The Uses and Limits of Financial Cryptography: A Law Professor's Perspective

Abstract

There is considerable support in the cryptography community for the Cypherpunk Credo, defined as: Privacy through technology, not legislation. Much discussion to date has assumed that the U.S. government's opposition to strong cryptography, such as its key escrow proposals, is the primary obstacle to widespread use of cryptography to assure privacy and allow anonymous electronic cash. For purposes of this paper, I assume that strong cryptography is legal and readily available. Even in that event, I claim that strong cryptography will be used to preserve anonymity only in a highly restricted subset of financial transactions. First, I show why anonymous lending will not succeed. Second, I discuss acute difficulties in key management that give individuals and corporations strong incentives to share their keys voluntarily with other parties. Third, I explore problems of market acceptance that would further limit use of technological solutions to assure privacy. In light of these limits on anonymity, even in a world of strong cryptography, we perceive more clearly the limits of a purely technological approach to the protection of privacy. In our present world, where the legal acceptability of strong cryptography is far from assured, the limits of a technological approach are even more significant. Where privacy cannot be assured through technology, we see more clearly the role of legal rules for protecting privacy.