The International Monetary Fund (IMF) published a report in August by Fintech Notes which detailed the privacy risk associated with central bank digital currencies (CBDCs). Titled ‘Central Bank Digital Currency Data Use and Privacy Protection’ it addressed retail-use of CBDCs and provided ‘a framework to help countries navigate, as well as tools to help them manage, the trade-offs between CBDC data use and privacy protection.’
Note that the report must be downloaded in order to view it. The report also listed a disclaimer and citation notice on page III.
“CBDC data allows for commercial exploitation while also raising the possibility of state surveillance,” the report said on page 20. “Whether populations place greater trust in their government or in commercial bodies would be an important factor.”
The authors also defined a key difference between a CBDC and the current monetary system.
“In contrast to cash, CBDC could be designed to potentially include a wealth of personal data, encapsulating transaction histories, user demographics, and behavioral patterns,” the report said on page 1.
Notably, while this report does not mention biometric identification, another FinTech Notes report published by the IMF in August ‘Cyber Resilience of the Central Bank Digital Currency Ecosystem’ does.
“Account-based CBDC models entail electronic holding of funds in a user account and follow debit and credit methods to facilitate instantaneous transfers. This is akin to traditional bank accounts and electronic payments. In an account-based model, the key area of protection is the user’s identity which could be achieved by strong access and identity management tools using passwords, passphrases, biometrics, or a combination of similar tools,” that report said on page 13.
Many expect a CBDC to utilize a biometric identification system in order to function as intended, as anonymity is antithetical to a CBDC’s very nature.
One of the key concerns with a CBDC is the ability for governments to crack down on illicit activity. While many may think of the sale of street drugs or prostitution as illicit activity, those activities have been garnering legality in many jurisdictions while the sale of wholesome farm-to-table food is being legislated against in the courts.
“If permitted by the relevant laws, CBDC data use could allow for increased traceability for such authorities to track or prevent illicit and fraudulent activities,” the report said on page 1.
Although not implicitly stated in the report, in addition to banned activities, a CBDC can also theoretically be used to permit only certain activities and purchases. This mechanism is likely only possible with a biometric identification system.
The authors noted that outside of government surveillance, the threat of hacking and leaking exists with a CBDC.
“If poorly designed or managed, CBDC personal data use could pose risks to privacy, arising from events such as data leakages, data abuses, cyberattacks, and cross-border payments data flows, thus also negatively affecting CBDC adoption. Indeed, technology alone cannot ensure privacy protection. For instance, even anonymized transactions can be reidentified and the data can be de-anonymized with metadata,” the report said on page 1.
It was previously reported that JP Morgan sold 80 million customer transaction histories to advertisers and hacks of corporation’s data are already commonplace. This is all without a CBDC.
The report goes into technicalities with various theoretical data-collection protocols and policies offering their various benefits and drawbacks. It then goes on to list various risks to privacy that come with a CBDC, one of them being cyberattacks.
“The CBDC ecosystem could become targets for cyberattacks, such as hacking, phishing, and malware. These attacks could steal user’s personal data or disrupt currency operations. Cyberattacks can compromise the integrity of the financial system, lead to financial losses for consumers, and significantly undermine confidence. Potential risks could stem from the advent of quantum computing, vis-à-vis the many non-quantum-proof cryptography already deployed in existing payment and web systems (although CBDC could be designed to be quantum-proof from the get-go). Resilience to cyberattack is therefore an important factor in building trust in CBDC, as any successful attack or data breach could erode public trust and confidence with systemic implications,” the report said on page 14.
An interesting graph on the tradeoff between privacy and data usage was provided on page 18 of the report.
Accuracy is another area of concern for a CBDC, as inaccurate data may inadvertently harm a user, similar to how another surveillance system, face scanning cameras, have ensnared innocent individuals.
Notably, the report did not specifically mention social credit scores – a system that can be easily enabled via the use of a CBDC.
A social credit score is a metric of the obedience of an individual in relation to what the government deems desirable. It can be used to place benefits and punishments upon individuals for their activities, thoughts and opinions, in order to form the person into what the authorities consider desirable.
While this report did not touch on biometrics to begin with, it also did not touch on the most invasive form of biometrics, implantable microchips. The technology has seen limited use for decades and many theorize it may be instituted in the future, potentially along with a digital currency and social credit score system.