Yes, will Europe’s Digital Euro safeguard privacy?

Someone needs to remind the European Commission that it can’t have its cake and eat it too.

An EC proposal this week for regulating a future central bank digital currency (CBDC) insisted that it must “protect privacy,” describing a system of NFC chip-based offline payments in which “nobody would be able to see what people are paying for.”

This recognizes European citizens’ civil liberties, as politicians are wont to do. But you can be forgiven for seeing it as mere lip service. A review of the proposal’s explicit record-keeping provisions for payment service providers challenges those intentions, especially in light of recent European government crackdowns on cryptographic privacy.

You’re reading Money Reimagined , a weekly look at the technological, economic and social events and trends that are redefining our relationship with money and transforming the global financial system. Subscribe to get the full newsletter here .

The fact is the European Commission – and for that matter, the governments of the U.S., U.K. and other major liberal democracies – has generally shown itself incapable of embracing real privacy in digital money. They want the facade of privacy, something that lets them sell the idea that Western democracies would never engage in the kind of round-the-clock surveillance for which China is accused , while retaining the power to uncover users’ identities when needed.

I mean, what exactly is the difference?

European proponents of privacy-preserving CBDCs say they want to recreate the freedom of cash. But as security analyst Lukasz Olejnik pointed out this week in his critique of the European proposal, these models are a long way from the anonymity of euro notes. In the case of the offline NFC transactions, service providers would be required to record data on the amount spent; the phone or other device’s unique identifier; the date and time of the transactions and the account numbers used. Does any such identifying information get logged when you hand over a banknote to a merchant? No.

Meanwhile, the crackdowns on open-source privacy projects are a clear indication that tolerance for people engaging in private, non-monitored transactions is low, whether in Europe or elsewhere. The Netherlands played a very active role in prosecuting the U.S. case against Ethereum-based mixing service Tornado Cash, arresting developer Alexey Pertsev days after the U.S. Office of Foreign Asset Control took the unprecedented step of placing the open-source software system – not a person, nor a company, but a body of code – on its list of sanctioned foreign persons.

Misplaced enforcement actions

The Tornado Cash enforcement, which civil rights activists decry as an attack on free speech , sent a chill through the pro-privacy cryptography community. It fears for innovation in the field as developers worry about reprisals by security agencies.

Sure enough, the legal pressure on privacy coin Zen reached such extremes this week that developers relented and altered the code to strip it of its privacy protections . Zen transactions are now open for all to see, which prompts the question: why bother?

This crackdown is boneheaded. We are entering into an artificial intelligence era in which digital systems are extracting ever-ballooning amounts of data from our digital activity and can use it to manipulate us. Privacy tech is a bulwark against that encroachment into our lives. Our leaders have expressed concern about AI’s invasive powers, so they should be encouraging the development of these innovative solutions, not driving them out of town.

Let’s recognize that a half-century (since the introduction of the 1971 Bank Secrecy Act ) of ever-expanding compliance rules to enable government surveillance of financial activity has built such a complex web of compliance requirements for financial institutions that true digital privacy is mostly impossible without tearing down that entire complex of regulations. That sort of reform runs counter to the principles of that surveillance system, which governments built in a (mostly futile) effort to curb money laundering and other forms of illicit finance.

Compromise?

This brings me back to not getting the cake and expecting to eat it too: maybe governments should give up on the illusion they can be trusted to protect privacy. They should admit that, at some basic level, these institutions systematically demand information from the people they govern. And maybe, just maybe, with that open recognition, we can start to figure out a compromise that makes sense.

The European Commission has shown itself incapable of embracing real privacy in digital money

You see, unlike Olejnik, I think Central Bank Digital Currencies (CBDCs), if done correctly, could bring significant economic value. I believe that the smart contract capabilities enabled by true peer-to-peer monetary settlement could introduce new efficiencies across society that traditional bank-intermediated IOU money simply cannot achieve. Although I still prefer a stablecoin model led by the private sector and believe that bitcoin and other native cryptocurrencies are crucial for our financial future, it would be oversimplifying to dismiss CBDCs as meaningless. Whether cryptocurrency enthusiasts like it or not, CBDCs will introduce the power of monetary programmability to the economy (curiously, the EC proposal would explicitly ban the value-added usage for a digital euro – which raises the question: what is the purpose then?).

Is there a scenario in which an enlightened yet realistic government, one that is committed to both its citizens’ freedoms and its international obligations to combat illicit activities in the financial system, can find a feasible compromise on privacy for CBDCs? Such a middle-ground solution would not aim to replicate the level of privacy found in physical cash, but it would establish numerous cryptographic and legal barriers that would make it extremely challenging for governments to monitor users. Access to any potential “back door” would only be granted under the most extreme circumstances and with a court order.

Zero-knowledge proofs and other privacy-enhancing technologies make such models possible. The Project Hamilton initiative, a collaboration between the MIT Digital Currency Initiative and the Federal Reserve Bank of Boston, is currently developing a privacy-preserving template for the consideration of the Federal Reserve. However, at this stage, it appears unlikely that the Federal Reserve will be as forward-thinking in the development of a digital dollar.

But if the United States and Europe fail to take the lead, perhaps other governments will seize the opportunity.

In the coming years, I anticipate that online privacy will become increasingly important, not only for individuals but also for businesses, who will begin to perceive their transaction history as a form of property right. The government that best meets this demand could emerge as the winner.

Edited by Ben Schiller.