Michael J. Casey is the chairman of CoinDesk’s advisory board and a senior advisor for blockchain research at MIT’s Digital Currency Initiative.
The following article originally appeared in CoinDesk Weekly, a custom-curated newsletter delivered every Sunday exclusively to our subscribers.
Among the barrage of commentary accompanying the Libra circus on Capitol Hill last week was a single short tweet from lawyer Marco Santori that summed up the core problem confronting Facebook’s cryptocurrency project – and, for that matter, any corporate-led effort of its kind.
Satoshi was following a Cypherpunk dream. He/she or they wanted to bring privacy to digital payments, to translate the offline experience of cash transactions into the online realm. The idea: that a user needn’t prove their identity to execute a transaction with anyone else on the Internet – just as there’s no need for me to show a document proving that I’m Michael Casey every time I hand over some dollar notes to someone.
This matters not because everyone using cash or bitcoin is a money launderer evading law enforcement, but because identification poses a real barrier to commerce. If society has an interest in identifying people – as financial law enforcement agents would argue – then we must recognize that this comes with an enormous trade-off in terms of foregone economic activity.
Think of the 2 billion “unbanked” adults from the world’s developing countries, the people that Libra, ostensibly, wants to serve. A lack of education, poor credit records, and untrustworthy state-issued ID papers means these people can’t qualify for accounts at local banks (primarily because those local banks are themselves compelled to comply with strict international “know your customer” procedures lest they are cut off by their foreign banking counterparts.) For a very large number of the world’s adults, identity is a very real barrier to commerce.
But you can also think of the billionaires that run Wall Street’s hedge funds or the giant banks and brokerages that trade on their behalf. None of those guys want their identities revealed when they place a buy or sell order for a stock, bond or commodity. The market will just trade against them.
Identity also limits fungibility. As I’ve argued before , money is most useful if its past is unknown. Any single dollar, or single bitcoin, must be worth the same as any other single dollar or bitcoin. But if I receive a dollar or bitcoin that might subsequently be subject to a legal or enforcement claim due to its involvement in a previous transaction, the uncertainty attached to it will, by definition, reduce its utility. This leads to a depletion of monetary fungibility. As to why that’s a problem, just ask anyone with an account at a brokerage or other entity whose assets have been frozen for some criminal or civil action over which they themselves had no involvement.
So, privacy matters. If we are to bring digital, borderless commerce to the widest possible user base and expand the global economy, we must strive for privacy.
Privacy Tech Meets Increased Surveillance
Sadly, bitcoin failed to achieve sufficient privacy, at least in its initial form. Why? Because its public ledger is, well, public.
When combined with the “know your customer” procedures of legally compliant crypto exchanges, its traceability means a user can relatively easily be connected to past transactions once they have been identified at any one of those on- and off-ramps.
This is the problem that led to the creation of cryptocurrencies with more robust privacy protections such as Zcash and Monero, along with the invention of bitcoin mixers and potential sidechain solutions for obscuring transaction trails such as Mimblewimble.
Indeed, it’s quite noteworthy that at the same time that regulators are expanding their purview over cryptocurrencies – see the Financial Action Task Force’s new disclosure rules – and demanding increasingly more user-identifying information, cryptocurrency developers are driving in the opposite direction: toward more privacy, more self-custody, more trustless exchange solutions, more user autonomy. They’re striving for the goal of electronic cash.
The Centralization-Decentralization Contradiction
Here’s the catch: if you’re not building on top of a fully decentralized, permissionless system though, it’s impossible to assure users of privacy. If the nodes maintaining the ledger are identified as belonging to a particular list of authorized validators – e.g. the Libra Association’s 28 members – authorities can, and will, demand the identity of users when they so desire or they’ll have transactions censored or reversed. They’ll do so to meet anti-money laundering or counter-terrorism objectives, or, more cynically, they’ll make such demands to simply assert control over the population (e.g. digital surveillance in China.)
Facebook’s David Marcus, as the identifiable representative of a U.S. incorporated company, had no option, of course, but to swear that Facebook’s Libra application, Calibra, would comply with KYC requirements and cooperate with anti-money laundering initiatives. It was a legal no-brainer. It didn’t matter much, though, because law enforcement agencies – with just a little bit of cross-border cooperation – will be able to hold him to his word by way of the Libra Association members themselves.
Therein lies the “don’t worry, we’re centralized” side of the bifurcated argument Santori alluded to. It’s the assurance that says “you know where to find me.”
The problem is that the American people – and, by extension, their lawmakers – are kind of schizophrenic on these matters. That’s because, quite rightly, privacy is also becoming an increasing concern with regards to tech companies’ data collection, and especially with Facebook. It was quite striking – satisfying, in fact – to see how many questions from lawmakers addressed these concerns, where they sought assurances that Calibra would not exploit people’s personal data.
In essence, Marcus’s response was: “don’t worry, we’re decentralized.” The idea was that the structure simply won’t permit any member to invade a user’s privacy.
So, it’s a contradiction, but one that, by definition, doesn’t arise within bitcoin or other decentralized cryptocurrencies, which can much more accurately say, “you don’t know where to find me.” (In fact, there is no “me” in such cases.)
What Do We Want?
In many respects, this contradiction is not a function of Facebook’s involvement in this project or Libra’s structure per se but of competing public interests. We can’t have our cake and eat it too. We can’t simultaneously insist on absolute privacy and the power to intervene in transactions to catch bad guys laundering money.
I believe the answer lies in a combination of technologies, system designs and a more creative approach to regulation that, unfortunately, doesn't exist yet.
Hope lies in tools such as zero-knowledge proofs and in emerging “self-sovereign” identity concepts, as well as in a more open-minded regulatory model for curtailing crime – one that doesn’t depend on revealing people’s personal identifying information.
But these are a ways off; they will require user adoption and; to a still large extent, belief in them by policymakers.
For now, then, David Marcus and his cohorts have no choice but to keep speaking out of both sides of their mouths.
David Marcus image via House Financial Services Committee