marketing

suref.tex (23103B)

---

 \documentclass{article}
 
 \usepackage{url}
 \usepackage{enumitem}
 \usepackage{authblk}
 
 \title{Who comes after us? The correct mindset for designing a Central Bank Digital Currency}
 
 \author[$\triangle\pounds$]{Antoine~d'Aligny}
 \author[$\triangle$]{Emmanuel~Benoist}
 \author[$\dagger\heartsuit$]{Florian~Dold}
 \author[$\triangle\dagger\heartsuit$]{Christian~Grothoff}
 \author[$\S$]{\"Ozg\"ur~Kesim}
 \author[$\ddagger\heartsuit$]{Martin~Schanzenbach}
 \affil[$\triangle$]{Bern University of Applied Sciences}
 \affil[$\pounds$]{École d'Ingénieurs Généraliste du Numérique}
 \affil[$\dagger$]{Taler Systems SA}
 \affil[$\S$]{Freie Universit\"at Berlin}
 \affil[$\ddagger$]{Fraunhofer Institute for Applied and Integrated Security}
 \affil[$\heartsuit$]{The GNU Project}
 \date{\today}
 \begin{document}
 
 \maketitle
 
 \abstract{
 In December 2021 the European Central Bank (ECB) published a report on ``Central Bank Digital
 Currency: functional scope, pricing and controls'' in its Occasional Paper
 Series~\cite{ecb2021}, detailing various challenges for the
 Digital Euro.  While the authors peripherally acknowledge the existence of
 token-based payment systems, the notion that a Digital Euro will somehow
 require citizens to have some kind of central bank account is pervasive in the
 paper. We argue that an account-based design cannot meet the ECB's stated
 design goals and that the ECB needs to fundamentally change its mindset when
 thinking about its role in the context of the Digital Euro if it wants the
 project to succeed.
 
 Along the same lines, the French National Council for Digitalization published
 a report on ``Notes and Tokens, The New Competition of
 Currencies''~\cite{french2021}.  Here, the authors make related incorrect
 claims about inevitable properties of Central Bank Digital Currencies
 (CBDCs), going as far as stating that a CBDC is not possible without an eID
 system.  Our paper sets the record straight.
 
 % [oec] Shouldn't we also mention GNU Taler already here as an example for an alternative?
 
 \noindent
 {\bf JEL Classification Codes:} E42, E58 \\
 {\bf Keywords: } retail CBDC, privacy, trust
 
 
 \section{Introduction}
 \label{sec:intro}
 
 This article presents our comments regarding two papers that have been written
 by the European Central Bank (ECB)~\cite{ecb2021} and the French National
 Council for Digitalization\footnote{Conseil national du numérique}
 (CNNum)~\cite{french2021}.  As the French report is using some rather unclear
 definitions of currency, we will begin with a brief introduction of terms and
 technologies.
 
 We will then explain why the ECB should not be the only guardian of the
 privacy of the European citizen and why coupling of a Central Bank Digital
 Currency (CBDC) with an identity system is a bad idea. We address a question
 raised in the ECB's report on the risks of a retail CBDCs promoting
 disintermediation to a degree that might threaten traditional banks.
 
 
 \section{Currency and payment systems} \label{sec:terms}
 
 Currency is ``something that is used as a medium of exchange;
   money.''\cite{dictionaryCurrency}. From the French dictionary, currency
 (i.e. la monnaie) is an ``Instrument of measurement and conservation of
   value, legal means of exchanging goods''\footnote{Instrument de mesure et
   de conservation de la valeur, moyen légal d'échange des biens.}, or
 ``Unit of value accepted and used in a country, a group of
   countries.''\footnote{Unité de valeur admise et utilisée dans un pays, un
   ensemble de pays.}~\cite{LeRobertMonnaie}
 The main desired properties of a currency are therefore: conservation of value and
 availability for exchange.
 
 For more than a hundred years, most currencies have been issued by central
 banks, while with the exception of cash, retail payment systems have typically
 been implemented by the private sector.  In general, any payment system
 enables participants to make financial transactions, but does not in itself
 establish a new currency. Additionally, payment systems can provide credit,
 make transactions faster, cheaper, more private or more usable. Payment
 systems may require their users to trust payment system providers, as these
 intermediaries may introduce new failure modes into the system. As a result,
 payment service providers are generally regulated entities, at least when they
 deal with traditional fiat currencies.
 
 There are two types of CBDCs, retail CBDCs and
 wholesale CBDCs. Wholesale CBDC is expected to be primarily used to trade
 between banks and between the central bank and banks. An example of wholesale
 CBDC can be found in the description of the project Helvetia of the Swiss
 National Bank~\cite{BISHelvetia2020}.\footnote{We note that the French report
   confuses project Helvetia (which implements a wholesale CBDC) with an
   entirely different proposal~\cite{chaum2021} for a retail CBDC.}  In
 contrast, a retail CBDC is intended to be used by citizens and businesses in
 their daily lives for their ordinary expenses, basically providing a form of
 digital cash that is, like physical cash, a liability of the central bank.
 This paper is about retail CBDCs.  Our discussion will
 assume that the currency for the CBDC already exists, and thus focus on the
 requirements for the payment system that facilitates ordinary people to make
 digital transactions with such a currency.
 
 
 \section{Central Banks cannot be the Guardian of Privacy}
 \label{sec:guardians}
 
 The ECB's report starts with a public interest-oriented self-image of central
 banks. For example, the authors claim that ``central banks operate in the
 interest of society, setting goals in the public interest rather than private
 interest'' and ``as public and independent institutions, central banks have no
 interest in monetising users' payment data.  They would only process such data
 to the extent necessary for performing their functions and in full compliance
 with public interest objectives and legislation.'' While this is a laudable
 aspiration, it is a false statement: The Bank of Greece, one of the central
 banks of the Eurosystem, is dominantly privately held and listed on the Athen's
 stock exchange~\cite{BG2016}.  Similar constructions with privately owned
 central banks exist outside of the Eurozone, for example with the Swiss
 National Bank~\cite{SNB}.  That all central banks are independent and operate
 in the public interest is sometimes questioned in the popular
 press~\cite{tcimer2020}.  With counter-examples inside the
 European System of Central Banks (ECBS) itself and within Europe, it is clear
 one needs to be careful to avoid confusing the idealistic view of central
 banks as politically neutral and public-minded institutions with reality.
 To build secure systems, it is best to assume that all parties,
 including the system's designers, implementers and main operators
 themselves, could be malicious.
 
 Central banks thus need to take a different mindset, and ideally picture
 themselves as malicious actors when working on the design of a CBDC.  Only
 this way, they will avoid designs which would entrust them with information
 and decisions that they must not be entrusted with.  For example, the ECB's
 report currently suggests that the ECB ``may also prefer the (...) the ability
 to control the privacy of payments data''. This is a fundamental misconception
 of the notion of privacy. Citizens will \emph{only} have privacy with a
 Digital Euro if they themselves have control over their payment data. Privacy
 and the human right of informational self-determination requires that each
 (legally capable) citizen is in control of their personal data.  A central
 bank asserting the ``ability to control the privacy'' is thus an oxymoron:
 once anyone else has control, citizens have no privacy.  Public institutions
 that act in the public interest must acknowledge this to not patronize their
 sovereign: the citizens.
 
 The French report~\cite{french2021} correctly states that a Digital Euro based
 on accounts poses ``democratic risks''\footnote{risques démocratiques} and could allow ``state surveillance of
 all transactions of every individual''\footnote{surveillance de toutes les transactions de chaque individu par l’État}.
 Subsequently the wording of the French report is misleading, as it turns the
 possibility of privacy-invasive monitoring into a mandatory feature of any
 CBDC, which is demonstrably false: There are many digital currencies and
 payment systems that do not allow comprehensive
 surveillance~\cite{monero,dold2019}.  Thus, it is wrong for the authors of the
 French report to take a possible design choice of an account-based system as a
 necessity, for example when they write that ``the centralization and data
 tracking of CBDC projects leads to a loss of privacy
 that coupled with the programmability of the currency can have serious
 consequences.''\footnote{Toutefois, la centralisation et la traçabilité des données des projets de monnaie numérique de banque centrale conduit à une perte de vie privée qui, associée à la programmabilité de la monnaie, peut avoir de lourdes conséquences. }  Using the indicative here is a serious mistake, as it is
 understood that any CBDC design would necessarily lead to a loss of privacy,
 when this is false.
 
 Furthermore, the use of the term ``surveillance'' in the French report actually
 understates the negative impact of an account-based CBDC, as with an
 account-based CBDC the central bank would likely also be in a position to
 prevent individuals from spending money and to manipulate their balances,
 thereby gaining comprehensive power over the economic activities of
 individuals going far beyond mere analytical capabilities. The use of
 permissioned blockchains does not inherently prevent such manipulations as
 long as the participating operators are colluding.  Thus, if European
 democratic ideals and personal freedoms are to prevail, we clearly cannot
 ignore this danger and must reestablish the principles of personal
 responsibility, personal independence and subsidiarity in the design processes
 for critical infrastructure created by European institutions.
 
 Since this conjecture is taken as fact while counterexamples
 exists, the conclusion of the first part of the French report follows a
 logical fallacy.  The authors assert that ``the new properties of CBDC raise
 political questions''\footnote{``Dans un contexte où les nombreux projets d’émettre
 des monnaies numériques viennent étendre le rôle des banques
 centrales se pose la question des enjeux démocratiques et politiques de
 ces nouveaux attributs.''} which implies that the deployment of a CBDC would be
 impossible in the current state.  But adaptations of central bank missions to
 include ``absolute control over the rules and regulations of the use'' of
 money via the issuance of a CBDC (as envisioned by Agustín Carstens of the
 Bank for International Settlements\footnote{See speech given on October 19th
 2020 on ``Cross-Border Payment -- A vision for the future'',
 \url{https://meetings.imf.org/en/2020/Annual/Schedule/2020/10/19/imf-cross-border-payments-a-vision-for-the-future}
 at 00:24:30}) are dangerous
 if the central bank can choose to void privacy assurances. Carstens correctly states
 that with the proposed CBDC design the central bank would have the ability to know about every
 payment. Consequently, the central bank would be able to strictly enforce
 its rules and regulations, which implies the bank could arbitrarily block
 payments by private citizens. The repressive potential of a government with
 such a capability is so large that it must be firmly rejected.
 
 \section{Harmful coupling with identity}
 \label{sec:coupling}
 
 The risk is not theoretical. The Emergencies Act of February 2022 granted the
 Canadian executive the right to freeze bank accounts without judicial
 oversight.  The Canadian minister of justice David Lametti promptly used this
 to threaten people on CTV News with extrajudicial asset freezes if they were
 making significant financial contributions to a political cause he strongly
 disagrees with.\footnote{\url{https://www.youtube.com/watch?v=xoTCxWSQW30}} If
 this is possible in Canada today, we do not want to imagine what might happen
 in less established democracies if an account-based CBDC were to largely
 displace cash.
 
 Consequently, the question should be if central banks should limit CBDC
 issuance within the scope of their current mission instead of modifying their
 rulebooks.  The US Federal Reserve is currently barred from
 maintaining digital account balances for individuals~\cite{usfed2022}.  We
 consider this law wise, as we argue that tightly coupling payments with
 identity is harmful.  While the law prevents the Federal Reserve's from
 issuing an account-based retail CBDC, it does not seem to prevent the Federal
 Reserve from issuing a token-based privacy-respecting CBDC.  This is crucial,
 as the technology behind token-based privacy-respecting CBDCs would
 fundamentally not support the kind of asset freezes enabled by the Canadian
 Emergencies Act.
 
 In contrast, ECB report suggests that ``combining use of digital identity and
 CBDC'' might be beneficial. The same idea is echoed in the French report which
 quotes an unpublished report from Catenae (2020) to say that ``it is difficult
 to envisage the creation of a retail CBDC, and more specifically a Digital
 Euro without first creating a reliable, secure digital identity offering the
 necessary guarantees''\footnote{il est difficile d'envisager la création d'une
 monnaie numérique de banque centrale de détail, et plus particulièrement d’un
 ``euro numérique'', sans création préalable d'une identité numérique fiable,
 s\'ecuris\'ee et offrant les garanties nécessaires}. From a technical
 perspective, the statement is hard to defend since payment systems exist that
 work perfectly well without depending on a ``trusted digital identity''.
 
 From a regulatory perspective, it is understood that institutions working with
 a Digital Euro will at times be legally required to establish the identity of
 actors. However, when a Digital Euro needs a digital identity for some of the
 actors in the digital currency production chain, one can use existing
 Know-Your-Customer (KYC) processes of commercial banks or use certificates
 based on the already widely used X.509 standard, which are both already in
 common use on the Internet.\footnote{They correspond to the ``s'' in
 ``https'', for example.}  While we can imagine a world in which a new
 ``trusted digital identity'' exists, and develop new protocols for this world,
 this is by no means a prerequisite to any work on a Digital Euro.  Waiting for
 the creation of a new trusted digital identity at the European level before
 creating a CBDC may be equivalent to postponing the decision indefinitely, and
 the necessity of first deploying a new electronic identity scheme is not shown
 by the authors.
 
 What neither report appreciates is that combining payments with such a digital
 identity system would create a serious liability.  Even if central banks were
 neutral custodians of citizens' privacy (see Section~\ref{sec:guardians}), the
 problem is the data itself.  As Bruce Schneier has concisely argued already in 2016:
 ``Data is a toxic asset.  We need to start thinking about it as such, and treat
 it as we would any other source of toxicity. To do anything else is to risk our
 security and privacy.''~\cite{schneier2016toxic}
 Despite this well-established insight, the ECB report is insinuating to link
 identities with payments which consequently and inevitably produces highly
 sensitive\footnote{Or to stick with Schneier's analogy, ``super-toxic''}
 metadata.  Referring to the toxicity of this metadata, Edward Snowden famously
 said at IETF 93 in 2019
 that \begin{quote} ``(...) we need to get away from true-name payments on the
   Internet.  The credit card payment system is one of the worst things that
   happened for the user, in terms of being able to divorce their access from
   their identity.''
 \end{quote}
 If the European Union wants to avoid a dystopia of the transparent citizen
 and catastrophic cases of personal data theft, it must enable citizens to put a
 firewall between their identity and their payments.
 
 Citizens themselves are well aware of this aspect and it consequently would
 have a significant impact on acceptance of a CBDC: The Swiss population
 recently rejected a proposal for a national eID~\cite{eid2021}, and the newly
 elected German government is promising a reversal of ubiquitous data retention
 (without cause)~\cite{koalitionsvertrag2021}.  The European Parliament has
 members proposing to ban the use of facial recognition in public
 spaces~\cite{euai2021}.  The ECB's proposal seemingly ignores the popular
 rejection of treating every citizen as a criminal suspect by doubling down.
 The missing link in the ECB proposal that would reveal the dystopic reality
 they would invoke would be a statement that facial recognition could be used
 to conveniently establish the payer's identity --- or ``pay with your smile'',
 as contemporary account-based digital payment offerings already put it.  We
 stress that CBDC payment data, like other payment data, can be expected to be
 retained for 6 or more years~\cite{fca}.  If CBDC payment data is additionally
 strongly coupled with our identities, those who dislike living in a panopticon
 could only hope for such a CBDC to be rarely used.
 
 
 
 \section{Addressing Balance Sheet Disintermediation via Self-Custody}
 \label{sec:disintermediation}
 
 The ECB report describes the risk of (commercial) bank balance sheet
 disintermediation as one of the major risks to consider from the introduction
 of a CBDC.  Basically, the risk is that consumers losing faith in a
 commercial bank may shift funds into CBDC, thereby exacerbating the situation
 by creating a ``bank run''.
 The ECB report discusses various strategies, but primarily focuses on limiting
 ``hoarding'' of CBDC by imposing a balance limit. They then realize that this
 can be quite difficult, as businesses may have varying needs for CBDC, so a
 fixed low limit would strangle the utility of the CBDC, while a fixed high
 limit may not be effective. They then propose a dynamic limit which they would
 ``calculate in accordance to (...) presumed cash needs''.
 
 Here, the authors might want to review some of the hard lessons from the
 introduction of $CO_2$ emissions certificates, where initial allocations were
 calculated based on ``presumed emission needs'' of certain industries,
 resulting in windfalls for shifty polluters that managed to rig the
 calculations, giving them excess certificates that they could then
 resell.~\cite{carbon} If CBDC holdings are limited and financially attractive,
 there will clearly again be businesses profiting from organizing their
 business data to obtain high account limits.  This kind of socially
 unproductive optimization will happen regardless of the specific rules that
 the ECB will design.  Thus, this is a fundamentally flawed design.
 
 The ECB's focus on account-based solutions seems to have caused it to ignore a
 better solution that was proposed in~\cite{snb2021}, even though it was
 clearly on the table: When justifying the need to control hoarding of CBDC,
 the authors write that ``risk-free assets have a negative yield (apart from
 banknotes, which are costly and risky to store in large amounts)''.  Here,
 they presume that hoarding CBDC must be risk-free. However, with Digital Euros
 represented as tokens that citizens hold in self-custody, the CBDC would not
 be risk-free: citizens would have to safeguard their digital devices (both
 physically and against malware).
 Thus, a CBDC
 design using digital tokens under the control of citizens indirectly provides a
 good solution for hoarding, as self-custody of the digital assets entails a
 risk, quite comparable to the risk of hoarding cash. By analyzing this risk,
 citizens and businesses would themselves determine appropriate individual
 limits for their CBDC holdings based on their actual cash needs.
 
 
 \section{Conclusion}
 
 There are no trusted third parties. That does not prevent people from
 designing and deploying systems that rely on the assumption that a trusted
 third party exists. Central banks must not follow the former DIRNSA's
 hubris~\cite[page 6f]{cwps}
 and assert that they are an eternally trusted third party.
 
 The dominance of accounts on the Internet and the resulting delegation of
 economic and political power to big Internet service providers sets a
 dangerous precedent for the design of CBDCs. It is time for central banks
 to abandon this account-centric mindset, which will help them address
 privacy issues and help the Internet transcend surveillance capitalism.
 
 More specifically, the ECB needs to review its design approach for the Digital
 Euro and commit to granting financial sovereignty to its constituents. Instead
 of controlling the citizen's privacy and forcing a particular ECB App onto
 % FIXME: I'd suggest "users' phones",
 % unless it is really meant that one
 % user has multiple phones.
 CBDC user's phones, the ECB needs to design a Digital Euro based on respect
 for the citizen's sovereignty and self-responsibility.  A digital cash system
 can be build using privacy-preserving open protocols with Free Software
 reference implementations.  The resulting self-responsibility of citizens will
 address various key design challenges inherent to account-based designs,
 including the biggest challenge of all: creating a product citizens would
 actually like to use.
 
 %[oec] Highlight again that alternatives _are_ on the table
 
 
 
 % We thank XXX for insightful comments on an earlier draft of this text.
 
 \bibliographystyle{alpha}
 \bibliography{literature}
 
 
 \end{document}
 
 Cut for brevity:
 
 
 
 Most crypto-currencies seek to have the properties of a currency, the
 conservation of value and the availability for exchange. For the two largest
 of them (BTC and ETH), we must note that since their creation they have been
 able to play the two roles of a currency. These currencies are both available
 for exchange and can be hoarded. These currencies are subject to great
 variations in price, but they are far from the variations of the Argentine
 Peso (which is commonly considered to be a currency). Some also have limited
 availability for real-time transactions, with Bitcoin for example requiring a
 very long validation time preventing its use for everyday purchases, but can
 be used for remote purchases (say for international remittances) where
 latencies and costs are actually competitive compared to existing payment
 systems.
 
 Central banks manage fiat currencies. These currencies are also mainly
 digital, as often the actual transactions are facilitated by digital payment
 systems bolted on top of the currency provided by the central bank.  While it
 is in most cases still possible to use the central bank provided physical cash
 directly, transactions using real coins and bills are declining. The quantity
 of money, as well as the interest rate at which this money is made available
 to banks, allows central banks to influence the value of the currencies they
 manage.