Privacy falls by the wayside

Lesen Sie die Deutsche Version hier.

In recent years, central banks around the world have begun researching and developing their own versions of digital money, known as Central Bank Digital Currencies or CBDCs. Some countries are well-advanced in their efforts, while others are taking a wait-and-see approach: According to the Bank for International Settlements, 86 percent are exploring the possibility and 14 percent are up to the pilot stage. Whether proactive or reactive, these national projects have global implications: If one government achieves greater visibility and control over their own financial systems via a CBDC, it might also collect data on all who transact with it, including trade partners and individuals overseas.

«For democratic nations,

privacy should be prioritised

not only in the design

of their own CBDC,

but in response to

how other states proceed».

Privacy deemed a trade-off

Central banks are not only responsible for monetary and financial stability, they also administer physical bank notes. At the current moment however, they are not hosting online transactions between regular account holders: When we use existing electronic payment systems and credit cards, or make a transfer via internet banking, we are not using central bank money but rather commercial bank money – a liability that the private sector financial institutions hold to the central bank. The commercial bank or authorised financial provider will convert this electronic «I owe you» (IOU) into cash at the customer’s command and honour customer payments assuming it has sufficient balances to do so. Financial services then interact with technological infrastructures that are maintained by central banks and intergovernmental organisations and used to reconcile accounts.

A CBDC potentially eliminates the commercial bank IOU by creating the equivalent of digital cash yet doing away with the anonymity that cash provides and the arms-length (and highly regulated) arrangement between private sector financial services and government. Depending on the design, governments may see data on every transaction and match that data with other information. For any government, the appeal of a direct CBDC is that it could make it easier to combat money laundering, tax evasion and terrorism financing. The flipside of these law enforcement benefits is greater capacity for state surveillance and the ability to coerce citizens and firms by stopping payments.

It is not fully clear yet what stance most central banks will take: In their reports on CBDCs, they discuss privacy in terms of trade-offs rather than losses, weighing up the tantalising opportunity to trace payments with the possibility of cryptographic privacy preserving technologies. Some, such as the Bank of England, explicitly state that their mandate is to provide monetary stability, not to provide untraceable or anonymous payment methods – yet specify the need for a CBDC to be compatible with privacy laws including the General Data Protection Regulation (GDPR).

How CBDCs are designed, including the degree to which the separation between state and private financial services is maintained, is of utmost importance. These are the three options:

• At one extreme, a central bank may grant consumers an account with the central bank, effectively creating a retail arm of the central bank. «Digital cash» of this nature could be exchanged in a peer-to-peer fashion without the need for an intermediary service.
• At the other extreme, a government would licence one or more financial service providers who would store their customers’ funds in a central bank account. The companies then receive a central bank liability in return that they could package as a stablecoin (a digital currency pegged to the value of a fiat currency), fully backed by the central bank reserves. Multiple companies could issue their own stablecoins (all backed by the same CBDC) and compete by offering different attributes.
• In between these two extremes is the «platform model», whereby the central bank would provide a core ledger, which would record CBDC and process payments. Licenced financial services would provide customer-facing services to access the application programming interface of the central bank ledger.

Of these three options, the first would provide the government with visibility over all transactions. The second keeps financial data in the hands of corporations, which comes with its own privacy concerns, particularly as companies such as Meta with advanced data stores and data processesing capabilities circle in on digital currency. The third hybrid model appears to be gaining traction as it provides states with the ability to address major problems, including cyber security threats, whilst supporting private sector innovation. What that might mean for privacy, however, is not straightforward.

The Chinese alternative for cross-border payments

Even the seemingly decentralized «platform» option could still result in privacy losses for citizens. In November, the governor of the People’s Bank of China (PBOC), Yi Gang, confirmed their commitment to developing its digital yuan (eCNY), administered by the PBOC with distribution managed by commercial banks and big tech payment providers including Alipay and WeChat Pay. Officials reported that 140 million individuals had registered for the digital yuan by November 2021 and the digital yuan will be accepted at the Beijing Winter Olympics. International policy experts have begun to sound alarm bells about China’s intentions. According to the Australian Strategic Policy Institute, Chinese Communist Party leaders have described the CBDC as a means to preserve «stability» and enhance state control, but this could extend to monitoring and shaping economic behaviour beyond its borders. US Senators Blackburn, Wicker and Lummis wrote to the US Olympics committee in July 2021 urging it to forbid US athletes from using the digital yuan, stating that «these concerns are not hypothetical» as platforms such as WeChat are already being used to «surveil, threaten and arrest Chinese citizens».

While Yi has said that the PBOC attaches great importance to the issue of personal information protection, the eCNY has an anonymous front end and a real-name back-end, which gives the PBOC full visibility over end-to-end transaction flows and user identities. Although wallets do not need to be linked to a bank account for small sum transactions, they are attached to a phone number which is linked to an individual’s identity. Three data centres have been established to analyse how eCNY is used and stored, suggesting advanced data matching and machine learning capabilities.

For users, the digital yuan can be transferred without an internet connection simply by tapping two phones together – a potential game changer for people with inadequate internet access and the underbanked. The eCNY can also be programmed, allowing the government to issue payments that can only be used only for a specific purpose such as public transport or giving discounts on certain services. Perhaps the most significant benefit is that remittance payments can be made without expensive fees to those who manage the transfer.

However, reducing dependency on financial intermediaries also comes with geopolitical consequences. In a paper for the Carnegie Endowment for Peace, Rajesh Bansal and Somya Singh warn that the eCNY may become a workaround for systems such as the Society for Worldwide Interbank Financial Telecommunication (SWIFT) which is used to enforce sanctions and performs a soft power function for the United States. Once a country is cut off from SWIFT, it becomes difficult for it to trade with other countries in the SWIFT network.

«If it becomes a cross-border infrastructure,

it could challenge the dominance of the US dollar.»

Bansal and Singh believe the digital yuan could prove to be China’s most «effective and noteworthy attack on U.S. hegemony» by liberating the world from the threat of its sanctions. Moreover, China could bring developing markets into its CBDC platform infrastructure through its Belt and Road Initiative, or for debt issuance and recovery, potentially displacing local currencies. Currency substitution could further deplete the ability of those nations to maintain financial stability.

While CBDCs can be designed in ways that restrict their use for cross-border payments, a number of countries have participated in trials to create interoperability between CBDCs, called a multi-CBDC platform. For instance, in a trial by the Bank for International Settlements in partnership with central bank research institutes in China, Thailand and the UAE in 2021, the platform allowed central banks to view transactions of their currency abroad in order to monitor use of their currency. The group is also exploring how data may be treated in way that complies with each country’s legal and policy needs.

Separate the data

The Bank for International Settlements suggested in its annual economic report that a CBDC needs to separate payment services from control of the resulting data and allow users to decide who they share their data with. Such a model would still give law enforcement agencies the ability to access data if suspicious activity occurred, but it would not be accessible by other government agencies or private payment partners. The catch is that for this to work, a CBDC account would need to be linked to a person’s nationally-issued digital identity. Ensuring that digital identity is created using privacy-preserving technologies is therefore crucial to the emerging financial system.

For cross-border payments, the receiver of the foreign CBDC would likely need to have their identity accepted by the issuer of the CBDC. Without international coordination around digital identity this would not result in more efficient cross-border payments. Cross-border initiatives such as a multi-CBDC platform and the technical standards that flow from them will therefore need to recognise and interoperate with the digital identity systems of participating countries.

In one scenario, governments will put effort into getting privacy right at home and for multi-CBDC platforms in order to safeguard against foreign surveillance via financial transactions. Privacy will be treated not only as a human right, but as fundamental to the institutional integrity and sovereignty of nation states. What happens if governments fail to coordinate around privacy? Although cryptocurrency transactions on public blockchains afford little privacy today, encryption technologies are rapidly advancing. Private, non-state issued digital money may be the only remaining defence against a new world order of surveillance and control. If central banks cannot address privacy, they may find themselves in a global financial system that no longer has a role for them.