A Discussion of Transferability & Anonymity

By Robert E. Kahn and Patrice A. Lyons

(April 2, 2001)


The representation of "value" by a writing (or, more generally, a "data structure") fixed in a tangible form such as paper is a basic element in commerce. The use of such instruments is so ubiquitous that they are often taken for granted in daily life. A business will take delivery of a new computer, desk, photocopy machine or some other good and sign a document acknowledging receipt without a second thought about the validity of the process being used. This is not a recent development. For example, data structures such as "bills of lading" were used in the thirteenth century (see, e.g.,; and similar mechanisms were employed in ancient Greek and Roman times (see, e.g.,

A promise to carry loads of produce to a country fair centuries ago may differ from a promise to perform "operations"on material in digital form to produce a required informational result. It may also differ from a promise to deliver a digital object (sometimes termed "virtual goods") embodying a literary or musical work; however, the instruments evidencing the contract of carriage, the right to possession of the goods, or the receipt by a customer of the product or service, have basic elements in common. Whether and how such elements may be appropriately represented in a way that frees the transaction from the need for a physical manifestation, while allowing for both anonymity and transferability, is the issue addressed in this paper.

Representing a transaction in the form of a digital object does not preclude the production of a corresponding physical artifact upon demand. But whether such artifacts are, in fact, necessary at all, would depend more on the perceived needs of the participants than on the validity and reliability of the underlying mechanisms that can produce it. Anonymity is achieved where the party currently deemed the "holder" of a data structure is not generally known, or cannot be known, without the consent of that party. Transferability is achieved if the data structure may be transferred with authenticity from the party in possession to another party using verifiable techniques. While transferability would require a third-party trusted system to facilitate the transaction, the third-party system need not be an intermediary, and, therefore, need not know who is the current holder of the object, or maintain any information about the transaction. With such a third-party system in place, each party to a transaction can demonstrate a legitimate claim to the data structure before and then after the transaction has taken place. If an adequate confirmation of legitimate possession after the transaction cannot be made, the second party would normally reject the transaction.

Although a tangible fixation of an object provides a relatively easy means of displaying the data structure representing the intangible "value" being provided, we only consider here the case where the need for such a physical artifact is no longer present. As discussed in a report prepared for a recent meeting of the UNCITRAL Working Group on Electronic Commerce, there have been many attempts over the last few years to replace traditional paper-based bills of lading by electronic messages, and more generally, what was termed the "dematerialization of documents of title," particularly in the transportation industry (A/CN.9/WG.IV/WP.91, at 2 (2001)). It was thought useful to expand such efforts beyond maritime bills of lading to encompass other modes of transportation, as well as issues involving "dematerialized securities."

In the United States, efforts to develop alternatives to paper-based documents have given rise to the concept of a "transferable record." Initially, this work was carried out under the umbrella of the National Conference of Commissioners on Uniform State Laws ("NCCUSL"). Section 16 of the Uniform Electronic Transactions Act ("UETA"), that was approved and recommended for enactment by NCCUSL in all States in 1999, sets forth the general parameters of the "transferable record." In essence, this section provides for the creation of "a record created, generated, sent, communicated, received, or stored by electronic means," i.e., an "electronic record" as defined for purposes of UETA, "which may be controlled by the holder, who in turn may obtain the benefits of holder in due course and good faith purchaser status" (see Commentary on UETA,

A more restricted definition of a "transferable record" was recently enacted into law by the U.S. Congress ("Electronic Signatures in Global and National Commerce Act," Pub. L. 106-229 (6/30/2000)). Title II, sec. 201(a) of what has become known as the ESIGN Act provides that the term "transferable record" is limited to an electronic record that relates to a loan secured by real property. As experience is gained in this area, and technical systems and processes are developed to support electronic equivalents of paper-based loan documents, steps may be taken to expand the scope of the law to encompass other representations of "value" in commerce.

Consideration of the digital object infrastructure that has been under development on the Internet for a number of years, and is currently being implemented in several commercial contexts, may be of relevance in the evolution of the notion of a transferable record for purposes of the ESIGN Act, as well as the ongoing discussions in the United Nations relating to the transfer of rights in tangible goods and other rights.

Physical Artifacts

Many applications involving paper-based records involve the notion of an original or authentic copy. In many cases, there may be multiple originals of the same document, e.g., a contract that is signed in duplicate originals. In other cases, only one original record may exist, as in bearer bonds or in deeds to real property. For some applications there is no requirement of anonymity. The holder of the original record may be known by any of several means. In other cases, the holder may be completely unknown unless and until he or she produces the physical artifact. This is the case for issued paper money such as a dollar bill. Although the issuer of the official record or document is generally known to the holder, and to anyone else who is permitted to inspect it, there can, but need not be, any record of the actual holders in due course of the record over time. Furthermore, it is generally understood that physical artifacts such as paper and other materials are not required to maintain certain official records. For example, the issuer of an official document may retain a computer record of the issuance. This might be known by any of several terms such as a book entry, or journal entry; and the official record is kept by the issuer or a known designated agent of the issuer. The issuer may also maintain a record of the "chain of title" to the entry. Various registries maintain this kind of information, such as a typical Recorder of Deeds, although the actual deed may be retained by others. Still, the prevailing mode of operation is to issue paper for many, if not most, of these applications.

In each of the above cases, where only computer records are used, there is usually a trusted party that maintains the records, as well as the linkages between each record and the party to whom it is currently "attached." Absent the maintenance of accurate records by the trusted party, proof of ownership may be compromised, perhaps fatally. Even though an official computer-based record may be kept by a trusted party, normally the issuing party or its agent, a copy of the record may be available in digital form at other locations. To be negotiable, the bearer may be required to provide the record in digital form, but the authenticity of the holder as well as the record can be separately validated if the appropriate records are available.

The discussion below focuses generally on the case where a record of linkages is not kept, and, thus, no equivalent "chain of title" is maintained by the trusted party. It also assumes that a generalized record-keeping capability need not be in existence, but that a trusted means of authentication is available. The digital object infrastructure, described generally below, can play a key role in facilitating the authentication process.

Digital Objects and their Identifiers

The term "Digital Object" is used to denote an identifiable item of structured information in digital form within a network-based computer environment. Generally speaking, a digital object is a set of sequences of bits or elements, each of which constitute structured data interpretable by a computational facility, at least one of the sequences denoting a unique, persistent identifier for that object. The identifier may be of any form, as long as it may unequivocally be de-referenced to the digital object (as an example of such an identifier system, see Some known part of the identifier could contain a cryptographic hash or fingerprint of the identified object, which could be used to help to authenticate the object.

A resolution system, such as the Handle System® being developed by the Corporation for National Research Initiatives, would contain "resolution information" sufficient to resolve an identifier to the "location" of the computational facility containing the object; however, the resolution information, nominally state information about the digital object, may not necessarily be publicly available in its entirety. Indeed, portions of the state information may be available only to the party that is the current owner or "holder" of the object. The resolution system is also assumed to be secure from tampering. This is achieved through a combination of mechanisms including the use of public key infrastructure, backup procedures, and protected physical equipment. It need be no less secure than, for example, other parts of, say, an on-line banking system.

The location, if designated in the state information, may be merely the service point for obtaining the digital object. In fact, there may be multiple locations that can produce the digital object, and, for informational purposes, any of these will suffice. However, it is assumed that only one of these objects is the official version, and the rest merely replicas. This leads to an important consideration: given the ease by which information can be replicated by computer and on a network, how can the official version be distinguished from the other identical versions?

Transferability of Digital Objects

In this section, the focus is on the transfer of an authentic version of a record or document in the form of a digital object. We begin by considering how a given digital object accessible on the network can be authenticated as having the proper information from the original issuer and possibly additional chain of title information, where appropriate. The possibility of encrypting each digital object may indeed be desirable for all or parts of a digital object, especially where need to know comes into play. However, this capability is not essential to the basic system, in which it is only assumed that the digital object is signed by its issuer using a strong encryption mechanism such as the U.S. federal digital signature standard. The authenticity of the digital object can then be verified directly from the digital object and its signature, if the signature can be assured. The use of a trusted public key infrastructure is one, but not the only way, to achieve this result.

The Handle System can store digital object signatures to be used for authentication, and even bind the signatures tightly to the identifiers. The digital object will generally contain other information that can be used to show authenticity, but this is not necessarily required. For example, the inclusion of a sequence number, date-time stamp and/or the length in bytes would inhibit attempts to tamper with even weak signatures (or strong signatures made weak over time with increased computer power).

The question of determining which of N authentic digital objects is the original is, in some sense, an epistemological question, since there is no way for a computer to know where a party providing bits to it "obtained them." If all instances of a digital object are identical, and, since bits are themselves fundamentally incorporeal, there is really no notion of original bits. For purposes of illustration, four transferability mechanisms are identified below. The first two are equivalent to physical artifacts embodying data structures. The third is a hybrid situation. Only the fourth will be discussed in any detail.

Mechanism one is a tamper-proof device provided by the original issuer that contains the original information. It is assumed that the issuer only issues one such device, that others cannot replicate the device without destroying some critical part of it, and that no means exists to change the original information (although it may be possible to incorporate additional signatures to reflect chain of title). The device thus assumes the role of paper and ink and, for most purposes, can be viewed as equivalent to paper and ink. One transfers the data structure by transferring the physical device. Mechanism two is like mechanism one, in that the above assumptions apply, except that the internal information may be read out of the original device and into another such device. Assuming a means by which there is no possibility for corrupting the information in the transfer process (e.g., the receiving device will reject corrupted information), this leads to the issue of whether the receiving or sending device can insure that only one such transfer can occur. There may be cases where, in fact, multiple transfers might be appropriate, but this possibility is not addressed here. Mechanism three is like mechanism two, except that one of the devices is not tamper proof. This would have to be assumed, if one of the devices were a general purpose computer. The techniques for addressing mechanism three are essentially the same as those which would be used if all the devices were general purpose computers; and so we go directly to the fourth case.

Distinguishing Original Information on the Net

Mechanism four assumes that the original information is structured as a digital object and stored in a general purpose computer or other computational facility on the net (such facilities could temporarily be disconnected from the net). The notion of "holder" is tied to the notion of unambiguously designating the computational facility that purports to hold the original digital object, e.g., a transferable record such as a deed of trust, at a particular moment in time (referred to in this paper as the "holder facility"). While recognizing that this is a logical construct, the holder facility may be deemed generally equivalent to the evidentiary role played by a physical object. The identifier uniquely identifies the data structure stored within the designated holder facility. For an individual to claim to be the holder in due course of an electronic record structured as a digital object, the holder facility must be able to present the record to the appropriate party or parties for inspection on demand. It is asserted that only the authorized holder of the original digital object will be able to cause the desired object to be produced by the holder facility (unless, of course, it was trusted for safekeeping with untrustworthy associates).

The holder facility must be known to the resolution system, or a means of determining the holder facility must be uniquely derivable from the resolution system. While information about the holder of a transferable record need not be made available to others, the actual holder facility containing the object may also not be known publicly; however, it is mandatory that the holder facility only provide the original digital object to the bearer or his agent, and in a form that allows the authenticity of the information to be verified. This can be achieved without the resolution system knowing the identity of the holder. In this case, the agent of the bearer might be a trusted computer system or its operator. A compromise of this trusted system would be equivalent to a loss of say a bearer document. A compromise of the resolution system would also be equivalent to a loss of such a document. The latter must be addressed on a system-wide basis. The former is the responsibility of the bearer.

Each digital object can be validated by use of its fingerprint or signature, which is maintained by the issuer or its agent. The issuer may also elect to retain a replica of the original object, or only certain archival information about it such as its digital signature, length, date-time stamp of original issue, and possibly other non-personal identification information, such as sequence numbers. A transferable record itself consists of the original digital object and its signature, possibly along with additional information (such as chain of title information added each time the object is transferred to another party). Certain elements of the additional information would be necessary for some objects and not for others. For example, bearer bonds would not usually have chain of title information, nor would digital cash. At the time of transfer, an instance of the digital object would be formed in a new holder facility corresponding to the new holder; and the system would require that a change in the state information indicating the then valid holder facility be entered into the resolution system.

The Handle System has all the attributes necessary to provide the functionality of a trusted third party system. Entries in the Handle System for a newly designated holder facility would be made by the authorized holder at the time of transfer; the identifier for the data structure need not change, but the corresponding information in the Handle System would be changed to indicate that the data structure now accessible from the new holder facility. It is not required that the entire Handle System be trustworthy in order to implement this capability. It is only required that a subset of the system be trusted -namely a subset separately cordoned off to manage objects of value in which transferability and/or anonymity are needed.

Digital Objects sent via E-Mail and/or Agents

Digital objects structured as mobile programs or "agents" may serve as their own transport mechanism or be used to transport other digital objects with appropriate access procedures to effect the authorized disseminations. Existing mechanisms such as email may also be used for the same purpose. Specifically, both email and agents may be viewed as ways to move the separately identifiable information contained within them. While in transit, the information may or may not have any status of value until and unless it arrives at its proper destination and is validated. Alternatively, the use of identifiers (such as handles) can obviate the need for an actual data structure to be communicated, as the data structure can be retrieved independently if the ability to access it at a remote holder facility is enabled. If desired, a synchronization mechanism, familiar in distributed data base technology, may then be invoked to insure the designated object is moved from one holder facility to another and that only one such facility is the newly designated one. The Handle System can also provide the equivalent of this function. At that point an email reply could go back to the sender confirming the transaction. For audit purposes, the reply itself could be structured as a digital object with its own unique identifier.

The case of network-based agents is in many ways the more interesting and also more complex topic. In this case, the value represented by a digital object may be present entirely in a mobile context, with the object never stopping at any computational facility for more than a transitory period of time. Interactions involving value transactions may thus take place in arranged meetings and rendezvous situations. Validation of the agents as well as their contained data structures and/or identifiers would be necessary. This could be carried out using the same techniques as for any other type of digital object, whether stationary in a repository or in transit on the net.

Identifying Value

This paper does not purport to fully describe, much less specify, an entire system for representing value. There are many issues remaining to be worked out on the way toward creating a viable system for identifying value based on the notion of a digital object. A starting point down this road would be the development of a general framework based around the concept of "value."

The notion of typed data, inherent in a digital object, is deliberately intended to be an open and extensible attribute of the system. If the digital object infrastructure were introduced in various areas of commerce, it would be possible to agree on specific "types" that are meaningful for specific subjects or industries. There may be multiple types for representing "value," such as a category called "bill of lading" or "deed of trust." A data structure would be assigned a "type" for purposes of resolution of objects that are designated by the issuer as conforming to the particular type. Types may also be defined dynamically and resolved by the resolution system.

In fact, this latter capability exists in the current implementation of the Handle System, but to date there is little practical experience in its use.

Once agreement is reached on the use of "types" in such a system, consideration may be given to identifying possible standard operations allowed to be performed on a given type. For example, where dealing with the type: "transfer of copyright ownership," there may be a permitted operation: deposit for recordation in the Copyright Office.

While various notions concerning "value" and "typed data" require additional study in the network environment, the basic underlying resolution system, already in operation in Internet commerce, may be used directly to resolve typed data and to manifest value. The flexibility of a system based on the notion of a digital object may serve to open new avenues of commerce in a networked environment, and contribute efficiencies and cost savings to existing methods of doing business.