.

Digital currency and Financial Privacy:  Abusus non tollit usum                

Possible abuse of central bank digital currency (CBDC) does not negate its proper use

Surveys on central bank digital currency (CBDC) reveal that people's biggest concerns relate to the technical security of the money, esp. being protected from hacking, and the protection of financial privacy. There are wide­spread worries that CBDC could be a gateway to Big Brother-style surveillance, con­trol­ling what you spend your money on, possibly awarding social credits and debits, or even block certain expen­di­ture, or set an expiry date by which unspent money is confiscated.

These are dire dystopias and one wonders whether there is really cause for such fear of Big Brother. Short answer: not really so far. Such scenarios are far-fetched, partly pure fantasy, partly presumably also deliberate disinformation. The situation would perhaps be different in a totalitarian state with no enforceable rule of law. From today's perspective, however, it is questionable whether total monitoring, evaluation and manipulation of individual behaviour, and the related collecting and processing of relevant data, can ever take place on a comprehensive and permanent basis.

The closest thing to such these fears is the intention of a number of CBDC developers to implement a mechanism of confiscating money as an instrument of monetary policy. This should be seen for what it is: a blunt violation of property rights and financial privacy. This was practised at times in the period 2012-22 in the form of improperly so-called 'negative interest rates', or equally improperly referred to as 'custody fees'.

A number of central banks – including in Denmark, Sweden, Switzerland, the euro area and Japan – have levied such 'negative interest' on the banks' reserve balances, and the banks have levied the same rates on their customers' account balances, usually at around 0.5% of the account balances. Such levies, or more correctly expropriations, are in no way to be equated with taxes or other public levies, such as social security contributions, for the earmarked financing of certain public expenditure. The term 'negative interest' is also camouflage, as interest can only exist in the positive range down to zero, not below. The concept of nominal and real interest, which is derived from the distinction between nominal and real income, and can turn out as a negative figure, throws interest apples and inflation pears into the same pot, and as a result confuses a real income minus with a negative interest rate.

For bank customers, 'negative interest' means the arbitrary destruction of part of their money holdings in the amount of the levy rates. This is because the relevant customer account balances are cancelled from the bank balance sheets. The same applies to the banks' reserve balances, as these are equally cancelled from the central bank's balance sheet. For both the banks and the central bank, the associated reduction in their liabilities to customers results in a plus on the profit and loss account. It was also quite brazen to pass on the burden from the banks to the customers at the same rate, because the banks' reserve balances at the central bank are only a fraction of the customers' account balances at the banks. This means that customers have been over-proportionally fleeced in favour of the banks.

Most concerns about surveillance and wrongdoing relate to the programmability of digital wallets (e-wallets) or digital tokens. Such concerns usually remain unspecified. By contrast, there is the positive prospect that the programmability of digital wallets can facilitate the management of payments and contractual obligations, not only between individuals/organisations, but also among machines, devices and infra­structures in the Internet of Things.

Other advantages of CBDC as 'digital cash' over the previous bank book money include the direct transfer from payer to payee (as if from hand to hand), easier handling, as well as cost and price advantages due to the elimination of intermediate stages in the payment process. Unlike today's cash, the digital euro is to be available from banks and other payment services without a withdrawal fee and, like cash, to be transmitted without fees for users.

At present, the programmability of CBDC mostly remains an option for the future, albeit a not too distant one. For now, the ECB has decided not to make the digital euro of the first generation centrally programmable and also not to make payments cen­trally traceable. According to current plans (Q1 2024), there will also be no individual programmability by users in the foreseeable future, just conventional payment orders. So far, only the Bank of England is considering making the digital British pound individually programmable, for example for administrative processes in companies, public authorities and the like.

Of course, precautions will be taken to eliminate the potential for misuse of digital money. Nevertheless, unlawfulness or other personal or political abuse can never be completely ruled out. See the matter of 'negative interest'. In this respect, there is a legal rule since ancient Rome: Abusus non tollit usum, that is, the abuse of something does not negate its proper use.

With regard to digital money, the relevance of that rule can be seen in the veri­fi­cation and docu­men­tation of payments. On the one hand, there is a strong interest in ensuring that pay­ments are made correctly and reliably. On the other hand, the payments are documented and traceable both in written and electro­nic form. This fulfils the equally strong interest in being able to document and, if neces­sary, prove payments. But this also makes payments subject to surveillance in a negative sense which conflicts with the interest in preserving financial privacy. The latter is usually understood as anonymity, at least as reliable confidentiality, in the sense of keeping specified things secret from third parties.

Privacy of money ownership and payments has always been an issue – to some extent already in the cash economy, and consistently with book money in the sense of con­ven­tional bank account balances. The new crypto tran­sactions can also be traced if necessary and so do not remain purely private among payer and payee. This then also applies to payments in future digital euros or other CBDC, whether with or without blockchain. They will be traceable for the operators of digital wallets if need be – which must be the case for a variety of reasons, partly in the public interest, partly in the private interest.

In the bankmoney regime such as it still prevails today, one apparently has seen little reason to paint Big Brother on the wall. This is astonishing in view of the fact that the technical and operational conditions of bank book money do not guarantee the slightest privacy. Banks and other payment services know everything about their cus­to­mers' account balances and payments, and the authorities can, with judicial autho­ri­sation, find out everything about someone's account-related finances. What guaran­tees financial privacy and confidentiality today is solely legal regulation on data protection, privacy, banking and tax secrecy, property rights, and other civil rights and liberties.

There is thus a trade-off between financial privacy and confidentiality on the one side, and legal requi­re­­ments on the other, regarding black market funds, money laundering, know-your-customer rules, tax laws, etc. This results in the need to weigh up compe­ting choices. The trade-off as such cannot be resolved. Absolute anonymity of money ownership and payments is neither feasible nor desirable.   

Even the anonymity of cash transactions which is strangely stylised today ('printed freedom'), is largely illusory; or else irrelevant due to lack of mass. Cash is withdrawn from a pre-existing bank account balance. In this sense, cash has become an exchange form and kind of subset of bankmoney. The exchange is registered, as are cash re-deposits to an account. Many cash trans­actions are also formally invoiced, receipted and booked. Apart from that, cash transactions are usually retail, not whole­sale, that is, cash is about rather small change. Anyone who wants to pay, or be paid, larger amounts of money in cash, makes themselves look suspicious.       

The compromise in terms of privacy and confidentiality in the planned digital euro, or digital wallet respectively, is that it will include a user identifier. The user identifier is a pseudonym that is automatically machine-generated at the respective payment service. The user identifier cannot be attributed by the ECB, a national central bank, the tax office or any other authority to the individual user concerned. This is similar to the current situation, where the central bank has highly aggregated data on the cash it has put into circulation, but no knowledge of and no access to the individual users. The same applies to customer account balances at banks and to cashless customer pay­ments. As a result, CBDC will continue to offer a high degree of privacy and confi­den­tia­lity, as well as, in addition, pseudonymity, though not complete anonymity.

Another interesting aspect of digital money tokens or digital wallets is that – unlike bank book money – they can realise financial privacy and confidentiality not only through legal rules on organisation and conduct, but also partly through the IT involved. There are now a number of system designs that can provide a high degree of financial privacy and cash-like anonymity.

One example is the GNU Taler payment system. Taler stands for Taxable Anonymous Libre Electronic Reserves. It is an open network protocol that allows to transfer value-based tokens using blind signatures. It guarantees complete privacy on the part of the payer and revenue transparency on the part of the recipient. This makes it easier to detect tax evasion and black market transactions, while the payers' personal data is not recorded at all, neither by Taler wallets nor Taler tokens. The GNU Taler sees itself as a counter-design to cryptocurrencies and blockchain approaches.[1]

The development of CBDC based on digital wallets and tokens is still in its early stages. The learning curves involved certainly still hold many innovations to enable a high degree of financial privacy while maintaining the ability to recapitulate transactions, correct transactions that have gone wrong, and detect fraudulent and other illicit transactions.

[1] Cf. https://www.snb.ch/en/publications/research/working-papers/2021/working_paper_2021_03.

Print out text as PDF >