This post is in response to a comment on my blog post about Financial Privacy. See https://www.linkedin.com/groups/42462/42462-6280511786831659008
Anonymization
I use terms like unlinkability and anonymity in the academic vernacular, not in respect to any legal definition. After all, the law can define a word to mean anything it wants. The technique used to anonymize the transaction is similar to Anonymous Lightweight Credentials (see https://eprint.iacr.org/2012/298.pdf for more information on ASL). Breaking the anonymity would require solving the discrete log problem. Solving that problem would put in jeopardy much of the cryptography upon which the world relies today, so I’m reasonably confident of its security for the moment. Spending a token under the Microdesic system based on the technique allows the user to prove they have the right to spend a token without identifying themselves as a particular person who owns a particular token.
Now, as far as de-anonymization under fraud, if a user double spends the same token, they reveal themselves. If I were to offer a somewhat real world analogy, it would go like this: I walk into a store. If I’m minding my own business, the store can’t distinguish me from any other customer in the store. I can purchase what I want and remain anonymous (subject to the store taking other measures outside this scenario, like performing facial recognition). However, if I commit a crime (in this case fraud), the store forces me to leave my passport behind. (It is sometimes hard to create real world analogies of the strange world of cryptography, but this should suffice).
In other words, prior to committing that fraudulent act, I’m anonymous. In the act of committing that fraud (in order for the store to accept my digital token/money), I’m standing up and announcing my identity and revealing my past purchases.
Returning, now to the law and specifically Recital 26 of the GPDR, it states “To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments.” There is clearly a temporal element. In other words, we need not account for a super computer in the distant future, or someone solving the discrete log problem. I also doubt the GDPR contemplates forcing the user to reidentify him or herself as a reasonable means of reidentification. Surely, they aren’t saying that if you rubber-hose the user and tell them to identify when and where they made a purchase, that’s reidentification. The data subject always knows that information, the question is whether anyone else can ascertain it without the user’s assistance. Under the Microdesic system, at the time of a non-fraudulent transaction, there is no reasonable means of reidentification (i.e. you must solve the discrete log problem).
The Middle Man
The subject of my previous post was financial privacy vis-à-vis decisional interference. The comment to which this post replies posed the question of whether Microdesic becomes the middle-man with the ability to interfere in the decision-making capabilities (i.e. spending decisions) of the user. Let me first explain by counter-example. When a payment authorization request comes in to PayPal, it knows the account of the spender, the account of the recipient, who those parties are, how much is being transferred and some extra data collected (such as in a memo, etc.). At that point, PayPal could, based on that information, prevent the transaction from occurring. Maybe they think the amount is too high. Maybe the memo indicates the person is purchasing something against PayPal’s AUP. The point is they can stop the transaction at the point of transaction. The way Microdesic works is different. A user in the Microdesic system is issued fungible tokens. From the system perspective, those tokens are indistinguishable from user to user. In fact, the system uses ring signatures which mixes a user’s tokens with other user’s tokens, to reduce correlation through forensic tracing. The tokens are then spent “offline” without the support of the Microdesic server. All the merchant knows is that they are receiving a valid token. Microdesic has no ability to prevent the transaction at the time of transaction.
Now for a bit of a caveat. Because the tokens are one time spends, the Merchant must subsequently redeem the tokens, either for other tokens or for some other form of money held in escrow against the value of the tokens. Microdesic could at this point require the Merchant to identify themselves and prevent redemption. Merchants that weren’t approved by Microdesic might therefore be excised from the system by virtue of being unable to redeem their tokens. However, the original point remains. Unlike a PayPal or credit card system, which authorizes each and every transaction, Microdesic has no ability to approve or disapprove of a particular transaction at the point of the transaction.