[11676] in cryptography@c2.net mail archive
Re: Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Sep 18 09:22:26 2002
Date: Tue, 17 Sep 2002 23:45:38 -0400
From: Adam Shostack <adam@homeport.org>
To: jon@jonsimon.com
Cc: cryptography <cryptography@wasabisystems.com>
In-Reply-To: <a05111b03b9ad3a45bca0@[207.172.166.194]>
On Tue, Sep 17, 2002 at 01:07:43PM -0700, jon@jonsimon.com wrote:
| >Now, lets say you don't tell the customer with known bad
| >software to go away, because you value their business. Are you now
| >culpable in some way? After all, you *knew* that client was
| >comprimised...
|
| As far as I know, banks assume that a certain percentage of their
| transactions will be bad and build that cost into their business
| model. Credit and ATM cards and numbers are as far from secure as
| could be, far less secure than somebody doing online transactions
| from a Wintel machine on an unencrypted connection, let alone an
| encrypted one. Until somebody takes full advantage of the current
| system and steals a few trillion dollars in one day, the problems are
| easier to deal with than a solution. Until that happens, there's no
| reason for banks to go through the pain of dealing with or requiring
| Pd.
And after that happens, and the Fed declares a roll-back of a day,
there still won't be a reason.
Here's a fun thought experiment: How much money could you steal and
launder before you cause a catastophic melt-down of the financial
privacy system, a la the way civil liberties have been set aside in
the wake of 9/11?
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
