Can’t be Evil: Protecting User Privacy under a Central Bank Digital Currency (CBDC)


Using the digital euro as an example of central bank digital currencies (CBDCs), Astro Hsu investigates how regulators may balance between privacy protection and law enforcement efficacy. “Zero-knowledge proof” is a promising approach that provides privacy similar to cash. Law enforcement agencies still need to intervene on dubious cash flow patterns, but the system does not allow intermediaries to gain unnecessary access to everyone’s full transaction details.

Reading time: 13 minutes
Digital euro

Cashless Society

The pandemic has accelerated people's entry into a cashless society. In the past, street performers would place a tip jar in the centre of the stage for people to donate cash freely during their performance. However, during Covid times, some of them added a QR code next to the tip jar, allowing people to tip from a distance using mobile payment to avoid the spread of viruses.

In addition to digitising cash, switching to digital payments also implies the transfer of personal consumption records. Privacy concerns with digital payments is not a new topic, but some people still believe that "if you are not doing anything wrong, why should you be afraid of being monitored by others?"

This confuses two different concepts: privacy and secrecy. As early as 1993, the famous "Cypherpunk Manifesto" clearly pointed out the difference between privacy and secrecy:

Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.

…“When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees.

Daily conversations among family members may not be a big deal, but there is no need to let the whole world know. This is privacy. If someone steals a boiled egg from a convenience store and does not want anyone to know, this is secrecy.

Cash is anonymous. People bring change to the convenience store to buy beer, and they do not need to know each other's names, as long as money is counted correctly. If necessary, both parties can disclose more personal information such as whether they are of legal age to buy alcohol. Cash transactions comply with the default anonymity in the manifesto, and privacy can be selectively disclosed afterwards.

Privacy is key to an open society. However, in the digital world, the vast majority of transactions have no privacy - digital transactions need to go through intermediaries, and financial institutions have the right to decide which transactions to allow or prohibit. The government knows every penny people spent.

Digital privacy over payment tools
Comparison of privacy between payment tools

In the past, people could freely choose to use cash or digital payments depending on the situation. However, in recent years, the scenarios for digital payments have become increasingly diverse, and governments around the world are actively developing CBDC to embrace a cashless society. This has caused people to worry that a cashless society without privacy is equivalent to a monitored society.

Privacy concerns with CBDC

Governments around the world have the same main reason for wanting to issue CBDC - to respond to the rise of digital payments.

Taking the digital euro as an example, the European Central Bank (ECB) stated in "We must be prepared to issue a digital euro" in 2020 the necessity of issuing a digital euro:

Digitalisation is spreading to all areas of our lives, satisfying an increasing demand for immediacy in how we consume, work and interact with each other. In many ways, it is disrupting our cultural, social and economic fabric.

…“Not long ago, cash was the only way to pay instantly. It is still the dominant payment method for small amounts. But the trend is towards cashless, contactless payments. We are increasingly making purchases using tap-and-go cards, an app on our phone or even a smartwatch.

…“Central banks around the world are inevitably asking themselves whether they should issue a digital currency. Should they devise an electronic form of money which is also legal tender, which commands the same degree of trust and which offers all the benefits of money in its traditional form? In the euro area, should we issue a digital euro alongside euro banknotes? We already have digital means of payment, such as electronic transfers. And, of course, we have physical central bank money in the form of cash. What we do not have is a digital currency that is issued by the central bank and that we can all use in daily life. In other words, we do not have a digital equivalent of euro banknotes.

In short, the digital euro is the digital version of the euro currency issued by the European Central Bank. In theory, anywhere that currently accepts physical euros should also accept digital euros in the future. However, the issuance of a CBDC poses a new challenge for governments with no precedent to follow.

In the past, the government's main task was to print banknotes, but they were unable to intervene or track how the banknotes circulated, which ensured user privacy and transaction freedom. However, the digital euro is different. The government not only has the ability to track the real-time flow of every transaction, but can also freeze or reclaim specific assets when necessary. This is the biggest difference between digital euros and physical banknotes, and it is the privacy concern that people are most worried about.

According to current European regulations, any digital payment must require real-name registration. The digital euro is no exception. This is equivalent to people giving up their privacy. The European Central Bank has pointed out that:

Means of payments in current use already provide varying degrees of privacy, ranging from anonymous cash transactions to transactions requiring documentary verification or monitoring via bank accounts. If the legal identity of digital euro users were not verified when they access services, any ensuing transaction would be essentially anonymous. While that is currently the case for banknotes and coins, regulations do not allow anonymity in electronic payments and the digital euro must in principle comply with such regulations.

Although cash transactions are anonymous, they are geographically limited and are usually used for small transactions. While bank accounts break through geographic limitations and facilitate large transactions, they are also subject to real-name registration regulations. As a "digital banknote," the digital euro is positioned between the two and can be used for both small and large transactions.

Anonymity may make the digital euro a tool for illegal transactions, while real-name registration may infringe on people's privacy and raise concerns about government surveillance. So, should digital euro transactions be anonymous or real-name? It depends on the level of trust people have in the government. Those countries with a high level of trust in their governments are likely to be more willing to adopt a real-name system, while those who do not have such trust would prefer to protect their personal privacy through anonymity.

Law and Technology

The European Central Bank conducted a public consultation from 2020 to 2021, asking people which features of the digital euro were most important to them. The highest voting percentage went to privacy:

We received more than 8,000 replies, an all-time record for ECB public consultations. Privacy was considered to be the most important feature of a digital euro in about 43% of replies. Even if users have to identify themselves when they first access digital euro services, different degrees of privacy can still be maintained for their payments. For example, if low-value offline payments were offered, they could be settled between the payer and payee without any data being shared with intermediaries.

…“ For electronic and large-value transactions, details should be available to intermediaries. But privacy-enhancing techniques could still ensure a high level of privacy. For example, the identity of users could be kept separate from payment data, allowing only financial intelligence units to obtain this information and identify the payer and payee when suspicious activity is detected.

…"”Finally, digital euro transactions could be fully transparent to the operator of the infrastructure who should nevertheless guarantee data protection, as is typically the case with electronic payments currently.


How to protect digital privacy and make it trustworthy is the biggest challenge that governments must solve before launching CBDC. Currently, there are two methods on the table: "Don't be evil" and "Can't be evil".

Can’t be evil: Zero-knowledge proof

"Don't be evil" is the method that the European Central Bank is currently experimenting with. Although they promise not to share details of small transactions with financial intermediaries in order to protect users' privacy, they also admit that the ECB itself will have a ledger and can access the details of each transaction if necessary. In other words, regardless of the transaction amount, the ECB responsible for operating the infrastructure of digital euros can see every transaction clearly. Even if there are legislative regulations for accessing financial flows in the future, it is still impossible to completely prevent malicious individuals from invading user privacy.

The best way to prevent this is to refer to the practice of some encrypted currencies and introduce zero-knowledge proofs to make the record of each transaction inherently untraceable. I call this method “Can't be evil”. What is a zero-knowledge proof? MIT Media Lab explains it clearly and simply:

You have two billiard balls in your hand, one green and one red. Besides colour, the two balls are identical. Suppose I am colour-blind and to me, the two balls in your hand look identical. The question is, can you convince me without mentioning any colour information that these two balls are actually different in colour?

…” Of course, you can! You can hand me the two balls and ask me to take them behind my back and switch their positions. Then I bring them out and ask you to "guess" which ball was originally in your left hand and which one was switched to your right.

“To you, it is obvious that the ball that was originally in your left hand was green and now it's in your right hand. You don't need to guess and it's easy for you to point out that the balls have been switched. However, for me as a colour-blind person, this is a surprise! To me, the two balls are identical and you must have guessed correctly just by chance. But, if we repeat this test a few times, I will soon believe that there is a difference between the two balls even though I can't see it. And you have not revealed any colour information to me.”

In the interaction, there was no mention of colour information whatsoever. In other words, even if both parties have "zero knowledge" about colours, you can still use other methods to convince a colour-blind person that there is a difference in colour between two balls.

For those who can see colours, it is obvious at first glance that the two colours are different. However, for those who are colour-blind and want to know where the difference is, you have to use zero-knowledge proof to convince them. Such technique can be used to convince colour-blind people, as well as applied on the privacy of digital euros.

If the European Central Bank is willing to build digital euros using zero-knowledge proof, then it can protect user privacy by making itself "colour-blind". Even if the European Central Bank cannot see the details of each transaction, it can still use zero-knowledge proof to ensure that each transaction amount is correct.

However, this will break the current cooperation model between law enforcement agencies and financial institutions. In the past, law enforcement agencies could obtain detailed information by simply accessing data from financial institutions. If CBDCs adopt zero-knowledge proof in the future, financial institutions will be like "colour-blind" and will not be able to distinguish between legal and illegal financial flows as efficiently as they did in the past. Law enforcement agencies will definitely be the first to oppose this.

Before the advent of CBDCs, people had a simple way of life with only two modes of transactions: cash transactions and bank transfers. Each had its own advantages, with cash transactions offering privacy and bank transfers offering convenience. However, CBDCs are digital cash introduced by governments that tend to blur the line between the two. Although governments usually emphasise that CBDCs are equivalent to cash transactions, they generally do not want to grant CBDCs the same level of privacy as cash.

Governments in most countries have generally been hesitant to develop CBDCs due to concerns about protecting human rights and combating crime - while China with its CBDC roadmap tends to be a possible exception. The European Central Bank has repeatedly emphasized that the issuance of digital euro is not intended to replace cash but to enable the euro to be used more widely. In other words, most countries currently adopt a compromise approach of issuing both CBDCs and retaining cash, but this is not a long-term solution.

Old traffic rules for carriages

The current situation with CBDCs is similar to the famous Red Flag Traffic Laws in history. In 19th-century England, traffic regulations were designed for carriages. However, after the advent of cars, the government did not review the outdated regulations in response to cars but instead required a person to carry a red flag in front of every car to avoid frightening horses on the road.

Nowadays, people mock the absurdity of the Red Flag Traffic Laws, but when faced with CBDC innovations, governments still insist on managing "cars" (CBDCs) with the rules designed for "carriages" (bank transfers). In the end, protecting human rights and combating crime are not mutually exclusive. However, currently, governments are unwilling to loosen their comprehensive monitoring of digital money flows and develop another set of tracking and law enforcement measures based on "digital cash".

In my opinion, ideally people should use CBDC in the same way as cash and enjoy equal inherent privacy protection. But privacy is not the same as secrecy. People are cautious about cash transactions. If someone regularly uses large amounts of cash, it can easily attract attention from others, and financial and law enforcement agencies may intervene. CBDC should use the same monitoring model (similar to cash), but in digital form.

Ultimately, whether governments are willing to redesign "financial traffic regulations" for CBDCs may depend on the purpose of the CBDC itself. If a CBDC can demonstrate more usage scenarios and is clearly better than bank transfers, more people will support treating it like a car. Otherwise, people will tend to treat it like a horse. After all, it is not easy to create a new set of "traffic rules" for the financial world to accommodate CBDC.

Translated from Chinese by ChatGPT 3.5; proofread and edited by hbs hk.