Arguably, though, the more fundamental change is more than a decade old. It was Bitcoin that first made it possible to transfer digital value without the need for an intermediary, a model that competes directly with the traditional financial system. The network’s resilience against attackers suggests there is another way of setting up the system.
Last weekend at the MIT Bitcoin Expo held on campus in Cambridge, Massachusetts, I sat down with experts familiar with central banking as well as cryptocurrency. We discussed the practical concerns central bankers should be considering as they begin to design their own digital money systems. One common theme: central bankers have plenty to learn from Bitcoin.
Security can be achieved through resilience.
The US Federal Reserve has no current plans to issue a central bank digital currency (CBDC). But if it ever did, nine out of the top 10 requirements would pertain to security, said Bob Bench, director of applied fintech research at the Boston Fed. “Because the second that thing goes live,” he said, “it’s the most attacked program in the world.”
Bitcoin, with its mix of transparency, cryptography, and economic incentives, has something to teach central bankers about data security, according to Robleh Ali, a research scientist at the MIT Media Lab’s Digital Currency Initiative. “It’s a system that exists in a very hostile environment, and it’s proved to be resilient to that,” said Ali. It’s also a fundamentally different way of achieving security compared with how it is done in the traditional system: “Rather than try to hide the data behind walls, it’s trying to make the system so it’s inherently resilient.”
Keep it simple.
CBDCs can be thought of as “third-generation” digital currencies, said Ali. If Bitcoin is the first generation, Ethereum and other so-called smart-contract platforms, which include relatively complicated programming languages, can be seen as the second generation. While it may be tempting to add even more bells and whistles to a CBDC system, that would be the wrong approach, Ali said, because the more complexity you have, the more opportunities you give attackers to break in. “What you want in the third generation is a much simpler system even than Bitcoin,” he said. “It’s more about taking things away than adding things, and I think in terms of making it secure, that should be the mindset.”
Privacy is going to be very tricky.
Ali said he expects not all central banks that choose to issue digital currency will use the same system, but many will likely pursue a “hybrid” between blockchain-based cryptocurrencies like Bitcoin and more traditional, centralized systems.
Such permissioned blockchain systems, also called distributed ledger technologies, could give central banks new tools, like the ability to program the currency to perform specific functions, said Sonja Davidovic, an economist at the International Monetary Fund. For instance, it may let banks automate their responses to certain kinds of economic changes and give central bankers more precise control over the money supply. They would also have much more detailed visibility into the goings-on in their respective economies. There’s a problem, however, said Davidovic: “We haven’t really seen yet how privacy could be protected.”
Bitcoin privacy is tricky. Though users are pseudonymous, its public accounting ledger, called the blockchain, makes all transactions traceable. How would a blockchain-based CBDC system keep transaction data private? How would it represent people on the blockchain? Unless the system allows only small transactions, users will have to identify themselves somehow in order to comply with anti-money-laundering rules. How will their identity data be protected from theft, fraud, or even government surveillance?
In the cryptocurrency world, so-called privacy coins like Zcash and Monero, which use advanced cryptographic techniques to hide blockchain transaction data from public view, have arisen as alternatives to Bitcoin. But even if central banks are able to do something similar, it still might be possible to construct profiles of people based on their metadata, said Davidovic: “I’m not entirely sure that this is a problem that technology alone can solve.”