The Fed's Central Bank Digital Currency Report Falls Flat

from the why-do-we-need-this-again? dept

It took nearly a year, but the Federal Reserve has finally released its report on central bank digital currencies (CBDCs). The report fails to live up to the Fed’s hype. If anything, it shows a CBDC is a solution in search of a problem.

The 40-page report contains so little information, it makes you wonder what the Fed has been working on for all this time. To be fair, the report does offer an idea of how the Fed envisions a CBDC taking shape, but their vision is a bad one. The Fed may have finally made good on its promise to deliver a report, but it has a long road ahead if it intends to deliver a CBDC.

The Fed’s desired approach is for a CBDC that would be “privacy-protected, intermediated, widely transferable, and identify-verified.” That might sound good at first glance, but a closer look reveals that this approach is really quite unfortunate.

Protecting the privacy of the American people has been one of the greatest concerns around the design of a CBDC. So it makes sense that privacy was listed first. However, at the opposite end of the list, the Fed hedges on that promise with just two words: “identity verified.” Essentially, this means the Fed has abandoned the idea of crafting a CBDC that would act as a digital form of cash. It means people will need to have their identities verified before using the CBDC so that the Fed can keep a record of their transactions. Where cash offers Americans the freedom to make financial decisions in private — a freedom that should be protected by the Fourth Amendment — the Fed’s CBDC would likely be another avenue for information collection.

What’s more, it’s unclear what real benefits the Fed’s CBDC would have for consumers. In the report, the Fed stated that a CBDC could improve the speed of payments, financial inclusion, and the dollar’s international status. But those are all areas that are being fixed through other endeavors — endeavors that will likely be completed before a CBDC reaches the market.

For example, both the private and public sectors have been developing networks to speed up payments. For financial inclusion, survey data from the FDIC has found that the number of unbanked households decreases every year as technology makes banking more accessible. That rate of improvement will likely only increase as private sector initiatives to help the unbanked (e.g., BankOn) continue to get off the ground. Finally, every positive step for the dollar will improve its international status. A CBDC might help the United States keep up with the Joneses, but it’s not unique in its ability to improve the dollar’s status. More so, it is highly unlikely that a “CBDC” is a necessary requirement to compete on the world’s stage. People are not going to flock to the Chinese yuan or the Nigerian naira simply because they’ve “gone digital.”

A CBDC may be an exciting prospect for central banks, but the Fed is going to need a much more robust set of benefits if it is going to justify experimenting with the money in people’s wallets.

Just before the report’s release, Fed Chair Jerome Powell wrote to Senator Toomey (R-PA) saying, “One critical question is whether a CBDC would yield benefits more effectively than alternative methods.” By all accounts, it seems the answer to that question is no. Both the Fed and Congress will have a long road ahead if either one intends to justify the supposed need for a CBDC to the American people.

Nicholas Anthony is the Manager of the Cato Institute’s Center for Monetary and Financial Alternatives and a contributor with Young Voices.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The Fed's Central Bank Digital Currency Report Falls Flat”

Subscribe: RSS Leave a comment
14 Comments
Anonymous Coward says:

Essentially, this means the Fed has abandoned the idea of crafting a CBDC that would act as a digital form of cash.

Was anyone expecting something different? It is quite literally illegal to do anything other than what was proposed here, the law is very clear. If anything, it’s a good thing that the Fed didn’t decide to go rogue and waste taxpayer money on facially illegal policy proposals. If only Georgia would have followed suit.

Rocky says:

Protecting the privacy of the American people has been one of the greatest concerns around the design of a CBDC. So it makes sense that privacy was listed first. However, at the opposite end of the list, the Fed hedges on that promise with just two words: "identity verified." Essentially, this means the Fed has abandoned the idea of crafting a CBDC that would act as a digital form of cash. It means people will need to have their identities verified before using the CBDC so that the Fed can keep a record of their transactions. Where cash offers Americans the freedom to make financial decisions in private — a freedom that should be protected by the Fourth Amendment — the Fed’s CBDC would likely be another avenue for information collection.

It’s technically possible today to have a digital currency where the government can verify the identity of someone without actually getting any information at all about the person, it’s a concept called "zero-knowledge proofs". Note though, technically possible isn’t necessarily the same as feasible or practical.

Of course, implementing something like that hinges on that the government really wants the users of a digital currency to have privacy.

Anonymous Coward says:

Re: Re:

zero-knowledge proofs

Yet another name for Remote Trust My Statement…. err…Remote I am Not a Bank Robber…. errr…. Remote Attestation.

From the wikipedia article on it:

"In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information apart from the fact that the statement is indeed true. The essence of zero-knowledge proofs is that it is trivial to prove that one possesses knowledge of certain information by simply revealing it; the challenge is to prove such possession without revealing the information itself or any additional information"

So it’s a claim of knowledge of a password without any other evidence being given. The actual knowledge is never able to be verified. Rather, we have to assume a result. This is worthless for actual verification of anything, and indeed the wikipedia article’s own example admits as such:

"Thus, if Peggy repeatedly appears at the exit Victor names, he can conclude that it is extremely probable that Peggy does, in fact, know the secret word."

"In fact, even a person who was present as an observer at the original experiment would be unconvinced, since Victor and Peggy might have orchestrated the whole "experiment" from start to finish."

So the rules make the results impossible to actually verify for the participants, and any observers present during the "verification" process. Meanwhile, we’ve thrown crypto into yet another worthless and expensive calculation. Cue this being used everywhere as some legal / business requirement’s security theater.

For those that don’t see the link to Remote Attestation: The entire concept of Remote Attestation is trustworthy verification of a statement of fact about an unauthenticated source made by said unauthenticated source. The biggest example of which is easily found via a quick google search: Trusted Computing.

According to the wikipedia article on that:

"It works by having the hardware generate a certificate stating what software is currently running. The computer can then presents this certificate to a remote party to show that unaltered software is currently executing."

In other words a claim of the state of a system (the signed certificate) is being made without any other evidence being given. The actual state of the system is never able to be verified. Rather, we have to assume a result. How is this signature made? According to the wikipedia article:

"The endorsement key is a 2048-bit RSA public and private key pair that is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip, as occurs during the TPM_TakeOwnership command.[15]"

"This key is used to allow the execution of secure transactions: every Trusted Platform Module (TPM) is required to be able to sign a random number (in order to allow the owner to show that he has a genuine trusted computer), using a particular protocol created by the Trusted Computing Group (the direct anonymous attestation protocol) in order to ensure its compliance of the TCG standard and to prove its identity; this makes it impossible for a software TPM emulator with an untrusted endorsement key (for example, a self-generated one) to start a secure transaction with a trusted entity. The TPM should be[vague] designed to make the extraction of this key by hardware analysis hard, but tamper resistance is not a strong requirement. "

So in "Trusted" Computing, the secret is stored in a TPM, however that TPM is in the unchecked physical possession of a party that may be hostile to the entire ecosystem. There’s no way to actually verify that the secret is in fact secure from hostile actors. The rules require us to assume that the secret is secure. Or to put it another way:

So the rules make the results impossible to actually verify for the participants, and any observers present during the "verification" process. Meanwhile, we’ve thrown crypto into yet another worthless and expensive calculation. Cue this being used everywhere as some legal / business requirement’s security theater. (Which as of Windows 11, it is.)

At the end of the day, all security boils down to:
"If an authenticated someone is authorized then do this otherwise do that." Which is why how those authentications are generated is important. We have enough problems with someone just spoofing a signature somewhere or changing the instructions to "Always to this." We don’t need the additional issue of effectively worthless security designs to contend with.

As for a government using such a broken design for "private" monetary transactions, it will happen. One of the requirements is that the talented crooks can easily bypass the few checks, or lack there of, against abuse and money laundering. A system where even the words of the conversation cannot be verified, let alone the dollar amounts and account numbers, easily passes that requirement.

Anonymous Coward says:

Re: Re: Re:

There’s no way to actually verify that the secret is in fact secure from hostile actors. The rules require us to assume that the secret is secure.

Of course, the flip side of it is that the owner of the secret desperately wants to secure it from hostile actors. Which, as you’ve shown, includes the owner of the hardware. Which leads to the trust issue being flipped: if the source of the secret cannot be inspected by the untrusted party, they have to assume that the mechanism itself is secure … and does only what it has been advertised to do.

Which leads to the corollary security issue of some other party gaining access to the mechanism and subverting it. All that trust goes out the window, and all that you are left with is a security hole you can’t fix.

Anonymous Coward says:

Re: Re: Re: Re:

Of course, the flip side of it is that the owner of the secret desperately wants to secure it from hostile actors. Which, as you’ve shown, includes the owner of the hardware.

Of which, the safest and easiest means of doing that is to never give the hostile actor the secret in the first place. That won’t allow the owner of said secret to make a crap ton of money selling access to a completely arbitrary lock however.

So we wind up with a situation where the individual has no security and is considered hostile by their own equipment, all for ever increasing corporate profits.

That’s not a gain for society or even the individual paying for the damn equipment, and should be, in my opinion, verboten by law.

The secure method of doing this would be to have the individual define what the secret is. Then they have skin in the game, and thus have a reason to protect it. In addition to having them ensure secrecy by allowing them to replace a compromised secret with one that is not.

if the source of the secret cannot be inspected by the untrusted party, they have to assume that the mechanism itself is secure … and does only what it has been advertised to do.

Except that assumption is a false statement for the very reasons I gave above. It’s impossible to verify that a given secret is secure from hostile actors. Which means that the assumption about "does only what it has been advertised to do." is false because that assumption is supposed to be "confirmed" by the secret whose secrecy is unverifiable. The chain of trust is broken from the start. The only safe assumption to make in this case is that you are compromised by a security hole you are not allowed to fix.

Total compromise by default is not a state that society, or the world in general, should be held in for any reason.

Anonymous Coward says:

Re: Re:

It’s technically possible today to have a digital currency where the government can verify the identity of someone without actually getting any information at all about the person

That can be done with Chaumian digital cash, invented in 1983. It’s both "identity-verified" and anonymous, designed such that one’s identity is only revealed if one tries to spend their own cash twice ("counterfeiting", effectively). This guarantee comes from mathematics, not the government or bank running the currency. But I doubt that’s what the Fed is thinking about.

People have proposed ways to use more modern zero-knowledge proofs, such as ZK-STARKs, to prove more specific things—for example, that American taxes have been paid on all money in one’s account. I don’t expect this is what the Fed is planning either.

spamvictim (profile) says:

Hey, kids, don't make me stop this car

I thought the point of the report was totally clear: for consumers, anything a CBDC can do, a normal bank account can do. Banks will be able to do instant payments with Fednow, and they can provide low-cost easy to use accounts if they can be a little less greedy. On the other hand, in a CBDC account the deposits would all go to the Fed rather than being usable by the bank, which is known as narrow banking, something the Fed has never wanted.
So the message is, hey, banks get your act together and provide fast, cheap, flexible accounts. ”Cuz if you don’t, we will, and you wouldn’t like that.

TheResidentSkeptic (profile) says:

another point of view on this

It makes it so much easier for several interested parties.

1) Every transfer automatically has sales tax added – both from the "sellers" location and the "buyers" location, thus doubling tax revenue for states.

2) Every sellers transaction is automatically tracked for the new year-end 1099 reporting requirements. Thus increasing IRS revenue. Up to the seller to find receipts for every transaction to prove the actual profit/loss.

Turning everyone into a business in the eyes of the government for increased tax regulation and auditing data. Allowing instant seizure of any funds whose source can not be tracked.

So we get tax wins for states, tax win for IRS, and tons of work for CPAs. What’s not to love?

Raymondjoype (user link) says:

Где можно купить качественный блог

In school sensual massage women will hold erotic 4hands massage. Similar swedish massage, as in principle, and relaxation, influences on some area human body, this give a chance male gain strength.
The energy massage inSoho it today skill give away bliss. The Soapy massage – on the influence on clients is meant practically unlimited available opportunities actions on bodily, and consequently, and psychoemotional state of health friends.
Dear gentlemen!
And while, french massage and not violates practically any prohibitions, for the reason it's not about sexual contact.
Sensitive touch rasprekrasnoy girls will flow through your body, dipping in depth boundless the ocean pleasure. In the quiet slip, donating your skin kisses, prelestress envelops the warmth of one's body. You will be surprised at, which sea bliss today it is possible to feel fromnude massage in Midtown.

[url=https://massagenyc.mystrikingly.com/%5DКак вести блог без CMS и конструкторов обзор бесплатных[/url]
[—-]

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...