonafide privacy of material cash. In the past, if you bought a
+subversive pamphlet from a merchant for a dollar, he had a dollar that was definitely
+a dollar and could be paid to anyone else; but he had no record of who gave him that
+dollar or any way to provably reconstruct who gave it to him. In Chaum’s digital cash,
+the merchant likewise gets a digital dollar transferred from your card (or from an online
+account), and the bank can prove that indeed he definitely has one dollar there and no
+more and no less, but no one (except you if you want) can prove where that dollar came
+from.
+One minor caveat: the smart-card versions of cash implemented so far are, alas, as
+vulnerable and valuable as cash if lost or stolen. However, encrypting them with a PIN
+password would make them substantially more secure, though also slightly more hassle
+to use. Chaum predicts that users of digicash will use short (4-digit) PINs (or none at all)
+for minor transactions and longer passwords for major ones. Speculating a bit, Chaum
+David Chaum in his Berkeley home.
+193
+says, “To protect herself from a robber who might force her to give up her passwords at
+gunpoint, Alice could use a ‘duress code’ that would cause the card to appear to operate
+normally, while hiding its more valuable assets.”
+Second, Chaum’s card-based system works offline. It does not require instant verification
+via phone lines as credit cards do, so the costs are minimal and perfect for the
+numerous small-time cash transactions people want them for—parking meters, restaurant
+meals, bus rides, phone calls, groceries. Transaction records are ganged together
+and zapped once a day, say, to the central accountant computer.
+During this day’s delay, it would theoretically be possible to cheat. Electronic money
+systems dealing in larger amounts, running online in almost real time, have a smaller
+window for cheating—the instant between sending and receiving—but the minute opportunity
+is still there. While it is not theoretically possible to break the privacy aspect
+of digital cash (who paid whom) if you were desperate enough for small cash, you could
+break the security aspect—has this money been spent?—with supercomputers. By breaking
+the RSA public-key code, you could use the compromised key to spend money more
+than once. That is, until the data was submitted to the bank and they caught you. For
+in a delicious quirk, Chaum’s digital cash is untraceable except if you try to cheat by
+spending money more than once. When that happens, the extra bit of information the
+twice-spent money now carries is enough to trace the payer. So electronic money is as
+anonymous as cash, except for cheaters!
+Because of its cheaper costs, the Danish government is making plans to switch from
+the Dencard to the Dencoin, an offline system suited to small change. The computational
+overhead needed to run a system like this is nano-small. Each encrypted transaction
+on a smart card consumes only 64 bytes. (The previous sentence contains 67 bytes.) A
+household’s yearly financial record of all income and all expenditure would easily fit on
+one hi-density floppy disk. Chaum calculates that the existing mainframe computers in
+banks would have more-than-adequate computational horsepower to handle digital cash.
+The encryption safeguards of an offline system would reduce much of the transactional
+computation that occurs online over phone lines (for ATMs and credit card checks),
+enabling the same banking computers to cover the increase in electronic cash. Even if
+we assume that Chaum guessed wrong about the computational demands of a scaled-up
+system, and he is off by a factor of ten, computer speed is accelerating so fast that this
+defers the feasibility of using existing bank power by only a few years.
+In variations on Chaum’s basic design, people may also have computer appliances
+at home, loaded with digital cash software, which allow them to pay other individuals,
+and get paid, over phone lines. This would be e-money on the networks. Attached to
+your e-mail message to your daughter is an electronic $100 bill. She may use that cash
+to purchase via e-mail an airplane ticket home. The airline sends the cash to one of
+their vendors, the flight’s meal caterer. In Chaum’s system nobody has any trace of the
+money’s path. E-mail and digital cash are a match made in heaven. Digital cash could
+fail in real life, but it is almost certain to flourish in the nascent network culture.
+I asked Chaum what banks think of digital cash. His company has visited or been
+visited by most of the big players. Do they say, gee, this threatens our business? Or do
+they say, hmm, this strengthens us, makes us more efficient? Chaum: “Well, it ranges. I
+find the corporate planners in $1,000 suits and private dining halls are more interested
+in it than the lower-level systems guys because the planners’ job is to look to the future.
+Banks don’t go about building stuff themselves. They have their systems guys buy stuff
+from vendors. My company is the first vendor of electronic money. I have a very extensive
+portfolio of patents on electronic money, in the U.S., Europe, and elsewhere.” Some
+of Chaum’s crypto-anarcho friends still give him a hard time about taking out patents on 
+194
+this work. Chaum tells me in defense, “It turns out that I was in the field very early so I
+wiped out all the basic problems. So most of the new work now [in encrypted electronic
+money] are extensions and applications of the basic work I did. The thing is, banks don’t
+want to invest into something that is unprotected. Patents are very helpful in making
+electronic money happen.”
+Chaum is an idealist. He sees security and privacy as a tradeoff. His larger agenda
+is providing tools for privacy in a networked world so that privacy can be balanced with
+security. In the economics of networks, costs are disproportionately dependent on the
+number of other users. To get the Fax Effect going, you need a critical mass of early
+adopters. Once beyond the threshold, the event is unstoppable because it is self-reinforcing.
+Electronic cash shows all the signs of having a lower critical mass threshold than
+other implementations of data privacy. Chaum is betting that an electronic cash system
+inside an e-mail network, or a card-based electronic cash for a local public transportation
+network, has the lowest critical mass of all.
+The most eager current customers for digital cash are European city officials. They
+see card-based digital cash as the next step beyond magnetic fast-passes now issued regularly
+by most cities’ bus and subway departments. One card is filled with as much bus
+money as you want. But there are added advantages: the same card could fit into parking
+meters when you did drive or be used on trains for longer-distance travel.
+Urban planners love the idea of automatic tolls charging vehicles for downtown
+entry or crossing a bridge without having the car stop or slow down. Bar-code lasers can
+identify moving cars on the road, and drivers will accept purchasing vouchers. What’s
+holding up a finer-grain toll system is the Orwellian fear that “they will have a record of
+my car’s travels.” Despite that fear, automatic tolls that record car identities are already
+operating in Oklahoma, Louisiana, and Texas. Three states in the busy Northeast
+have agreed to install one compatible system starting with experimental setups on two
+Manhattan/New Jersey bridges. In this system, a tiny card-size radio taped to the car
+windshield transmits signals to the toll gate which deducts the toll from your account at
+the gate (not from the card). Similar equipment running on the Texas turnpike system
+is 99.99 percent reliable. These proven toll mechanisms could easily be modified to
+Chaum’s untraceable encrypted payments, and true electronic cash, if people wanted.
+In this way the same cash card that pays for public transportation can also be used
+to cover fees for private transportation. Chaum relates that in his experience with European
+cities, the Fax Effect—the more people online, the more incentive to join—takes
+hold, quickly drawing other uses. Officials from the phone company get wind of what’s
+up and make it known that they would like to use the card to rid themselves of a nasty
+plague called “coins” that bog public phones down. Newspaper vendors call to inquire if
+they can use the card.... Soon the economics of networks begin to take over.
+Ubiquitous digital cash dovetails well with massive electronic networks. It’s a pretty
+sound bet that the Internet will be the first place that e-money will infiltrate deeply. Money
+is another type of information, a compact type of control. As the Net expands, money
+expands. Wherever information goes, money is sure to follow. By its decentralized,
+distributed nature, encrypted e-money has the same potential for transforming economic
+structure as personal computers did for overhauling management and communication
+structure. Most importantly, the privacy/security innovations needed for e-money are
+instrumental in developing the next level of adaptive complexity in an information-based
+society. I’d go so far as to say that truly digital money—or, more accurately, the economic
+mechanics needed for truly digital cash—will rewire the nature of our economy, communications,
+and knowledge. 
+195
+ Peer-to-peer finance with nanobucks
+The consequential effects of digital money upon the hive mind of our network
+economy are already underway. Five we can expect are:
+• Increased velocity. When money is disembodied—removed from any material basis at
+all—it speeds up. It travels farther, faster. Circulating money faster has an effect similar
+to circulating more money. When satellites went up, enabling near-the-speed-of-light,
+round-the-clock world stock trade, they expanded the amount of global money by 5 percent.
+Digital cash used on a large scale will further accelerate money’s velocity.
+• Continuity. Money that is composed of gold, precious materials, or paper comes in
+fixed units that are paid at fixed times. The ATM spits out $20 bills; that’s it. You pay the
+phone company once a month even though you use the phone everyday. This is batchmode
+money. Electronic money is continuous-flow. It allows recurring expenses to be
+paid, in Alvin Toffler’s phrase, by “bleeding electronically from one’s bank account in
+tiny droplets, on a minute-by-minute basis.” Your e-money account pays for each phone
+call as soon as you hang up, or—how about this?—as you are talking. Payment coincides
+with use. Together with its higher velocity, continuous electronic money can approach
+near instantaneity. This puts a crimp on banks which derive a lot of their current profit
+on the “float”—which instantaneity erases.
+• Unlimited fungibility. Finally, really plastic money. Once completely disembodied, digitized
+money escapes from a single transmission form and merrily migrates to whatever
+medium is handiest. Separate billing fades away. Accounts can be interleaved with the
+object or service itself. The bill for a video comes incorporated into the video. Invoices
+reside alongside of bar codes and can be paid with the zap of a laser. Anything that can
+hold an electronic charge can hold a fiscal charge. Foreign currencies become a matter
+of changing a symbol. Money is as malleable as digitized information. This makes it all
+the easier to monetize exchanges and interactions that were never part of an economy
+before. It opens the floodgates of commerce onto the Net.
+• Accessibility. Until now, sophisticated manipulations of money have been the private
+domain of professional financial institutions—a financial priesthood. But just as a million
+Macs broke the monopoly of the high priests guarding access to mainframe computers,
+so e-money will break the monopoly of financial Brahmins. Imagine if you could charge
+(and get) interest on any money due you by dragging an icon over that electronic invoice.
+Imagine if you could factor in the “interest due” icon and give it variable interest, ballooning
+as it aged. Or maybe you would charge interest by the minute if you sent a
+payment in early. Or program your personal computer to differentially pay bills depending
+on the prime rate—programmed bill-trading for amateurs. Or perhaps you would
+engineer your computer to play with exchange rates, paying bills in whatever currency
+is least valuable at the time. All manner of clever financial instruments will surface once
+the masses can drink from the same river of electronic money as the pros. To the list of
+things to hack, we may now add finance. We are headed toward programmed capitalism.
+• Privatization. The ease with which e-money is caught, flung, and shaped makes it
+ideal for private currencies. The 214 billion yen tied up by Japan’s NTT’s phone cards
+is one limited type of private currency. The law of the Net is: he who owns a computer
+not only owns a printing press, but also a mint, when that computer is linked to e-money.
+Para-currencies can pop up anywhere there is trust (and fail there, too).
+196
+Historically, most modern barter networks rapidly slide into exchanges of real currency;
+one could expect the same in electronic barter clubs, but the blinding efficiency
+of an e-money system may not tend that way. The $350 billion tax question is whether
+para-currency networks would ever rise above unofficial status.
+The minting and issuing of currency has been one of the few remaining functions
+of government that the private sector has not encroached upon. E-money will lower
+this formidable barrier. By doing so it will provide a powerful tool to private governance
+systems, such as might be established by renegade ethnic groups, or the “edge cities”
+proliferating near the world’s megacities. The use of institutional electronic money transfers
+to launder money on a global scale is already out of anyone’s control.
+ Fear of underwire economies
+The nature of e-money —invisible, lightning quick, cheap, globally penetrating—is
+likely to produce indelible underground economies, a worry way beyond mere laundering
+of drug money. In the net-world, where a global economy is rooted in distributed
+knowledge and decentralized control, e-money is not an option but a necessity. Paracurrencies
+will flourish as the network culture flourishes. An electronic matrix is destined
+to be an outback of hardy underwire economies. The Net is so amicable to electronic cash
+that once established interstitially in the Net’s links, e-money is probably ineradicable.
+In fact, the legality of anonymous digital cash is in limbo from the start. There are
+now strict limits to the size of transactions U.S. citizens can make with physical cash;
+try depositing $10,000 in greenbacks in a bank. At what amount will the government
+limit anonymous digital cash? The drift of all governments is to demand fuller and fuller
+disclosures of financial transactions (to make sure they get their cut of tax) and to halt
+unlawful transactions (as in the War on Drugs). The prospect of allowing untraceable
+commerce to bloom on a federally subsidized network would probably have the U.S.
+government seriously worried if they were thinking about it. But they aren’t. A cashless
+society smells like stale science-fiction, and the notion reminds every bureaucrat drowning
+in paper of the unfulfilled predictions of a paperless society. Eric Hughes, maintainer
+of the cypherpunks’ mailing list, says, “The Really Big Question is, how large can the
+flow of money on the nets get before the government requires reporting of every small
+transaction? Because if the flows can get large enough, past some threshold, then there
+might be enough aggregate money to provide an economic incentive for a transnational
+service to issue money, and it wouldn’t matter what one government does.”
+Hughes envisions multiple outlets for electronic money springing up all over the
+global net. The vendors would act like traveler’s check companies. They would issue
+e-money for, say, a 1 percent surcharge. You could then spend Internet Express Checks
+wherever anyone accepts them. But somewhere on the global Net, underwire economies
+would dawn, perhaps sponsored by the governments of struggling developing countries.
+Like the Swiss banks of old, these digital banks would offer unreported transactions.
+Paying in online Nigerian nairas from a house in Connecticut would be no more difficult
+than using U.S. dollars. “The interesting market experiment,” Hughes says, “is to see
+what the difference in the charge for anonymous money is, once the market equalizes. I
+bet it’ll be on the order of 1–3 percent higher, with an upper limit of about 10 percent.
+That amount will be the first real measure of what financial privacy is worth. It might
+also be the case that anonymous money will be the only kind of money. ”
+197
+Usable electronic money may be the most important outcome of a sudden grassroots
+takeover of the formerly esoteric and forbidden field of codes and ciphers. Everyday
+e-money is one novel use for encryption that never would have occurred to the military.
+There are certainly many potential uses of encryption that the cypherpunks’ own
+ideological leanings blind them to, and that will have to wait until encryption technology
+enters the mainstream—as it certainly will.
+To date encryption has birthed the following: digital signatures, blind credentials
+(you have a diploma that says, yes, you have a Ph.D., yet no one can link that diploma
+with the other diploma in your name from traffic school), anonymous e-mail, and electronic
+money. These species of disconnection thrive as networks thrive.
+Encryption wins because it is the necessary counterforce to the Net’s runaway
+tendency to link. Left to itself, the Net will connect everyone to everyone, everything to
+everything. The Net says, “Just connect.” The cipher, in contrast, says, “Disconnect.”
+Without some force of disconnection, the world would freeze up in an overloaded tangle
+of unprivate connections and unfiltered information.
+I’m listening to the cypherpunks not because I think that anarchy is a solution to
+anything but because it seems to me that encryption technology civilizes the grid-locking
+avalanche of knowledge and data that networked systems generate. Without this taming
+spirit, the Net becomes a web that snares its own life. It strangles itself by its own prolific
+connections. A cipher is the yin for the network’s yang, a tiny hidden force that is able to
+tame the explosive interconnections born of decentralized, distributed systems.
+Encryption permits the requisite out-of-controllness that a hive culture demands in
+order to keep nimble and quick as it evolves into a deepening tangle.