Thursday, October 27, 2016

How anonymous is cash?

Dutch 10 guilder note. Holland and Lebanon are the only countries to have issued banknotes with bar codes.

One of the interesting things that we've all learnt about Bitcoin is that it isn't actually anonymous, it's pseudo-anonymous. While anyone can deal in bitcoins without providing personal information like a phone number or photo ID, all bitcoin transactions are broadcast to the public. By analyzing these transaction patterns, it may be possible to flush a user's true identity out into the open.

Bitcoin is an attempt to digitally replicate many of the features of the old fashioned banknote, but even banknotes are to some degree pseudo-anonymous. Each banknote has a unique serial number on it. By tracking serial numbers, it may be possible to connect a note to a noteholder and thereby destroy their anonymity. The process of unveiling note users occurs most often in kidnapping cases. When their young son was kidnapped in 1932, the Lindbergh family paid a $50,000 ransom in non-sequential banknotes. In an effort to identify the kidnapper, a list of the serial numbers of notes used to pay the ransom was published in the New York Times and circulated in pamphlet form to banks all over the New York area. Anyone who found the note was to immediately alert the authorities, this information being potentially useful in helping to triangulate the guilty party:

Published list of banknotes the Lindbergh's used to pay the ransom

Kidnappers prefer to be payed in non-sequential numbered bills. The Lindbergh kidnapper is no exception, writing in one of several ransom notes: "Don't mark any bills or take them from one serial nomer [sic]." The reason for this is that it's easy for a bank teller to cross reference incoming notes against a list that contains an easy-to-remember range of sequential numbers. When serial numbers are randomized, the list becomes much harder for the human eye to parse; just try to work through the above example. The non-sequential nature of the ransom payment probably explains why only a few of the Lindbergh blacklisted notes were found... least at first. The final pinpointing of the Lindbergh kidnapper really only became possible when Franklin D. Roosevelt decided to temporarily take the U.S. off the gold standard in 1933. Somewhat serendipitously, the authorities who were helping the Lindbergh family had decided to pay the 1932 ransom in gold certificates, a Treasury-issued instrument that was redeemable in a fixed quantity of gold. At the time, gold certificates circulated along with a motley crew of other private and government-issued note types including Federal Reserve notes, U.S. Notes, Federal Reserve Bank Notes, silver certificates, and National Bank Notes (see here).

As part of the process of going off the gold standard, Roosevelt issued Executive Order 6102 requiring all Americans to bring in their gold, gold coins, and gold certificates to be exchanged for Federal Reserve notes. The Lindbergh kidnapper would only tender a few of his gold certificates in 1933, perhaps worrying that bringing in all $50,000 at once would attract attention.

Subsequent to Roosevelt's Executive Order, gold hoarding became an illegal act. So when the kidnapper bought gas with a $10 gold certificate in September 1934, the gas station attendant—probably worried that he might not be able to deposit it—wrote the license plate of the car on the note. Three days later the station managed to deposit the note at its bank where it was successfully cross-referenced against the black list, a much easier process now that the population of gold certificates was so small. Bruno Richard Hauptmann, the kidnapper, had been unveiled.

Using serial numbers to unveil identity requires the cooperation of private banks as well as some luck, in the Lindbergh's case the coincidental alteration of the monetary standard. However, there is no reason that central banks themselves can't be aggressive in monitoring serial numbers. In 1973 the Dutch central bank, the De Nederlandsche Bank (DNB), set up the first real-time database of banknotes in circulation. All banknote serial numbers are registered in the database. As used banknotes are brought into DNB processing points each day, machines read their serial numbers and update the database to indicate that these notes are no longer in circulation. When these same notes are paid out to banks the next day, the system once again updates its database to indicate that they have re-entered circulation. Over time, the system gleans information about the paths taken by each individual note, including how long it stays in circulation and its geographical exit point. It also provides excellent protection against counterfeits. If the DNB detects two banknotes entering its system with identical serial numbers on the same day, then one of them is by definition a fake.

While many central banks were "intrigued" by the Dutch registration system none of them actually implemented the concept (see page 263 of pdf). As of 2012, the DNB  remains the only central bank to register banknotes on a daily basis, a fact which I find kind of shocking. Why have serial numbers if not for tracking? Decoration?

The upshot is that if you had to choose a place to be kidnapped, Holland would probably be it. As long as the serial numbers are recorded by the authorities before the ransom is paid, then the DNB's registration system can be mobilized to catch kidnappers. For instance, the DNB claims it was instrumental in catching the kidnapper of Gerrit Jan Heijn, an heir to the Albert Heijn supermarket empire, in 1987. When the kidnapper spent NLG 250 to buy groceries, the note was soon deposited at the DNB and read into the database, at which point authorities had enough information to trace it back to the commercial bank and then the supermarket.

Interestingly, there are a number of private banknote trackers on the internet, the most well known of which is Where's George. A user logs into the website and registers a U.S. banknote by entering its serial number. When someone else subsequently registers the same banknote, the ‘route’ of the bill is displayed. Where's George tracks around 266 million bills. EuroBillTracker, the equivalent for the euro, tracks around 160 million notes. Below is a map showing the "hits," or connections it has established over the last week:

Hits registered by EuroBillTracker

So cash is somewhat less than anonymous, or anonymous-ish, since behind the curtain an organization like the DNB may be recording serial numbers, and this data might be useful in learning about users' real life identities. By tracking serial numbers more robustly, the anonymity of cash can be further eroded. Imagine a Where's George world where each time a bills is used, the receiver is required to submit the serial number to a government-run central registry. If so, the banknote system would have attained the same level of pseudo-anonymity as bitcoin, where anyone is free to transact using banknotes but transaction chains are fully public.

We could go further and imagine a world where a central bank like the DNB requires that the circulation of high denomination banknotes, say the €200 note, be confined to 'legitimate' channels only. Cash is perpetually being withdrawn from the central bank, used in payments, and then redeposited at the central bank. To confine €200s to legitimate channels, the DNB would simply announce that it intends to limit redeposits to those notes that have fully verified transactions histories. Verification means that when someone receives a €200 note, they must register it by submitting its serial number to the central bank via an app along with some sort of proof of identity.

When someone fails to either register a note or provide adequate identification, that note effectively falls out of the system. After all, because the DNB won't allow a note with an incomplete chain of verified transactions to be redeposited, banks will refuse to accept any note that hasn't been registered by its current owner. And knowing that banks won't accept them, neither will retailers. Bills that have fallen through the cracks will only have value in an alternative black market where they'd likely trade at a large discount to legitimate notes. Incidentally, establishing a verification system for €200s is very similar to Ken Rogoff's idea of abolishing high denomination notes, except instead of withdrawing €200s, they'd be allowed to stay in circulation in 'cleansed' form.

Thanks to a distinctive earmark—their serial number—the anonymity of banknotes is never fully assured. While serial numbers are rarely used these days for tracing, who knows what might happen in the future. Privacy advocates can take some comfort in the fact that, unlike paper money, coins have no distinctive markings and are therefore capable of serving as a purely anonymous exchange medium. Unfortunately coins have a low value to weight ratio so lugging the stuff around is a pain. The Swiss and Japanese stand out here for issuing the highest value coins, the five franc coin and 500 yen coin respectively, each worth around US$5.

As for cryptocoin fans, tomorrow Zcash will be launching. Whereas the entire history of bitcoin transactions is public, Zcash succeeds in hiding everything about the transaction. That's true anonymity.


  1. Fun article, JP. Comes across as a bit of plug for Zcash, tho! Would have been great to hear a bit about the improvements in anonymity actually achieved by bitcoin, for example hierarchical deterministic addresses.

    1. You've got the floor. Maybe you can explain what hierarchical deterministic addresses are. I haven't heard of them.

  2. Great article, this is a bit late but you should look into Zcash some more. They are a US business subject to regulation which makes having truly anonymous currency very suspect. Also their nodes log and broadcast user IP addresses whenever they make a transaction, essentially making it possible to correlate wallet addresses with IP addresses of computers or phones. Which can be used to get user information based on those IP addresses like your facebook or linkedin and show which users spent what transactions and hold which balances.

    Only real way to avoid that is to run your wallets through a combination of Tor and VPN, but even then it's still a US business who could face regulation and legal issues at any time.