Is the world headed towards Central Bank Digital Currency? 

The Bank for International Settlements (BIS), is the governing body for most of the world’s Central Banks, including the United States Federal Reserve Bank. The BIS plays a pivotal role in the global financial system and has been actively involved in discussions and research regarding Central Bank Digital Currencies (CBDCs). One of the potential applications of CBDCs, as highlighted by the BIS and other financial authorities, is to enhance the monitoring and regulation of financial transactions to combat illicit activities such as money laundering, terrorism financing, and tax evasion. Here’s how CBDCs could facilitate this: 

Digital Traceability: CBDCs inherently possess a digital footprint, allowing transactions to be recorded on a blockchain ledger (think of it like an accountant’s ledger book), which could be either centralized or distributed. This digital traceability means that unlike cash transactions, which are anonymous and untraceable, CBDC transactions can be monitored and audited by the issuing central bank and other regulatory authorities. This makes it more challenging for individuals or entities to engage in illicit financial activities. 

Enhanced Regulatory Oversight: With CBDCs, central banks and financial regulatory bodies could have real-time or near-real-time access to transaction data. This capability would significantly enhance regulatory oversight, making it easier to identify suspicious transactions as they occur and take swift action. Advanced analytics and AI algorithms could be employed to detect patterns indicative of money laundering or other forms of financial crime. 

Implementation of Compliance Checks: CBDC platforms can be designed to automatically enforce regulatory compliance. For instance, transactions exceeding certain thresholds can be programmed to require additional verification before they are processed. Similarly, transactions involving entities on watchlists or sanctions lists can be automatically flagged or blocked, ensuring compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. 

Reduction in Anonymity: While the reduction in anonymity might raise privacy concerns, from a regulatory perspective, it limits the ability of criminals to operate undetected within the financial system. CBDCs can be designed to strike a balance between privacy and transparency, ensuring that while individual privacy is respected, there is enough transparency to deter and detect illicit activities. 

Global Cooperation and Cross-Border Payments: CBDCs can also facilitate improved cooperation between countries on financial oversight. With CBDCs, cross-border payments can become more transparent and faster, reducing the time window that criminals must move illicit funds across jurisdictions. Enhanced data sharing and cooperation between central banks and international regulatory bodies could further strengthen global efforts to combat financial crime. 

It’s important to note that while CBDCs offer these potential benefits for combating illicit financial activities, the implementation of such systems must carefully consider privacy rights and data protection laws. The challenge lies in designing a CBDC system that maximizes the effectiveness of regulatory oversight and crime prevention without infringing on individual privacy and freedoms. 

On October 19, 2020, the BIS General Manager, Agustin Carstens, called for “a unified programmable ledger in a public-private partnership”. He was talking about CBDC. Think of it as Bitcoin (blockchain) but without the privacy blockchain currencies afford. Mr. Carstens further stated, “for example, we don’t know who’s using a $100 bill today, we don’t know who is using a 1000 peso bill today. A key difference with the CBDC is that the central bank will have absolute control on the rules and regulations that will determine the use of that expression of central bank liability and also we will have the technology to enforce that.”  

So, in essence, Mr. Carstens is talking about a bank account with digital money which can be programmed for specific use. For example, the entity which controls the digital $100 in a given bank account could put an expiration date on the money thus ensuring it will be spent by a specific date. Or it could be programmed so it can only be spent on food, or rent, or gasoline. This programmability is only limited by the imagination of the controlling entity. 

Whether this is a good thing or not is conjecture. Either the BIS will restrict itself to a reasonable amount of control over every digital dollar and allow citizens of each nation to continue private individual control of their own private earnings or they won’t. 

Cybersecurity Risks in Achieving UN SDG 16.9 with Blockchain Technology

The United Nations (UN) Sustainable Development Goal (SDG) 16.9 aims to provide legal identity for all, including birth registration, by 2030. This ambitious target underscores the critical importance of identity in accessing a wide array of services and rights, from voting to healthcare. As we harness technology to realize this goal, blockchain emerges as a promising solution (1) for its ability to offer secure, decentralized, and tamper-proof ledgers. However, the integration of personally identifiable information (PII), personal health information (PHI), and other significant life events into a blockchain ledger brings to the forefront significant cyber risks that must be addressed.

Blockchain technology offers a revolutionary approach to managing digital identities, ensuring that every individual on the planet has a unique, unfalsifiable, and secure identity. By leveraging blockchain, we can create a system where all forms of PII and PHI are securely encrypted and stored, making them accessible only to authorized individuals and entities. This could dramatically reduce identity theft, fraud, and unauthorized access to personal information.

Using blockchain to manage sensitive data introduces complex cybersecurity challenges. While blockchain itself is highly secure due to its decentralized nature and cryptographic hash functions, the endpoints interacting with the blockchain, such as user devices and applications, remain vulnerable to hacking, phishing, and other forms of cyber-attacks. This vulnerability could lead to unauthorized access to the blockchain ledger, risking the exposure of sensitive personal information.

Second and maybe more importantly, blockchain data is permanent. It therefore presents a double-edged sword. Using blockchain to record EVERY event in your life ensures that once an event is recorded, it cannot be altered or deleted. This means it is an immutable history of an individual’s life events. This immutability raises concerns regarding the right to be forgotten. One may accurately suspect every individual has made choices they’d rather forget. This is not feasible with a blockchain-based digital ID. In Europe, the right to be forgotten is enshrined in data protection regulations like the General Data Protection Regulation (GDPR). Modifying or deleting personal data from a blockchain, once entered, is inherently difficult, if not impossible. This poses significant privacy concerns.

The concentration of vast amounts of PII and PHI in a single ledger, even if decentralized, creates a highly attractive target for cybercriminals. A breach could have far-reaching implications, potentially exposing the intimate details of individuals’ lives. While blockchain technology can significantly contribute to achieving SDG 16.9, ensuring the cybersecurity of such a system is paramount. And not to get overly controversial, errant governments could use the information in your personal life ledger to restrict access to important assets like your bank, or your job. This is already happening in China.

To mitigate these risks, a multifaceted approach is necessary. First, enhancing the security of endpoints through regular updates, robust encryption, and user education on cybersecurity practices is crucial. Second, implementing dynamic consent mechanisms where individuals have control over who accesses their information and for what purpose can help address privacy concerns. Additionally, exploring technological solutions, such as zero-knowledge proofs, can allow for the verification of information without revealing the information itself, further safeguarding privacy.

International cooperation and the development of global standards for blockchain security in the context of digital identities are essential. This would ensure a unified approach to tackling cyber risks, fostering trust in blockchain-based identity systems.

While blockchain presents a promising though possibly troubling pathway towards achieving UN SDG 16.9, it is imperative to navigate the associated cyber risks with a strategic, multifaceted approach. In this way, we can cautiously use blockchain technology to provide secure and immutable digital identities for all (if a person chooses to participate, but that’s another argument for another article), thereby unlocking access to essential services. One could even speculate that tying essential life services to a digital ID might do more harm than good.

Original article can be found here.

(1) https://unite.un.org/sites/unite.un.org/files/emerging-tech-series-blockchain.pdf