Currency and anonymity
Be careful what you wish for
It’s simplistic, but reasonable, to say that the average consumer wants anonymity for their own payments because they are not crooks (and their purchasing decisions are no-one’s business except theirs and the merchant’s). On the other hand, the average consumer (not to mention the average law enforcement agent) doesn’t want anonymity for terrorists, lobbyists or fraudsters.
This is the payments privacy paradox, and cryptocurrency brings it into sharp relief.
The Bank of England’s fintech director Tom Mutton said in a speech that privacy was “a non-negotiable” for a retail CBDC. Meanwhile, the Bank of Canada (just to pick a recent example) published a note on the risks associated with CBDCs stating that central banks should mitigate risks such as anonymity present in digital currencies. Note the formulation of anonymity as a “risk”.
With stricter rules on the holding and exchange of cryptocurrencies coming into place around the globe. To give another example, South Korea’s Financial Services Commission has announced new rules to come into force in 2022, banning all anonymous digital currencies "that possess a high-risk of money laundering”. In my opinion, all anonymous digital currencies posses a high-risk of money laundering, so that’s in essence a ban on all of them.
Square and Circle
How can this circle be squared? How will the Bank of Canada mitigate the risk of anonymity and South Korea maintain a ban on “privacy coins” when faced with a Bank of England digital currency that has non-negotiable privacy?
Well, the way through this apparent paradox is to note the distinction between privacy and anonymity. They are not the same thing at all. In fact, they are not even close to being the same thing at all. In the world of cryptography and cryptocurrency, anonymity is unconditional: it means that it is computationally infeasible to discover the link between a person in the real world and value online. Privacy is conditional: it means that the link is hidden by some third party (eg, a bank) and not disclosed unless certain criteria are met.
Show. Me. The. Money by Helen Holmes (©2021). NFTs available here.
Surveying the landscape as of now, I think we can see these concepts bounding an expanding privacy spectrum. There will undoubtedly be anonymous cryptocurrencies out there, but I think it is fair to observe that they will incur high transaction costs. At the other end of the spectrum, the drive for techfins and embedded finance will mean even less privacy (for the obvious reason, as discussed before, that their payment business models around around data).
One might argue, and with some justification, that central banks are better positioned than banks or other intermediaries when it comes to safeguarding data, because a central bank has no profit motive to exploit payments data.
I could go further and argue that if the central bank were to place transaction data into some form of data trust that would facilitate data sharing to the benefit of citizens, we might see some real disruption in the retail payments space. In a data trust, structure, data stewards and guardians would look after the data or data rights of groups of individuals with a legal duty to act in the interest of the data subjects or their representatives. In 2017, the UK government first proposed them as a way to make larger data sets available for training artificial intelligence and a European Commission proposal in early 2020 floated data trusts as a way to make more data available for research and innovation. And in July 2020, India’s government came out with a plan that prominently featured them as a mechanism to give communities greater control over their data.)
Let us explore that spectrum by starting from the point that, as The Economist once noted on the topic of central bank digital currency, people might well be "uncomfortable with accounts that give governments detailed information about transactions, particularly if they hasten the decline of good old anonymous cash”. And, indeed, I am. But the corollary, that anonymous digital currency should be allowed because anonymous physical cash is allowed, is plain wrong and to those who say that uncensorable, untraceable digital cash would be a shield against dictators, a force for the oppressed and a boon to free man everywhere… I say be careful what you wish for.
Crime and Punishment
The issue of anonymity in payments is complex and crucial and it deserves informed calm strategic thinking because digital currency touches on so many aspects of society. One obvious and important aspect is crime.
Would digital currency change crime? If I hire thugs to lure a cryptobaron to a hotel room and then beat him up to get $1m in bitcoins from him (as actually happened in Japan), is that a crypto-crime or just boring old extortion? If I use Craigslist to lure a HODLer to a street corner and then pull a gun on him and force him to transfer his bitcoins to me (as actually happened in New York), is that a crypto-crime or just boring old mugging? If I get hold of someone's login details and transfer their cryptocurrency to myself (as has just happened in Springfield), is that a crypto-crime or just boring old fraud? If I kidnap the CEO of a cryptocurrency exchange and then release him after the payment of a $1 million bitcoin ransom is that, as the Ukrainian interior minister said at the time "bitcoin kidnapping" or just boring old extortion?
Cash or charge by Helen Holmes (©2021). NFTs available here.
These are just crimes, surely? And not very good ones at that, because they are recorded in perpetuity on an immutable public ledger. Personally, if I were to kidnap a cryptocurrency exchange CEO I would ask for the ransom to be paid in some more privacy-protecting cryptocurrency, because as I explained in the FT some years ago, Bitcoin is not a very good choice for this sort of cyber-criminality. It's just not anonymous enough for really decent crimes or the darkest darknets. Hence my scepticism about claims that Bitcoin's long term value will be determined by it's use for crime.
Untraceable
But what if there were an actually untraceable cryptocurrency out there and it wasn't up to governments to allow it or not? Would an aspiring cryptocriminal mastermind be able to use it for something more innovative than the physically-demanding felony of kidnapping? I'm sure the Mafia would be delighted to have anonymous digital cash to zip around the world, but what would they use it for? Might they come up with some dastardly enterprise that is not a virtual shadow of a crime that has been around since year zero, but a wholly new crime for the virtual world? What if they could find one with the potential to take over from drug dealing (currently approximately 40% of organised crime revenues) as the best option for the criminal entrepreneur?
Ransomware is one interesting candidate. It is certainly a major problem. Criminals seize control of organisations' computer networks, encrypting their data and demanding payment to deliver the decryption keys. Companies paralyzed by the attacks paid hackers an average of more than $300K in 2020 (triple the average of the year before). A cyber security survey last year revealed that more than two-thirds of organisations in the United States had experienced a ransomware attack and had paid a ransom as a result! That’s a pretty decent business for criminals and it certainly was a driver for Bitcoin, although ransomware operators have been moving away from it for some time.
(Once again demonstrating the impending explicit pricing of privacy, the Sodinokibi payment website last year began charging 10% more for Bitcoin ransoms compared to the more private Monero cryptocurrency.)
On the whole, given the basic nature of most organisation’s cyber-defences (more than half of all ransomware attacks stem from spam e-mails), one might expect the ransomware rewards to continue to grow. Apart from anything else, the ransomware raiders are reinvesting their profits in increasingly efficient operations, making for even bigger and bolder attacks.
Assasinate and Win
But what about a more sinister candidate for large-scale criminality though? Is it time for the "assassination market"? It's not a new idea. A few years ago, Andy Greenberg wrote a great piece about this here on Forbes. He was exploring the specific case of "Kuwabatake Sanjuro" who had set up a Bitcoin-powered market for political assassinations, but in general an assassination market is a form prediction market where any party can place a bet on the date of death of a given individual, and collect a payoff if they "guess" the date accurately. This would incentivise the assassination of individuals because the assassin, knowing when the action would take place, could profit by making an accurate bet on the time of the subject's death.
This idea originated, to the best of my knowledge, with Jim Bell. Way back in 1995 he set it out in an essay on "assassination politics". I suppose it was inevitable that advent of digital cash would stimulate thought experiments in this area and it was interesting to me then (and now) because it showed the potential for innovation around digital money even in the field of criminality.
Here's how the market works and why the incentive works, as I explained in my book "Before Babylon, Beyond Bitcoin". Someone runs a public book on the anticipated death dates of public figures. If I hate some tech CEO (for example), I place a bet on when they will die. When the CEO dies, whoever had the closest guess to their date and time of death wins all of the money staked, less a cut for the house. Let's say I bet $5 (using anonymous digital cash through the TOR network) that a specific tech CEO is going to die at 9am on April Fool's Day 2022. Other people hate this person too and they put down bets as well. The more hated the person is, the more bets there will be.
April Fool’s Day 2020 comes around. There’s now ten million dollars staked on this particularly CEO dying at 9am. I pay a hit man five million dollars to murder the CEO. Hurrah! I’ve won the bet, so I get the ten million dollars sent to me in anonymous digital cash and give half to the hit man. No-one can pin the crime on me because I paid the hitman in untraceable anonymous digital cash as well.
I’m just the lucky winner of the lottery.
But better than that is that if I can get enough bets put on someone, then I don’t even have to take the risk of hiring the hitman. If I use some anonymous bots or friendly tolls to coordinate a social media campaign to get a million people to put a $5 bet on the date of the tech CEOs death, then some enterprising hit man will make their own bet and kill them. If the general public had bet five million bucks on 31st March and some enterprising cryptopsycho had murdered the CEO themselves the day before, then it would only have cost me a $5, and I would have regarded that as $5 well spent, as would (presumably) everyone else who bet $5.
Imaging being a tech CEO waking up in the morning. The first thing you check is no longer the share price, but the price on your head. If anyone wants to turn this into a Netflix drama, I’m available.
Banking on a Solution
No-one, not the Bank of England nor any other regulator, central bank, financial institution, law enforcement agency, legislator or, for that matter, sane citizen of any democracy, wants anonymous digital currency whether from the central bank or anyone else. The idea of giving criminals and corrupt politicians, child pornographers and conmen a free pass with payments is throughly unappealing. On the other hand, the Bank of England and all responsible legislators should demand privacy.
I think the way forward is obvious, and relies on distinguishing between the currency and the wallets that it is stored in. Some years ago, when head of the IMF, Christine Lagarde spoke about CBDCs, noting that digital currencies "could be issued one-for-one for dollars, or a stable basket of currencies”. Why that speech was reported in some outlets as being somewhat supportive of cryptocurrencies was puzzling, especially since in this speech she specifically said she remained unconvinced about the “trust = technology” (“code is law”) view of cryptocurrencies. But the key point of that speech about digital fiat that I want to highlight is that she said
Central banks might design digital currency so that users’ identities would be authenticated through customer due diligence procedures and transactions recorded. But identities would not be disclosed to third parties or governments unless required by law.
As a fan of practical pseudonymity as a means to raise the bar on both privacy and security, I am very much in favour of exploring this line of thinking. Technology gives us ways to deliver appropriate levels of privacy into this kind of transactional system and to do it securely and efficiently within a democratic framework. In particular, new cryptographic technology gives us the apparently paradoxical ability to keep private data on a shared or public ledger, which I think will form the basis on new financial institutions (the “glass bank” that I am fond of using as the key image) that work in new kinds of markets.
So, if I send ten digital dollars from my digital wallet to your digital wallet, that’s no-one business but ours. If, however, law enforcement agencies obtain a warrant to require the wallet providers to disclose the identity of the owners, then that information should be readily available. There is no paradox around privacy in payments, but there is an imperative for practical pseudonymity.