commit 5a2e99f27e8decac4165bad5fc5834c413fc2889
parent 85e8feaec5ae5a9ad25441723937dafe685f9a33
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 11 Jan 2021 11:05:54 +0100
updating ECB answers
Diffstat:
| M | ecb/answers.txt | | | 568 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------- |
1 file changed, 433 insertions(+), 135 deletions(-)
diff --git a/ecb/answers.txt b/ecb/answers.txt
@@ -1,138 +1,436 @@
-5. Existing commercial banks should continue to be responsible for
- consumer and business KYC, and the management of savings and loans.
- Software companies should provide integration services, both for
- consumers with special needs (such as disabilities) and for merchants
- wanting to accept payments using digital Euros.
- Most existing digital payment processing businesses built around
- credit cards should die, as these parasitic middleman only drain funds
- from the economy without actually providing adequate value.
-
-6. We see a limited use for "smart contracts". Here, most likely very few
- well-defined build-in contracts (such as currency trading and
- privacy-preserving digital auctions, as proposed by Prof. Brandt (TUM))
- could be useful. A Turing-complete general smart contract runtime would
- likely be too slow, too generic, too insecure and most importantly lead to
- digital contracts that would not be understood by their human users.
-
- Cheap digital Euro payments can open the door to micro-payments, where
- users may request payment to read e-mail (killing spam), servers may
- request payment before returning expensive resources (limiting DDoS
- attacks), and online publishers may process payments for each article
- instead of relying on advertising or long-term subscriptions.
-
- A well-designed digital Euro platform could be used to not only process
- payments involving digital Euros, but might also serve to digitize
- stock exchanges if digital coins are used to represent company shares
- and voting rights. Integrated currency trading would then also enable
- stock trading.
-
-7. Any digital Euro solution must be based on Free Software reference
- implementations of open APIs (no patents, no royalties for the design)
- to ensure a level playing field for all actors. The design must
- furthermore implement privacy-by-design and privacy-by-default (see GDPR)
- while also including adequate provisions for KYC/AML/CFT. We know this
- is possible.
-
-8. Cryptographic signatures are the first line of defense, with a proper
- design ensuring that audits can attribute failures to the respective guilty
- party. Additionally, modern designs can ensure that financial losses from
- time-limited compromises of a party are at least bounded to the volume
- handled by that party during the time window of the compromise.
-
-9. Blind signatures for Chaum-style digital cash remain the best foundation
- for cash-like digital payments. However, modern designs add additional
- capabilities, such as giving change, key management (expiration of
- key material) and charge reversal (refunds).
-
- We believe that offline use should not be considered for digital
- payments. With offline use, it is always possible for customers
- to engage in double-spending while the global system state is
- inconsistent. Given that electronic transactions can be automated,
- the damage from double-spending is not double, but potentially
- unlimited. Recouping funds after double-spending may not be possible
- in cases where the culprit has privacy, does not have the economic
- means, or even was a victim of a (cyber)crime themselves.
-
- Furthermore, offline use is already adequately addressed by the
- existing physical cash, which should be preserved as a means of
- payment.
-
-10. A good trade-off is to ensure that anyone obtaining digital
- cash must identify to withdraw, and that anyone receiving
- digital cash must deposit it immediately into a KYC'ed bank
- account to provide income transparency. Additionally, anyone
- receiving digital cash should be responsible to provide digital
- evidence (like a digital contract) cryptographically tied to the
- transaction that explains why the funds were received. At the
- same time, the system MUST NOT identify the spender, thus ensuring
- that citizens have privacy in where they spent their money while
- also making sure that merchants receiving funds can be held to
- account.
-
-11. Withdraw limits on digital cash, possibly combined
- with an expiration time for the validity of digital cash signatures,
- are sufficient to manage the quantity of digital cash in circulation.
- Reasonable withdraw limits will likely even be requested by citizens,
- as they may want to limit the damage from someone compromising their
- online banking credentials and then illicitly withdrawing digital
- Euros on their behalf.
-
-12. ???
-
-13. Incoming funds from transactions in digital Euros should not be
- placed into the receiver's electronic wallet at all, but always into their
- (regular) bank account. Citizens should obtain digital Euros only by
- (1) withdrawing them from their bank account, (2) receiving them as
- subsidies from the government, or (3) non-transactional (trusted)
- sharing of funds (say between family members sharing a wallet). This way,
- withdraw limits on digital currency can be used to easily limit holdings,
- and the state can enforce taxation on income and revenues by auditing
- (regular) commercial bank account transactions.
-
- This can be made to have a minimal impact on usabilty as long as
- withdrawing digital Euros from a bank account is easy, for example
- if it only involves scanning a QR code during online banking or
- holding a mobile phone close to an ATM (for NFC transmission).
-
- Given the current state of computer security, holding large amounts of
- digital cash on a personal computer or mobile device is also risky, so
- withdraw limits should suffice to effectively cap the balance users should
- be willing to carry.
-
-14. ???
-
-15. We do not see an urgent need for cross-currency payments, this creates
- mostly economic and political hazzards. However, what is important is
- that a global standard is created, and that consumers can carry balances
- in various currencies in their unified digital wallet. To create such
- a global standard, a patent-free Free Software approach is crucial, as
- no country should make itself dependent on proprietary software that
- is likely subject to foreign influence. When the USA recently sanctioned
- Huawei's use of Google Android, only the Free Software components remained
- usable for Huawei. Creating a proprietary European standard would thus
- fail to satisfy the possibility of global appeal, as countries increasingly
- realize that they cannot have their critical infrastructure depend on
- proprietary foreign technology.
-
-16. By requiring KYC on anyone receiving digital funds, the use of the digital
- Euro for income can easily be restrained to European residents, without in
- any way excluding visitors from spending money in Europe as they would
- have the opportunity to withdraw (possibly limited amounts of) digital
- Euros at ATMs, banks or online.
-
-17. An efficient design with a software-only approach is in principle usable
- from any networked device. If the core platform is written in C, the code
- would be highly efficient and can run on any embedded system. By providing
- a Free Software reference implementation, all vendors can easily integrate
- support for the digital Euro into their products.
-
-18. Taler Systems SA can provide ECB with a complete implementation of a
- payment processor, commercial bank integration, consumer wallet(s),
- merchant backends suitable for issuing a digital Euro. GNU Taler has been
- designed with appropriate consideration of the regulatory concerns
- (including privacy and CFT/AML and fiscal policy) and is expected to scale
- easily to the required transaction levels and at minimal cost per
- transaction.
+# Answers to ECB survey "Your views on a digital Euro"
+(https://www.ecb.europa.eu/euro/shared/files/Questionnaire_on_a_digital_euro.pdf)
+# Question 1
+
+How would you rank, in order of importance, the features that a
+digital Euro should offer?
+
+## Answer:
+
+Important:
+h. I want it to be a secure means of payment.
+c. I want to be able to use it with my smartphone and at payment
+terminals.
+b. I want my payments to remain a private matter
+e. I want it to be easy to use.
+i. I want my transactions to be completed instantaneously.
+a. I want to be able to use it throughout the Euro area.
+f. I want to use a digital Euro without having to pay additional costs.
+
+Not important (exclude if possible):
+d. I want to be able to pay even when there is no internet or power
+connection.
+g. I want it to take the form of a dedicated physical device.
+
+Comments:
+
+The ability to pay securely without Internet or power connection requires the
+use of proprietary, trusted hardware modules and excludes a solution solely
+based on sofware and open standards. Futhermore, as also noted in the ECB
+report on the digital Euro, a digital Euro would merely supplement cash. As
+such, we think that cash is already an approproate fall-back payment solution
+in case of power or network outages.
+
+
+# Question 2
+
+Do you envisage any challenges associated with a digital Euro that would
+prevent you or others from using it? If so, what are they?
+
+## Answer:
+
+A digital Euro that requires proprietary hardware, proprietary software or that
+is based on patent-encumbered technology would severely restrict its use as the
+basis for innovations in the field of retail payments, as well as stifle the
+development of user-centric services and assistive/accessible technologies for
+it.
+
+A digital Euro that does not offer privacy protections is unlikely to be
+able to compete with existing commercial payment providers.
+
+Thus we recommend that the digital Euro should be based on an open standard
+that implements privacy-by-design and privacy-by-default (see GDPR) while also
+including adequate provisions for KYC/AML/CFT, and is accompanied by a Free
+Software reference implementation.
+
+# Question 3:
+
+What user features should be considered to ensure a digital Euro is accessible
+for people of all ages, including those who do not have a bank account or have
+disabilities?
+
+## Answer:
+
+In accordance with the answer to question 2, only a digital Euro that is based
+on an open standard without requiring proprietary software or hardware can be
+easily adapted to the diverse needs of users that have disabilities or
+additional age-related requirements.
+
+To enable access to the digital Euro for tourists, unbanked or even stateless people
+residing in the European Union, we recommend a hybrid solution of an
+account/token-based system, where digital Euros are kept as a blind-signed token
+in wallets, but receipt of funds through a digital Euro payment must always
+pass through a KYCed account.
+
+We note that when we talk about a token-based system, we do NOT talk
+about an offline-capable digital Euro. This seems to be conflated in
+the ECB's report on the digital Euro (and in the Bitkom response to
+this survey). A token-based system can be online-only, especially
+if it is based on software with digital signatures and not on
+secure hardware.
+
+
+# Question 4:
+
+There are two approaches we can take to make a digital Euro work, one that
+requires intermediaries to process the payment and one that doesn’t.
+
+If we design a digital Euro that has no need for the central bank or an
+intermediary to be involved in the processing of every single payment, this
+means that using a digital Euro would feel closer to cash payments, but in
+digital form – you would be able to use the digital Euro even when not
+connected to the internet, and your privacy and personal data would be better
+protected.
+
+The other approach is to design a digital Euro with intermediaries recording
+the transaction. This would work online and allow broader potential for
+additional services to be provided to citizens and businesses, creating
+innovation opportunities and possible synergies with existing services. For
+example, it could make it easier to integrate a digital Euro into currently
+available electronic banking services and applications. From your perspective,
+which of the following do you find most appealing? (select one):
+
+a. a digital Euro focused on privacy and the protection of personal data,
+which can be used offline;
+b. a digital Euro with broader potential for additional services, allowing
+innovative features and other benefits for citizens and businesses;
+c. a combination of both.
+For more information, please refer to Sections 5.1.5 and 6.1 of the Eurosystem Report on a digital Euro
+
+## Answer:
+
+c. a combination of both
+
+The user of intermediaries does not conflict with privacy when the digital Euro
+is based on Chaum-style blindly signed electronic cash with income
+transparency.
+
+
+# Question 5
+
+What role do you see for banks, payment institutions and other commercial
+entities in providing a digital Euro to end users?
+
+## Answer:
+
+Existing commercial banks should continue to be responsible for consumer and
+business KYC, and the management of savings and loans. Software companies
+should provide integration services, both for consumers with special needs
+(such as disabilities) and for merchants wanting to accept payments using
+digital Euros. Most existing digital payment processing businesses built
+around credit cards should wither, as these middleman are too expensive
+for their limited added value.
+
+# Question 6
+
+A digital Euro may allow banks and other entities to offer additional services,
+on top of simple payments, which could benefit citizens and businesses.
+
+What services, functionalities or use cases do you think are feasible and
+should be considered when developing a digital Euro?
+
+For more information, please refer to Section 6 of the Eurosystem Report on a
+digital Euro
+
+## Answer:
+
+We see a limited use for "smart contracts". Here, most likely very few
+well-defined build-in contracts (such as currency trading and
+privacy-preserving digital auctions, as proposed by Prof. Brandt (TUM)) could
+be useful. A Turing-complete general smart contract runtime would likely be
+too slow, too generic, too insecure and most importantly lead to digital
+contracts that would not be understood by their human users.
+
+Low-cost digital Euro payments can open the door to micro-payments, where users
+may request payment to read e-mail (killing spam), servers may request payment
+before returning expensive resources (limiting DDoS attacks), and online
+publishers may process payments for each article instead of relying on
+advertising or long-term subscriptions.
+
+A well-designed digital Euro platform could be used to not only process
+payments involving digital Euros, but might also serve to digitize stock
+exchanges if digital coins are used to represent securities like company shares
+and handle corporate actions such as voting rights. Integrated currency trading
+would then also enable stock trading.
+
+Regarding smart contracts derivatives, for instance, could be a
+fertile territory to use them since payments and deliveries are
+dependent on a conditional logic. However, one cannot only focus on
+the economic terms and the payment mechanics of individual
+transactions. They are not taking into account overarching contractual
+terms regulating the broader contractual relationship between the
+parties (like the rules from the International Swaps and Derivatives
+Association, ISDA). Examples are the requirement to deliver certain
+documents to the other party, payments that are subject to withholding
+tax or the insolvency of a party.
+
+A Touring-complete general smart contract runtime where end-users can
+submit arbitrary contracts for execution cannot enforce such rules, while
+centrally approved digital contract templates following a well-defined
+legal framework can be written (and continuously adapted) to satisfy the
+regulatory environment. Ethereum is dominated by a few different smart
+contract templates (the most well-known one being ERC-20 tokens), so is
+seems plausible that only allowing smart contracts that have been vetted
+and undergone regulatory approval would suffice to address most of the
+social needs, while also minimizing risks to the platform.
+
+
+# Question 7
+
+What requirements (licensing or other) should intermediaries fulfil in order to
+provide digital Euro services to households and businesses? Please base your
+answer on the current regulatory regime in the European Union.
+
+## Answer:
+
+Any digital Euro solution must be based on Free Software reference
+implementations of open APIs (no patents, no royalties for the design)
+to ensure a level playing field for all actors. The design must
+furthermore implement privacy-by-design and privacy-by-default (see GDPR)
+while also including adequate provisions for KYC/AML/CFT. We know this
+is possible.
+
+# Question 8:
+
+Which solutions are best suited to avoiding counterfeiting and technical
+mistakes, including by possible intermediaries, to ensure that the amount of
+digital Euro held by users in their digital wallets matches the amount that has
+been issued by the central bank?
+
+## Answer:
+
+Cryptographic signatures are the first line of defence, with a proper design
+ensuring that post-hoc audits can attribute failures to the respective guilty
+party. Automated real-time audits of both the internal records and financial
+transactions of the payment service can aid in early detection of technical
+mistakes or a compromise. Additionally, modern designs can ensure that
+financial losses from time-limited compromises of a party are at least bounded
+to the volume handled by that party during the time window of the compromise.
+
+# Question 9
+
+What technical solutions (back-end infrastructure and/or at device level) could
+best facilitate cash-like features (e.g. privacy, offline use and usability for
+vulnerable groups)?
+
+## Answer
+
+Blind signatures for Chaum-style digital cash remain the best foundation
+for cash-like digital payments. However, modern designs add additional
+capabilities, such as giving change, key management (expiration of
+key material) and charge reversal (refunds).
+
+We believe that offline use should not be considered for digital
+payments. With software-only offline use, it is always possible for customers
+to engage in double-spending while the global system state is
+inconsistent. Given that electronic transactions can be automated,
+the damage from double-spending is not double, but potentially
+unlimited. Recouping funds after double-spending may not be possible
+in cases where the culprit has privacy, does not have the economi c
+means, or even was a victim of a (cyber)crime themselves.
+
+Offline payments based on special-purpose hardware are in conflict
+with an open design and implementation of a digital Euro wallet that
+other parties can improve and innovate on. Furthermore, the long-term
+security and impact on privacy of such hardware modules is
+questionable. Such hardware-based designs typically try to protect
+their operational logic against their "owner", who has full physical
+access to the device. This is typically a loosing battle, as physical
+security mechanisms are very good at delaying access, but usually
+break given an attacker with the right tools and enough time.
+
+Furthermore, offline use is already adequately addressed by the
+existing physical cash, which should be preserved as a means of
+payment.
+
+
+# Question 10
+
+What should be done to ensure an appropriate degree of privacy and protection
+of personal data in the use of a digital Euro, taking into account anti-money
+laundering requirements, and combating the financing of terrorism and tax
+evasion?
+
+## Answer
+
+A good trade-off is to ensure that anyone obtaining digital cash must identify
+to withdraw, and that anyone receiving digital cash must deposit it immediately
+into a KYC'ed bank account to provide income transparency. Additionally, anyone
+receiving digital cash should be responsible to provide digital evidence (like
+a digital contract) cryptographically tied to the transaction that explains why
+the funds were received. At the same time, the system MUST NOT identify the
+spender (unless reaching certain limits or involving special transactions),
+thus ensuring that citizens have privacy in where they spent their money while
+also making sure that merchants receiving funds can be held to account.
+
+
+# Question 11
+
+The central bank could use several instruments to manage the quantity of
+digital Euro in circulation (such as quantity limits or tiered remuneration),
+ensuring that the transmission of monetary policy would not be affected by
+shifts of large amounts of commercial bank money to holdings of digital Euro.
+
+What is your assessment of these and other alternatives from an economic
+perspective?
+
+(Tiered remuneration is when a central bank sets a certain remuneration on
+holding balances of digital Euro up to a predefined amount and a lower
+remuneration for digital Euro holding balances above that amount.)
+
+## Answer
+
+Withdrawal limits on digital cash, possibly combined with an expiration time
+for the validity of digital cash signatures, are sufficient to manage the
+quantity of digital cash in circulation. Reasonable withdraw limits will
+likely even be requested by citizens, as they may want to limit the damage from
+someone compromising their online banking credentials and then illicitly
+withdrawing digital Euros on their behalf.
+
+# Question 12
+
+What is the best way to ensure that tiered remuneration does not negatively
+affect the usability of a digital Euro, including the possibility of using it offline?
+
+## Answer
+
+Tiered remuneration should not be applied to the digital Euro, just like it is
+not applied to cash. Instead, large holdings of digital Euros should be
+controlled via withdrawal limits, possibly in combination with digital
+signature expiration to limit hoarding over extensive periods of time.
+Similar mechanisms are used with cash today, where some countries have
+imposed withdraw limits and physical bank notes are often removed from
+circulation (after 20+ years).
+
+
+# Question 13
+
+If a digital Euro were subject to holding balance limits, what would be the best
+way to allow incoming payments above that limit to be shifted automatically into
+the user’s private money account (for example, a commercial bank account)
+without affecting the ease of making and receiving payments?
+
+## Answer:
+
+Incoming funds from transactions in digital Euros should not be directly placed
+into the receiver's electronic wallet at all, but always into their regular
+bank account or a special-purpose KYCed account that will immediately used to
+withdraw digital Euros again. Citizens should obtain digital Euros only by (1)
+withdrawing them from a KYC-enabled account, (2) receiving them as subsidies from
+the government, or (3) non-transactional (trusted) sharing of funds (say
+between family members sharing a wallet). This way, withdrawal limits on
+digital currency can be used to easily limit holdings, and the state can
+enforce taxation on income and revenues by auditing (regular) commercial bank
+account transactions.
+
+Given the current state of computer security, holding large amounts of
+digital cash on a personal computer or mobile device is also risky, so
+withdrawal limits should suffice to effectively cap the balance users should
+be willing to carry.
+
+
+# Question 14
+
+What would be the best way to integrate a digital Euro into existing banking and
+payment solutions/products (e.g. online and mobile banking, merchant
+systems)? What potential challenges need to be considered in the design of the
+technology and standards for the digital Euro?
+
+## Answer
+
+In addition to development of a regulatory framework for the digital Euro, the
+ECB should adopt a solution with an open technical specifications for protocols
+and application programming interfaces, as well as a Free Software reference
+implementation for the core components. This would facilitate faster
+integration into the existing infrastructure of commercial banks and merchants.
+
+# Question 15
+
+What features should the digital Euro have to facilitate cross-currency
+payments?
+
+## Answer
+
+We do not see an urgent need for cross-currency payments, this creates
+mostly economic and political hazzards. However, what is important is
+that a global standard is created, and that consumers can carry balances
+in various currencies in their unified digital wallet. To create such
+a global standard, a patent-free Free Software approach is crucial, as
+no country should make itself dependent on proprietary software that
+is likely subject to foreign influence. When the USA recently sanctioned
+Huawei's use of Google Android, only the Free Software components remained
+usable for Huawei. Creating a proprietary European standard would thus
+fail to satisfy the possibility of global appeal, as countries increasingly
+realize that they cannot have their critical infrastructure depend on
+proprietary foreign technology.
+
+Smart contracts for auctions can enable trading of digital Euros for
+other currencies or stock. We believe this is one type of smart
+contract that should eventually be supported. Depending on the
+regulatory environment, the central bank logic may here require
+attestations from banks, including possibly foreign banks, which
+suggests that developing this capability at a global scale that
+satisfies non-domestic regulation will need extensive work that may
+not be within the remit of the Central bank and could be performed by
+commercial entities.
+
+
+# Question 16
+
+Should the use of the digital Euro outside the Euro area be limited and, if so,
+how?
+
+## Answer
+
+By requiring KYC on anyone receiving digital Euro payments, the use of the
+digital Euro for income can easily be restrained to European residents, without
+in any way excluding visitors from spending money in Europe as they would have
+the opportunity to withdraw (possibly limited amounts of) digital Euros at
+ATMs, banks or online.
+
+# Question 17
+
+Which software and hardware solutions (e.g. mobile phones, computers,
+smartcards, wearables) could be adapted for a digital Euro?
+
+## Answer
+
+An efficient design with a software-only approach is in principle usable
+from any networked device. If the core platform is written in C, the code
+would be highly efficient and can run on any embedded system. By providing
+a Free Software reference implementation, all vendors can easily integrate
+support for the digital Euro into their products.
+
+# Question 18
+
+What role can you or your organisation play in facilitating the appropriate
+design and uptake of a digital Euro as an effective means of payment?
+
+## Answer
+
+Taler Systems SA can provide ECB with a complete implementation of a
+payment processor, commercial bank integration, consumer wallet(s), merchant
+backends suitable for issuing a digital Euro. GNU Taler has been designed with
+appropriate consideration of the regulatory concerns (including privacy and
+CFT/AML and fiscal policy) and is expected to scale easily to the required
+transaction levels and at minimal cost per transaction.
+
+The swift introduction of a digital Euro will be crucial to slow the
+rise of cryptocurrencies and to protect European banking from the
+onslaught of platform-driven digital payment services like GooglePay,
+Libra/Diem, AliPay and ApplePay. Digital technology lends itself to
+natural monopolies, and the swift introduction of a digital Euro could
+be essential to protect Europe's federated banking system.
