[ad_1]
Any U.S. central bank digital currency (CBDC) will involve trade-offs among important values — including between security and privacy. Many presume there is a clever tool for such balancing. In privacy “tiering,” transactions below a certain threshold of value would be generally private. Those above it would be subject to surveillance through some mix of identity requirements, preemptive data collection, and such.
But a tiered system would not protect privacy as imagined. Because of likely evasions, it would ultimately require identification of all users and tracking of their transactions.
The tension between security and privacy is real. At one extreme, a system that is wide open to government agents would allow them to make full use of financial transaction information for law enforcement, national- and state security purposes. This would come at a tremendous cost to privacy and liberty.
The other extreme, allowing maximal and indefeasible privacy, would carry significant security costs. Between the two extremes lies privacy tiering. It is attractive as a sort of slider, allowing policymakers to draw the line between privacy and security. There is precedent for tiering. The current amount at which U.S. financial surveillance law requires reporting of cash transactions to the government is $10,000.
Recent remarks by U.S. Treasury Under Secretary for Domestic Finance Nellie Liang illustrate the theory of the privacy-tiered CBDC. “[O]ne way of reconciling privacy with illicit finance concerns in a retail CBDC,” she said, ”might be to have a tiered structure in which less data are collected for small dollar transactions or small volume accounts.”
The digital euro, for example, is likely to include tiering, according to remarks of Ireland’s finance minister reported last year. Neither commentator, it is worth noting, appears to be contemplating any wholly private transactions on a par with physical cash. A recent Hoover Institution report described China’s e-CNY as including a five-tier system, but the People’s Bank of China can trace the entire flow of money.
“ With so much buy-in, why does privacy tiering fail? ”
With so much buy-in, why does privacy tiering fail? In a recent AEI report, former CFTC Chairman Christopher Giancarlo and I described how such a system can be gamed — inevitably producing a full-surveillance response:
If transactions can be anonymous below a certain threshold, someone wanting to move value privately or illicitly would create multiple accounts and route multiple small transactions through those accounts. Recognizing that avoidance technique, the authorities would likely control the number of accounts or wallets any one person could create. That requires identification of all users and connections between all wallets and users. There is no obvious way to prevent a coin adopting the small-value privacy compromise from rapidly becoming a surveillance coin.
A cryptography caveat is in order: Just maybe there is some cryptographic trick that could allow controls on account creation, for example, preventing what is known in the cryptocurrency world as a “Sybil attack” on privacy tiering. Perhaps zero-knowledge proofs could show at creation of any new CBDC wallet that it is in the control of someone not already having a certain number of other wallets. Even that requires locked-down identity proofing — a national identity system, essentially — which is itself anathema to American values.
Privacy in an American CBDC is not for policymakers to establish. The constitutional slider that determines when privacy gives way to security is the Fourth Amendment’s requirement that government searches and seizures be reasonable. U.S. Supreme Court doctrine creates two tiers of such activities: InTerry v. Ohio, the Court ruled that reasonable suspicion based on articulable fact justifies a modest invasion of privacy or property. More intensive searching and seizing requires a neutral arbiter to agree that there is probable cause to believe particularized evidence or fruits of crime will be revealed or collected.
The Fourth Amendment doesn’t have a place for the kind of universal surveillance assumed by privacy tiering. Indeed, the Fourth Amendment is in the Constitution to bar general warrants. Our founding law does not permit unspecified government authority to rummage people’s things or monitor their activities without suspicion.
Privacy “tiering” sounds like a reasonable compromise, an appropriate tradition and standard. It is not. Indeed, it is a standard in a very different kind of society. As Giancarlo and I write in our report: “Financial surveillance in the West is more like China’s than many would like to admit.”
Especially given the unavailability of reliable privacy tiering, any U.S. CBDC should comport with American values by allocating people the full measure of financial privacy for all transactions, subject to searches and seizures of what data their transactions produce only when constitutional standards are met.
Jim Harper is a nonresident senior fellow at the American Enterprise Institute (AEI), where he focuses on privacy issues, and select legal and constitutional law issues.
Also read: As the U.S. targets China, big tech and social media, bashing TikTok may be easier than banning it.
[ad_2]
Source link
