Related
Introduction ⇝
Physical cash in the form of banknotes and coinage is a bearer instrument.
A bearer instrument is a document that entitles whomever holds it to rights of ownership or title to the underlying property, such as cash, bonds or share certificates.
If you hold it you own it, and have the responsibility upon yourself to custody it. You can spend and receive it privately and anonymously without record.
In the United Kingdom, cash is also central bank money, representing a claim that can be redeemed against the Bank of England.
Central bank money is, as the Bank puts it financially risk-free in the sense that there is no credit, market or liquidity risk.
For a digital asset to deserve to be called both cash and central bank money, it must have all of these properties: bearer instrument, privately holdable, anonymously spendable, liquid, fungible, divisible, and a direct liability of the central bank.
In their consultation paper of 2023 and earlier discussion papers of 2020 and 2021,
The digital pound: a new for of money for households and businesses?
The Bank of England & HM Treasury
7th February 2023
The Consultation Paper
ISBN 978-1-5286-3903-3 (CP 797)
New forms of digital money
The Bank of England
The 2021 Discussion Paper
7th June 2021
Central Bank Digital Currency: opportunities, challenges and design
The Bank of England
The 2020 Discussion Paper
12th March 2020
the Bank of England and HM Treasury set out a policy and architecture proposal for a Digital Pound
, a central bank digital currency (CBDC) to provide a digital solution to the decline of physical cash and to maintain public access to central bank money.
While not opposed to this in principle, we find the Bank’s Digital Pound proposal deficient on two fronts:
- The proposed Digital Pound is not a digital cash-equivalent: it is not privately transactable nor a bearer instrument, as physical cash is.
- The Platform Model does not actually provide retail access to central bank (public) money as the public will not have direct access to the Bank’s CBDC system and ledger. It requires custodial intermediaries which adds counterparty risk.
These objections are pertinent because they address the Bank’s motivations and intentions for developing the Digital Pound:
- To sustain access to UK central bank money — ensuring its role as an anchor for confidence and safety in our monetary system, and to underpin monetary and financial stability and sovereignty.
- Uniformity and safety could be threatened by […] lower [physical] cash use.
- That the Digital Pound will not be remunerated (bear interest) and that this is not a motivation for issuing the Digital Pound.
- To promote innovation, choice and efficiency in domestic payments as our lifestyles and economy become ever more digital.
- That the Bank proposes the Digital Pound should be designed following a platform model.
And further they are relevant because the Consultation paper requests:
- Views on the proposed approach to privacy.
- Views on the proposal re. efficiencies in payments.
- Views on the key features of the model we intend to take forward in the next phase.
The Digital Pound will not and should not accrue interest, in the same way that cash does not. Remuneration has implications for monetary policy as it would affect inflows and outflows into the Digital Pound from commercial bank deposits and other stores of value, and would alter the effective-lower-bound of interest rates. Consultation Paper, pp.41-43 This lack of remuneration makes it clear to consumers what the Digital Pound is, and avoids cannibalising other cash-equivalents such as bonds and other money-market instruments. It will be a means of exchange with no expected nominal return, not an investment instrument.
The Bank does not give “provide a digital cash-equivalent” as an explicit goal, but in its reasoning for the Digital Pound makes reference to the shift in the balance of public and private money used to make payments
, citing the decline in use of physical cash meaning the same as a decline in the use of public money. If current trends continue, the public’s access to, or use of, central bank money will diminish and the monetary system could become fragmented, posing a risk to monetary and financial stability
.
Consultation Paper, pp.9-10
In its Discussion Paper of 2020 the Bank also cited Addressing the consequences of a decline in cash
Central Bank Digital Currency: opportunities, challenges and design
The Bank of England
The 2020 Discussion Paper
12th March 2020
as a motivation for exploring a CBDC.
The decline in use-of and access-to physical cash does not only mean reduced access to central bank money, but also the elimination of a highly private and anonymous method of payment and storing value.
Financial Freedom and Privacy in the Post-Cash World
Alex Gladstein
Cato Journal
Summer 2021
The Bank’s 2020 Discussion Paper did make reference to this, albeit absent from later papers:
Physical cash has certain unique characteristics that would be lost if it were to fall out of general use. For example, cash offers a level of privacy in transactions that is not always available with existing electronic payment systems. Cash also has an important role in financial inclusion.
Rightfully, the Bank seeks to maintain public access to cash, and its concern that the decline of physical cash presents a hazard is legitimate.
We are exploring a digital pound because money and payments are changing
Cash, of course, remains vital for many. Around 1.2 million UK adults do not have a bank account and around one fifth of people name cash as their preferred payment method. Cash remains important to a large cross-section of society. Even those who do not use it regularly consider it an important back up form of payment. For those reasons, UK authorities are committed to ensuring continued access to cash.
What the Bank of England currently proposes with its Platform Model for the Digital Pound is unfortunately something that will look and behave much more like a bank deposit than cash, dependent on an unavoidable layer of new bank-like intermediaries to handle it for the public.
To suppose that intermediated access thru pass-through
platform providers qualifies as public access to retail central bank money
is not that far from claiming that the public already have access to central bank money intermediated through commercial bank deposit accounts — that is, not true in any useful sense.
If you cannot custody ‘your’ money yourself directly, it is not really yours.
This would, in practice, make the Digital Pound more of a wholesale CBDC, rather than a retail CBDC.
Then, the utility of such a wholesale CBDC is doubtable,
A position supported by the Lord’s committee and evidence given by the Bank of England to the same.
Central bank digital currencies: a solution in search of a problem?
Economic Affairs Committee
The House of Lords
17th January 2022
as the Bank of England’s existing interbank settlement networks (RTGS and CHAPS) are functional and have an upgrade roadmap already in-progress;
The renewed RTGS service – key benefits
The Bank of England
25th April 2023
Commercial banks already have access to central bank money which is how they store their reserves; and they already use digital central bank payment systems to perform interbank settlement and other large payments; and consumers are already able to make quick and easy digital payments using banks and other payment systems.
Our position is that instead of this Platform Model, the remedy is to provide a digital equivalent to physical cash, and that this ought to be an explicit design goal of the Digital Pound.
Of-course, if the Digital Pound fails to replicate the properties of physical cash then it cannot claim to be equivalent to cash. If a Digital Pound is to be worth developing further, it must focus on providing a digital cash equivalent bearer instrument, with direct public access, as this is the only condition in which we find any CBDC to be compelling. If the Digital Pound is not actually cash, then we contend that it is largely pointless and unwarranted, as it will do nothing to help maintain public access to cash
, with the Bank of England needlessly attempting to build a public competitor to existing payment platforms that already meet public demand. The one thing that the Bank of England can actually do that no-one else can, is provide a digital cash equivalent for the pound.
Cynically, the Digital Pound as currently proposed could be labelled as no more than an affinity scam, deploying buzzwords that make it seem to be a government response to cryptocurrencies and emerging novel payment and money technologies, without being substantially distinct from existing digital fiat payment networks and functionally inferior to cash.
It is not a novel opinion that the system the Bank proposes for the Digital Pound does not qualify as cash – cryptographer Hal Finney made this observation in 1996:
On-line electronic money, [where] the merchant must [authenticate the spender’s identity and ownership] with the bank for each transaction […] does not deserve to be called cash, though, because it lacks the distinguishing characteristic of digital cash: it is not anonymous. When the bank sees serial number
123456
being deposited, the bank recognizes that this was the same bill that Alice withdrew. The bank can therefore deduce that Alice spent the money at Bob’s.
Many respondents to the Bank’s Discussion paper of 2020 placed great emphasis on the importance of privacy and anonymity, supporting our claim that these are both desireable and widely held to be necessary for cash-equivalence:
Feedback from respondents has […] emphasised the importance that users place on having privacy in their transactions.
Security and privacy were often cited as aspects on which there should be little or no room for compromise.
The imperative to protect privacy was also regularly cited by respondents as potentially having implications for transparency and financial inclusion.
Views varied on the degree of privacy that would be necessary or desirable for a CBDC system. Of those who felt that CBDC should be highly private or even anonymous, some respondents grounded their privacy expectations in the example of cash. Others pointed to the principles and technologies underlying decentralised cryptocurrencies as benchmarks for privacy for CBDC.
CBDCs have only recently emerged as a central bank and government infatuation.
While over a hundred countries are in varying stages of exploration or development, thus-far only The Bahamas, Eastern-Caribbean currency union, Nigeria and Jamaica have actually deployed one.
CBDC Tracker
and
Atlantic Council CBDC Tracker
However, none of the CBDCs that have launched demonstrate strong public support or adoption.
The Bahamian Sand Dollar makes up less than 0.2% of currency in circulation, only US$1.1 million in value – while incurring nearly US$7.5 million in costs by 2022, two years after introduction.
Annual Report & Statement of Accounts, 2022
Central Bank of The Bahamas
15th May 2023
Jamaica’s JAM-DEX facilitated transaction activity equivalent to no more than US$2.3 million in 2022, 0.01% of that year’s ABM and PoS volume.
Gov’t Provides Incentives to Boost JAM-DEX Use
Jamaica Information Service
9th March 2023
($357 million Jamaican Dollars)
FMI Statistics
Bank of Jamaica
2022
Fewer than 1% of Nigerians have adopted the e-Naira, according to the IMF.
Nigeria’s eNaira, One Year After
Jookyung Ree
International Monetary Fund
16th May 2023
It does not feel unfair to say that these early CBDC projects are not going well.
By contrast, a staggering 32% of Nigerians have adopted Bitcoin
Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
31st October 2008bitcoin-cli getrawtransaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 0 00000000000000ecbbff6bafb7efa2f7df05b227d5c73dca8f2635af32a2e949 | sed ’s/0100000000000000/\n/g’ | tail -n +2 | cut -c7-136,139-268,271-400 | tr -d ‘\n’ | cut -c17-368600 | xxd -p -r > bitcoin.pdf
and other cryptocurrencies.
How Common is Crypto?
Statista
17th March 2021
Notably also US-Dollar backed stablecoins such as Tether (USDT).
It should be noted that the inflationary environment and incidence of extreme poverty in Nigeria, with high-fees for traditional cross-border payments and the prevalence of remittances into Nigeria are conditions substantially different from those in the United Kingdom.
This, despite the Nigerian central bank having banned banks and other financial institutions from dealing with or facilitating payments to cryptocurrency exchanges.
Circular to Banks and other Financial Institutions on virtual currency operations in Nigeria (PDF)
Central Bank of Nigeria
12th January 2017
(Recirculated 5th February 2021)
Bitcoin is not the same thing as a CBDC, and in many respects is superior,
Bitcoin is permissionless, global, self-custodial, can be sent and received almost instantly, is hard money with intrinsic value and a fixed supply unlike inflationary unbacked fiat currencies, and can be used privately and anonymously.
but this demonstrates that a public that has already adopted one digital currency will not automatically embrace a CBDC if its design and properties are not compelling.
The technical means to achieve a digital cash-like instrument are well known, most notably the Chaumian eCash construct introduced in 1983.
Blind signatures for untraceable payments
David Chaum.
Advances in Cryptology: Proceedings of Crypto 82 pp.199-203.
Springer US 1983
Chaumian eCash is a cryptographic digital token system that operates without a distributed ledger and without requiring a Byzantine fault tolerant consensus mechanism such as Bitcoin’s proof of work, because it operates using centralised consensus.
eCash successfully implements a digital equivalent for the salient properties of physical cash.
It is private, self-custodial and can be transacted anonymously. It cannot be counterfeited, yet the issuing bank (or mint) is blind to the holders identity. With extensions, it can also be transacted offline.
The Swiss National Bank, and other central banks and government bodies have already evaluated the suitability of eCash for a CBDC and found it to be compelling,
How to Issue a Central Bank Digital Currency
D. Chaum (xx Network), C. Grothoff (Bern University) and T. Moser (Swiss National Bank)
Swiss National Bank
March 2021
H.R.7231 - ECASH Act
United States Congress
28th March 2022
Note this bill does not explicitly name Chaumian eCash but enumerates and requires compatible properties, such as being a bearer-instrument, public custody, transaction anonymity, peer-to-peer offline transactability.
though the SNB have not yet committed to building a CBDC of any form.
In our view, the architecture of the Digital Pound should be Chaumian eCash.
We acknowledge that the Bank does not currently believe that a bearer instrument model is appropriate, and we contest this assessment.
Another approach [for a CBDC] is a bearer instrument model, where ownership of digital pounds is recorded on individual user devices, and transactions take place between users, with no interaction with the central bank. This is close to the way cash works at present. Such an approach presents several challenges. While hardware devices (for example, phones, wearables, cards) are difficult to hack, if that happens it is difficult to detect and to fix.
The Bank is presumably concerned about theft of the bearer instrument from end-user’s custody. This is of-course a risk, but one that is understood and tolerated by the public when using physical cash, and is an inherent property of cash.
This risk is surely tolerable. People have been content with not being able to un-lose and un-have-stolen physical bank notes and currency for millennia.
This risk is also precisely one of the earliest reasons banks came in to being, providing safe custody (and the amusing risk of that not always being true).
This downside for bearer instruments can also provide a balancing incentive for people to not ape their entire liquid wealth out of banks and into the Digital Pound, and use it predominantly as a payment technology not a long-term store of value.
Definition of ape in
, courtesy of the Urban Dictionary.
Further, there is no trusted intermediary involved in transactions. That could give rise to ‘double spend risk’, where a user attempts to copy and spend the same digital pound multiple times.
eCash is not vulnerable to double-spending for online transactions because the bank (mint) intermediates each payment.
It can be extended to detect and mitigate offline double-spending by de-anonymising double-spenders,
Untraceable Electronic Cash
David Chaum, Amos Fiat, Moni Naor
Advances in Cryptology CRYPTO ‘88 pp.319-327.
Springer-Verlag US, 1988
though this extension does not necessarily need to be implemented, because an eCash requiring the recipient to be online is sufficient for most use-cases – in the same way that very few merchants accept offline card payments.
Also, a bearer instrument approach, where users never have to check back in with a central ledger, would lead to completely anonymous payments.
This is a misapprehension as it is not true that transaction anonymity derives from not checking in with a ledger.
Bitcoin, eCash and some other cryptoassets like Monero
About Monero
getmonero.org
CryptoNote v 2.0
Nicolas van Saberhagen
17th October 2013
enable anonymous payments despite every payment requiring interaction with a ledger for settlement – although it would be true that a system where no check-in at all is required would inherently be anonymous – though we are unaware of any such system that exists, but would be very interested to hear more if the Bank knows of such a construct.
This would go against our design principles for privacy and data protection, as well as laws to prevent financial crime (see Section D.2). There is additional complexity for conducting transactions between two individuals over distance as both hardware devices would need to be updated accurately. For these reasons, bearer instrument models are not appropriate as the only operating model for the digital pound, but they may have uses as part of other use cases: bearer instruments may be the best approach for offline payments, for example.
Again, that there is complexity for conducting transactions between two individuals over distance
is not a true characterisation of eCash nor most other digital payment technologies, as their transaction mechanics do not depend on user proximity, in eCash’s case merely that the receiver be able to contact the mint to redeem the received tokens for new ones.
The Bank may wish to surveil and have powers to observe, intercept and censor Digital Pound transactions and users for AML/CFT purposes, and subject users to invasive and arbitrary KYC checks just to be ‘allowed’ to hold the asset – but notably it does not have this ability for current physical cash beyond what law enforcement can achieve in physical space. The Bank commits to maintaining consumer access to physical cash as long as there is demand
and therefore implicitly accepts this limitation on the Government’s enforcement capability going forward.
It seems that the Bank must either accept this inability and so could tolerate it for a novel payment/money system, or must declare that under its current expectations for the prevention of financial crime, it would not find physical cash sufficient and so would not allow for its issuance. This latter stance, we’re sure, would not be supported by the public.
The Digital Pound will be most beneficial and best-placed to be a digital substitute for physical cash if it simply inherits cash’s properties: a bearer-instrument with robust transaction anonymity and ownership privacy, directly claimable against the central bank by the public. If it does not have these properties, we do not believe it will be compelling and thus that the public will not be inclined to use it in lieu of existing digital payment systems, as disinterest in the e-Naira and other already launched CBDCs has demonstrated.
Further, we don’t believe that the Bank’s currently proposed design has sufficient grounds to be implemented and presents a threat to civil liberties and unduly extends beyond the Bank’s constitutional and statutory obligations.
We propose that the Bank instead adopt a Chaumian eCash design for the Digital Pound, as this construct has all the desirable properties of physical cash and is private, secure, resilient, performant, simple and energy efficient.
Responses to the Bank’s previous consultation papers support this view.
Consultation Responses
The digital pound: a new for of money for households and businesses?
The Bank of England & HM Treasury
7th February 2023ISBN 978-1-5286-3903-3 (CP 797)
The Consultation Paper
The use of physical cash has declined steadily over the past thirteen years, falling from circa 21 billion payments per year in 2011 to 6 billion in 2021 – from 55% down to 15% of the total 34.8 billion consumer payments made in 2021.
Over the same time, payment card volume has risen from 8 billion to just short of 20 billion, flipping cash volumes in 2017 and accounting for 57% of all payments by 2021.
UK Payment Markets Summary 2022
UK Finance
August 2022
Faster Payments and other remote banking
payment methods have shown steady but slower growth than payment cards, currently accounting for 4 billion payments a year.
It is almost entirely payment cards that are supplanting cash, as other payment methods like Direct Debits and Bacs show fairly consistent use over time.
Physical cash’s decline in use is forecast to continue to around 6% by 2031.
While in its current state cash is moderately usable for in-person payments, the number of cashless merchants has risen from basically zero at some point in the past and is growing.
We are unable to find a study or survey that gives a quantitative view of how many merchants are ‘cashless’, or trends in the same.
However, there are may examples of media coverage of merchants moving to stop accepting cash.
Cash’s reign fades as Covid accelerates high street switch to card-only
The Guardian
12th March 2022
All checkouts at a supermarket take cards, but only some take cash, providing an incentive to use card for faster checkout.
During the Covid-19 pandemic, Which? research highlighted the difficulty those that depend on cash had as there was a particularly acute increase in merchants refusing to accept it.
One in three people have had cash payments refused during the pandemic
Which?
19th January 2021
An interesting contrast is that while transactional use of cash dropped precipitously, the value of banknotes in circulation actually rose.
This suggests that cash was being used as a store of value, ‘money under the mattress’, consistent with the role it has played throughout history as a safe asset in times of uncertainty, and when interest rates are low.
Update on the future of Wholesale Cash Distribution in the UK
The Bank of England
15th December 2021
Cash is rarely if-ever used for remote payment and online purchases, due to slow settlement via Royal Mail, the risk of fraud if goods or services are sent before payment is received, and theft or loss in transit.
Cheques have remained a small and declining portion of total volume, currently 0.2% despite the introduction of the cheque Image Clearing service for faster settlement.
With cheques nearly gone, there are no widely used non-digital payment methods available but cash.
Cash payments made through as service such as PayPoint are not non-digital remote payments
as the cash transaction itself happens in-person, then PayPoint or a similar service provider intermediates upstream payment digitally.
Despite its present and projected decline, cash as of now is still the second most used means of payment by transaction count in the UK, after payment cards. It is the preferred method of payment for over 5 million UK adults. From a Bank of England survey of c.2000 adults in England and Wales in January 2021.
Question 1
Do you have comments on how trends in payments may evolve and the opportunities and risks that they may entail?
Mobile internet access and the ubiquity of smartphones and personal computers have enabled digital payment methods to largely replace the use of cash in the UK. 86% of people use online or mobile banking, and 82% of all payments are made digitally.
UK Payment Markets Summary 2022
UK Finance
August 2022
There is an opportunity to provide a digital equivalent to physical cash, as the technological and social prerequisites for its use have existed for some time.
The rapid growth of contactless and smartphone payments from 3% in 2015 to 93% in early 2023 supports the view that businesses and consumers are eager to rapidly migrate to compelling novel payment methods.
Card Spending Update for February 2023
UK Finance
19th May 2023
Some people use physical cash as a means of keeping their financial transactions private, preferring the anonymity that cash gives them when making purchases and feeling uncomfortable using card as payments can be seen by their bank and potentially by other institutions.
Understanding cash reliance – qualitative
research
The Financial Conduct Authority & Savanta
July 2021
Others use cash for its convenience, simplicity and ease of use.
Those over the age of 50 are particularly reliant on cash, due to habit or lack of digital capability
.
Physical cash is the only consumer-accessible central bank (public
) money, so while digital payment cards and bank deposits may be widely considered more useful, cash is a distinct form of money.
Retail access to central bank money must be maintained, as the Bank sustains:
Access to public money – which is a safe liquid asset backed by the state – and the uniformity of money are critical for the smooth functioning of the economy. That is because they ensure that households and businesses can be confident in the value of money, regardless of its form and issuer.
The decline of cash may arrest at some stable point, but it is also possible that an inflection point will be reached where utility has dropped to the extent that the incentives to use it fall precipitously. Thus there is a risk too in not adopting a digital cash equivalent. Such a decline would also increase the overhead and marginal cost of cash handling and distribution, further disrupting or reducing access.
If cash usage declines far enough, it may be effectively eliminated from consumer finance as a usable money, much as commodity money (gold and silver) has already been eliminated in favour of fiat.
Fiat money is Representative Money generally made of paper except in the case of small denominations – which is created and issued by the State, but is not convertible by law into anything other than itself, and has no fixed value in terms of an objective standard.
John Maynard Keynes
A Treatise on Money, vol.1, p.7 (1930)ISBN 978-0-404-15000-6
Cash being a bearer instrument enables a holder to custody it for themselves and have high confidence in being able to hold and use it in the future. If cash is eliminated, there is no substitute asset backed by the British Government. The only alternatives would be precious metals and Bitcoin. While we support and advocate for widespread adoption of Bitcoin and hard money, we don’t simultaneously advocate for fiat money to get worse.
It is a matter of opinion whether the shift in payments towards private, non-government and market facilitated means away from central bank money is a good thing or not, but it does undoubtedly mean a shift from legally and constitutionally protected access to an environment more-so governed by private contracts and terms of service with weaker guarantees of access.
It is notable too that few of the payment card platforms are provided by UK companies. There is an albeit improbable risk that foreign & trade policy disputes or FX risk triggers a disruptive withdrawal of one or more of these methods. Platform providers may be subjected to legal restraint on services they can offer based upon their home jurisdiction, presenting a risk to UK businesses and consumers of denial of service resulting from foreign not domestic law. Additionally, profits from platform fees are largely off-shored for non-UK based payment platforms.
This behavioural shift away from using cash may also have negative consequences if consumer spending detaches significantly from real consumer liquidity, presenting a systemic and societal risk if it up-regulates the supply of credit (inflationary) and levels of unserviceable indebtedness (bad).
‘Buy now, pay later’ services have been used by as many as one in twelve consumers for basic, essential purchases of food and groceries.
BNPL usage was even higher among financially vulnerable people, including those that claim Universal Credit.
One in 12 now using Buy Now Pay Later to cover essentials
Citizens Advice
11th March 2022
These services offer unsecured credit to customers but charge high fees for missed and late payments – and reportedly around a quarter of their debtors have missed a payment or paid late, and 41% have struggled to make a payment.
‘Buy now pay later’ boom fuels consumer debt concerns as transactions soar
The Financial Times
12th February 2022
Buy now, pay later grocery schemes are a ‘debt trap’ for struggling families
The Guardian
12th January 2022
Buy Now…Pain Later?
Citizens Advice
22nd April 2021
Much of this lending may be predatory, intentionally seeking to extract fees from those known to be unlikely to pay as scheduled.
In contrast, users of cash have often said they use it in part because it helps them budget and avoid overspending.
Many [people functionally dependent on cash] have low financial resilience and budget on a very low income, depending on cash to do so effectively. Many have times where they struggle to afford all essential goods in a month. Cash is often used to simplify household finances and as a physical aid to make it easier to budget, save and navigate difficult decision-making.
It is concerning that customers may be accumulating increasing debts that they may be unable to service, and doing so to cover non-discretionary spending on food and other essentials. This is obviously risky for both the debtors and creditors.
Not wanting to nanny, but there is perhaps a societal benefit in providing a simple digital cash that can be used instead of other digital payment systems where it’s harder to control impulse buying and keep track of spending.
Finally and most profoundly is the rapid growth of Bitcoin and other cryptocurrencies.
Their use and familiarity everywhere continues to grow, with over 420 million global users in 2022, 4% of global population.
Cryptocurrency Ownership Data – Global crypto adoption
Triple A
16th May 2023
The FCA estimates that 10% of UK adults hold cryptoassets in 2023, up from 4.4% in 2021, and 91% of people have heard of them. Britons hold a total of around £8 billion in cryptoassets.
Research Note: Cryptoassets consumer research 2023 (Wave 4)
Financial Conduct Authority
8th July 2023
Bitcoin is the clear leader for adoption, with an even stronger lead in name recognition among non-cryptoasset holders (80% have heard of it). Ownership is particularly strong among younger people – 20% of 18-24 year olds own a cryptoasset, and ownership is more prevalent among Black and Asian Britons – 19% and 20% respectively, compared to 9% White.
Individuals holding cryptoassets: uptake and understanding
HMRC
February 2022
Chainanalysis estimates that United Kingdom leads in Europe for Bitcoin & crypto use, facilitating over US$ 233 billion in value received in 2021-2022.
The Chainalysis 2022 Geography of Cryptocurrency Report
Chainanalysis
20th October 2022
Year-on-year growth in the UK is estimated at 18%, with Germany, Italy and Spain outpacing that rate, the Germans seeing a rapid 48% growth from 2021 thru 2022.
Bitcoin’s Lightning payments network enables instant settlement for micro-transactions of 1 mSat (one-hundred-billionth of a bitcoin) to multiple whole bitcoin, enabling low-fee borderless payments and significantly improved merchant and customer experiences.
Lightning has continued to see increasing network capacity, from around 850 BTC (US$ 6 million) in 2020 to 5,400 BTC (US$ 144 million) in June 2023.
Lightning Network Statistics
BitcoinVisuals.com
Note private Lightning payment channels are not announced to the network so their aggregate capacity and transaction volume is much harder to determine.
Private channels can transact in the network just as public channels can, but aren’t available to route-through for other users’ payments.
Because of the private nature of the Lighting network it is effectively impossible to know the true volume and aggregate value of payments transacted over Lightning, but it was estimated to be around the US$ 240 million mark in 2022 having grown 410% in USD terms compared to 2021.
The State of Lightning Volume 2
Arcane Research
April 2022
These figures mean that Lightning, a still-nascent technology being built on-top-of Bitcoin easily surpasses the payment volumes of all the CBDCs that have launched to date.
Lightning can theoretically support an unbounded transaction velocity across the network as transactions settle as fast as the two peers at each end of a payment channel are able to coordinate a payment.
Lightning transactions have no footprint in the Bitcoin base-layer blockchain (distributed ledger
) so are not limited by its relatively high fees, fixed block size and comparatively slow 10 minute block time.
Question 2
Do you have comments on our proposition for the roles and responsibilities of private sector digital wallets as set out in the platform model?
Do you agree that private sector digital wallet providers should not hold end users’ funds directly on their balance sheets?
We propose that the digital pound should be designed as a platform model, as originally set out in the Bank’s 2020 Discussion Paper. In the platform model, the Bank would issue the digital pounds which would be recorded in a ‘core ledger’. The Bank would build and operate the ledger – a highly secure, fast and resilient technology platform – which would provide the minimum necessary functionality for the digital pound. Regulated private firms – Payment Interface Providers (PIPs) and External Service Interface Providers (ESIPs) – could then access the core infrastructure via an application programming interface (API). These private sector firms would deal with all user-facing interactions, including handling customers’ information, and be able to develop and offer innovative services using the digital pound.
The Platform Model
Consultation Paper, Figure 4, p.39
The Bank proposes a ‘retail’ CBDC, whereby intermediaries provide wallets to persons, and these intermediaries then directly integrate with the Bank. These wallets appear to be necessarily custodial, as the Bank does not allow for direct individual custody of the Digital Pound where the only other counterparty is the Bank itself.
We believe this design requiring intermediaries is wholly unnecessary, and incongruent with the objective we support of providing a Digital Pound that is an analogue of physical cash.
One role of these intermediaries is seemingly to do those things the Bank does not want to bother or sully itself with, namely aggressively KYC and monitor for AML/CFT compliance by surveilling their customer’s wallets and activities.
All entities in any Digital Pound ecosystem would have a responsibility to protect customers from fraud and uphold robust financial crime controls.
Consultation Paper, p.60
This stipulation places a great burden and requirement to surveil their users upon these entities. We believe that evidence shows that this burden leads to severely damaging false-positives within the existing digital payments and banking ecosystem, and that this will be no different for the Digital Pound as currently proposed.
This provides a barrier to access the financial system for under-documented persons, those conducting legal but unpopular or controversial business, and others. We expand further on this Financial Accessibility and Inclusion risk in response to Question 11 and Question 12.
There is utility in intermediaries or gateway services providing methods for swapping between the CBDC and other holding types (bank deposits, physical cash, other digital wallets, commodities and merchant payments) but this is not the same as requiring private-sector wallet platforms to be able to hold and use a CBDC.
Additionally the requirement for intermediaries entails funding their operations, which will likely be generated via fees charged to merchants or individuals or both. Note that physical cash does not have a strict analogue of this property. It may cost money to buy a cash register or withdraw from an ATM, but transacting in cash without these costs is possible.
In a bearer-instrument scenario, the need to provide software, wallets, smart cards and other hardware for both consumers and merchants will still exist. But arguably there is a much greater scope for technical innovation here than in the Platform Model, as for example a hardware wallet could be sold that doesn’t need someone to provide and run a backing financial service, as the wallet itself directly interfaces with the Bank’s ledger.
The Platform Model instead requires the provision of a financial service and associated servers, infrastructure, management staff and costs. For a bearer-instrument, these would be optional and combinable – merchants needing to build significant infrastructure to handle the CBDC would be more readily able to combine products offered by different vendors for a bearer-instrument, as interoperability between all the different components they select would be guaranteed.
The Bank notes that payment fraud has increased significantly in recent years
.
Consultation Paper, p.60
While we will acknowledge that our proposal for a digital bearer instrument necessarily means that a user that is induced to send a payment to a person or entity defrauding them will be unable to appeal to any authority to have the payment un-done and their funds returned, a digital cash-equivalent CBDC does eliminate entire categories of financial crime.
Customers will be unable to defraud businesses with false chargebacks or bounced payments when settlement is deferred, as all payments settle immediately.
Counterfeiting of eCash is impossible, eliminating the need to monitor for and expend resources on securing against counterfeiting of physical currency.
39% of small and medium businesses surveyed for the FCA believed that fraud and errors are less likely in cash
,
Cash acceptance within SMEs (PDF)
Financial Conduct Authority & Savanta
9th November 2021
and it there would likely be similar sentiment around a CBDC if it also guaranteed immediate settlement and a a very high transaction success rate.
Do you agree that private sector digital wallet providers should not hold end users' funds directly on their balance sheets?
In general yes, and that users should hold their CBDC as a bearer instrument as they do now with physical cash. It should be impossible for a wallet provider to transact on the user’s behalf, seize or freeze their funds, and prevent them from moving to an alternative wallet.
However, we would not be opposed to custodial services being offered if consumers prefer to use those, so long as these services clearly explain the risks.
The Bank claims that these intermediaries provide pass-through wallets
where their funds are not held as a claim on the wallet provider or held in custody by the wallet
Consultation Paper, p.56
but given the public will always be required to use such an authorized wallet to use the Digital Pound, it is totally unclear how the Bank envisions this being really any different as an experience from a bank deposit, as the co-operation of a third party is always required to access and move funds.
Technically, this presumably means a bank or other custodian would hold the CBDC in trust, the user maintaining title to the funds, and the custodian would not be able to fractionally reserve, lend or otherwise hypothecate a user’s holdings.
But from the user’s perspective, it is a distinction from a bank deposit account without a difference, and likely one that the public in general will not care for.
Question 3
Do you agree that the Bank should not have access to users’ personal data, but instead see anonymised transaction data and aggregated system-wide data for the running of the core ledger?
Yes. Our view is that a CBDC should not in any way collect personal data of the user at all, and that this should be both cryptographically guaranteed and made a point of law.
Chaumian eCash provides such a cryptographic guarantee, through the blinded signature scheme it uses for the bank (mint) to handle exchanges of tokens. The eCash mint is able to see the value of transactions that it handles and the times at which these transactions happen, but not when or to whom those tokens were issued or sent.
This should provide the Bank with sufficient information to understand and monitor transaction flows, movement of money in and out of the system, the velocity of money and other data of monetary and economic interest, without intruding upon user’s privacy.
As other respondents to this consultation have noted, were the Bank to seek access to users’ personal and transaction data this would require new primary legislation as it is not remotely within the Bank’s current remit to have such access.
BPUK Response - The digital pound: a new form of money for households and businesses?
Freddie New et al., Bitcoin Policy UK
31st May 2023
Question 4
What are your views on the provision and utility of tiered access to the digital pound that is linked to user identity information?
What views do you have on a privacy-enhancing digital pound?
As we oppose the Platform Model in principle, and advocate for a much more private Digital Pound that can be transacted and held anonymously, we also oppose tiered access based on how much a user is willing to share their private information in return for higher account limits.
We however agree with the Bank that given their current proposal, this variability marginally improves the accessibility of the Digital Pound for disadvantaged and financially excluded persons would be able to access it with very limited or no documentation. Consultation Paper, p.73
While the Bank and Government claim to have taken the public’s desire for privacy in to account for the Digital Pound, we do not believe that the Platform Model with its lack of cash-equivalence and guarantees of privacy and anonymity in transacting and holding is sufficient, nor aligned with the public’s want for privacy.
Responses to the Bank’s 2020 Discussion Paper emphasised the importance that users place on having privacy in their transactions. Security and privacy were often cited as aspects on which there should be little or no room for compromise. The Bank and Government agree, and this perspective informs our proposals for the digital pound’s design.
We remind the Bank that in 2020 respondents to the Discussion Paper grounded their privacy expectations in the example of cash
.
Responses to the Bank of England’s March 2020 Discussion Paper on CBDC
The Bank of England
7th June 2021
The Chaumian eCash construct we have counter-proposed is an architecture appropriate for a CBDC that would maximise – that is not compromise on – privacy and security. Its behaviour and properties are grounded in those of cash.
All payments should be able to be made using the digital pound so long as they are lawful, observe any restrictions […] and comply with regulatory obligations laid down by authorities. Subject to a payment being lawful, the Bank would be neutral in processing it, and does not envisage applying any limitations on payments on ethical grounds.
The Bank needs to provide much a firmer commitment than this, we suggest: The Bank of England will never apply limitations on a lawful payment
.
This should be guaranteed as a matter of law.
The digital pound would not be anonymous because the ability to identify and verify users is needed to prevent financial crime
This need
is unclear. As we have already covered, physical cash is issued by the Government and is anonymously transactable.
Liberties and crime prevention are always at odds with one-another. An all-knowing, all-seeing state would be able to prevent or punish all crime, but that is not a state in which any sane person would wish to live. We have the liberty to use cash now; if this is maintained in the Digital Pound, it will necessarily have to be highly private and anonymously usable.
The digital pound would have lower frictions than physical cash, so carries higher risks of abetting crime. It is not therefore appropriate to allow such anonymity for digital pounds
Taking eCash again as an example, the Bank can see velocities, volumes and times of transfers of the asset, and could flag anomalous amounts to law enforcement for physical investigation. It can freeze known-bad tokens in absentia which is not possible with physical cash.
Crime is not conducted solely through money. Many serious crimes are things and actions that happen in the physical world. Trade and dealing in illicit items, theft, murder and many more crimes all have avenues for enforcement that do not depend on a monetary panopticon.
Incredibly private, permissionless low friction
digital payment systems already exist, such as Monero (and to a lesser extent, Bitcoin).
Criminals are able to use these already, so providing a private Digital Pound does not grant them new territory for nefariousness.
We do not think it unreasonable or intractable to have a Digital Pound that has effectively all the same privacy and anonymity properties as physical cash does today.
Question 5
What views do you have on the embedding of privacy-enhancing techniques to give users more control of the level of privacy that they can ascribe to their personal transactions data?
We advocate for uniform and maximal privacy. If users choose to use a service that is less private in exchange for some feature that they want, we wouldn’t strongly oppose this, but this is a property of the particular wallet or provider, not the Digital Pound itself. Users should be free to handle their own data as they wish, even if what they do with it is inadvisable.
But, there should be absolutely no personal data within the Digital Pound system itself, and no mechanism for users to de-anonymise themselves.
We are glad that the Bank is interested in PETs and integrating them in to the Digital Pound where possible to provide mathematical guarantees of privacy, however, if the system is inherently private and architecturally simple as Chaumian eCash is, complex PETs such as ZKPs, ZKRPs and differentially-private data aggregation and reporting techniques are not needed to claw-back user privacy.
We note too that there are malign incentives with existing systems such as ‘Open Banking’, where a person can be enticed to hand over access to data that they would prefer not to, because the alternatives are slower, more expensive or reduce the likelihood of an application being approved. A good example of this is rental tenant referencing, where Open banking is presented as an easy way to prove income and existing rental payments, but grants a letting referencing agency access to their complete transaction history and metadata, not merely those transactions that are necessary to verify.
Our view is that the Digital Pound be designed so that avenues for trading privacy for expedience are as limited as possible, and that there are no incentives to do so.
Question 6
Do you have comments on our proposal that in-store, online and person-to-person payments should be highest priority payments in scope?
Are any other payments in scope which need further work?
We agree that these payments should be the focus for the design and release of the Digital Pound. These are all payments that involve a natural person, and are most-similar to the types of payment where cash is used today.
Because of the declining use and availability of physical cash presenting a hazard for those that depend on it, it would be wise to also prioritise the receipt of benefits and pensions for those that wish to receive them as Digital Pounds, both automatically and through the Post Office and other already-familiar venues. This would have a clear Financial Accessibility benefit.
Regarding Infrastructure for adoption – we believe that most existing payments hardware would be capable of transacting eCash. Store Payment terminals via software updates, smartphones via apps, and smart cards with fairly minor modifications. A bridge over PCI standard payment rails would be easily implemented and provides a compelling business model for new companies to adopt, e.g. offering prepaid card services to enable spending CBDC over existing PCI infrastructure.
Once again, if direct retail access is allowed (i.e. bearer instrument) then developing payment solutions is a maximally open space for competition and innovation and rapid development.
There may however be a benefit in requiring a degree of infrastructure change in that it would naturally regulate (slow) adoption of the CBDC alleviating some of the Bank’s concern around rapid uptake being destabilising.
While we agree with the Bank’s priorities, we see no reason that commercial banks and financial institutions should not be able to use the Digital Pound for high-value transfers and interbank settlement. The Digital Pound should be able to broaden its use cases and users in the future.
Question 7
What do you consider to be the appropriate level of limits on individual’s holdings in transition? Do you agree with our proposed limits within the £10,000–£20,000 range?
Do you have views on the benefits and risks of a lower limit, such as £5,000?
We do not support any limits on individual nor corporate holdings of the Digital Pound. Given our stance on privacy, such limits would not anyway be enforceable.
However, if the Digital Pound was developed as proposed, then we would support the highest limits, and see no benefit in a lower limit such as £5000.
Limits on holding erode trust in the system, as holders may worry about hitting the limit or it being reduced in the future, and so would be less likely to adopt the Digital Pound. This would be even more of a concern for corporates, where the introduction of a limit could mean that they stop being able to receive payment in stores or online in the Digital Pound, and would have to quickly dispose of their holding to continue conducting business.
[The digital pound must] be designed in a way that manages any risks to financial and monetary stability. As set out in Part C, those risks largely stem from any large and rapid outflows from bank deposits into digital pounds, and from wholesale use disrupting the function of critical money markets. These risks would depend on uptake of the digital pound, which is difficult to predict and may vary during the introductory period and times of stress.
A limit on individual holdings would be intended to manage those risks by constraining the degree to which deposits could flow out of the banking system. That is important during the introductory period as we learn about the impact of the digital pound on the economy.
For a fully private Digital Pound, such as one built using the Chaumian eCash system we propose, flows of money into and out-of the CBDC would still be regulatable. This would operate in a very similar way to daily or weekly limits placed by commercial banks for each depositor on withdrawals from ATMs, and could be applied to individuals. Similar limits could easily be imposed when exiting the CBDC, e.g. when depositing it at a bank.
Given the Bank’s concern is with financial stability, limits on the aggregate amount of the Digital Pound that are available at any given time seem to be much more important than individual limits.
As with physical cash where there is also the ability to limit the total supply of the CBDC. This would allow a managed roll-out where the quantity of money held in the Digital Pound is limited by the Bank following an issuance schedule, which can be adjusted based on the Bank’s monitoring of the financial system’s response to the new form of money.
One thousand people moving to hold £10,000 each has a much less significant effect than ten million people rapidly acquiring £1000 each would.
We will also point out that other CBDCs already launched have seen very slow, not very rapid uptake, See the introduction for references. so we judge it highly unlikely that instability will be caused by rapid flows into the system. The Bank however does of-course have a duty to consider this as a possibility and plan for it accordingly, but the improbability would allow perhaps ‘cruder’ controls, like the aggregate inflow and outflow limits and capping of the total supply that we suggest.
Question 8
Considering our proposal for limits on individual holdings, what views do you have on how corporates’ use of digital pounds should be managed in transition?
Should all corporates be able to hold digital pounds, or should some corporates be restricted?
Corporates would likely need higher limits on their holdings than individuals, presumably around the £10m mark if individuals are limited to £10k.
However, as with our response to Question 7, we do not support limits applied on a per-holder basis.
We also see no reason why any specific types of corporation should be unable to hold Digital Pounds. Banks in particular may need to be able to hold a very large or unlimited balance in the CBDC to be able to service deposits and withdrawals, though as set out in Question 7 inflows and outflows could be limited/regulated, but that would be the central bank’s role not one for each commercial bank.
As the Digital Pound will have effectively the same monetary properties as cash, there does not seem to be much of an incentive for large financial institutions to switch to the Digital Pound from existing money markets for wholesale activity
.
A restriction preventing financial firms from holding the CBDC may be sensible initially, but in the long term we would not support them.
This may mean that the Digital Pound becomes a joint retail and wholesale CBDC.
It may even be more destabilising for firms to be unable to move money into cash because they are prevented from holding the Digital Pound, if that is where they deem it to be least-risky. We agree with the Bank that this would need close analysis and monitoring, as it could have novel effects on money market funds and the gilt markets in particular during the transition period.
Question 9
Do you have comments on our proposal that non-UK residents should have access to the digital pound, on the same basis as UK residents?
In the same way that there is international access to British cash, yes, non-residents and those overseas ought to have access to the Digital Pound.
This doesn’t strictly have to be on the same basis as UK residents, though. Non-residents may be able to get and use a simple smart-card wallet, but it would be acceptable for individual PIPs and ESIPs to decide whether they do or do not want to serve non-residents.
This will aid in its adoption and ensure tourists and visitors are able to pay in the same way that residents can. It may be significantly easier for foreign-exchange businesses to switch to handling the Digital Pound from physical currency, reducing the need to hold and distribute physical banknotes across many different locations.
Overseas holders may be more inclined to spend leftover Digital Pounds online at UK retailers than to have to exchange it back in to local currency, or hold it until they are next in the UK.
Question 10
Given our primary motivations, does our proposed design for the digital pound meet its objectives?
Unfortunately, no. As stated in our introduction, the Bank’s Digital Pound proposal is deficient on two key fronts:
- The proposed Digital Pound is not a cash digital cash-equivalent: it is not privately transactable nor a bearer instrument, as physical cash is.
- The Platform Model does not actually provide retail access to central bank (public) money as the public will not have direct access to the Bank’s CBDC system and ledger. It requires custodial intermediaries which adds counterparty risk.
We have argued throughout this response that cash-equivalence, closely matching the existing properties of physical cash ought to be an objective for the Digital Pound, citing the privacy, security, inclusivity and desirability of this feature. We expand on inclusivity and financial accessibility in Question 11.
Question 11
Which design choices should we consider in order to support financial inclusion?
Commercial banks, financial institutions and payment service providers (FSPs, PSPs) can and do deny service to individuals and companies for reasons they need not disclose for activity that is perfectly legal, but they do not like.
For example – the PayPal Acceptable Use Policy prohibits:
cigarettes
not illegal; promotion of hate, racial or other forms of intolerance
subjective and PayPal’s discretion not legal judgement;
items that are considered obscene
not illegal, subjective.
Payment-card platform Stripe’s Prohibited and Restricted Businesses list is similar, no guns, sales of online traffic or engagement, pornography, mature content, online dating services, gambling, and any other businesses that Stripe considers unfair
– none of these are illegal, many subjective.
PayPal shuts down accounts of Free Speech Union
The Telegraph
20th September 2022
Charitably, this could be put down to overeager and overcautious application of AML/KYC rules, a fear of being accused of insufficient scrutiny of their users by regulators.
But by doing this, they ‘unbank’ those that have not broken the law, who then have very limited rights of redress and reparation.
“NatWest robbed me”: Account closures dog one of Britain’s biggest banks
i News
23rd June 2021
“It’s my money, not theirs”: Account closures exposed at Pockit, Revolut, Monese and Monzo
i News
19th May 2021
The Bank appears to have somewhat shared this concern in its 2020 Discussion Paper:
Cash also has an important role in financial inclusion. In a world where cash becomes less widely used, there is no guarantee that the current private sector provision of the retail payment systems may meet the needs of all users, leaving underbanked groups of society particularly at risk
If there is no access to cash and all digital monies are gated by private terms of service, then these unbanked people and companies can almost be shut out from holding and handling money entirely, presenting a severe and intolerable Financial Accessibility risk.
The homeless and those of no fixed address would have difficulty in satisfying the KYC requirements for the Digital Pound, or could be limited to only a very small holding.
Just like opening a bank or other payment account, some level of identity verification would be required when opening a digital pound wallet, in order to prevent financial crime. These requirements would be consistent with those that legally apply today and in the future for financial and payments institutions.
We recognise that it is beyond the scope of this Consultation to improve upon on the severe problems with current financial regulations and invasions of user privacy, but do so to point out that if the Digital Pound bears all the same restrictions and brings no fundamentally new properties, then it can do nothing to improve financial accessibility.
As a more simple point, this requirement will make it difficult for tourists and others visiting the UK, or those needing to handle Digital Pounds for a short time to be able to do so. Simply being able to download an app onto your phone or pick up a card from a shelf at a convenience store and start using it is a much better experience.
Here again eCash offers a clear benefit. A cheap £20 mobile phone is capable of holding eCash and doing the simple cryptography required to transact and verify it. Ultra cheap solutions like smart cards would work without requiring internet access, as the connection to the Bank could be handled over low cost and readily available tech like NFC or BLE, uplink provided by the merchant terminal.
Similarly, pensioners and those that receive state benefits like Universal Credit could benefit from being able to choose to receive these simply and quickly in the form of Digital Pounds. This could be through an automated deposit into their digital wallet, or physically in the places that they are already familiar with like the Post Office, and convenience stores that offer cashback and payment services like PayPoint. PayPoint PLC. is a British business offering a system for paying bills and other basic financial services, often using cash, at local convenience stores around the country.
The above being said, physical cash currently has unbeatable accessibility for in-person payments, but a simple and straightforward CBDC could have the potential to enable the elderly and vulnerable to make remote payments without the need to set up and manage a bank account or payment card, which many find too complex or difficult to do.
Question 12
The Bank and HM Treasury will have due regard to the public sector equality duty, including considering the impact of proposals for the design of the digital pound on those who share protected characteristics, as provided by the Equality Act 2010.
Please indicate if you believe any of the proposals in this Consultation Paper are likely to impact persons who share such protected characteristics and, if so, please explain which groups of persons, what the impact on such groups might be and if you have any views on how impact could be mitigated.
The Government has committed to maintaining access to physical cash so that the particularly young, elderly, vulnerable and technically less-competent are still able to use it.
Our response to Question 11 elaborates on our concern for underbanked and financially dis-included persons and businesses, and how we believe those could be mitigated. In particular, that the proposed Platform Model makes this financial exclusion more likely, and that a more private, bearer-instrument model would alleviate this concern.
As the Equality Act 2010 protects race and ethnic origin
, it is arguable that some Gypsies and Travellers and those that have no fixed address for cultural and heritage reasons will be discriminated against, as they are often unable to complete the more intensive levels of KYC.
Note that by expanding on this specific concern we do not mean to imply that no other protected groups may be affected for this reason or any other.
Higher levels of KYC demanded by PIPs and ESIPs under the Platform Model as proposed will require address history, banking history and having government-issued identification to be able to hold higher amounts of the Digital Pound.
If you cannot satisfy these KYC requirements you will be limited to a lower holding under the proposed tiered account
system.
Consultation Paper, p.73
Gypsies and Travellers continuing to travel for work and living on roadside camps, face barriers in terms of both financial and economic inclusion. For example, insecure accommodation and a cycle of evictions can affect access to employment. Having no fixed address can also make it problematic to access a bank account, and Friends, Families and Travellers continue to support Gypsies and Travellers who have been refused access to a bank account, despite the Payment Accounts Regulations (2015) stating banks should offer basic accounts to ‘consumers with no fixed address’.
If many Gypsies and Travellers are facing longstanding exclusion from existing financial services, there is no reason to believe that they will not be excluded by the new financial service firms offering access to the Digital Pound.
In 2012, the then Government committed to encourage measures to improve financial inclusion
for Gypsies and Travellers, yet the above 2023 report indicates that this has not markedly improved.
Reducing inequalities for Gypsies and Travellers: progress report
HM Government
Ministry of Housing, Communities & Local Government
4th April 2012
Many Gypsies and Travellers hold the majority of their funds as cash, and 20% do not have a bank account at all, so must be holding and transacting all money in cash.
Gypsy/Travellers and Financial Exclusion - An examination of Best Practice in the development of financial capability
Shelter Scotland
June 2015
Were cash to continue its decline, ot the Digital Pound to effectively kills it off, they would need to be able to hold it as Digital Pounds instead.
The mitigation would simply be… a digital bearer instrument, as we have proposed and argued for extensively in this response. One cannot be excluded from holding it, because all you have to do is have it.
Technology Working Paper Responses
The digital pound: technology working paper
The Bank of England
February 2023
The Technology Working Paper
The Bank’s six design considerations for the Digital Pound are:
Privacy, Security, Resilience, Performance, Extensibility, Energy use
Question 1
Do you agree that these six considerations are foundational technology considerations for CBDC?
Are there additional or alternative technology considerations that the Bank should be focused on? (Section 3)
We agree on these foundational considerations, although we do not see a need for endogenous extensibility
.
If the Digital Pound itself is conceptually simple, extensibility outside of the system is still possible and may actually be easier to implement, rather than say a smart contracting ability built in to the system.
We would substitute extensibility
for simplicity
.
Many technologies that are widely used are successful largely thanks to their simplicity. The World-Wide-Web’s hypertext transfer protocol is not complex, and with the simple GET
& POST
primitives alone almost everything we call the ‘internet’ has been built.
Extensions to HTTP such as WebSockets were added later by bootstrapping the existing system.
The POSIX operating system standard enables developers to build across variants of UNIX, Linux and the BSDs, including MacOS. Again this simple set of open primitives has spawned a wide variety of applications and uses largely because of its simplicity.
As we have already outlined in our response to the Consultation Paper, the CBDCs that have been deployed to date have not shown strong uptake by consumers and businesses in their economies. If the Digital Pound has a simple, open and easy to integrate architecture, this will reduce the barrier for business uptake to a minimum. If instead it is complex, with gated access, requiring costly and slow accreditation and certification to build against, there will be little incentive for businesses to expend resource on it when there are few users of the system; but being able to use it requires someone having built the means to do so. Simple is better.
Question 2
Which privacy-enhancing technologies, or other privacy mechanisms, might support the proposed policy objectives, and how might they be used? (Section 3.1)
The PETs the Bank enumerates in Section 3.1 all seem applicable.
However, as we have argued for in our response, the blinded signature mechanism at the core of Chaumian eCash
Blind signatures for untraceable payments
David Chaum.
Advances in Cryptology: Proceedings of Crypto 82 pp.199-203.
Springer US 1983
Untraceable Electronic Cash
David Chaum, Amos Fiat, Moni Naor
Advances in Cryptology CRYPTO ‘88 pp.319-327.
Springer-Verlag US, 1988
Chaumian ecash without RSA
David Wagner (UC Berkeley)
31st March 1996
eCash 2.0: Inalienably private and quantum-resistant to counterfeiting (PDF)
David Chaum (xxNetwork), Thomas Moser (Swiss National Bank)
November 2022
is another PET that we evidently believe would be highly beneficial to the Digital Pound.
This construct grants:
- Inability of third parties to determine payee, time or amount of payments made by and individual.
- Ability of individuals to provide proof of payment, or to determine the identity of the payee under exceptional circumstances
- Ability to stop use of payments media reported stolen
Pseudonymisation, Private Information Retrieval and Attribute-based encryption are not strictly needed in an eCash system because the Bank/Mint is already unaware of from whom to whom payments are made, and is unaware of who currently holds how much money.
Question 3
Are the provisional requirements and metrics discussed in the paper, particularly for uptime, transaction throughput and transaction speed, realistic and appropriate? (Sections 3.3 and 3.4)
Yes and yes. We also think it reasonable for the Bank to monitor the velocity of money in the system (distinct from throughput), balance of payments, and perhaps the coarse geographical location of activity on the network, say at the level of ISP/source-network for traffic, with due regard to user privacy and relevant legislation.
Question 4
Are there other significant components or activities that the Bank should consider in designing a CBDC? (Section 4)
There is little point in a CBDC which is inherently centralised opting for a DLT architecture. Bitcoin is decentralised and so is orders of magnitude more complex than a centralised ledger only because that is required to maintain trustlessness. In a CBDC the issuing bank must inherently be trusted, so distribution of the ledger and consensus is not needed.
Using a DLT to offload transaction collection, block templating and proposal from the Bank itself may be a viable as a scalability tactic, but given the design peak throughput of 30,000 to 100,000 transactions per second, and desire for low latency in settlement being similar to or better than existing payment card systems, this seems unachievable for a DLT, or at least it would be a DLT operating at a volume and speed that matches or exceeds the fastest existing deployed DLTs like Solana (around 50,000 TPS theoretical), and much faster than proven DLTs like Bitcoin (circa 3 to 7 TPS) and Ethereum (circa 15 to 25 TPS).
Bitcoin blocks are capped at 4MB (technically 4 million virtual bytes) and a block time of 10 minutes.
This gives 4MvB/10mins, for an average throughput of 6.67kB/s.
The results in an average of 2200 transactions per block, for an average transaction size of 1818 vBytes.
The higher the transaction throughput of a DLT, the harder it is to successfully distribute as each transaction and block must be shared among the network nodes, requiring significant bandwidth and storage for higher throughputs. This is the primary reason Bitcoin intentionally has a capped block size of 4MB and a block time of 10 minutes.
Question 5
Are there alternative models that might better address the technology considerations and technical requirements outlined in this paper? (Section 4)
In response to the Consultation Paper we oppose the Platform Model for the Digital Pound, so clearly the architecture would be different for the Chaumian eCash system we propose instead. The architecture for an eCash system is simpler, with end-users’ devices and PIPs/ESIPs all directly contacting the CBDC system (the mint in eCash terms). The mint processes all transactions, and maintains a core ledger of its issuances (blinded signatures as promises).
Because eCash disintermediates PIPs and ESIPs, and has no strict architectural need for them, they cannot be a source of performance, security or resilience issues.
An eCash mint operates in a very similar way to existing web/internet services, providing a simple API that can be backed by a number of ‘boring’ traditional database technologies (e.g. relational SQL) or newer concepts like document stores and other NoSQL databases. If these are ‘off-the-shelf’ components, a suitable database with proven scalability and a strong history of use within industry can be selected.
The Bank’s conceptual model connects external payment systems directly to the CBDC system. These interconnections could instead be handled by PIPs, who could integrate with physical cash depositing/withdrawing systems, payment cards, and other digital payment systems like Faster Payments; rather than the Bank handling this themselves. It may be desireable, however, for the Bank to integrate at least one method of directly converting external money into the CBDC, simply so it is obtainable without reliance on a PIP/ESIP.
Question 6
Other than those described in this paper, are there additional important factors to consider related to ledger design? (Section 4.1)
Given the desire for high transaction volume and throughput, it would be wise to design a ledger that stores the current and recent state of the CBDC system, but does not have to retain the entire transaction history forever, as most DLTs such as Bitcoin do. Many if not all DLT states are not at-all verifiable if one does not have access to the full transaction history, e.g. for a blockchain, the validity of a block in the chain necessarily depends on information from the previous block.
Once CBDC has been spent, that data is not particularly useful to retain within the core ledger, and if it can be discarded this will significantly reduce the amount of storage and thus energy required to operate the system.
A white paper from the UK’s National Cyber Security Centre (NCSC) Distributed ledger technology
National Cyber Security Centre
30th April 2021 concluded that DLT is only likely to be useful in circumstances where all the following statements are true:
- Multiple entities need to be able to write data.
- There is a lack of trust between the entities writing data.
- There is no trusted central authority that can write data on behalf of the entities.
If any one of the above statements is assessed to be false, then the NCSC considers that a
conventional technology, like a database, is likely to be more appropriate.
We also agree with this assessment of the applicability of DLTs. In a CBDC system, there is a trusted central authority (the Bank of England) that controls consensus over the state of the ledger.
Question 7
What are the most appropriate approaches or technologies for collecting and analysing aggregate transaction data? (Section 4.2)
Broadly, the Bank will need two categories of analytics/metrics: Operational, and Economic.
Operational data should be easy to keep free from any data protection issues, as it concerns the behaviour of the computing and networking equipment running the CBDC system.
Keeping economic data private and protecting user’s personal information is harder, however, similar to our response to Question 2, if the core ledger and transaction APIs themselves are inherently private and anonymised, complex PETs are not required to ensure analytical data does not include users’ personal and private information.
There are a great range of widely used ETL pipeline, metric collection and aggregation tools available with heavy use in the financial industry and wider technology sector. Our only suggestion would be to use something the Bank has already deployed, and/or to use free and open-source solutions rather than lock itself in to a proprietary or bespoke new system. The benefit is that it can be changed and re-architected at a later date if necessary, and would be faster & cheaper to deploy than a bespoke solution.
Question 8
Do you agree with the need for aliases (both well-known and disposable)? If so, should the alias service be hosted as part of the Bank-managed infrastructure, or should it be distributed across the CBDC ecosystem? (Section 4.3)
Aliases for receiving payments are generally useful, but we think that an aliasing system can be built on-top-of the CBDC as an external service, and does not have to be endogenous (built-in).
Additionally, it won’t be immediately clear which methods of aliasing are going to be most useful and compelling for users. Will people prefer ‘phony’ bank account numbers and sort codes? Or will they prefer to be able to send Digital Pounds to phone numbers, email addresses, or accounts on WhatsApp?
If the CBDC system itself is simple and straightforward to implement, then the aliasing design space can be explored by private companies offering a service, rather than being baked in to the Bank’s systems.
Yet again, this is where we advocate for the eCash system, where tokens are sent and received simply as strings of text, which can be sent over a massive variety of existing communication channels. It would be very easy for a phone to recognise eCash sent to it in a text, WhatsApp or iMessage, and present it to the user to redeem.
Similarly, a commercial bank could easily take receipt of eCash sent to a person’s existing bank account details, and convert it in to a deposit in their debit account.
Question 9
What features would a CBDC API require to enable innovative use cases? (Section 4.4)
We don’t support the inclusion of programmability
or smart contracting
within a CBDC, and expand on this opposition in Question 12.
Additionally, we don’t think innovation
ought to be a goal in itself.
The aim is to provide a new form of central bank money, not an entirely new fintech sector.
A Chaumian eCash system can have a very simple API:
GET /mint?amount=<int>
request a minting of new tokens, providing proof of payment into the Mint from a different payment method.POST /melt
to request the Mint take a set of tokens and melt (destroy) them, paying out to a different payment method specified by the caller.POST /check
check whether some tokens have already been spent or not.POST /split
request the Mint splits some provided larger tokens into smaller denominations and return them.GET /keys
retrieve the Mint’s public keys and token denominations.GET /info
for the Mint’s settings, such as inbound and outbound limits.
Nothing much more complex is necessary. It just needs to be a form of electronic money.
So long as payments are straightforward and simple to make, you can leave the innovation and exploration of the design space to others.
Question 10
Do you agree with the suggested list of devices for making payments with CBDC? (Section 4.5)
Users should be able to make and receive payments using a range of devices and form factors, including (but not exclusively):
- Smart devices
- Smart cards
- E-commerce websites and applications
- PoS devices
Yes, with smart devices
including all mobile phones, both smartphones and cheaper older-style phones.
It is important for Financial Accessibility that very simple devices that are easy to acquire are usable with the CBDC.
With a digital bearer instrument, any device capable of storing and transmitting simple text data could technically be used to make payments. It would be a little peculiar, but it would even be possible to print out an eCash token as a QR code and send it on paper to a recipient to redeem.
Question 11
How viable is it to enable interoperability between CBDC and other forms of money using existing payments infrastructure? (Section 4.6)
As the Bank lays out in the Consultation Paper and the Technology Working Paper, interoperability with commercial bank accounts and physical cash are likely to be the two most important routes in and out of the CBDC.
For cash, existing infrastructure like ATMs will need software updates to be able to receive Digital Pounds to dispense cash; to receive cash in return for Digital Pounds is likely to be much harder, as most ATMs are not capable of taking deposits. This would instead have to be handled at commercial bank branches and merchants that offer cashback and perhaps payment services like PayPoint.
We’re doubtful that ATMs would be updated to support the CBDC quickly, judging by how long it has taken to eliminate Windows XP from that infrastructure.
ATM security still running Windows XP
Techradar
22nd October 2020
XP - the operating system that will not die
BBC News
5th March 2014
For commercial bank accounts, it feels more likely that the majority of banks would be capable of implementing and deploying interoperability with the CBDC on a timeframe of around a year (speculation).
Again the desire for interoperability and a relatively quick adoption and implementation phase are reasons to build an architecturally simple and easy to implement CBDC like an eCash, rather than a gated Platform Model requiring odious accreditation and a complex integration.
Question 12
Is programmability and smart contract functionality an important feature of a CBDC system? If so, what is the best approach to enabling such functionality? (Section 4.7)
No, we don’t believe that programmability and smart contract functionality an important nor desireable features of a CBDC system.
These features are technically complex, as a minimum requiring multiple transaction templates for each intended behaviour, but in practice they are implemented by providing a domain-specific language for crafting transactions.
In Bitcoin’s case, there is Bitcoin script, a fairly simple stack-based language where an output declares a predicate that must later be satisfied by a valid spending transaction.
Because this script is simple, the design space of smart contracts on Bitcoin is inherently limited.
The most common smart contracts on Bitcoin today are hashed time-lock contracts (HTLCs) used in the creation and closing of Lightning payment channels.
The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments (PDF)
Joseph Poon, Thaddeus Dryja
14th January 2016
For Ethereum, transactions run Turing-complete EVM code, allowing for a more complex and capable design space. Ethereum’s contracting enables the creation of on-chain entities that can hold a balance and be interacted with by other contracts and users.
However, this is not without its significant difficulties.
Infamously, the Ethereum network hard-forked to undo the unintended consequences of a smart contract, the DAO, that contained a vulnerability that lead to ’theft’ of 3.6 million ether from the contract.
Understanding The DAO Attack
Coindesk
13th January 2023
Many people refer to this as an attack, but it is also arguable that the ‘attacker’ did nothing wrong, as all they did was execute the code as written.
We would refer to them more as the DAO Lawyer, than the DAO Hacker.
The DAO issue highlights a particular difficulty that any smart contracting system on a CBDC would hit, that is, the collision between the code is the law and the law is the law.
If a smart contract is code, and code is deterministic, is it possible to say that the contract is ‘wrong’ or ‘has been broken’ even if all or a majority of parties believe it did something it was not supposed to do? Because the code for that behaviour always existed within the contract and was always auditable by all parties, surely they all agreed to that behaviour, or failed to be duly diligent? If a court of law decides against a contract’s encoded behaviour, how is that going to be enforceable?
Would the Bank need new legislation to set out that the CBDC contracting code is law?
We believe it is highly likely that a smart contracting system built in to a CBDC will be a source of controversy, technical complexity and difficulty, inevitably requiring fixes and changes to the system to prevent undesired and unforeseen behaviours and consequences.
Instead, the CBDC should be solidly built, simple, and focus on acting as money. Cash is not programmable. Complex programmability and smart-contracting capability is messy, and best avoided.
Question 13
How important is offline functionality in a CBDC system? What are the most effective ways to implement offline capability? (Section 4.8)
We don’t think that offline payments are necessary for an initial launch of a CBDC system, and can be added later.
The Chaumian eCash we propose can be extended to support offline payments.
Untraceable Electronic Cash
David Chaum, Amos Fiat, Moni Naor
Advances in Cryptology CRYPTO ‘88 pp.319-327.
Springer-Verlag US, 1988
It is worth noting that even with an online requirement for eCash, only the recipient needs to be online to redeem received tokens. The sending device can be a smart card or even a USB stick, as all it is required to do is pass on a digital token to a recipient, who then needs to redeem it to prevent the same tokens from being double-spendable.
Existing digital payment systems do not regularly operate offline, and many of them are incapable of it – yet they are all widely used. Payment cards can be used for deferred settlement, though merchants willing to do this do risk failed payments when they later attempt to settle captures, if insufficient funds are available or possibly if the payee defrauded them with a payment that they expected to fail.
Thus, offline payments may have some use, but we expect that it would be a small portion of all CBDC payments, and can be addressed later.
Other Responses to the Consultation
Responses with which we generally agree:
BPUK Response - The digital pound: a new form of money for households and businesses?
Freddie New et al.
Bitcoin Policy UK
31st May 2023Response to “The digital pound: a new form of money for households and businesses”
Geoffrey Goodell
University College London
7th June 2023