Cash has done its dash

When you consider all these benefits of a cashless society it is obvious that very soon cash will be a thing of the past. 

Recently a significant milestone was achieved in the field of computer operating systems: the OKL4 operating system kernel. The most significant point to understand about the OKL4 kernel for this article is that it guarantees by way of solid mathematical proofs that programs can run on it in isolation and safe from interference from any other programs including viruses – this is something that no other publicly available operating system provably guarantees!

So what has this talk about operating systems got to do with CASH – the subject of the title of the article?

Well this technology in combination with the following facts leads to some very exciting possibilities:

1. Firstly, due OKL4’s speed, reliability and security it is predicted that the OKL4 kernel will become extremely popular among mobile phone manufacturers. It has already been deployed on hundreds of millions of phones.
2. Also, due to OKL4’s security guarantees and architecture we can design software that runs with complete security on these phones.
3. Thirdly, almost every Australian who is old enough to enter into a legally binding contract owns a mobile phone and we upgrade them to newer models every few years.
4. Lastly, all but the most basic modern mobiles can communicate directly with each other and other computers when in close proximity through wireless protocols such as Bluetooth.

Taken together this facts mean that nearly all of us will soon own and carry a device that fulfils the necessary requirements for a cashless economy!

Up until now, we have not been able to transition to a cashless economy due to the fact that we don’t exchange money only with businesses which have EFTPOS facilities, we also exchange money with people without EFTPOS. To implement a true cashless society we need to be able to electronically transfer money to anyone we meet, anywhere, anytime. Our current EFTPOS and credit cards simply cannot do this.
However, a cashless society where money is safely stored and exchanged on mobile phones overcomes this setback. With current technology we can implement a secure cashless system where we can withdraw money from a bank and transfer it to a phone for storage, then transfer this money -or a smaller amount- at a later stage to another phone, and then later on transfer this money -and any other received money- from the receiver phone back to a bank account. Transferring the money from a bank to the phone can be achieved by the either the phone communicating with the bank’s computers by using the phone networks or by standing near an improved ATM and using the Bluetooth protocol to communicate with the bank’s computers via the ATM. It would also be possible to transfer money from a bank by way a internet connected personal computer to a phone using Bluetooth- though this should be discouraged because current desktop operating systems provide scant security. Similarly, transferring money from one phone to another can occur either at a distance by using the phone networks or locally using Bluetooth.

Below, I’ve listed some of the advantages of a cashless society based on a simple mobile phone model. The model used is basically the same as the above description with the a few added requirements.

Firstly, when a phone engages in a transaction it records more than just the amount of the transaction: it also records the time and optionally the itemised details of any item(s) bought/sold as like for a regular receipt (and if GPS is available on the phone the location as well).

The other piece of data that each phone records is the ID of the other phone involved in the transaction. The payer can directly view the ID of the money-receiver’s phone. While on the other hand, the money-receiver cannot view the ID of the of the payer: it is kept internally secret on the receiver’s phone until it is uploaded to their bank’s computer. Whenever a phone connects to a bank’s computer all the details of any new transactions are updated to the bank’s computers: however, the bank can only view the total payments and receipts of all transactions and not the individual transaction data. The individual data is only accessible by the government. Limiting the access to data like this encapsulates and extends the commonly accepted standards of privacy in society: eg: the buyer has a right to know who they dealing with while the seller doesn’t haven’t the right to know the buyer, the banks know the total amounts deposited and withdraw but nothing else and the government has the potential access to everything though, of course, governmental access would require checks and balances such as the executive branch requiring judicial branch approval before it can access an individual’s transactions details.

Two other requirements are that a phone cannot use money which it has received from another phone to make a new payment- it can only pay for something with money transferred to the phone directly from its bank. As well there is a maximum amount that can be received (say $1000) after which it is necessary to deposit the money received before any money from new transactions can be received. These two restrictions force any money received to be regularly deposited into the bank.

The last requirement is that the access to the money on a phone is configurable and controlled by passwords.

Finally, the model assumes that the banks pay for the cost of developing the software and necessary hardware infrastructure.  Hopefully, the banks would all cooperate and share costs to produce a shared base software platform that covers the mandated features required.  The user pays for the phone but since most people will soon have a mobile with the necessary hardware and software requirements they don’t need to buy a new one, they just need to install the software which their bank provides. It should be pointed out that the devices used don’t have to be a necessarily phones- for instance, a business might use a Bluetooth enabled point-of-sale terminal to receive payment from a customer’s phone.

Most benefits listed below apply to any cashless society, regardless of the model:

Government benefits: 

• cost savings: eliminates the cost associated with producing paper currency and coin. Cost of the new system is mostly transferred to the banks and users. All the government has to do is produce legislation specifying the standards and mechanisms for the software and hardware. 
• taxation: reduces the black economy and ways of tax avoidance. Admittedly, the sudden introduction of a mandatory cashless scheme would most likely have an initial detrimental effect on the economy due to the fact that it eliminates much of the tax-avoidance that is presently so common. Worryingly, upon introduction many people would be faced with the problem of having to pay their full tax obligations -this would be severe enough to drive many of today’s business to the wall- however this problem would soon resolve itself and not be an on going issue.
• taxation: it offers our democratic society the choice of new models and mechanisms of taxation which at the moment are hard or impossible to implement with our cash based society
• law enforcement: it provides a paper trail and restricts the black economy. Helps police know who and how much was involved in a transaction- GPS also gives the where. It especially chokes the black economy at the street level, for example: drug trafficking. A cashless society assists when confiscating/freezing assets and transactions of criminals.
• security: electronic money is more secure than currency and is next to impossible to counterfeit
• information: since all transactions can now be tracked it offers gains by providing timely, highly accurate, fine grained statistics of economic activity, this is valuable to the government because:
  • the government can respond quicker and more precisely to economic fluctuations
  • the statistics can be sold to businesses

General Business Benefits:

• less cost: eliminates the costs of handling money- eg: security guards when moving money, counting the take at the end of the day, etc.
• less cost: point-of-sale interaction time between buyer and seller decreases since buyer/seller don’t have to count/recount money. This is very important for high volume retailers such as supermarkets.
• less cost: reduces bookkeeping costs. Since the itemised receipts are electronic if we introduce standards for classifying the type of goods bought/sold, this classification system when coordinated with other accounting software practically eliminates account clerks by replacing them with automatic systems
• less errors: eliminates money counting errors and transaction data entry errors
• reduces risk and creates a safer work environment, since reduces theft and violence committed during the theft.
• facilitates the implementation of security policies: For example, it is possible to configure the phone so that it requires two different passwords to transfer large sums of money, this would be very useful in partnerships.

Bank Benefits: (even though the banks carry the cost of maintaining the infrastructure it is expected that they will profit from a cashless economy)

• have the same benefits as for any general business mentioned above: eg reduce costs associated with transporting/handling money- eg: don’t need armoured guards to refill ATMs
• less industry specific costs: eg: can reduce the number of tellers, eliminate costs involved in removing used/damaged currency from circulation.
• increased revenue: increases the number of transactions and therefore increases income derived from transaction fees. Indeed, this new stream of income would be very attractive to the bank, so much so that the government may have to legislate to control fees associated with transferring money to and from the phone.
• increased revenue: a cashless society results in more money held in the bank accounts so consequently they can now lend more. All the stashes of money currently stored in drawers and cupboards, hidden under beds, buried in the ground, etc. will be transferred to and stored in bank accounts if cash is declared to be no longer legal-tender.

Benefits for Individuals:

• safer: accessing money stored on the phone is dependent on knowing passwords. The user may optionally have passwords of varying strength for different configurable amount ranges: eg: the user may chose to have no password for small amounts say x<$50, 4 digit pin for $50<x<$500, 8 digit pin for $500<x
• safer: If someone steals the phone to make payments there is a paper trail, so they are less likely to steal it in the first place when compared to stealing a wallet/purse
• can implement policy since you can put limits on the phone: eg, you may configure the phone so that it has a maximum limit that can be spent on anyone day. This is handy for instance to limit your child’s spending while away on school camp. It can also be used for restricting with which other devices the of the phone can transact with, for instance a parent can limit their child’s phone to be only transact with the school tuck-shop during school hours.
• more convenient: effectively whenever the phone has signal you can do banking over the phone system, you don’t need to go to the bank to transfer money between the phone and the bank. It should also be pointed out that you can have more than one account on the same phone. For example you can store your own personal money and also your business’s petty cash separately but on the same phone. This can be very convenient.
• increase likelihood of recovery of the money if lost or stolen: if you lose your mobile phone and it is in mobile coverage range you can phone it from another phone, type in a special secret long pin number which commands the phone to transfer all the money stored on it back to the bank and prevent further use of the phone and also if your phone has GPS, it SMSes the phone you are using with its current location.
• the buyer/sender of money can determine by way of the receiver’s phone ID who they dealt with if the need arises: eg- returning defective goods bought, reclaiming money lost due to fraud.
• assists in budgeting and personal financial control since the phone automatically records when, where and what you spend money on and also has the ability to limit transactions.

Benefits to the Community (these points have been made previously but also apply to the community as a whole):

• increase general community safety since is more secure and reduces the crime and violence associated with cash theft
• reduces the black economy which has the flow-on effect of reducing crime and violence (eg: makes anonymous drug trafficking difficult at the street level, so should lead to a decrease in drug supply)
• allows society to implement social policies that it is currently impossible to do: eg- if society chooses, it could limit the phones of addicted gamblers so that they are limited with respect to the size and frequency of transactions that can be made with casinos/gambling outlets.

Clearly, when you consider all these benefits of a cashless society it is obvious that very soon cash will be a thing of the past.  Cash has done it dash!

0 Comments

1. 

   quagga

   July 2, 2009 at 3:06 am

   Just some move info about OKL4 for those wondering

   If your curious the claims in the article’s first paragraph about the OKL4 kernel and are asking “What makes you so sure that it is secure and reliable” or “Why is this kernel the first and currently only truly secure OS kernel, aren’t there others already secure?”.
   The answer to these questions is that OKL4 kernel is a object-capability micro-kernel that has been developed according to the open-proof paradigm- it is the only commercially deployed kernel available for current commodity hardware which is publicly formally verified, ie: it is proven mathematically to be secure and reliable and the verification is publicly available. (Below are some explanations of these terms).
   So where OKL4 kernel is made and its what’s it origins? -Well, it is engineered right here in Australia! It surprises many people that the world’s most secure operating system kernel is made right here. It is a descendant member of the L4 microkernel family and has been influenced by the EROS/Coyotos projects’ work on secure microkernels.
   Lastly, if you’re wondering if it is possible to use the OKL4 kernel as the base of a secure desktop operating system- yes it is possible! For example, there is the open-source (but not open-proof) Genode project which can target the OKL4 kernel- Genode is designed to be an object-capability based framework for creating secure operating systems. By using Genode and OKL4 we could easily -relative to other systems- program a secure Desktop Environment but as far as I know no-one has of started such a project yet. You can run Linux and its desktop environments on top of OKL4- but it will obviously only be as secure as Linux, which is nowhere near as secure or reliable as OKL4 itself.

   * The following are explanations of the computer terms found above: (Note- these are not as precise as the true definitions that you would find in text books, they are layman’s definitions):

   Kernel-The kernel of an operating system lies at the near the very lowest foundational layer of the software on your computer. It is the crucial part of an operating system that provides basic the security and resource sharing mechanisms of the operating system.

   Object capabilities– are a theoretical mathematical abstraction that can be used to reason about the security properties of a computer. A capability is a bit like a key to a lock in real life-but there is one extremely important difference: you can only give a copy of a capability to someone you already know and you can only met new people if you are formally introduced by a mutual third person- this is unlike a real-life key where you can copy it and give it to complete random strangers who you meet on the street and not just people you know. Building an operating system with a pure capability based architecture allows us to mathematically prove statements regarding what a program running on the system can do. Within a system which correctly reifies the capability model it is possible for instance that state with 100% certainty that certain events can never happen, eg: in some such systems we can prove that it is impossible for a virus to effect the computer unless the user deliberately commands it to. Even if the user commands it to run it is still possible to prevent the virus from doing any damage unless the user deliberately permits the virus to do the damage AND the user has the authority to do the damage. Furthermore, even if the user commands the virus to perform damage it can only do that damage which is permitted it cannot also perform other malicious acts.

   Formal Verification– is the process of creating a theoretical mathematical specification of how a computer program should behave and then proving mathematically that a given piece of software does actually implements the specified behaviour correctly without any error at all. In addition you can also verify the specification: this means to you state properties that the specification claims to maintain and then mathematically prove that this is indeed the case. In the realm of multi-level high security operating systems, the properties that are necessary to maintain security are well understood, such as for example the “star property”- the OKL4 kernel specification provably maintains these properties. The verification proofs can either be preformed by human with pencil and paper or by a computer. Since humans can make a mistakes, verification by computer of both the specification and the source-code is the highest standard of software quality that you can ever achieve. Traditionally it has been extremely difficult to verify any but the simplest of programs, however advances in computer theory regarding verification, programming languages and other tools has lead to the stage where it is becoming possible to verify larger projects- although it is still requires very advanced skills and is not often done. The verification of the OKL4 kernel is a truly awesome achievement and is state of the art.
   As an overall example: imagine that parliament wants to implement an fully verified electronic vote counter for counting votes on bills- firstly, the civil servants you would create a document that specifies in detail the properties the system should have. Then the programmers would create a specification and prove mathematically that it does indeed maintain those properties (an example such as property is the requirement that each voter can only vote at most once). Then they would take the high level specification and produce source-code to implement the specification in software. Finally, the programmers would prove mathematically by using a theorem proving verification software that the source-code they have written does indeed correctly implement the specification.

   Open-proof– is the software development paradigm where the along with the source code of the program is included a specification, a list of properties that the specification maintains, the verification of the specification‘s properties, and the verification of the source-code. Because all this information has been given, a purchaser wouldn’t have to take the providers word for it that the software is bug-free and correctly implements the specification. The purchaser can just give the verification proof to their own verifying computer along with the source-code and property list and the computer’s theorem proving program would determine whether the proof valid or not. Note: If the verification is beyond the purchaser’s or their resources to do, they could outsource the verification task to a trusted independent third party- it is envisioned that once the open-proof paradigm becomes popular that an industry will arise that provides these services. The end result means that you are 100% certain that the software implements the specification and that the specification does provide the properties that it claims to- ie: the resulting software’s implementation of the specification is flawless and bug free.
   • 

     gernot

     July 2, 2009 at 9:48 am

     On OKL4 and seL4

     Thanks for the plug.

     However, I feel I should clarify this a bit. There are in fact two different microkernels: OKL4 and seL4.

     OKL4 is the commercial system, distributed by Open Kernel Labs, that is deployed literally in the 100s of millions. However, it is traditionally engineered (although to very high standards). And yes, it's fast, it's a descendant of L4 microkernels, and done in Oz (originally by NICTA by the team which then spun out to create OK Labs). It does use capability-based access control.

     What is being formally verified is a completely different kernel: seL4, also done in Oz, also at NICTA. Most of what you describe, in particular the sophisticated object-capability model with provable security, and the formal proof of the implementation, applies to seL4. Btw, the proof isn't quite finished yet, it's still a few weeks off. Expect some PR when it happens…

     Having said that, I'd like to add that I agree with a lot of what you're saying: formal verificatoin of the kernel is a game changer, and for the first time will enable true trustworthiness in computer systems. And that will be an enabler for a lot of things. And while OKL4 isn't seL4, the verification technology developed around seL4 will be used by OK Labs to make true trustworthiness a practical reality. And yes, the large (and strongly growing) footprint of OKL4 is an excellent launch pad.
     • 

       quagga

       July 3, 2009 at 4:55 am

       Thanks for the correct

       Whoops, sorry about that mix up.  Indeed, I thought that OKL4 was the commercial spin-off from seL4 not realising that they were separate but closely related. Thanks for the correction and who better to corrected by than the highest authority on the matter.

       For any readers out there who want to know a bit more about object-capabilities, last year I wrote a article about them here: https://www.openforum.com.au/content/automatic-virus-safe-computing-applying-pola-and-object-capabilities.  That article has links to some more info.  The article itself is a bit outdated: the Coyotos project mentioned has stalled/halted, but seL4 achieves the same general goals that Coyotos regarding security and verification.

       The impact of  computer systems with an object-capability architecture throughout,  from the underlying kernel all the way to the top level of the top user level programs (and internet), will have profound impact on computer security in the coming future.   It will be possible to easily write programs that can securely enforce security and confidentiality  policies. 
       For example: the requirement of Chinese walls in business dealings to prevent conflicts of interest- with a capability architecture we can enforce this on the electronic documents very easily and without much fuss with complete security.  (Of course for this particular example, we can’t stop people from physically talking to each other, but we can at least implement a security policy where it is impossible to share documents electronically between people on different sides of the wall- you could even prevent the documents from being printed and leaked out in paper form).
       Another example comes from the hypothetical mobile-phone money model above.  Where I mention that the banks’  computers store all of society’s transactions but cannot view them while the government can. This is possible implement effortlessly with object-capabilities.  We can even implement policies such that to view the transactions the police or other intelligence agencies must first obtain permission from the courts – this permission can be restricted and very fine gained, eg: access to just one particular transaction or a set of transactions involving a particular individual during a limited time. 
2. 

   StephenWilson

   July 4, 2009 at 12:35 am

   It’s not cash

   OK, so

   "when a phone engages in a transaction it … records the time and optionally the itemised details of any item(s) bought/sold … "

   And

   "the other piece of data that each phone records is the ID of the other phone involved in the transaction".

   Whatever the benefits of this proposal, it is definitely not cash!  The obstacles to a cashless society are many and varied, and none are really technology related.  We've had adequately secure operating systems for ages (think MULTOS). 

   Quagga's privacy construct is unorthodox. He says

   "The individual data is only accessible by the government

   [he will have forever lost almost all privacy advocates at this point] 

   Limiting the access to data like this encapsulates and extends the commonly accepted standards of privacy in society: eg: the buyer has a right to know who they dealing with while the seller doesn’t haven't the right to know the buyer …"

   Commonly accepted privacy standards are actually embodied in legislated privacy principles which have nothing at all to say about buyers and sellers knowing one another's identity.  The model of a "cashless" society being espoused touches much deeper issues than money; it underestimates the societal changes implied, and overestimates the enthusiasm anyone really has to get rid of cash.

   Stephen Wilson is Managing Director of the Lockstep Group.
   Lockstep Consulting provides independent advice and analysis on identity
   management, PKI and smartcards. Lockstep Technologies develops
   unique new smart technologies to address transaction privacy and web fraud.