MONEY

INFORMATION HIGHWAYS AND THE RIGHT TO PRIVACY

Electronic Money and its Industrial Ownership

One of the limitations of information and communications technology is data security. At the same time, modern cryptography and devices for coding information are within the reach of all classes of professionals and private individuals. "Secret writing" and the science of computerised information integrity have now become one of the most revitalised mathematical disciplines, which are indispensable in order to understand the processes taking place in computers particularly dedicated to financial activities.

In order to make things technically even more demanding and difficult, it is no longer sufficient for Western society to be able to guarantee safety of computerised information, but, for increasingly more reasons, it is also necessary to respect the privacy of the persons affected. This means to say that it is not enough for computers to remember what they have to remember, but we must also be able to ask them to forget what we want them to forget, without this necessarily entailing a risk for the financial system as a whole, or for the operations carried out within the system.

Thus, the protection of privacy in the electronic age has been the object of meticulous investigations and projects funded by many nations which consider their safety depends more on their Economy than on their Army.

There are two clearly differentiated models to address the study of Cryptology, this being understood as the science which embraces secret writing, including its documentary form, and also its decoding or cryptoanalysis. Israel and Switzerland, for example, have numerous and brilliant mathematicians and engineers specialised in the theory of computerised information, although for quite different reasons.

Curiously, neither of these two countries, nor the United States, presently leads technological development of electronic money. A small Dutch company known as DigiCash, created under the auspices of the CWI (the Dutch nationally funded Centre for Mathematics and Computer Science in Amsterdam), an institution subsidised by the Dutch Government and made up of top-ranking mathematicians and cryptologists, has developed ingenious procedures which make it computationally possible to create something comparable to a banknote within a message that can perfectly well be transmitted by electronic mail.

Any system used for converting information into money, and money into information, must guarantee confidentiality, integrity and authenticity, as well as the origin of the information stored on computerised supports and transmitted through telecommunications links.

From this perspective, the most advanced payment operations must overcome technical difficulties and legal gaps, which we will now discuss.

Technical and scientific origins of electronic money

The basic element of cryptology for payment operations is the electronic signature. This is intended to guarantee the integrity of the electronic document and certification of the origin and the destination of the information it contains.

Basically, the electronic signature consists of an asymmetric cryptosystem, on a standard public key agreement. James Nechvatal, working for the National Institute of Standards and Technology wrote on 1990 an introduction that still presents a "state of de art" survey of public key cryptography, and form our point of view, its implementations in networks will be the most critical rules for electronic money, all over the World.

The notion of public-key cryptography was introduced by Diffie and Hellman in 1976. Public-key systems differ from conventional systems in that there is no longer a single secret key shared by a pair of users. Rather, each user has his own key material. Furthermore, the key material of each user is divided into two portions: a private component and a public component. The public component generates a public transformation E, and the private component generates a private transformation D. In analogy to the conventional case, E and D might be termed encryption and decryption functions, respectively. However, this is imprecise: in a given system we may have D(E(M) = M, E(D(M) = M, or both.

Rivest, Shamir and Adleman obtained in 1978 what is called RSA, the best-known and most versatile public-key cryptosystem. It supports both secrecy and authentication, and hence can provide complete and self-contained support for public-key distribution and signatures. Patent restrictions and license fees may be a major factor in practice.

Digital Signatures, according to DigiCash description:

In the RSA public-key cryptosystem used for electronic cash, both encryption and decryption, are done by raising the message —here, the note number — to a power that is the appropriate key. These exponentiations are done in a modular arithmetic system: one that saves only the result of division by a fixed number called a modulus. (This modulus needs to be quite large, usually at least 150 digits.

However, the electronic signature based on the algorithm RSA is not sufficient to guarantee secrecy in payment operations, and it has therefore been necessary to add new protocols with which to try to represent electronic money.

Blind Signatures, according to DigiCash

Suppose a user wants the bank's signature on x, but does not want the bank to find out what x is. This can be achieved with a blind signature protocol, as follows:

1. The user chooses a blinding factor r, independently and uniformly at random, and he presents the bank with xr^e (mod pq), where x is the note number to be signed.

2. The bank signs it: (xr^e)^d = rx^d (mod pq).

3. The user divides out the blinding factor: (rx^d)/r = x^d (mod pq).

4. And finally, the user stores x^d, the signed note that he will pay with later. Since r is random, the bank cannot determine x, and thus cannot connect the signing with the subsequent payment.

Legal protection of cryptographic algorithm

The enormous financial capacity of computer multinationals, and their strategic investments in software, have led to a rapid evolution of legislation intended to protect computer programmes, and it is to be envisaged that algorithm, protocols and mathematical formulae will also undergo a major change in their legal status, which will no doubt affect the activity and interests of mathematicians throughout the world.

However, not all countries have the same degree of commitment, nor comparable legal frameworks. The legislative differences in connection with intellectual property and copyright, on the one hand, and industrial law and patents on the other, create international tensions which for some technologies lead to unfair and even absurd situations, and which do not encourage the development of know-how.

As a general principle, a distinction must be made between ideas and their expression, firstly by a technical-legal analysis, and secondly, between what is Science and what is merely Technology. The first is only admitted, and the second is better protected and, within certain limits, its exclusive exploitation is authorised.

Copyright. Intellectual property and Mathematics

Throughout history, all arts and crafts have closely guarded their most treasured secrets. Legend and tradition are full of anecdotes between masters and apprentices, and for any cultivated mind there can be few things as offensive as a public accusation of copying. But the care and esteem of a good name do not suffice to guarantee that the talent and the effort of many years will not be seriously compromised by avarice, even when it is only a matter of honour and the legitimate right to public acclaim deserved by any original creator.

Mathematicians can recall some controversial periods in Science, and some outstanding personalities, which illustrate ardent disputes over the title to discoveries as basic as Infinitesimal Calculus is, without doubt, to the History of Mathematics. A few years ago, another science underwent a major upheaval with regard to the title to a discovery as vital to humanity as the AIDS virus, when one of the main investigators felt he was the victim of a slow and complex process for publication in international scientific magazines.

In Spain, and nowadays in the European Union, mathematicians now have available several procedures through which to reserve themselves the right to claim title to their original ideas.

Firstly, any written document headed by a (C), followed by the year in course and the name of its author automatically reserves all rights associated with Copyright, pursuant to the Bern Agreement of 1886 and its revision in Paris in 1971, and that of Stockholm of 1967. This is a good habit which, unfortunately, is often overlooked.

In order to claim intellectual property rights with the maximum formality, it is necessary to have made application to the Intellectual Property Registry. It is only required to lodge three copies of the document and to pay a small fee, almost a token.

Sections 534 et seq of our former Penal Code, and the Intellectual Property Act (number 22 of 11th November 1987) grant all types of facilities so that the damaged party, if he can prove fraud and monetary interests, obtains not only an indemnity but also conviction to serious penalties of imprisonment of those who violate his rights.

But when only the legitimate prestige entailed by having nurtured and disseminated a new idea is sought, from which no other direct gain is expected, many investigators are opting for large-scale publication in well-known media, such as congresses and conferences organised by institutions with a representative nature, such as Universities and scientific institutions.

Special mention must be given to publication of the latest news postings of discoveries in the Internet computer network, interlinked by protocol TCP/IP at worldwide level.

Software protection

On 23rd December 1993, the Spanish Parliament approved the European Community Directive of 14th May 1991 (91/250/EEC) whereby legal protection was afforded to computer programmes and this can, therefore, lead to imprisonment of those who illegally decompile or copy software.

In actual fact, only large multinationals have managed to enforce their rights, while independent programmers, or small companies, find it difficult to pay for complex legal claims in which, barring the case of sloppy pirate copies marketed blatantly, expert evidence in order to prove partial copying of the code can be extremely difficult.

At the same time, it could be interesting to use protection techniques based on cryptology, restrictions on executing non-licensed copies and, in any event, software should be personalised insofar as possible.

In order both to claim rights at a later date, and to offer permanent guarantees to software users, here it would be advisable to consider the possibility of depositing the source code to programmes with a Notary Public.

Patents and mathematics

Here and now, it is not possible to patent either algorithms or mathematical formulae, regardless of their complexity or usefulness. However, it can be envisaged that this situation will change substantially due to international technological circumstances which especially affect cryptography for payment operations.

As has already been said, American legislation does permit the patenting of algorithms, which is giving rise to a curious industry based on companies whose sole activity is to license algorithms for which they acquire the rights.

One of the most well-known and controversial examples is that of the cryptological algorithm for RSA electronic firms, but there are also interesting commercial disputes regarding algorithms for compression, automatic correction of errors, digital audio-visual treatment, more or less ingenious applications of the games theory or artificial intelligence, and other techniques directly based on algorithms. But as we have said, protection can only be given to programmes, modems, multimedia and cryptosystems made therewith; however, outside the United States there is nothing to prevent literally copying a whole sequence of operations of any of them, and encrypting them as deemed fit depending on the circumstance at any given time.

This anachronic situation could cause an unbalance for many years in mathematical productivity, since there are broad catalogues of algorithms for which the industrial rights are being claimed almost exclusively by Americans, whereas, due to the impossibility of their commercial exploitation, very few Europeans claim this type of rights.

For this reason, it would be most recommendable for Europeans to anticipate this problem, since, as occurred a few years ago in the pharmaceutical industry, structural and economic changes leading to a change in legislation on the matter would have major effects on the professional activity of mathematicians.

Finally, we must not forget that when the inventor of a patent is working for a company or institution, it is the latter which, barring agreement to the contrary, holds the rights to exploitation and the inventor merely has moral rights.