commit eef501f308fbb8abc9bb64137fa1bb08c36310df
parent 8dd17d0a6435a759365dd233b016bfaa71c44e49
Author: Christian Grothoff <christian@grothoff.org>
Date: Fri, 28 Jan 2022 19:22:44 +0100
edits
Diffstat:
1 file changed, 29 insertions(+), 28 deletions(-)
diff --git a/2022-privacy/privacy.tex b/2022-privacy/privacy.tex
@@ -29,12 +29,12 @@ design goals and that the ECB needs to fundamentally change its mindset when
thinking about its role in the context of the Digital Euro if it wants the
project to succeed.
-Along the same lines, the French National Council for Digitalization published a
-report on ``Notes and Tokens, The New Competition of
+Along the same lines, the French National Council for Digitalization published
+a report on ``Notes and Tokens, The New Competition of
Currencies''~\cite{french2021}. Here, the authors make similar false
-assumptions about inevitable properties of CBDCs, going as far as stating that
-a CBDC is not possible without an eID system. Our paper attempts to set the
-record straight.
+assumptions about inevitable properties of Central Bank Digital Currencies
+(CBDCs), going as far as stating that a CBDC is not possible without an eID
+system. Our paper attempts to set the record straight.
% [oec] Shouldn't we also mention GNU Taler already here as an example for an alternative?
}
@@ -50,10 +50,10 @@ definitions of currency and crypto-currency, we will begin with a brief
introduction of terms and technologies.
We will then explain why the ECB should not be the only guardian of the
-privacy of the European citizen and why coupling of a CBDC with an identity
-system is a bad idea. We address a question raised in the ECB's report on
-the risks of a retail CBDCs promoting disintermediation to a degree that
-might threaten traditional banks.
+privacy of the European citizen and why coupling of a Central Bank Digital
+Currency (CBDC) with an identity system is a bad idea. We address a question
+raised in the ECB's report on the risks of a retail CBDCs promoting
+disintermediation to a degree that might threaten traditional banks.
The second part of this paper proposes a set of design principles that any
retail CBDC must integrate. We then argue that a retail CBDC based on GNU
@@ -176,7 +176,7 @@ payment systems that do not allow comprehensive
surveillance~\cite{monero,dold2019}. Thus, it is wrong for the authors of the
French report to take a possible design choice of an account-based system as a
necessity, for example when they write that ``the centralization and data
-tracking of central bank digital currency projects leads to a loss of privacy
+tracking of CBDC projects leads to a loss of privacy
that coupled with the programmability of the currency can have serious
consequences.'' Using the indicative here is a serious mistake, as it is
understood that any CBDC design would necessarily lead to a loss of privacy,
@@ -235,16 +235,17 @@ a ``trusted digital identity''.
From a regulatory perspective, it is understood that institutions working with
a Digital Euro will at times be legally required to establish the identity of
actors. However, when a Digital Euro needs a digital identity for some of the
-actors in the digital currency production chain, one can use existing KYC
-processes of commercial banks or use certificates based on the already widely
-used X.509 standard, which are both already in common use on the
-Internet.\footnote{They correspond to the ``s'' in ``https'', for example.}
-While we can imagine a world in which a new ``trusted digital identity''
-exists, and develop new protocols for this world, this is by no means a
-prerequisite to any work on a Digital Euro. Waiting for the creation of a new
-trusted digital identity at the European level before creating a CBDC may be
-equivalent to postponing the decision indefinitely, and the necessity of first
-deploying a new electronic identity scheme is not shown by the authors.
+actors in the digital currency production chain, one can use existing
+Know-Your-Customer (KYC) processes of commercial banks or use certificates
+based on the already widely used X.509 standard, which are both already in
+common use on the Internet.\footnote{They correspond to the ``s'' in
+``https'', for example.} While we can imagine a world in which a new
+``trusted digital identity'' exists, and develop new protocols for this world,
+this is by no means a prerequisite to any work on a Digital Euro. Waiting for
+the creation of a new trusted digital identity at the European level before
+creating a CBDC may be equivalent to postponing the decision indefinitely, and
+the necessity of first deploying a new electronic identity scheme is not shown
+by the authors.
What neither report appreciates is that combining payments with such a digital
identity system would create a serious liability. Even if central banks were
@@ -531,9 +532,9 @@ Furthermore, we believe that a CBDC should also strongly consider the issue of
inclusion, from children to illiterate or innumerate users which are
underserved by contemporary commercial payment solutions. When it comes to
serving children, age-verification for Websites is a related domain where
-digital identity-based solutions are inappropriately pursued today:
-With Taler, we can cryptographically extend the principle of strictly
-protected privacy also into the domain of age restrictions in
+digital identity-based solutions are inappropriately pursued today: With
+Taler, we can cryptographically extend the principle of strictly protected
+privacy also into the domain of age restrictions in
e-commerce~\cite{designagerestriction2021}. By integrating age restrictions
with privacy-preserving payments, we can enable legal guardians to protect
their wards without contributing to the conversion of sovereign citizens to
@@ -542,9 +543,9 @@ ways: Buyers remain anonymous during payment, yet efficacy of age restriction
is guaranteed. Anonmyous age restriction during payment simplifies processees
for merchants significantly. It is based on the principle of subsidiarity and
gives control over age restriction to closest responsible persons (generally
-the parents). And finally, for more than 5 million children in the EU between
-10 and 18~\cite{EurostatAge10} this would allow participation in e-commerce
-more freely.
+the parents). And finally, for more than 5 million children in the European
+Union between 10 and 18~\cite{EurostatAge10} this would allow participation in
+e-commerce more freely.
Assuming that owners of bank-accounts are mature adults, it allows them to
withdraw age-restricted coins for their wards. The wards can then anonymously
@@ -586,7 +587,7 @@ of mining gold) have previously claimed that a competing gold-backed payment
system might be inherently beneficial to the (Swiss) economy~\cite{nzz}.
Systems like Bitcoin and Ethereum that are based on distributed ledger
-technology are often confused with true token-based systems. In Bitcoin and
+technology (DLT) are often confused with true token-based systems. In Bitcoin and
Ethereum funds are still stored in accounts that have a value because of an
incoming transaction, and not because some issuer backs the token. With the
Depolymerizer~\footnote{\url{https://git.taler.net/depolymerization.git}} we
@@ -605,7 +606,7 @@ preferable choice.
For the conversion between fiat currency, e-gold and Depolymerizer-tokenized
cryptocurrencies it is likely that regulated payment service pro\-viders will
-be required to perform some kind of know-your-customer (KYC) procedure to
+be required to perform some kind of KYC procedure to
identify their customers. However, this is no different from identification
procedures required by banks today, and hence hardly predicated on the
creation of a national or even global electronic identity platform with its
