Will A Digital Dollar Offer Financial Privacy?

“At some point, a CBDC that fails to provide a high degree of financial privacy will be used to monitor and censor the transactions of one’s political enemies. It is foolish to think otherwise.” ~ William J. Luther

The White House appears to be clearing the runway for a central bank digital currency (CBDC). In March, President Biden signed Executive Order 1406, which required the Secretary of the Treasury, Attorney General, Director of the Office of Science and Technology Policy, and the Chief Technology Officer to provide a series of reports on the feasibility and desirability of issuing a CBDC. In September, the White House outlined its policy objectives for a CBDC and tasked the Treasury with leading “an interagency working group to consider the potential implications of a U.S. CBDC, leverage cross-government technical expertise, and share information with partners.” The time and effort devoted to the topic suggest the administration intends to issue a digital dollar.

While some version of a CBDC will likely be introduced, there are many questions about the form it will take. One important question concerns the extent to which a digital dollar would offer financial privacy. 

Andrew Bailey and I have made the case for financial privacy:

Privacy is a necessary feature of a free society. ‘If you give me six lines written by the hand of the most honest of men,’ the French cleric and statesman Cardinal Richelieu said in the 17th century, ‘I will find something in them which will hang him.’ A record of every transaction a person has made would make that task much easier. We recognize the danger of ubiquitous surveillance, as evidenced by the negative legal connotations of a ‘fishing expedition’ and the doctrine known as the ‘fruit of the poisonous tree,’ which makes evidence obtained from an illegal search inadmissible. Without financial privacy, anyone might be convicted of lawbreaking simply because those in power have set their minds to it.

We have also expressed concerns that the government “may be tempted to compromise on financial privacy when implementing a CBDC.” More recent statements from the White House do not alleviate those concerns.

There are two types of financial privacy. The first deals with the extent to which one’s financial data is kept confidential from other private parties. The second deals with the extent to which it kept confidential from the government. Ideally, digital dollars would offer a high degree of both by default.

Financial data can be obtained by private parties without authorization through hacks and data breaches. To this end, the White House policy objectives note that a “CBDC system should be secure” and that it “should include appropriate cyber security and privacy incident management.”

Financial data can also be obtained in less nefarious ways. When you purchase a coffee in person with cash, Starbucks doesn’t learn very much about you. When you purchase it via the Starbucks app, however, they learn quite a bit. Some people find that creepy. Others are happy to earn rewards and appreciate targeted advertisements. 

The White House policy objectives suggest that a digital dollar would not generally share much information with one’s trading partners. “Sensitive financial data should be private,” it says:

The CBDC design, deployment and maintenance should adhere to privacy engineering and risk management best practices, including privacy by design and dissassociability. Built-in protections and design choices should ensure that privacy is included by default, including ensuring that data collection conforms to reasonable expectations and only data that is strictly necessary for advancing CBDC system policy objectives is collected.

Of course, the CBDC may fall short of these ideals in practice. But it seems likely that the government will try to prevent private parties from accessing a CBDC-user’s financial data by default.

It is far less likely that a digital dollar will provide sufficient financial privacy from the government. The White House says that a CBDC should “protect against arbitrary or unlawful surveillance.” That’s hardly an assurance. There is nothing arbitrary about collecting data on all users. And current laws permit a high degree of financial surveillance.

The White House explicitly states that a CBDC “should be designed to facilitate compliance with anti-money laundering (AML) and combating the financing of terrorism (CFT) requirements, as well as relevant sanctions obligations.” These obligations are onerous, and have only grown more onerous over time. 

Nicholas Anthony explains how inflation since 1970, when the Bank Secrecy Act was passed, has caused more and more transactions to fall under its reporting threshold of $10,000. Had that threshold been adjusted for inflation, it would stand at $74,378 today. Very few of the requisite reports—3.85 percent of Suspicious Activity Reports and 0.44 percent of Currency Transaction Reports—prompt a follow up from law enforcement. These reporting obligations impose costs on everyone using the financial system, for little benefit.

More worryingly, the White House leaves open the possibility of outright financial censorship. “The CBDC system should also be protected from abuse during periods of high political volatility or deviation from democratic values,” it says.

Who gets to decide whether a mostly peaceful protest amounts to high political volatility? Who determines whether a political donation supports a person or party that deviates from democratic values? These are important questions that should not be left to whomever happens to be in office at the time.

Politicizing payments risks significantly undermining our First Amendment rights. Instead of ruling financial censorship out of bounds, the Biden administration suggests it might be A-OK in some circumstances. The administration doesn’t seem to appreciate that some other administration will be making decisions about what constitutes high political volatility or a ‘deviation from democratic values’ at some point in the future.

David Hume famously recommended we design institutions under the assumption that all men—and especially those who might gain power—are knaves, with the appropriate checks and balances such an assumption would justify. Issuing a CBDC without hardcoded guarantees of financial privacy would seem to require rejecting Hume’s sound advice. At some point, a CBDC that fails to provide a high degree of financial privacy will be used to monitor and censor the transactions of one’s political enemies. It is foolish to think otherwise.