How policymakers can agree a way forward for the introduction of a CBDC
by Richard Gendal Brown, Chief Technology Officer of R3
Recent mounting political pressure in the US against a retail central bank digital currency (CBDC) has seen open criticism and even proposal of bills (FL Gov. DeSantis ban, House major. whip Emmer’s anti-surveillance bill), and has found critics across the aisle questioning the need and potential for such a product.
They’re right to ask challenging questions: CBDCs could fundamentally change the relationship between citizen and state. This could genuinely be for the better. But we need to nail down some fundamental questions about this emerging product before we can earn widespread public acceptance, let alone adoption.
For example, should a CBDC support ‘purpose-bound’ restricted balances? What about if this curtails citizens’ freedom to spend their money as they see fit? Should it work in every store, even if an important feature means the merchants all have to buy new equipment? Should this digital currency only be available when you have power and a connection, or should it work offline too? And, perhaps most contentiously, should a CBDC provide cash-like standards of privacy and personal freedom? Even if it means people might sometimes use it for things that other people disapprove of?
These are absolutely important questions, and ones that need to be addressed. It’s unrealistic to imagine both sides of such a polarised political landscape could be placated, but we should definitely aspire to be absolutely unambiguously clear about what any proposed CBDC will and will not be able to do. The naysayers may still come out in protest, but at least it will be clear what they’re protesting against.
Agreeing on the requirements
At the highest level, most central banks pursuing CBDC have the same goal: a successful, affordable, and widely supported retail CBDC. However, the surprising reality is that there is far less consensus on some specific details, such as those considered above.
However, thanks to three unrelated events – the political backlash, an interesting analysis by the Bank of England, and an extremely helpful ‘handbook’ from the BIS – we now know the answer to one critically important question: CBDCs will have to work offline as well as online.
And that turns out to open up the intriguing possibility that it may actually be possible to address the concerns of some of the most vocal opponents.
The problem with ‘online only’
Taking a step back for a moment, we can look at the potential case of an ‘online only’ design.
The Bank of England’s recent consultation paper concluded that an option that must be considered is to have every payment monitored in real-time and authorised on-line. It concluded that a purely online digital cash system in the UK might have to process up to 100,000 transactions per second.
It would need to be constantly available (no maintenance windows or even temporary failures), resolutely resilient, and of course economically realistic to build and maintain. This is a tall order, and one that given the strong contradictory political opinions around CBDCs might be especially hard to enact.
There is an alternative to this gargantuan online effort, namely offline. This would massively reduce the ‘bar’ an online solution would need to reach. But this of course has its own challenges.
The problem with ‘offline’
First the good news: one can radically reduce the cost of an online system if the transaction throughputs and availability requirements can be relaxed. For example, if you could ‘fall back’ to an ‘offline’ mode when needed then it wouldn’t matter as much if the online system was down or if too many people were trying to transact at once.
But offline requires secure hardware and complex cryptography. The maturity of this technology is debated, and the stakes are high. What if it is hacked? Who bears liability if counterfeit digital pounds are created? How much would it cost to assure the integrity of the solution? It’s legitimate to be concerned that offline CBDC wallets could be a step too far, from a risk perspective. And so many central banks have not yet formally committed to a dual online/offline approach.
The ‘Offline CBDC Handbook’ by the BIS provides the missing piece of this argument by demonstrating that offline is not only eminently technically feasible, but offline technologies are also already in widespread use around the world. And so, mandating some level of ‘offline’ support seems to be a reasonable way to increase the chances of a successful implementation of CBDCs by eliminating the daunting ‘non-functional’ requirements that would otherwise be in play.
Mandatory ‘offline’ support: something the critics can get behind
So, it seems increasingly clear that retail CBDCs with offline support are the best way to ensure an affordable and successful deployment.
But there’s another implication, one that might be surprising to the critics. Offline, by definition, means that some transactions can happen without permission and possibly also with complete privacy. After all, if you’re not connected to a government-controlled central server then the government-controlled central server can’t block your transaction! So offline provides a path to believably permissionless usage. Yes – some bounds would need to be established. But there’s certainly a middle ground we can work with.
The problem is that in an era of bad faith politics, with opponents unwilling to give each other the benefit of the doubt, we should not be surprised when a large minority remain worried that the system could be changed in significant ways, without warning and without recourse. They would need to be convinced that the system really did work as claimed.
It’s unlikely a naysayer could ever be convinced that a government-controlled central computer system can be trusted but code that runs on secure physical devices, in the possession of users, is a different proposition altogether.
We’re already familiar with payment cards that work offline – where researchers routinely are trusted to verify them. And the more adventurous readers will be familiar with secure hardware devices used in the crypto world. Third-party verification of offline devices is something many naysayers may well be able to get on board with.
So we can imagine a system that has the best of all worlds: a reliable, interoperable, regulatorily-compliant online portion – most banks see a need for DLT platforms such as Corda here – married with a hardware-enabled offline portion that unlocks a societally-optimal level of permissionlessness as a happy side-effect.
Blessing in disguise
The emerging political blowback is a blessing in disguise. The prize on offer is to implement a digital currency that could genuinely address some of these concerns, at the same time as solving the cost and resilience questions that plague the online-only designs. Embracing these critiques and making concessions and compromises that placate both ‘sides’ is absolutely doable.
A digital currency system should not mimic the ‘wild west’ but there should be some freedom to transact permissionlessly and with privacy.
There’s probably a ‘landing zone’ which most people can get behind. A digital cash product with some element of privacy and permissionless could be extremely popular. It might be the key to actually getting the new product adopted. Embracing a hybrid online/offline solution is the best way for policymakers to neutralise the ‘libertarian’ opposition to CBDC.