Central Banks Are Privacy Providers of Last Resort

matthew-henry-fPxOowbR6ls-unsplash
30 July 2020

J.P. Koning, a CoinDesk columnist, worked as an equity researcher at a Canadian brokerage firm and is a financial writer at a large Canadian bank. He runs the popular Moneyness blog.

Have central banks quietly pivoted to becoming consumer privacy advocates?

It certainly seems like it. Back in 2017, Denmark’s central bank proclaimed it would “not be appropriate or acceptable” to issue an anonymous digital currency for public use. But a recent Bank of Canada paper floats the idea of issuing digital currency with “enhanced privacy features.” It’s almost as if over the last 24 months central bankers have become bitcoiners (or at least zcashers).

I think this advocacy is probably a good thing. But it’s still in the early stages. Who knows where it will lead?

See also: JP Koning – Venezuela Is a Testing Ground for Digital Dollarization (and Zelle Doesn’t Like It)

Central bankers have always been a bit sheepish about the role they play in providing payments privacy. Banknotes, a central bank monopoly, are widely used by people from all walks of life. But they are particularly vital to folks in the criminal and underground economies who need to cover their tracks. That’s not the sort of customer base one brags about.  

Criminals are no longer the only anonymity-seekers, however. Regular folks in the licit economy are increasingly fretting about their financial privacy. As more and more of our payments are being pulled into the digital world, where they can be preyed on by data sniffing corporations and governments, we want protection.  

Banknotes are one of the few ways to control how much of our personal data gets thrown off to these sniffers. And so central bankers have found themselves accidentally thrust into the role as foremost provider of “retail” financial privacy.

Now, central bankers are tentatively taking the next steps. Rather than accidentally performing the role, why not formally adopt a proactive approach to protecting individuals’ financial privacy?

Privacy as public good

While it’s hard to pin down when the shift began, it might might have been in 2018 when Christine Lagarde, the outgoing head of the International Monetary Fund, dared suggest that if central banks are to issue their own digital money, one of the public policy goals worth considering should be “privacy in payments.”

More than anything else, the debate over whether to issue a so-called central bank digital currency, or CBDC, is driving this nascent mandate. Designing something from scratch is forcing central banks to ask themselves whether they have an obligation to provide the public with digital privacy and, if so, how private dare they make the stuff.  

Luckily for today’s CBDC architects, the intellectual basis for privacy in payments has been laid out long ago. Many CoinDesk readers will be familiar with the group of irreverent cypherpunks active in the 1980s, 1990s, and 2000s who debated the merits of electronic cash. This includes the likes of David Chaum, Hal Finney and eventually Satoshi Nakamoto.

Does a 'balanced' approach to privacy mean a CBDC backdoor for government law enforcement? Many of us would bristle at this.

The debate over privacy and CBDC actually draws from a second and less-known stream of thinkers associated with the U.S. Federal Reserve. They are Charles Kahn, James McAndrews and William Roberds. Starting with a shared interest in central bank clearing and settlement systems, this trio of economists began to explore financial privacy in 2000 with “A Theory of Transactions Privacy.” In that paper they suggested the “dark side” of the information revolution was “a concomitant loss of privacy,” and developed an economic model to determine the scope of the problem.

The work of Kahn, McAndrews and Roberds consistently highlights the economic benefits of payment privacy – and not just for criminals. If information from licit transactions can be exploited, say because it might land participants on a marketer’s bothersome mailing list, legitimate buyers or sellers may decide to not make the transaction at all. And so the economy fails to operate at full capacity.

The three economists suggested the existence of a privacy-friendly payments rail might empower consumers by letting them guard their personal information. And so a payment that might have otherwise been deemed too dangerous could proceed. More trade makes the world better off.

Through their work, Kahn, McAndrews and Roberds have created a language that, almost two decades later, is finally being drawn upon by central bankers. Citing this earlier work, economists Rodney Garrat and Maarten van Oordt have recently suggested in a Bank of Canada staff paper that payments privacy might be thought of as a public good.

See also: ‘Radical Indifference’: How Surveillance Capitalism Conquered Our Lives

What does it mean to say that privacy is a public good? A useful analogy might be a strategy of wearing masks to combat COVID-19. The main reason to wear a mask is not necessarily to protect oneself but to protect others from the virus. The net result, a healthy population, makes everyone better off. Likewise with privacy. By choosing to take on the hassle of preserving one’s privacy when making purchases, an individual makes it harder for a snoop to use the data to exploit others.

Garratt’s and van Oordt’s public good argument for privacy was recently cited by Sriram Darbha and Rakesh Arora, two Bank of Canada researchers. They have written a technical overview on how a CBDC might incorporate privacy. It lists a number of techniques including zero-knowledge proofs, the technology that drives privacy coin zcash.  

Dharba and Arora mention the idea of a “hybrid privacy” in their paper. Whenever central bankers opine on the issue of privacy and CBDC they have generally been careful to strike a balance between providing privacy and guarding against bad actors. “Would central banks jump to the rescue and offer a fully anonymous digital currency?” asked Christine Lagarde in 2018. “Certainly not. Doing so would be a bonanza for criminals.”

Darbha and Arora also take this balanced approach. Under “hybrid privacy,” a potential CBDC might allow “maximum privacy” to users within limits. But anything above a fixed amount would no longer be protected. And so presumably organized crime would be kept away from using the system.

It’s difficult to know for sure whether a central banker’s “balanced” approach to privacy will meet the bar that is being set by an emerging group of privacy consumers. Jerry Brito, executive director for Coin Center and a frequent commentator on digital privacy, suggests that a CBDC should be “as private as possible. By that I mean as anonymous as physical cash.” 

There are costs to this degree of anonymity, grants Brito. But officials can work to control abuses using the same regime they have developed for dealing with the abuse of cash, for instance requiring reporting for all payments over $10,000.

Will central bankers be willing to go this far and, if so, will regulators of money laundering allow them?

Does a “balanced” approach to privacy mean a CBDC backdoor for government law enforcement? Many of us would bristle at this – we’ve all read Edward Snowdon’s revelations about the National Security Agency’s abuses. Alex Gladstein, chief strategy officer at the Human Rights Foundation, is skeptical, telling me it is “unreasonable to expect the U.S. government to build a CBDC system that doesn’t have a backdoor into all transactions.”  

Complex project

But let’s imagine for a moment that a central bank does issue a genuinely anonymous digital currency, one with no backdoors. Why would the public believe it? The privacy technology is likely to be kept under the hood. And even if we could see underneath, the code would be gibberish to most of us.

Darbha and Arora suggest trust could be enhanced using “third-party reviews.” But in an age where trust is in short supply, might we need a fourth party to review the third party? A fifth to review the fourth? This daisy chain can go on forever.

Another challenge will be to build a large enough base of CBDC users to harness Garratt’s and van Oordt’s public good nature of privacy. Return for a moment to our mask analogy. Even if there are plenty of masks to go around, it doesn’t mean enough people will use them. And so the virus wins.

See also: JP Koning – How Bitcoin Is Like Ham Radio

Likewise with privacy. Even if the central bank provides the public top-notch privacy, many people will probably just stick with their credit card. And thus none of the public benefits of privacy emerge. The snoops win. I suppose that CBDC usage could be legally mandated, but that seems a step too far.

So, as you can see, a privacy-friendly CBDC is a complex and ambitious project. I applaud central bankers for taking the initial steps forward. But part of me worries they may be biting off more than they can chew.

Which gets us back to Charles Kahn, who suggests what might be an easier role for central bankers. Rather than becoming directly involved in issuing digital anonymous money, perhaps central bankers should just regulate and standardize financial anonymity. That would leave the private sector to meet the public’s various privacy needs, under the central bank’s watchful eye. And leave central bankers less subject to criticism.