Digital Pound: Thoughts on the response to the digital pound Consultation Paper

In this article I will review the latest publication by the Bank of England and HM Treasury on the Digital Pound. Today I will take an approach a little different from the one of my past articles and basically quote parts of the document and then add my remarks, questions and concerns (in italic).

The official document is called:

Response to the Bank of England and HM Treasury Consultation Paper:
The digital pound: a new form of money for households and businesses?



“In February 2023, the Bank of England (the Bank) and His Majesty’s Treasury (HM Treasury) published a Consultation Paper to seek feedback from the public on the design of a ‘digital pound’. The Bank and HM Treasury received over 50,000responses to the consultation, demonstrating widespread interest in a digital pound and engagement with the proposals. Many respondents to the Consultation Paper raised concerns about the implications of such a digital pound for access to cash, users’ privacy, and control of their money. This Consultation Response continues that UK’s national conversation and sets out the steps that will follow during the design phase. (…)

The Consultation Paper explained that, if current trends in payments continue, a digital pound could be a‘solution’ to two ‘problems’: first, risks to the ‘uniformity’ or ‘singleness’ of money, and second, risks to competition in payments.”

This paragraph provided a good introduction into what the UK is trying to achieve with their Digital Pound project. The reasons behind the project seem good and sound.

“Trust is a prerequisite for a digital pound. The Bank and HM Treasury sought toprovide assurances in the Consultation Paper that measures would be put inplace to ensure the public would have confidence in using a digital pound.”


I fully agree with this statement: if people will not trust the “Digital Pound” it is doomed. Therefore, it is important that the technical solution that is conceived deserves such a trust from the citizens and the foreigners that will use it. The question is about “Who do you trust?” and “What is that trust based upon?” When Harry says: “Bitcoin is the new gold” and William says: “Bitcoin is a pyramid scheme”, whom do you trust? Ask Andrew?


“For example, the Bank, as operator of the core infrastructure, would not have access to personal data. Private-sector digital pound wallet providers, Payment Interface Providers (PIPs), would anonymise personal data before transactions are processed and settled by the Bank. The Bank and HM Treasury would also not pursue government or central bank-initiated programmable functions.”

When we speak about privacy and CBDCs, there should only be one question that is asked before all others, as it makes a lot of debate completely and utterly unnecessary. This ‘magic’ question is:

IS THERE REAL PRIVACY FOR USERS FROM ALL PARTICIPANTS IN THE PLANNED CBDC ECOSYTEM? This seems to me to be the ONLY relevant question.

“Before any launch of a digital pound, the Government has committed to introducing primary legislation. This means that a digital pound would only be launched once both Houses of Parliament had passed the relevant legislation (…)

Privacy would be a core design feature of a digital pound: The Bank and the Government would not access users’ personal data – and legislation introduced by the Government for a digital pound would guarantee users’ privacy (…)

The Bank commits to exploring technological options that would prevent the Bank from accessing any personal data through the Bank’s core infrastructure.”

Claiming that there is privacy from “this” party or “that” party is just a marketing trick to mislead the citizen in my opinion. Why not be transparent and spell it out: There is privacy from the central bank, and there is zero privacy from the bank or payment service provider. There is also nothing that would prevent the GCHQ from collecting all the personal payment data from the banks and payment service providers either, other than a (new) law that could be repealed as quickly as it will be created. Snowden clearly showed that some of these intelligence organizations did not care very much about legislation in the past. But the future will certainly be better…

“The Bank and the Government would not program a digital pound – and legislation introduced by the Government fora digital pound would guarantee this.”

The same I said above applies here as well. There are definitely use cases where programmability makes sense and the technology is available,but it may be necessary to call those things “Vouchers” or “Ticket Restaurants”rather than Digital Pound.

“The Government has legislated to safeguard access to cash, ensuring that it would remain available even if a digital pound were launched.

Around 95% of the funds held by individuals to make UK payments today are private money, held as commercial bank deposits, and typically spent electronically, such as by bank transfer or debit card. As spending has become more digital, the use of cash for payments has declined, falling from 55% of transactions to 14% over the past decade.

The Bank, the Government, the FCA,and the PSR are committed to preserving access to cash for those who wish to use it.”

That is great to see. Stick to cash for the few cases and locations in the UK, where the 2 parties involved in a transaction would have no connectivity over a longer period. That also removes the pressure to deploy two-sided offline CBDC solutions, which come with huge and hard to estimate risks. The ECB is ready to spend over €600m on the subject as a research experiment, knowing full well that a safe solution is mathematically impossible. Is that really a good use of taxpayer money? How many square miles of 5G service can one deploy for €600m to remove those dead spots?

“But cash cannot be used in electronic transactions in an increasingly digitalised world.

The anonymity of cash transactions means that, in some instances, criminals can seek to hide behind it for money laundering and other forms of financial crime.

The UK Anti-Money Laundering (AML)and Combating the Financing of Terrorism (CFT) Regimes take a risk-based approach to managing these potential harms, so that the appropriate balance is struck between tackling any criminal activity and preserving freedom to use cash.

Digital Payments and Privacy

Unlike cash, digital payments, for example all debit and credit card purchases, generate personal data when used for transactions. Digital payments leave a digital footprint and so cannot be anonymous like cash.

The AML and CFT regimes also apply to digital payments. And because the ability to identify users is necessary to prevent financial crime, there are requirements for certain information to be sent alongside payments, with the amount of information required reflecting the value and perceived risk of the transaction.

Although digital payments are not anonymous, the privacy of the user’s identity and the data generated by transactions are stringently protected through data protection laws passed by Parliament.”

This is a loaded paragraph. It started with the table informing us we will get the same great privacy as we get from bank accounts and credit cards: ZERO. Then the BoE will deploy privacy by design in an ecosystem that is designed with zero privacy.Interesting concept in my opinion.

It continues with the premise that anonymity automatically means criminal activity, money laundering, and so on. Now, if we take a step back and ask ourselves, in all those forbidden and undesired activities, who is usually the villain law enforcement is trying to catch?  

Doesn’t the villain usually want to “collect or assemble money”through his criminal activities? I do not know of many criminals that were in the crime business to distribute their money. Most want to get rich. Tax evasion exclusively happens on income, so does money laundering. So, I think that clearly establishes that if we want to prevent illegal business, tax evasion and money laundering, we must target the reception/collection of money. Receiving money anonymously is an absolute No Go. Now, hold that thought!

I am now buying something on Amazon.com. Whose privacy shall be protected now? Is it my privacy or that of Amazon that needs protection? I think this is pretty clear as well, we want to protect the privacy of the buyer, the spender of the money and not of Amazon, the seller and recipient of the money. We want Amazon to pay its income taxes for a change. It is none of Amazon’s business to know who bought the book as long as it was paid for – that is what GDPR had promised to deliver to EU citizens and failed miserably so far.I think we can all agree that the person, who should have privacy and data protection is the buyer of the book, the spender of the money. Right?

Now combing those two elements, we are able to conclude logically that a system that provides anonymity to the spender of money and none to the receiver of money is exactly what we are looking for. No tax evasion, no money laundering, no illegal business and no loss of privacy on personal identifiable data. Bingo!!! That is not what we are getting here with the Digital Pound.

The next paragraph makes it very clear that the Digital Pound will let everyone that can see your personal payment data today (banks,credit card companies, law enforcement, …), continue to see it in the future with a Digital Pound, and it just clarifies that it is not the intention of the project to add the central bank as one more party that has access to your private data to the already long list.

“The Consultation Paper committed to making a digital pound at least as private as the regime that applies to digital payments today. In addition, neither the Bank nor the Government would have access to users’ personal data. A digital pound would not be anonymous given the need to support enforcement against financial crime. But personal data for that purpose would be held by the Payment Interface Providers (PIPs) and would not be visible to the Bank and the Government.

All firms that process personal data within a digital pound system would be subject to robust regulation and have to comply with UK data protection laws, such as UK General Data Protection Regulation (GDPR). "

Well, well, well. I am not familiar with UK version, but the EU GDPR is a good idea implemented and enforced in the worst possible way. Even the few convicted offenders still make a killing from their infraction – a great legal deterrent that is… Let the UK surprise us in a different way than the EU has. Any hopes?

So in summary with my added column on the right:

 Here is the paper in summary with my key points:

🔴 Privacy Enhancements by the BOE (summarized by Richard Turrin):

  • The Bank of England (BOE) ensures user privacy for the digital pound. The government and the Bank will not access personal data via the Bank's main     systems.
  • New laws will be enacted to protect users' privacy rights with the digital pound.
  • The BOE is exploring technology that would block its own access to personal data.
  • A diverse working group focusing on privacy issues will be formed during the design phase, with open invitations for information contributions.

This portrayal by the document seems like pure marketing in my opinion, as there is ZERO privacy in the full CBDC ecosystem, and it then really makes no difference, if the central bank can see everything that the banks and PSPs can see anyways or not.

🔴 Programmability Safeguards (summarized by Richard Turrin):

  • Legislation will also ensure that the digital pound cannot be programmed by the Bank or the government.
  • The BOE and HM Treasury are investigating additional technological measures to prevent any programming interference.
  • These measures aim to stay ahead of technological advances and maintain a secure digital currency.

Call the non-programmable money “digital pounds” and call the programmable version “Voucher” or “Ticket Restaurant”. That solves the problem of ‘restricted’ Digital Pounds. Just give it another name and make it a bearer instrument in order to remove the concerns. If it is not a bearer instrument, programmability should not even be allowed as voluntary ‘opt-in’.


There is a use case for both, and the programmability is supposed to be offered by the private sector anyways via the acceptance of (usually unreadable and unread) terms and conditions. Remember GDPR? It is expected, but not supposed to be said out aloud. The question basically comes down to the following: Is something like a “Ticket Restaurant” a good idea or not?

 

👊 Straight Talk:

  • If you are playing devil’s advocate, you will say the BOE is trying to trick its citizens into believing that there is any privacy in the proposed CBDC ecosystem,     when there is actually ZERO. Is that ignorance or is it by design, is the interesting question.  
  • I need to add here (because you could easily believe the opposite) that I am an advocate for CBDCs. I want to see CBDCs happen, because I know that they can add value and it is possible to design them in both a fully privacy preserving and fully compliant way. But please do not put lipstick on a pig – just speak the truth. Do not claim that “privacy from the central bank” and “a strong legal framework” will do anything to protect citizen's privacy!!!

Remember the one and only question to ask about CBDCs:



IS THERE REAL PRIVACY FOR USERS FROM ALL PARTICIPANTS IN THE PLANNED CBDC ECOSYTEM?