Security Without Identification
Security Without Identification is David Chaum’s 1985 Communications of the ACM paper “Security Without Identification: Transaction Systems to Make Big Brother Obsolete.”
Dossier Society
Chaum’s starting point is not only payment privacy. It is the growth of computerized transaction records across public and private organizations. When ordinary transactions produce linkable identifiers, organizations can compile dossiers about habits, whereabouts, associations, and life patterns.
The paper argues that this creates a chilling effect and a structural loss of individual monitorability and control. The problem is not that organizations need no security. It is that identification-centered security solves organizational abuse problems by making the individual increasingly transparent.
Digital Pseudonyms and Card Computers
Chaum’s alternative is to use different digital pseudonyms with different organizations. A person can have a bank pseudonym, a shop pseudonym, a credential pseudonym, and one-time-use pseudonyms without making them linkable by default. Abuse controls are built into the protocols rather than into universal identity.
The personal card computer is the user’s side of that architecture. The contrast Chaum draws is one of control, not of tamper-resistance per se: the conventional chip card is an institution-owned token that keeps secrets from the user, whereas the card computer is a user-controlled device that need keep no secrets from its owner (though it may still include a reasonably tamper-resistant part). It stores keys, authorizes transactions, displays terms, and lets the user decide what to disclose.
Three Transaction Domains
The paper develops three domains. Communication transactions aim to hide tracing information while preserving authentication through digital signatures. Payment transactions use blind signatures so withdrawals and deposits cannot be linked, while note numbers, receipts, and clearing lists can still prevent double spending and support exceptional auditability.
Credential transactions let a user transform a credential issued under one pseudonym into a form shown under another pseudonym. The point is selective disclosure: an organization can verify the needed credential without learning unnecessary identity data or linking the user’s whole dossier.
Bridge from Blind Signatures
Blind Signatures for Untraceable Payments gives the core payment primitive. This paper generalizes the political and institutional program. Blind signatures become one component in a larger privacy architecture for communication, money, credentials, clearinghouses, and accountability.
For the cypherpunk lineage, that makes the paper a bridge. It is older than the 1990s cypherpunk list, but it already states the central cypherpunk move: replace identification-dependent trust with cryptographic protocols that preserve privacy while still making abuse costly.
See Also
- Blind Signatures for Untraceable Payments - payment primitive behind the broader program
- New Directions in Cryptography - public-key and digital-signature foundation
- Public-Key Cryptography - concept article for signatures and public-key control
- Privacy and Cryptography - topic map for privacy-preserving implementation
- Cypherpunk - movement that later adopted Chaumian privacy themes
- Praxeology of Privacy - later Austrian-libertarian theory of selective disclosure
- PGP and the Crypto Wars - later conflict over routine public-key privacy tools
- Trusted Third Parties as Security Holes - adjacent protocol-design critique of institutional trust
- David Chaum - Cryptographer who invented blind signatures and the untraceable-payments program — the pre-cypherpunk foundation whose ecash and DigiCash ancestored later digital cash.
Sources
- Security Without Identification: Transaction Systems to Make Big Brother Obsolete - primary 1985 CACM paper