Group items tagged

The white paper, Privacy 2020: 10 Privacy Risks and 10 Privacy Enhancing Technologies to Watch in the Next Decade, identifies ten technologies that are likely to create increasingly complex data protection challenges. Over the next decade, privacy considerations will be driven by innovations in tech linked to human bodies, health, and social networks; infrastructure; and computing power. The white paper also highlights ten developments that can enhance privacy - providing cause for optimism that organizations will be able to manage data responsibly. Some of these technologies are already in general use, some will soon be widely deployed, and others are nascent.

Certain crypto assets, which are often referred to as privacy coins, private coins or anonymous coins, attempt to hide information about transactions, giving users more privacy. A number of possible methods exist for adding privacy to Bitcoin, including peer-to-peer trading, although multiple crypto assets focus on privacy more directly via their technology. Some familiar privacy assets in the crypto space include Monero (XMR), Zcash (ZEC), Verge (XVG), Beam and Grin. Dash also makes it on the list, as it allows for added anonymity, although the coin is not technically classified as a privacy asset.

The Bank of Japan (BoJ) published a paper that explains the theory behind differential privacy and its application, and studies and discusses the desirable privacy protection considering the strengths and limitations of the differential privacy. In particular, mathematical methodologies including ones based on differential privacy cannot solely suffice social demands for privacy protection, especially for the control over personal information about oneself. The paper concludes that desirable privacy protection for resolving the social issue should adopt a comprehensive approach that includes laws, regulations, IT systems management, business practices, as well as mathematical methodologies and information security.

This Bank of Canada note outlines what is technologically feasible for privacy in a central bank digital currency (CBDC) system. Privacy in a CBDC goes beyond binary choices of anonymity or full disclosure. System designers have a range of choices around the type of information to keep private and who to keep it private from. Because privacy is not in the sole purview of the Bank, defining it requires consultation with external parties. Our approach in this note is to: develop a framework to evaluate different privacy models, understand the technical tools to enact various privacy models, suggest a design approach for CBDC privacy, and list the key risks and trade-offs.

More than anything else, the debate over whether to issue a so-called central bank digital currency, or CBDC, is driving the debate on payments and privacy. A privacy-friendly CBDC is a complex and ambitious project. But designing something from scratch is forcing central banks to ask themselves whether they have an obligation to provide the public with digital privacy and, if so, how private dare they make the stuff. It's difficult to know for sure whether a central banker's "balanced" approach to privacy will meet the bar that is being set by an emerging group of privacy consumers.

An article by Raphael Auer, Rainer Böhme, Jeremy Clark and Didem Demirag explores the multiple dimensions of retail CBDC privacy considerations. They point to the number of distinct stakeholders, combined with the technical challenges, as possibly responsible for stalling progress toward deploying retail CBDC. One step forward is understanding who the key stakeholders are and what their interests are in payment records. Knowledge of conflicting interests is helpful for developing requirements and narrowing the range of technical solutions. This article contributes to the literature by identifying three stakeholder groups - privacy enthusiasts, law enforcement, and data holders - and exploring their conflicts. A main insight is that nuanced data-access policies are best to resolve the conflicts, which in turn rule out many technical solutions that promise "hard privacy," meaning solutions relying on cryptography and user-guarded secrets without room for human discretion. This observation shifts attention to a softer form of privacy-enhancing technologies, which gives authorized stakeholders the capability to access certain payment records in plaintext under defined circumstances. Such a system depends on compliance and accountability, supported with technically enforced access control, limited retention periods, and audits. This is referred to as "soft privacy".

"This paper aims to focus, in particular, on two complementary and co-related aspects involving CBCDs: (i) how can the full digitalisation and centralisation of the transaction ledger be combined with privacy and (ii) to what extent CBDCs affect the allocation of burden and the responsibility over supervision of retail transactions. Eminently, the use of cash ensures a form of default privacy that protects the individual against State and private intrusion. While this privacy has caused concern, due to its criminogenic potential, and has been consequently limited by anti-money laundering (AML) regulations, the remaining cone of shadow cash guarantees is a crucial limit to control. In the context of a shifting financial system, undergoing deep transformation due to increasing datafication and decentralisation of the market, a new governance of financial supervision and record-keeping-up to now based on a unique and centralised ledger-is crucial to redefine the trade-off between financial integrity and privacy. This article will examine the origins and characteristics of CBDCs, to then analyse how the trade-off between control and privacy is set to reshape this new architecture."

"Zero-knowledge schemes have recently become a popular attempt to offer users privacy in an attribute-based credential system. In this article, we do not contest the mathematics of these schemes; we assume it is logically sound. Instead, we draw attention to the trade-off that is made when employing cryptography instead of trusted parties to protect user privacy. We assert that, for these approaches to create the trust required by credential verifiers, they must introduce mechanisms that limit their utility and create significant privacy risk to the user that cuts against data minimization goals. Greater trust must be placed in the shelf life of cryptography to prevent the user from being unwantonly correlated than alternative approaches. Just as we would discourage storing encrypted private data on public blockchains, we discourage this approach here. Lastly, this article introduces the concept of a trusted witness which provides privacy for honest users and solves the privacy-trust problem without the disadvantages of the zero-knowledge approach."

A Digital Euro Association working group of global experts delved into the topic of CBDC Privacy, examining the importance of privacy in CBDCs and how it impacts the successful adoption, usage, and implementation of digital currencies. Their paper examines privacy-preserving technologies and provides recommendations for ensuring privacy and security in a CBDC system.

The "Blockchain Trilemma" is a term used to describe the challenge of increasing performance, security, and decentralisation at the same time. Current enterprise blockchains are not truly decentralised. They may be structurally decentralised, but are operationally centralised. By reversing this, having structurally centralised, but operationally decentralised architecture, a CBDC can achieve a high-performance blockchain. However, any blockchain-based CBDC should not only solve the blockchain trilemma, but also the CBDC design trilemma, which notes that identity, privacy, and programmability cannot be easily enhanced at the same time. A CBDC cannot ignore privacy for the sake of achieving legal compliance and implementing programmable money. From an expertise point of view, the answer to this trilemma is the use of a decentralized identity system such as self-sovereign identity (SSID) to find the perfect equilibrium for the CBDC design trilemma. Self-sovereign identity is very popular for its advanced privacy protection. By having an SSID-based blockchain system, a CBDC can incorporate both privacy and transparency into the blockchain-based CBDC system. Additionally, a use of zero-knowledge encryption to protect the transaction privacy of blockchain data is highly recommended for any CBDC implementation.

"Jürgen Schaaf stressed the importance of privacy (ranked first in the consultation on the digital euro by European citizens) and discussed different privacy options the ECB has analyzed. These options range from full anonymity to fully transparent payments to the central bank. It was argued that full anonymity will, as a preliminary view, not be a viable option as it conflicts with regulation around anti-money laundering. Nevertheless, and as stressed by some participants, since there is no CBDC regulation in place, an anonymous CBDC would not necessarily be against compliance. During the meeting, a survey about privacy was conducted amongst attendees and revealed that 50% of  participants were in favor of selective privacy, which means higher privacy for low-value transactions, an approach that has already been seen as technically feasible. 33% of the participants voted for anonymity, and 0% (!!) voted for payment transparency to an intermediary or fully transparent to the central bank. "

"The "Cypherpunk's Manifesto" begins, "Privacy is necessary for an open society in the electronic age." But privacy coins have failed to take off. Monero and zcash are both worth less today than what they were worth in 2018. Even on darknet markets, where you'd expect privacy coins to thrive, bitcoin is still the asset of choice. Privacy coins have been a disappointment. Why haven't they taken off? There are four primary reasons."

A Bank of Japan paper [sorry, it's only in Japanese] surveys the literature on the economics of privacy." The economics of privacy teaches that market mechanisms can address issues such as how to determine socially desirable levels of privacy protection and how to deal with privacy infringements caused by the "negative externalities" of personal information data. It's difficult to solve. This perception can give important implications when considering how to proceed with the utilization of data while giving a sense of security to people who use digital payment systems.

Are There Tech Solutions to the Privacy and Compliance Trade-Offs for CBDCs? Users will likely demand cash-like privacy protections for central bank digital currencies, which may be thwarted by regulations. However, new technology solutions may enable high degrees of privacy while complying with regulations.

A Bank for International Settlements (BIS) study found privacy-preserving variations of central bank digital currency (CBDC) design have significant effects on willingness to use CBDC to purchase privacy-sensitive products (e.g., psychiatric services and adult products). It was based on a survey of a nationally representative sample of over 3,500 Korean participants. The willingness to use CBDC substantially increases with the provision of information about the privacy benefits of using it. Finally, these effects vary with respondents' trust in public or private institutions with regard to privacy protection and their demographic characteristics.

The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP released a white paper on privacy-enhancing and privacy-preserving technologies. The paper explores how organizations are approaching privacy-enhancing technologies ("PETs") and how PETs can advance data protection principles and provides examples of how specific types of PETs work. It also explores potential challenges to the use of PETs and possible solutions to those challenges.

The Bank of Japan (BoJ) published a paper on privacy-enhancing CBDC technologies, comparing methods for privacy-preservation, such as homomorphic encryption and zero-knowledge proofs (ZKPs), and discusses how important other central banks rank privacy within their CBDC projects. As part of its CBDC research, the BoJ will continue to research and study privacy protection related to digital currencies with a wide range of stakeholders.

According to Coinmetrics, the combined daily transactions of three privacy coins, Zcash (ZEC), Monero (XMR), and Grin (GRIN), equated to only 6% that of Bitcoin (BTC), despite the coins offering substantially more privacy. Moreover, those cryptocurrency holders who do use privacy coins aren't necessarily maximizing those coins' features. For example, despite Zcash having a fully private mode, fewer than 2% of transactions made with the currency use this method. The overwhelming majority of Zcash users choose to use transparent transactions or partially private transactions. https://coinmetrics.substack.com/p/coin-metrics-state-of-the-network-3dc

This study focuses on the development of a CBDC protocol that ensures privacy and security for offline payments. Its foundation makes use of blind signature technology, a method that keeps a message's content secret from the signer and upholds the privacy of transaction Data. The zk-SNARK (Zero-knowledge Succint Non-interactive Argument of Knowledge) protocol, which assures that transactions are both private and verifiable without necessitating interaction between the prover and verifier, provides a complement to this. By leveraging blind signature technology and the zk-SNARK protocol, we explore how to overcome privacy-related challenges in retail CBDC while ensuring resilience against quantum attacks.

The International Working Group on Data Protection in Technology (the "Berlin Group"), chaired by the German Federal Commissioner for Data Protection and Freedom of Information (BfDI), published a working paper on central bank digital currency (CBDC) privacy-related risk factors. For example, the paper points out that the ECB must take a privacy and data protection by design and by default approach. In addition, it argues that a distributed ledger technology (DLT) architecture does not necessary entail a more privacy friendly solution, because data is immediately visible to all nodes in the network and immutability means that data can never be deleted or rectified (a right that is guaranteed in Europe's General Data Protection Regulation (GDPR). Also, some programmable features imply privacy and civil rights risks that may outweigh the potential benefits, due to legal and ethical concerns (for example automated decision-making without possibility of appeal and/or risk of censorship).