commit 966c3c39acb3b09bbf0ba960a94ceae57de22a24
parent 70f3baaa8503ab58bb47bbea9d99aea371194c44
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 5 Apr 2022 16:32:25 +0200
add slides, minor text revision
Diffstat:
7 files changed, 200 insertions(+), 5 deletions(-)
diff --git a/2022-privacy/are-we-the-baddies.jpg b/2022-privacy/are-we-the-baddies.jpg
Binary files differ.
diff --git a/2022-privacy/general_alexander.jpg b/2022-privacy/general_alexander.jpg
Binary files differ.
diff --git a/2022-privacy/slides.tex b/2022-privacy/slides.tex
@@ -0,0 +1,195 @@
+\documentclass[c]{beamer}
+
+%\usepackage{helvet}
+\usepackage{calc}
+\usepackage[utf8]{inputenc} % set your input encoding differently, if you want
+\usepackage[english]{babel}
+
+\usepackage{enumitem}
+\usepackage{eurosym}
+\usepackage{tikz,ulem}
+\usepackage{pgfgantt}
+\usepackage{amsmath,amssymb}
+\usetikzlibrary{shapes,arrows}
+\usetikzlibrary{positioning}
+\usetikzlibrary{calc}
+\usepackage[absolute,overlay]{textpos}
+
+%\setbeameroption{show notes}
+
+\setlist[itemize]{label=$\bullet$}
+
+
+\def\checkmark{\tikz\fill[scale=0.4](0,.35) -- (.25,0) -- (1,.7) -- (.25,.15) -- cycle;}
+
+\setbeamertemplate{navigation symbols}{}
+%\setbeamercovered{transparent=10}
+\setbeamertemplate{navigation symbols}{\url{taler.net}}
+%\setbeamertemplate{section in toc}[sections numbered]
+
+% Adapt title information
+% =======================
+\title{Who comes after us? The correct mindset for designing a Central Bank Digital Currency}
+%\institute{}
+\author{Antoine~d'Aligny, Emmanuel~Benoist, Florian~Dold, Christian~Grothoff, \"Ozg\"ur~Kesim, Martin~Schanzenbach}
+\date{\today}
+
+% Some common packages
+% ====================
+\usepackage{units}
+\usepackage{amsbsy}
+\usepackage{amsmath}
+\usepackage{amssymb}
+\usepackage{graphics}
+\usepackage{epsf}
+\usepackage{epsfig}
+\usepackage{fixmath}
+\usepackage{wrapfig}
+
+
+ \usetikzlibrary{snakes}
+
+
+\begin{document}
+
+\begin{frame}
+\vfill
+ \begin{center}
+ {\bf Who comes after us? \\
+ The correct mindset for designing a CBDC}
+
+\vspace{2cm}
+A.~d'Aligny, E.~Benoist, F.~Dold, \\
+C.~Grothoff, \"O.~Kesim \& M.~Schanzenbach
+ \end{center}
+\vfill
+\end{frame}
+
+\section{The Problem}
+
+\begin{frame}{The Problem}
+ \begin{center}
+ \includegraphics[width=0.7\textwidth]{wir-sind-die-guten.png}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{``Nobody comes after us''}
+ \begin{center}
+ \includegraphics[width=0.5\textwidth]{general_alexander.jpg}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Principles for Secure System Design}
+ \begin{itemize}
+ \item Kerkhoff principle: {\bf Security should not depend upon the secrecy of design (or mechanism).}
+ \item Economy of mechanism: {\bf Prefer mechanisms that are simpler and smaller.}
+ \item Least privilege: {\bf A principal should have the minimum privileges it needs to accomplish its desired operations.}
+ \item Limit trust: {\bf Trust should not be granted forever.}
+ \item Minimized sharing: {\bf No resource should be shared between components or subjects unless it is necessary to
+ do so.}
+ \item Inverse modification threshold: {\bf The degree of protection provided to a component must be commensurate with its trustworthiness.}
+ \item Acceptable security: {\bf The level of privacy the system provides should be consistent with the users’ expectations.}
+ \end{itemize}
+ \begin{center}
+ ``Important principles may, and must, be inflexible.'' --Abraham Lincoln
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{How much trust and protection are needed?}
+ \includegraphics[width=0.45\textwidth]{twitter.jpg}
+ \includegraphics[width=0.45\textwidth]{twitter2.jpg}
+\end{frame}
+
+
+\begin{frame}{Hacker Ethics --- by Levy}
+ \begin{itemize}
+ \item Access to anything which might teach you something about the way the world works should be unlimited and total.
+ \item Mistrust authority.
+ \item Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, sex, {\bf or position}.
+ \end{itemize} \pause
+ \begin{center}
+ {\bf This excludes soliciting advice only from companies with 100 million EUR in annual turnover.}
+ \end{center}
+\end{frame}
+
+
+\section{Solution}
+\begin{frame}{The Right Mindset\footnote{Image: That Mitchell and Webb Look: Series 1 Episode 1}}
+\vfill
+ \begin{center}
+ \includegraphics[width=0.7\textwidth]{are-we-the-baddies.jpg}
+ \end{center}
+\vfill
+\end{frame}
+
+
+\begin{frame}{GDPR principles}
+ \begin{itemize}
+ \item Lawfulness, fairness and transparency
+ \item Purpose limitation
+ \item Data minimisation
+ \item Accuracy
+ \item Storage limitation
+ \item Integrity and confidentiality (security)
+ \item Accountability
+ \end{itemize}
+ \begin{center}
+ ``Data is a toxic asset.'' --Bruce Schneier
+ \end{center}
+ \vfill
+\end{frame}
+
+
+\begin{frame}{Blockchain-based designs with accounts}
+ \begin{itemize}
+ \item Lawfulness?, fairness and transparency
+ \item \sout{Purpose limitation}
+ \item \sout{Data minimisation}
+ \item Accuracy?
+ \item \sout{Storage limitation}
+ \item Integrity and \sout{confidentiality (security)}
+ \item Accountability
+ \end{itemize}
+ \vfill
+\end{frame}
+
+
+\begin{frame}{Meta Problems}
+ \begin{itemize}
+ \item Meta proposed that for Libra/Diem they would ``firewall'' the Facebook profile data
+ identifying users (KYC) from the transaction data
+ \item Only ``authorities'' would be able to link purchases and real-world identities \pause
+ \item Few believed this would be adequate, as such ``firewalls'' can be torn down, and
+ which ``authorities'' would be trusted to assess the link data is a problem with no easy solution.
+ \end{itemize}
+ \pause
+ \begin{center}
+ {\bf Why should we trust central banks implement a design that was not acceptable for Meta?}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Past, Present and Future}
+Past:
+ \begin{itemize}
+ \item Designed and implemented ethical and scalable CBDC
+ \item Prepared extensive report on payments for German parliament
+ \item Advised over a dozen central banks about CBDC for free
+ \end{itemize}\pause
+Present:
+ \begin{itemize}
+ \item Prepared submission for Digital Euro consultation
+ \item Tried to collaborate with large firms
+ \item Large firms gained buisness intelligence, applied without us
+ \end{itemize}\pause
+Future:
+ \begin{itemize}
+ \item This will be the last free consultation for the ECB.
+ \end{itemize}
+\end{frame}
+
+
+\end{document}
diff --git a/2022-privacy/suref.tex b/2022-privacy/suref.tex
@@ -186,10 +186,10 @@ include ``absolute control over the rules and regulations of the use'' of
money via the issuance of a CBDC (as envisioned by Agustin Carstens of the
Bank of International Settlement\footnote{See speech given on October 19th
2020 on ``Cross-Border Payment -- A vision for the future''}) are dangerous
-if the central bank can choose to void privacy assurances. Carsten's reasons
-include that the central bank should have the ability to know about every
-payment. As he states that the central bank would be able to strictly enforce
-its rules and regulations, this implies the bank could arbitrarily block
+if the central bank can choose to void privacy assurances. Carsten's correctly states
+that with the proposed CBDC design the central bank would have the ability to know about every
+payment. Consequently, the central bank would be able to strictly enforce
+its rules and regulations, which implies the bank could arbitrarily block
payments by private citizens. The repressive potential of a government with
such a capability is so large that it must be firmly rejected.
@@ -319,7 +319,7 @@ banknotes, which are costly and risky to store in large amounts)''. Here,
they presume that hoarding CBDC must be risk-free. However, with Digital Euros
represented as tokens that citizens hold in self-custody, the CBDC would not
be risk-free: citizens would have to safeguard their digital devices (both
-physically and against malware).
+physically and against malware).
Thus, a CBDC
design using digital tokens under the control of citizens indirectly provides a
good solution for hoarding, as self-custody of the digital assets entails a
diff --git a/2022-privacy/twitter.jpg b/2022-privacy/twitter.jpg
Binary files differ.
diff --git a/2022-privacy/twitter2.jpg b/2022-privacy/twitter2.jpg
Binary files differ.
diff --git a/2022-privacy/wir-sind-die-guten.png b/2022-privacy/wir-sind-die-guten.png
Binary files differ.
