Privacy issues seen reducing appeal of central bank digital currencies

Fed's Powell says China model wouldn't work in the US

Federal Reserve Chairman Jerome Powell said China's digital currency wouldn't work in the US because it allows the government to see every payment for which it is used in real time.  (Tom Williams/CQ Roll Call file photo)
Federal Reserve Chairman Jerome Powell said China's digital currency wouldn't work in the US because it allows the government to see every payment for which it is used in real time. (Tom Williams/CQ Roll Call file photo)
Posted November 16, 2021 at 7:00am

Central bank digital currencies, a potential government-backed alternative to cryptocurrencies that would provide faster and more secure payments, raise privacy challenges that could hinder their development, according to academic experts. 

Among the questions confronting those seeking to establish the currencies, called CBDCs, are how to identify users and when to track their payments. Government officials and privacy advocates alike are raising concerns that the U.S. version could look like China’s digital yuan, which allows the government to see every transaction a user makes.

“It is far more important to get it right than it is to do it fast,” Federal Reserve Chair Jerome Powell said in April. “The currency that is being used in China is not one that would work here. It’s one that really allows the government to see every payment for which it is used in real time.”

The Atlantic Council, a group that backs U.S. leadership and engagement with the rest of the world, says CBDCs are operating in various states of completeness in Nigeria as well as the Bahamas and five other Caribbean nations. Sixteen more nations have pilot programs, including China, Sweden, Ukraine, Saudi Arabia, Singapore and South Korea. 

Moving more cautiously, the U.S. is working with the Massachusetts Institute of Technology to build a technology platform to support a potential digital dollar. A private, nonprofit effort, the Digital Dollar Project is also launching pilot programs across the country to test possible applications for a digital currency. 

ID issues

The major technical complication for CBDCs is privacy, said Ari Juels, a professor of computer science at Cornell University in New York and expert on blockchain, computer security and cryptography. 

The degree to which users must identify themselves to the platform hosting the CBDC depends on its architecture, he said. The most widely used architecture is based on a two-tiered model developed by the Bank of England. Traditional retail financial institutions are on the system’s front end and the CBDC is on the back end because central banks are not set up to be retail operations. 

“The effect would be that users interact with their banks and don't even need to be aware of the mechanics of the CBDC platform. That said, there are a couple of complications even in that model,” Juels said in an interview.  

The first problem is that observing anonymous transactions can be sufficient to identify an account because transaction records act as digital fingerprints. 

Juels cited the example of a CBDC administrator colluding with a retailer. When a consumer uses a digital currency to make a store payment, the retailer could indicate to the platform that a specific transaction took place for a specific amount at a specific time. The CBDC administrator could use that information to narrow down the potential users and possibly pinpoint an individual, negating any anonymity.

Such complications have surfaced with cryptocurrencies, as accounts are pseudonymous, rather than fully anonymous, meaning that a single asset holder’s transactions can be linked to the asset holder's identity. 

Another complication of the two-tiered model is that one of the goals of CBDCs is financial inclusion. If people and communities that traditionally don’t trust banks must go through a traditional financial institution to use such a currency, that goal may not be well served, Juels said. New privacy issues won’t help alleviate that distrust.

The populations the government wants to serve by these technologies may not actually be interested or engaged, Juels said. Some pilot programs are considering a workaround allowing transactions in accounts with small balances to be anonymous. The programs and institutions administering these accounts would also have to introduce controls to prevent loopholes from being opened, such as a user holding multiple anonymous accounts to bypass account limits. 

“There are ways to enable people to set up anonymous accounts while protecting against the creation of multiple accounts per person,” Juels said, adding that this is one of his group’s areas of research.

Tokens or accounts?

Another way to provide CBDC services to users is through the use of tokens — either hardware, such as a chip in a smartphone, or a debit card that can hold a set amount of funds while permitting anonymous transactions — said Rohan Grey, a law professor at Willamette University in Oregon who has worked with Congress on digital dollar proposals. 

For the past 5,000 years there has been a binary approach to money: It’s in the form of either a token or an account.

Each one has benefits and drawbacks. Coins or bills, which fall under the token category, are decentralized and anonymous. But that anonymity means they can be used for illegal transactions. An account must have a record somewhere to verify that transaction took place. 

Tracking every transaction raises privacy and civil liberties concerns.    

Central bankers don’t see digital money going the route of private, nontraceable financial tokens, Grey said. This is partially because bankers deal with billions of dollars in account money and tend to view the physical representation, such as a bill, as quaint and irrelevant to their work. 

But this area should be open to political debate, Grey said, adding that central banks are currently setting the contours of that discussion. 

One argument for CBDCs is the elimination of physical money. But if it is replaced with a system that can be monitored by law enforcement and intelligence agencies while not allowing offline peer-to-peer transactions using some kind of hardware security like a chip or SIM card, then “we are going to be giving up something quite fundamental,” Grey said. 

"The death of cash is undemocratic and pretty dangerous,” Grey said.

China’s example is one way CBDCs shouldn’t be deployed in the U.S., he said. Under China’s digital privacy laws, individuals have a right to “managed anonymity” for any transactions involving digital currency. 

“What they mean by that is anonymity between you and the merchant, but no anonymity at all between you and the government,” Grey said. 

In the next three to five years, defining decisions about the exact shape and use of U.S. CBDCs will be made and their impact will be similar to the choices made in the late '80s and early '90s that picked the online protocols that shaped the internet, Grey said. 

He is skeptical that backers of private cryptocurrencies or central bankers will push back against law enforcement and intelligence agency interests to protect privacy. What is needed, he said, is to get the issue onto the radar of the public — and therefore Congress.