Mitch Cohen, Chief Security Officer, eCurrency
The Importance of Privacy
Digitalization of currency has many benefits and can be an immensely powerful utility. However, if it is not implemented properly, it has the potential of compromising privacy. In general,digitalization has prompted both regulators and the public to demand increased privacy. The concern is even greater specifically when considering Central Bank Digital Currency (CBDC).
Misconceptions of Technology Leading to Privacy Concerns One of the common misconceptions about Central Bank Digital Currency (CBDC), is that it is antithetical to privacy. This misconception derives from the idea that the technology behind CBDC must be either a centralized ledger account at the central bank or a distributed ledger technology (DLT) using blockchain. Ledger based technologies associate the user with the value being held. A user must identify and authenticate themselves (prove who they are) in order to access the ledger. As such, if the Central Bank operates the centralized ledger accounts of the DLT solution, it is necessary for them to have knowledge of who is storing or transacting in the CBDC, thus compromising the privacy objectives of the regulators and citizens of most countries.
The Right Technology Design Can Actually Ensure Privacy By contrast, the eCurrency Digital Secure Currency (DSC) technology incorporates privacy as a core design tenet for the issuance of CBDC. DSC technology was pioneered by eCurrency to provide central banks the technology infrastructure to securely and efficiently issue, distribute and monitor CBDC to operate alongside notes and coins. The eCurrency DSC technology enables the Central Bank to issue a secured digital form of its currency that is essentially a digital bearer instrument, instead of a ledger entry. This digital currency instrument itself contains all the aspects of its value and does not rely on a ledger which, as noted above, identifies the holder. A currency bearer instrument is what paper currency is today. The DSC technology mimics this concept in a digital form. Since the digital currency bearer instrument does not identify an individual, it is compatible with the principles of protecting privacy.
To understand this better, this article will examine the following topics:
What are the privacy objectives of a CBDC?
What are the visibility objectives of a CBDC?
How do privacy and visibility coexist in a CBDC?
What are the privacy challenges with central bank ledger account-based CBDC?
What are the privacy challenges with a Distributed Ledger Technology based CBDC?
1. What are the privacy objectives of a CBDC?
In many countries, for a CBDC to be acceptable to the public and to lawmakers, it must comply with both the privacy expectations of the public and privacy regulations. This may mean private information, such as who bought bananas from whom, should not be captured by the CBDC system or by the central bank. Or it may mean it could be captured but protected from exposure to other entities. This protection requires both legal and technical controls. At the same time, CBDC must comply with financial integrity (AML/CFT and KYC) requirements.
2. What are the visibility objectives of a CBDC? One of the benefits of the digitalization of currency is visibility into movement and velocity of money. This visibility will significantly improve insight into the economy and aid in monetary policy and AML/CFT efforts. Visibility into the movement of currency does not require visibility into the holder of the currency or the participants in a transaction. In many countries, the ability to monitor storage and movement, without knowledge of the holder or transaction participants, will be a stated visibility objective of CBDC.
3. How do privacy and visibility coexist in a CBDC? eCurrency employs a specific technology called Digital Secure Currency to allow the Central Bank to issue its currency in a digital form. Digital Secure Currency takes a value-based approach to CBDC, rather than the account or ledger-based approaches envisioned in DLT and Central Bank account-based CBDC designs. Value-based is sometimes referred to as object-based or token-based [note: the term token has been confused in the industry]. Digital Secure Currency is composed of layers of cryptography that form a digital object that is secured independent of a ledger or wallet.
The eCurrency Digital Secure Currency approach most closely mimics cash. Cash is a bearer instrument: the bearer of the instrument holds the value. If you take a $10 bill from your wallet and give it to someone, they now have that $10 as they are now the bearer of that instrument. No account or ledger needs to be updated.
In an account or ledger-based system, the account owner must prove their identity to access their account; the system authenticates the user. In a Digital Secure Currency solution, the system authenticates the currency object not necessarily the bearer. Thus, the currency object can exist without the identity of the holder or transaction participants.
In eCurrency’s approach, using DSC technology, the wallet and the holder are decoupled from the currency object. Just as in cash, where a $10 bill can be stored under a mattress, in a leather wallet or in a safe, the object and the wallet are independent. This decoupling of the wallet from the currency object allows the Central Bank to issue and provide the authenticity of the currency object, to distribute the currency through a variety of private sector participants such as commercial banks, digital wallet and payment providers and to monitor currency and currency movement without necessitating knowledge of who is holding or transacting in the CBDC.
With this decoupling, the private sector participants including banks and digital wallet providers manage AML/CFT and KYC, as required by regulation. The necessary information is retained by private sector participants, just as it is today and only exposed following a legal discovery process.
4. What are the privacy challenges with a central bank ledger account-based CBDC? A central bank account-based CBDC implements a ledger for all citizens, merchants and businesses. Each account is tied specifically to the identity of a person or business and all value stored or transacted is therefore linked to that identity. To access a CBDC account, the user must prove their identity to the Central Bank. Therefore, any account based CBDC, by its nature, has the potential of impinging on privacy.
5. What are the privacy challenges with a DLT based CBDC? Any ledger-based system, as discussed above, impinges on privacy. Distributed Ledger Technology (DLT) is a replicated ledger and has the same privacy related shortcomings. Distributed Ledger Technology (DLT) creates multiple copies of the ledger. All transactions are digitally signed by the participants. The digital signatures, by definition, include identifying information. This means a CBDC implemented through DLT exposes the identity of transaction participants. This compromises the privacy objectives of the CBDC solution.
Conclusion The bearer instrument approach embodied by eCurrency’s Digital Secure Currency technology allows central banks to meet visibility objectives without compromising the privacy objectives of even the most privacy conscious countries. At the same time, the technology is flexible and can allow a central bank to capture additional information as appropriate to the country or countries it serves. Central Banks, while considering the privacy implications of CBDC, should recognize that visibility and privacy can coexist in a CBDC implementation...when a DSC solution is selected. Note: This article focuses on privacy. There are many other benefits that drove our adoption of the value (bearer instrument) approach over ledger-based alternatives but these are outside the scope of this article.