A look at the Tourbillon Project of the BIS and additional information on this type of privacy preserving CBDC solution
Thank you, BIS, for this great step forward in the CBDC discussion towards “real privacy". Finally a foray into CBDC solutions that are not account-based systems, where privacy is 100% trust-based and mass-surveillance a hidden feature.
“Trust us not to lose or use your data” is the main concept of many of the CBDC ecosystems that have been proposed so far, like the digital pound or the digital euro. Unfortunately offering no progress from today’s zero privacy commercial payment solutions and relying on our “strong” legal frameworks, that will make the promised privacy happen. You may counter me here with the ‘off-line’ digital euro solution, which could actually be different. It will be significantly more risky, and for everything else, I will hold my comments until we see the technical specifications.
For those relying on these legal frameworks, I recommend to read “Cookie Banners and Privacy Policies: Measuring the Impact of the GDPR on the Web” as an illustration on what to expect from those legal frameworks. The analysis states that 3 years after GDPR taking effect (in my words), nobody gives a damn and enforcement is a joke: “Although online services are on average more transparent regarding data processing practices in their public data policies, a majority of these policies still either lack information required by the GDPR (…) or do not provide this information in a user-friendly form.” I let you all draw your own conclusions on this subject.
Back to our CBDC subject and Project Tourbillon: I commend the BIS for taking up this topic and contributing to the education of central bankers and citizens, showing that such “strange things” as unremovable payer anonymity exists and that citizens can have this cash-like privacy without sacrificing usability in a tool that prevents tax evasion, money laundering and terrorist financing. We all owe the BIS team a big thank you for showcasing this technology and spreading the insight that such features are actually possible and available.
I will split this article in 3 parts, that I will publish over the course of this week.
- In part I (this article), I will summarize the report.
- In part II, I will raise questions that have not been answered in the report and that would be great to get answers to.
- In part III, I will outline how much further this technology has actually progressed, as this has unfortunately not become clear in the report.
Project Tourbillon, developed by the Swiss Centre of the Bank for International Settlements Innovation Hub (#BIS), is introducing a fresh approach to privacy in the realm of digital currencies used by central banks (#CBDC). This experiment aims to offer a level of privacy to those making payments, resembling the anonymity you get when using physical cash.
Privacy is a fundamental concern when it comes to CBDCs for everyday transactions, according to recent surveys by the Bank of England (#BOE) and the European Central Bank (#ECB).
In today's payment systems, we encounter different degrees of privacy:
- Cash offers complete unbreakable anonymity for both the person spending the money and the one receiving it, but it can't be used for online purchases. It can be easily used for tax evasion and illegal business, because both the spender and the receiver remain anonymous.
- Credit and debit cards ensure the user's confidentiality, with only banks, payment service providers and card companies having access to personal information. Unless they get hacked or asked by government agencies to hand it over. Users must trust these entities to safeguard their data, and most users know very well that these entities use and sell this data (as illustrated by the Mastercard to Google PoS data sale) in many ways.
- Cryptocurrencies typically provide a kind of pseudo-anonymity (or pseudonymity) since transaction amounts and addresses are visible on a public ledger, making it possible to uncover identities after the fact.
Project Tourbillon explores the idea of giving payers or spenders cash-like unbreakable anonymity. This means that when a consumer uses CBDCs to pay a merchant, no personal information is disclosed to anyone, including the merchant, the banks, or the central bank.
However, the merchant's identity is revealed to their bank as part of the payment process, but this information remains confidential. CBDC recipients cannot hide their income, and hence this solution prevents tax evasion, money laundering and illicit transactions. What is used for Project Tourbillon is called payer anonymity or one-sided anonymity and cannot be broken.
It seems to be the best available combination of privacy and compliance available. It maintains the good aspect of privacy and removes the bad ones.
Morton Bech, Swiss Head of the BIS-Innovation Hub said: "Privacy is indeed a key requirement for a retail CBDC. But it cannot be the only one: security and scalability are also crucial to how payments are handled."
The privacy implemented for these bearer instruments with one-sided anonymity leads also to an unprecedented level of security, while being extremely scalable. More on that in part III, which will also illustrate what is actually state of the art in this space today.
But next, in the upcoming part II, we will explore some critical questions that came to mind while reading the report.
