Online Financial Accounts That Can Reproduce, Inherit, and Evolve: How They Work

by John S. James, 2007-01-15


For the first time in history online financial accounts could reproduce — creating “children,” grandchildren, and family trees of new accounts, at their owner’s command. For the average online bank account, reproduction would make no sense. But we show how it can power a new, very flexible financial instrument that opens doors to many unexpected business and fundraising models, and other possibilities that would be difficult today. It will let ordinary people control hundreds of options (settings) for their money, customize accounts in minutes, and widely share their most successful innovations with others, who can customize further.

Here we use an example of a band selling a song independently, to show some of the nuts and bolts of how the system works. We suggest reading at least part of the home page first, at

Smart-Accounts Are Different

“Smart-accounts” is one possible design for reproducing accounts. There are other designs that will work, but this Web site deals only with smart-accounts.

Suppose that a band has recorded a song, “Moonglades Beach,” and wants to sell it independently. Today the musicians might wait to record enough additional music for an album, then produce a CD and sell it to friends, on their Web site, at coffeehouses, etc. Probably they would only sell only a few copies. There must be a better way.

Assume that the proposed reproducing “smart-accounts” are available on one or more servers — and that some or all of the competing smart-accounts providers include software for selling music downloads. Suppose the musicians pick one located at [FYI, we chose this address for the example since no one will use it for other purposes, as we bought the domain name. We almost named our system “automatic-accounts” instead of “smart-accounts.” Of course all online accounts are “smart” (computer controlled) and automatic already — but not like these.]

Note: Our design for smart-accounts is only one of various ways that reproducing accounts could be implemented. Before reading the example below, it may help to note the unusual design of smart-accounts, including:

  • There are two kinds of smart-accounts, secret (the default) and public. (Note: these smart-accounts do not use public-key encryption.)
  • Neither kind has a separate user name and password. Instead, the name of a secret account serves as both it’s user name and password [we did this to make practical management easier; using both a user name and a password could also work for reproducing accounts]. Public accounts usually do not need a password. However, a password can be added later for either kind, if needed for special high-security uses.
  • Secret account names can be almost any string of characters of any length; usually they will be a random number, often 12 digits long. Public-account names are usually selected to be easy to remember, and may be alphanumeric; they must be allowed in a URL, so spaces cannot appear in an account name (hyphens or underscores can be used instead).
  • Every smart-account will have its own control panel, where the owner (or anyone who has the account name) can change account options — or have the account create one or more “children” accounts that usually inherit its options. Public accounts will often have a minimal options page for the general public, where the control panel would otherwise be; the real control panel of a public account is accessed through the control panel of its secret parent (or grandparent, etc. if the parent is also a public account).
  • The public will usually use a smart-account by clicking on a URL — just like clicking on any other Web address. No registration or other advance arrangements are necessary; and the end user does not need to know anything about smart-accounts, or know that any money is changing hands. They will click on a link like (used in the extended example below). We sometimes call this link a “smart URL,” because it can keep track of prepaid free downloads as they are purchased and used — or do any of hundreds of similar tasks, depending on what services are provided by the server, and have been turned on by the owner of the public account.

Extended Example:

A. Setting Up a Smart-Account

One of the musicians, or someone working for them, will visit and requests a smart-account. (The site will use secure communication, so that only the account owner will have the secret account name. Not even the server will keep an unencrypted copy.) The account name can be anything that works in a URL, and is not already in use on that server.

The person requesting a new smart-account could supply the name. But in this case, let’s assume that he or she accepts a random name in the default format, which might be 12 random digits — for example 730567893276. (All-numeric names are convenient for international use, and for entry into a telephone if needed. And this account name will never be give out to the public.) The band now has a smart-account.

The band must keep this account name secret, because the account will later receive money from sales of downloads, and anyone who had the account name could take the money. In our design there is usually no password (the account name itself serves as password); however, the account owner could optionally set a special password for high-security accounts. Also, these accounts do not need to identify the owner unless required for legal reasons, facilitating commerce by avoiding any possibility of identity theft.

Probably it will cost nothing to set up the account. Instead, the most likely smart-accounts business model will be to collect a percentage of each sale and profit when the musicians do — instead of creating a conflict of interest by making them pay for hopes and dreams that may not come true.

Note that 12-digit account names would allow up to a million accounts to be given out, and still the chance of a 12-digit guess being any of them will be less than one in a million. If this isn’t enough, the account name could be longer. Twenty digits would allow ten billion accounts in use (10,000,000,000), with the odds against a guess of more than 10,000,000,000 to one. If the same account name is on use on a different smart-accounts server, that causes no problem at all (ask me at our blog, if you want the explanation).

B. Uploading Music to the Account

Now the band could use the control panel (dashboard) on their account by clicking (note the https for a secure connection) — or alternatively visiting and typing the account number into a form provided. (Most uses of smart-accounts will not need a secure connection — but communication with the control panel should always be secure, except for small-value accounts that have little money in them to lose.)

The control panel will allow anyone with the account name to customize the various services provided by the server at (or to take out money). For a smart-account system that offers music downloads, there will certainly be a way to upload a song or songs, in MP3 or other choice of formats. Unlike a music group that publishes on a CD, the band could easily replace its music at any time to make improvements. (Archival versions could automatically remain on sale through the smart-account as well, unless the account owner removes them.)

To upload the music, the account owner just clicks an Upload option in the control panel, and follows the instructions provided. There will be an option to upload an artist’s sample as well. A “free sample” may seem pointless when the whole song will be free to almost everyone who downloads it, due to prepayment by a sponsor. But the sample will not charge against a sponsorship. It will always be available, even if prepaid downloads are not. And it will give the end user the artist’s quick selection, showing what the work is trying to accomplish.

C. Preparing for Sales

How will the band sell downloads to the public and have people pay their account, when its name must stay secret and can never be given out?

Remember that these accounts can reproduce new “children” accounts when the owner wants. To have the account reproduce, the owner (or anyone else with the secret account name) will visit the control panel, click an option to create new accounts, and follows its instructions to specify how many children are to be created, and to set any options for the children that are different from their parent’s options (which are usually inherited by default).

In this case the account owner will give the child or children a special status called public account. A public account can only receive money, and can never give money out. Instead, the money received by a public account will instantly transfer to its parent (or to another smart-account specified by the owner). Since nobody except the owner can take money out or change options, a public account can be published and made freely available to anyone; it can travel by insecure email. A public account will usually carry a business offer by a merchant (in this case, the band). But unlike most business offers, those conveyed by a public account will usually be free to the offeree (since they were prepaid by a sponsor).

Assume that the band only wants to create one public account now. It will probably want to give this account a descriptive name that is easy to remember (instead of letting the name default to a 12-digit random number). Since the song is Moonglades Beach, the band may pick the name moonglades-beach. (Capitalization will not matter. The name cannot contain a space, or any other character not allowed in a URL. And only rarely will a user need to manually type an account name.)

Public accounts have two different control panels: a minimal one showing options for the public, and a complete control panel for the owner. The public will use the account by clicking the “download/payment page,” here Users will then see a display controlled by the account owner. For music sales it will include a button to download the work (if a free download is available), an optional button for a free sample that is always available, and a button to purchase any number of new prepaid downloads (with a credit card or other means) to replenish the public account. (Note: a public account can reproduce, creating a new public account — for a sponsor who wants to pay for downloads only for his or her own social networks, not for all the other people who already had the parent public account. Public accounts may be allowed to reproduce only when new money is paid.)

Since the band owns the music and the account, it can give away any number of free downloads at any time. It does this through the real control panel of the public account, which is reached through the secret parent that created that public account. Perhaps the band will start with 500 free downloads to “prime the pump” and help start a constituency — enough so that the first people to use for a free download can also give the URL to their friends as a gift, with reasonable assurance that free downloads will still be available when their friends check their email and click the URL.

Once is set up, the band can include it in emails to its friends, put it on the Web, publish it in print, or otherwise distribute it. Whoever gets the URL can share it with anyone else they choose — who can then always hear the free sample, get a full free download if any are currently available thanks to sponsors — or sponsor any number of downloads in the same URL themselves, or in a new URL they buy and name, to share exclusively with specific people and networks they select.

Note that many copies of the “smart URL” may be circulating in the same or different social networks — and different URLs that sell the same digital art can circulate in various networks as well. All of these can be replenished with new sponsorship purchases at any time; therefore they need never expire as long as people are interested in the content they deliver. They can circulate indefinitely, continuing to generate income for the artist, who will get almost all of the money paid for the sponsorships.

And sponsorships can be major purchases, as buyers who want to help the artist or a cause can put in any amount of money they want to give, and give away any number of prepaid free downloads through social networks (although some of the downloads might not be used). Probably the money will transfer into the artist’s account not at the time of sponsorship purchase, but at the moment each sponsored free download is used. This is to build up morale for end users, who will often know that their free download puts significant money into the artist’s account within seconds.

We believe that these URLs as a group will effectively seek out and move into new constituencies around the world — because they will be most active in online communities where many people like the art, reproducing faster there and traveling faster to new people (and also paying the artist more). Where no one cares, the URLs will be inactive. So the overall effect is that the URLs will grow and travel in favorable soil (where people like the particular art they carry), spreading from there through social networks and reproducing again where conditions are favorable. They may also tend to move toward money, since where everyone is poor there will be no one there to sponsor the prepaid downloads — a problem that can be addressed by encouraging remote sponsorships.

The sponsor may also set a time when any remaining money (not used by then for free downloads) will automatically go directly to the artist, or back to the sponsor, or to any designated third party; the unused prepaid downloads should perhaps remain free if the artist gets the money. The refunded money can be sent to anyone, even if they do not have a smart-account, since a smart-account can mail a paper check (using a commercial service) with no need for any human attention.

Each free download may have a short message (such as a Google-type ad) from the sponsor who paid for it. This recognition/advertising will be an important incentive for sponsorships — increasing artists’ income. Artists can control the policy on whether these messages are moderated, or accept the default of the server. Perhaps a sponsorship of $50 or more will have the privilege of being unmoderated, and appearing to free downloaders immediately.

D. Processing Sales

So far no money has changed hands.

But at some point the initial free downloads (if any) given by the artists will run out. Then anyone with the smart URL could buy a single download. But that would be inconvenient, like music sales today that expect every end user to pay separately for his or her own copy.

The smart-accounts system is intended to work best with a low price (such as $1 or even less), with sponsorships being sold to buyers/donors who purchase any number of bulk downloads they want, and share them with others. If the price is $1 and the average sponsorship amount is $50, then only 2% of end users will have to pay anything, and the other 98% will download free. Usually it is easier to get one person to contribute $50, than to get 50 people to pay $1 — and even more so if it’s one $500 payment, compared to getting 500 people to pay $1 each. This is especially true since the sponsors will be able to get recognition, outreach, or advertising by including a message with their donation — and can target people who like certain art, and reach them through the social networks of the donor’s choice. Contrast the situation today, when each customer must buy one download for himself or herself and gets no such social benefit, reducing the incentive to buy and therefore reducing artists’ income.

Anyone who buys one download (or thousands of them) could use PayPal, or a credit card etc. through a company that handles third-party payments. The server will know which public account received the payment, because it will have set up the payment page. Therefore it can credit the secret parent account.

The server will be able to set restrictions such as how much money can be received, or require verification before processing large amounts, as PayPal does. And a smart-account owner could set additional restrictions on child accounts that might be given or sold to someone else. Such rules will be binding on all future generations. If excessive restrictions accumulate and become burdensome, people just won’t use those accounts; instead they could go to the server and start fresh.

Smart-account providers will be able to use due diligence to prevent prohibited payments — a service they could advertise to users. Even when the risk is zero, most people cannot determine that — and are becoming reluctant to help small, worthy organizations, for fear of getting into trouble inadvertently. They could be reassured if they knew that professional checking was done.

E. International Sales in Many Languages

Note that the server could have credit-card processing instructions in many languages — many Web sites already do. The smart-accounts system has the advantage of providing a uniform financial infrastructure. It only has to be set up once, and then will be available to any number of businesses and nonprofits — to anyone who gets a smart-account, either from the server or from a friend or colleague who already has one (since these accounts can reproduce). So instead of five languages (as we saw recently on a bed-and-breakfast Web site in Paris), a smart-accounts server could ultimately offer 50 or even 500 languages.

Only a handful of credit-card-processing phrases will need to be manually translated to add a new language, and this could be done at any time, even while the accounts are in public use. Users may select their language by clicking on a language name, or clicking on a flag. But usually this will be unnecessary, since most often the person who gave them the URL/public account will speak the same language, which can be encoded in the URL (as Wikipedia does, for example “” for English).

Similarly it will be easy to add new languages for a handful of music-oriented instructions, like telling users how to download free, how to select their file format if necessary, or how to hear the artist’s free sample. Or words might be avoided entirely by standardizing the layout of buttons on the download/payment page.

And for credit cards, music, and other services, a few simple drawings or diagrams could be used along with the words. If people standardize on these (which may happen naturally), then anyone who learns the pictures will be able to use any smart-accounts system — even if they cannot read any language at all.

Notice that smart-accounts users could choose any of the supported languages (there could be hundreds of them), and do ecommerce in that language with any of thousands of merchants who speak many different languages and who also have smart-accounts, provided that the artists or other merchants used standard options provided for ecommerce instructions, instead of writing their own. Any new text would need to be translated into all the languages that merchant decided to support. (Other languages could be turned off at the control panel, so the public would not see them presented as options.)

Since about 98% (we think) of downloads will be free, the great majority of end users will not need to spend any money, or even have any money. Still they can participate, by causing instant transfer of sponsors’ money to their favorite artists, organizations, or other parties.

Incidentally, we picked the 98% guesstimate for prepaid free downloads, based on the conventional wisdom that a free Web site that asks for contributions effectively may get about 2% of visitors to contribute, while 98% will not. The situation with smart-accounts is quite different. They will totally encourage so-called “freeloaders” (since without free downloads the artists might not get paid) and yet will insist on payment from somebody. Hopefully most of the money will come from major sponsors who can buy free access for many people; they can distribute the access through their own social networks if they want, and include their own message if they want. Or they could give the access to the artist’s Web site. Or sponsors may not bother with distribution at all, giving the prepaid access (by default) to the existing social networks represented by the smart URL a sponsor received.


With smart-accounts, DRM (digital rights management) and its endless problems should be largely unnecessary. Since one sponsor can and sometimes will buy thousands of prepaid free downloads, while each end user will need only one, there should often be an excess of free downloads available. Then almost anyone will be able to get a legitimate download of the music or other work free, at least as easily as getting a pirate download, and the artists will be paid. In these cases it should be easy to persuade fans of the artists to use the free copies that pay them — and a world of DRM hassles will just go away.

And when there is a shortage of prepaid downloads, all sorts of new dynamics will possible. For example, the inconvenience to the public of paying $1 or so to an independent band for a single download will motivate potential sponsors to get more mileage in good will for themselves or their organizations — at fairly little expense, almost all of which goes to the artists. Sponsoring a URL already in circulation will instantly make all copies of that URL provide free downloads, all over the world — along with the sponsor’s message (in whatever language(s) the sponsor wrote it), if any.

Of course not all digital content will be suitable for distribution in this way; probably most will remain entirely non-commercial, as now. And some will need to be sold to each end user. But art that people customarily pay for (music, for example) might work well with smart-accounts. The difference from today is that artists will be able to sell to constituencies wherever they can find them in the world — even if most of their audience cannot spend any money at all. Sponsors could be mostly in richer countries, while end users can be anywhere online. And sponsors will be able to follow how their donations are being used, and how frequently their messages are getting out.

The result will be more interactions, connections, and relationships between people in very different locations, cultures, and circumstances, based on something they care about in common.

G. Security

Smart-account security could fill a book. Most importantly, new security features will reduce unnecessary trade-offs between security and convenience.

For example, public accounts with hundreds of dollars of sponsorships in them will be emailed with no encryption, and even published for the world to see — because the unused money can only be spent for the purpose for which it was given (or returned to the sponsor). Or to take another example, a restricted account that could pay only for access to certain academic journals will have little street value — especially if it gives no hint of what it can pay for.

A smart-account could also call or email the owner or a security service immediately, in case of certain attempts to misuse the account.

FYI, a smart-account owner can create a restricted list of payees by entering the list of payee public accounts, at the appropriate option in their own account’s control panel. This list, when accepted, will become invisible and irrevocable even to the account owner (so that no one who steals owner’s access to the account could change it). An owner who changes his or her mind after irrevocably restricting the account could simply use a button at the control panel to instantly kill the account — which will automatically transfer the money to another secret smart-account, which the owner set up and made irrevocable in advance. The thief could click the same button as well — transferring the money to the legitimate owner.

If a smart-account is lost, it cannot be replaced. But account owners will have many ways to protect themselves from loss by preparing in advance. For example, the account could have one or more alternate names, requested by its owner and printed out with a click on a button in the control panel. These name(s) could be kept separately in a safe place, in case the regular name is lost.

These alternate names can have a hierarchy, with a master kept safely away, so that even if someone maliciously changes the regular account name to lock out a legitimate owner, the master can still retake control. Another account can be supermaster, and so on through any number of levels.

Accounts could also expire automatically after a user-defined period of inactivity — or immediately, after a phone call to a special number at the server, where the caller enters the name of the account to be killed. When the account expires, its money automatically transfers to another smart-account specified in advance by the owner, and the name becomes inactive. But the account’s options and settings may not expire immediately; they might stay around for perhaps five years, like a ghost. A master account could resurrect this structure, under a different account name.

Since the server cannot manually replace a lost account or the money it contains (since there is usually no way to authenticate the claimant, or even to identify the account involved), it will be the owner’s clear responsibility to set up, ahead of time, at least one of several simple ways like those noted above, to guard their assets in this situation.

While the basic smart-account system does not need passwords or PINs, an owner could set them for a high-security accounts such as one with a large amount of money in it. And the password or PIN could be communicated by a different channel, such as a telephone call when the main transaction was online — greatly increasing security.

Perhaps the most powerful new security feature is the simplest. Since smart-accounts can easily be born and die at their owner’s will, owners of large accounts can create smaller ones as needed, limiting the amount of money at risk. An account owner could even put the exact payment into a new account, limiting any possible loss to the purchase price — and/or limit an account to a single transaction, after which the account immediately dies, transferring any remaining money as set up in advance. Since smart-accounts can also be free of identifying information, or any other information that could hurt the owner, people may be more willing to use limited-value accounts in risky circumstances.

A high-value account need never be given out. The owner could use it only to communicate with the server over a secure connection, to create new, children accounts with a smaller value for everyday use. And even small-value accounts will usually never be seen by the payee, as they will be given to one of the payee’s public accounts, maintained on a trusted server.

If the server is not trusted, the account’s identity is at risk, although the irrevocable account restrictions noted above could still prevent loss. Account owners will recognize a trusted server by its reputation, or by its membership in a well-regarded group of mutually trusting servers.

And conventional security is still available. All communication with the control panel should be encrypted, like credit-card transactions today; some other transactions will use similar security as well. And with standard hashing techniques, all account names will be encrypted when stored on the server, so that even if criminals copy the entire account database they cannot impersonate account owners.

Reputable smart-account servers will take steps to prevent fraud (such as selling copies of work that belongs to others). For example, they could take down abused accounts in case of credible complaints. The server will know all the accounts in the ancestor tree — and could require their owners to get their act together, or lose some or all of the ability to receive money from that server or group of servers. And users could see trust and reputation indicators, outside the control of the account owner, on the download/payment page (like the one generated by clicking For example, potential sponsors (buyers) could check how long that particular account or its parent had done significant business on the server, and see if there were any complaints, and if so how they were resolved.

Why This Matters

The musicians who might have sold a few CDs to their friends can now let anyone in the world (who can pay online) sponsor any number of prepaid free downloads for anyone else in the world who has online access. Usually the buyers of bulk downloads will give them away through social networks (meaning that sponsors can give thousands of prepaid free downloads and control where they go if desired, without needing to know thousands of people to give them to).

The band can simply get a free smart-account from a server (or better yet from a colleague, so it will already be mostly set up for a similar use; third parties might sell professional versions). In an hour or so the band could be open for business worldwide in dozens of different languages, usually with no expense at all. The server could charge a small percentage of sales, probably less than five percent, since expenses to run the server are minimal. The artists will keep the rest.

With the technology of distribution and payment handled, the musicians can focus on what counts: building a constituency, one that includes both sponsors and free end users.

Multiple languages, accepting credit cards, downloading music, and accounting are just four of what will ultimately be hundreds of services and counting, which can and often will be packed into the same smart-accounts. Of course most of these services will be turned off at any one time; otherwise, the accounts could become too complex for humans to use. But the unused capabilities will remain latent in the accounts, available when needed.

Some of the services will be bizarre, such as robot negotiation between buyers’ and sellers’ accounts, with business taking place outside of human awareness unless the robots fail to reach agreement, and kick the decision upstairs to the appropriate human (usually the potential buyer). Third-party experts will sell robot-negotiation strategies, continually updated to take advantage of the latest conceptual advances and the latest business data.

Back to the artists, if they are going to make sales around the world, they need to give people a reason to act — some kind of motivational connection. Mostly this will be through social networks; people trust their friends more than they trust institutions, or strangers on the Web. Politics, religion, business, and artistic or other ideologies can provide instant connections among people worldwide, for better or for worse — creating openings for the artist to appeal to potential sponsors and end users.

Grassroots marketing specialists hired by artists could systematically interview the artists to bring out the contacts and connections they already have, and suggest approaches that experience has shown could be successful — as well as suggesting reviewers, columnists, and other opinion leaders likely to be interested in the particular art. These specialists could work quickly and charge a percentage of sponsorship sales, avoiding upfront expense.

Our main concern is to help artists make a living independently, by selling their work online. Even artists in poor countries who have no computers, and no good way to participate in the world economy, could with a little help from a trusted friend, nonprofit, or business, sell their work throughout the world and keep almost all of the proceeds.

Reproducing accounts will almost certainly become widely used, since they will sell online content gracefully, and facilitate global economic exchange at near-zero transaction cost in both money and attention. But any powerful tool can and will be abused. We should think now about how to maximize the benefit and minimize the harm from the ecommerce tools that reproducing accounts will make possible.