Digital Cash and the Future of Money

by J. Orlin Grabbe

Money is what people use to avoid barter--which is the direct trading of one good or service for another, such as oranges for wheelbarrows, or sex for mowing the lawn. Money in the form of physical cash implies a type of security based on physical presence. If we are face-to-face, I am able to inspect your goods for quality, and you are able to do the same with my cash. Cash transactions also have a temporal simultaneity: if for some reason I don't give you the cash now, you don't hand over the goods.

Money in the form of cash suffers from some drawbacks. One is bulk. Cash takes up a lot of space. A million dollars in hundred dollar bills fills a large briefcase. Another is high transactions costs. It is costly to transport physical cash, and time consuming to count it. More significantly, physical cash can't be transferred over a computer or electronic network. (When cash is "wired", the physical cash is stored at one location; and different physical cash is given out at another location.)

Digital cash (or electronic cash)--which we shall define presently--arises in an age of remote or anonymous exchange made possible by telecommunication. If I send electronic cash to a location you designate (not necessarily where you are), you send goods to another location I designate (not necessarily where I am), and we both trust the procedure (or protocol) that we go through in effecting this transaction. But however dispersed in space, digital cash transactions--like monetary transactions in general--rely on security, trust, and reliability.

Spatial separation is a characteristic of electronic commerce. Electronic commerce refers to anything involving financial transactions made by exchanging electronic data over telecommunication lines. The monetary basis of electronic commerce can be thought of as an electronic check, which we can define by analogy to an ordinary check. An ordinary check is a piece of paper with a handwritten signature that is cleared through a third party (bank). In the same way, an electronic check is a computer message with a digital signature that is cleared through a third party. Just as an ordinary check can be sent through the U.S. postal system to another person in payment of a bill, so can an electronic check be sent over a computer network--such as Internet email or the World Wide Web. Just as a physical signature can be verified against a handwritten prototype, so can a digital signature be verified by a mathematical relationship. And just as an ordinary check (or a traveler's check) represents the liability of a bank or company, so does an electronic check represent the liability of a bank or company. As we shall see, what is often called "digital cash" is more properly viewed as an electronic check.

One current focus of attention in financial technology is the commercialization of the Internet. The Internet is an anarchic, global collection of interconnected computers, linked by the communication protocols TCP (Transmission Control Protocol) and IP (Internet Protocol). Eager vendors envision the Internet becoming a colossal supermarket, the ultimate in home-shopping--provided that payments can be made without fear of data thieves. Whatever the merit of the former idea, the validity of the latter concern is illustrated by the Internet access provider Netcom, which kept a large file containing the credit card numbers of all its customers. The file was insecurely stored, and subsequently copied illegally and circulated among a subculture not overly concerned with fraudulent uses of information or sensitive to invasions of personal privacy.

Many of the schemes that the popular press refers to as "digital cash" often amount to little more than new commercial transaction mechanisms which provide for the secure transmission of credit card numbers over the Internet. Attention may be focused on encrypted communication channels or secure messaging protocols like SSL or S-HTTP, or secure payment protocols like SET (a creation of Visa and MasterCard). These, however, are not the principal story. Credit card transactions over the Internet are not much of a financial innovation (although the protocols by which they are effected may be), and don't raise very many new economic or legal issues. And most examples of electronic banking do not involve a different form of money, but instead simply represent a different way to access traditional banking services.

Aside from sloppiness in popular terminology, however, new to the world of electronic banking products are digital signature systems that allow the creation of a new form of electronic money, which we will call digital cash. Some of these signature systems provide an additional form of personal security in the form of anonymity or privacy, and will be called anonymous digital cash.

What is anonymous digital cash? First, recall that money or cash is an asset that possesses value primarily because of the goods and services for which it can be exchanged. The exchange ratio between cash and a good or service is called the price of the good or service. This fact shows that the unit of account function of money (the price of a pig is "X") cannot be separated from its role as a medium of exchange (X units of money exchange for one pig or two lambs). Money also serves as a store of value: ownership of a pig can be replaced by ownership of money. The only difference between the two has to do with smell, maintenance, and price appreciation. The store-of-value function of money gives rise to the digital-cash-related name "stored-value cards", although, as we shall see, stored-value cards are designed for transactions, and not primarily for storing value.

Digital cash (or, equivalently, electronic cash) as used here refers to electronic records or messages which serve as money; which cannot be easily counterfeited; which can be verified as authentic by the institution granting the digital cash; and which can be securely transferred to others. Essentially, digital cash is a payment message bearing a digital signature which functions as a medium of exchange or store of value. In order that digital cash have value, it is sufficient that digital cash be exchangeable for ordinary cash, or that digital cash be exchangeable for some good or service which is priced in terms of ordinary or digital cash. But "digital cash" is not cash in the sense that it is legal tender-- namely, money issued by the State and designated as lawful for the payment of taxes and other debts. Neither is digital cash specie (a stamped piece of metal). Rather, digital cash is an idea recorded in the mind of a computer. Moreover, like a typical check--but unlike normally encountered cash--digital cash represents an obligation of a private company rather than the central bank or treasury.

Anonymous digital cash can be defined as digital cash that--for the purpose of allowing personal financial privacy--is untraceable, and transactions made with it are unlinkable. Briefly, "untraceable" means a digital cash withdrawal cannot be associated with its subsequent deposit, while "unlinkable" means that it is impossible to associate two different digital cash transactions made by the same person with each other.

Digital cash is a type of electronic message--a characteristic it shares with wire transfers and credit card payments. Such messages leave electronic trails as they pass through the banking system. They thus lack the privacy often associated with the use of ordinary cash and necessarily associated with anonymous digital cash. Thus we can conceive of two parallel monetary systems: one anonymous and the other non- anonymous. Recent monetary legislation in the US and other Western nations, as covered in The End of Ordinary Money aims at the destruction of anonymity or privacy. Under current US law, "anonymity" in financial transactions over a certain size has become virtually synonymous with "money-laundering", and hence illegal, even though anonymity itself bears no necessary relationship to any otherwise illegal activity.

It is the potential aspect of anonymity that gives digital cash its significance, and not the fact that it is electronic. For almost all monetary transactions are already electronic, as has been the case for years. Most monetary transactions take place through electronic wholesale payment and clearing mechanisms like CHIPS and Fedwire. According to the National Automated Clearing House Association, in the U.S. in 1995, $533 trillion was transferred by wire, as compared to $73 trillion in check transactions, and $2.2 trillion in cash transactions.

Some people naively equate anonymous digital cash with a secure messaging system. They anticipate sending PGP-encrypted messages to an off-shore location, instructing, say, the First Stealth Bank of the Cayman Islands to transfer funds from their bank account to someone else's. But that is not what is meant here by anonymity. If the bank knows what is going on in your account, then potentially so can anyone else: the records can be seized, or surreptitiously accessed by computer, or a bank employee can be bribed to make them available. (In this respect, it is useful to note that the system of Swiss numbered accounts was created to protect bank customers from bank employees. Bank employees, observing what occurred in a customer's account, could possibly subject the customer to blackmail.) Anonymity requires first and foremost protection from the prying eyes of the bank.

Digital cash, including anonymous digital cash, is made possible by advances in cryptography, especially public-key cryptography, as discussed in Concepts in Digital Cash. The creation of secure transaction mechanisms and digital cash systems requires the use of public-key cryptography, cryptological protocols, and digital signatures. These applications allow the creation of electronic cash systems that are convenient to use, and also enable such systems to simultaneously offer privacy to individuals and complete transactional security to merchants and banks. In particular, one can create a system in which bank security is not compromised even if all customers and merchants together collude to rip off the bank, yet also one where the privacy of customers will not be violated even if there is collusion between all merchants and the bank. (But the customer's privacy will be lost if the customer attempts to counterfeit money, which in the context of digital cash is usually called "double spending".)

Some of the common nominal (terminological) confusion in matters relating to digital cash stems from the fact that digital cash systems may be designed for execution using smart cards or electronic wallets, on one hand (which tends to suggest credit-card- like transactions to many people); or, on the other hand, they may be software-only systems designed for electronic transfers over the Internet (which tends to blur the distinction between digital cash and electronic banking in general). The chief difference is that typical credit card and electronic banking transactions raise general security issues, but do not represent an alternative to central bank-issued tokens (such as Federal Reserve notes) or government-guaranteed instruments (such as FDIC-insured deposits) in quite the same way as does digital cash. Moreover, unlike anonymous digital cash, the former also lack privacy.

Anonymity and the Leviathan State

Anonymity raises many issues. If my payments are anonymous, how can I prove I made them? If my money is truly private, what keeps the bank from stealing from me? If a government doesn't know who pays whom, how can it collect an income tax? If the ownership of financial assets is indeterminate, what happens to taxes on financial assets?

Anonymity is controversial because it threatens the Leviathan State. The powers of modern nation-states--ranging from the ability to make war, to the suppression of political dissent, to the distribution of subsidized benefits to favored voters--all hinge on the collection of taxes and similar revenues. Taxes are commonly based on identifiable location. But consider this: "If I dial in from Aspen to a computer in Pittsburgh, whose client software buys information from a library in Michigan, through a payment server in Delaware, where did the transaction occur?" [1] One court decision, Quill Corp. v. North Dakota, says states can impose taxes on out-of-state vendors only if they have "a physical presence" in the state. Is physical presence a simple matter of personnel or hardware? What about a virtual presence?

Now for "state" (a subdivision of the U.S.) substitute "country", and then complicate the picture with the addition of anonymity. If it becomes possible to make anonymous transactions in unidentifiable international locations, will taxes become voluntary? And will governments that depend on taxes thus become obsolete? The development of electronic payment systems is driven by transactions costs, including the costs of government intrusion and regulation. Due to recent advances in cryptology, there should be only a modest increase in the cost of implementing systems that provide for privacy and anonymity in addition to convenience. Hence there might be a competitive advantage to anonymous systems, and they might naturally supersede non-anonymous systems.

In fact, we can divide digital cash systems into two types: privacy-invading systems and privacy-protecting systems. Both system types are based on digital signatures. Privacy-invading systems involve a signature of an issuing bank or other party on electronic cash, and the signed piece of cash is then treated like a registered security: the bank is able to observe the entire transaction history from withdrawal to deposit, to next withdrawal to next deposit, etc. Privacy-protecting systems are also based on digital signatures (the digital cash system of Stefan Brands is based on Schnorr signatures [2]), but the different is in the nature and the application of the signature scheme. It is possible for the bank to sign a legitimate piece of digital cash, without the bank knowing exactly what it is signing. The piece of cash cannot be traced upon its subsequent deposit. Yet, at the same time, the bank is protected against counterfeiting. If the same piece of digital cash is spent more than once, the privacy protection is automatically stripped.

But then, one might ask, why are digital cash systems that make little effort to preserve privacy becoming so prevalently abundant? The answer appears to be related to government promotion of (and, in the case of cryptology, imposition of) obsolete technology. The Leviathan State has never believed in very much individual freedom or privacy, and has made serious efforts to limit their scope. Hence intrusive government can be viewed as a type of transaction cost which requires technological progress for its elimination.

Conversely, consider the threat to personal security posed by the potential creation of general digital cash systems which are not anonymous. The convenience of such systems, combined with the traceability of transactions, could easily expand the surveillance power of Big Brother government. The U.S. Internal Revenue Service for example, has made such data collection an avowed goal:

In an effort to catch more tax cheats, the Internal Revenue Service plans to vastly expand the secret computer database of information it keeps on virtually all Americans. . . . "Ultimately, the IRS may obtain enough information to prepare most tax returns," said Coleta Brueck, the agency's top document processing official. "If I know what you've made during the year", she said, "if I know what your withholding is, if I know what your spending pattern is, I should be able to generate for you a tax return..." [3]

An increased collection of electronic transaction information, along with perhaps increased strictures on the use of physical cash, could make the IRS or other tax authorities a hidden partner in all economic transactions. This may sound laughable at first, considering the recently revealed failure of the Internal Revenue Services' $8 billion computer modernization project. But there is no doubt where IRS intentions lie.

Moreover, non-anonymous electronic money is often not "fungible". Smart cards can be issued to welfare recipients to control their behavior and to track their purchases. The cash could be spent at store X, but not at store Y. It could be used to purchase item A, but not item B. Before you cheer this use of technology, consider that it can be used against anyone else also. Routine transactions at certain shops--whether gun shops, head shops, or unapproved book stores--could receive special scrutiny. Highway tolls could be collected electronically, and the passage of vehicle owners through selected traffic junctures monitored. In short, the monetary system itself, in the hands of information collectors and collators like the IRS, FinCEN, and similar government agencies, creates a type of "national identity card" and "national diary" for each individual who participates in it.

Through its various "Clipper Chip" proposals, the government has already attempted to become a third party to all private communications. (The Clipper Chip, ostensibly abandoned in March 1997, was to have been a government-accessible monitoring device installed in every telephone, fax, and cable TV set-top converter. The Chip would have provided government a "back door" that bypassed the ordinary cryptographical security of the communication channel.) But there is no real distinction between an electronic communication and an electronic transaction. If the government can read your communications it can also control your money. Conversely, if the government can enforce particular protocols for electronic money, then it acquires de facto control of all uses of cryptology. It acquires the power to equate the use of non- approved encryption technology with money laundering and tax evasion. After all, that encrypted piece of email might just have a digital coin attached to it.

Does anyone really care? Is there a market for privacy? The Chairman of the Federal Reserve thinks there is:

Since privacy is such an evidence value in our society, where technology threatens that value, entrepreneurs can be counted on to seek means to defend it. The major resources they have devoted to encryption in the development of new communication systems attest to the economic value they place on privacy in communications. Moreover the pressures to enact legal prohibitions on the dissemination of personal records will also create incentives to produce technologies that protect them. Indeed, the most effective means to counter technology's erosion of privacy is technology itself. [4]

Clifford Neuman and Gennady Medvinsky, the authors of NetCash, express the consensus of many digital cash developers and potential users:

Concern for privacy dictates that it should be possible to protect the identities of the parties to a transaction. This is important to prevent the accumulation of information about the habits of individuals, e.g., the documents they read, or the items they purchase. It is also important to protect parties that receive payment in certain situations, such as rewards . . . . it should not be possible to monitor an individual's spending patterns, nor determine one's source of income. [5]

Contrast those statements with the contrary trend of "data mining" in the banking industry. The following statements by an executive of Security First Technologies illustrates why many experience growing concern for the future of privacy:

Banks have traditionally gathered large amounts of information about their customers. But it is often stored in separate databases in different departments. For example, mortgage applications would be in one database, checking transactions in another. Only recently have banks begun to undertake "data mining," the process of integrating these databases to provide a total financial picture. . . . To remain competitive in an Internet Age banks must make better use of data mining by greatly expanding the amount of detailed customer information available to the data analysis software tools. Such information should include loans, brokerage, insurance, and credit cards. [6]

This is fine, if you want or require your banking data to be mined. But not everyone does. Some would prefer a little anonymity. The basic reality is that the use of computers to make transactions makes record keeping easier. Privacy is therefore not something that will take care of itself. For those who value privacy, some thought applied to the process of preserving it is necessary.

Digital Cash and the Future of Banking

Back in the mid-1980s there was little reason to contemplate electronic banking as a consumer activity. The best computer was an IBM PC/XT operating at 4 megahertz, with 640 kilobytes of memory and a 20-megabyte hard drive. The latest modem was a Hayes 1200-baud model for $300, and there were less than a half million modems in use. It was a dubious environment just for dial-up home banking, much less for Internet banking. Commercial Internet service providers didn't exist.

Today more than 20 million households are connected to the Internet, and typical home computers operate on a 100 megahertz Pentium chip, and have 16 megabytes of random access memory and a gigabyte of hard drive storage space. Modems that operate at 28.8 baud are the norm. All this has made possible consumer-level electronic banking, and--with it--practical digital cash systems.

It is folly to attempt an in-depth economic analysis of digital cash in its primitive stages. The market, as it evolves, will draw on the collective intelligence of its users, and will likely develop in unforeseen directions, as well as eschew many of the apparently "obvious" ones.

But it is clear that to its various developers digital cash is intended as a substitute for cash, not for ordinary bank deposits. This is seen in the choice of names: DigiCash, CyberCash, etc. As we discussed previously, digital cash has more the character of an electronic check than of cash, because--unlike ordinary cash--it requires the intervention of a third party to either debit or credit accounts in any series of transactions. But the same is also true of debit cards and credit cards, and yet these latter clearly substitute for cash: one typically carries such cards to avoid the inconvenience of carrying large sums of money. Which means that if digital cash is a substitute for ordinary cash (coins and Federal Reserve notes), it is also competing with existing credit and debit cards. So, then, who needs digital cash?

The first economic advantage of digital cash is that it makes possible anonymity and privacy--something not available through existing credit and debit card systems, or existing checking accounts. That is, digital cash represents an attempt to partially restore the anonymity features of ordinary cash in an electronic environment.

The second motivating factor for digital cash is the growth of the Internet. The Internet has vastly changed the banking marketplace. Through the Internet it is possible to inexpensively access a banking computer located anywhere in the world. Thus, if one doesn't like the banking and regulatory environment in one's neighborhood, one can engage in regulatory arbitrage by banking in another part of the world. I introduced the term "regulatory arbitrage" in the 2nd edition of International Financial Markets in 1991 in connection with the eurocurrency markets, but similar comments apply to Internet banking [7]:

The eurocurrency markets represent a type of regulatory arbitrage. Eurobanking is a managed financial package that combines the currency of one country (one regulatory environment) with the banking regulations and competitive efficiencies of another country. This repackaging was made possible by improvements in worldwide communication links and information technology. If the regulatory burden becomes too high in one area of the world, the bundle of eurobanking services can be reassembled in another. Hence, national regulators must compete to maintain their respective shares of the eurocurrency business. Competition with respect to lending quotas, reserve requirements, capital requirements, deposit insurance, the taxing and reporting of interest payments, and the taxing of profits, dividends, and capital gains, all measured against any perceived positive benefits of local regulation, governs the geographical distribution of eurocurrency market shares.

What the eurocurrency markets did for wholesale banking, Internet digital cash could do for retail banking. Cost factors alone may drive banks to the Internet. A survey of European and American banks by Booze, Allen & Hamilton found that the cost of the average payment transaction on the Internet was 13 cents or less, compared with 26 cents for a personal computer banking service using the bank's own software, 54 cents for a telephone banking service, and $1.08 per transaction for a bank branch.[8] Hence the Internet would appear to represent a low-cost direction for expansion. It might have a competitive cost advantage for all transactions, while having an exclusive on certain low- valued transactions (which would otherwise be ruled out entirely if the cost of providing those transactions was too large a percentage of the transaction itself).

There are essentially three approaches to Internet banking software. The fat client model relies on the customer having dedicated banking software on his PC, like Intuit's Quicken software. Data and business logic is stored on the customer's PC. But this type of model has little flexibility, and is not easily integrated with other Internet applications. The thin-client-stateless model only expects the customer to have generic software, such as a web browser, and the interface relies on a generic language (such as the World Wide Web's HTML). This is sufficient for supplying acount information or transferring funds, but it doesn't allow the customer to add much value by processing the data in any way. It doesn't allow the customer to do her own data mining. The thin-client-stateful model combines a generic interface like a web browser with PC resident software. Think of, for example, a plug-in to Netscape Navigator. This allows the customer to set up her own security parameters, categories, budgets, and whatnot. The thin-client-stateful model represents the probable future direction of Internet banking.

Digital cash systems, including anonymous ones, can operate with any of these models. Digital cash could, for example, be transferred as a simple attachment to an email message. Stefan Brands' digital cash scheme would allow such a transfer using only 150 bytes or so in an email attachment.[9]

In this context, then, digital cash is a message, a form of speech, a type of language. If a government can restrict free speech, it can restrict digital cash. If a government can restrict digital cash--anonymous or not--it can restrict free speech. If a government has the right to inspect your bank account, it has a right to read your email. If a government has a right to monitor your email, and to break the encryption a la the Clipper Chip, it has a right to inspect your bank account.

Because of digital cash, there is no longer a difference between money and speech. That, then, is the future of money.

Will the government tell you to shut up?


[1] Marvin Sirbu quoted in David Bollier, The Future of Electronic Commerce, The Aspen Insitute, Washington, D.C., 1996.

[2] Stefan Brands, "An Efficient Off-line Electronic Cash System Based on the Representation Problem", Centrum voor Wiskunde en Informatica (CWI), CS-R9323, Amsterdam, 1993.

[3] Chicago Tribune, January 20, 1995.

[4] Alan Greespan, "Remarks at the Conference on Privacy in the Information Age," Salt Lake City, March 7, 1997.

[5] Michael C. McChesney, "Banking in cyberspace: an investment in itself," IEEE Spectrum, February 1997.

[6] Gennady Medvinsky and B. Clifford Neuman, "NetCash: A Design for Practical Electronic Currency on the Internet," Proceedings of the First ACM Conference on Computer and Communications Security," November 1993.

[7] A couple of years later cypherpunk founder Eric Hughes found my book in the business school library of the University of California, Berkeley, and introduced the term to the cypherpunk community, where it gained widespread currency.

[8] Claus Nehmzow, "The Internet Will Shake Banking's Medieval Foundations," Journal of Internet Banking and Commerce, February 1997.

[9] Stefan Brands, "Electronic Cash on the Internet", Proceedings of the Internet Society 1995 Symposium on Network and Distributed System Security, San Diego, February 1995.