Crypto crimes and the risk of anonymity

I have written before that governments will never allow anonymous digital currencies and my comments attracted a certain amount of controversy. And I understand why. But to those who say that uncensorable, untraceable digital cash would be a shield against dictators, a force for the oppressed and a boon to free man everywhere… I say be careful what you wish for. The issue of anonymity in payments is complex and crucial and it deserves informed calm strategic thinking because digital currency touches on so many aspects of society.

One obvious and important aspect is crime. Would digital currency change crime? If I hire thugs to lure a cryptobaron to a hotel room and then beat him up to get $1m in bitcoins from him (as actually happened in Japan), is that a crypto-crime or just boring old extortion? If I use Craigslist to lure a HODLer to a street corner and then pull a gun on him and force him to transfer his bitcoins to me (as actually happened in New York), is that a crypto-crime or just boring old mugging? If I get hold of someone’s login details and transfer their cryptocurrency to myself (as has just happened in Springfield), is that a crypto-crime or just boring old fraud? If I kidnap the CEO of a cryptocurrency exchange and then release him after the payment of a $1 million bitcoin ransom is that, as the Ukrainian interior minister said at the time “bitcoin kidnapping” or just boring old extortion?

Holmes

Cash or charge? (CC-BY-ND 4.0)
NFT available direct from the artist at TheOfficeMuse (CC-BY-ND 4.0)

 These are just crimes, surely? And not very good ones at that, because they are recorded in perpetuity on an immutable public ledger. Personally, if I were to kidnap a cryptocurrency exchange CEO I would ask for the ransom to be paid in some more privacy-protecting cryptocurrency, because as I explained in the FT some years ago, Bitcoin is not a very good choice for this sort of cyber-criminality. It’s just not anonymous enough for really decent crimes or the darkest darknets. Hence my scepticism about claims that Bitcoin’s long term value will be determined by it’s use for crime.

Untraceable

But what if there were an actually untraceable cryptocurrency out there and it wasn’t up to governments to allow it or not? Would an aspiring cryptocriminal mastermind be able to use it for something more innovative than the physically-demanding felony of kidnapping? I’m sure the Mafia would be delighted to have anonymous digital cash to zip around the world, but what would they use it for? Might they come up with some dastardly enterprise that is not a virtual shadow of a crime that has been around since year zero, but a wholly new crime for the virtual world? What if they could find one with the potential to take over from drug dealing (currently approximately 40% of organised crime revenues) as the best option for the criminal entrepreneur?

Ransomware is one interesting candidate. It is certainly a major problem. Criminals seize control of organisations’ computer networks, encrypting their data and demanding payment to deliver the decryption keys. Companies paralyzed by the attacks paid hackers an average of more than $300K in 2020 (triple the average of the year before). A cyber security survey last year revealed that more than two-thirds of organisations in the United States had experienced a ransomware attack and had paid a ransom as a result! That’s a pretty decent business for criminals and it certainly was a driver for Bitcoin, although ransomware operators have been moving away from it for some time.

(Once again demonstrating the impending explicit pricing of privacy, the Sodinokibi payment website last year began charging 10% more for Bitcoin ransoms compared to the more private Monero cryptocurrency.)

On the whole, given the basic nature of most organisation’s cyber-defences (more than half of all ransomware attacks stem from spam e-mails), one might expect the ransomware rewards to continue to grow. Apart from anything else, the ransomware raiders are reinvesting their profits in increasingly efficient operations, making for even bigger and bolder attacks.

Assasinate and Win

So, ransomware. But what about a more sinister candidate for large-scale criminality though? Is it time for the “assassination market”? It’s not a new idea. A few years ago, Andy Greenberg wrote a great piece about this here on Forbes. He was exploring the specific case of “Kuwabatake Sanjuro” who had set up a Bitcoin-powered market for political assassinations, but in general an assassination market is a form prediction market where any party can place a bet on the date of death of a given individual, and collect a payoff if they “guess” the date accurately. This would incentivise the assassination of individuals because the assassin, knowing when the action would take place, could profit by making an accurate bet on the time of the subject’s death.

This idea originated, to the best of my knowledge, with Jim Bell. Way back in 1995 he set it out in an essay on “assassination politics“. I suppose it was inevitable that advent of digital cash would stimulate thought experiments in this area and it was interesting to me then (and now) because it showed the potential for innovation around digital money even in the field of criminality.

Here’s how the market works and why the incentive works, as I explained in my book “Before Babylon, Beyond Bitcoin“. Someone runs a public book on the anticipated death dates of public figures. If I hate some tech CEO (for example), I place a bet on when they will die. When the CEO dies, whoever had the closest guess to their date and time of death wins all of the money staked, less a cut for the house. Let’s say I bet $5 (using anonymous digital cash through the TOR network) that a specific tech CEO is going to die at 9am on April Fool’s Day 2022. Other people hate this person too and they put down bets as well. The more hated the person is, the more bets there will be.

April Fool’s Day 2020 comes around. There’s now ten million dollars staked on this particularly CEO dying at 9am. I pay a hit man five million dollars to murder the CEO. Hurrah! I’ve won the bet, so I get the ten million dollars sent to me in anonymous digital cash and give half to the hit man. No-one can pin the crime on me because I paid the hitman in untraceable anonymous digital cash as well.

I’m just the lucky winner of the lottery.

But better than that is that if I can get enough bets put on someone, then I don’t even have to take the risk of hiring the hitman. If I use some anonymous bots or friendly tolls to coordinate a social media campaign to get a million people to put a $5 bet on the date of the tech CEOs death, then some enterprising hit man will make their own bet and kill them. If the general public had bet five million bucks on 31st March and some enterprising cryptopsycho had murdered the CEO themselves the day before, then it would only have cost me a $5, and I would have regarded that as $5 well spent, as would (presumably) everyone else who bet $5!

(This is an edited version of an article first published on Forbes, 14th April 2021.)

The CBDC privacy paradox

It seems to meet that there is something of a paradox around cash, digital cash and anonymity. The average consumer wants anonymity for their own payments because they are not crooks (and their purchasing decisions are no-one’s business except theirs and the merchant’s). On the other hand, the average consumer (not to mention the average law enforcement agent) doesn’t want anonymity for terrorists, lobbyists or fraudsters.

The Bank of England’s fintech director Tom Mutton said in a speech that privacy was “a non-negotiable” for a retail CBDC. Meanwhile, the Bank of Canada (just to pick one recent example) published a a staff analytical note on the risks associated with CBDCs stating that central banks should mitigate risks such as anonymity present in digital currencies. Note the formulation of anonymity as a “risk”. With stricter rules on the holding and exchange of cryptocurrencies coming into place around the globe. Just to give one example, South Korea’s Financial Services Commission has announced new rules to come into force in 2022, banning all anonymous digital currencies “that possess a high-risk of money laundering” (which, as far as I can see, is all anonymous digital currencies).

There is a payments privacy paradox, and cryptocurrency brings it into sharp relief. Good people should be allowed anonymous cash, but bad people should not. Click To Tweet

How can we resolve this? Well, I think that we can, if we spend a little time to think about what anonymity and privacy actually mean.

The Clinton Paradox

This is a special case of a more general paradox. Let me explain and illustrate. A few years ago, I was invited me along to “an event” in London to enjoy a morning of serious thinking about some key issues in information security. They had some pretty impressive speakers as I recall: Mike Lynch, the founder of Autonomy, was one of them. Alec Ross, who was Senior Advisor for Innovation and Technology to the Secretary of State Hilary Clinton, gave the keynote address on “ The promise and peril of our networked world ”. Alec was a good speaker, as you’d expect from someone with a background in diplomacy, and he gave some entertaining and illustrative examples of using security to help defeat Mexican drug cartels and Syrian assassins. He also spent part of the talk warning against an over-reaction to “Snowden” leading to a web Balakanisation that helps no-one.

A decade back, I wrote about what I called the  “Clinton Paradox”. This came about because I read a piece by Bob Gourley. the former CTO of the U.S. Defense Intelligence Agency, who framed a fundamental and important question about the future identity infrastructure when analysing Hillary Clinton’s noted speech on Internet freedom.

We must have ways to protect anonymity of good people, but not allow anonymity of bad people.

Mrs. Clinton had said that we need an infrastructure that stops crime but allows free assembly. I have no idea how to square that circle, except to say that prevention and detection of crime ought to be feasible even with anonymity, which is the most obvious and basic way to protect free speech, free assembly and whistleblowers: it means doing more police work, naturally, but it can be done. By comparison, “knee jerk” reactions, attempting to force the physical world’s limited and simplistic identity model into cyberspace, will certainly have unintended consequences. Hence, I had suggested, it might be better to develop an infrastructure that uses a persistent pseudonymous identity. I was looking to mobile operators to do this, because they had a mechanism to interact face-t0-face (they had retail shops at the time) and remotely, as well as access to tamper-resistant secure hardware (ie, the SIM) for key storage and authentication. It never happened, of course.

Why am I remembering this. Well, I challenged Alec about the Clinton Paradox —slightly mischievously, to be honest, because I suspected he may have had a hand in the speech that I referred to in that blog post—and he said that people should be free to access the internet but not free to break the law, which is a politician’s non-answer (if “the law” could be written out in predicate calculus, he might have had a point, but until then…). He said that he thought that citizens should be able to communicate in private even if that means that they can send each other unauthorised copies of “Game of Thrones” as well as battle plans for Syrian insurgents.

I think I probably agree, but the key here is the use of the phrase “in private”. I wonder if he meant “anonymously”? I’m a technologist, so “anonymous” and “private” mean entirely different things and each can be implemented in a variety of ways.

The Payments Paradox

How will the Bank of Canada mitigate the risk of anonymity and South Korea maintain a ban on “privacy coins” when faced with a Bank of England digital currency that has non-negotiable privacy? Well, the way to resolve this apparent paradox is to note the distinction above between privacy and anonymity.

In the world of cryptography and cryptocurrency, anonymity is unconditional: it means that it is computationally infeasible to discover the link between a person in the real world and value online. Privacy is conditional: it means that the link is hidden by some third party (eg, a bank) and not disclosed unless certain criteria are met.

Showmethemoney

You can own these cartoons!
NFTs available from the artist Helen Holmes at
TheOfficeMuse
(CC-BY-ND 4.0)

Surveying the landscape as of now, I think we can see these concepts bounding an expanding privacy spectrum. There will undoubtedly be anonymous cryptocurrencies out there, but I think it is fair to observe that they will incur high transaction costs. At the other end of the spectrum, the drive for techfins and embedded finance will mean even less privacy (for the obvious reason, as discussed before, that their payment business models around around data). One might argue, with some justification I think, that central banks are better positioned than banks or other intermediaries when it comes to safeguarding data, because a central bank has no profit motive to exploit payments data.

(I could go further and argue that if the central bank were to place transaction data into some form of data trust that would facilitate data sharing to the benefit of citizens, we might see some real disruption in the retail payments space. In a data trust, structure, data stewards and guardians would look after the data or data rights of groups of individuals with a legal duty to act in the interest of the data subjects or their representatives. In 2017, the UK government first proposed them as a way to make larger data sets available for training artificial intelligence and a European Commission proposal in early 2020 floated data trusts as a way to make more data available for research and innovation. And in July 2020, India’s government came out with a plan that prominently featured them as a mechanism to give communities greater control over their data.)

Digital Currency, Digital Privacy

As The Economist once noted on the topic of central bank digital currency, people might well be “uncomfortable with accounts that give governments detailed information about transactions, particularly if they hasten the decline of good old anonymous cash”. And, indeed, I am. But the corollary, that anonymous digital currency should be allowed because anonymous physical cash is allowed, is plain wrong.

No-one, not the Bank of England nor any other regulator, central bank, financial institution, law enforcement agency, legislator or, for that matter, sane citizen of any democracy, wants anonymous digital currency whether from the central bank or anyone else. The idea of giving criminals and corrupt politicians, child pornographers and conmen a free pass with payments is throughly unappealing. On the other hand, the Bank of England and all responsible legislators should demand privacy.

I think the way forward is obvious, and relies on distinguishing between the currency and the wallets that it is stored in. Some years ago, when head of the IMF, Christine Lagarde spoke about CBDCs, noting that digital currencies “could be issued one-for-one for dollars, or a stable basket of currencies”. Why that speech was reported in some outlets as being somewhat supportive of cryptocurrencies was puzzling, especially since in this speech she specifically said she remained unconvinced about the “trust = technology” (“code is law”) view of cryptocurrencies. But the key point of that speech about digital fiat that I want to highlight is that she said

Central banks might design digital currency so that users’ identities would be authenticated through customer due diligence procedures and transactions recorded. But identities would not be disclosed to third parties or governments unless required by law.

As a fan of practical pseudonymity as a means to raise the bar on both privacy and security, I am very much in favour of exploring this line of thinking. Technology gives us ways to deliver appropriate levels of privacy into this kind of transactional system and to do it securely and efficiently within a democratic framework. In particular, new cryptographic technology gives us the apparently paradoxical ability to keep private data on a shared or public ledger, which I think will form the basis on new financial institutions (the “glass bank” that I am fond of using as the key image) that work in new kinds of markets.

So, if I send ten digital dollars from my digital wallet to your digital wallet, that’s no-one business but ours. If, however, law enforcement agencies obtain a warrant to require the wallet providers to disclose the identity of the owners, then that information should be readily available. There is no paradox around privacy in payments, but there is an imperative for practical pseudonymity.

[An edited version of this article first appeared on Forbes, 6th April 2021.]

Objects-as-a-Service (OaaS) and why things need identities

Ann Cairns, Executive Vice Chair at MasterCard, said back in 2018 that it could be the year when (thanks to the incredible speed with which new technologies are adopted) physical wallets could soon be a thing of the past as the world wakes up to wearables. Ann said, correctly, that wearable devices are getting a “new lease of life by becoming payment enabled” and noted forecasts predicting that two-thirds of wearables would have payment functionality by 2020. This didn’t quite happen, for reasons I will return to shortly, but as a baseline note her point that five years ago the global sales of smart wearables were already at $416 billion.

In 2019, Mastercard highlighted that wearables are about fashion as well as function. They pointed out that as the technology that powers wearables gets smarter, fashion brands rather than technologists (or payments geeks) are driving the evolution of the market. Even then, one in five adults in the USA were already wearing a smart watch or fitness strap and they expected the wearable tech market to reach something like $30 billion in 2020.

Wearables Market 2020

Global wearables markets 2020 (Source: IDG, 12/20).

In 2020, as these figures from IDG show, the wearables market (dominated by Apple) continued to grow and is expected to maintain a double-digit rate of growth through 2024. In the US, the wearable device most frequently used for payments is the smartwatch (more than mobile phones or contactless cards). Interestingly, recent research shows that college graduates are more frequent users of smart watches for payments than non-college graduates and that they use their wearables to pay more than 200 times a year, almost double the usage of mobile phones and 50% more than cards.

The market for wearables that can do interesting things (eg, payments) is going to grow more than that though, because the growth of cheap passive wearables (ie, wearables that don’t need batteries, just as contactless cards don’t need batteries) will grow faster because of the new, smaller and more cost-effective chips arriving from suppliers such as Infineon. I wasn’t surprised, therefore, to see an excellent presentation from Discover at the Women in Payments 2021 summit saying that…

Discover Wearables

So what has prevented this market from developing even faster? Well, the process of taking an “empty” microchip and loading secure credentials into it so that it can be used for payments, identity, provenance and other high value applications (the process of what card people call “personalisation”) is complex and costly. Imagine that you are running a pop festival and you want to provide rings or wristbands or badges or whatever than can be used to gain entry, to pay for drinks, to identify someone in an emergency. Taking 20,000 wristbands and loading credentials into them and then making sure each wristband gets to the right person is a logistical challenge hence the technology tends to be applied at the high end of the market. There are companies that make some beautiful wearables that can be used in this way. I love the stuff that Tovi Sorga has and I think this illustrates that Mastercard point about the role of fashion. Amex, to give another example, have just released a Prada leather bracelet with a contactless chip in it for their Centurion cardholders.

Getting the right bracelet with the right payment card into the hand of the right cardholder is complicated though. The logistics are a challenge because the devices must be “personalised” when they are ordered and then correct distributed. As a way of reducing the logistics costs, though, suppose there was a decentralised way to do the personalisation needed to turn nice wearables into secure, smart objects? Imagine that the pop festival organiser sends you a wristband and then you use your own mobile phone to load one of your payment cards into the wristband? Or you use the (eg) Discover app on your phone to create a prepaid card valid for a week and load $100 onto so that you can leave your phone in your pocket while you enjoy the show? Well, this is what Digiseq, a UK start up has done. And this is only one of the reasons why I was flattered to be asked to become their Non-Executive Chair as they go into their next fund-raising round. Amongst their achievements already is the launch of KBC wearables in Belgium, including the Rosan Diamond key fobs that proved popular last year, creating a Lucozade bottle that you could use to pay for travel in London and putting chips into the Golden Globe awards so that their authenticity and provenance could be validated.

Provenance is Forever

Provenance is important. I wrote about it more than a decade ago using the example of luxury goods such as watches and asking how you would tell a fake Rolex from a real one. It’s a much more complicated problem than it seems at first. Suppose an RFID chip is used to implement an ID in luxury goods, authentic parts, original art and so on. If I see a Gucci handbag on sale in a shop, I will be able to wave my phone over it and obtain the ID.  My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. I could go onto the Gucci-lovers website and find out that product 999 is a particular kind of handbag, but nothing more: I may know that the tag is ‘valid’, but that doesn’t tell me much about the bag. For all I know, a bunch of tags might have been taken off real products and attached to fake products.

To know if something is real or not, I need more data. If I wanted to know if the handbag were real or fake, then I would need to obtain its provenance as well as its product details. The provenance might be distributed quite widely. The retailer’s database would know from which distributor the bag came; the distributor’s database would know from which factory the bag came and Gucci’s database should know all of this. I would need access to these data to get the data I would need to decide whether the bag is real or fake.

The key to the business model is not the product itself but the provenance, so delivering a service means linking the personalisation and the provenance under the control of the brands. This is where Digiseq is going. In January, one of the world’s leading chip manufacturers Infineon Technologies AG announced that they will be working Digiseq on their  SECORA™ Blockchain NFC technology to deliver secured identity data. This is an advanced solution that connects the digital data recorded on blockchain to physical items, allowing for just this comprehensive verification of the identity of items, thereby eliminating the challenge of product substitution and heightening supply chain transparency.

cheap chips can turn almost anything into a smart object and with the right provenance service in place turn those smart objects into objects-as-a-service (OaaS). Click To Tweet

The ability for brands to choose whether to give customers high end wearables for select markets or to push into the mass market with wearables that customers can personalise themselves, using the mobile phones to add/remove payment cards, access codes or identities at any time, is a game changer. But it is only the beginning. The secure microchips that are inside the Prada bracelet or the Golden Globes can be inside everything from smart watches to luxury handbags, from aircraft parts to bottles of whiskey. These inexpensive RFID chips turn almost anything into a smart object, and with the appropriate back-end provenance system in place, they can turn those smart objects into objects-as-a-service (OaaS).

Objects-as-a-Service are going to be… well, huge. If you want to learn a little more about this incredible new market and the opportunities that it presents, come and join me at the Digiseq webinar on 22nd April 2021 at 9am UK time. Sign up here.

Right now we need embedded health as much as embedded finance

Embedded finance is great and I love having apps on my phone that take care of the interface to the tedious world of banks and money so that I don’t have to deal with them. But embedded finance doesn’t get me out of the house. And it can’t get me in to watch Manchester City again. It can’t get me on a plane to Singapore. Perhaps to get the post-COVID economy moving again, embedded health APIs will be more important than embedded finance APIs!

What’s the point of having all sorts of clever instant credit, credit transfer and buy on credit mechanisms that I can use to buy a new shirt if I am not allowed to go to meetings? Why bother with fancy QR code contact-free dining experiences if I am not allowed into a restaurant? How do I benefit from sophisticated electronic tickets dropped directly into my phone when there is nowhere to go on the train? What is needed to ease the economy back on track in the recurring pandemic, new normal world is the ability to show a vaccination record as well as a plane ticket and a negative test result along with a restaurant booking.

In fact, so pressing is this need that I might go so far as to predict that the virus shock may well mean a quantum leap in strategy in the world of digital identity: what if it is not finance or government, as most of us had assumed, but travel and hospitality that drives digital identity into the mass market?

Barman

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

It is actually pretty easy to imagine the customer journey with embedded health. I go online to buy ticket to see Hawkwind in concert at the London Palladium in May but in order to check out I must first present a certificate to show that I have been vaccinated against COVID-19 (I’m afraid that the Hawkwind fan demographic renders this necessary) and a certificate to show that I have been vaccinated against Yellow Fever or whatever else the London Palladium demands from would-be patrons. I present the digital certificates and go about my day.

That is quite easy to draw as some boxes and arrows mapping out a customer experience journey on a whiteboard, but what has to happen to make it a reality? That’s where things become a little more complex.

Vaccine Passports

There are some well understood issues around identification and authentication but to my mind these are largely solved. There are plenty of companies that can do digital onboarding pretty efficiently (indeed, I am an advisor to the board of one of them, Au10tix) and there are plenty of companies that can do authentication: If I could have used “sign in with Apple at the London Palladium”, I undoubtedly would have. What’s missing, and where there has to be some progress to bring that smooth customer experience into being, is the standardisation of the creation, presentation and verification of the health-related data.

(Just to divert for a moment to be specific about language: I use claim to mean the process of presenting a credential to be verified and I use credential to mean some attribute that has been attested to by somebody that the verifier can trust. By trust, of course, I mean “can sue for large amounts of money if the data turns out to be incorrect”.)

If a theatre, or more likely a theatre’s merchant services processor (MSP), wants me to show that I have been vaccinated then both the claim process and the claim data have to be in some sort of standard format. Otherwise we will end up in bubbles and make no real progress. It is clear that something has to be done. Ursula von der Leyen, the president of European Commission, recently said that a “Digital Green Pass” would provide proof of inoculation, test results of those not inoculate and antibody status of those who had had the disease. This is inevitable, frankly, in one form or another. But how exactly would it work?

There are some great companies out there who are already working hard to make the transport and display of results as easy as possible.Yoti, for example, have been involved in a number of trials using FRANKD. This is a rapid Point of Care Covid-19 RT-LAMP. People scan a unique QR code on their FRANKD test bag to add their identity to the test. After a testing swab is taken, results are processed and delivered straight to the individuals’ Yoti app within 30 minutes. To scale up, though, we need standards that identity providers can use to interoperate with service providers of all kinds. This is why the foundation of the Vaccination Credential Initiative (VCI) is so important.

VCI is a coalition of public and private partners including Microsoft, Salesforce, Oracle, The Commons Project Foundation, Mayo Clinic and many others working to enable digital access to vaccination records using the open, interoperable SMART Health Cards specification, based on the W3C Verifiable Credential (VC) and HL7 FHIR standards. FHIR stands for Fast Healthcare Interoperability Resources, a standards framework created by Health Level Seven International (HL7) , a not-for-profit, ANSI-accredited organisation developing standards for the exchange, integration, sharing and retrieval of electronic health information. The idea, essentially, is to group a set of FHIR content resources (eg, immunisation or observation) for presentation in the form of a verifiable credential.

The New York Times showed a mock-up (from The Commons Project) of what a digital vaccine credential might look like in practice, using a pretty straightforward QR code interface that passengers are already familiar with for check in.

Travel

Waiting for a globally-interoperable set of standards won’t help to boost the economy today, so it seems to me that it makes sense to link sector-specific identities together with sector-specific credentials that can be later bridged at the back-end. The obvious place to start implementing something like the EU’s Digital Green Pass is in the travel sector and the obvious people to co-ordinate this are the International Air Transport Association (IATA) and, indeed, the COVID-driven need for a such credentials has led IATA and British Airways’ parent company, International Airlines Group (IAG), to starting work together in this direction.

I hope they chose to use open standards for their Travel Pass Initiative (TPI). TPI brings together four interoperable “modules” that combine to deliver a practical solution to get people moving again. These modules are:

  • A up-to-date list of requirements for travel (ie, what vaccines or tests are necessary for travel on specific routes) so that travellers know what they need to do to travel;
  • A registry of health centres that can carry out vaccinations and tests that travellers need;
  • A contactless travel app for travellers so that they can find out what the travel requirements are, where they can get the tests and vaccines and store the results;
  • An application for labs to report results.

Singapore Airlines has been the first carrier to adopt the new standard and begin verification based on the IATA TPI framework. Passengers who receive a negative test or vaccine will be given either a digital or paper QR code to take to the airport. Emirates will implement the first phase in Dubai in April and will use the app for the validation of COVID-19 PCR tests before departure. Using the app, which will automagically post details to the check in system, passengers travelling from Dubai will be able to share their test status directly with the airline before reaching the airport. 

So if this works for getting on planes… why not use the same registries and APIs to power applications for restaurants and pubs to get the economy moving again? I’d be more than happy to be required to show my test status to get into the Etihad to watch the mighty Manchester City via a Travel Pass app, or my British Airways app, or my Man City app or whatever other convenient application was accessing standardised VCI vaccination and test records through the IATA API. And if IATA and VCI together create a global standardised platform then the opportunity for fintechs to exploit the combination of embedded health and embedded finance together in apps will be enormous.

(An edited version of this piece appeared on Forbes, 25th January 2021.)

From Location to Microlocation

I loved the 2014 book “You Are Here” by Hiawatha Bray of The Boston Globe. It tells the history of location and navigation technologies and explains just what a huge change in human affairs it was when suddenly you could always know where you were and how to get where you want to be. We take it for granted today, but GPS and Google Maps are pretty astonishing. My children have absolutely no idea what it would mean to be lost. There’s no such concept in a smartphone world where cars will soon be able to drive themselves home and your Bluetooth can tell you which office you are in and how to get to the coffee room.

Well, another big change in location is coming. Consumers will soon see a whole new range of services that are impossible to deliver using existing location technologies such s GPS or Bluetooth and these will in turn create incredible new opportunities for financial services. It hasn’t got as much attention as 5G but since the iPhone 11, Apple’s phones (and the series 6 Apple Watch and the new HomePod) have come with a technology called Ultra Wideband, or UWB. As does the new Samsung Galaxy Note 20. UWB heralds a new battle between the internet giants: the battle over micro-location (or µlocation, if you will).

Knowing where you are has changed the world. Knowing where everything is will change it again. Not only will you never get lost again, you’ll never lose any of your stuff again.

First of all, it’s important to understand that UWB is not really a new technology. The IEEE (Institute of Electrical and Electronic Engineers) standard on UWB (802.15.4) came out more than a decade ago. It was one of a family of wireless protocols (along with Bluetooth, ZigBee and WiFi) that were intended for short-range wireless communications with low power consumption. At the time it was assumed that, broadly speaking, Bluetooth was for a cordless keyboards and hands-free headsets, ZigBee was for monitoring and control networks, while Wi-Fi was for computer-to-computer connections to substitute for wired networks and UWB was for high-bandwidth multimedia links. It never really caught on though. WiFi worked well enough and it got faster pretty quickly.

So there was a pivot.

Engineers found another use for UWB, because the radio pulses that it uses have a very interesting characteristic which is that they allow you to determine location very accurately indeed. Much more accurately than you get from signal strength estimation (as with Bluetooth proximity applications). This means that with UWB it is possible to measure distance to a couple of inches and since apps can get this information a few times every second they can also tell whether another device is stationary, approaching or receding. For example, a UWB-enabled system can sense if you’re moving toward a locked door and it can know if you’re on the inside or outside of the doorway, to determine if the lock should remain closed or open when you reach a certain point.

Finding things is only the beginning, although it is by itself a huge market. Take tags. If you have a UWB phone and a UWB tag of some kind, the phone can work out exactly where the tag is. I’m a big fan of this kind of application because I’m old and forget everything and adore my Tile app! If you haven’t used Tile, it’s an app on your phone that can locate Bluetooth tags. You buy these tags and then attach them to things (I’ve got one on my keys, one in my wallet, one on my TV remote and one in my notebook) so that you can find them easily. I can’t tell you how many times I’ve misplaced my keys and saved hours of searching around the house by using the app.

Socks

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

A recent Apple patent application sets out how a system of “Airbags” might work. Suppose you have one of these tags in your notebook and you leave your notebook somewhere. When the notebook loses touch with your iPhone because you have walked away, the tag goes into a “lost mode” and transmits its encrypted details through any other device it happens to come into contact with. So a stranger with an iPhone walks past, the tag sends its position and that stranger’s iPhone passes the message on via Apple to your iPhone. So when you realise you can’t find your notebook, your iPhone can tell you exactly where it is. The idea that you can lose something will fade from memory. Just as the 4G generation cannot imagine being lost because their phone can always tell them where they are, so the UWB generation will not be able to imagine losing anything, because their phone will always be able to tell them where if they left their wallet in a store, if the TV remove control is still in the family room and if their stash has been moved from their secret place in the tree near the park.

A more mainstream use case (where Apple already has patents) is for keyless car unlocking. Apple is a charter member of the Car Connectivity Consortium, which created the Digital Key Release 1.0 specification in 2018, and I’m sure that this sort of thing is only the beginning. Who knows what applications inventive developers will come up with when they have the ability to determine location to this kind of accuracy. Look at the issues that have arisen with using Bluetooth approximations in the Apple/Google contact tracing services.

New Competition

UWB chips are already used for some amazing applications such as tracking players (and the ball) on a sport field or for finding equipment in hospitals, but now that they are arriving in consumer devices there is going to be an explosion of creativity from those COVID contact tracing services (much better with µlocation than with Bluetooth) to contact-free commuting (where the train knows where you got on and got off). Knowing where you are, and where your stuff is, to an inch instead of 30 feet opens up new possibilities which is a variety why industry analysts estimate that this market will grown around 20% per annum, hitting at least $50 billion in the five year.

So why am I thinking about this stuff now? Well, it’s because it has started to make inroads into the world of payments. In Japan, NTT Docomo has teamed up with Sony and NXP Semiconductors (their UWB chipset was announced last September) to trial technology that lets shoppers make NFC payments without having to take their phones out of their pockets. They are using UWB to follow user movement and positioning with location accuracy of a few centimetres. This takes the new location technologies into the transaction space, alongside the existing Wifi, RFID/NFC and Bluetoon technologies. Obviously this of particular interest to me because of the applications around payments, insurance and risk management but I’m sure there are kids in basements rights now working on applications that I’ve never thought.

It seems to me that location is going to be central to some pretty important battles in the consumer technology space. Wired magazine summed up one of these battles very well last year, noting that Amazon (whose Sidewalk meshes low-cost, low-bandwidth sensors and smart devices) and Apple have embarked on missions to extend their control of their customers’ devices so that “Apple can get out of the home and Amazon can get into it”.

Knowing where you are and where your stuff is begins to erode fuzzy boundaries between mundane and virtual and creates a new border zone where competition will spur a generation of innovation. Oh, wait… where did I leave my AirPods…

[This is an edited version of an article that first appeared on Forbes, 12th November 2020.]

International Identity Day

Old MacDonald Had A Retinal Scanner

Well, here we are again. It’s 16th September and International Identity Day (IID) once more*, so I’m here to rejoice with you all. To celebrate this auspicious date, I used my strongly-authenticated virtual identity with the verifiable credential IS_OVER_18 (which is linked to the digital identity stored in my bank wallet) to log in to a French vineyard to pre-order a crate of Beaujolais nouveau. I gave them my Amazon address credential when they wanted a delivery address and my payment name to send their request-to-pay for Amex to digitally sign to confirm payment. My real name and my financial details were never part of this very efficient online purchase.

Not only do we not have digital identities for people, we don’t have digital identities for anything else either. Click To Tweet

I’m joking, of course. It’s actually even worse than you think. Not only do we not have digital identities for people, we don’t have digital identities for anything else either. And that might be more important than you think. After all, we spend a lot of time talking about digital identity for people and speculating about whether Apple ID or federated Bank ID or centralised Government ID is the best implementation but in the new online world, there are a great many entities other than people that will need to have digital identities in order to participate in a functioning post-industrial economy. Things, for example. And artificial intelligences: Bots will need identities, too. In fact I’m writing a book about this at the moment. It’s going to be called “Will Robots Need Passports?” and it will be out next year sometime.

(And the answer, as I am sure you already know, is “yes”. Spoiler alert: robots will need passports because they will need to be authorised to access resources and they will need to be recognised in order to develop reputations that will be transaction enablers.)

What we don’t spend anything like enough time talking about, though, is the digital identity of animals. I read with great interest a report in the Times of India about a new smartphone app that farmers can use to check information about cattle. This was developed in response to an appeal from Prime Minister Modi for a means to reduce cattle theft. As you probably know, India already has a national identity number for people — Aadhar — and it has worked pretty well, providing a low-cost mechanism to establish the unique identities of citizens and thereby contribute to the goal financial of financial inclusion which (as everyone knows) is an identity problem. Therefore, it would seem logical to give animals a number too.

But how do you tell Napoleon from Snowball?

Well, in this case, specific information “unique to each animal” like the footprint, height, weight, colour and tail hair is recorded in the software and a unique ID is generated. As one of the designers of the software notes, this ID “is very useful when insuring cattle”, which is a good point. I am slightly surprised that, all other things being equal, they didn’t put the IDs on a quantum-resistant blockchain in the cloud, but that’s probably version 3.

Nevertheless, the animal Aadhar — the biometric identification of animals and the association of a digital identity — clearly has economic value. I don’t know how unique animal footprints are, so I cannot comment on adjusting the false accept and false reject rates for optimal barnyard efficiency, but I do know that (as the Wall Street Journal recently reported) face recognition for animals is actually pretty difficult. As they put it, “It’s not like you can tell a donkey to stand still“. Quite. Nevertheless it can be done.

IFGS Panel on AI Ethics 2019 (courtesy of Emma Wu).

I know this because I was privileged to have Dr. Jion Guong Shen from JD Digits, a subsidiary of JD (China’s largest e-commerce business) on my panel about AI ethics and governance at the Innovate Finance Global Summit (IFGS) last year. This was a great panel, by the way, largely because the well-informed panellists took the discussion in such interesting and unexpected directions. JD Digits, amongst other things, runs face recognition services for farmyard animals including cows and pigs. It turns out that pig face recognition, in particular, is a big business, There are 700m pigs in China, and the productivity gains that farmers can obtain from ensuring that each pig is fed optimally, that sick pigs are kept away from the herd (and so on) are very significant. Apparently the face recognition system also goes some way to reigning in wannabe Napoleons, as Dr. Shen explained that there are some “bully pigs” that try to obtain a disproportionate share of barnyard resources. The system can spot them chowing down when they shouldn’t be and flag for intervention. This is a pretty straightforward use case for biometric identification that might useful introduced into British fast food outlets in my opinion.

Let’s celebrate International Identity Day by remembering that not only are digital identities are not simply for people and that the future economy desperately needs digital identity infrastructure for everything but that we have a long, long way to go.

* In case you are wondering why IID is 16th September, the choice of the date is in recognition of the United Nations Sustainable Development Goal (SDG) 16.9 which calls for legal identity for all including birth registration by 2030.

On the internet, no-one knows you’re toaster

The pop singer Gwen Stefani had a husband who was intimate with the family’s nanny. He reportedly recorded some amorous adventures on his iPhone, no doubt to act as a comfort in his later years. Unfortunately, he’d either forgotten about iCloud or couldn’t work out how to configure it correctly (as I can’t) with the dramatic consequence that the screen saver on Gwen’s iPad was transformed from a selection of treasured family snapshots into a flick book version of Pornhub.

Connecting everything on the Internet has unexpected consequences and they are getting worse. With the Economic Times estimating that there are already some 50 connected devices per household, we have a problem that is spiralling out of control.A recent real-world test of more than a million IoT devices found that almost all of the traffic they sent was unencrypted, exposing huge quantities of personal and confidential data to potential attackers, and that networks were mixing IoT devices other technology assets (laptops, desktops, mobiles etc) to create vulnerabilities on both sides.

Never mind no-one knowing whether you’re a dog, no-one knows whether you’re a toaster pretending to be a dog. Click To Tweet

A generation on from the famous “on the Internet nobody knows you’re a dog” cartoon that became a staple of management consultants’ presentations ever after, the situation is now far worse. Never mind no-one knowing whether you’re a dog, no-one knows whether you’re a toaster. Or a toaster pretending to be a dog. Or agents of a foreign power pretending to be a toaster presenting to be a dog that is intent on bringing down our online economy.  If the Internet of Things (IoT) is going to be a platform for embedded financial services, then it will needs a serious security makeover.

Specialized elements of hardware and software, connected by wires, radio waves and infrared, will be so ubiquitous that no one will notice their presence

From The Computer for the 21st Century – Scientific American

That was Mark Weiser’s prediction of the Internet of Things from 1991. It seems pretty accurate, and a pretty good description of where we are headed. This is world in which computers and (and financial services) vanish from view and are instead part of  the warp and weft of everyday life. What I’m not sure Mark could have predicted is what a total mess it all is.


Toaster and dogwith kind permission of TheOfficeMuse (CC-BY-ND 4.0)

Whether it’s wireless kettles or children’s toys, it’s all being hacked. Adding mass market, inexpensive and insecure devices to a global network is taking us into uncharted territory when it comes to risk. I recall that, following the last massive Internet outage caused by a “botnet”, a number of commentators remarked how odd it is that a network designed to withstand nuclear war could be disrupted so badly by toasters, nanny cams and video recorders. And that seems a fair, and rather damming, point to make about the nature of our infrastructure.

If you’re wondering, by the way, a botnet is a collection of devices (computers, toasters, cameras and anything else that can reached through the interweb tubes) that have fallen under the control of some third party and can then be used in a massed and concerted fashion either for good (e.g., searching for radio signals that might indicate extraterrestrial life) or evil (e.g., overloading bank web sites so that customers can’t get through). Just to indicate the scale, a botnet “denial of service” attack against a European bank last month managed to marshall enough devices to hit the bank’s web site with 800 million requests per second, overwhelming its defences and making it impossible for the bank’s customers to access their accounts.

This does not look good for the future. Sooner or later a cyberspace Covid 3.0 will come along and then we are really in trouble. There’s no possibility of social distancing online because we’ve gone beserk connecting things up but we’ve overlooked how to disconnect them. Or, in bumper sticker form for the modern electorate, I might be tempted to paraphrase that doors are easy, locks are hard.

Anyone can connect their kettle, car or children to the Internet. And it’s tempting to do it just because it can be done. But keeping them secure? That’s another and altogether more difficult problem. If we are going to make an the IoT a platform for financial services, if we have a vision of luggage that can sort out least-cost routing and lightbulbs that can trade energy derivatives and cars that can buy their own insurance then we’re going to have to pause for breath and rethink the platform, because that toaster botnet is only the beginning.

(The toaster botnet mentioned above is a work of art. It involves the use of malicious software that wanders the highways and byways of the internet looking for devices that have been connected but do not have security defences in place. As it happens, this turns to be almost all of them. Either the password has been set to “password” or some other easily remembered — and therefore easily guessed — word, or there’s no password at all, or there’s a bug in the software than can be exploited.

This latter category is especially vexing. Suppose it turns out that my smart toilet (these do exist by the way – I have photographic evidence) has been shipped from Korea with an old version of software that the hackers can easily exploit. Now my toilet is going to need patching and then upgrading. But supposing the facilities to patch and upgrade my toilet do exist (“do not flush – upgrade in progress – download complete in 22 minutes”), how will the manufacturers persuade me to do this? What if the manufacturers have gone out of business? What if the upgrade is itself a trick designed to subvert my toilet for the amusement or profit of Eastern European hackers?

Leaving it up to consumers will not work. We cannot trust the populace to configure their smart device firewalls any more than we can we trust pop stars to configure their iCloud, so selling toasters that can be hacked (even if it is by the CIA) ought become as unthinkable as selling cars without seatbelts. The noted security expert Bruce Schneier (one of the key thinkers in this space) has rather eloquently likened IoT’s market failure (which is that I don’t care that my toaster is insecure and is bringing down your bank, and neither does the manufacturer – it’s cheap and it works) to a kind of post-industrial pollution.

(I made a podcast with Bruce around a decade ago and can tell you straight that  he has already forgotten more about computer security than I will ever learn — and is also a very nice guy. From what I know of the topic he is of course completely correct: this market failure not only means we have no real security at present, it means that things can only get worse.)

As Bruce pointed out in his excellent book “Click Here to Kill Everybody: Security and Survival in a Hyper-connected World”, we are now in a situation where the lack of any security infrastructure means that anything that can be connected to the internet can be hacked. And since everything is connected to the internet, everything can be hacked.

The externality that Bruce highlights can only be fixed by society as a whole and, as unfashionable as that might be, that means regulation.  It’s time to begin a conversation about what that regulation might be, before it’s too late. California’s SB-327 that requires manufacturers to set different passwords for devices is a good example of what’s needed, but it’s only a start. As the Business Software Alliance’s recently-published principles for “Building a Secure and Trustworthy IoT” say, security policies should “incentivise” security through the IoT life cycle. That means a different mindset and its a mindset that sees the need for an infrastructure.

There is no doubt in my mind that we should prioritise innovation and experiment here because the truth is that just as financial services need identity infrastructures for people (IDs), so next-generation financial services will need identity infrastructures for IoTs (IDIoTs).

[This is an edited version of an article that first appeared on Forbes, 12th July 2020].

We’re doing analog AML to try and catch digital criminals

My good friend Lisa Moyle sums up the unsatisfactory nature of the current situation with Customer Due Diligence (CDD) quite well, writing that the current rules are neither effectively preventing nor capturing crime. Instead, she says, they risk making financial institutions so overly cautious that they only serve to exacerbate the problem of the un- or under-banked and create barriers for honest customers. She is spot on.

Her comments remind me of those of Rob Wainwright, then Director of Europol, when talking about the great success of the continent’s $20 billion per annum anti-money laundering regime. He said that “professional money launderers are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate”. Although we are only intercepting 1% of the dirty money, the costs that the CDD regime impose on the finance sector are enormous. The costs of the Money Laundering/Terrorist Financing (ML/TF) regime is, according to the Journal of Financial Crime 25(2), “almost completely ineffective in disrupting illicit finances and serious crime”. 

But as Lisa has pointed out, not only does the regime we have now do little to hamper terrorists, money launderers, drug dealers, corrupt politicians or mafia treasurers, it does massively inconvenience law-abiding citizens going about their daily business. According to another piece in the Journal of Money Laundering Control 17(3), the Financial Action Task Force (FATF) identification principles, guidance and practices have resulted in “largely bureaucratic” processes that do not ensure that identity fraud is effectively prevented. Were strict identification requirements to be imposed everywhere and in all circumstances, though, there would be an even more negative impact on financial inclusion because of the barriers that Lisa referred to.

Surely it’s time for a rethink.

We erect (expensive) KYC barriers and then force institutions to conduct (expensive) AML operations, using computers and laser beams to emulate handwritten index cards and suspicious transaction reports (STRs). But as I have suggested before, suppose the KYC barriers were a lot lower so that more transactions entered the financial system. And suppose the transaction data was fed, perhaps in a pseudonymised form, to a central AML factory, where AI and big data, rather than clerks and STR forms, formed the front line rather than the (duplicated) ranks of footsoldiers in every institution. In this approach, the more data fed in then the more effective the factory would be at learning and spotting the bad boys at work. Network analysis, pattern analysis and other techniques would be very effective because of analysis of transactions occurring over time and involving a set of (not obviously) related real-world entities.

I think we need to plan for a new form of CDD for the digital age. We all know that COVID-19 is accelerating the evolution of digital onboarding, and that’s great. But we need to move to the next level. I call this Digital Due Diligence (DDD) and now that we live in a world where digital identity is becoming a thing (both for people and for organisations) it’s time to plan for a faster, more cost-effective and more transparent approach that is based on the world we are actually living in.

Today we celebrate Saint Valentine, the patron saint of customer verification methods

It’s one of my favourite days of the year today! I am a payments romantic, so you will undoubtedly know why! Today across the civilised world, we celebrate Saint Valentine, the patron saint of customer verification methods (CVMs). We buy flowers and eat chocolates on this day every year cto commemorate the introduction of chip and PIN. Yes, chip and PIN was launched in the UK on 14th February 2006.

Yes, it’s lovely St. Valentine’s Day. Was it really thirteen years ago? The beautiful day, the day unromantically dubbed “chip and PIN day”, when we stopped pretending that anyone was looking at cardholders’ signatures on the backs of cards and instead mechanised the “computer says no” alternative. It really was! Thirteen years!

We English, we love out heritage. We still write our laws on vellum, we still say “what an interesting idea” when somebody says something that is transparently insane and, for now at least, we still use cards to buy things in shops. We cling to tradition. And chip and PIN is a tradition. Or at least it was.

Fraud is manageable because most transactions are authorised online now and would be whether we had chip and PIN or not. Click To Tweet

I’m sorry to say that in Merrie England, chip and PIN is on the wane. The majority of card transactions are contactless and, according to Worldpay (who should know), they have been for a few months now. Fraud is manageable because most transactions are authorised online now and would be whether we had chip and PIN or not. The offline PIN and “floor limit” world has gone. The world’s first optimised-for-offline payment system was launched after the world had already got online. This is why you see  Brian Rommele writing that “by the time the UK implemented chip & PIN, the base concept and much of the technology was already almost 40 years old”.

Early chip and PIN focus group.

It is time to remind people what Saint Valentine stood for and reiterate why we are using chip and PIN at all. In ancient times, when European retailers could not go online to verify PINs due to the anticompetitive pricing of the monopoly public telephone providers, it made sense to verify the PIN locally (ie, offline). But this is 2019. We have smart phones and laser beams and holiday snaps of Ultima Thule. We can probably think about verifying PINs online again, or even replacing PINs with fingerprints or DNA or whatever.

Smart phones in particular mean change and, as I have bored people on Twitter senseless by repeatedly tagging “#appandpay rather than #tapandpay”, this will take us forward to a new retail payment environment in which the retail payment experience will converge across channels to the app. As payments shift in-app so the whole dynamic of the industry will change. Introducing a new payment mechanism faces the well-known “two-sided market” problem: retailers won’t implement the new payment mechanism until lots of consumers use it, consumers won’t use it until they see lots of retailers accepting it. This gives EMV a huge lock-in, since the cost of adding new terminals is too great to justify speculative investment.

When you go in-app, however, the economics change vastly. For Tesco to accept DavePay in store is a big investment in terminals, staff training, management and so on. But for the Tesco app to accept DavePay is… nothing, really. Just a bit of software. However traditional we might be, the marginal cost of adding new payment mechanisms is falling (particularly direct-to-account mechanisms because of open banking) and our industry needs to think about what that means.

I’m not saying that cards and PINs are going to go away any time soon, but what I am saying is that it’s time to start thinking about what might come next. Right now, that looks like smartphones with biometric authentication, but who knows what technologies are lurking around to corner to link identification and continuous passive authentication to create an ambient payments environment in which cards (and for the matter, terminals) are present only in a very limited number of use cases.

China’s eight centuries of experiment with paper money is coming to a close

The Chinese were first with the great transition from commodity money to paper money. They had the necessary technologies (you can’t have paper money without paper and you can’t do it at scale without printing) and, more importantly, they had the bureaucracy. In 1260, the new Emporer Kublai Khan  determined that it was a burden on commerce and drag on taxation to have all sorts of currencies in use, ranging from copper coins to iron bars, to pearls to salt to gold and silver, so he decided to implement a new currency. The Khan decided to replace metal, commodities, precious jewels and specie with a paper currency. A paper currency! Imagine how crazy that must have sounded! Replacing actual stuff with apparently worthless paper! It’ll never work!

Crazy or not, it worked and just as Marco Polo and other medieval travellers returned along the Silk Road breathless with astonishing tales of paper money, so modern commentators (e.g., me) are tumbling off of flights from Shanghai with equally astonishing tales of a land of mobile payments, where paper money is vanishing and consumers pay for everything with smartphones. China is well on the way to becoming a cashless society, with the end of paper money in sight. Something like one-seventh of China’s population relies on mobile payments to get around, carrying no cash, according to a survey conducted by Renmin University of China. The natural step from there is to create digital currency so that settlement is in central bank money and there are no credit risks.

This thinking has been evolving for some time. Back in 2016, the Governor of the People’s Bank of China (PBOC), Zhou Xiaochuan, set out the Bank’s thinking about digital currency, saying that it is an irresistible trend that paper money will be replaced by new products and new technologies. He went on to say that as a legal tender, digital currency should be controlled by the central bank and after noting that he thought it would take a decade or so for digital currency to completely replace cash in China, he went to state clearly that the bank was working out “how to gradually phase out paper money”. Rather than simply let the cashless society happen, which may not led to the optimum implementation for society, they were developing a plan for a cashless society.

As I have written before, I don’t think a “cashless society” means a society in which notes and coins are outlawed, but a society in which they are irrelevant. Under this definition the PBOC could easily achieve this goal for China. But should they do this? Yao Qian, from the PBOC technology department wrote on the subject in 2017, saying that to “offset the shock” to commercial banks that would come from introducing an independent digital currency system (and to protect the investment made by commercial banks on infrastructure), it would be possible to “incorporate digital currency wallet attributes into the existing commercial bank account system” so that electronic currency and digital currency are managed under the same account.

This rationale is clear and, well, rational. The Chinese central bank wants the efficiencies that come from having a digital currency but also understands the implications of removing the exorbitant privilege of money creation from the commercial banks. If the commercial banks cannot create money by creating credit, then they can only provide loans from their deposits. Imagine if Bitcoin were the only currency in the world: I’d still need to borrow a few of them to buy a new car, but since Barclays can’t create Bitcoins they can only lend me Bitcoins that they have taken in deposit from other people. Fair enough. But here, as in so many other things, China is a window into the future, because Alipay, WeChat Wallet and other Chinese third party payment platforms use financial incentives to encourage users to take money out of their bank accounts and store it on their platforms. If commercial banks cannot fund loans from deposits, we are in a new place, economically speaking.

Thus you can see the potential problem with digital currency created by the central bank, even if it is now technologically feasible for them to do so. If commercial banks lose both deposits and the privilege of creating money, then their functionality and role in the economy is much reduced. Whether you think that is a good idea or not, you can see that it’s a big step to take. Hence the PBOC position, reinforced at the beginning of this year by Fan Yifei, Deputy Governor of the People’s Bank of China writing that the PBOC digital currency should adopt a “double-tier delivery system”.

Following this line of thinking, then, the PBOC is saying that it is not going to issue cryptocurrency and that it is not going to issue digital currency either (at least in the foreseeable future). But what they might do is to allow commercial banks to distribute digital currency under central bank control (this what they mean by “double tier”. You could have the central bank provide commercial banks with some sort of tamper-resistant smart chip or cryptographic permission that would create digital commercial bank money under the control of the central bank. (This, by the way, is exactly what was attempted a generation ago with the Mondex electronic cash system.)

(Note that this is entirely removed from the issue of whether to use shared ledger technology to manage the money in circulation. I’m open minded about this. I can certainly see how a system in which POS terminals were nodes in a shared ledger, thus obviating the need for a central system — that could, and does, go down — might be rather attractive but whether the resilience would be worth the expense of moving away from current solutions remains to be established.)

Not also that there is no implication in any of the PBOC’s comments that they will be issuing digital cash. Would any central bank go for this? Some form of digital cash that can be passed directly from person to person like Bitcoin rather than some form of digital money like M-PESA, using hardware rather than proof-of-work to prevent double spending? Well… yes. In fact the Uruguayan central bank has said it will test precisely this approach, having digital cash in the mobile phones pass person-to-person directly between the devices. This is not, I am sure, what the PBOC has in mind. On the contrary, the want to see every transaction, and consistent position adumbrated by last year’s decision to make mobile payment companies route transactions through a central switch.

Shanghai bw  1

I’m fascinated by China’s long experiment with paper money and its imminent conclusion. Whatever you might think about their position on monitoring transactions, the PBOC has been strategic in its thinking.  Their comments on the topic from 2016, 2017 and now 2018 have been consistent. Digital currency is coming and China will take the lead just as it did with paper currency.