More actions
Created page with "We should consider that privacy and fraud go together. If privacy means no one knows what we are doing and can never know, then this is exactly what fraudsters want. We have been thinking so far of a system that starts with privacy and then works toward non-privacy depending on the situation. We might instead, just as a thought experiment, think of a system that starts with no privacy and then works toward privacy depending on the situation. Let’s limit this to financ..." |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Main|Privacy, identity, and fraud in the ratings system}} |
|||
We should consider that privacy and fraud go together. If privacy means no one knows what we are doing and can never know, then this is exactly what fraudsters want. We have been thinking so far of a system that starts with privacy and then works toward non-privacy depending on the situation. We might instead, just as a thought experiment, think of a system that starts with no privacy and then works toward privacy depending on the situation. |
We should consider that privacy and fraud go together. If privacy means no one knows what we are doing and can never know, then this is exactly what fraudsters want. We have been thinking so far of a system that starts with privacy and then works toward non-privacy depending on the situation. We might instead, just as a thought experiment, think of a system that starts with no privacy and then works toward privacy depending on the situation. |
||
Latest revision as of 15:56, 7 September 2024
Main article: Privacy, identity, and fraud in the ratings system
We should consider that privacy and fraud go together. If privacy means no one knows what we are doing and can never know, then this is exactly what fraudsters want. We have been thinking so far of a system that starts with privacy and then works toward non-privacy depending on the situation. We might instead, just as a thought experiment, think of a system that starts with no privacy and then works toward privacy depending on the situation.
Let’s limit this to financial transactions only, just to bound things. A zero-privacy financial system is one in which every transaction is open to the public and recorded. We can suppose that it uses a cryptocurrency-like public ledger that anyone can review later. We might further stipulate that it pairs this with some type of biometric national identification system. Of course, there will be ways to circumvent the system, from parties meeting privately in person for trade to cleverly obscuring the nature of transactions. Some parties to fraud may even conduct their business openly, figuring that there is a good level of anonymity in the sheer volume of transactions that would need to be reviewed. Nonetheless, compared to the system we have now, the simple fact of the public nature of the transaction should deter a good deal of fraud. It seems hard to think of a better infrastructural way to do it than to make everything public.
But clearly, a zero-privacy society like this is one we probably wouldn’t want to live in. If Mike is a closet recreational drug user, he might not want Alice, his strict wife, to find out that he’s buying drugs. In a public system it might well be spouses that have the greatest interest in snooping on their partners. Let’s suppose that Mike isn’t doing anything particularly wrong, the drugs he buys are perfectly legal, he’s not addicted to them, he’s an upstanding guy, etc. He just uses drugs recreationally and doesn’t want anyone to know. He wouldn’t like this system for a legitimate privacy reason.
So maybe we can amend the zero-privacy system to encrypt transactions such that they can only be decrypted in cases where a crime is suspected and would need to be investigated. Only law enforcement would have the ability to unlock the transactions. Mike is relieved to know Alice, who is not in law enforcement herself, won’t find out anything.
Such a system depends on trusting law enforcement to use their decryption capability responsibly. The community could demand that warrants be obtained before unlocking data, for instance. The judicial system (not the police) might be the holders of the decryption key and would only release it to law enforcement upon the approval of a warrant request. Even so, this system would leave many community members uncomfortable. Now they have to trust a central authority, the police, or the police and the courts, with their data.
An alternative system might allow parties in a transaction to share a private key and encrypt their transaction with that. Only the holders of the key could decrypt it (ie symmetric encryption). The transactions would still be stored centrally. Nefarious actors could then proceed to keep an illegal transaction private but each party would have to trust the other guy not to reveal the key to law enforcement in the event of an investigation. Would this be enough? It seems like a fairly robust system of privacy that, because of its public nature, still might be effective in deterring criminal behavior.
We might envision further privacy enhancing arrangements such as Diffie-Hellman key exchange where one party to a transaction has a public-private key pair which is combined with the corresponding key pair for the other party. Now each party has to agree to decrypt any shared secret between them. This is unbreakable by law enforcement unless all parties agree to divulge their private key.
Other privacy obfuscating technologies exist like the Monero cryptocurrency system. This system is considered to be virtually unbreakable although Chainalysis, a company devoted to tracing crypto-transactions, has been awarded a government contract to try.
In any event, it would seem that for financial fraud at least, communities would have a wide array of choices in balancing privacy and crime prevention.