Once again I’ve been involved in a series of Twitter exchanges about the relationship between cash and anonymity. Many in the Bitcoin community see Bitcoin’s sort-of-anonymity as an important characteristic because it defends the individual against state power and they berate me for wanting to replace cash “in circulation” with a digital alternative. Cash, they claim, is freedom. One odd aspect of this argument is that the cash is, of course, a byproduct of the leviathan they affect to despise.
Narayana Kocherlakota, formerly the head of the Federal Reserve Bank of Minneapolis and now a prolific economics blogger, penned a recent article on the abolition of cash. Kocherlakota makes the point that if you don’t like government meddling in the proper functioning of free markets, then you shouldn’t be a big fan of central bank-issued banknotes.
I’m not, as it happens. In fact, I think we should start to consign them to the dustbin of history, beginning with the $100 bill, the £50 note and that affront to law-abiding people everywhere, the Swiss 1,000 franc note. There are an increasing number of people coming around to my way of thinking, including the former chief economist to the International Monetary Fund (IMF) Kenneth Rogoff, who recently published a book entitled “The Curse of Cash” in which he argues that banknotes should be withdrawn not only because of their use in criminal endeavours but because they prevent central banks from using their full range of monetary policy tools.
Kocherlakota doesn’t mention it explicitly, but should cash be abolished in order to remove the lower bound to interest rates, a potential replacement would be a new central bank-issued emoney, either Fedcoin or what Dave Birch has dubbed FedPesa.
But without wishing to be accused of pedantry, what does he mean by “central bank-issued electronic money”? In his presentation on ’The Zero Lower Bound and Anonymity”, Kocherlakota tends toward some form of cryptocurrency to replace fiat currency rather than a central bank digital currency and one of the reasons for this is his (entirely reasonable) concern about anonymity. This point is illustrated by literary reference.
In Atwood’s dystopian Handmaid’s Tale, a theocratic government named the Republic of Gilead has taken away many of the rights that women currently enjoy. One of the tools the Republic uses to control women is a ban on cash, all transactions now being routed digitally through something called the Compubank
It’s been many, many years since I read “The Handmaid’s Tale” so I went to my bookshelf to dig it out and re-read that part. The narrator talks about how the evil junta in charge of future America took over and says that it would have been harder if there had still been paper money. I don’t see how. North Korea has everyone using paper money and virtually no cards. Denmark has virtually no paper money and everyone uses cards (and phones). To be frank, in the modern world, I don’t think cash is that closely related to dictatorship.
The point I wanted to make here, though, is that it is wrong to present the alternatives as total surveillance and anonymity. I simply do not accept that the alternative to the unconditional anonymity of cash and the crime that goes with it is a dystopian, totalitarian nightmare. That’s only one way to design a circulating medium of exchange and it’s not the way that I would design it. I would opt for something along the lines of a universal pseudonymous mechanism capable of supporting an arbitrary number of currencies, a Mondex de nos jours, an M-PESA with go-faster stripes. In a world where there are completely, unconditionally anonymous payment mechanisms in widespread use there’s no way to stop very bad people from using them to do very bad things, so I’d prefer a world in which there are pseudonymous mechanisms that defend against routine surveillance and petty intrusion but allow societies legitimate interests to protect against crime.
Does this mean that anonymous mechanisms should be banned? Probably not, for the good reason that it would be impossible to do so. More likely would be a situation shown in the diagram below where there is an anonymous layer that has a pseudonymous layer on top of it and a absonymous (I made this word up) on top of that. People, governments and businesses would use this pseudonymous layer: the anonymous money would be useless for almost all transactions for almost all people since no-one would accept it. I would love to give this kind of anonymous money the generic name ZeroCash, after the William Gibson novel (“Count Zero”) in which one of my all-time favourite quotes about the future of money appears:
‘He had his cash money, but you couldn’t pay for food with that. It wasn’t actually illegal to have the stuff, it was just that no- body ever did anything legitimate with it.’
Unfortunately, someone else has already beaten me to it and not as a generic name! [See E. Ben-Sasson, A. Chiesa, C. Garman, M. Green,I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin” in IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, pp.459–474 (2014)]. Well, I’m fighting back by starting use zerocash (with the lower case initial) to mean generic unconditionally anonymous electronic cash. The wallet that this electronic cash is stored in is an anonymous digital identity. It’s just a string of bits.
Now, you could imagine some form of zerocash in circulation as a cash alternative but not accepted in polite society (i.e., any attempt to spend it would be regarded as prima facie evidence of money laundering and exchanges would be barred from handling it). Polite society instead decides to protect privacy through managed conditional anonymity, or pseudonymity. A pseudonymous currency that is managed by a central bank but where transactions take place on a distributed ledger is much more like “RSCoin”, the cryptocurrency proposed by George Danezis and Sarah Meiklejohn at UCL [Danzis, G. and S. Meiklejohn. “Centrally Banked Cryptocurrencies”, NDSS ’16, 21-24 February 2016, San Diego, CA, USA] using Ben Laurie’s “mintettes” concept. By creating a pseudonym that is bound to the zerocash digital identity, we make it useful (provided that the binding is done by someone who trusted in the relevant transactional use cases).
Why bind it in this way? Well, there is the usual privacy paradox to be dealt with here: I want my transactions to be anonymous, but everyone else’s to be not anonymous in case they turn out to be criminals. I cannot see any way round this other than pseudonymity. There are people out there (e.g., my colleagues at Consult Hyperion) that know how to design systems that work like this, so there’s nothing stop the FATF, Bank of England, or Barclays or anyone else from starting to design the future, privacy-enhancing electronic money system that we need.
Let’s move on. For certain purposes, pseudonymity might be deemed insufficient (e.g., KYC) and so that nym layer is needed too. This means we need to bind the pseudonym to real-world legal entity. A bank is a good place to form this binding, since they’ve already done the KYC and know who I am. So I give present my pseudonym to them and they can bind it to my “real” name to form a nym. In the example below, Barclays know who I really am, and I can present my Barclays nym where needed, but most transactions with counterparties take place at the pseudonymous layer and I can present my Vodafone pseudonym “Neuromancer” there if I want to. My counterparty doesn’t know that I am Dave Birch, only that Vodafone know who (and presumably, where) I am. For the overwhelming majority of day-to-day transactions, this is more than adequate. This layered approach (show below) seems to me a viable vision of a working infrastructure. Few transactions in the top layer (for privacy), most transactions in the middle layer, few transactions at the lower layer.
So in this made-up example, Barclays know my “real” identity and Vodafone knows a persistent pseudonym tied to my phone number. (Of course, I could go to Barclays and choose to bind my Vodafone identity to my Barclays identity, but we don’t need to think about this sort of thing here.) I’m going to reflect on how these bindings might work in practice more in the future, but for now I want to circle back to that opening concern about losing the anonymity of cash. Here’s another version of that meme that I read I day or two ago.
Cash—the familiar, anonymous paper money and metallic coins that most of us grew up using—isn’t just convenient, it’s also a powerful shield for our autonomy and our privacy.
It really isn’t. Your privacy is being taken away because of Facebook, people wearing Snapchat shades and drones, not because of debit cards. And none of this has anything to do with dictatorship. I wouldn’t want to live in the America of the “The Handmaid’s Tale” whether it had anonymous payments or not. I understand the concerns of those concerned with privacy (as I am) that there might be an inevitable tendency for a government to want to trespass on the pseudonymous infrastructure in the name of money laundering or terrorism, but that’s a problem that needs to be dealt with by society, not by technology. I don’t know what the answer to that is, but I do know that we need to get the conversation started in a more sophisticated way.