SUERF: Who comes after us? The correct mindset for designing a Central Bank Digital Currency

25 May 2022

While the ECB authors of "Central Bank Digital Currency: functional scope, pricing and controls" peripherally acknowledge the existence of token-based payment systems, the notion that a Digital Euro will somehow require citizens to have some kind of central bank account is pervasive in the paper.

In December 2021 the European Central Bank (ECB) published a report on "Central Bank Digital Currency: functional scope, pricing and controls" in its Occasional Paper Series [BPT21], detailing various challenges for the Digital Euro. While the authors peripherally acknowledge the existence of token-based payment systems, the notion that a Digital Euro will somehow require citizens to have some kind of central bank account is pervasive in the paper. We argue that an account-based design cannot meet the ECB’s stated design goals and that the ECB needs to fundamentally change its mindset when thinking about its role in the context of the Digital Euro if it wants the project to succeed. Along the same lines, the French National Council for Digitalization published a report on "Notes and Tokens, The New Competition of Currencies" [DGTV21]. Here, the authors make related incorrect claims about inevitable properties of Central Bank Digital Currencies (CBDCs), going as far as stating that a CBDC is not possible without an eID system. Our paper sets the record straight.


Introduction

This article presents our comments regarding two papers that have been written by the European Central Bank (ECB) (Bindseil, Panetta, and Terol 2021) and the French National Council for Digitalization1 (CNNum) (Dowek et al. 2021). As the French report is using some rather unclear definitions of currency, we will begin with a brief introduction of terms and technologies.

We will then explain why the ECB should not be the only guardian of the privacy of the European citizen and why coupling of a Central Bank Digital Currency (CBDC) with an identity system is a bad idea. We address a question raised in the ECB’s report on the risks of a retail CBDCs promoting disintermediation to a degree that might threaten traditional banks.
Currency and payment systems

Currency is “something that is used as a medium of exchange; money.”(Currency, n.d.). From the French dictionary, currency (i.e. la monnaie) is an “Instrument of measurement and conservation of value, legal means of exchanging goods”2, or “Unit of value accepted and used in a country, a group of countries.”3 (Monnaie, n.d.) The main desired properties of a currency are therefore: conservation of value and availability for exchange.

For more than a hundred years, most currencies have been issued by central banks, while with the exception of cash, retail payment systems have typically been implemented by the private sector. In general, any payment system enables participants to make financial transactions, but does not in itself establish a new currency. Additionally, payment systems can provide credit, make transactions faster, cheaper, more private or more usable. Payment systems may require their users to trust payment system providers, as these intermediaries may introduce new failure modes into the system. As a result, payment service providers are generally regulated entities, at least when they deal with traditional fiat currencies.

There are two types of CBDCs, retail CBDCs and wholesale CBDCs. Wholesale CBDC is expected to be primarily used to trade between banks and between the central bank and banks. An example of wholesale CBDC can be found in the description of the project Helvetia of the Swiss National Bank (BIS 2020).4 In contrast, a retail CBDC is intended to be used by citizens and businesses in their daily lives for their ordinary expenses, basically providing a form of digital cash that is, like physical cash, a liability of the central bank. This paper is about retail CBDCs. Our discussion will assume that the currency for the CBDC already exists, and thus focus on the requirements for the payment system that facilitates ordinary people to make digital transactions with such a currency.


Central Banks cannot be the Guardian of Privacy

The ECB’s report starts with a public interest-oriented self-image of central banks. For example, the authors claim that “central banks operate in the interest of society, setting goals in the public interest rather than private interest” and “as public and independent institutions, central banks have no interest in monetising users’ payment data. They would only process such data to the extent necessary for performing their functions and in full compliance with public interest objectives and legislation.” While this is a laudable aspiration, it is a false statement: The Bank of Greece, one of the central banks of the Eurosystem, is dominantly privately held and listed on the Athen’s stock exchange (Greece 2016). Similar constructions with privately owned central banks exist outside of the Eurozone, for example with the Swiss National Bank (Bank 2020). That all central banks are independent and operate in the public interest is sometimes questioned in the popular press (Tecimer 2020). With counter-examples inside the European System of Central Banks (ECBS) itself and within Europe, it is clear one needs to be careful to avoid confusing the idealistic view of central banks as politically neutral and public-minded institutions with reality. To build secure systems, it is best to assume that all parties, including the system’s designers, implementers and main operators themselves, could be malicious.

Central banks thus need to take a different mindset, and ideally picture themselves as malicious actors when working on the design of a CBDC. Only this way, they will avoid designs which would entrust them with information and decisions that they must not be entrusted with. For example, the ECB’s report currently suggests that the ECB “may also prefer the (...) the ability to control the privacy of payments data”. This is a fundamental misconception of the notion of privacy. Citizens will only have privacy with a Digital Euro if they themselves have control over their payment data. Privacy and the human right of informational self-determination requires that each (legally capable) citizen is in control of their personal data. A central bank asserting the “ability to control the privacy” is thus an oxymoron: once anyone else has control, citizens have no privacy. Public institutions that act in the public interest must acknowledge this to not patronize their sovereign: the citizens....

more at  SUERF


© SUERF