Re: [Taler] Regulations for Taler

[Dieter]

On 08/05/2017 20:07, Christian Grothoff wrote:

On 05/08/2017 04:49 PM, Dieter Vekeman wrote:

Hi

I'm trying to work out some practical use cases for Taler. This is a bit
hard sometimes in terms of regulation.

In terms of regulation, the closest equivalent are pre-paid credit cards.

One requirement which I think should have to be satisfied is something
similar to Card Stop in case of loss, theft or misuse.
Not only preventing from spending the remaining coins but also refresh /
refund the remaining value.

Well, "loss" is relative, if you have a backup, you didn't loose it.
"theft" implies someone else has it.  If you are fast, you could deposit
the coins from your backup into your bank account, that prevents
refresh. Refund is not applicable anyway, that's a merchant's doing.  If
the thief already spent the coins, it's simply too late. Misuse: As a
citizen there is no "misuse", you can use your money in any legal
business you see fit. It would be highly dangerous to allow the
government (or anyone else) to single out individual citizens and to
prevent them from spending cash (analog or digital). The fact that the
business must be legal is enforced against the merchants, so here they
will be prevented from receiving funds if they are found to be engaging
in illegal activities.  But again that's not about preventing spending
by the customer.

To me it seems that this is currently not possible (maybe somewhat
possible in case the user has a backup of the wallet).

Right. I generally expect that once we have backup/sync, we'll pretty
much enforce its use by telling users to print out the key to their
(network) backup immediately upon installation or so.  

Could you explain backup/sync a bit more? Is this a local (network) backup which the user has to setup himself or a backup somewhere online provided by a another party but where the wallet information is stored in an encrypted way?
Upon loss what would the user do with the the key they printed out?

That doesn't help
against theft, but then again I don't see regulators outlawing cash or
credit cards or gold _just_ because they could be stolen. ;-)

From the videos / documentation I learned that loosing a Taler wallet is
like loosing a physical wallet. But I don't think a regulator would
accept that answer.

The experts we talked to did not suggest theft of the wallet would be a
major issue. Note that customers are not expected to carry significant
balances in the wallet, only the cash they spent in their daily lives
(not savings!).

EU legislation (DIRECTIVE 2007/64/EC) limits the liability of the user and _once a user has notified a payment service provider that his payment instrument may have been compromised, the user should not be required to cover any further losses_.

I'm just assuming this directive is applicable to Taler...
(Article 3 Negative scope mentions which types of services to which the directive _does not_ apply).

Quote from the DIRECTIVE 2007/64/EC [1]
(32) In order to provide an incentive for the payment service user to notify, without undue delay, his provider of any theft or loss of a payment instrument and thus to reduce the risk of unauthorised payment transactions, the user should be liable only for a limited amount, unless the payment service user has acted fraudulently or with gross negligence. Moreover, once a user has notified a payment service provider that his payment instrument may have been compromised, the user should not be required to cover any further losses stemming from unauthorised use of that instrument. This Directive should be without prejudice to the payment service providers' responsibility for technical security of their own products.

[1] http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32007L0064&from=en

What would be some possible solutions or workarounds such that a user
could recover from theft or loss?

Easy:
* Theft: usually nothing.
* Loss: backup.