[taler-marketing] branch master updated: more texting

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository marketing.

The following commit(s) were added to refs/heads/master by this push:
     new c425978  more texting
c425978 is described below

commit c425978b927e9c391a0953ef01419d0146a56899
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Dec 31 15:35:03 2021 +0100

    more texting
---
 2022-privacy/privacy.tex | 99 +++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 77 insertions(+), 22 deletions(-)

diff --git a/2022-privacy/privacy.tex b/2022-privacy/privacy.tex
index b965f86..38553d1 100644
--- a/2022-privacy/privacy.tex
+++ b/2022-privacy/privacy.tex
@@ -22,7 +22,7 @@ that the ECB needs to fundamentally change its mindset when 
thinking about
 itself and the Digital Euro if it wants the project to succeed.
 }
 
-\section{The European Central Bank and Privacy}
+\section{The European Central Bank cannot be the Guardian of Privacy}
 
 The ECB's report starts with a public interest-oriented self-image of central
 banks. For example, the authors claim that ``central banks operate in the
@@ -32,7 +32,7 @@ interest in monetising users' payment data.  They would only 
process such data
 to the extent necessary for performing their functions and in full compliance
 with public interest objectives and legislation.'' While this is a laudable
 aspiration, it is false.  The Bank of Greece, one of the central banks of the
-Eurosystem, is dominantly privately held and listed on the Athents stock
+Eurosystem, is dominantly privately held and listed on the Athen's stock
 exchange~\cite{wikipedia}.  Similar constructions with privately owned central
 banks exist outside of the Eurozone, for example with the Swiss National
 Bank~\cite{SNB}.  That all central banks are independent and operate in the
@@ -60,27 +60,64 @@ for critical infrastructure created by European 
institutions.
 
 \section{Accounts}
 
-1) Die Autoren sind sehr in der Idee gefangen, dass eine CBDC durch Accounts 
abgebildet werden muss. Gerade auf Seite 21 "A CBDC account/wallet" would need 
to be associated with (...) a unique identity and identifier code" -- bei 
Tokens bzw. mit Privacy geht dies gerade eben nicht.
 
-
-
-3) "As a way of combining use of digital identity and CBDC". Mit anderen
-Worten, wir wollen den glaesernen Buerger nach Chinesischem Vorbild.  E-ID
-wurde in der Schweiz abgelehnt, Internetpassports sind politisch auch schnell
-von der Buehne verschwunden, aber ueber die CBDCs koennen wir das doch noch
-erreichen. Fehlt nur noch der Mastercard-Ansatz von "pay with your smile"
-(Gesichtserkennung).  Schon nicht mehr witzig, wenn wir auf der einen Seite
-das EU-Parl haben was Gesichtserkennung verbieten will, und gleichzeitig eine
-EZB die eine --- natuerlich am Ende per multi-factor (inkl. Biometrie)
-authentifizierte --- Digitale Identitaet zum Bezahlen einfuehren will.
-
-
-Tokens.
-
-Privacy-preserving age-restrictions instead of E-ID.
-
-
-\section{Technical Blindspots}
+The probably worst idea of the ECB report is ```combining use of digital
+identity and CBDC''.  Edward Snowden famously said at IETF 93 in 2019 that
+\begin{quote}
+  ``I think one of the big things that we need to do, is we need to get a way
+  from true-name payments on the Internet. The credit card payment system is
+  one of the worst things that happened for the user, in terms of being able
+  to divorce their access from their identity.''
+\end{quote}
+If we want to avoid the transparent citizen dystopia (associated in the West
+with the vilified Chinese surveilance state), we must enable citizens to put a
+firewall between their identity and their payments. Tightly coupling them is
+thus probably the worst idea so far proposed in the design space for CBDCs.
+
+The Swiss population recently rejected a proposal for a national E-ID, and the
+newly elected German government is promising a reversal of ubiquitous data
+retention (without cause) in Germany.  The European Parliament has members
+proposing to ban the use of facial recognition in public spaces.  The ECB's
+proposal ignores the popular rejection of treating every citizen as a criminal
+suspect.  Payment data is typically retained for 6 or more years. The missing
+link in the ECB proposal that would show the dystopic reality they would
+propose is a statement that facial recognition could be used to conveniently
+establish the payer's identity --- or ``pay with your smile'', as contemporary
+account-based digital payment offerings already put it.  If CBDC payment data
+is strongly coupled with our identities, those who dislike living in a
+panopticon could only hope for such a CBDC to be rarely used.
+
+But the ECB is not the only institution inappropriately pushing for digital
+identity-based solutions.  Another domain where this is inappropriately
+pursued is the decades-old debate about age-verification for Websites.  The
+common pattern here is a security need (for example countering financing of
+terrorism (CFG), anti-money laundering (AML) or protecting the children) which
+is ``addressed'' by strong identification.  Not only is this simplistic
+approach rarely cost-effective, but it contributes to the conversion of
+soverign citizens to digital subjects.
+
+Token-based payments like GNU Taler offer an alternative, enabling the state
+to ensure business is legal (and tax-paying) without infringing on the
+soverenity of private citizens.  We recently extended this principle also into
+the domain of age-restrictions in e-commerce.  Assuming that owners of
+bank-accounts are a mature adults, it allows bank account holders to withdraw
+age-restricted coins for their wards.  The wards can then anonymously spend
+the coins, but transactions will fail at merchants that sell goods with an
+age-restrictions exceeding the age-limit specified by the bank account holder
+acting as a guardian.  The design guarantees that only information disclosed
+is that the age-restriction imposed by the merchant is satisfied. The payment
+service provider does not even learn that age-restrictions are being used, and
+merchants cannot distinguish successful purchases by adults from successful
+purchases by wards with a sufficiently high age-limit.  Thus, this design
+offers a clear alternative to identity-based age-verification that is better
+aligned with the principle of subsidiarity which requires that we solve
+problems at the smallest unit that can solve them. And protecting the children
+should be the task of their parents. We argue that the ECB should merely give
+the parents the technical means to protect their children as they see fit,
+instead of taking control.
+
+
+\section{Addressing Balance Sheet Disintermediation via Self-Custody}
 
 The ECB report describes the risk of (commercial) bank balance sheet
 disintermediation as one of the major risks to consider from the introduction
@@ -122,9 +159,27 @@ limits for their CBDC holdings based on their actual cash 
needs.
 
 \section{Conclusion}
 
+The dominance of accounts on the Internet and the resulting delegation of
+economic and political power to big Internet service providers sets a
+dangerous precedent for the design of CBDCs. It is time for central banks
+to abandon this mindset.
+
+Specifically, the ECB needs to review its design approach for the Digital Euro
+and commit to granting financial soverenity to its constituents. Instead of
+controlling the citizen's privacy and forcing a particular ECB App onto CBDC
+user's phones, the ECB needs to design a Digital Euro based on respect for the
+citizen's sovereignity and self-responsibility.  A digital cash system can be
+build using privacy-preserving open protocols with Free Software reference
+implementations.  The resulting self-responsibility of citizens will address
+various key design challenges inherent to account-based designs, including the
+biggest challenge of all: creating a product citizens would actually like to
+use.
 
 \section*{Acknowledgements}
 
+We thank Martin Summer for encouraging us to put our critique of the ECB's
+report in writing. We thank Ulrich Bindseil for listening.
+
 % We thank XXX for insightful comments on an earlier draft of this text.
 
 \bibliographystyle{alpha}

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.