With Digital Dollars, Our Own Wallets Will Be Watching Us -- We Need to Act Now
A new type of digital money called CBDCs can make banking better for everyone, but if we're not careful, they can also destroy our privacy rights
“How did you [lose all your privacy rights to government digital overreach]? Bill asked.
“Two ways, Mike said. “Gradually, then suddenly.”
— with apologies to Ernest Hemingway, The Sun Also Rises.
Governments around the world are exploring a new form of digital money called Central Bank Digital Currencies or CBDCs
CBDCs may make payments work better for everyone, but if we are not careful, they will ramp up government surveillance to unprecedented levels
New privacy-enhancing tech, such as “zero-knowledge proofs” from Chainlink are in development, and we should, from the start, insist that CBDCs incorporate these tools
Imagine you go to the airport, get pulled out of line, and find yourself in a windowless room.
Turns out your trip is “under review.”
Based on your last 100 purchases on Amazon, and the last 30 shows you binged on Netflix, and the fact that you recently quit your job, and some “out of the ordinary” road trips you’ve taken, and some “red flags” on your tax return, you are a “person of interest”
No trip for you.
If we’re not careful, that’s the world we are going to be in soon, if we don’t act now to make sure that digital money, in the form of “Central Bank Digital Currencies” aka “Digital Dollars, Digital Euros, Digital Pounds” are built, from the ground up, to protect our privacy rights.
Introducing Digital Dollars, Digital Pounds, Digital Yuan, Digital Yen and Digital Euros, aka CBDCs
Central Banks around the world, including those in the United States, China, Japan, Europe, and England, are all exploring a new type of digital money called a “Central Bank Digital Currency,” or CBDC.
There is not a universally accepted definition, but according to the U.S. Federal Reserve a CBDC is: “a digital liability of a central bank that's widely available to the general public.” Put another way, to a digital form of cash.
CBDCs may turn out to be a big win for consumers by making payments faster, cheaper, and more reliable, but at the same time, we in the west urgently need to act now to make sure that they don’t become a privacy nightmare.
The Biggest Central Banks in the Biggest Economies are All Pursuing CBDCs
Central banks from around 90 countries, representing 90% of worldwide GDP, are exploring issuing CBDCs. At the same time, many of these banks, including the US Federal Reserve, as well as incumbent banks, have raised many concerns about how CBDCs could change -- and not always for the better -- the way governments works, the way monetary policy works, the way local banking and business work.
No country wants to be left behind. And so there is a sense of FOMO involved here as well, but in particular, it looks like the governments of the United States, China, England, and Europe are each working to make sure that they don't fall behind the curve.
With Fits and Starts, CBDCs, aka Digital Dollars, are Coming to the United States Soon
In Early September 2022, the Biden administration shared a series of reports, and stated that the President has placed the “highest urgency” on research and development of the US central bank digital currency. At the same time, various governors of the Fed appear to be lukewarm in their reaction.
And so, reading between the lines a little bit, there appears to be some slight, maybe some daylight between the opinions of the President and the Federal Reserve. Although the Federal Reserve does seem to be taking seriously the encouragement from the Biden administration, and has recently sought public comment on a number of questions, and has apparently received over 2000 comments in response. The Fed is reviewing those comments now.
You May Not Be Interested in Surveillance, but Surveillance is Interested in You — The Politics of CBDCs
In 2019, the Chinese government reported that it had barred over twenty million “untrustworthy” people from buying plane tickets or train tickets because they had poor “social credit scores” Under China’s system, you can receive a poor social credit score for infractions such as “cheating on online games, spreading rumors on the internet, making “insincere” apologies for violating rules”
In 2022, the People’s Bank of China just announced that China’s CBDC, the digital yuan, had been used in transactions valued at over $14 Billion.
These two facts are related, and getting more related all the time: to spell it out, the same government issuing the travel bans is also issuing the CBDC, and the CBDC gives the government unprecedented powers to snoop on citizens.
And China is not the only government that has been accused of digital overreach. The Government of Canada under Trudeau used its “emergency powers” to freeze bank accounts of those who were connected to recent protests.
And, as we wrote about previously the U.S. Government sanctioned any account that had used a “mixing service” to anonymize crypto transactions.
How Far to “Turn the Dial” Between (1) Protecting Privacy Rights and (2) Preventing Bad Actors
How do we figure out the right balance between protecting consumer privacy while also doing what we need to do to collect information to prevent fraud, to prevent money laundering, and to prevent financing terrorism? Who should decide? Who should have access to data? How long should data about each transaction be stored? Should it be shared with law enforcement?
As Benoît Cœuré, of the Bank for International Settlements, put it in a recent interview on the Odd Lots Podcast,
the exact way we “turn the dial,” in my view should be a political discussion, because I don't see how central bankers or bank supervisors could decide on that kind of thing, it has to be a political discussion
(emphasis added)
From one perspective, these trade-offs are not new. But what is new is -- potentially -- the vast amount of data about you collected in one place. Think about all the info that Amazon, Netflix, Google, Facebook, Twitter, the IRS, your county assessor, your power company, your landlord, your grocery store, your employer, your credit card company collectively all have on you. Imagine all that data in one place. When it comes to data, “quantity has a quality all its own.”
That’s, potentially, a CBDC.
In a recent note, researchers from the Bank of Canada asked some important questions about the nuts and bolts of CBDCs:
Should all transactions be routinely disclosed to the government, or only some (by, e.g., dollar threshold)?
Should law enforcement be able to determine a person’s holdings, even if only approximately?
Should a payer’s identity be hidden from a merchant?
What transaction details should be shown to a payer’s MSB? (Money Services Business)
Should users be able to transact outside of KYC regulations to some extent?
Sriram Darbha and Rakesh Arora, Privacy in CBDC technology
This list is a great starting point, but I’d add, “what happens when I trade a Canadian digital dollar for Chinese digital yuan? How much data gets transmitted?” Also, what happens if all this data gets hacked, either by a random group or by a foreign government?
Imagine if every time you make a purchase, you reveal to the government:
what you bought;
how much you bought;
when you bought it;
from whom you bought it;
what else you bought;
where you were when you bought it;
who else chipped in money;
what you did right after you bought it;
who you sent it to;
who you paid to send it to ship somewhere.
Tech to the Rescue
But the news isn’t all bad. There are a number of “privacy enhancing techs” that can help a lot. There are always going to be tradeoffs between security and privacy. But new tech is coming along that will let us make those tradeoffs with a lot more precision. Let us use a laser scalpel rather than a steam shovel.
Zero-knowledge Proofs
Our current system, mostly, forces us, whenever we want to complete a basic transaction, to give up our privacy rights and to turn over lots of irrelevant personal information.
Say Yasmin wants to meet her friends at a bar in Chicago. Under Illinois law, the bar can get in trouble for serving anyone under 21, so the bar requires Yasmin to prove her age. As we all know, the way she does this is to show the doorkeeper her government-issued ID. In practice, typically, this means showing her driver’s license. This is so much “the way things are done” that we take it for granted.
But think about what just happened. The legally relevant question -- the only legally relevant question is -- “is this person at least 21 years old?” In order to prove that she is, practically speaking, Yasmin’s only option is also to tell the doorkeeper:
Her exact age, indeed her exact date of birth;
Her first, last, and middle names;
Her home address, including the state where she lives;
Her height;
Her weight;
Information about her health (such as whether she wears corrective lenses); and
What her signature looks like.
And none of that is legally relevant. But under the current system, as a practical matter, she has no choice but to turn over all of this irrelevant information along with proving her age.
But what if we had a system where Yasmin could prove beyond any doubt that she is at least 21 but she wouldn't have to provide any additional information or infringe on your privacy any more than was necessary? Like minimally invasive surgery, this is “minimally invasive legal proof,” also known (somewhat confusingly) as “Zero-Knowlege” proof.
Blockchain, Chainlink and Zero-Knowledge Proofs Help “Square the Circle” of Protecting Our Privacy Rights While Protecting Us From Bad Actors
It’s still early days with privacy-enhancing tech but some of the early proofs of concept are encouraging. For example, recently, Teller collaborated with Chainlink Labs to roll out a proof of concept for verifying collateral for decentralized finance (“DeFi”) loans.
One of the advantages of DeFi loans is that borrowers are anonymous (or at least pseudonymous). For the borrower, this is a feature but in many cases, for the lender, it’s a “bug”. When Alvin the Anonymous wants to borrow $5000, a lender has a hard time figuring out whether Alvin will pay back the loan, and a hard time figuring out whether Alvin has enough collateral to cover the loan in case he can’t pay it back.
But what if Alvin could (1) prove that he has $5000 collateral to cover the loan while (2) protecting his identity? That’s where “zero-knowledge” proofs come in. Teller and Chainlink have worked together to develop a blockchain solution so that Alvin can (1) prove, definitively, that he has sufficient collateral to cover the loan while (2) keeping the rest of the details of his finances private.
That’s the system that Teller and Chainlink developed for their recent pilot project. To learn more about that project, check out the blog post How DECO Enables Undercollateralized DeFi Lending: A Proof of Concept With Teller.
But for our purposes, the main takeaway is:
new privacy-enhancing tech can provide us with new and better options for striking the right balance between (1) protecting against fraud and crime while (2) protecting our privacy rights, and
Now is the time for us to be pushing for the development of these tools, and demanding that they be incorporated into new payment systems, especially those, like CBDCs that are managed by the government.
Why CBDCs -- and Privacy Enhancing Tech Matter
If it’s not clear already,
CBDCs are coming whether we want them or not, and
they will affect everyone who spends any money, i.e. anyone who is not a hermit living in the woods.
In the west, CBDCs are still in the developmental stages, but they are going to be here before we know it, and once here, they going to take on momentum on their own. Think about how the last 20 years played out with Facebook, Google, Amazon, the usual suspects: a lot of stuff kind of crept up on us in terms of these privacy violations. If you thought that was kind of crazy, things are gonna only get crazier, and now is the time to work this out.
Especially because politics and technology are interacting in a bunch of interesting ways. And it's important from the very beginning, that that we, as the public, make clear that our privacy rights need protection from the very start.
What Happens Next
The biggest economies in the world are in a race to figure out digital money, and to issue CBDCs. The People’s Bank of China is already out ahead. It’s still early days- most people haven’t even heard of CBDCs- but this will turn into a space race as all the major central banks FOMO in.
The US Federal Reserve governors can express all the “reservations” they want but it’s not going to be up to them. Right now, the Biden administration is playing nice, and “encouraging” the Federal Reserve to “continue to explore” CBDCs. Eventually, if the Fed does not play ball, this administration (or the next one) is going to stop being polite because, whoever is President, will see the status of the US under threat.
Like most major developments, this is going to have good and bad aspects. For one thing, we’ll get to see lots of experimentation, as the Bank of England, and the European Central Bank, and the Bank of Japan, and for that matter the Swiss National Bank and the Cayman Islands Monetary Authority, and the Monetary Authority of Singapore, all jump in with their offerings.
But the other thing that’s coming next is battles about data and data privacy. There are going to be massive screw-ups about data and data privacy. If you think the Equifax data breach was bad, you ain't seen nothin’ yet.
With digital payments, in theory, your life and my life and your neighbor’s life, and your cousin in Helskinki’s life will all be out there. Everybody who pays you and what they pay you for. Who you borrowed money from and whether you paid it back. Who you go to dinner with and what books you buy, and what movies you watch.
And so, with great power comes great responsibility. It's on us to start this fight now. There are going to be 8000 different trade-offs, and we are not going to get every trade-off right. And different central banks in different countries are going to strike the balance differently. But it is crucial that, from the start, they tackle the tough question of how to strike the balance and how to protect privacy. And it is crucial that, from the start, they embrace tech that can help protect us all.
That's what's coming next. So speak up and watch this space.