The Cutting Edge: COMPUTING / TECHNOLOGY / INNOVATION : Encryption Protects Virtual Cash for On-Line Shopping on Net
The Internet is good for a lot of things, but one thing it’s not much good for--at least not yet--is commerce. Plenty of businesses are using the Internet, mostly as a promotional vehicle to disseminate information about their products, but there’s no really good way to buy anything.
Security is the biggest problem. Large commercial services like CompuServe and Prodigy make it possible to buy from a merchant securely, but transactions over the Internet are just too public: If you send your MasterCard number via e-mail, the message might pass through many sites en route, giving the unscrupulous plenty of opportunities to steal your credit card number.
The lack of cyber-money may have prolonged the Net’s communal flavor and pleased some purists. But the absence of a way to pay, say, 25 cents for an investment column or a recipe for reindeer chili means that really good investment columns and reindeer chili recipes are scarce in cyberspace--and everybody is poorer for it.
An Internet-wide system for secure transactions has been the Holy Grail of cyberspace for some time, but only this year has a solution been in sight. During 1994, a whole series of plans for secure credit card transactions and digital cash have been announced, some of them with backing from players big enough that they have to be taken seriously.
One big thrust comes from CyberCash Inc. of Vienna, Va., whose founders and partners include William Melton, the founder of Verifone Inc., which makes machines used by retailers to authorize credit card purchases, and James Bidzos, a major player in software encryption. Bidzos says the goal of CyberCash is “extending the credit card network into the Internet.” Another nascent competitor is First Virtual Holdings Inc., based in San Diego. Headed by Lee Stein, a well-known attorney and financial adviser, First Virtual plans to use a relatively simple e-mail system in which consumers would be asked to confirm every purchase they make. First USA, a Texas bank, would provide credit card authorization and clearing, while giant Electronic Data Systems would handle data processing.
Microsoft Corp. and Visa International also have plans for a system of secure electronic credit card transactions, using encryption technology from RSA Data Security Inc. of Redwood City, Calif., a company headed by Bidzos. Visa and Microsoft have even said they will make their technical specifications public, presumably in hopes of establishing their system as the standard.
And just this week, Netscape Communications, a leading purveyor of the Mosaic software for navigating the Internet, and BankAmerica said they would join forces to develop a secure system for Internet credit card transactions.
But just as most people use plastic for some purchases and cash for others, some entrepreneurs insist that consumers in cyberspace will want virtual cash as well as virtual plastic. And to me, the rise of true digital cash is one of the most interesting developments in cyberspace today.
Digital cash may sound futuristic, but an Amsterdam-based company called DigiCash is working on bringing what it calls e-cash to the Internet. You have to take DigiCash seriously (e-mail info@digicash.nl for information) because it’s owned by David Chaum, a bearded Los Angeles native and Ph.D cryptographer who is a leading light in this field.
Chaumian digital cash relies on a clever dual-key encryption system that simultaneously protects the spender’s privacy, provides the user with a transaction record, and assures that the cash is legitimate. Transaction costs are so low that even purchases costing just pennies won’t break the bank.
The whole thing is based on the concept of the digital signature, familiar to Internet privacy hounds from the PGP, or Pretty Good Privacy, software freely available in cyberspace. PGP relies on a set of “keys,” or codes that the program uses to encrypt and unencrypt messages. A user has a public key, available to everyone, and a private key, which no one else gets. Messages “signed” using the private key can be verified by recipients using the signer’s public key.
Now imagine that Alice wants to buy something from Bob (Alice and Bob are cryptography’s favorite hypotheticals). Alice presents the First Digital Bank with what amounts to a digital check--a 100-digit number randomly generated by her computer, mathematically “blinded,” and “signed” with her private key. The bank verifies her signature (using her public key), replaces it with its own signature, and returns the “money.”
Alice then spends the money at Bob’s on-line store, and receives a record of the transaction. Bob gets the money. And the bank cannot link the specific electronic currency to Alice, which prevents the bank from tracking her activities and preferences.
CyberCash has reportedly been discussing licensing Chaum’s technology, which is showing signs of catching on elsewhere as well. In Germantown, Md., for instance, entrepreneur Bob Houston has created what he calls NetCash, which is already in use here and there (for information, e-mail netbank-info@agents.com).
Chaum’s system could have big implications. It would vastly expand the marketplace for information by permitting sellers to charge as little as pennies at a time. But on a big enough scale, the private and instantaneous nature of Chaumian payments conceivably could erode the power of governments to monitor and tax spending, implement monetary policy and monopolize the issuing of currency.
Kevin Kelly, in his book “Out of Control: The Rise of Neo-Biological Civilization” (Addison-Wesley), suggests that digital cash is the perfect vehicle for the privatization of currency, since “the law of the Net is: He who owns a computer not only owns a printing press, but also a mint.”
He welcomes messages at akstd@news.latimes.com but regrets that he cannot reply to each and every one.
