Articles on 1F52B

The Digital Pound: A new form of money for households and businesses?

1F52B — Sun, 25 Jun 2023 00:00:00 +0000

Introduction ⇝ Physical cash in the form of banknotes and coinage is a bearer instrument. A bearer instrument is a document that entitles whomever holds it to rights of ownership or title to the underlying property, such as cash, bonds or share certificates. If you hold it you own it, and have the responsibility upon yourself to custody it. You can spend and receive it privately and anonymously without record. In the United Kingdom, cash is also central bank money, representing a claim that can be redeemed against the Bank of England. Central bank money is, as the Bank puts it financially risk-free in the sense that there is no credit, market or liquidity risk.

For a digital asset to deserve to be called both cash and central bank money, it must have all of these properties: bearer instrument, privately holdable, anonymously spendable, liquid, fungible, divisible, and a direct liability of the central bank.

In their consultation paper of 2023 and earlier discussion papers of 2020 and 2021, The digital pound: a new for of money for households and businesses?
The Bank of England & HM Treasury
7^th February 2023
The Consultation Paper
ISBN 978-1-5286-3903-3 (CP 797)

New forms of digital money
The Bank of England
The 2021 Discussion Paper
7^th June 2021

Central Bank Digital Currency: opportunities, challenges and design
The Bank of England
The 2020 Discussion Paper
12^th March 2020
the Bank of England and HM Treasury set out a policy and architecture proposal for a Digital Pound, a central bank digital currency (CBDC) to provide a digital solution to the decline of physical cash and to maintain public access to central bank money.

While not opposed to this in principle, we find the Bank’s Digital Pound proposal deficient on two fronts:

The proposed Digital Pound is not a digital cash-equivalent: it is not privately transactable nor a bearer instrument, as physical cash is.
The Platform Model does not actually provide retail access to central bank (public) money as the public will not have direct access to the Bank’s CBDC system and ledger. It requires custodial intermediaries which adds counterparty risk.

These objections are pertinent because they address the Bank’s motivations and intentions for developing the Digital Pound:

To sustain access to UK central bank money — ensuring its role as an anchor for confidence and safety in our monetary system, and to underpin monetary and financial stability and sovereignty.

Uniformity and safety could be threatened by […] lower [physical] cash use.

That the Digital Pound will not be remunerated (bear interest) and that this is not a motivation for issuing the Digital Pound.

To promote innovation, choice and efficiency in domestic payments as our lifestyles and economy become ever more digital.

That the Bank proposes the Digital Pound should be designed following a platform model.

Consultation Paper, pp.11,24,27,48

And further they are relevant because the Consultation paper requests:

Views on the proposed approach to privacy.

Views on the proposal re. efficiencies in payments.

Views on the key features of the model we intend to take forward in the next phase.

The Digital Pound will not and should not accrue interest, in the same way that cash does not. Remuneration has implications for monetary policy as it would affect inflows and outflows into the Digital Pound from commercial bank deposits and other stores of value, and would alter the effective-lower-bound of interest rates. Consultation Paper, pp.41-43 This lack of remuneration makes it clear to consumers what the Digital Pound is, and avoids cannibalising other cash-equivalents such as bonds and other money-market instruments. It will be a means of exchange with no expected nominal return, not an investment instrument.

The Bank does not give “provide a digital cash-equivalent” as an explicit goal, but in its reasoning for the Digital Pound makes reference to the shift in the balance of public and private money used to make payments, citing the decline in use of physical cash meaning the same as a decline in the use of public money. If current trends continue, the public’s access to, or use of, central bank money will diminish and the monetary system could become fragmented, posing a risk to monetary and financial stability. Consultation Paper, pp.9-10 In its Discussion Paper of 2020 the Bank also cited Addressing the consequences of a decline in cash Central Bank Digital Currency: opportunities, challenges and design
The Bank of England
The 2020 Discussion Paper
12^th March 2020 as a motivation for exploring a CBDC.

The decline in use-of and access-to physical cash does not only mean reduced access to central bank money, but also the elimination of a highly private and anonymous method of payment and storing value. Financial Freedom and Privacy in the Post-Cash World
Alex Gladstein
Cato Journal
Summer 2021 The Bank’s 2020 Discussion Paper did make reference to this, albeit absent from later papers:

Physical cash has certain unique characteristics that would be lost if it were to fall out of general use. For example, cash offers a level of privacy in transactions that is not always available with existing electronic payment systems. Cash also has an important role in financial inclusion.

2020 Discussion Paper, p.18

Rightfully, the Bank seeks to maintain public access to cash, and its concern that the decline of physical cash presents a hazard is legitimate.

We are exploring a digital pound because money and payments are changing

Cash, of course, remains vital for many. Around 1.2 million UK adults do not have a bank account and around one fifth of people name cash as their preferred payment method. Cash remains important to a large cross-section of society. Even those who do not use it regularly consider it an important back up form of payment. For those reasons, UK authorities are committed to ensuring continued access to cash.

Consultation paper, Part A, p.10

What the Bank of England currently proposes with its Platform Model for the Digital Pound is unfortunately something that will look and behave much more like a bank deposit than cash, dependent on an unavoidable layer of new bank-like intermediaries to handle it for the public.

To suppose that intermediated access thru pass-through platform providers qualifies as public access to retail central bank money is not that far from claiming that the public already have access to central bank money intermediated through commercial bank deposit accounts — that is, not true in any useful sense.

If you cannot custody ‘your’ money yourself directly, it is not really yours.

This would, in practice, make the Digital Pound more of a wholesale CBDC, rather than a retail CBDC. Then, the utility of such a wholesale CBDC is doubtable, A position supported by the Lord’s committee and evidence given by the Bank of England to the same.

Central bank digital currencies: a solution in search of a problem?
Economic Affairs Committee
The House of Lords
17^th January 2022 as the Bank of England’s existing interbank settlement networks (RTGS and CHAPS) are functional and have an upgrade roadmap already in-progress; The renewed RTGS service – key benefits
The Bank of England
25^th April 2023 Commercial banks already have access to central bank money which is how they store their reserves; and they already use digital central bank payment systems to perform interbank settlement and other large payments; and consumers are already able to make quick and easy digital payments using banks and other payment systems.

Our position is that instead of this Platform Model, the remedy is to provide a digital equivalent to physical cash, and that this ought to be an explicit design goal of the Digital Pound.

Of-course, if the Digital Pound fails to replicate the properties of physical cash then it cannot claim to be equivalent to cash. If a Digital Pound is to be worth developing further, it must focus on providing a digital cash equivalent bearer instrument, with direct public access, as this is the only condition in which we find any CBDC to be compelling. If the Digital Pound is not actually cash, then we contend that it is largely pointless and unwarranted, as it will do nothing to help maintain public access to cash, with the Bank of England needlessly attempting to build a public competitor to existing payment platforms that already meet public demand. The one thing that the Bank of England can actually do that no-one else can, is provide a digital cash equivalent for the pound.

Cynically, the Digital Pound as currently proposed could be labelled as no more than an affinity scam, deploying buzzwords that make it seem to be a government response to cryptocurrencies and emerging novel payment and money technologies, without being substantially distinct from existing digital fiat payment networks and functionally inferior to cash.

It is not a novel opinion that the system the Bank proposes for the Digital Pound does not qualify as cash – cryptographer Hal Finney made this observation in 1996:

On-line electronic money, [where] the merchant must [authenticate the spender’s identity and ownership] with the bank for each transaction […] does not deserve to be called cash, though, because it lacks the distinguishing characteristic of digital cash: it is not anonymous. When the bank sees serial number 123456 being deposited, the bank recognizes that this was the same bill that Alice withdrew. The bank can therefore deduce that Alice spent the money at Bob’s.

Hal Finney
Detecting Double Spending (Archived)
15^th October 1993
(Emphasis added)

Many respondents to the Bank’s Discussion paper of 2020 placed great emphasis on the importance of privacy and anonymity, supporting our claim that these are both desireable and widely held to be necessary for cash-equivalence:

Feedback from respondents has […] emphasised the importance that users place on having privacy in their transactions.

Security and privacy were often cited as aspects on which there should be little or no room for compromise.

The imperative to protect privacy was also regularly cited by respondents as potentially having implications for transparency and financial inclusion.

Views varied on the degree of privacy that would be necessary or desirable for a CBDC system. Of those who felt that CBDC should be highly private or even anonymous, some respondents grounded their privacy expectations in the example of cash. Others pointed to the principles and technologies underlying decentralised cryptocurrencies as benchmarks for privacy for CBDC.

Responses to the Bank of England’s March 2020 Discussion Paper on CBDC
The Bank of England
7^th June 2021
(Emphasis added)

CBDCs have only recently emerged as a central bank and government infatuation. While over a hundred countries are in varying stages of exploration or development, thus-far only The Bahamas, Eastern-Caribbean currency union, Nigeria and Jamaica have actually deployed one. CBDC Tracker
and Atlantic Council CBDC Tracker

However, none of the CBDCs that have launched demonstrate strong public support or adoption. The Bahamian Sand Dollar makes up less than 0.2% of currency in circulation, only US$1.1 million in value – while incurring nearly US$7.5 million in costs by 2022, two years after introduction. Annual Report & Statement of Accounts, 2022
Central Bank of The Bahamas
15^th May 2023 Jamaica’s JAM-DEX facilitated transaction activity equivalent to no more than US$2.3 million in 2022, 0.01% of that year’s ABM and PoS volume. Gov’t Provides Incentives to Boost JAM-DEX Use
Jamaica Information Service
9^th March 2023
($357 million Jamaican Dollars)

FMI Statistics
Bank of Jamaica
2022 Fewer than 1% of Nigerians have adopted the e-Naira, according to the IMF. Nigeria’s eNaira, One Year After
Jookyung Ree
International Monetary Fund
16^th May 2023

It does not feel unfair to say that these early CBDC projects are not going well.

By contrast, a staggering 32% of Nigerians have adopted Bitcoin Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
31^st October 2008
bitcoin-cli getrawtransaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 0 00000000000000ecbbff6bafb7efa2f7df05b227d5c73dca8f2635af32a2e949 | sed ’s/0100000000000000/\n/g’ | tail -n +2 | cut -c7-136,139-268,271-400 | tr -d ‘\n’ | cut -c17-368600 | xxd -p -r > bitcoin.pdf and other cryptocurrencies. How Common is Crypto?
Statista
17^th March 2021

Notably also US-Dollar backed stablecoins such as Tether (USDT).

It should be noted that the inflationary environment and incidence of extreme poverty in Nigeria, with high-fees for traditional cross-border payments and the prevalence of remittances into Nigeria are conditions substantially different from those in the United Kingdom. This, despite the Nigerian central bank having banned banks and other financial institutions from dealing with or facilitating payments to cryptocurrency exchanges. Circular to Banks and other Financial Institutions on virtual currency operations in Nigeria (PDF)
Central Bank of Nigeria
12^th January 2017
(Recirculated 5^th February 2021) Bitcoin is not the same thing as a CBDC, and in many respects is superior, Bitcoin is permissionless, global, self-custodial, can be sent and received almost instantly, is hard money with intrinsic value and a fixed supply unlike inflationary unbacked fiat currencies, and can be used privately and anonymously. but this demonstrates that a public that has already adopted one digital currency will not automatically embrace a CBDC if its design and properties are not compelling.

The technical means to achieve a digital cash-like instrument are well known, most notably the Chaumian eCash construct introduced in 1983. Blind signatures for untraceable payments
David Chaum.
Advances in Cryptology: Proceedings of Crypto 82 pp.199-203.
Springer US 1983 Chaumian eCash is a cryptographic digital token system that operates without a distributed ledger and without requiring a Byzantine fault tolerant consensus mechanism such as Bitcoin’s proof of work, because it operates using centralised consensus.

eCash successfully implements a digital equivalent for the salient properties of physical cash. It is private, self-custodial and can be transacted anonymously. It cannot be counterfeited, yet the issuing bank (or mint) is blind to the holders identity. With extensions, it can also be transacted offline. The Swiss National Bank, and other central banks and government bodies have already evaluated the suitability of eCash for a CBDC and found it to be compelling, How to Issue a Central Bank Digital Currency
D. Chaum (xx Network), C. Grothoff (Bern University) and T. Moser (Swiss National Bank)
Swiss National Bank
March 2021

H.R.7231 - ECASH Act
United States Congress
28^th March 2022

Note this bill does not explicitly name Chaumian eCash but enumerates and requires compatible properties, such as being a bearer-instrument, public custody, transaction anonymity, peer-to-peer offline transactability. though the SNB have not yet committed to building a CBDC of any form.

In our view, the architecture of the Digital Pound should be Chaumian eCash.

We acknowledge that the Bank does not currently believe that a bearer instrument model is appropriate, and we contest this assessment.

Another approach [for a CBDC] is a bearer instrument model, where ownership of digital pounds is recorded on individual user devices, and transactions take place between users, with no interaction with the central bank. This is close to the way cash works at present. Such an approach presents several challenges. While hardware devices (for example, phones, wearables, cards) are difficult to hack, if that happens it is difficult to detect and to fix.

Consultation Paper, Box G, p.61
(Emphasis Added)

The Bank is presumably concerned about theft of the bearer instrument from end-user’s custody. This is of-course a risk, but one that is understood and tolerated by the public when using physical cash, and is an inherent property of cash.

This risk is surely tolerable. People have been content with not being able to un-lose and un-have-stolen physical bank notes and currency for millennia. This risk is also precisely one of the earliest reasons banks came in to being, providing safe custody (and the amusing risk of that not always being true). This downside for bearer instruments can also provide a balancing incentive for people to not ape their entire liquid wealth out of banks and into the Digital Pound, and use it predominantly as a payment technology not a long-term store of value. Definition of ape in, courtesy of the Urban Dictionary.

Further, there is no trusted intermediary involved in transactions. That could give rise to ‘double spend risk’, where a user attempts to copy and spend the same digital pound multiple times.

Consultation Paper, Box G, p.61

eCash is not vulnerable to double-spending for online transactions because the bank (mint) intermediates each payment. It can be extended to detect and mitigate offline double-spending by de-anonymising double-spenders, Untraceable Electronic Cash
David Chaum, Amos Fiat, Moni Naor
Advances in Cryptology CRYPTO ‘88 pp.319-327.
Springer-Verlag US, 1988 though this extension does not necessarily need to be implemented, because an eCash requiring the recipient to be online is sufficient for most use-cases – in the same way that very few merchants accept offline card payments.

Also, a bearer instrument approach, where users never have to check back in with a central ledger, would lead to completely anonymous payments.

Consultation Paper, Box G, p.61

This is a misapprehension as it is not true that transaction anonymity derives from not checking in with a ledger. Bitcoin, eCash and some other cryptoassets like Monero About Monero
getmonero.org

CryptoNote v 2.0
Nicolas van Saberhagen
17^th October 2013 enable anonymous payments despite every payment requiring interaction with a ledger for settlement – although it would be true that a system where no check-in at all is required would inherently be anonymous – though we are unaware of any such system that exists, but would be very interested to hear more if the Bank knows of such a construct.

This would go against our design principles for privacy and data protection, as well as laws to prevent financial crime (see Section D.2). There is additional complexity for conducting transactions between two individuals over distance as both hardware devices would need to be updated accurately. For these reasons, bearer instrument models are not appropriate as the only operating model for the digital pound, but they may have uses as part of other use cases: bearer instruments may be the best approach for offline payments, for example.

Consultation Paper, Box G, p.61

Again, that there is complexity for conducting transactions between two individuals over distance is not a true characterisation of eCash nor most other digital payment technologies, as their transaction mechanics do not depend on user proximity, in eCash’s case merely that the receiver be able to contact the mint to redeem the received tokens for new ones.

The Bank may wish to surveil and have powers to observe, intercept and censor Digital Pound transactions and users for AML/CFT purposes, and subject users to invasive and arbitrary KYC checks just to be ‘allowed’ to hold the asset – but notably it does not have this ability for current physical cash beyond what law enforcement can achieve in physical space. The Bank commits to maintaining consumer access to physical cash as long as there is demand and therefore implicitly accepts this limitation on the Government’s enforcement capability going forward.

It seems that the Bank must either accept this inability and so could tolerate it for a novel payment/money system, or must declare that under its current expectations for the prevention of financial crime, it would not find physical cash sufficient and so would not allow for its issuance. This latter stance, we’re sure, would not be supported by the public.

The Digital Pound will be most beneficial and best-placed to be a digital substitute for physical cash if it simply inherits cash’s properties: a bearer-instrument with robust transaction anonymity and ownership privacy, directly claimable against the central bank by the public. If it does not have these properties, we do not believe it will be compelling and thus that the public will not be inclined to use it in lieu of existing digital payment systems, as disinterest in the e-Naira and other already launched CBDCs has demonstrated.

Further, we don’t believe that the Bank’s currently proposed design has sufficient grounds to be implemented and presents a threat to civil liberties and unduly extends beyond the Bank’s constitutional and statutory obligations.

We propose that the Bank instead adopt a Chaumian eCash design for the Digital Pound, as this construct has all the desirable properties of physical cash and is private, secure, resilient, performant, simple and energy efficient.

Responses to the Bank’s previous consultation papers support this view.

Consultation Responses

The digital pound: a new for of money for households and businesses?
The Bank of England & HM Treasury
7^th February 2023
ISBN 978-1-5286-3903-3 (CP 797)
The Consultation Paper

The use of physical cash has declined steadily over the past thirteen years, falling from circa 21 billion payments per year in 2011 to 6 billion in 2021 – from 55% down to 15% of the total 34.8 billion consumer payments made in 2021. Over the same time, payment card volume has risen from 8 billion to just short of 20 billion, flipping cash volumes in 2017 and accounting for 57% of all payments by 2021. UK Payment Markets Summary 2022
UK Finance
August 2022

Faster Payments and other remote banking payment methods have shown steady but slower growth than payment cards, currently accounting for 4 billion payments a year.

It is almost entirely payment cards that are supplanting cash, as other payment methods like Direct Debits and Bacs show fairly consistent use over time.

Physical cash’s decline in use is forecast to continue to around 6% by 2031. While in its current state cash is moderately usable for in-person payments, the number of cashless merchants has risen from basically zero at some point in the past and is growing. We are unable to find a study or survey that gives a quantitative view of how many merchants are ‘cashless’, or trends in the same. However, there are may examples of media coverage of merchants moving to stop accepting cash.

Cash’s reign fades as Covid accelerates high street switch to card-only
The Guardian
12^th March 2022 All checkouts at a supermarket take cards, but only some take cash, providing an incentive to use card for faster checkout.

During the Covid-19 pandemic, Which? research highlighted the difficulty those that depend on cash had as there was a particularly acute increase in merchants refusing to accept it. One in three people have had cash payments refused during the pandemic
Which?
19^th January 2021 An interesting contrast is that while transactional use of cash dropped precipitously, the value of banknotes in circulation actually rose. This suggests that cash was being used as a store of value, ‘money under the mattress’, consistent with the role it has played throughout history as a safe asset in times of uncertainty, and when interest rates are low. Update on the future of Wholesale Cash Distribution in the UK
The Bank of England
15^th December 2021

Cash is rarely if-ever used for remote payment and online purchases, due to slow settlement via Royal Mail, the risk of fraud if goods or services are sent before payment is received, and theft or loss in transit.

Cheques have remained a small and declining portion of total volume, currently 0.2% despite the introduction of the cheque Image Clearing service for faster settlement. With cheques nearly gone, there are no widely used non-digital payment methods available but cash. Cash payments made through as service such as PayPoint are not non-digital remote payments as the cash transaction itself happens in-person, then PayPoint or a similar service provider intermediates upstream payment digitally.

Despite its present and projected decline, cash as of now is still the second most used means of payment by transaction count in the UK, after payment cards. It is the preferred method of payment for over 5 million UK adults. From a Bank of England survey of c.2000 adults in England and Wales in January 2021.

Question 1

Do you have comments on how trends in payments may evolve and the opportunities and risks that they may entail?

Mobile internet access and the ubiquity of smartphones and personal computers have enabled digital payment methods to largely replace the use of cash in the UK. 86% of people use online or mobile banking, and 82% of all payments are made digitally. UK Payment Markets Summary 2022
UK Finance
August 2022

There is an opportunity to provide a digital equivalent to physical cash, as the technological and social prerequisites for its use have existed for some time. The rapid growth of contactless and smartphone payments from 3% in 2015 to 93% in early 2023 supports the view that businesses and consumers are eager to rapidly migrate to compelling novel payment methods. Card Spending Update for February 2023
UK Finance
19^th May 2023

Some people use physical cash as a means of keeping their financial transactions private, preferring the anonymity that cash gives them when making purchases and feeling uncomfortable using card as payments can be seen by their bank and potentially by other institutions. Understanding cash reliance – qualitative research
The Financial Conduct Authority & Savanta
July 2021

Others use cash for its convenience, simplicity and ease of use. Those over the age of 50 are particularly reliant on cash, due to habit or lack of digital capability.

Physical cash is the only consumer-accessible central bank (public) money, so while digital payment cards and bank deposits may be widely considered more useful, cash is a distinct form of money. Retail access to central bank money must be maintained, as the Bank sustains:

Access to public money – which is a safe liquid asset backed by the state – and the uniformity of money are critical for the smooth functioning of the economy. That is because they ensure that households and businesses can be confident in the value of money, regardless of its form and issuer.

Consultation Paper, Part B, p.25

The decline of cash may arrest at some stable point, but it is also possible that an inflection point will be reached where utility has dropped to the extent that the incentives to use it fall precipitously. Thus there is a risk too in not adopting a digital cash equivalent. Such a decline would also increase the overhead and marginal cost of cash handling and distribution, further disrupting or reducing access.

If cash usage declines far enough, it may be effectively eliminated from consumer finance as a usable money, much as commodity money (gold and silver) has already been eliminated in favour of fiat. Fiat money is Representative Money generally made of paper except in the case of small denominations – which is created and issued by the State, but is not convertible by law into anything other than itself, and has no fixed value in terms of an objective standard.
John Maynard Keynes
A Treatise on Money, vol.1, p.7 (1930)
ISBN 978-0-404-15000-6

Cash being a bearer instrument enables a holder to custody it for themselves and have high confidence in being able to hold and use it in the future. If cash is eliminated, there is no substitute asset backed by the British Government. The only alternatives would be precious metals and Bitcoin. While we support and advocate for widespread adoption of Bitcoin and hard money, we don’t simultaneously advocate for fiat money to get worse.

It is a matter of opinion whether the shift in payments towards private, non-government and market facilitated means away from central bank money is a good thing or not, but it does undoubtedly mean a shift from legally and constitutionally protected access to an environment more-so governed by private contracts and terms of service with weaker guarantees of access.

It is notable too that few of the payment card platforms are provided by UK companies. There is an albeit improbable risk that foreign & trade policy disputes or FX risk triggers a disruptive withdrawal of one or more of these methods. Platform providers may be subjected to legal restraint on services they can offer based upon their home jurisdiction, presenting a risk to UK businesses and consumers of denial of service resulting from foreign not domestic law. Additionally, profits from platform fees are largely off-shored for non-UK based payment platforms.

This behavioural shift away from using cash may also have negative consequences if consumer spending detaches significantly from real consumer liquidity, presenting a systemic and societal risk if it up-regulates the supply of credit (inflationary) and levels of unserviceable indebtedness (bad).

‘Buy now, pay later’ services have been used by as many as one in twelve consumers for basic, essential purchases of food and groceries. BNPL usage was even higher among financially vulnerable people, including those that claim Universal Credit. One in 12 now using Buy Now Pay Later to cover essentials
Citizens Advice
11^th March 2022 These services offer unsecured credit to customers but charge high fees for missed and late payments – and reportedly around a quarter of their debtors have missed a payment or paid late, and 41% have struggled to make a payment. ‘Buy now pay later’ boom fuels consumer debt concerns as transactions soar
The Financial Times
12^th February 2022

Buy now, pay later grocery schemes are a ‘debt trap’ for struggling families
The Guardian
12^th January 2022

Buy Now…Pain Later?
Citizens Advice
22^nd April 2021 Much of this lending may be predatory, intentionally seeking to extract fees from those known to be unlikely to pay as scheduled. In contrast, users of cash have often said they use it in part because it helps them budget and avoid overspending.

Many [people functionally dependent on cash] have low financial resilience and budget on a very low income, depending on cash to do so effectively. Many have times where they struggle to afford all essential goods in a month. Cash is often used to simplify household finances and as a physical aid to make it easier to budget, save and navigate difficult decision-making.

Understanding cash reliance – qualitative research
The Financial Conduct Authority & Savanta, p.12
July 2021

It is concerning that customers may be accumulating increasing debts that they may be unable to service, and doing so to cover non-discretionary spending on food and other essentials. This is obviously risky for both the debtors and creditors.

Not wanting to nanny, but there is perhaps a societal benefit in providing a simple digital cash that can be used instead of other digital payment systems where it’s harder to control impulse buying and keep track of spending.

Finally and most profoundly is the rapid growth of Bitcoin and other cryptocurrencies. Their use and familiarity everywhere continues to grow, with over 420 million global users in 2022, 4% of global population. Cryptocurrency Ownership Data – Global crypto adoption
Triple A
16^th May 2023

The FCA estimates that 10% of UK adults hold cryptoassets in 2023, up from 4.4% in 2021, and 91% of people have heard of them. Britons hold a total of around £8 billion in cryptoassets. Research Note: Cryptoassets consumer research 2023 (Wave 4)
Financial Conduct Authority
8^th July 2023 Bitcoin is the clear leader for adoption, with an even stronger lead in name recognition among non-cryptoasset holders (80% have heard of it). Ownership is particularly strong among younger people – 20% of 18-24 year olds own a cryptoasset, and ownership is more prevalent among Black and Asian Britons – 19% and 20% respectively, compared to 9% White. Individuals holding cryptoassets: uptake and understanding
HMRC
February 2022

Chainanalysis estimates that United Kingdom leads in Europe for Bitcoin & crypto use, facilitating over US$ 233 billion in value received in 2021-2022. The Chainalysis 2022 Geography of Cryptocurrency Report
Chainanalysis
20^th October 2022 Year-on-year growth in the UK is estimated at 18%, with Germany, Italy and Spain outpacing that rate, the Germans seeing a rapid 48% growth from 2021 thru 2022.

Bitcoin’s Lightning payments network enables instant settlement for micro-transactions of 1 mSat (one-hundred-billionth of a bitcoin) to multiple whole bitcoin, enabling low-fee borderless payments and significantly improved merchant and customer experiences. Lightning has continued to see increasing network capacity, from around 850 BTC (US$ 6 million) in 2020 to 5,400 BTC (US$ 144 million) in June 2023. Lightning Network Statistics
BitcoinVisuals.com

Note private Lightning payment channels are not announced to the network so their aggregate capacity and transaction volume is much harder to determine. Private channels can transact in the network just as public channels can, but aren’t available to route-through for other users’ payments.

Because of the private nature of the Lighting network it is effectively impossible to know the true volume and aggregate value of payments transacted over Lightning, but it was estimated to be around the US$ 240 million mark in 2022 having grown 410% in USD terms compared to 2021. The State of Lightning Volume 2
Arcane Research
April 2022

These figures mean that Lightning, a still-nascent technology being built on-top-of Bitcoin easily surpasses the payment volumes of all the CBDCs that have launched to date.

Lightning can theoretically support an unbounded transaction velocity across the network as transactions settle as fast as the two peers at each end of a payment channel are able to coordinate a payment. Lightning transactions have no footprint in the Bitcoin base-layer blockchain (distributed ledger) so are not limited by its relatively high fees, fixed block size and comparatively slow 10 minute block time.

Question 2

Do you have comments on our proposition for the roles and responsibilities of private sector digital wallets as set out in the platform model?

Do you agree that private sector digital wallet providers should not hold end users’ funds directly on their balance sheets?

We propose that the digital pound should be designed as a platform model, as originally set out in the Bank’s 2020 Discussion Paper. In the platform model, the Bank would issue the digital pounds which would be recorded in a ‘core ledger’. The Bank would build and operate the ledger – a highly secure, fast and resilient technology platform – which would provide the minimum necessary functionality for the digital pound. Regulated private firms – Payment Interface Providers (PIPs) and External Service Interface Providers (ESIPs) – could then access the core infrastructure via an application programming interface (API). These private sector firms would deal with all user-facing interactions, including handling customers’ information, and be able to develop and offer innovative services using the digital pound.

Consultation Paper, p.53

The Platform Model
Consultation Paper, Figure 4, p.39

The Bank proposes a ‘retail’ CBDC, whereby intermediaries provide wallets to persons, and these intermediaries then directly integrate with the Bank. These wallets appear to be necessarily custodial, as the Bank does not allow for direct individual custody of the Digital Pound where the only other counterparty is the Bank itself.

We believe this design requiring intermediaries is wholly unnecessary, and incongruent with the objective we support of providing a Digital Pound that is an analogue of physical cash.

One role of these intermediaries is seemingly to do those things the Bank does not want to bother or sully itself with, namely aggressively KYC and monitor for AML/CFT compliance by surveilling their customer’s wallets and activities. All entities in any Digital Pound ecosystem would have a responsibility to protect customers from fraud and uphold robust financial crime controls. Consultation Paper, p.60

This stipulation places a great burden and requirement to surveil their users upon these entities. We believe that evidence shows that this burden leads to severely damaging false-positives within the existing digital payments and banking ecosystem, and that this will be no different for the Digital Pound as currently proposed.

This provides a barrier to access the financial system for under-documented persons, those conducting legal but unpopular or controversial business, and others. We expand further on this Financial Accessibility and Inclusion risk in response to Question 11 and Question 12.

There is utility in intermediaries or gateway services providing methods for swapping between the CBDC and other holding types (bank deposits, physical cash, other digital wallets, commodities and merchant payments) but this is not the same as requiring private-sector wallet platforms to be able to hold and use a CBDC.

Additionally the requirement for intermediaries entails funding their operations, which will likely be generated via fees charged to merchants or individuals or both. Note that physical cash does not have a strict analogue of this property. It may cost money to buy a cash register or withdraw from an ATM, but transacting in cash without these costs is possible.

In a bearer-instrument scenario, the need to provide software, wallets, smart cards and other hardware for both consumers and merchants will still exist. But arguably there is a much greater scope for technical innovation here than in the Platform Model, as for example a hardware wallet could be sold that doesn’t need someone to provide and run a backing financial service, as the wallet itself directly interfaces with the Bank’s ledger.

The Platform Model instead requires the provision of a financial service and associated servers, infrastructure, management staff and costs. For a bearer-instrument, these would be optional and combinable – merchants needing to build significant infrastructure to handle the CBDC would be more readily able to combine products offered by different vendors for a bearer-instrument, as interoperability between all the different components they select would be guaranteed.

The Bank notes that payment fraud has increased significantly in recent years. Consultation Paper, p.60 While we will acknowledge that our proposal for a digital bearer instrument necessarily means that a user that is induced to send a payment to a person or entity defrauding them will be unable to appeal to any authority to have the payment un-done and their funds returned, a digital cash-equivalent CBDC does eliminate entire categories of financial crime. Customers will be unable to defraud businesses with false chargebacks or bounced payments when settlement is deferred, as all payments settle immediately. Counterfeiting of eCash is impossible, eliminating the need to monitor for and expend resources on securing against counterfeiting of physical currency. 39% of small and medium businesses surveyed for the FCA believed that fraud and errors are less likely in cash, Cash acceptance within SMEs (PDF)
Financial Conduct Authority & Savanta
9^th November 2021 and it there would likely be similar sentiment around a CBDC if it also guaranteed immediate settlement and a a very high transaction success rate.

Do you agree that private sector digital wallet providers should not hold end users' funds directly on their balance sheets?

In general yes, and that users should hold their CBDC as a bearer instrument as they do now with physical cash. It should be impossible for a wallet provider to transact on the user’s behalf, seize or freeze their funds, and prevent them from moving to an alternative wallet.

However, we would not be opposed to custodial services being offered if consumers prefer to use those, so long as these services clearly explain the risks.

The Bank claims that these intermediaries provide pass-through wallets where their funds are not held as a claim on the wallet provider or held in custody by the wallet Consultation Paper, p.56 but given the public will always be required to use such an authorized wallet to use the Digital Pound, it is totally unclear how the Bank envisions this being really any different as an experience from a bank deposit, as the co-operation of a third party is always required to access and move funds.

Technically, this presumably means a bank or other custodian would hold the CBDC in trust, the user maintaining title to the funds, and the custodian would not be able to fractionally reserve, lend or otherwise hypothecate a user’s holdings.

But from the user’s perspective, it is a distinction from a bank deposit account without a difference, and likely one that the public in general will not care for.

Question 3

Do you agree that the Bank should not have access to users’ personal data, but instead see anonymised transaction data and aggregated system-wide data for the running of the core ledger?

Yes. Our view is that a CBDC should not in any way collect personal data of the user at all, and that this should be both cryptographically guaranteed and made a point of law.

Chaumian eCash provides such a cryptographic guarantee, through the blinded signature scheme it uses for the bank (mint) to handle exchanges of tokens. The eCash mint is able to see the value of transactions that it handles and the times at which these transactions happen, but not when or to whom those tokens were issued or sent.

This should provide the Bank with sufficient information to understand and monitor transaction flows, movement of money in and out of the system, the velocity of money and other data of monetary and economic interest, without intruding upon user’s privacy.

As other respondents to this consultation have noted, were the Bank to seek access to users’ personal and transaction data this would require new primary legislation as it is not remotely within the Bank’s current remit to have such access. BPUK Response - The digital pound: a new form of money for households and businesses?
Freddie New et al., Bitcoin Policy UK
31^st May 2023

Question 4

What are your views on the provision and utility of tiered access to the digital pound that is linked to user identity information?

What views do you have on a privacy-enhancing digital pound?

As we oppose the Platform Model in principle, and advocate for a much more private Digital Pound that can be transacted and held anonymously, we also oppose tiered access based on how much a user is willing to share their private information in return for higher account limits.

We however agree with the Bank that given their current proposal, this variability marginally improves the accessibility of the Digital Pound for disadvantaged and financially excluded persons would be able to access it with very limited or no documentation. Consultation Paper, p.73

While the Bank and Government claim to have taken the public’s desire for privacy in to account for the Digital Pound, we do not believe that the Platform Model with its lack of cash-equivalence and guarantees of privacy and anonymity in transacting and holding is sufficient, nor aligned with the public’s want for privacy.

Responses to the Bank’s 2020 Discussion Paper emphasised the importance that users place on having privacy in their transactions. Security and privacy were often cited as aspects on which there should be little or no room for compromise. The Bank and Government agree, and this perspective informs our proposals for the digital pound’s design.

Consultation Paper, p.69

We remind the Bank that in 2020 respondents to the Discussion Paper grounded their privacy expectations in the example of cash. Responses to the Bank of England’s March 2020 Discussion Paper on CBDC
The Bank of England
7^th June 2021

The Chaumian eCash construct we have counter-proposed is an architecture appropriate for a CBDC that would maximise – that is not compromise on – privacy and security. Its behaviour and properties are grounded in those of cash.

All payments should be able to be made using the digital pound so long as they are lawful, observe any restrictions […] and comply with regulatory obligations laid down by authorities. Subject to a payment being lawful, the Bank would be neutral in processing it, and does not envisage applying any limitations on payments on ethical grounds.

Consultation Paper, p.78

The Bank needs to provide much a firmer commitment than this, we suggest: The Bank of England will never apply limitations on a lawful payment. This should be guaranteed as a matter of law.

The digital pound would not be anonymous because the ability to identify and verify users is needed to prevent financial crime

Consultation Paper, p.70

This need is unclear. As we have already covered, physical cash is issued by the Government and is anonymously transactable.

Liberties and crime prevention are always at odds with one-another. An all-knowing, all-seeing state would be able to prevent or punish all crime, but that is not a state in which any sane person would wish to live. We have the liberty to use cash now; if this is maintained in the Digital Pound, it will necessarily have to be highly private and anonymously usable.

The digital pound would have lower frictions than physical cash, so carries higher risks of abetting crime. It is not therefore appropriate to allow such anonymity for digital pounds

Consultation Paper, p.72

Taking eCash again as an example, the Bank can see velocities, volumes and times of transfers of the asset, and could flag anomalous amounts to law enforcement for physical investigation. It can freeze known-bad tokens in absentia which is not possible with physical cash.

Crime is not conducted solely through money. Many serious crimes are things and actions that happen in the physical world. Trade and dealing in illicit items, theft, murder and many more crimes all have avenues for enforcement that do not depend on a monetary panopticon.

Incredibly private, permissionless low friction digital payment systems already exist, such as Monero (and to a lesser extent, Bitcoin). Criminals are able to use these already, so providing a private Digital Pound does not grant them new territory for nefariousness.

We do not think it unreasonable or intractable to have a Digital Pound that has effectively all the same privacy and anonymity properties as physical cash does today.

Question 5

What views do you have on the embedding of privacy-enhancing techniques to give users more control of the level of privacy that they can ascribe to their personal transactions data?

We advocate for uniform and maximal privacy. If users choose to use a service that is less private in exchange for some feature that they want, we wouldn’t strongly oppose this, but this is a property of the particular wallet or provider, not the Digital Pound itself. Users should be free to handle their own data as they wish, even if what they do with it is inadvisable.

But, there should be absolutely no personal data within the Digital Pound system itself, and no mechanism for users to de-anonymise themselves.

We are glad that the Bank is interested in PETs and integrating them in to the Digital Pound where possible to provide mathematical guarantees of privacy, however, if the system is inherently private and architecturally simple as Chaumian eCash is, complex PETs such as ZKPs, ZKRPs and differentially-private data aggregation and reporting techniques are not needed to claw-back user privacy.

We note too that there are malign incentives with existing systems such as ‘Open Banking’, where a person can be enticed to hand over access to data that they would prefer not to, because the alternatives are slower, more expensive or reduce the likelihood of an application being approved. A good example of this is rental tenant referencing, where Open banking is presented as an easy way to prove income and existing rental payments, but grants a letting referencing agency access to their complete transaction history and metadata, not merely those transactions that are necessary to verify.

Our view is that the Digital Pound be designed so that avenues for trading privacy for expedience are as limited as possible, and that there are no incentives to do so.

Question 6

Do you have comments on our proposal that in-store, online and person-to-person payments should be highest priority payments in scope?

Are any other payments in scope which need further work?

We agree that these payments should be the focus for the design and release of the Digital Pound. These are all payments that involve a natural person, and are most-similar to the types of payment where cash is used today.

Because of the declining use and availability of physical cash presenting a hazard for those that depend on it, it would be wise to also prioritise the receipt of benefits and pensions for those that wish to receive them as Digital Pounds, both automatically and through the Post Office and other already-familiar venues. This would have a clear Financial Accessibility benefit.

Regarding Infrastructure for adoption – we believe that most existing payments hardware would be capable of transacting eCash. Store Payment terminals via software updates, smartphones via apps, and smart cards with fairly minor modifications. A bridge over PCI standard payment rails would be easily implemented and provides a compelling business model for new companies to adopt, e.g. offering prepaid card services to enable spending CBDC over existing PCI infrastructure.

Once again, if direct retail access is allowed (i.e. bearer instrument) then developing payment solutions is a maximally open space for competition and innovation and rapid development.

There may however be a benefit in requiring a degree of infrastructure change in that it would naturally regulate (slow) adoption of the CBDC alleviating some of the Bank’s concern around rapid uptake being destabilising.

While we agree with the Bank’s priorities, we see no reason that commercial banks and financial institutions should not be able to use the Digital Pound for high-value transfers and interbank settlement. The Digital Pound should be able to broaden its use cases and users in the future.

Question 7

What do you consider to be the appropriate level of limits on individual’s holdings in transition? Do you agree with our proposed limits within the £10,000–£20,000 range?

Do you have views on the benefits and risks of a lower limit, such as £5,000?

We do not support any limits on individual nor corporate holdings of the Digital Pound. Given our stance on privacy, such limits would not anyway be enforceable.

However, if the Digital Pound was developed as proposed, then we would support the highest limits, and see no benefit in a lower limit such as £5000.

Limits on holding erode trust in the system, as holders may worry about hitting the limit or it being reduced in the future, and so would be less likely to adopt the Digital Pound. This would be even more of a concern for corporates, where the introduction of a limit could mean that they stop being able to receive payment in stores or online in the Digital Pound, and would have to quickly dispose of their holding to continue conducting business.

[The digital pound must] be designed in a way that manages any risks to financial and monetary stability. As set out in Part C, those risks largely stem from any large and rapid outflows from bank deposits into digital pounds, and from wholesale use disrupting the function of critical money markets. These risks would depend on uptake of the digital pound, which is difficult to predict and may vary during the introductory period and times of stress.

A limit on individual holdings would be intended to manage those risks by constraining the degree to which deposits could flow out of the banking system. That is important during the introductory period as we learn about the impact of the digital pound on the economy.

Consultation Paper, p.80

For a fully private Digital Pound, such as one built using the Chaumian eCash system we propose, flows of money into and out-of the CBDC would still be regulatable. This would operate in a very similar way to daily or weekly limits placed by commercial banks for each depositor on withdrawals from ATMs, and could be applied to individuals. Similar limits could easily be imposed when exiting the CBDC, e.g. when depositing it at a bank.

Given the Bank’s concern is with financial stability, limits on the aggregate amount of the Digital Pound that are available at any given time seem to be much more important than individual limits.

As with physical cash where there is also the ability to limit the total supply of the CBDC. This would allow a managed roll-out where the quantity of money held in the Digital Pound is limited by the Bank following an issuance schedule, which can be adjusted based on the Bank’s monitoring of the financial system’s response to the new form of money.

One thousand people moving to hold £10,000 each has a much less significant effect than ten million people rapidly acquiring £1000 each would.

We will also point out that other CBDCs already launched have seen very slow, not very rapid uptake, See the introduction for references. so we judge it highly unlikely that instability will be caused by rapid flows into the system. The Bank however does of-course have a duty to consider this as a possibility and plan for it accordingly, but the improbability would allow perhaps ‘cruder’ controls, like the aggregate inflow and outflow limits and capping of the total supply that we suggest.

Question 8

Considering our proposal for limits on individual holdings, what views do you have on how corporates’ use of digital pounds should be managed in transition?

Should all corporates be able to hold digital pounds, or should some corporates be restricted?

Corporates would likely need higher limits on their holdings than individuals, presumably around the £10m mark if individuals are limited to £10k.

However, as with our response to Question 7, we do not support limits applied on a per-holder basis.

We also see no reason why any specific types of corporation should be unable to hold Digital Pounds. Banks in particular may need to be able to hold a very large or unlimited balance in the CBDC to be able to service deposits and withdrawals, though as set out in Question 7 inflows and outflows could be limited/regulated, but that would be the central bank’s role not one for each commercial bank.

As the Digital Pound will have effectively the same monetary properties as cash, there does not seem to be much of an incentive for large financial institutions to switch to the Digital Pound from existing money markets for wholesale activity. A restriction preventing financial firms from holding the CBDC may be sensible initially, but in the long term we would not support them. This may mean that the Digital Pound becomes a joint retail and wholesale CBDC.

It may even be more destabilising for firms to be unable to move money into cash because they are prevented from holding the Digital Pound, if that is where they deem it to be least-risky. We agree with the Bank that this would need close analysis and monitoring, as it could have novel effects on money market funds and the gilt markets in particular during the transition period.

Question 9

Do you have comments on our proposal that non-UK residents should have access to the digital pound, on the same basis as UK residents?

In the same way that there is international access to British cash, yes, non-residents and those overseas ought to have access to the Digital Pound.

This doesn’t strictly have to be on the same basis as UK residents, though. Non-residents may be able to get and use a simple smart-card wallet, but it would be acceptable for individual PIPs and ESIPs to decide whether they do or do not want to serve non-residents.

This will aid in its adoption and ensure tourists and visitors are able to pay in the same way that residents can. It may be significantly easier for foreign-exchange businesses to switch to handling the Digital Pound from physical currency, reducing the need to hold and distribute physical banknotes across many different locations.

Overseas holders may be more inclined to spend leftover Digital Pounds online at UK retailers than to have to exchange it back in to local currency, or hold it until they are next in the UK.

Question 10

Given our primary motivations, does our proposed design for the digital pound meet its objectives?

Unfortunately, no. As stated in our introduction, the Bank’s Digital Pound proposal is deficient on two key fronts:

The proposed Digital Pound is not a cash digital cash-equivalent: it is not privately transactable nor a bearer instrument, as physical cash is.
The Platform Model does not actually provide retail access to central bank (public) money as the public will not have direct access to the Bank’s CBDC system and ledger. It requires custodial intermediaries which adds counterparty risk.

We have argued throughout this response that cash-equivalence, closely matching the existing properties of physical cash ought to be an objective for the Digital Pound, citing the privacy, security, inclusivity and desirability of this feature. We expand on inclusivity and financial accessibility in Question 11.

Question 11

Which design choices should we consider in order to support financial inclusion?

Commercial banks, financial institutions and payment service providers (FSPs, PSPs) can and do deny service to individuals and companies for reasons they need not disclose for activity that is perfectly legal, but they do not like. For example – the PayPal Acceptable Use Policy prohibits: cigarettes not illegal; promotion of hate, racial or other forms of intolerance subjective and PayPal’s discretion not legal judgement; items that are considered obscene not illegal, subjective.

Payment-card platform Stripe’s Prohibited and Restricted Businesses list is similar, no guns, sales of online traffic or engagement, pornography, mature content, online dating services, gambling, and any other businesses that Stripe considers unfair – none of these are illegal, many subjective.

PayPal shuts down accounts of Free Speech Union
The Telegraph
20^th September 2022
Charitably, this could be put down to overeager and overcautious application of AML/KYC rules, a fear of being accused of insufficient scrutiny of their users by regulators. But by doing this, they ‘unbank’ those that have not broken the law, who then have very limited rights of redress and reparation. “NatWest robbed me”: Account closures dog one of Britain’s biggest banks
i News
23^rd June 2021

“It’s my money, not theirs”: Account closures exposed at Pockit, Revolut, Monese and Monzo
i News
19^th May 2021

The Bank appears to have somewhat shared this concern in its 2020 Discussion Paper:

Cash also has an important role in financial inclusion. In a world where cash becomes less widely used, there is no guarantee that the current private sector provision of the retail payment systems may meet the needs of all users, leaving underbanked groups of society particularly at risk

2020 Discussion Paper, p.18

If there is no access to cash and all digital monies are gated by private terms of service, then these unbanked people and companies can almost be shut out from holding and handling money entirely, presenting a severe and intolerable Financial Accessibility risk.

The homeless and those of no fixed address would have difficulty in satisfying the KYC requirements for the Digital Pound, or could be limited to only a very small holding.

Just like opening a bank or other payment account, some level of identity verification would be required when opening a digital pound wallet, in order to prevent financial crime. These requirements would be consistent with those that legally apply today and in the future for financial and payments institutions.

Consultation Paper, p.72

We recognise that it is beyond the scope of this Consultation to improve upon on the severe problems with current financial regulations and invasions of user privacy, but do so to point out that if the Digital Pound bears all the same restrictions and brings no fundamentally new properties, then it can do nothing to improve financial accessibility.

As a more simple point, this requirement will make it difficult for tourists and others visiting the UK, or those needing to handle Digital Pounds for a short time to be able to do so. Simply being able to download an app onto your phone or pick up a card from a shelf at a convenience store and start using it is a much better experience.

Here again eCash offers a clear benefit. A cheap £20 mobile phone is capable of holding eCash and doing the simple cryptography required to transact and verify it. Ultra cheap solutions like smart cards would work without requiring internet access, as the connection to the Bank could be handled over low cost and readily available tech like NFC or BLE, uplink provided by the merchant terminal.

Similarly, pensioners and those that receive state benefits like Universal Credit could benefit from being able to choose to receive these simply and quickly in the form of Digital Pounds. This could be through an automated deposit into their digital wallet, or physically in the places that they are already familiar with like the Post Office, and convenience stores that offer cashback and payment services like PayPoint. PayPoint PLC. is a British business offering a system for paying bills and other basic financial services, often using cash, at local convenience stores around the country.

The above being said, physical cash currently has unbeatable accessibility for in-person payments, but a simple and straightforward CBDC could have the potential to enable the elderly and vulnerable to make remote payments without the need to set up and manage a bank account or payment card, which many find too complex or difficult to do.

Question 12

The Bank and HM Treasury will have due regard to the public sector equality duty, including considering the impact of proposals for the design of the digital pound on those who share protected characteristics, as provided by the Equality Act 2010.

Please indicate if you believe any of the proposals in this Consultation Paper are likely to impact persons who share such protected characteristics and, if so, please explain which groups of persons, what the impact on such groups might be and if you have any views on how impact could be mitigated.

The Government has committed to maintaining access to physical cash so that the particularly young, elderly, vulnerable and technically less-competent are still able to use it.

Our response to Question 11 elaborates on our concern for underbanked and financially dis-included persons and businesses, and how we believe those could be mitigated. In particular, that the proposed Platform Model makes this financial exclusion more likely, and that a more private, bearer-instrument model would alleviate this concern.

As the Equality Act 2010 protects race and ethnic origin, it is arguable that some Gypsies and Travellers and those that have no fixed address for cultural and heritage reasons will be discriminated against, as they are often unable to complete the more intensive levels of KYC. Note that by expanding on this specific concern we do not mean to imply that no other protected groups may be affected for this reason or any other.

Higher levels of KYC demanded by PIPs and ESIPs under the Platform Model as proposed will require address history, banking history and having government-issued identification to be able to hold higher amounts of the Digital Pound. If you cannot satisfy these KYC requirements you will be limited to a lower holding under the proposed tiered account system. Consultation Paper, p.73

Gypsies and Travellers continuing to travel for work and living on roadside camps, face barriers in terms of both financial and economic inclusion. For example, insecure accommodation and a cycle of evictions can affect access to employment. Having no fixed address can also make it problematic to access a bank account, and Friends, Families and Travellers continue to support Gypsies and Travellers who have been refused access to a bank account, despite the Payment Accounts Regulations (2015) stating banks should offer basic accounts to ‘consumers with no fixed address’.

Briefing: Economic and financial exclusion experienced by Gypsies and Travellers in England
Friends, Families, Travellers
April 2023

If many Gypsies and Travellers are facing longstanding exclusion from existing financial services, there is no reason to believe that they will not be excluded by the new financial service firms offering access to the Digital Pound.

In 2012, the then Government committed to encourage measures to improve financial inclusion for Gypsies and Travellers, yet the above 2023 report indicates that this has not markedly improved. Reducing inequalities for Gypsies and Travellers: progress report
HM Government
Ministry of Housing, Communities & Local Government
4^th April 2012

Many Gypsies and Travellers hold the majority of their funds as cash, and 20% do not have a bank account at all, so must be holding and transacting all money in cash. Gypsy/Travellers and Financial Exclusion - An examination of Best Practice in the development of financial capability
Shelter Scotland
June 2015 Were cash to continue its decline, ot the Digital Pound to effectively kills it off, they would need to be able to hold it as Digital Pounds instead.

The mitigation would simply be… a digital bearer instrument, as we have proposed and argued for extensively in this response. One cannot be excluded from holding it, because all you have to do is have it.

Technology Working Paper Responses

The digital pound: technology working paper
The Bank of England
February 2023
The Technology Working Paper

The Bank’s six design considerations for the Digital Pound are:

Privacy, Security, Resilience, Performance, Extensibility, Energy use

Technology Working Paper, pp.3-5

Question 1

Do you agree that these six considerations are foundational technology considerations for CBDC?

Are there additional or alternative technology considerations that the Bank should be focused on? (Section 3)

We agree on these foundational considerations, although we do not see a need for endogenous extensibility. If the Digital Pound itself is conceptually simple, extensibility outside of the system is still possible and may actually be easier to implement, rather than say a smart contracting ability built in to the system. We would substitute extensibility for simplicity.

Many technologies that are widely used are successful largely thanks to their simplicity. The World-Wide-Web’s hypertext transfer protocol is not complex, and with the simple GET & POST primitives alone almost everything we call the ‘internet’ has been built. Extensions to HTTP such as WebSockets were added later by bootstrapping the existing system.

The POSIX operating system standard enables developers to build across variants of UNIX, Linux and the BSDs, including MacOS. Again this simple set of open primitives has spawned a wide variety of applications and uses largely because of its simplicity.

As we have already outlined in our response to the Consultation Paper, the CBDCs that have been deployed to date have not shown strong uptake by consumers and businesses in their economies. If the Digital Pound has a simple, open and easy to integrate architecture, this will reduce the barrier for business uptake to a minimum. If instead it is complex, with gated access, requiring costly and slow accreditation and certification to build against, there will be little incentive for businesses to expend resource on it when there are few users of the system; but being able to use it requires someone having built the means to do so. Simple is better.

Question 2

Which privacy-enhancing technologies, or other privacy mechanisms, might support the proposed policy objectives, and how might they be used? (Section 3.1)

The PETs the Bank enumerates in Section 3.1 all seem applicable.

However, as we have argued for in our response, the blinded signature mechanism at the core of Chaumian eCash Blind signatures for untraceable payments
David Chaum.
Advances in Cryptology: Proceedings of Crypto 82 pp.199-203.
Springer US 1983

Untraceable Electronic Cash
David Chaum, Amos Fiat, Moni Naor
Advances in Cryptology CRYPTO ‘88 pp.319-327.
Springer-Verlag US, 1988

Chaumian ecash without RSA
David Wagner (UC Berkeley)
31^st March 1996

eCash 2.0: Inalienably private and quantum-resistant to counterfeiting (PDF)
David Chaum (xxNetwork), Thomas Moser (Swiss National Bank)
November 2022 is another PET that we evidently believe would be highly beneficial to the Digital Pound.

This construct grants:

Inability of third parties to determine payee, time or amount of payments made by and individual.

Ability of individuals to provide proof of payment, or to determine the identity of the payee under exceptional circumstances

Ability to stop use of payments media reported stolen

D. Chaum, Blind signatures for untraceable payments, 1983

Pseudonymisation, Private Information Retrieval and Attribute-based encryption are not strictly needed in an eCash system because the Bank/Mint is already unaware of from whom to whom payments are made, and is unaware of who currently holds how much money.

Question 3

Are the provisional requirements and metrics discussed in the paper, particularly for uptime, transaction throughput and transaction speed, realistic and appropriate? (Sections 3.3 and 3.4)

Yes and yes. We also think it reasonable for the Bank to monitor the velocity of money in the system (distinct from throughput), balance of payments, and perhaps the coarse geographical location of activity on the network, say at the level of ISP/source-network for traffic, with due regard to user privacy and relevant legislation.

Question 4

Are there other significant components or activities that the Bank should consider in designing a CBDC? (Section 4)

There is little point in a CBDC which is inherently centralised opting for a DLT architecture. Bitcoin is decentralised and so is orders of magnitude more complex than a centralised ledger only because that is required to maintain trustlessness. In a CBDC the issuing bank must inherently be trusted, so distribution of the ledger and consensus is not needed.

Using a DLT to offload transaction collection, block templating and proposal from the Bank itself may be a viable as a scalability tactic, but given the design peak throughput of 30,000 to 100,000 transactions per second, and desire for low latency in settlement being similar to or better than existing payment card systems, this seems unachievable for a DLT, or at least it would be a DLT operating at a volume and speed that matches or exceeds the fastest existing deployed DLTs like Solana (around 50,000 TPS theoretical), and much faster than proven DLTs like Bitcoin (circa 3 to 7 TPS) and Ethereum (circa 15 to 25 TPS). Bitcoin blocks are capped at 4MB (technically 4 million virtual bytes) and a block time of 10 minutes. This gives 4MvB/10mins, for an average throughput of 6.67kB/s.
The results in an average of 2200 transactions per block, for an average transaction size of 1818 vBytes.

The higher the transaction throughput of a DLT, the harder it is to successfully distribute as each transaction and block must be shared among the network nodes, requiring significant bandwidth and storage for higher throughputs. This is the primary reason Bitcoin intentionally has a capped block size of 4MB and a block time of 10 minutes.

Question 5

Are there alternative models that might better address the technology considerations and technical requirements outlined in this paper? (Section 4)

The Bank's illustrative conceptual model for a UK CBDC.
Technology Working Paper, Figure 8, p.46

In response to the Consultation Paper we oppose the Platform Model for the Digital Pound, so clearly the architecture would be different for the Chaumian eCash system we propose instead. The architecture for an eCash system is simpler, with end-users’ devices and PIPs/ESIPs all directly contacting the CBDC system (the mint in eCash terms). The mint processes all transactions, and maintains a core ledger of its issuances (blinded signatures as promises).

Because eCash disintermediates PIPs and ESIPs, and has no strict architectural need for them, they cannot be a source of performance, security or resilience issues.

An eCash mint operates in a very similar way to existing web/internet services, providing a simple API that can be backed by a number of ‘boring’ traditional database technologies (e.g. relational SQL) or newer concepts like document stores and other NoSQL databases. If these are ‘off-the-shelf’ components, a suitable database with proven scalability and a strong history of use within industry can be selected.

The Bank’s conceptual model connects external payment systems directly to the CBDC system. These interconnections could instead be handled by PIPs, who could integrate with physical cash depositing/withdrawing systems, payment cards, and other digital payment systems like Faster Payments; rather than the Bank handling this themselves. It may be desireable, however, for the Bank to integrate at least one method of directly converting external money into the CBDC, simply so it is obtainable without reliance on a PIP/ESIP.

Question 6

Other than those described in this paper, are there additional important factors to consider related to ledger design? (Section 4.1)

Given the desire for high transaction volume and throughput, it would be wise to design a ledger that stores the current and recent state of the CBDC system, but does not have to retain the entire transaction history forever, as most DLTs such as Bitcoin do. Many if not all DLT states are not at-all verifiable if one does not have access to the full transaction history, e.g. for a blockchain, the validity of a block in the chain necessarily depends on information from the previous block.

Once CBDC has been spent, that data is not particularly useful to retain within the core ledger, and if it can be discarded this will significantly reduce the amount of storage and thus energy required to operate the system.

A white paper from the UK’s National Cyber Security Centre (NCSC) Distributed ledger technology
National Cyber Security Centre
30^th April 2021 concluded that DLT is only likely to be useful in circumstances where all the following statements are true:

Multiple entities need to be able to write data.

There is a lack of trust between the entities writing data.

There is no trusted central authority that can write data on behalf of the entities.

If any one of the above statements is assessed to be false, then the NCSC considers that a conventional technology, like a database, is likely to be more appropriate.

Technology Working Paper, p.51

We also agree with this assessment of the applicability of DLTs. In a CBDC system, there is a trusted central authority (the Bank of England) that controls consensus over the state of the ledger.

Question 7

What are the most appropriate approaches or technologies for collecting and analysing aggregate transaction data? (Section 4.2)

Broadly, the Bank will need two categories of analytics/metrics: Operational, and Economic.

Operational data should be easy to keep free from any data protection issues, as it concerns the behaviour of the computing and networking equipment running the CBDC system.

Keeping economic data private and protecting user’s personal information is harder, however, similar to our response to Question 2, if the core ledger and transaction APIs themselves are inherently private and anonymised, complex PETs are not required to ensure analytical data does not include users’ personal and private information.

There are a great range of widely used ETL pipeline, metric collection and aggregation tools available with heavy use in the financial industry and wider technology sector. Our only suggestion would be to use something the Bank has already deployed, and/or to use free and open-source solutions rather than lock itself in to a proprietary or bespoke new system. The benefit is that it can be changed and re-architected at a later date if necessary, and would be faster & cheaper to deploy than a bespoke solution.

Question 8

Do you agree with the need for aliases (both well-known and disposable)? If so, should the alias service be hosted as part of the Bank-managed infrastructure, or should it be distributed across the CBDC ecosystem? (Section 4.3)

Aliases for receiving payments are generally useful, but we think that an aliasing system can be built on-top-of the CBDC as an external service, and does not have to be endogenous (built-in).

Additionally, it won’t be immediately clear which methods of aliasing are going to be most useful and compelling for users. Will people prefer ‘phony’ bank account numbers and sort codes? Or will they prefer to be able to send Digital Pounds to phone numbers, email addresses, or accounts on WhatsApp?

If the CBDC system itself is simple and straightforward to implement, then the aliasing design space can be explored by private companies offering a service, rather than being baked in to the Bank’s systems.

Yet again, this is where we advocate for the eCash system, where tokens are sent and received simply as strings of text, which can be sent over a massive variety of existing communication channels. It would be very easy for a phone to recognise eCash sent to it in a text, WhatsApp or iMessage, and present it to the user to redeem.

Similarly, a commercial bank could easily take receipt of eCash sent to a person’s existing bank account details, and convert it in to a deposit in their debit account.

Question 9

What features would a CBDC API require to enable innovative use cases? (Section 4.4)

We don’t support the inclusion of programmability or smart contracting within a CBDC, and expand on this opposition in Question 12.

Additionally, we don’t think innovation ought to be a goal in itself. The aim is to provide a new form of central bank money, not an entirely new fintech sector.

A Chaumian eCash system can have a very simple API:

GET /mint?amount=<int> request a minting of new tokens, providing proof of payment into the Mint from a different payment method.
POST /melt to request the Mint take a set of tokens and melt (destroy) them, paying out to a different payment method specified by the caller.
POST /check check whether some tokens have already been spent or not.
POST /split request the Mint splits some provided larger tokens into smaller denominations and return them.
GET /keys retrieve the Mint’s public keys and token denominations.
GET /info for the Mint’s settings, such as inbound and outbound limits.

Nothing much more complex is necessary. It just needs to be a form of electronic money.

So long as payments are straightforward and simple to make, you can leave the innovation and exploration of the design space to others.

Question 10

Do you agree with the suggested list of devices for making payments with CBDC? (Section 4.5)

Users should be able to make and receive payments using a range of devices and form factors, including (but not exclusively):

Smart devices

Smart cards

E-commerce websites and applications

PoS devices

Technology Working Paper, p.62

Yes, with smart devices including all mobile phones, both smartphones and cheaper older-style phones. It is important for Financial Accessibility that very simple devices that are easy to acquire are usable with the CBDC.

With a digital bearer instrument, any device capable of storing and transmitting simple text data could technically be used to make payments. It would be a little peculiar, but it would even be possible to print out an eCash token as a QR code and send it on paper to a recipient to redeem.

Question 11

How viable is it to enable interoperability between CBDC and other forms of money using existing payments infrastructure? (Section 4.6)

As the Bank lays out in the Consultation Paper and the Technology Working Paper, interoperability with commercial bank accounts and physical cash are likely to be the two most important routes in and out of the CBDC.

For cash, existing infrastructure like ATMs will need software updates to be able to receive Digital Pounds to dispense cash; to receive cash in return for Digital Pounds is likely to be much harder, as most ATMs are not capable of taking deposits. This would instead have to be handled at commercial bank branches and merchants that offer cashback and perhaps payment services like PayPoint.

We’re doubtful that ATMs would be updated to support the CBDC quickly, judging by how long it has taken to eliminate Windows XP from that infrastructure. ATM security still running Windows XP
Techradar
22^nd October 2020

XP - the operating system that will not die
BBC News
5^th March 2014

For commercial bank accounts, it feels more likely that the majority of banks would be capable of implementing and deploying interoperability with the CBDC on a timeframe of around a year (speculation).

Again the desire for interoperability and a relatively quick adoption and implementation phase are reasons to build an architecturally simple and easy to implement CBDC like an eCash, rather than a gated Platform Model requiring odious accreditation and a complex integration.

Question 12

Is programmability and smart contract functionality an important feature of a CBDC system? If so, what is the best approach to enabling such functionality? (Section 4.7)

No, we don’t believe that programmability and smart contract functionality an important nor desireable features of a CBDC system.

These features are technically complex, as a minimum requiring multiple transaction templates for each intended behaviour, but in practice they are implemented by providing a domain-specific language for crafting transactions.

In Bitcoin’s case, there is Bitcoin script, a fairly simple stack-based language where an output declares a predicate that must later be satisfied by a valid spending transaction. Because this script is simple, the design space of smart contracts on Bitcoin is inherently limited. The most common smart contracts on Bitcoin today are hashed time-lock contracts (HTLCs) used in the creation and closing of Lightning payment channels. The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments (PDF)
Joseph Poon, Thaddeus Dryja
14^th January 2016

For Ethereum, transactions run Turing-complete EVM code, allowing for a more complex and capable design space. Ethereum’s contracting enables the creation of on-chain entities that can hold a balance and be interacted with by other contracts and users.

However, this is not without its significant difficulties. Infamously, the Ethereum network hard-forked to undo the unintended consequences of a smart contract, the DAO, that contained a vulnerability that lead to ’theft’ of 3.6 million ether from the contract. Understanding The DAO Attack
Coindesk
13^th January 2023 Many people refer to this as an attack, but it is also arguable that the ‘attacker’ did nothing wrong, as all they did was execute the code as written. We would refer to them more as the DAO Lawyer, than the DAO Hacker.

The DAO issue highlights a particular difficulty that any smart contracting system on a CBDC would hit, that is, the collision between the code is the law and the law is the law.

If a smart contract is code, and code is deterministic, is it possible to say that the contract is ‘wrong’ or ‘has been broken’ even if all or a majority of parties believe it did something it was not supposed to do? Because the code for that behaviour always existed within the contract and was always auditable by all parties, surely they all agreed to that behaviour, or failed to be duly diligent? If a court of law decides against a contract’s encoded behaviour, how is that going to be enforceable?

Would the Bank need new legislation to set out that the CBDC contracting code is law?

We believe it is highly likely that a smart contracting system built in to a CBDC will be a source of controversy, technical complexity and difficulty, inevitably requiring fixes and changes to the system to prevent undesired and unforeseen behaviours and consequences.

Instead, the CBDC should be solidly built, simple, and focus on acting as money. Cash is not programmable. Complex programmability and smart-contracting capability is messy, and best avoided.

Question 13

How important is offline functionality in a CBDC system? What are the most effective ways to implement offline capability? (Section 4.8)

We don’t think that offline payments are necessary for an initial launch of a CBDC system, and can be added later. The Chaumian eCash we propose can be extended to support offline payments. Untraceable Electronic Cash
David Chaum, Amos Fiat, Moni Naor
Advances in Cryptology CRYPTO ‘88 pp.319-327.
Springer-Verlag US, 1988

It is worth noting that even with an online requirement for eCash, only the recipient needs to be online to redeem received tokens. The sending device can be a smart card or even a USB stick, as all it is required to do is pass on a digital token to a recipient, who then needs to redeem it to prevent the same tokens from being double-spendable.

Existing digital payment systems do not regularly operate offline, and many of them are incapable of it – yet they are all widely used. Payment cards can be used for deferred settlement, though merchants willing to do this do risk failed payments when they later attempt to settle captures, if insufficient funds are available or possibly if the payee defrauded them with a payment that they expected to fail.

Thus, offline payments may have some use, but we expect that it would be a small portion of all CBDC payments, and can be addressed later.

Other Responses to the Consultation

Responses with which we generally agree:

BPUK Response - The digital pound: a new form of money for households and businesses?
Freddie New et al.
Bitcoin Policy UK
31^st May 2023
Response to “The digital pound: a new form of money for households and businesses”
Geoffrey Goodell
University College London
7^th June 2023

Index

Response and Argument

Response Summary

Consultation Paper

Question 1: Do you have comments on how trends in payments may evolve and the opportunities and risks that they may entail?
Question 2: Do you have comments on our proposition for the roles and responsibilities of private sector digital wallets as set out in the platform model?
Question 3: Do you agree that the Bank should not have access to users’ personal data, but instead see anonymised transaction data and aggregated system-wide data for the running of the core ledger?
Question 4: What are your views on the provision and utility of tiered access to the digital pound that is linked to user identity information?

What views do you have on a privacy-enhancing digital pound?
Question 5: What views do you have on the embedding of privacy-enhancing techniques to give users more control of the level of privacy that they can ascribe to their personal transactions data?
Question 6: Do you have comments on our proposal that in-store, online and person-to-person payments should be highest priority payments in scope?

Are any other payments in scope which need further work?
Question 7: What do you consider to be the appropriate level of limits on individual’s holdings in transition? Do you agree with our proposed limits within the £10,000–£20,000 range?

Do you have views on the benefits and risks of a lower limit, such as £5,000?
Question 8: Considering our proposal for limits on individual holdings, what views do you have on how corporates’ use of digital pounds should be managed in transition?
Should all corporates be able to hold digital pounds, or should some corporates be restricted?
Question 9: Do you have comments on our proposal that non-UK residents should have access to the digital pound, on the same basis as UK residents?
Question 10: Given our primary motivations, does our proposed design for the digital pound meet its objectives?
Question 11: Which design choices should we consider in order to support financial inclusion?
Question 12: The Bank and HM Treasury will have due regard to the public sector equality duty, including considering the impact of proposals for the design of the digital pound on those who share protected characteristics, as provided by the Equality Act 2010.

Please indicate if you believe any of the proposals in this Consultation Paper are likely to impact persons who share such protected characteristics and, if so, please explain which groups of persons, what the impact on such groups might be and if you have any views on how impact could be mitigated.

Technical Working Paper

Question 1: Do you agree that these six considerations are foundational technology considerations for CBDC?

Are there additional or alternative technology considerations that the Bank should be focused on? (Section 3)
Question 2: Which privacy-enhancing technologies, or other privacy mechanisms, might support the proposed policy objectives, and how might they be used? (Section 3.1)
Question 3: Are the provisional requirements and metrics discussed in the paper, particularly for uptime, transaction throughput and transaction speed, realistic and appropriate? (Sections 3.3 and 3.4)
Question 4: Are there other significant components or activities that the Bank should consider in designing a CBDC? (Section 4)
Question 5: Are there alternative models that might better address the technology considerations and technical requirements outlined in this paper? (Section 4)
Question 6: Other than those described in this paper, are there additional important factors to consider related to ledger design? (Section 4.1)
Question 7: What are the most appropriate approaches or technologies for collecting and analysing aggregate transaction data? (Section 4.2)
Question 8: Do you agree with the need for aliases (both well-known and disposable)? If so, should the alias service be hosted as part of the Bank-managed infrastructure, or should it be distributed across the CBDC ecosystem? (Section 4.3)
Question 9: What features would a CBDC API require to enable innovative use cases? (Section 4.4)
Question 10: Do you agree with the suggested list of devices for making payments with CBDC? (Section 4.5)
Question 11: How viable is it to enable interoperability between CBDC and other forms of money using existing payments infrastructure? (Section 4.6)
Question 12: Is programmability and smart contract functionality an important feature of a CBDC system? If so, what is the best approach to enabling such functionality? (Section 4.7)
Question 13: How important is offline functionality in a CBDC system? What are the most effective ways to implement offline capability? (Section 4.8)

Can Ledger Recover?

1F52B — Thu, 25 May 2023 00:00:00 +0000

Ledger, the leading Bitcoin & Cryptocurrency hardware wallet manufacturer launched their new Recover product last week. It’s a subscription backup service that offers users a different way to protect against lost funds in the event that their Ledger hardware signing device is lost, stolen or destroyed. Ledger Recover does this by splitting up their key into three shares which are uploaded to and stored by Ledger and two other custodians. Rather than having a Seed Word as backup in a disaster, with Recover you upload proof of ID to the custodians, to convince them to send your shares back to you.

This announcement… didn’t exactly go down well on Twitter. People started freaking out, having previously understood that their private key was permanently locked within their Ledger – yet here was Ledger themselves proudly announcing a feature that’d extract it and upload it to the internet. Ledger has been forced into damage-control mode, and has paused the roll-out for Recover while the atmosphere is hot.

Let’s back up for a second.

Seed Words

The industry has standardised around seed words Bitcoin Improvement Proposal BIP-39 provides a list of 2049 possible ‘seed’ words, from which the private key of a wallet can be derived. These words are easier to back up or remember than a long string of digits.
They correspond to the private key but technically aren’t quite the same thing.as the way to back up Bitcoin and crypto wallets. These are usually 12 or 24 words that you write down and hide safely, to be able to load them into a new wallet if you ever lose access to the original. When you set up basically any new wallet, it’ll prompt you to write down these words as a backup.

Yet many people have fallen victim to lost or wrong seed phrases: forgetting where they put the backup; realising they wrote it down wrong years ago, or having their mum run it through the wash. New users can struggle to grasp the significance of the seed words, not understanding that the backup is literally the same thing as their wallet’s private key, not understanding that having the seed is the same as having all their current and future coins – so they set everything up correctly, right up-until the moment they type the seed into a Google Doc to ‘back it up’; not understanding how that last step has just irreparably compromised the wallet and that they should now start-over.

Peter McCormack 🏴‍☠️ @PeterMcCormack
Met a new bitcoiner today:
- Proud they bought a whole coin
- Proud they bought a hardware device
- Proud they moved coin to device
- Proud they secured device
- Proud they backed up seed phrase in a Google Doc

Where did they go wrong?
01:02 AM · Jan 18, 2023
Via X.com · Link to Post

Ledger believes Recover fixes this.

Instead of a user having to take sole responsibility for safely and securely storing a seed phrase, all they have to do is be able to identify themselves to the Recover custodians, who handle the hard part of storing a seed for them. As Ledger puts it, you become the key to your wallet.

The seed is split into three pieces, or shares, where each of these on its own not enough to know what the original is. At-least two shares are required to recover it, and Recover splits all the shares up geographically and jurisdictionally between three custodians: themselves in France, CoinCover in the UK and EscrowTech in the USA. Per Ledger documentation and Privacy Policy

So, none of the custodians on their own are able to access the private key, meaning they are unable to see or steal any of a user’s funds without colluding That is, for your funds to be seized or stolen through Ledger Recover, two or more of the custodians need to come together and combine their separate shares of the backup. Or, two or more of them need to succumb to a hacking/5$ wrench/three-letter-agency attack. with another.

The tech underpinning this is a 2-of-3 Shamir’s Secret Share of the private key, which isn’t something Ledger have just invented, and has already been used extensively by cryptographers since its invention in 1979. Each of the shares are also encrypted as a protection against loss or theft, but with encryption keys known to the custodians not the Recover user.

When you initiate a wallet recovery, you first authenticate yourself to the custodians using a Passport or National ID through a ‘KYC’ process, then each sends the share they have to your new Ledger device where they are recombined, revealing the private key and reconstructing the wallet on the device itself.

Maybe it’s just not for you?

Depending on who you are, you might absolutely hate this idea; or you might quite like it and be wondering what all the drama is about.

I’ll be honest, I don’t like it at all, but here’s the thing: there a number of different Hardware Signing Devices (aka Wallets) available, and each is trying to be the best to a different user. This necessitates making different design choices, and making different trade-offs. The choices Leger have made here really aren’t for me. But maybe they are right for you?

What matters is whether adding this feature inherently makes Ledger’s devices less secure for those that don’t want to use Recover.

We’ve seen similar controversy before, four years ago when Ledger launched the Nano X adding Bluetooth connectivity. Many then were worried about this broadcasting that there was a Ledger nearby to any other devices with Bluetooth, or thinking that the private key would leave the device over the connection whilst signing transactions (it doesn’t). Today this controversy has largely been forgotten, and the Nano X has gone on to be a popular device.

Sure, there are Signing Device puritans for whom Ledger’s design choices are unacceptable, and only the ColdCard and those with similar principles like the Passport and SeedSigner will do. And they’re right, Bluetooth is an attack vector, as is ever conncting it to a computer via USB as you do with all Ledger models, as well as the Trezor, BitBox02 and others – even the ColdCard can be used over USB, although discouraged.

The ColdCard Hardware wallet, by Coinkite.

The ColdCard is perhaps the high-water mark for key security, though that’s not a universally held opinion. It does many things right – it uses dual multi-vendor Secure Elements (‘SEs’); encourages airgapped-use with disabled USB and NFC, only passing transactions to and from the device by physically moving a SD card around. It comes in a tamper-proof bag; you have to get it direct from Coinkite; focussing on Bitcoin-only keeps it simpler; the firmware is on GitHub for anyone to view and verify; there are half a dozen or so decoy and trap security features you can use. Basically, there’s a laundry list of security features that add complexity, but bring with them extra protection.

So of-course, the ColdCard is also not for everyone. Its no-compromise approach to security does make it less forgiving, and easier to mess-up for yourself. A super-paranoid maximally secure ColdCard setup guide runs to around thirty separate steps (the list is in the afterword if you’re interested).

Maybe it is for you?

Fundamentally, Ledger Recover is an opt-in feature. If you don’t want to use it, you’re not going to be forced to, and your Ledger will never create these backup seed shares and export them without you initiating it on the device. This is the same level of trust you’ve already had in your Ledger that it isn’t going to approve a transaction and sign it until you’ve pressed the buttons to do so.

Nevertheless, the security trade-offs are substantially different between a classic Seed Word backup and this.

But, lots of people struggle with storing Seed Words safely and responsibly. According to Ledger’s CEO, lots of customers and potential customers they’ve talked to want this.

People online are saying our customers don’t want this.

A lot of our customers actually want it. A lot of future customers want it, and most of the people that say I don’t want to use a ledger are saying that because I don’t trust myself with the 24 words.

So actually we’re trying to solve one of the biggest pain points to onboard the next generation of users into self-custody. Self-custody is much safer than any other form of custody that you have in the market.

Pascal Gauthier
Ledger Chairman & CEO
22^nd May 2023
What Bitcoin Did Podcast &endash; Ep.661

If you choose to use Recover, it’s important to recognise that you’re extending your trust beyond just Ledger and placing it in their two co-custodians too. The issue is not only that Ledger-the-company may turn out to be a malicious actor – that’s highly unlikely – but more whether a rogue employee, hostile state infiltrator (a spook) or more-generally another adversary (a court) can force Ledger into revealing your private key or circumvent their security, against both your and Ledger’s wishes. This too is improbable, but it can and has happened in the past. Coinkite’s NVK cited Gemalto on the What Bitcoin Did podcast Ep.661 as an example, where the NSA and GCHQ allegedly compromised their SIM card keys, revealed in Edward Snowden’s NSA leak.

The Great SIM Heist –How Spies Stole the Keys to the Encryption Castle
The Intercept
19^th Feb 2015

Again, the backup is split between three different companies, which can’t individually access your private key – so this isn’t nearly as bad as leaving your coins on an exchange.

But you may lose some privacy. Recover uses KYC to authenticate you when restoring a backup, so your face and ID are going to be stored alongside the Recover backup to make that possible. If you already accept KYC risk by buying coins from KYC exchanges like Kraken, Coinbase or Binance, then maybe this isn’t a concern for you. You’ll also have to be guarded against phishing and social-engineering attempts looking to get you to give an attacker KYC data so they can pretend to be you and steal your backups, an attack that doesn’t really apply to Seed Words.

Are you concerned about legal risk? If one or more of these backup companies is subpoenaed, Ledger acknowledge that they would have to comply and turn-over your backups, giving the authorities access to your funds and on-chain transaction history. Law enforcement agencies often have extensive criminal investigation powers including the ability to obtain production orders requiring information to be produced. It may result in a criminal offense for any entity supporting Ledger Recover to fail to comply with a production order, but [we] would always take all reasonable steps to verify a production order before complying with it. […] Since a minimum of two of three fragments would be required to gain access to your wallet, it is likely that an order would need to be obtained in at least two jurisdictions.
Ledger Recover FAQ

Ledger’s CEO, Pascal Gauthier, thinks this is highly unlikely to happen, and not a concern for the vast majority of Ledger’s customers.

It’s true that it should be the case that this won’t happen, but we only have to look a few years back to the Canadian Trucker protests of 2022 where the government of an ostensibly free country invoked an Emergencies Act and rapidly seized and froze the cryptoassets of protesters, as well as other financial assets. Canada Sanctions 34 Crypto Wallets Tied to Trucker ‘Freedom Convoy’
Coindesk
11^th May 2022 I’m sure most of them never thought that would happen to them.

Long before the crackdown on the Canadian protests, the IRS in the United States has used broad ‘John Doe’ summonses to force the Coinbase exchange to hand them the identities of U.S. Taxpayers who have used virtual currency Court Authorizes Service of John Doe Summons Seeking the Identities of U.S. Taxpayers Who Have Used Virtual Currency
Internal revenue Service, United States Department of Justice
30^th Nov 2016 . Your financial data may have already been requested and duly received by your Government. In fairness, Ledger’s CEO is correct to point out that they are distinct from Coinbase in that they are not an Exchange, so the IRS perhaps does not have the same ’legitimate’ interest in whatever data they may have.

The three backup custodians for Recover are based in France (Ledger), the UK (CoinCover) and the USA (EscrowTech). It’s fair to say these three have a good relationship, and frequently co-operate on enforcement matters and foreign policy. If you’re lucky enough to get put on the OFAC list, is it not likely that the French and British custodians will also comply with that American sanction?

Both Ledger Recover and Trezor’s new CoinJoin implementation that also recently attracted anger after announcing that it would be gated by Chain Analysis suggest a trend amongst some hardware manufacturers – they have a diminishing willingness to build products that could work for criminals. If you’re an ordinary Joe, don’t worry – but don’t expect your wallet manufacturer to take any heat to protect you.

Again, here’s a trade-off that manufactures make: Ledger have their companion software Ledger Live that provides an easy oven-ready setup with everything you need; whereas Coinkite doesn’t talk user numbers, deletes sales data as soon as they can, and doesn’t have a companion app with hosted Bitcoin Nodes to avoid the liability of knowing who you are or ever seeing your public key. You have to pick a wallet app like Sparrow made by someone else for yourself. Not as easy, but safer.

At the end of the day, the decision is yours, whether you prefer the risks and trade-offs of sticking with seed words as backup, or if you’d prefer to use Ledger Recover.

Should I worry about my Ledger?

Is this new feature a concern even if you don’t want to use Recover? Is the security of a Ledger inherently reduced by this feature?

Unfortunately, it seems many people have misunderstood how Signing Devices work. Whether they use Secure Element chips or not, they are basically all capable of extracting your private key from their enclave into the main microprocessor, with varying caveats To the best of my knowledge that there are no Secure Elements currently available that can do the secp256k1 cryptography on-device required to sign Bitcoin transactions, so this necessarily must happen in firmware.. Ledger can, even a ColdCard can! And if that’s possible, and the main microprocessor is also responsible for the display and interfaces like USB, then it follows that it’s possible to write malicious firmware for all of them that would extract the private key or seed, and hand it to an attacker over USB.

Don’t believe me? With a ColdCard, you can view the seed words on the device’s screen once it’s unlocked. Advanced Menu → Danger Zone → Seed Functions → View Seed Words. If they’re on the screen, they’re not just in the Secure Element, right? The difference between writing them to the screen and writing them out over USB is just a difference of software.

So, while it seems to come as an unwelcome surprise to many, yes, it has always been possible to write firmware that facilitates key extraction. You’ve always trusted Ledger not to deploy such firmware whether you knew it or not.

Moving to a different signing device is not going to change that fact – although, using a device that can be airgapped – that is, used without ever being directly connected to a computer does immediately allay most of this fear. Even if your device has been poisoned with private key extracting firmware, getting that key off the device over an airgap is really hard to do, but certainly not impossible.

So, ditch Ledger if you want to – but please understand that the other devices aren’t different in this fundamental respect.

The Recover code in the firmware is not a malicious code nor does it open a way to arbitrary extract the seed.

If you trust the device to sign a transaction only when you press a button, then you can trust the device to compute a SSS (a shard of the seed) only if you press a button.

Éric Larchevêque
Ledger co-founder an CEO of the company from 2014 to 2019
18^th May 2023
Reddit /r/ledgerwallet

Messaging Matters

The crux of this whole fiasco may then just be a matter of messed-up messaging. Ledger have previously claimed that it was impossible to issue a firmware update that could extract the private key, which as we’ve seen now is clearly incorrect:

Ledger @Ledger
Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.
04:12 PM · Nov 15, 2022
Via X.com · Link to Post

Contrast this with the reality that hit in this tweet that’s since been deleted by Ledger Support:

Ledger Support @Ledger_Support
(1/2) technically speaking it is and has always been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.
06:49 PM · May 17, 2023
Via X.com · Link to Post

This kind of sloppiness with detail has clearly led many people to believe their relationship with Ledger is trustless, as Éric Larchevêque, Ledger co-founder phrased it on Reddit. That trust has been broken as Ledger users realise their relationship to the company isn’t as secure as they believed it to be. It doesn’t matter that the trust was misguided, it matters that it was broken.

My mistake as a CEO during my tenure was probably not be relentless enough about explaining the security model, but at some point you just give up as people don’t care at all. Until they care again, like now.

The hard truth, which has been confirmed by many experts who took the time to actually deep dive on the subject, is that nothing changed. Absolutely nothing happened. The security model is the same than before you knew Ledger Recover existed.

What changed is the perspective some of you had on the trustlessness, which appeared to be much more nuanced than you thought, and as this is a very sensible subject, many became extremely angered because they felt lied to.

Éric Larchevêque
Ledger co-founder an CEO of the company from 2014 to 2019
18^th May 2023
Reddit /r/ledgerwallet

This is a sequencing and communication fuckup, not a technical one. Just enough info to freak people out was pushed out on Twitter, but not enough to understand what was actually happening, what the risks and protections were.

Credit @cb7da12 on Twitter

Naturally the reaction to this is negative, with confused and angry users posting about their concerns and many others including big names in the space dogpiling on to accelerate the fire. A Twitter search for bye ledger yields a stream of images of new wallets from other makers and even some Ledgers being smashed and binned.

Duo Nine ⚡ @DU09BTC
Yo @Ledger, does this mean you can access my #BTC?

OR

Does it mean you can access my #BTC only if I subscribe to your Ledger Recover service?

Which one is true? Or are they both? 👀
08:58 AM · May 16, 2023
Via X.com · Link to Post

The concern above isn’t valid, but how was the poster supposed to know?

You have to wonder how this new feature went down when internally circulated. To their credit, Ledger’s DonJon security research program has spent millions supporting Bitcoin and cryptocurrency custody relentlessly, and has made Ledger’s own devices and many of their competitors’ safer as a result. So, surely that team might’ve had a similar initial skepticism (or ick) towards the idea before seeing detail?

As a result of this self-inflicted hailstorm, Ledger have damaged their reputation and handed their competitors free marketing and users.

So, can Ledger recover?

In the end, this is about trust. Treating the manufacturer of your hardware signing device as an adversary in every way is a non-sequitur. You have to have a degree of trust in them to produce and deliver to you a product that does what it says.

Ledger have acknowledged the mess and the miscommunication, and are taking steps to be more transparent in the future – open-sourcing more of their code, responding to criticism and apologising for the upset.

Despite the controversy, I think Ledger will be fine, and even that Recover will be a successful product. But rebuilding lost trust and reputation is going to take them a while.

If you have been using a Ledger and it’s worked well for you, I don’t think this is a reason to drop it and switch to a new wallet. It’s not for me, but it might be for you – it’s a great piece of hardware, and one I think I’ll still recommend to people that might have a hard time with a ColdCard.

We believe wholeheartedly in the need for a service like Ledger Recover—those of us who have been in the space for a long time, over a decade in my case, have a responsibility to ensure everyone can be self-sovereign and can have self-custody over their digital value. This is the ethos of crypto. The main pain point for crypto self-custody adoption is precisely the problem of seed phrase recovery. The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase.

Pascal Gauthier
Ledger Chairman & CEO
23^rd May 2023
Ledger Recover: A Message From Pascal Gauthier
Ledger Blog

Afterword

Maybe this is for you?!

The ultra-paranoid guide for the ColdCard goes something like this:

You got the ColdCard delivered to a fake name and not your home address, paid with no-KYC anon Bitcoin using a burner email, right?
Windowless room, no cameras, phones, computers or microphones.
Check the tamper evident bag isn’t void or tampered with.
Check the case has not been tampered with, and electronics have glue blobs on them. Remember what the blobs look like.
Power up the device with an isolated power supply like a battery (Never a computer USB port!)
Check the bag number matches the device’s burnt-in number.
Disable the USB port in the ColdCard’s settings.
Download latest firmware image.
Check and verify the PGP signature for the firmware image’s sha256sum.
Put the firmware on an industrial-grade SD card, and update the ColdCard’s firmware.
Set up the device using a 12 digit PIN, remembering the anti-phishing words.
Get some dice and get ready to roll them 100 times or more.
Generate a throw-away seed using dice rolls and verify it on a computer just to check the ColdCard isn’t lying to you.
Generate your actual seed on the ColdCard with 100+ dice throws.
Write this seed down on paper to get through initial set-up.
Split the seed into three parts or more using SeedXOR. Write each of these down separately.
Get the SeedXOR worksheet and manually reconstruct the initial seed from your XOR parts, checking it matches the original seed.
Still reading? Why?
Now eat/set fire to the original seed, keeping only the XOR seeds. (I’m serious.)
Wipe the ColdCard and restore the seed onto it using the XOR seeds. Check that the restored seed/master fingerprint is correct.
Make two to three copies of each of these XOR seeds, optionally using metal backup plates (IMHO these are a scam) or coming up with clever stenographic techniques to make them hard to identify as seed backups.
Distribute your XOR seeds geographically in places that you trust to be secure. Think of very clever hiding places.
Come up with a passphrase to use in addition to the seed stored on the ColdCard. Back this up separately to your seeds, or really trust yourself to not forget it
Set at least one trick PIN to destroy the device or trick a physical attacker.
Repeat all of the above with the two or more other ColdCards (or other comparably paranoid Signing Devices) you also bought for a multisig setup, right?
Coordinate an air-gapped multisig setup. Import this into Sparrow (because all other wallet software sucks). You’re already running your own Full Node over Tor, right?
Never tell anyone you have a ColdCard, never talk about your stack, throw the free stickers away.
Work out how to explain to your relatives how to recover your funds in the event of your death later.

That’s… not a trivial list of things to do. How many people understand, or frankly care for why each of these steps is necessary, and what threat it is protecting against?

Me? I love this, and it’s exactly the amount of tinfoil paranoia I want in a Signing Device. ColdCard’s security model is tight, and covers as many bases as it can.

But my Dad? Sorry, no chance. To him, this is a massive roadblock that’s going to deter him from using a ColdCard and getting off zero Bitcoin in the first place – but using any half-decent hardware signing device like a Ledger or Trezor is still leaps and bounds better than buying Bitcoin and leaving it on a custodial exchange, or having none at all.

So that is the problem Ledger solves, aiming for accessibility and a large addressable market, rather than making the most-secure Signing Device possible.

The Subtil Genius of Casey's Ordinals

1F52B — Sat, 25 Mar 2023 00:00:00 +0000

Now the serpent was more subtil than any beast of the field which the Lord God had made. And he said unto the woman, Yea, hath God said, Ye shall not eat of every tree of the garden?

Genesis 3:1

Bitcoin has NFTs Non-Fungible Tokens, effectively tradeable digital assets or tokens where each is unique. now. They’re called Ordinal Inscriptions, but what the heck is an Ordinal and what’s an Inscription? And why should you care? The arrival of NFTs in the Bitcoin universe has caused a fair amount of drama. Ordinal enjoyers welcome the shiny new hotness, while many others see a serious attack on Bitcoin – guzzling up blockspace that should have been used by normal financial transactions, miners ripping massive four-meg’er blocks full of spam; and an attack on the very fungibility In economics, fungibility is the property of a good or a commodity whose individual units are essentially interchangeable, and each of whose parts is indistinguishable from any other part. of Bitcoin.

Ord, wallet software that runs alongside Bitcoin Core was released to the world in January 2023. Its creator, Casey Rodarmor, the inventor of Inscriptions and Ordinal theory has conceived of a way to use, or perhaps exploit Bitcoin’s Taproot script, enabling co-conspirators to store a large amount of arbitrary data within otherwise normal transactions created using ord. It uses a clever construction he’s called an envelope – a piece of code within the Taproot witness part of a Bitcoin transaction that all the nodes of the network will skip over when running the script to validate the transaction, but which contains stuff include the un-runnable bit – arbitrary data that can be extracted by anyone who knows where to look. As this simply uses existing opcodes and an otherwise standard Taproot transaction, Inscriptions have debuted onto the Bitcoin mainnet with zero code changes to Bitcoin Core required. No developer consensus nor permission was needed nor asked to unleash ord.

Ordinal theory does not require a sidechain or token aside from Bitcoin, and can be used without any changes to the Bitcoin network. It works right now.

Ordinals.com

This is the first piece of genius The envelope construct is really simple, one of those things that in hindsight should have been obvious. There’s nothing really new or hard to wrap your head-around about it. And there’s not really anything that can be done to stop it. The consensus rules allow it, so it is.

// Envelope Script:
OP_FALSE
OP_IF
OP_PUSH "ord"
OP_1
OP_PUSH "image/jpeg"
OP_0
// Arbitrary data:
OP_PUSH 5468652054696d65732030332f4a616e2f32303039
204368616e63656c6c6f72206f6e206272696e6b20
6f66207365636f6e64206261696c6f757420666f72
2062616e6b73
OP_ENDIF

An example Envelope Bitcoin script.
OP_IF OP_FALSE is always False, so everything following up-to the OP_ENDIF is skipped when evaluating the script.

While there are many things one could use near-arbitrary, permanent, globally distributed & censorship-resistant storage for, it probably isn’t shocking to hear that much of the content already inscribed on-chain are the same endearing monkey JPEGs and dickbutts we’ve know and love from the shitcoin NFT craze. Inscriptions №1 and № 286, a dickbutt and a monkey.

See Also ⇝ Ordinal Theory Handbook for an explainer of what the heck Ordinal theory is, how Inscriptions work and how the two are related.

Storing stuff on the Bitcoin blockchain that isn’t merely a financial transaction is nothing new. Famously, the Bitcoin Genesis block carries the headline The Times 03/Jan/2009 Chancellor on brink of second bailout for banks in its coinbase transaction. Since the inclusion of that piece of text in the very first transaction in the very first block, thousands upon thousands of other non-financial pieces of data have been permanently stored on the chain.

The methods for achieving this have evolved over the years, and some of them really weren’t great – causing problems for nodes by consuming precious UTXO set storage, The UTXO Set is the set of all currently unspent transaction outputs - i.e. bitcoins that can be spent.
This has to be kept in fast and readily-available storage on Bitcoin Nodes, as it is required to validate that all newly-seen transactions are spending coins that exist and haven’t already been spent – unlike the rest of the chain history (full blocks, spent outputs) which can just be stored on-disk as they don’t need to be accessed as quickly.
Creating UTXOs that can never be spent leads to permanent growth of the UTXO set, which we’d like to avoid. and some using fake unspendable addresses as the storage mechanism, resulting in permanently burned coins. This mess was addressed by Bitcoin-Core begrudgingly introducing the OP_RETURN construction, The OP_RETURN change creates a provably-prunable output, to avoid data storage schemes – some of which were already deployed – that were storing arbitrary data such as images as forever-unspendable TX outputs, bloating bitcoin’s UTXO database.
Bitcoin Core v0.9.0 Release Notes, 19^{th March 2014} and that seemingly resolved the question of storage on chain. Prior to the conception of Ordinal Inscriptions, using OP_RETURN has been by-far the most common way to store stuff – at times, contributing a significant share of all transaction volume and fees, though in recent years usage has steadily declined as the main volume drivers Omni and Veriblock have lost adoption. Above: OP_RETURN usage statistics by block, showing sharp peak then decline.
Via opreturn.org

But, OP_RETURN is limited to 80 bytes of data. This is a Standardness rule, not a Consensus rule. Almost all Nodes will refuse to relay unconfirmed transactions they see that have OP_RETURN outputs with more than 80 bytes of data, but these do rarely appear in blocks. Similarly, the Standardness rules also prevent burning of bitcoins via OP_RETURN. That’s workable for short snippets of text, but you can’t cram much else in there. That limit also gives a pretty clear indication of the core dev’s feelings about storing data on chain – don’t. Alas, because of a minor rule change introduced without much fanfare as part of the Taproot upgrade, the limit to script sizes that applied to SegWit was removed. This means Inscriptions are only capped in size by the blocksize limit of 4MB itself (or 4 million weight units, to be exact). An Inscription can be the only non-coinbase transaction in a block, filling the entire thing up itself. That’s a big deal – and yes, this has already happened (well, nearly). Block 774628 mined on the 1^st of February 2023 weighs in at a sweaty 3.96MB with only 63 transactions, the biggest of which was of course an Inscription that accounted for a whopping 3.94MB on its own.
If you’re wondering, the Inscription № 652 was this:

Average blocks in an Ordinal world are indeed bigger than the ~1.4MB we’d grown accustomed to since the SegWit upgrade raised the limit from a hard 1MB. Bigger blocks increase the rate at which network nodes fill up their storage, and the fallout of the 2017 blocksize wars A fall-out between different factions within Bitcoin over whether to increase the block size from 1MB to something more. This eventually led to Bitcoin Cash splitting off from the Bitcoin chain as a separate coin, and Bitcoin adopting SegWit with a 4MB (vByte) limit.
See The Blocksize War: The battle over who controls Bitcoin’s protocol rules, Jonathan Bier, March 2021, ISBN 979-8721895609 should be all that was needed to demonstrate how thermonuclear the question of block size is. Nevertheless, those mad at Ordinals for increasing the blockchain’s growth rate are in truth angry that the possible-in-theory since SegWit and Taproot activated has now become reality. The block-size limit was increased to 4MB back then, not in January 2023 when Casey released ord to the world. Blocks are meant to be full. If you hate Ordinals because they are filling juicy 4MB blocks, look to Taproot and SegWit for original sin. In a weird quirk, Inscriptions actually make blocks smaller for anyone running a pre-SegWit node, as the non-witness portion of the block is much smaller.

What’s more, in many ways it doesn’t matter what anyone thinks about Inscriptions. These are valid Bitcoin transactions so there’s next to nothing that can be done to stop them – that is after-all the point of Bitcoin. You can run a node with core-dev Luke Dashjr’s ‘ordisrespector’ patch that will filter unconfirmed Inscriptions out of your mempool, but unless the vast majority of Bitcoin node runners do this (spoiler: they haven’t), it’s a pointless exercise as Inscription transactions will still find their way to willing miners.

Luke Dashjr @LukeDashjr
#Bitcoin node patch (HACKY, UNTESTED) to filter out "ord" spam. NOT a protocol change or softfork/hardfork, just a harmless (if it works right) spam filter.
(Also a quick hack and NOT suitable for opening a PR to Core -- please write a proper fix for that)
08:09 PM · Feb 1, 2023
Via X.com · Link to Post

More drastic action than changing nodes’ mempool policy could be taken, such as a fork that tightened the rules back down again to limit the max script size for Taproot. Or, make any script that contains unreachable code (as envelopes do) invalid. But forking Bitcoin just to censor a specific use of it would be an act of self-defeat nearly as stupid and catastrophically damaging to Bitcoin’s core tenets as Ethereum’s DAO fork The DAO fork was in response to the 2016 DAO attack where an insecure DAO contract was drained of over 3.6 million ETH in a hack. The fork moved the funds from the faulty contract to a new contract with a single function: withdraw. Anyone who lost funds could withdraw 1 ETH for every 100 DAO tokens in their wallets.

This course of action was voted on by the Ethereum community. Any ETH holder was able to vote via a transaction on a voting platform. The decision to fork reached over 85% of the votes.

Some miners refused to fork because the DAO incident wasn’t a defect in the protocol. They went on to form Ethereum Classic.

Via Ethereum.org and bailout of 2016. It would betray the fundamental ideals that underpin Bitcoin and make a mockery of its philosophy. Mostly for this reason, because such an effort would likely meet fierce resistance and result in a permanent chain split; and presumably also because someone had a ‘sanctioned’ use of large tapscripts in mind, there have been no serious proposals to do this.

This is a second piece of perhaps unwitting genius – Ordinal Inscriptions are again proof that no single group, including the core developers, control the protocol. They prove that Bitcoin is nearly impossible to censor; that it is money for enemies. Miners are incentivised to mine blocks containing Inscriptions given they pay a fee just as any other transaction does. Users make these transactions. So, Inscriptions continue to make it into blocks. This is nice little lesson on one of the strengths of Bitcoin – incentive-aligned systems are stable and resist attack.

It goes without saying that Inscription transactions are big – that’s kinda the whole point. This also means that they’re not economically dense at all. A normal SegWit transaction can move hundreds of bitcoin worth billions of dollars in under 200 bytes, paying a fairly small fee. For Inscriptions, the value moving through transactions is much less contained in the quantity of sats moving, and more in the subjective and speculative value of the artwork in the kilobyte or megabyte sized witness data – but the Bitcoin network doesn’t care, and so artists and buyers must pay fees for what they use and can only hope to later make a return on their investment.

So it follows that the criticism of Inscriptions claiming that they are crowding other economic activity out of blocks is unfounded. Put it this way – a Lightning channel open transaction between two large nodes is the on chain footprint of a fast payments network that is expected to scale to processing thousands of transactions per second and moving mountains of value every minute. That kind of economic actor can afford a fee of hundreds or thousands of sats per byte and out-compete practically everyone else in the fee market, a rate still way higher than current next-block rates. Rates that high would make even a modestly sized Inscription cost more than a whole bitcoin in fees. Inscriptions are setting a fee floor and avoiding unfilled blocks, but by no means are they crowding everyone else out – and when Lightning really takes off, the opposite will be true.

I don’t subscribe to the argument that Inscriptions will particularly help to solve the long-term Bitcoin security budget – that miners will need to make the entirely of their profit from fees once the block subsidy reduces to zero. Yes, any kind of adoption helps, but Inscriptions probably don’t help any more than that. What really matters for the security budget is that the sum total of the fees paid to miners can purchase a large amount of energy, not that the fee rate needs to rise. There are only ever going to be 2.1 quadrillion satoshis in existence, which in a hyperbitcoinised world could mean a fee of 1 sat/vByte is not nothing in monetary terms. By comparison, there are currently around 2.1 quadrillion US¢ in existence. Current M3 Money Supply for the United States is 21.2 trillion USD
St. Louis Fed data via FRED (MABMM301USM189S), Feb 2023 But that’s a tangent for another time.

I think we’re going to see things like Inscriptions and Ordinals be the next biggest thing that happens in Bitcoin, there is a massive amount of demand for that stuff. Me liking or not liking it is irrelevant. The shitcoiners are running now Bitcoin nodes and full nodes cos they want their Inscriptions there. That’s an interesting funnel for Bitcoin.

NVK
14^th Feb 2023
Stephan Livera Podcast
SLP459 Q1 and Bitcoin Security with NVK

Adam Back @adam3us
"you can't stop them" well ofc! bitcoin is designed to be censor resistant. doesn't stop us mildly commenting on the sheer waste and stupidity of an encoding. at least do something efficient. otherwise it's another proof of consumption of block-space thingy.
10:27 PM · Jan 29, 2023
Via X.com · Link to Post

See Also ⇝Bitcoin thought leaders weigh the pros and cons of Ordinals · Cointelegraph.com · 8^th March 2023

In spite of all this controversy and squabbling amongst friendly Bitcoiners, I hope we all can take a moment to appreciate a certain deliciousness here: Bitcoin accidentally has a NFT scheme that’s just better than the incumbent NFTs of the shitcoin world. Do you actually understand how smart-contract based NFTs work? The contract code is highly complex, written in a Turing-complete language that’s much harder to reason about than Bitcoin script’s simple stack, and often unaudited by buyers, with various standards in use across different collections and mints. To boot, you also need to understand the workings of which ever shitcoin chain it transacted on, and what their patron ‘foundation’ and VCs are up to. In truth, I don’t fully understand how it all works despite putting in some effort. In contrast, it took about two minutes to grok how envelopes work, and another two to see how Ordinals facilitate the transfer of Inscriptions between current and new owner. I’m sure someone could argue existing NFTs are fine or even great, but the comparative simplicity of Inscriptions speaks for itself.

Casey Rodarmor @rodarmor
My primary goal is protecting our community. If it has a token that isn’t bitcoin, it is not bitcoin.

Shitcoiners have been trying to rip normal people off with rube goldberg machines that don’t work and nobody understands.
08:28 AM · Feb 13, 2023
Via X.com · Link to Post

Worse still, the majority of NFTs are merely a claim to a small piece of on-chain metadata that contains a URL as an indirect reference to an image that lives elsewhere on the internet, somewhere much less permanent; like IPFS or an Amazon S3 bucket. If your Monkey JPEG isn’t on chain, do you really own it? What do you actually own? Ordinal Inscriptions are permanently burned onto the oldest, most secure chain there is. This is just better.

Ordinals aim to provide a farer, safer system for creating and trading digital artifacts where the system is simple enough to be understood so that all buyers and artists know exactly what they’re doing and dealing with. These are NFTs, but more ethical. No rugpulls with Ordinals. Editor’s Note added May 2024:
That’s a little embarrassing!
Clearly I didn’t anticipate the BRC-20 token scheme and Runes etc.
The point still stands that there aren’t rugpulls with inscriptions themselves disappearing, merely that speculative art and JSON investing is a risky business!

Some of the crypto bros have already realised the big upgrade that Inscriptions present.

I want the shitcoiners to come to us and assimilate into our culture

Casey
15^th Feb 2023
Bitcoin Review Podcast BR024

Enter the “Teleburn”. NFTs from other chains can be inscribed onto Bitcoin, and then destroyed, burned permanently from the old chain. You can see the appeal – an NFT on Bitcoin is better than one on Ethereum or Solana or wherever. Burning a Bored Ape attracts attention and headlines. There’s the allure of being first.

I have to admire the sheer audacity of the Teleburn. The upstart alternative to altcoin NFTs goes straight for the jugular with Teleburns, not seeking to join the NFT ecosystem but supplant it. While fears that Ordinals are an attack on Bitcoin are overblown if not entirely FUD, Teleburns are an attack on the entire shitcoin NFT ecosystem.

“Essentially throwing a Lamborghini into a trash compactor–It’s kind of fun,” Williams told Decrypt. “Whether putting bloated JPEGs on Bitcoin’s base chain is smart or not is a whole ‘nother discussion, but I think it’s going to be a lot of fun seeing how it plays out.”

Bored Ape Owner Burns $169K NFT to Move It From Ethereum to Bitcoin
14^th Feb 2023
Decrypt

Casey Rodarmor @rodarmor
eth was testnet
https://etherscan.io/tx/0x675...1788
06:55 PM · Feb 11, 2023
Via X.com · Link to Post

Prima facie, Inscriptions might merely be the new fun thing to mess with for the crypto and web3 inclined, a new goldrush where some of them might make a ton of money while it lasts. But what Casey has done with ord is trick a bunch of crypto bros into running full, synced Bitcoin nodes. You have to, if you want to use ord and inscribe something, a piece of genius design rather than a compromise limitation of some new and unpolished software.

How may of them were already running a full Ethereum node? Given you kinda need a stonking 30TB or more of free disk space to do so, I’d guess literally none of them.

There’s a chance that some of them might get it and catch the Bitcoiner bug.

It really is like a needle exchange program for degens. We bring them over to like a safer place and give them a dime bag of sats to get them hooked. Like, it’s hilarious!

Rijndaael, Ord contributor
15^th Feb 2023
Bitcoin Review Podcast BR024

You may notice we’ve spent most of our time so far talking about Inscriptions, but Ordinal sats, or more exactly “Ordinal Theory” has courted its own controversy.

A quick clarification – Inscriptions attach a digital artefact, like a JPEG to a sat, and then Ordinals are how we track ownership. Despite this technicality, the whole thing lumped together is usually just called “Ordinals”.

Part of this backlash might be confusion. Ordinal theory is entirely opt-in, and is literally just a convenient schema, or lens to view Bitcoin through. We socially agree on this theory that allows us to give every satoshi a unique number, just as banknotes have serials. It’s a lens through which you get an interesting and useful view of the Bitcoin system, but nothing more profound than that. If you hate it, cool, just ignore it.

The reason that Ordinal Theory arrived at the same time as Inscriptions is that it answers the follow-up question “how do I transfer ownership of an Inscription?” The answer is straightforward if we agree on Ordinal Theory, which then allows us to track satoshis from their genesis in the block that first produced them, through every transaction they are involved in. Doing this, it is then easy to see who the current owner of a sat that was used in an Inscription transaction – an ‘inscribed sat’ – is.

Ordinal Theory imbues satoshis with numismatic value, allowing them to be collected and traded as curios.

Ordinals.com

Predictably, the notion that sats can be uniquely identified, tracked through transactions, and made ‘special’ by being Inscribed triggered a hostile reaction from many Bitcoiners. It is critical to the functioning of money that it is fungible. One bitcoin over here needs to have precisely the same exchange value as another over there for Bitcoin to function properly as money – without fungibility, the asset degrades to something that trades closer to barter than a highly-liquid money.

This hostility is probably a healthy response – a concern that fungibility has in some real sense been damaged. But all that Ordinal Theory is doing is following the existing rules of Bitcoin, where everything in the ledger and supply schedule has a strict order, and adding a few conventions to complete the missing pieces of the picture. If that is all it takes to break the fungibility of Bitcoin, then it was never really fungible.

Ordinal Theory does not at-all reduce the privacy of coinjoins. I’m not sure how else to argue against that claim other than to say its proponents have simply misunderstood Ordinal Theory, or misunderstood coinjoins. A chain analysis company or government agency could easily have come up with a similar scheme themselves, and might already have done so – but you still can’t tell who was on the input nor output side of a transaction any more than you previously could.

All this does bring, in addition to the ability to trade Inscriptions like NFTs, is numismatism. Numismatics is the study or collection of currency, including coins, tokens, paper money, medals and related objects.
Via Wikipedia That is, within Ordinal Theory, some sats are ‘more interesting’ than others. Sats from Satoshi blocks, or rare and important events in Bitcoin’s history like halvings, difficulty adjustments, fork activation blocks and Exchange hacks can be all identified and then collected by people that value such things.

Ordinal hunting is difficult but rewarding. The feeling of owning a wallet full of UTXOs, redolent with the scent of rare and exotic sats, is beyond compare.

Ordinal Theory Handbook

So now we have numismatism on Bitcoin. However, coin and stamp collectors are yet to threaten the fungibility and utility of Fiat monies, and nor will they now that they’re here. The additional value that collectors may ascribe to a specific sat doesn’t stop someone that doesn’t care from using it to buy coffee, in the some way that your Barista probably won’t notice or care if you pay for coffee with a dollar bill that has a nice round serial number, and certainly won’t offer you a discount!

This also doesn’t mean that ‘bad’ satoshis are any more encumbered than they already were. OFAC and the FBI don’t need Ordinal Theory to track transactions and blacklist addresses and UTXOs. That this was already possible is the reason conjoins and other privacy enhancing tech has been available for many years.

Big and controversial moves in Bitcoin increasingly lead to calls for ‘ossification’ – a growing conservatism against any change to consensus. Very clever upgrades like Taproot always promise great new things and fixes for nagging problems. But that latest upgrade to Bitcoin unintentionally enabled Inscriptions, something many Taproot proponents thoroughly dislike. It’s reasonable to wonder if there are other unanticipated uses for it, or other earlier upgrades that are still lingering and just waiting to be discovered.

Some of these could genuinely be harmful to Bitcoin, and there’s always a risk that making a change that has catastrophic unrecoverable consequences, however unlikely. Once a soft-fork has activated, we can’t just roll the chain back and undo it without massive consequences for what Bitcoin even is and means.

Taproot is very clever, but it is also very complicated and hard to fully understand – the club of people who do is pretty small. What we have now works fairly well, and change can be dangerous. Perhaps it should become increasingly onerous to introduce new consensus rules into Bitcoin, to the point that eventually the only changes to core will be non-consensus changes? That would leave only maintenance, like bug fixes, and performance enhancements that make Bitcoin as currently instantiated stronger.

Calls for ossification now are an over-reaction, though I’ll admit to partaking from time-to-time. Yet, being closer to the ossify now end of the spectrum rather than the hard fork every couple of months (ahem, Eth…) is the better end to be at, when we’re thinking about keeping what may be our only chance at non-governmental global censorship-resistant freedom money alive.

It can take a lot of time to come up with the best solution to an extant problem. Much of the argument in favour of big blocks in the 2015-2017 blocksize war The Bitcoin Block Size Wars Explained
Till Musshoff, Bitrawr
23^rd June 2021 was that there was no other way to scale Bitcoin into a global payments system that would be capable of VISA and Mastercard volumes. Then, Lightning The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments (PDF)
Joseph Poon and Thaddeus Dryja
14^th Jan 2016 happened, presenting a much better alternative to dumb big blocks.

It looks like next thing in the pipeline is going to be Vaults & Covenants. In brief, normal Bitcoin transactions set the conditions for spending the outputs (coins) they create. These conditions are usually ‘just’ cryptographic – if you have the wallet keys that match the UTXO, you can spend it.
Bitcoin’s script language allows creating some more complex conditions, but these can’t really ’look outside the sandbox’ they’re running in - for example, you couldn’t check the date or time.
With Lightning, OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY were added, providing new conditions that did allow checking times (they’re usually shortened to CLTV and CSV and called timelocks when used). These new opcodes were necessary for Lightning channels to work.
These opcodes are really just a simple Covenant opcodes; the new Covenants/Vault proposals are attempts to add further opcodes to Bitcoin that can enable further scaling layers, improved custody solutions, and theft protections to Bitcoin. In the wake of Taproot’s unintentional enabling of Inscriptions, it would be healthy for us to take our time ensuring these new features behave as intended and don’t bring any surprises.

Not to say that these proposals don’t already receive intense scrutiny and testing, yet Inscriptions gifted us a safe ‘failure’ case for perhaps ’too clever’ changes to consensus that have been merged. It is incredibly difficult to think of something no-one has yet though of. Once we’ve activated a consensus change, it’s nearly impossible to put the cat back in the bag and walk back.

The final piece that Inscriptions bring to Bitcoin is the thing we may come to be most thankful for. There are those that argue code is speech, and thus Bitcoin and its network are protected under the First Amendment of the US Constitution. That argument is perhaps contestable, but that literal art and words are speech is not – and now those are being etched directly into Bitcoin’s blocks.

Bitcoin is how more clearly than ever a venue for freedom of expression as protected by the First Amendment. Attempts to censor or restrict the use of Bitcoin by the US government could be legally challenged as a violation of this right, perhaps leaning on Inscriptions to make this case. Of course other countries have different rights & weaker freedoms of speech, with illiberal codes where the freedom to say what you wish could make Bitcoin more of a pariah not less – but it is perhaps in the United States were Bitcoin’s continuing success is most important, as it is the hegemony of the US dollar that it seeks to supersede.

Don't think about making art just get it done.
Let everyone else decide if it's good or bad, whether they love it or hate it.
While they are deciding, make even more art.

Andy Warhol
Inscription № 5

Dual Income, No Kids?

1F52B — Wed, 27 Jul 2022 00:00:00 +0000

DINK (n.)

Urban middle-class couple that doesn't care about old-fashion stuff like family and kids. Life is all about having fun, travelling, and not caring about biological realities. #yolo

Urban Dictionary

Dual Income, No Kids used to be a smug label proudly worn by those living the high life sans-bambinos. Multiple homes, a yacht, maybe a chalet in Chamonix, holidays whenever and wherever, and no teen-turning-on-twenties studying English lit who needs the Parental Reserve Bank to pay their rent.

Now, though, the phrase would be a much more apt to use in a semi-desperate manner, something like this: Despite dual income & no kids, we still can’t afford a fucking house!

This isn’t a result of poor financial planing. Spending money on Avocado toast and caffè lattes is not what’s holding back younger generations from being able to buy a house. Though yes, Maggie, it’s not very spendthrift. But a saving instead of splurging twenty quid on posh avo toast twice a week, every week of the year nets us perhaps £2k, so it’d still take 10 years to maybe have enough for a deposit with a 2.5% interest rate compounded.

The first problem is this: relentless high inflation coupled with low interest rates With interest rates currently at a maximum of 2.1% AER for a fixed Cash ISA (and much lower rates like 0.5% commonplace) but inflation at 6% 11% and still rising, the real interest rate is a whopping -8.9% and still worsening. Sad face. on savings are making home ownership increasingly unattainable for those under the age of forty. The amount of money needed to put down a deposit on a mortgage is increasing faster than savings, investments and income increase.

In 1980, these neo-DINK’s parents were earning an average of £6k a year, and an average house cost £21k. Now it’s £32k earnings vs. £220k for a house. Average Incomes, Taxes and Benefits by Quintile Groups of non-retired Households 1977-2013
and
Average household income, UK: financial year ending 2021
Office for National Statistics
Note Using the Nationwide House Price Index to calculate house prices from income figures.

The ratio between average house prices and earnings has more than doubled from 3.4 in 1983 to 7.0 in 2022. Nationwide House Price Index
Nationwide Building Society
Note Earnings data is sourced from the ONS Annual Survey of Hours & Earnings (ASHE) and pre-1998 the New Earnings Survey (NES).
House price earnings ratios calculated as the ratio of Nationwide all properties house prices to mean gross earnings. Those in London have it even worse, rising from 4.0 to 11.7 over the same timespan.

House prices are rising faster than wages do, and have been doing so reliably for nearly forty years.

To cut a long and contentious story very short, bad monetary and fiscal policy are directly responsible for high inflation and low interest rates. This in turn leads people to save less as their time preference In economics, time preference is the current relative valuation placed on receiving a good or some cash at an earlier date compared with receiving it at a later date.
Wikipedia increases as money now is worth more than money in the future when a large part of it will have inflated away. Credit is cheap and easy, saving isn’t. So why bother saving? Current policy favours protecting those with exposure to credit (hint: people with mortgages, and the Government itself with mountains of debt and a colossal deficit) and not those looking to save for the future.

But of course it’s not just the struggle accumulate wealth that’s the problem. No, we don’t have one massive economic malaise at play here, but two.

The supply of housing does not nearly meet ever rising demand. Unless we build 340,000 or more homes a year, Housing supply requirements across Great Britain for low-income households and homeless people
Bramley, G.
Institute for Social Policy, Housing and Equalities Research
Heriot-Watt University
April 2019 this will continue to be the case. Schemes and initiatives like cajoling developers into building ‘affordable’ housing, Help to Buy, LISAs, First-Time Buyer Mortgages and Government House-Building targets (ha!) are just piss in the wind. You cannot defeat plain and simple economics: Supply shortages causes price levels to rise.

None of this is helped by the orthodoxy that the value of property should continue to go up in perpetuity so that those who already have it can continue to treat houses as an investment rather than a place to live. Or that interest rates can’t be allowed to go up because mortgage-havers couldn’t afford the increased payments. As a renter, I have limited sympathy. Paying ever increasing rent isn’t fun either!

I think I almost subscribe to something called the Housing Theory of Everything. Because almost everything is tied up in housing – If you’re spending so much of your cash on housing, if you’re not able to live near where you want to work, if you’re not able to have enough bedrooms – this feeds into the fertility crisis, the climate crisis, this feeds into the productivity crisis. Housing feeds into everything.

And until as a society we’re gown up enough to say that actually sometimes we need to suck it up and build some houses, and yes that might mean some more houses near where people live, and yes occasionally a field might need to be built on (Less than 2% of the country is built on with housing right now). Yes, we need to build. It’s a fact of life. It has to happen. And until politicians accept that fact, we’re going to be getting into a worse situation.

Tom Harwood
Question Time, BBC
9^th June 2022

So what am I supposed to do other than pray for a crash?

The Election That Cried Fraud

1F52B — Sun, 22 Nov 2020 00:00:00 +0000

Can anyone really fault the media apparatus in the United States and around the World for not taking the allegations of electoral fraud or misconduct being made by the Trump campaign and Republican bloc seriously?

For four years we have been conditioned to ignore or homeopathically distil President Trump’s every utterance. He is a pathological liar – this cannot be contested, even if you support him. He tells it how he sees it, in every moment and with no regard for how he may have previously seen it (even yesterday or an hour ago). What Trump says, like a good ol’ Bible verse, cannot be taken literally literally.

It should come as no surprise to team Trump that people have thus tuned your shit out. The archetypal boy that cried Wolf! is you. All but the most pro-Trump media outlets are not taking any allegations of misbehaviour, fraud or mistake seriously. The story being pursued is how outrageous and nefarious these claims of fraud themselves may be, not whether the claims actually have any merit.

Yes, in fairness, there are too many within the Media that harbour a thoroughly deranged, visceral hatred of Trump, and cannot see past this to the more troubling question of why, despite the President’s obvious deficiencies, Biden merely won this election by the skin of his teeth and Hillary lost hers.

Still, a word of warning – in a country as large and divided as America, it seems near-impossible that not even a single ballot was mishandled, slipped from sight or was even deliberately manipulated.

Do I think that the scale of any such ‘mishandlings’ has been enough to swing the election to Biden? No.

Do I think that there has been a nationwide conspiracy orchestrated by the Democrats or their proprietors to swing the election to Biden? No.

But the point remains, there is a story to be told here. The best outcome is that all allegations backed by evidence are brought before courts and judged on their merits. We must be prepared to accept that in some cases wrongdoing will be found. We should expect that in most cases it won’t be.

There are two opposing camps within America, both simultaneously believing they are witnessing an attempted coup d’etat by the other side. This is a precarious position to be in. Words like coup don’t even register with us – surely those things don’t happen here? Yet tens of thousands of Americans believe just that is happening right before their eyes.

The worst outcome is that all claims are dismissed out of hand, and evidence (or the lack thereof) is not properly examined, leaving a sizeable minority of the country believing that the election was stolen from them and that the justice system and media are complicit in the theft.

We must trust in the legal system, trust in due process. If there is no evidence, there is no evidence. If there is, we have a moral obligation to see that it is not quashed. It is much better that the election result be proven correct in a hundred courts in a dozen or more states, than the allegations are dismissed.

This will likely turn out to be Trump’s last great lie – but journalists and truth-seekers must prove it so, not assume it so.

The Kenosha Shooting

1F52B — Sun, 30 Aug 2020 00:00:00 +0000

On the evening of Sunday the 23^rd of August, a Kenosha Police Department officer shot and seriously injured Jacob Blake. This police shooting was captured on film and shared widely, and re-ignited much of the anger, civil unrest, protest and rioting seen in the wake of George Floyd’s death back in May of 2020.

Two days later, on Tuesday the 25^th of August during the third consecutive night of demonstrations and riots in the city, 17 year old Kyle Rittenhouse allegedly shot and killed Joseph D. Rosenbaum, 36, Anthony M. Huber, 26, shooting and injuring a third man, Gaige Paul Grosskreutz, also 26. Case № 2020CF000983
Criminal Complaint
State of Wisconsin (Plaintiff)
vs.
Kyle H. Rittenhouse (Defendant)
Filed 27^th August 2020
(PDF)

The media have tried to make sense of the incident, to contextualise, rationalise and summarise it – as is their mandate. However, many major outlets fail to do so objectively. Objective journalism seems to be a thing of the past, if it were ever a thing. What can be said for certain about this incident is that little is certain. We don’t know how the altercation that led to the shootings started. We don’t know who the initial aggressors were nor what motives people carried in to the incident. In trying to mould this story to fit a preconceived narrative, objectivity is lost and the characters in this tragedy are re-shaped to become players in a wider game.

Conservative, Progressive and Liberal voices across the board are guilty of this. The shooter, Kyle Rittenhouse, is being vilified by some as a domestic terrorist, vigilante, a white supremacist A 17 year old white supremacist domestic terrorist drove across state lines, armed with an AR 15.

He shot and killed 2 people who had assembled to affirm the value, dignity, and worth of Black lives.

Fix your damn headlines.
―
27^th August 2020
Ayanna Pressley
@AyannaPressley (Twitter)
Congresswoman (D) MA 7^th District
Note
Rittenhouse’s legal team’s statement claims the rifle was not brought across the state border from Illinois: The weapons were in Wisconsin and never crossed state lines.
28^th August 2020
Pierce Bainbridge P.C.
Legal Team Statement
Pierce Bainbridge Engaged to Represent 17-Year Old Kyle Rittenhouse (PDF) and a cold murderer who came to Kenosha with the intent to kill. Others choose to paint him as a poster boy for the second amendment, for the Boogaloo movement and as a patriot defending ordinary Americans and their property from an insurgent far-left Antifa. The same tinting is applied to those he shot. Were they victims and heroes? Or rioters, radical activists and thugs themselves? These are questions we simply don’t have a straight answer to. We won’t have an answer to many of these questions until Rittenhouse’s trial concludes, if ever.

So, this is an experiment in objectivity. Below is a presentation of fact, as sincere and without opinion as I can muster. If you consider it biased, say how and I will correct it. Further sources and details are most welcome. It irritates me that it’s considered acceptable to write articles claiming to present fact without citing and linking any sources. Hopefully the considerable effort I’ve made here to annotate and link to sources is satisfactory, but anywhere a source is missing I’d be happy to add one if you can provide it, or remove the claim. I’ll not repeatedly link to the same source again, though, so please check all sources before calling me out.

Only once the facts are presented unmolested should we then draw our conclusions. Finding such a presentation of fact is increasingly difficult, as evidence – videos, images – are removed from social media and sharing sites for violating policies against graphic depictions of violence. This can leave you with little unadulterated evidence left to look at.

Ask yourself, what was your instinctive verdict about what happened in Kenosha? Have you changed your opinion since? Are those around you trying to discover the truth, or are they instead trying to brow-beat others in to conceding that their narrative is correct? Truth is singular. Its versions are mis-truths.

Background

From Left-to-Right, Top-to-Bottom: Kyle Rittenhouse, Joseph Rosenbaum, Anthony Huber, and Gaige Grosskreutz.

The incident unfolded as two separate shootings a minute or so apart, some hundred or so metres from each-other. Kenosha riot shootings as they happened
26^th August 2020
/c/Insubordination, Liveleak Kyle Rittenhouse is attending the scene of the demonstrations It’s hard to find an objective word for what was happening. Riot, demonstration, protest, disturbance and gathering all entail an opinion about legitimacy and legality. I’ll use demonstration and protest absent better words. from out of state, with a small group of loosely organized armed individuals. He lives nearby, some 20 miles away in Antioch, Illinois, and works as a community lifeguard in Kenosha. He is wearing a khaki-green T-shirt, a white cap and blue medical gloves. He’s carrying a medical kit, and is armed with a black Smith & Wesson AR-15 pattern semi-automatic rifle Criminal Complaint, State of Wisconsin vs. Kyle H. Rittenhouse
Note
It’s a whole separate topic but no, this AR-15 is not an assault rifle because it is not select fire, meaning it cannot fire in an automatic mode. One bullet is fired per trigger pull. chambered in .223 with a sling. He doesn’t appear to be carrying a sidearm or further ammunition besides the one standard capacity 30 round magazine visible in the rifle’s magazine well.

There are burned out cars and buildings near the area where the incident took place, from rioting that occurred a night or so ago. On the ground in Kenosha, WI for @townhallcom
24^th August 2020
Julio Rosas @Julio_Rosas11 (Twitter) Many businesses and homes have been boarded up, and Graffiti is sprayed on the street, cars and buildings, including the Kenosha County Courthouse. Some cars have had their windows and lights broken, garbage cans have been set alight or overturned, and many street lamps have been pulled down.

A thin crowd of demonstrators have gathered, with police nearby in armoured vehicles and patrol cars, forming a loose perimeter around them. In response to the previous nights of unrest, a city-wide curfew from 8 PM to 7 AM has been imposed. County wide emergency curfew in effect until 7 a.m. Monday, Aug. 24 (Archive)
23^rd August 2020
Kenosha County Government
Tuesday evening, Aug. 25, Statement from Kenosha County Sheriff David Beth (Archive)
25^th August 2020
Kenosha County Government

There are a lot of firearms visible at the demonstration. The group Rittenhouse is with almost all have long guns or shotguns. Some have sidearms too, and may protesters can be seen with handguns, some holstered and some drawn. Fireworks and fire crackers are being set off frequently, so people don’t seem to presume to hear gunfire when loud bangs ring out.

Kyle is seen on camera multiple times in the hours leading up to the shootings. He is pictured at one point earlier during the day helping to clean graffiti from a wall. Rittenhouse and his group are in-amongst the demonstrators for an extended period of time, and initially it seems there is little tension between the armed group and the other demonstrators. Suspected teen gunman Kyle Rittenhouse spotted cleaning Kenosha graffiti before shooting (Archive)
26^th August 2020
New York Post
What we know about accused Kenosha gunman Kyle Rittenhouse (Archive)
27^th August 2020
New York Post Some groups seem intent on starting fires, breaking windows, fighting and damaging property. Both the armed group and most other demonstrators are seen discouraging this, and keep their distance from these agitators, which multiple streamers label as Antifa.

Rittenhouse tells The Daily Caller’s livestream that our job is to protect this business, and part of my job is also to help people. […] That’s why I have my rifle because I’ve got to protect myself, but I’ve also got my med kit. Alleged Kenosha Shooter Spoke With Daily Caller Before Fatal Incident (YouTube)
27^th August 2020
The Daily Caller

In the Daily Caller clip one man is heard alleging Rittenhouse brandished his rifle at someone jumping on a car earlier in the night. There isn’t evidence to suggest this confrontation is connected to the shootings that follow later, if it happened. Rittenhouse is seen in further clips offering medical support to protesters and guarding businesses alongside the armed group, some of whom are standing on the rooftops.

Left: Footage Credit The Daily Caller
Note that this clip has post-shooting footage cut in with it.

It’s not clear how this armed group organised and planned their attendance, and what all their motives for doing so were. We don’t know how closely Rittenhouse is associated with this group.

Some sources are alleging Rittenhouse was following or participated in a now-removed Facebook page called Kenosha Guard Facebook takes down ‘call to arms’ event after two shot dead in Kenosha
26^th August 2020
The Verge
Also
Kyle Rittenhouse: Who is US teen accused of Kenosha Wisconsin protest murders?
27^th August 2020
BBC News that issued a call to arms for its members. The group advertised a meeting place of 900, 57^th Street, 900, 57^th Street, Kenosha WI (Google Maps)
(42.583977, -87.823742) only half a mile north of where the shootings occurred. As the page has since been deleted by Facebook, not all of this cannot be verified, however Facebook stated to The Verge that they have not found any evidence that Rittenhouse was invited to the Facebook event or followed the page. There is no evidence that the armed group seen in footage from the scene is actually the same so-called Kenosha Guard.

One man in the armed group can be seen wearing a yellow shirt with a Libertarian party Porcupine emblem on it. Another is seen wearing a different Libertarian T-shirt. There’s no footage or other evidence in which the group self-identify as Boogaloo militia, though this label has been used widely for the group. When asked, one said he simply identified as an armed citizen. The man in yellow can be heard saying to the protesters As-long-as you fuck with the government and not each-other we are with you. No lives can matter until black lives matter.

Left: Footage Credit (unknown)

The group are initially well received by the protesters, and express their support for the protest under the condition it remains peaceful and non-destructive. Some time later, a clip shows the armed group and some protesters starting to argue and shout after a dumpster on fire was put out, Source: Drew Hernandez @livesmattershow (Twitter) and as the armed group blocks the protesters from advancing into an Ultimate gas station. Rosenbaum appears to be one of the people pushing the lit dumpster before it is extinguished. A piece of debris is thrown at them from the crowd. Rittenhouse can’t be seen at the gas station, but he seems to be heard in the background nearby offering medical support.

One of the demonstrators, wearing a red T-shirt with a black pocket and blue denim shorts is heard shouting Shoot me nigga! Bust on me nigga, for real! Source Julio Rosas @Julio_Rosas11 (Twitter)
And
Source Drew Hernandez @livesmattershow (Twitter) and behaving confrontationally towards the armed group. He has been widely identified as Rosenbaum, though this has not been verified by an official source. The situation is diffused by members of both groups trying to calm things down. Rosenbaum can be seen carrying a plastic bag at the station.

Grosskreutz and Huber can also be seen in footage from the gas station, though they are just watching or filming the events. Source: The Daily Caller EXCLUSIVE: The Deadly Third Night Of Kenosha Riots (YouTube) Other than a few brief flare-ups and scuffles, the mood is generally calm, with most people standing about.

On social media, Rittenhouse associated himself with the Blue Lives Matter movement, the Thin Blue Line, and was a member of the Grayslake PD Police Cadets. He has expressed support for President Trump and appears to have attended a Trump rally in Iowa in January of 2020. Kyle Rittenhouse, Accused Kenosha Shooter, Posted TikTok Video From Trump Rally
27^th August 2020
Heavy There is no evidence whatsoever that his politics strayed in to white supremacy, that he supported or associated with violent counter-protest groups like the so-called Proud Boys, or supported the instigation of violence against protesters, BLM or Antifa.

Rosenbaum, Huber and Grosskreutz are all alleged to have a criminal history. Rosenbaum was allegedly a registered sex offender, and had open charges filed against him for battery and bail-jumping earlier in 2020. Case № 2020CM000836
State of Wisconsin vs. Joseph Don Rosenbaum
Class A Misd.: Battery (Domestic Abuse)
Class B Misd.: Disorderly Conduct (Domestic Abuse)
Filed 20^th July 2020
Also Case № 2020CM000903
And
Rosenbaum was a registered sex offender for a sex crime involving a minor.
27^th August 2020
Andy Ngô
@MrAndyNgo (Twitter) Huber has various convictions from 2012, 2015 and 2018 for possession of drug paraphernalia, domestic abuse including strangulation, suffocation, false-imprisonment, and use of a dangerous weapon. Case № 2012CF001346
State of Wisconsin vs. Anthony M. Huber
Felony H: Strangulation and Suffocation (Domestic Abuse). Guilty due to Guilty plea
Felony H: False Imprisonment (Domestic Abuse, Use of a Dangerous Weapon). Guilty due to Guilty plea
Filed 7^th December 2012
Also Case № 2018CM000509
Also Case № 2015FO000392 Grosskreutz has a conviction for firearm possession while intoxicated. Case № 2016CM001014
State of Wisconsin vs. Gaige P Grosskreutz
Class A Misd.: Go Armed with Firearm While Intoxicated. Guilty due to Guilty plea
Filed 22^nd April 2016 It is unclear whether this conviction included a ban on him possessing a firearm and whether that ban is still in effect. Rittenhouse has two outstanding traffic violations from 2020 filed against him.

All four people involved lived nearby. Rosenbaum was a Kenosha resident, and Huber lived in Silver Lake WI, 20 miles from Kenosha. Grosskreutz is a resident of West Allis WI, 43 miles away. Anthony Huber, 26, identified by loved ones as man killed in Kenosha unrest
26^th August 2020
CBS 58
And
Gaige Grosskreutz, wounded in Tuesday night shooting in Kenosha, will need arm surgery
27^th August 2020
Chicago Sun Times

It is worth remembering that Rittenhouse’s background, and those of the three individuals that were shot are not relevant to the question of whether Rittenhouse was acting in self-defence.

The Shooting

The first shooting occurred on the intersection of 63^rd Street and Sheridan Road at 23:46. Source for time of shootings: NYT Journalist Christiaan Triebert @trbrtc (Twitter)
And
Criminal Complaint, State of Wisconsin vs. Kyle H. Rittenhouse
Location determined from footage and criminal complaint: 6226 Sheridan Road, WI 53143 (Google Maps)
(42.578137, -87.821884) Rittenhouse can be seen running from the man identified as Joseph Rosenbaum, who is shirtless and wearing his red T-shirt as a bandanna. EVERY VIDEO OF KYLE RITTENHOUSE KENOSHA SHOOTING (LiveLeak/YouTube)
26^th August 2020
/c/someaussiedude, Liveleak Rosenbaum is in-turn being followed by a man wearing a black T-shirt and helmet. This man in black is identified by police and others as Richard ‘Richie’ McGinnis, a reporter affiliated with The Daily Caller. I interviewed the alleged shooter before the violence started
26^th August 2020
Richard McGinnis @RichieMcGinnis (Twitter)

Rittenhouse is pursued across a well-lit parking lot for some 50 or so metres. Rosenbaum throws what looks like a plastic bag at Rittenhouse as they both run – some sources claim this was a Molotov cocktail that failed to ignite, but there’s no evidence that supports this assertion.

Whatever was thrown misses or does no harm. A second or so after the item was thrown, Rittenhouse stops running, turns and fires four shots in quick succession at Rosenbaum. Rosenbaum drops to the ground, and is pictured bleeding from a head wound, his left hand and his chest. Later, wounds on his back and left buttock are visible as he’s being carried to the back of a car. Kenosha demonstrators carry protester who was allegedly shot in head (Odysee)
26^th August 2020
/c/NewsFlare, Liveleak An hour after being shot, Rosenbaum is pronounced dead at a Hospital, time of death 12:47 am. The autopsy report indicates that Rosenbaum suffered five gunshot wounds:

Rosenbaum had a gunshot wound to the right groin which fractured his pelvis, a gunshot wound to the back which perforated his right lung and liver, a gunshot wound to the left hand, a superficial gunshot wound to his lateral left thigh, and a graze gunshot wound to the right side of his forehead.

Criminal Complaint, State of Wisconsin vs. Kyle H. Rittenhouse p. 5

Left: Footage Credit (unknown)
See also
Extended Cut (Odysee) of this footage which contains the aftermath of the first shooting, and in which the second shooting can be heard.

There is no close and clear footage of the first shooting, though it appears that not all shots fired came from Kyle’s rifle. One shot is heard first as Rosenbaum continues to give chase, followed a heartbeat later with four shots in quick succession. Another burst of three shots follow a second or so later.

Rittenhouse seems to have his back to Rosenbaum when the first shot is heard, but has turned to face him and has shouldered his rifle by the time the burst of four is heard. Similarly for the final burst of three shots, Rittenhouse has a parked car between him and Joseph, who is now lying on the ground, and is facing in the wrong direction to fire at him again, and moving away from him. The statement from Rittenhouse’s legal team says Upon the sound of a gunshot behind him, Kyle turned and was immediately faced with an attacker lunging towards him and reaching for his rifle. Legal Team Statement – Pierce Bainbridge Engaged to Represent 17-Year Old Kyle Rittenhouse

It is plausible, though still unproven, that someone else also fired to account for the first and final three shots. In the statement he gave to police, McGinnis refers to an unknown man in this thirties who stated he was there to protect Rittenhouse, though doesn’t say this man was involved. McGinnis also alleges that Rosenbaum attempted to take control of Rittenhouse’s rifle. We can’t see if this is true from the available footage, or what role if any this ‘protector’ played.

The sound of the first and last bursts of gunfire seem different in character to the four we can be confident Rittenhouse took. A streamer is near the site of the second shooting when the first is heard. The four shots from Rittenhouse are further differentiated in sound from the others, as heard at this location.
Kenosha Wisconsin Night III - Facebook Feed (YouTube)
Mercado Media
Timestamp 3:39:58 McGinnis can be seen with his right arm outstretched when the shots are heard, but a handgun can’t be seen. A few seconds later he’s pictured holding a cellphone with the camera app open in his left hand as he tends to Rosenbaum lying on the ground, so it is most likely that he was holding the camera outstretched prior-to the shooting. No footage identifiably from McGinnis’ camera seems to have appeared online.

Some sources, notably the NYT, Tracking the Suspect in the Fatal Kenosha Shootings (Archive)
27^th August 2020
The New York Times
Above, image highlighting what the NYT are identifying as Handgun muzzle flash, saying An unknown gunman fires into the air, though it’s unclear why. The weapon’s muzzle flash appears in footage filmed at the scene.. Rosenbaum is labeled as Lunging man. are claiming to identify muzzle flash from a second unidentified shooter in the left of the frame in the second angle filmed by Hernandez (See: Below). They and others believe that a handgun was fired into the air as the first shot, rather than at a person. This would be consistent with the difference in sound between the shots, and with Rittenhouse’s legal team’s statement. While he is being pursued, an unknown gunman fires the first shot into the air. The NYT claim is that is the same shot as the handgun flash allegedly visible above, but the relative perspectives of the two pieces of footage make that very unlikely.
Christian Triebert
@trbrtc (Twitter)

There’s little detail on what started the confrontation and chase between Rittenhouse and Rosenbaum. In the Criminal Complaint against Rittenhouse, some information from the police interview with McGinnis is given. He says as the defendant was walking Rosenbaum was trying to get closer to the defendant. When Rosenbaum advanced, the defendant did a juke move and started running. McGinnis stated that there were other people that were moving very quickly. McGinnis stated that they were moving towards the defendant. McGinnis said that according to what he saw the defendant was trying to evade these individuals. (The defendant here being Rittenhouse)

Rittenhouse and McGinnis approach the injured Rosenbaum lying on the ground, with McGinnis taking off his helmet then shirt, using it to apply pressure to the head wound. Rittenhouse is seen taking out his phone, widely claimed as proof that he is calling an ambulance or the police, but the Criminal Complaint cites witness Dominic Black who states that he was the recipient of the call in which Rittenhouse stated I just killed somebody. Kyle runs back in the direction he originally came from when members of the crowd point him out, shout Get that motherfucker! He just shot someone! Stop him! and give chase. McGinnis stays with Rosenbaum as others also approach to offer aid.

Left: Footage Credit Drew Hernandez
@livesmattershow (Twitter)
Note This footage has been mis-attributed to Richard McGinnis / The Daily Caller by some sources.

In the second shooting, four shots are fired by Rittenhouse about one and a half minutes later, 23:51 local time, within a hundred metres of the first incident. Location determined from footage and criminal complaint: 6093-6083 WI-32 (Google Maps)
(42.579661, -87.821513) This exact number of shots is again not certain, though the footage is clearer. Rittenhouse is being perused by a group of men, and appears to be punched by one before falling to the ground. He shoulders his rife, which deters one man from attacking him. Another takes a run-up to jump and kick Rittenhouse, and the first and second shots are taken at this man. It appears both shots miss as he then runs out of frame seemingly unharmed.

Another man wearing a black hoodie and clue cap closes on Rittenhouse and swings a skateboard at him, hitting him on the left side of his head or shoulder. This man is identified as Anthony Huber. Huber appears to try and gain control of Rittenhouse’s rifle, grasping the fore-grip. Rittenhouse fires a second shot from the ground up at Huber, which hits him in the chest. He stumbles a few metres before collapsing, pictured clutching at his chest. Huber is the second fatality.

A third man runs in to frame quickly, but pauses a metre or so from Rittenhouse and dicks as the shot at Huber is taken. This third man is Grosskreutz. Initially he makes eye contact with Rittenhouse with his hands held up surrendering, a Glock handgun drawn and visible in his right hand. Rittenhouse is still on the ground, and hesitates. Some claim that he clears a malfunction with his rifle, as he appears to tilt it to the left and move his right hand from the trigger grip. Grosskreutz brings his hands down and fumbles, stepping towards Rittenhouse. It’s not clear if he takes aim at Kyle with the handgun. Rittenhouse fires up at him, striking him above the right elbow taking a large chunk of his right bicep off. He turns withdraws after being shot, coming to his knees on the sidewalk nearby yelling for a medic.

Two other members of the armed group and a livestreamer render aid to Grosskreutz, assisting with the application of a tourniquet to his right arm. Eyewitness says he saw armed civilian discharging firearm in Kenosha (LiveLeak)
26^th August 2020
/c/NewsFlare, Liveleak Both armed men are wearing olive green or khaki tactical vests. One is a tall, slim man in olive green, and the other a shorter large man in black. They can be seen in the still image with Grosskreutz in below.

Left: Footage Credit Brendan Gutenschwager
@BGOnTheScene (Twitter)

A few seconds later, a further eight bangs can be heard, but they don’t come from Rittenhouse or particularly close to him as he and those around him don’t react defensively to seek cover. He turns and briefly shoulders his rifle in response, but lowers it again without firing.

Rittenhouse is then seen running towards a group of police vehicles with his hands up, as the vehicles start moving towards the scene of the shooting. The police don’t seem interested in him despite shouts from the crowd, proceeding towards the injured to load Huber into onf of the armoured police vehicles.

Top: Images depicting the second shooting, showing Anthony Huber (foreground, right, with skateboard), Gaige Paul Grosskreutz (left and back) and Kyle Rittenhouse (on the ground).
Below, Left: Huber collapses as Grosskreutz is shot.
Below, Right: Gaige Paul Grosskreutz’s injuries, some moments later. The two assisting him, right of frame are members of the armed group, not police.
Note the Glock handgun visible in his right hand before and after being shot.
Credit: Getty Images/Anadolu Agency, and @louriealex (Instagram)

The autopsy for Huber found a single gunshot wound as the cause of death:

Dr. Kelley indicated that Huber had a gunshot wound to his chest that perforated his heart, aorta, pulmonary artery, and right lung.

Criminal Complaint, State of Wisconsin vs. Kyle H. Rittenhouse p. 5

Presumably all three people that were shot were taken to the ER at the Kenosha Medical Center, across the street from the site of the first shooting.

We don’t know how many of those involved in the second shooting witnessed the first shooting involving Rosenbaum. Huber and Grosskreutz can’t be identified in footage of the first shooting, but come from the same direction as Kyle. They may have believed Rittenhouse had fired upon demonstrators without provocation, and that they were justified in attacking him.

The reporter from Mercado Media is confused as-to who the first shooter was, despite being positioned in-between the two incidents and seeing Rittenhouse run past him. He thinks Rittenhouse was falsely identified as the first shooter, though is later corrected. A friend of Grosskreutz, Jacob Marshall allegedly quotes Grosskreutz […] Friend says [Grosskreutz] regrets not being able to kill [Rittenhouse]
27^th August 2020
Andy Ngô
@MrAndyNgo (Twitter)
as later saying his only regret was not killing the kid and hesitating to pull the gun before emptying the entire mag into him. While a purported screen-shot of this Facebook comment exists, it cannot be properly authenticated as this comment is not public on his Facebook page, and the quote cannot be confirmed as coming from Grosskreutz.

Aftermath

Kyle Rittenhouse has been charged by the Kenosha County District Attorney with two counts of first-degree intentional homicide and use of a dangerous weapon, and one count of attempted first-degree homicide through the use of a dangerous weapon. He is also charged with recklessly endangering the safety of McGinnis, and possession of a dangerous weapon by a person under the age of 18. Criminal Complaint, State of Wisconsin vs. Kyle H. Rittenhouse Irrespective of whether he is found guilty of illegal possession or recklessly endangering McGinnis, he does not forfeit his right to self defence because the weapon was carried illegally. Similarly, Grosskreutz does not forfeit his right to self-defence if found to be illegally possessing his handgun.

Rittenhouse was arrested in Antioch, Illinois at his mother’s address. This implies he was able to leave the scene unaccosted. His legal team is a claiming he shot in self defence. No comment was made on the charge of illegal possession of the rifle, nor on the charge of recklessly endangering safety.

It is unlikely that this case will be simple to resolve. Attempting to flee from his assailants rather than retaliate immediately will stand in his favour and not against him, as this positions him as a non-aggressor and seeking non-lethal resolution before resorting to force. It is not legal to use deadly force to protect property in Wisconsin, which arguably undermines his justification for carrying in the first place. Deadly force can only be used in self-defence if it is required to avoid death or great bodily harm. There is no duty to retreat, unless you are the initial aggressor. To convict him of first-degree murder the prosecution will have to show that he either came to the area with the pre-meditated intent to kill someone, or that he fired upon one of the two men that died when they did not present a clear and present threat to him.

Because he is 17 years old, Rittenhouse faces a charge of a Class A misdemeanour for possessing or going armed with a firearm under the age of 18. 948.60(2)(a)
Any person under 18 years of age who possesses or goes armed with a dangerous weapon is guilty of a Class A misdemeanour.
This carries a maximum sentence of 9 months imprisonment and a fine of $10,000.
Wisconsin State Statutes, 948.60(2)(a) An exemption is made if the weapon is neither a short-barreled rifle, nor a short-barreled shotgun, and the person has a certificate of accomplishment. 948.60(3)(c)
This section applies only to a person under 18 years of age who possesses or is armed with a rifle or a shotgun if the person is in violation of s. 941.28 or is not in compliance with ss. 29.304 and 29.593.[…]
Wisconsin State Statutes, 948.60(2)(a) From the description given of the rifle by the Criminal Complaint, it does not appear to be a SBR. We don’t know if Rittenhouse has the required certificate or if this section will apply to this case, as this exception is designed to enable hunting use of firearms, not self-defence. In any case, the precise interpretation of these statutes is uncertain.

There do not appear to be any further charges connected to this incident at this time. Grosskreutz, who was shot through the arm, may face charges as he was in possession of and brandished a handgun during the incident. His prior firearms conviction purportedly excludes him from possessing a firearm.

Law enforcement have not indicated that anyone else is currently wanted for questioning or arrest in connection with these shootings. Kenosha PD Detective Bureau have appealed for further witnesses to come forwars and any footage of the incident to be provided, contact 262-605-5203 (or anonymously at 262-656-7333)

Hong Kong

1F52B — Thu, 23 Jul 2020 00:00:00 +0000

On the 30^th of June, Beijing forced upon the people of Hong Kong a despotic law under the guise of ensuring National Security. This law strips Hong Kong of the precious autonomy and freedoms that have stood it apart from communist China since 1949. One country, two systems no-more.

This is a decisive blow, and all-but-surely ends the hope that democracy and liberalism were in Hong Kong’s near future. To speak of independence is to break this law. To subvert the power of the Chinese Central Government is to break this law. To collude with foreign forces is to break this law. To do these things anywhere in the world is to break this law. Well, to hell with that. Hong Kong of a right ought to be a free and independent state. Sentence me to life imprisonment. Lock me up. And screw the anthem too. Hong Kong protesters hold banned Tiananmen vigil as anthem law is passed
The Guardian
4^th June 2020

The imposition of this National Security Law is a flagrant breach of the Joint Declaration between China and the United Kingdom, agreed at the handover in 1997. Not that China cares – the law comes in to effect on the anniversary of the handover, a deliberate slight aimed at the UK and Hong Kong’s democrats. The old guarantees of freedom and autonomy agreed in said declaration have been discarded, declared to no-longer have any practical significance by the Chinese state’s talking heads. China says Sino-British Joint Declaration on Hong Kong no longer has meaning
Reuters
30^{th June 2017} The few shreds of legal and political autonomy left to Hong Kong are merely there to dress the windows. This law criminalises whatever speech, protest and political activity the Chinese Central Government wishes it to, and strips Hong Kong’s judiciary of its independence. Further repression will follow shortly.

It’s hard to see what else we could have expected to happen once the prescribed fifty year transition period came to an end. In the giddy days of the late nineties, with the Berlin wall peacefully pulled down, the Soviet Union in tatters and some even being so bold as to proclaim The End of History The End of History and The Last Man
Francis Kukuyama
Published 1992
ISBN 978-0-02-910975-5 , perhaps naïveté set in and we though fifty years would be enough to see off communism in China too? Or that China in her benevolence would deign to grant Hong Kong perpetual autonomy? Certainly seems naïve in hindsight. China is a rather different beast to the Soviet Union, and learnt its lessons.

Many of the fiercest champions of Liberalism in Hong Kong have been the young. University students, even High-School students have joined and led protests and movements in defiance against China. They have fought for a vision of Hong Kong that is truly free. They have bled and died for the rights of Hong Kongers, yet many of them are too young to have been born before 1997, and thus don’t qualify for BNO status. The path to British Citizenship ought to be extended to them too.

Nathan Law 羅冠聰, Agnes Chow 周庭, Jeffrey Ngo 敖卓軒 and Joshua Wong 黃之鋒 are figureheads of Hong Kong’s struggle for democracy best known for their central roles in the Occupy movement and the Umbrella revolution of 2014. The passing of this National Security Law has compelled them to disband and resign-from the pro-democracy party Demosistō 香港眾志 fearing the group would be immediately targeted if they did not do so. Hong Kong national security law: future of city’s localist movement hangs in balance as groups disband, activists quit or flee city
South China Morning Post
30^th June 2020 Under this new law, they cannot continue to operate without fear of arrest, imprisonment without trial, and the very real possibility of torture Hong Kong: Arbitrary arrests, brutal beatings and torture in police detention revealed
Amnesty International
19^th September 2019
–
Simon Cheng: Former UK consulate worker says he was tortured in China
BBC
20^th November 2019
–
For the Record: An Enemy of the State 紀錄：國家的敵人 (Facebook)
Simon Cheng
19^th November 2019
on the mainland. Nathan Law has left Hong Kong to continue campaign for democracy and the rights of Hong Kongers from London in exile.

The olive-branch extended by the UK’s Foreign Secretary National security legislation in Hong Kong: Foreign Secretary’s statement in Parliament
Statement, Dominic Raab, Foreign Secretary
1^st July 2020 giving a route to British citizenship for all Hong Kongers with British National Overseas status is just the beginning of our moral responsibility to Hong Kong. We cannot kid ourselves that this is nearly enough, nor more than a triumph in defeat, a Dunkirk moment. Hong Kong as we know it is lost if Hong Kongers’ only hope is to flee to lifeboat Britain.

Weakness from the West, the failure to meet continuous, creeping transgressions with a substantial response are signals to China that she may continue her campaign of repression without fear of reproach. We must shake our habitual underestimation of the Chinese Communist’s sense of purpose and very real intent to do as they say they will.

China is not operating on a level where she much cares for multilateral political declarations of concern UN Human Rights Council 44: Cross-regional statement on Hong Kong and Xinjiang
UK Government
30^th June 2020 and stuffy diplomatic denouncements of her actions – these are seen in Beijing as nothing more than limp pooh-poohs. Of course they’re always met with feigned-offence and reciprocal denunciation from the Chinese, but we would be fools to take this as evidence that we hit the mark. It comes as no surprise that the joint statement made to the UN Human Rights Council against the National Security Law and the grotesque abuse of Uyghurs in Xinjiang that was delivered by the UK’s ambassador, co-signed by twenty-four other nations was genteel instead of unequivocally damning. Sure, it’s better than nothing, but how many more times can we express our deep concern?! Only retaliation that actually hurts might cause China to change tack.

The United States are leading the imposition of economic sanctions against China. Hong Kong: US passes sanctions as nations condemn new law
BBC
2^nd July 2020 Hong Kong enjoys special customs and tax treatment from many different countries – unlike the mainland, and nearby sprawling industrial cities of Shenzhen and Guangzhou. Much of these cities’ exports, and a great deal of Chinese trade passes through Hong Kong’s markets and ports on its way to the rest of the world, and these sanctions threaten to stem that flow. HSBC, Swire, and other big businesses based in Hong Kong will be hit hard by these US sanctions – despite expressing support China has HSBC’s taipan in a vice with few options but to fall in line with the security law for Hong Kong in the bank’s biggest market
South China Morning Post
4^th July 2020 for the new National Security law.

The UK must now follow suit, and impose so-called Magnitsky sanctions of its own. The discomfort over Huawei’s involvement isn’t the UK’s 5G network has redoubled and the subsequent government U-turn was inevitable. Frankly it would have been some kind of sick joke to allow Huawei to saunter in and sell millions of pounds worth of equipment to the UK’s network providers now.

The Chinese regime’s drive to invest Chinese money overseas and win business for state-backed companies is a strategic move as much as it is economic. A hermit kingdom cannot threaten to impose sanctions of its own – but a global economic power can. Australia knows this too well, stuck between a hard place and the rocks they need to sell to power China and their own economy. China is Australia’s largest trading partner, sucking in vast quantities of Australia’s coal and other natural resources. This interdependence is a clear example of how the global trade and cooperation that has led to astounding growth and international peace worldwide in the latter half of the twentieth century also engenders a dependence on another for trade and commerce that dulls the edge of our diplomatic swords. Beijing’s intimidation of Australia over its independent inquiry on the origin of coronavirus and the subsequent large-scale sophisticated cyberattacks Government urged to name and shame countries launching cyber attacks
Sydney Morning Herald
21^st July 2020
–
China’s cyber attacks against Australia should be of great concern
Canberra Times
23^rd June 2020
–
Cyber attack in Australia: China the chief suspect behind attack
News.com.au
19^th June 2020
executed from China are now the expected consequences of pointing a finger in China’s direction and wagging it.

We have grown accustomed to the USA being unchallenged in its ability to project power globally, but it China has every intention of developing a long reach of its own. It is China’s publicly stated policy to absorb Taiwan by 2049. Territorial aspirations towards Taiwan, the South China Sea, Kashmir and Tibet must be taken seriously. In the modern post-colonial West, the mindset of territorial expansion and duty to the motherland may seem comical, a relic of the past to be scoffed at. But to China these are very real and serious ambitions, and Beijing is a skilled player in this long game.

China has made her intentions clear – and so must we. Our ultimate goal can be no less than the destruction of the Chinese Communist Party, the end of dictatorship in China, and the advent of liberalism, freedom and democracy for the Chinese people. Nothing less is acceptable, and anything less would deny over a billion people the right to self-determination – or did we not really mean it when we added that right to the United Nations Charter? This annexation of Hong Kong, the genocide currently being pursued against millions of Uighurs, and the Tiananmen Square massacre of 1989 are among the myriad crimes that China must answer for, however long it takes.

The liberal world rightfully doesn’t want to be drawn in to a new game of global power plays, conquest and military might. The past centuries have been a painful experience of just that, and need no repeating. Yet we are already past the point of averting a new Cold War with China. We’re in it already. The question now is whether we will continue appeasement, to think mere pieces of paper can guarantee peace in our time – or if we learnt that lesson in the 1930s.

Fight, for freedom. Stand with Hong Kong.

香港加油

Contact Tracing

1F52B — Mon, 27 Apr 2020 00:00:00 +0000

A government backed contact tracing app may seem innocuous, but it presents one of the greatest threats to civil liberties and privacy seen in recent years. Dramatic, I know, but possible.

Irrespective of whatever opinions you may hold on Apple and Google, the model they propose Apple and Google partner on COVID-19 contact tracing technology
10^th April 2020
Apple.com for building such a contact tracking app is out in the open and free to be scrutinised. And, it stands up to scrutiny. Apple and Google’s COVID-19 Exposure Notification API: Questions and Answers
28^th April 2020
EFF (Electronic Frontier Foundation)
While the EFF do raise legitimate privacy concerns around susceptibility to linkage attacks, these ought to be reasonably simple to address and are not fundamental flaws in the design of the system.

It is decentralised, meaning there isn’t a datacenter or server anywhere in the world that stores the sensitive data collected by the app; all of it would be broken in to as many pieces as there are users, and all the data about you – where you’ve been, who you’ve seen – would stay on your phone.

The way it works is reasonably simple: Your phone would generate a random, anonymised ID for itself when you download the app, and then continuously tick away in the background on your device, simultaneously broadcasting its ID and remembering all the random anonymous IDs of all the other phones that come in to Bluetooth range. It’d store these contact records for some time, probably a week or two.

If you fall ill with coronavirus, only then would your anonymous ID be uploaded to a daily list of infected IDs. Everyone’s phone then downloads that list, and if it sees an ID on it that it remembers coming in to range with earlier, then it’ll tell you to self-isolate. Note that your phone hasn’t handed you in to the authorities – they don’t know that you’ve been advised to isolate as they haven’t got a copy of any contact data. If you (foolishly) ignore the instruction to isolate, there’s not going to be an officer from the Stasi coming to knock on your door.

This model for contact tracing is robust against a bad actor looking to get at an incredibly valuable & sensitive dataset – the movement history, social network and whereabouts of every single person that has the app are all derivable from this dataset, especially once the lockdown begins to ease and we slowly return to normalcy. If the app is decentralised, that kind of hack and access to private data is simply impossible, because such an aggregated dataset doesn’t exist.

Depending on what regard you hold the government in, substitute bad actor for government above.

This is not quite the model that has been accepted for use by the government. The imaginatively named NHSX “digital transformation arm” is developing an app Digital contact tracing: protecting the NHS and saving lives
24^th April 2020
NHSX, NHS, UK Government that takes a more centralised approach. Whereas in the decentralised model an infected person’s phone would just publish its own ID, with the NHS app an infected person’s phone will tell a server which IDs it has seen, and the server will then notify those users. A small change, but one with potentially huge ramifications.

In fact, those ramifications are severe enough that this architectural difference may be enough to prevent the app from ever working in the first place. NHS in standoff with Apple and Google over coronavirus tracing
14^th April 2020
The Guardian Apple, and to a lesser extent Google, already strictly limit when an app can use Bluetooth. On an iPhone, if your phone is locked or the app is only running in the background, it won’t be allowed to perform the constant listening out for nearby phones that’s required. Both Apple and Google have indicated that they’re only happy to relax these restrictions if strict guidelines respecting privacy Apple and Google have co-published technical documentation for the interface available for contact tracing apps:
Privacy-Preserving Contact Tracing Technical Documentation
April 2020
Apple.com and defeasing mass surveillance are met; in-effect, any tracing app that will work on their devices has to follow the model they’ve described.

While there are surely noble intentions behind the desire to get a copy of the contact data – it is true that it could be very valuable for epidemiological research – many of us no-longer trust heartfelt assurances that data will only be used for the proper purpose. James Clapper’s “least untruthful” statement to the Senate
12^th June 2013
The Washington Post
NSA Chief James Clapper lying under oath to the US Senate: does the NSA collect any type of data at all on millions or hundreds of millions of Americans? No, sir. Edward Snowden’s whistleblowing proved this statement to be a blatant lie. In the decentralised model, you are the sole custodian of your contact data, and are free to dispose of it as and when you choose. There is no need for trust because there is no data changing hands.

Attempts to address privacy concerns by promising to provide source code can only go so far. There’s never a guarantee of binary equivalence, Binary equivalence is a concept in computer security. Verifying binary equivalence is a hard problem, to verify that a given compiled executable is a correct and faithful compilation of a given source code, without having had any malicious code injected.
Here it is more loosely whether the source code provided is what is being run at all, with no sneaky extras, as the attacker and code owner are the same entity. and the infrastructure the app’s backend servers run on will still be behind closed doors – ultimately we’re back to relying on trust that isn’t there.

Privacy International have compiled a brief summary on the permissions and tracking technology used by the current NHS app, including third-party tracking codes that send telemetry to Microsoft and Google servers.
7^th May 2020

The NHS doesn’t have an impeccable record when it comes to cybersecurity, and in a borderline restatement of the Pope’s Catholicism, GCHQ doesn’t have an impeccable record when it comes to respecting privacy and right. Who could forget the WannaCry cyberattack that took out a large chunk of the NHS’s aged and undefended computing infrastructure in 2017? Government under pressure after NHS crippled in global cyber attack as weekend of chaos looms
13^th May 2017
The Telegraph

The success or failure of a contract tracing app will be determined solely by what proportion of the public are willing to use it. It’ll need around 60% of the population to do the trick– much less than that, and it’ll be a ineffective as the virus is transmitted to or from people with no traceable contact.

Sure, even if the app were made by Huawei and it’s terms and conditions included a requirement to sign away your first-born child, some would still see no problem with using it – after all “what’ve I got to hide?” and “who cares, my friends are on it!” But with serious concerns being raised about its lack of privacy and whether it’ll even work, all before the app is even released, surrounded by a lack of trust that the app will be used for contact tracing alone, how could we expect everyone to download and install it? I’m certainly not going to download and install it in it’s current form.

We need look no further than China (them again?!) where the data from apps like these fold in to state mechanisms for control, coercion and manipulation. None of this is to say that I suspect the government of having such malign intentions, but the damage is done once done, and our government isn’t the only one interested in our data. The point is, there’s clearly a better way to approach the problem, yet it isn’t the path that the government is taking. The lack of concern for protecting civil liberties, the lack of rule-of-law enthusiasm from the cabinet, associated SpAds and mandarins is deeply frustrating.

NHS won’t use Apple-Google approach to COVID-19 tracking
Engaget, 27^th April 2020

Coronavirus: Australians download COVIDSafe contact tracing app
BBC News, 26^th April 2020

Experts Respond to Government NHS App Rebuttal
Guido Fawkes, 6^th May 2020

UK starts to build second contact tracing app (Paywall)
Financial Times, 8^th May 2020

Labour’s Members are Making the Party Unelectable

1F52B — Sat, 08 Feb 2020 00:00:00 +0000

The Labour party elects a new leader using a cocktail of preferences and votes from different bodies of the party – the members, MPs (PLP), MEPs (EPLP), affiliated trade unions, constituency Labour parties (CLPs), and socialist societies. The Conservative party, on the other hand, selects its new leader by taking MP nominations, narrowing the field down to just two candidates using rapid exhaustive votes amongst MPs, and then throwing the final pair to a member’s vote.
This means any newly elected leader had the backing of at-least a largeish minority of their peers. Some recent Tory leadership elections have skipped the member’s vote after one of the final two stood down. This all makes for a rather convoluted and drawn-out process.

The Labour party may have set its leadership election rules this way with the aim of making the process maximally democratic, but in doing so have set themselves up for significant misery.

In 2016, Jeremy Corbyn lost a vote of no confidence in his leadership amongst Labour MPs, with 172 against votes to 40 in favour – a mere 18% share. Most leaders would see the writing on the wall, and have the humility to go. That’s of course not what happened. Corbyn retained the leadership. Given merely 40 of his MPs had confidence in him, it’s not a stretch to argue he couldn’t have even made the requisite 51 nominations from MPs and MEPs to be on the ballot. Alas, as the incumbent leader, he was given a pass by the NEC.

Astoundingly, when the question of Corbyn’s leadership was put to the Labour membership, they backed him with 61.8% of the vote, actually an increase over his 2015 share of 59.5%.

The thing is, it takes a lot to become an MP – hard work, an ability to sell yourself & front your party’s policies – it takes comparatively very little to become a member. To become an MP, you must put your money where your mouth is, have skin in the game, and stick at it. To become a member, you just sign up online and pay about £5 a month – so members needn’t be electable. Surely the MPs should have the lion’s share of the say?

The change from a MP-led leadership election process to a more membership-led process The Labour party was the first to change to this style of leadership election, following the recommendations of the Collins Report in 2014 and pressure from activist groups, who argued that MPs tended to pick centrist (some would say moderate, electable) candidates.
See more:
Corbyn as an organisational phenomenon
26^th January 2016
Constitution Unit
was perhaps the biggest factor that enabled Corbyn to get elected. A leader with only one in five of his colleagues supporting him at the despatch box was thus kept in place. The insurgent and radical support for Corbyn amongst the members in 2016, so flagrantly dismissive of the clear discontent the party’s MP’s had with Corbyn was perhaps a sign of things to come.

It’s worth pointing out too that Theresa May struggled with rebels within her party blocking the passage of her business, even though she had much more than a fifth of her MPs behind her Theresa May won a 12^th December 2018 confidence vote amongst Conservative MPs, taking 200 votes in favour to 117 against.
Theresa May no confidence vote result
13^th December 2018
The Telegraph – how could you possibly expect a Prime Minister to govern with so little support from their MPs? As Tom Watson, former Deputy Labour Leader put it as soon as the leader loses the confidence of the parliamentary party it’s almost impossible to see how you can form a government. Tom Watson: I quit because of Labour Brutality
27^th December 2019
The Guardian

A January 2020 poll by YouGov further suggests that the membership is riddled with obsessions over ideology rather than governing. Corbyn, the leader that has taken them to historic defeat, is nevertheless the most popular leader of the last century, topping Clement Attlee, founder of the hallowed NHS, Tony Blair, again the most electorally successful Labour leader ever and their last big election winner; and every other Labour PM from the last 100 years. Blair’s reputation in the party is so tarnished that Blairite has become a smear. 26% of Labour members didn’t even know enough about Clement Attlee to form an opinion! Imagine a fifth of Tories being ambivalent about Churchill or Thatcher!

The Labour party also gives its membership a key policy making role. Again unlike the Conservatives, whose front bench take ownership of the policy agenda, Labour’s manifesto commitments are decided by member’s votes at the party conference.

Remember the upset and chaos from the 2019 Labour party conference? Despite its support from many MPs and shadow ministers, the members rejected an outright remain policy, instead voting for what became Labour’s bewildering Brexit policy in the 2019 election: negotiate a new withdrawal deal (credible leave option ) and then have a second referendum pitting this new deal against remain, all the while being unclear as-to which way Labour would then campaign… This is but one example that shows this uncomfortable divide.

Sir Keir Starmer, shadow Brexit secretary and now runner for the 2020 Labour leadership had this to say:

So we have made progress but I was disappointed by the outcome. The party and the unions have taken a different views on this, and I agree with Unison on this, and that’s why I’ve said what I had about campaigning for remain. But it is important for me to respect both sides, and I have faithfully tried to do that over three years, but do I think we should campaign for remain? Yes I do.

Sir Keir Starmer
23^rd September 2019
BBC Newsnight (YouTube)

How is a Labour MP or shadow minister supposed to convincingly argue for policies they didn’t choose and wouldn’t have devised themselves? How can you expect the electorate to trust them to be implemented? You can almost see the lack of conviction in their faces when the BBC’s Andrew Neil has them bent over a barrel, trying to justify the nonsense.

Many MPs and canvassers have blamed this Brexit policy, second only to Corbyn’s leadership, as the reason they lost so decisively in the December 2019 general election.

After the Conservatives won a stonking majority and Labour saw historic defeat in the election, Corbyn is finally on the way out. In the immediate aftermath, the rage emanating from some Labour MPs and activists was palpable – they know who lost this election for them. For others, it was anything but dear Jeremy to blame.

I believe the Labour members have just as big a responsibility to listen to the voters as me. And what I would say to Jeremy Corbyn and his apologists […] is that they had everything they wanted in this election. They had the the leader they wanted, the NEC they wanted, the manifesto they wanted, the Brexit policy they wanted, the political strategy they wanted, and having sacked loads of people in head office, the executive leadership that they wanted too.

The one thing they didn’t have, was the support of the British people. […]

It’s time we started listening to voters. […]

I said to Jeremy what people are saying about you in the tea room, but won’t say to your face is that you’re a bigger problem for us on the doorstep than Brexit. […]

Wes Streeting
13^th December 2019
Sky News (YouTube)

This thrashing clearly hasn’t proved thrashing-enough for a die-hard clique of Corbynistas in the party. Front runners for the new leadership team Rebecca Long-Bailey and Richard Burgon are continuity candidates and are doing well. Too many in the Labour party cannot accept its policies, leader and trajectory were squarely rejected. Burgon has even suggested that Labour members should be given the power to vote on military action Labour deputy leadership candidate Richard Burgon heavily criticised over plan to have members vote on military action
6^th February 2020
iNews by the Government. This madness drew all reasonable people’s eyes skywards, and it again goes to show how factions of the party are looking evermore to the membership not the parliamentary party.

It’ll take Labour a long time to recover – though, they’ve got until 2024. To place themselves back in a strong, electable position, much more than the party’s constitutional defects will need to be put right. The party must place its faith in those that sit on the green benches, and let them lead.

The upcoming London mayoral election will be the next major encounter Labour has with the electorate. We’ll see how that goes…

Moving North

1F52B — Tue, 21 Jan 2020 00:00:00 +0000

The Conservatives are floating the idea of moving their CCHQ party office, and the House of Lords to the North. Let’s be honest – Northerners will see through this kind of pandering.

Moving CCHQ or the Lords to Manchester or York or Liverpool or Newcastle or Birmingham or just half an inch north of the Watford gap won’t change much, At least, presumably it won’t, as no plan of mass staff replacement has been announced. Same people different place is unlikely to lead to a significant change in behaviour. other than forcing a lot of staff to waste money and time travelling and moving office – all of this will be at the taxpayer’s expense, at least in the Lord’s case. While yes the Lords and Commons both need to move temporarily from the Palace of Westminster during restoration works, the current plan of using the nearby Queen Elizabeth II conference centre seems more sensible than York, 200 miles away. Not-least to mention the considerable inefficiencies in Commons-Lords collaboration this would introduce.

In CCHQ’s case, if decentralisation and purging of mandarins is what’s wanted, why not build out additional peripheral offices and/or devolve power to the the constituency party associations already in place? Whether such a bold shake-up as moving cities is even needed is questionable, given CCHQ assumedly had a pivotal role in winning the massive majority in the December 2019 election.

Precedent suggests a move up north will ultimately be superficial – take a look back at the BBC’s much-touted move of a large part of their operations to Salford, circa 2011. The BBC, nearly ten years later, still has the weight of its presence in London, and incurs millions in expenses yearly shepherding staff between the two cities, BBC spends £1.3m on flights to and from Manchester
The Guardian, 5^th Dec 2013
https://www.theguardian.com/media/2013/dec/05/bbc-spending-flights-trains-salford and the result has been little effect on Salford’s economy. BBC’s move to Salford had negligible effect on local employment
Financial Times, 9^th August 2017
https://www.ft.com/content/ab4521d4-7d12-11e7-ab01-a13271d1ee9c This kind of move is not something you’d expect a private company to do for the sake of political goal-scoring – if it’s not ultimately going to benefit the bottom line, it’s not a good move.

We can learn a number of lessons from the BBC’s decision to relocate large parts of its operation from London to Salford […] The 2017 National Audit Office report found that a total of 894 members of the existing London staff had been paid relocation allowances worth a total of £16 million – with just 39 people from Salford having been recruited to work at the new Salford based HQ. What’s the point of re-locating if you’re still almost exclusively employing people from London and not the area you’re moving to?

Eddie Hughes MP
11^th Jan 2020
Conservative Home

The seat of government is Westminster – moving and mashing things about for the sake of it is pointless. Most people don’t want the Lords to move,Do you think the House of Lords should or should not move out of London and be based in York?
—Yes 23%, No 32%, Don’t Know 41%.
YouGov Survey, 20^th Jan 2020
https://yougov.co.uk/topics/politics/survey-results/daily/2020/01/20/f31dd/2 they instead want the Government to get on with the day job. What are we saying if we suggest the only way for the Tories to understand northern voters is that they have to go and transplant themselves in their midst?

Many would hasten to point out too that the North’s big cities sit in their own London-like bubbles. The problem of London-centricity doesn’t necessarily come from being based in London. Not ignoring the North is much more an issue of priorities and paying attention than it is of geography. Nor is London even the Tories’ home turf, as a notoriously red city.

Efforts would be better spent on implementing the manifesto and pledges made to the North and the Tories’ new vote lenders, than on rearranging the office and then getting on with it.

[The new CCHQ should be] somewhere reasonably close to a university with good maths/physics departments (we should get a data team up there), good train links, well placed in political terms.

Downing Street Source
Conservative Home

So… central London?

Four Hours in A&E

1F52B — Wed, 15 Jan 2020 21:47:58 +0000

The NHS’s four-hour target for A&E admissions has entered the spotlight, after the Health Secretary Matt Hancock suggested that he was considering scrapping the metric in favour of some other, unspecified clinically appropriate target. The existing target expects that 95% of admissions are triaged – admitted, referred, or told to sod off – and moved along from A&E within four hours of presenting. Notionally, this seems a sensible target.

When a metric becomes a target, it ceases to be a good metric.

Goodhart's Law

However, when metrics such as this become themselves the target of optimisation, they have a habit of ceasing to be good metrics – people will try and cheat, and put their efforts in to improving the metric rather than the outcome it was trying to approximate, i.e. to make it seem as though all is going better than it actually is. In this context, what does that look like?

Hospital managers keen to hit the targets may place disproportionate emphasis on pushing patients through the emergency department without due regard for where they end up and how. Much-needed medical staff are moved from ward cover, where they would deal with any medical emergencies that arise, to clerking-in new patients from the emergency department that may be less-unwell than those already admitted. This could be a spur of the moment change, if it looks like A&E is going to breach the target on a bad afternoon. For instance, one doctor at a London hospital tells of patients having been hurried out of A&E before their four hours lapsed, when it was perhaps not the clinically safest thing to have done so.

We will be judged by the right targets. Targets have to be clinically appropriate. The four-hour target in A&E – which is often taken as the top way of measuring what’s going on in hospitals – the problem with that target is that increasingly people are treated on the day and are able to go home. It’s much better for the patient and also better for the NHS and yet the way that’s counted in the target doesn’t work.

Matt Hancock, Health Secretary

None of this is to say that that this metric is worthless, nor that there hasn’t been a steady decline in performance against this target for years. Scrapping the target because it doesn’t look good for the government’s record on healthcare would be unsavoury to say the least. It also goes without saying, that four hours is about three and three quarter hours too-long to wait for the most severe conditions, such as heart attacks, strokes and traumatic injuries. But it is to say that the target might be hindering, rather than helping.

Unfortunately, a lot of what falls to the doctors and nurses in A&E are cases that have fallen through the cracks in other services. Doctors tell, for instance, of elderly people being admitted to A&E because they’re off their baseline or not coping well. Perhaps in an alternate universe where the healthcare system isn’t on its knees and has beds abound, this would be fine – however, given the current state of despair at the way the NHS is headed, these are perhaps the kinds of admissions that should instead have been handled outside of a hospital by social services and other care-givers.

Similarly, people go to the hospital instead of their GP because they know they’ll at least be seen some time that day. One person claiming to have had to wait 12 hours to be seen clearly can’t have been that unwell… You can see the logic to asking someone that is happy to wait to get their possibly-broken finger seen wait more than four hours, if there’s a backlog of people with shortness of breath and a tight chest.

One can argue that this target, introduced in 2004, has forced the issue of A&E performance and thus encouraged investment in emergency departments. NHS funding has been increased year-on-year by each government since 1955, at an average of around 4% per-year, although the current rate of around 2% is a near historic low.

This monotonic increase is not necessarily enough, as the minimum to maintain the same standard of care year-on-year would assumedly be to increase spending to accommodate inflation, new treatments and the growth and demographic shift of the population – this could amount to more than 4%. Still, there is an undeniable and precipitous decline away from hitting this 95% target, to being at 80 to 87% on average throught the year.

There is also the implicit assumption that A&E waiting times are the big, or even a big problem. We must maintain an open mind and consider that the struggling A&E departments might not be the problem we ought to address foremost. It’s a topic for another article, but the NHS’s problems are certainly not funding alone.

If the Health Secretary and his department want to replace the four-hour yardstick with a more refined instrument, then we should encourage this. It is not a perfect target, and has some significant downsides. If both incentives against unnecessary use of A&E, and a drive for improved patient outcomes can be accommodated within a new metric, we should welcome it. If it is instead just a punt of the goalposts down the hill, we should certainly not welcome it.

The Hostage Parliament

1F52B — Fri, 27 Sep 2019 00:00:00 +0000

We British find ourselves in a startling situation. For the first time in parliamentary history, the opposition has full confidence in the Government, yet the Government has no confidence in itself; the Executive cannot legislate, yet the Opposition can!

Simply put, the Opposition is holding the Government hostage. Before this bizarre chapter in the history of Parliament, the following could generally be relied upon:

The Government controls the business of the House
The Opposition opposes the Government, and so can be expected to vote against it in a No Confidence motion given half a chance
The Government supports itself in a vote of No Confidence
The Opposition has confidence in the Leader of the Opposition
A Prime Minister could dissolve Parliament to get a General Election – a gamble that could see them either gain or loose a majority Of course, the Fixed-term Parliaments Act, 2011 put paid to the prerogative ability of the Government to call an election when it saw fit, in a (in-hindsight) short-sighted desire to hold-together the then Conservative & Liberal Democrat coalition. It requires a super-majority to trigger a General Election, but can be circumvented by a motion notwithstanding it, which would be amendable.

Now, this set of rules has been turned on its head. The Opposition MPs, who will readily denounce the Government as a shameful band of liars and charlatans who should seemingly apologise for their every shocking and outrageous utterance, can’t quite bring themselves to say as much formally, by voting against the very same government. They must somehow believe that they are bestowed with a moral prerogative to block a No-Deal Brexit, and that this supersedes their moral obligation to the electorate, and its right to an election when Parliament is so-clearly dysfunctional, the Government wishes to hold one, has no majority and cannot pass its business.

You have to wonder why… Perhaps they don’t think they’ll win an election? That Jeremy Corbyn and the Labour party have been calling for an election incessantly but will now not vote for one until No-Deal is off the table just adds comedic value.

We must unstick this mess. And we must trust the people to make their choice. We cannot trust this Prime Minister. His time must be up! His days of lying, of cheating, and undermining the rule of law must be over!

Ian Blackford MP
25th Sept 2019
House of Commons

His time must be up! If that is the case, do as you say – trust the people! There’ll still be ample time after an election, if they win it, for them in their new position as the Government to ask the EU for an extension themselves! And if instead they loose an election, how can they claim to be acting on behalf of the electorate now?

Mr Blackford, of course, still has full confidence in the Prime Minister and his Government, and retracted the suggestion that the PM lied. Clearly the PM’s days won’t be over on his watch just yet.

This Parliament is a DEAD Parliament! It has no MORAL RIGHT to sit! But the time is coming, Mr Speaker, when even these TURKEYS won’t be able to prevent CHRISTMAS!

Geoffrey Cox, Attorney General
25th Sept 2019
House of Commons

MPs must ask themselves upon what mandate can they legitimately legislate through stretching the powers they have through Standing Order No. 24 Standing Order Number 24 gives MPs the ability to move an ’emergency debate’, with the Speaker of the House having it in their power to decide whether to give time to it, or not, if they deem it emergent enough.
Parliament.uk Standing Orders and continuously frustrating the Government. Legitimacy in politics and law is derived from the electorate and the people, and Parliamentarians must remember this. Conservative, Labour and even SNP MPs were all elected on manifestos promising to implement some from of Brexit – that is their mandate. Not to obstruct, seize the order paper, pass ’emergency’ legislation and keep the Government hostage. The House has changed since the 2017 General Election, with MPs switching sides, and opinions surfacing that go against their 2017 manifesto pledges. Those that oppose the Conservatives or Brexit can achieve their ends legitimately by becoming the Government – but not by any other means.

The proper processes and mechanisms for stopping a Government advancing its business and using prerogative powers are well-known to all MPs – they are only to vote for an election, or vote No-Confidence. There is no-other constitutional or indeed morally right way to do so. Many of the conventions of parliament work only under the assumptions listed above – without them holding true, the stability of the parliamentary system under these conventions is questionable.

As a result of the continued breakdown of convention and constitution, many members of the public now view the House and its members with disdain. An election would return legitimacy to the House. Without an election, continued loss of legitimacy and falling public esteem for the House may even threaten the legitimacy of the law and government entirely.

There are many people calling for a calming of rhetoric. Although, the irony seems to be lost on some as they do so – saying we must moderate our language in a speech to then follow with the words inflammatory, offensive, dangerous, pejorative, and finish with a crescendoing shout that [The Prime Minister] should be absolutely ashamed of himself! is humbug indeed. Whilst I’m only half there with them – tempers are fraying for good reasons, and the weight of the issue at hand merits much of the gravitas – a compromise must be struck. Both sides of the House must reach that compromise, which is surely a Brexit deal, passed and agreed with the EU. If minds were put to that instead of the current game of prorogation, litigation and legislation, it could possibly have happened already.

YouTube & The End of History

1F52B — Sun, 15 Sep 2019 00:00:00 +0000

YouTube, and sites like Facebook, Twitter and Reddit are the public squares of our time. They provide the platform for so much discourse today that exclusion from them is suffocation-enough to silence. As private companies, unburdened by the forced liberalism of legally protected free speech, their content policies wield great power and dictate so much of what we do and don’t see online.

There is heated debate over the question of free speech – is the Libertarian free-speech absolutism or the Progressive protective censorship the more desirable policy? This a debate framed around one’s interpretation of the word freedom – is it freedom from, or freedom to?

This problem becomes pronounced when the mis-incentives from these platforms’ need to run advertising to sustain themselves are introduced. Advertisers don’t want to be associated with what they see as divisive, shocking or unpopular content. When advertisers are given the chance to exclude their ads from appearing alongside these subjects, almost all take it. After all, who wants some wisecrack on Twitter @ing you to ask why your product was just advertised before an objectionable video when others’ were not? This in-turn encourages these platforms to move to discourage content that hurts their ad-driven bottom-line; and develops a tendency towards the seemingly mundane yet nefarious ‘Advertister Friendliness’ undergirding content policies.

YouTube has the particular problem of both being ad-revenue supported, and being a platform that shares some of that revenue with it’s content creators. This complicates YouTube’s relationship with both parties. On the one hand, they rely entirely on the content these creators generate to have a platform at all, and on the other, they rely on advertisers being willing to spend considerable amounts of money running ads to keep the ship afloat. Sharing ad-cash with creators is to do business with them, and once you begin to exercise editorial discretion around who those creators should be, all future relationships entered and avoided are fair-game for scrutiny.

I can just tell you categorically that there is no list of words or keywords or terms or anything like that, that is going to go into our classifiers making an a priori decision about whether a video is monetised or not.

And, while we may have made mistakes in the past, the nature of our algorithms is that they continue to learn from those mistakes, continue to get better, and we also have programs in place – and Google is striving to be an industry leader in this area of things like Machine Learning fairness.

¿Qué está haciendo mal YouTube? | Entrevista con un jefe de YouTube
What is YouTube doing wrong? | Interview with a YouTube boss
Luisito Comunica
20^th Dec 2018
https://youtu.be/sGBr0Bl8y2U

This quote strongly suggests these moderation algorithms are reactive, learning models, presumably learning from user reports and input, probably also from staff. That they do not, a priori have a blacklist of words does not mean that the models do not themselves form such a list. Also, if Google leads the way in Machine Learning Fairness, it is perhaps only in-so-far as being the prime example of how not to do it.

Should be fine, right? Well, achieving this with no false-positives nor false-negatives is an impossible task. Understanding something as complex and subjective as context alone requires at-least human-level intelligence and broad context knowledge, as even we can’t agree amongst ourselves. Examples of false-positives, those where legitimate content creators have their work censored aren’t hard to come by – and it seems YouTube is not handling the appeals process well, frequently accused of persistent, skittish unfairness and deafness to the exasperated protests of creators and their fans, the very people the platform relies upon to exist.

In pursuit of an online bubble of safe, advertiser friendly content, free from affront, there will inevitably be unintended casualties. Given the scale and speed of content hitting these platforms, content moderation can not be done by humans, and must be done by machines. YouTube do say publicly that they use ‘algorithms’ to aid in content moderation. This is mostly due to the scale of the moderation problem - YouTube claims there’s over 500 hours of video uploaded every minute, so you’d need a mod team of around 33,000 people working 24/7 to view and moderate all of it manually. There are certainly humans in-the-loop somewhere, but they’ll presumably just handle a fraction of appeals. Blacklists of undesirable topics and phrases will be built, and machine learning models will process information about the content such as the transcript and the imagery in the video, determining its content-worthiness, in the end spitting out a simple yea or nay on whether it can stay.

The Educational creators on YouTube, covering topics such as Science, History & Politics are particularly afflicted. This is due both to the subject areas they cover, and the amount of time they have to invest in creating their video content. The soft-threat of demonetisation as opposed to outright removal may seem like a fair compromise, but this is not so. Demonetisation hurts actual content creators much more than those looking to shock or disrupt – demonetisation not only stops the stream of ad revenue to the creator, but as this video now just costs YouTube money to deliver, it vanishes from recommendations, having much the same effect as complete removal – so a more appropriate term may be Video Suppression. Loss of livelihood and followers are things we can safely assume won’t phase the ephemeral provocateurs and shitposters.

We would expect videos covering war history, for instance, to be laced with words such as battle, fight, war, kill, capture, suicide, bomb, Nazi, fascist and Holocaust. Videos covering scientific topics can too be struck from the platform because they demonstrate dangerous procedures, or perhaps even because they contain ’nasties’ such as Lead, Uranium, Mercury and Cyanide – all of which can be safe when handled correctly, and have no good reason for being excluded from a Chemist’s repertoire. I hope I don’t need to point out that discussion of differing politics causes some to lash-out and demand censorship. While YouTube does publish policy pages, YouTube Community Guidelines (for removal from the site), and Advertiser-friendly content guidelines (for demonetisation) YouTube’s track record of fairly and consistently applying these guidelines is patchy at best.

YouTube just wants to be like a traditional television channel, where they have a late night hosts, and no swearing, and no controversial content, and that kind of thing. […] They added to their rules that you’re not allowed to talk about war, you’re not allowed to talk about battles, you’re not allowed to talk about anything like that. […] I don’t see how a channel that is all about Military History is supposed to continue.

Griffin Johnsen, of The Armchair Historian YouTube Channel
15th September, 2019
https://youtu.be/RMNmmQjXGao

In self-defence, creators have taken to blurring Swastikas or swapping them for Iron Crosses, and using coded language For example, Anti-Centrism: Extreme Niche Political Ideologies (Absolutist Post-Left Hoppean Neoaccelerationism), by Jreg
30th July, 2019
https://youtu.be/kkufPSw_eMU
and
WW2 - OverSimplified (Part 1), by OverSimplified
15th March, 2018
https://youtu.be/_uk_6vfqwTA?t=225 to avoid uttering the new N and F words for fear of automated detection. The accurate telling of history is being self-censored to placate the moderation overlords, and the willingness of creators to continue to cover the more difficult topics in face of this constant struggling against the platform is diminishing.

History is surely the most powerful tool in first understanding, and then combating dangerous and violent ideologies. As the saying goes, those that do not learn history are doomed to repeat it. Is the use of coded language what we really want to be encouraging?

It’s almost like censoring specific words independent of context creates a culture of fear around that idea and makes the idea itself a protected class, making the people that believe in the idea forced [sic] to live in an echo chamber of their own beliefs where they use coded language to get around algorithms like this.

Jreg

Some creators have limited success with alternate sources of income like Patreon, selling merchandise, and handling advertising themselves through brand deals and sponsored videos. This seems a reasonable reaction to the forces YouTube put in place, but it can’t avoid the loss of views and exposure brought by demonetisation that are vital to building & maintaining an audience. For channels that have to put a lot of effort in to making videos, two demonetisations in a row can be a loss of a whole month’s income, and a third could kill the channel.

You could say Well, if you don’t like it, leave. And, many are trying to leave, but what credible alternatives to YouTube are there? Sure, there are some other platforms available like Vimeo, but they currently simply don’t compare for viewership or cover a more-specific niche. The current outflow spreads thin between their own sites, network sites such as Nebula from Standard, and services like LBRY. This begs the question as to whether anyone does like it this way – viewers and creators alike are frustrated.

If YouTube continues to pursue their ideal of a platform free from harm without taking a principled and clearly reasoned approach to moderation, such as what Twitter are trying to do – though Twitter too has many disgruntled users accuse them of unfairness, bias and unclear rules – they may end up killing all that’s valuable about their own platform. I’d argue adopting Twitter’s approach of trying only to eliminate targeted harassment is much more viable, and less likely to cause them the fundamental problems of alienating their own creators and users.

As a viewer, my concern for the freedom to express content, especially educational content, is growing…

Further Sources

List of YouTube Demonetized Words REVEALED (YouTube Analyzed) [YouTube]
List of YouTube Demonetisation Words on Google Docs

Youtube’s Biggest Lie (Nerd City) [YouTube]

Interviewing The CEO of YouTube Susan Wojcicki [YouTube]

Articles on 1F52B

The Digital Pound: A new form of money for households and businesses?

Consultation Responses

Technology Working Paper Responses

Other Responses to the Consultation

Index

Consultation Paper

Technical Working Paper

Can Ledger Recover?

Seed Words

Maybe it’s just not for you?

Maybe it is for you?

Should I worry about my Ledger?

Messaging Matters

So, can Ledger recover?

Afterword

Maybe this is for you?!

The Subtil Genius of Casey's Ordinals

Dual Income, No Kids?

The Election That Cried Fraud

The Kenosha Shooting

Background

The Shooting

Aftermath

Hong Kong

Further Reading

Contact Tracing

More

Labour’s Members are Making the Party Unelectable

See Also

Moving North

See Also

Four Hours in A&E

Further Reading

The Hostage Parliament

YouTube & The End of History

Further Sources