trc@houti.UUCP (06/02/83)
Just an idea for a partial solution to the electronic funds transfer privacy problem... A proposed method of insuring availability of reasonable privacy for EFT, without extraordinary technology, costs, or burdening of normal transactions where privacy is not so important. (This does not address the EFT identification problem.) Similar to Swiss numbered bank accounts, but more flexible and secure for EFT. EFT systems would be run only by private for-profit institutions, to protect against government snooping. Courts could still get records, but the individual would have to be notified. Others wanting to see or use someone's records should have to get permission from that person. (EG credit agencies.) Privacy would be protected by contract. This would be sufficient for ordinary transactions. When additional privacy is desired, it should be possible to set up special accounts, which would only record the identity of one of the two parties (to eliminate any record of their connection.), or neither of their names (though this has a flaw). To pay someone, the payer would create an account, and deposit the paid amount to the account. He would get back an account number, the date, time, and amount of the deposit. His identity would not be recorded with the account. He would send the account number and other information (perhaps encrypted) to the person to be paid. That person would withdraw the funds from the account. If the payer so specified, the identity of the person paid would be recorded. To extend someone credit, once the terms of the credit were agreed upon, the debtor would create the debt account, usually with his identity recorded. He would send the account information to the creditor, who would use it to check to make sure the account exists, and that the terms of the loan are recorded, if any, with the account. If the account was OK, the creditor would access the account and accept it - or to cancel it if the terms were not right. (Once accepted, the account cannot be cancelled or changed by the debtor. The creditor can never change the terms recorded. His is only a veto power.) The institution might provide a range of automatic interest accumulation services for these "IOU" accounts. In the event that a dispute as to payment arose over one of the private accounts, the account information could be given to the court, and the court would find out if the account has been properly paid off. The privacy would not have to be totally lost - only the judge would have to know of the transaction. For persons who trust each other, and want total secrecy, it should be possible to create totally anonymous accounts, with no identities recorded. Such would not be enforcable in court, though. It should also be possible to create semi-permenant accounts. For example such an account might be used to record a bar tab, which is frequently added to, and occasionally paid off. Tom Craver houti!trc