Choosing an Anonymizer

Steve, I fear that your credibility may be reduced among individuals who perceive such a claim as both outrageous and unsupported. The 120,000 employees of Wachovia provide banking services for 15 million households and businesses, who entrust over $800 billion in assets with the firm. I could be wrong, but I do suspect that many readers of this thread will find the assertion that Wachovia provides “no banking secrecy” as ludicrous.

Steve, you have what appears to me to be a rather unique definition of “transparency.” “Transparency” and “privacy” are not antonyms. Stated differently, the opposite of “transparency” is “obfuscation” – not “privacy.” Consider that banks have a very high degree of “transparency” in the processes and procedures utilized in handling and managing assets (i.e., compliance with the Sarbanes-Oxley Act); but, they maintain the privacy of individual account owners quite well.

Why wouldn’t the public release of a report from an independently recognized technology auditor be of value in demonstrating the claims of XeroBank? Please explain.

 

Only among individuals with no comprehension of international banking standards. American banks are extremely substandard, but without being exposed to world-class public banks like UBS, and private banks like Julius Baer, you couldn't know. It's like talking about Velveta to a frenchman. Wachovia is crushed by collateralized debt obligations, hands out account information over the phone, allows any lowly employee to look up all kind of info without any clearances, engages in shifty practices like secretly opening credit accounts in your name, and the US Banking Secrecy Act outlaws any banking secrecy in american banks. There has been a real strong anti-secrecy movement in the US in the last decade. Not to mention, every single US Security is registered with a CUSIP number. A terrible shame.

How do you figure? It's incidental privacy when it has no security. Like the privacy you have by storing your files in a cardboard box. It's private till someone wants to look inside it. Any teller can jump into the account of any account holder. That isn't privacy at all. I could just get a job as a teller and empty someone's account. It's only the illusion of privacy by the mere fact they aren't broadcasting the confidential information over a bull horn.

The opposite of transparency is opacity. But you're arguing semantics, so it doesn't matter. The point is that you have opacity over the data, and transparency over the transaction mechanisms.

I think it might be, but you never know. I worry about tricky things like electronic audits. How do you know the auditor is even being shown the right info? How do you know the "evil" mechanisms weren't taken out before they paid for the audit? And put back when the audit is complete? I'm sure there will be an independent audit after things settle down in the structure, but I personally don't put much store by them. The audit doesn't prove integrity of the design, only the design does, but nothing more.

 

An audit gives you both more legitimacy and gives XB a third party opinion on the design of the cryptosystem.

If XB had the 'evil' mechanism taken out before the audit and put back in afterward, it has committed fraud and there are legal remedies available.

 

I doubt that anyone would argue that an audit by an independent and well-respected technology consultancy addresses all possible concerns. I also doubt that anyone would dispute that an audit contributes to building the case that XeroBank is committed to serving the best interests of its customers. Steve, if you are interested in the latter, then why would you not serve as an internal champion for the former?

 

Pleonasm,

It is undoubted that an independent audit will take place. That is inevitable. However, it won't impress me because I don't need somebody to tell me i'm clean, and it definitely won't satisfy genady because the evil stuff could be taken out and put back in later if it existed.

You know what *will* impress me? When we get FIP 140-2 certified.

 

Uh....excuse me....but that comment about removing the "evil stuff," wasn't from me. So careless with your words and attributions. I hope your coding is better.

 

Genady, the wording was from me.

 

Steve, do you know the approximate anticipated timeframe when such an audit will occur? If not, can you kindly advocate this action within your organization and ensure that it is placed on the “high priority list” within XeroBank?

For those not familiar with Federal Information Processing Standard (FIPS) Publication 140-2, it is commonplace for professional encryption applications to have this designation.

 

The audit will take place probably prior to the fips certification, but after we are fips compliant. that means lots of code monkey work.