Lotteries and lolly

Do we really want anonymity in payment systems or not? It’s a really complicated subject. If anyone tells me that they think payments should be completely anonymous, or completely not anonymous, I suspect that they haven’t thought it through. Even those who are tasked with thinking about this sort of thing are not sure. A few years ago, the US Government Accountability Office published a report on "Emerging Regulatory, Law Enforcement, and Consumer Protection Challenges" (May 2014) and the first of its conclusions was that virtual currency systems "may" provide greater anonymity than traditional payment systems.

They “may”, or they may not. It's a question of design. The design I want is privacy-enhancing pseudonymity, but that’s just one way of doing things, so I am always keen to gather illustrative use cases. It was while I was writing a piece about assassination lotteries that I remembered the very interesting use of lottery winnings. I was alerted to this by Don Thibeau a couple of years go. He pointed me in the direction of a story about the winner of a HALF A BILLION DOLLAR lottery prize in the United States who was involved in a court case (as Jane Doe) to remain anonymous because she didn’t want everyone to know about it. You can understand why this might lead to problems. Very serious problems, such as when November 2015, Craigory Burch Jr. matched all five numbers in the Georgia Fantasy 5 drawing and won a $434,272 jackpot only to be murdered in his home by seven masked men who kicked in his front door.

Anonymity is Hard

Apart from trying to avoid home invasion and murder, there might be all sorts of reasons that a lottery winner might like to keep her good fortune to herself. Would she really be anonymous though? After all, the money would have to go into a bank account, so not only would lottery officials know who she is but people at the bank would know who she is, and so on. Being anonymous is really difficult in an infrastructure that has no anonymity. Which leads on to an interesting question: if we are designing the identity system of the future, should it allow for this kind of anonymity? It turns out that New Hampshire actually allows people to form anonymous trusts and these trusts can buy lottery tickets. Again, though, would the trust members really be anonymous? The money would have to go somewhere…

You could of course construct the lottery to be completely anonymous from the beginning by using a variant of the cryptographic blinding invented by David Chaum for Digicash. That is, you buy a lottery ticket, fill out the numbers and add your ZCash, Monero or whatever address and then submit it with a blinding factor. The lottery signs the ticket to confirm your numbers and sends it back, at which point you divided out the blinding factor to give yourself a completely anonymous, but completely valid, lottery ticket.

If that ticket wins the lottery, the money can be sent to the cryptocurrency address in the ticket without the lottery owner or anyone else having the slightest idea who it belongs.

NFT available direct from the artist at TheOfficeMuse (CC-BY-ND 4.0)

So is this a use case for anonymous cryptocurrency then? Well, no. Here's the thing: would you want lottery winnings to go to anonymous people? How would you know that the lottery is fair? How would you know that the lottery operator isn't rigging it and sending all of the winnings to their family? How do you know that the lottery organiser didn’t win and send the money to themselves? There must be a way to audit, and this of course again points away from anonymity.

I understand the genuine concerns of informed observers. I read in Reason magazine (“Cash means freedom”) a while back: "Cash—the familiar, anonymous paper money and metallic coins that most of us grew up using—isn’t just convenient, it’s also a powerful shield for our autonomy and our privacy”. But it really isn’t. Privacy is being taken away because of social media, people wearing cam-shades and ubiquitous drones, not because of debit cards. I empathise with those people who are as concerned with privacy (as I am), people who worry (with good reason) that there might be an inevitable tendency for a government to want to trespass on the pseudonymous infrastructure in the name of money laundering or terrorism, but that’s a problem that needs to be dealt with by society, not by technology.

Between the rock of total surveillance and the hard place of total chaos, it remains difficult to make the case for digital cash, and central bank digital currency in particular, to be anonymous. We must choose the least worst option: privacy, not anonymity. I agree with Michael Casey’s argument in the Cato Journal that a privacy-enhancing digital Dollar would be very appealing on a global scale in contrast to digital currencies subject to continual state surveillance. He says that if the United States were to treat money “less as a means of controlling everyone and more as a field of opportunity for creative startups” then it would bring substantial benefits which, if central banks think (as I suspect they do) that one of the main drivers for a digital currency is as a platform for new products and services, will add to America’s comparative advantage.

(An edited version of this article first appeared on Forbes, 28th May 2021.)