Thursday, November 14, 2019

"Controllable anonymity"


Reuters and Coindesk report that that the People's Bank of China's imminent central bank digital currency (CBDC) is going to have a feature called controllable anonymity. Perhaps some wires have been crossed in the translation, but it'd be hard to come up with a more Orwellian piece of double speak than this. Plenty of people on Twitter are sneering.

But in this post I'm going to take China's side, if only tepidly.

None of the news articles have made much of an effort to explain controllable anonymity. But we've actually known about this feature for quite some time. Back in 2018, the project's head, Yao Qian, provided a short description of it. It's not as Orwellian as it seems.

China's new CBDC, otherwise known as the Digital Currency Electronic Payment (DCEP) platform, requires users to provide their real identities when they sign up. In the link above Yao calls this real-name at back-end. So the People's Bank of China will be privy to the identity of each user. This is to guard against money laundering and tax evasion. So not much anonymity here.

The element of anonymity crops up in a different part of the transactions cycle. It seems that a payee will be able to control what sort of information they throw off to the counterparties that they are dealing with. Yao calls this voluntary anonymity, presumably meaning that payors/payees can volunteer how much of their personal information they wish to leak out to stores, suppliers, customers, or whatnot. This sort of fine-grained control over one's data isn't something that you can do with, say, a credit card. If I buy groceries at Loblaw, who knows what sort of personal information they are collecting about me.

Source: Technical Aspects of CBDC in a Two-Tiered System, by Yao Qian [link]

So the upshot is that China's CBDC will be providing a certain sort of privacy to users. Which reminds me about what Rodney Garratt and Morten Bech, two economists that specialize in payments systems, have written about payments anonymity. According to Garratt and Bech, there are two grades of payments anonymity. With third-party anonymity, a person's true identity is hidden from everyone who participates in a transaction, including the system operator. Banknotes are the best example of third-party anonymity, since the issuer—the central bank—has no idea who is using them.

Counterparty anonymity is less strong. This sort of anonymity prevails when personal information about the two counterparties to an exchange remain hidden from each other but the system operator is still privy to each user's identity. Yao's controlled anonymity presumably means that DCEP will provide Garratt and Bech's second sort of anonymity, counterparty anonymity.

Federal Reserve researchers like Charles Kahn, William Robers, and Jamie McAndrews have delved into the benefits of counterparty anonymity. The ability to cloak your information from sellers or payees reduces the risk of identity theft, the possibility that a counterparty might stalk you and rob you, or the odds of becoming a victim of direct advertising and other solicitations.

Here is Kahn:
"Suppose, for example, that I wish to make a perfectly legal transaction with a stranger but wish to ensure that there are no unpleasant ramifications down the road. It is not hard to think of examples where the information about the purchase of a good makes the individual vulnerable: a purchase indicating that the individual has high wealth, or a purchase that may be embarrassing, even if perfectly legal (certain medications, for example). More prosaically, making a purchase on the internet involves the revelation of identity in ways that make you subject to spam or harassment. In short, sometimes we want the ability to ensure that others cannot use the information in the history of our transactions against us."
Where does all this leave Chinese consumers with respect to payments privacy? It could be that they are worse off. If the People's Bank of China's new CBDC is being designed to replace cash, then on net Chinese citizens will lose the ability to transact in a way that is anonymous to all parties. Cash provides third-party anonymity, DCEP doesn't.

But it's also possible that Chinese consumers will be better off. If the new CBDC is designed as a complement to cash, then Chinese citizens may actually have more privacy options than before. Not only do they still have access to cash's third-party anonymity, but they also will gain strong digital counterparty anonymity. Surprisingly, this would mean that they will end up with more information-cloaking tools than us Westerners.

Once again I'm reminded of something Charles Kahn wrote. Privacy needs are different, so we should "expect a variety of platforms to emerge for specific purposes." In this context e-cash probably won't "play all the privacy roles that physical cash currently plays," says Kahn. It is possible that this multi-faceted approach to privacy is what is playing out in China.

2 comments:

  1. If the system operator is privy to each user's identity, it means they can exert power over them. Some people think it's a good idea, others think it's a terrible idea.

    ReplyDelete
    Replies
    1. Yep, that's true. It only provides counterparty anonymity, not third-party anonymity. In theory, at least, this can cut down on tax evasion, terrorist financing, and money laundering. In practice, perhaps not.

      Delete