Digital Cash & Your Privacy

Home » Blog » 2016 » February » 18 » Digital Cash & Your…
digital cash privacy

Since we released our paper Digital Cash, which proposes that members of the public should be able to hold an electronic version of notes and coins in accounts at the Bank of England, a number of people have raised concerns about the privacy implications.

The more sensible concerns focus on the risk of one institution – the Bank of England, Federal Reserve or European Central Bank, for instance – having access to everyone’s account balance and spending records.

Some of the more alarmist comments, such as this bizarre article by Geoffrey Gardiner, propose a dystopian future in which accounts at the central bank are used as a tool of mass surveillance:

“The system of transaction accounts at the central bank will be used to keep track of the population. Every person will be allocated an account at birth and vital details will be recorded and updated. The records will include a record of the person’s genome. The bank will issue identity documents. The transaction account number will be the person’s identity and passport number, and also the number of his or her tax account. Transaction account statements will be sent automatically to the tax office, which will have the duty to debit it with all assessed taxes. Every immigrant or visitor to the country will get an account and give similar identity details.”

Granted, the tax authorities might quite like the idea of seeing all the money that flows into and out of your bank account. Presumably, so would the Serious Fraud Office. Advertisers would love the opportunity to purchase your name, address and monthly expenditure; the government already sells the data on the voter register unless you opt out when registering, so it’s plausible that they would be open to selling transactions data if you forget to opt out.

It’s impossible to know if or how this data could be abused or misused in the future, so let’s agree that holding everyone’s transaction history at one institution is too much centralisation of data and open to abuse. How can we avoid this?

The answer is remarkably simple. The technology infrastructure that would run digital accounts can be designed to ensure that the Bank of England (or your own country’s central bank) would have no idea who you are, or who you’re making payments to. All they would do is provide an electronic account to store your digital cash.


How Digital Cash Would Work

First, let’s recap how a system of digital cash accounts would work, according to the Indirect Access proposal in Digital Cash: Why Central Banks Should Start Issuing Electronic Money:

From the paper:

Option 2: Indirect Access via Digital Cash Accounts (DCAs)

In this Indirect Access approach, the Bank of England would still create and hold the digital cash, but all payment and customer services would be provided by (or ‘administered’ by) private sector firms.

The model for this is outlined in detail in our paper Increasing Competition in Payment Services (Dyson & Hodgson, 2014). In this model, banks or technology companies (such as smartphone app developers) would provide a special type of account, which we will call “Digital Cash Accounts” (DCAs) throughout this paper. The firms providing these accounts will be referred to as “DCA Providers”.

The DCA Provider would have responsibility for providing account statements, payment cards, balance checks, sort codes, account numbers, internet and/or mobile banking, and customer support by phone or email. They would also be responsible for allowing the DCA holders to make payments via the normal payment networks – BACS, FasterPayments, Visa, MasterCard etc. This would enable DCA holders to spend digital cash in the same way that they can spend bank deposits.

Any funds paid into the DCA would be held electronically in full (i.e. 100% reserve) at the Bank of England18 (Figure 2.1.2). This means that the DCA Provider would always be “fully liquid”: it could repay all its customers the full balance of their account at all times. This is in contrast to conventional banks, which can only ever repay a fraction of their depositors at any point in time.

Crucially, the digital cash held in a DCA would legally belong to the account holder, not the DCA Provider. The digital cash would be held in a separate client account19 at the Bank of England, and so would not be held on the balance sheet of the DCA Provider. The DCA Provider would ‘administer’ the digital cash, but would never own it.


Separating the Data

There are three main parts of the data that would be recorded in a digital cash payment system:

  • The Customer Data – Stores the personal and contact details of customers
  • The Accounts Data – Stores the money (digital cash)
  • The Transactions Data – Stores the history of transactions: how much money was transferred from one account to another.

The Customer Data

The customer data is simply a record of the customers. Each Digital Cash Account Provider would have a database of its customers. It would look something like the following:

FastPay Customer Records

Name Address Contact Details Security Details Digital Cash Account Id
Louis Armstrong 51 Regents Way 01234 567890 ************ 10251610


DigiCash Customer Records

Name Address Contact Details Security Details Digital Cash Account Id
Ella Fitzgerald 23 Court Lane 01530 123456 ************ 50361922


This data would be held by the Digital Cash Account (DCA) Provider, NOT by the Bank of England. The DCA Provider needs this data to know who owns the money in an account and ensure that only that person can authorise payments from that account. They’re required to gather this data by anti-money laundering regulations, so there’s no way (currently or with digital cash) that you can get an anonymous account in the way that you can get an anonymous pay-as-you-go phone. But so long as the DCA Provider is keeping up with its responsibility to screen account applicants according to Anti-Money Laundering requirements, the Bank of England doesn’t need to know the personal details of the account holder. In fact, it would prefer not to have the responsibility for storing all that data and keeping it up to date.

The Digital Cash Account Data

The Bank of England needs to hold a record of each Digital Cash Account, which would record the account’s balance. (Digital cash is ultimately just a number in the computer system of the central bank; the number you see when you check the balance is the digital cash.) The data would look something like this:


DCA Provider Id Account Id Current Balance
FastPay 08-32-22 10251610 £1000.00
DigiCash 09-21-22 50361922 £0.00
FastPay 08-32-22 12988253 £50.00

Because Digital Cash is a liability of the Bank of England, it must be stored in the Bank of England’s computer systems. There’s nowhere else for it to exist – it’s not a paper or metal token that can be physically carried around. (One exception to this is a central bank-issued cryptocurrency on a distributed ledger system, but we’re a few years away from that kind of technology being usable to run a national payment system.)

You’ll notice that the account data is anonymous; the Bank of England doesn’t know who owns the £1000 in account 10251610. It does know that a customer of FastPay owns that account, but it would have no legal authority to ask FastPay to reveal the details of its customers. So the Bank of England wouldn’t know what transactions you’ve been making (and quite frankly, I doubt they would care).

In the example above, Louis’s Digital Cash Account (DCA) Provider (FastPay) would be able to check the balance of Louis’s Digital Cash Account at the Bank of England. So Louis and the DCA Provider know his balance, whilst the Bank of England knows there’s an account with that balance, administered by FastPay, but doesn’t know to whom it belongs.

The Transactions Data

Finally, there’s the transaction data: the payments that were made from each account, and to which account each of those payments was made.

If Louis Armstrong (whose Digital Cash Account Provider is FastPay) wants to pay £250 to Ella Fitzgerald for rent, he’d log into internet banking (or a mobile phone app) and set up a payment. Behind the scenes, the payment instruction that would be sent to the Bank of England’s payment processor would look something like the following:

Sender Account ID Receiver Account Amount Date & Time Message & Reference
08-32-22-10251610 09-21-22-50361922 £250.00 2016-05-29 “Rent for March, from Louis Armstrong to Ella Fitzgerald”

The Transactions Data is simply a record of all these payment instructions.

Again, the Bank of England doesn’t know the identities of the parties that this payment is between; it simply knows that a payment has gone between these two numbered accounts.

Of course, one obvious privacy issue appears in the “Message and Reference” in the table above. The receiver of the payment needs to know who that payment is from, and since the Bank of England doesn’t know who the payer account belongs to, that information must be sent along with the payment instruction by the Digital Cash Account Provider. But this message reveals who the payment came from.

However, it’s pretty easy for the message to be encrypted in such a way that only Digital Cash Account Providers can decrypt the message and reference. In that case, the message and reference will appear to the Bank of England as follows:

Sender Account ID Receiver Account Amount Date & Time Message & Reference
08-32-22-10251610 09-21-22-50361922 £250.00 2016-05-29 EnCt2d207add0ce9b431c0de97a

Now the Bank of England has no idea who the payment is from and to.

Only the DCA Providers would know the decryption password to turn that jumble of letters back into a meaningful message.

The only way the Bank of England could read the information from this message would be upon its receipt of an order from a court of law requiring the DCA Provider to reveal who the payment was made to (for example, as part of a police or fraud investigation).

Even Further Anonymity

In theory it’s possible to take encryption further, to the point that when, in the example above, Louis makes a payment to Ella, then:

  • Louis’s DCA Provider doesn’t know who Louis is making a payment to
  • The Bank of England knows that the payment has been made between two accounts, but doesn’t know who owns those accounts (as above).
  • Ella’s DCA Provider knows she received a payment, but not who it is from.
  • Only Louis can see that he made a payment to Ella
  • Only Ella can see that the payment into her account came from Louis.

My knowledge of encryption doesn’t stretch far enough to specify how that arrangement would work, but I’m fairly confident that this would be child’s play for security specialists. If anyone with that kind of knowledge or experiences wishes to develop the idea further, I’d be happy to discuss it.

There is also the possibility that the authorities might block such a high level of privacy, as it would make it difficult to trace fraud, payments to terrorists and so on. But the lower level of security, whereby the Bank of England does not store any data on who made the transactions, should be perfectly acceptable.

What about Bitcoin?

In theory, Bitcoin or a currency modelled on its underlying blockchain technology, is more anonymous than the system above. Anyone can get a Bitcoin address without having to provide any details that would personally identify you. But there are limitations to this anonymity.

Bitcoin (and any distributed ledger currency) makes the entire transactions data – the blockchain – publicly available to the whole world. The data itself is anonymous, as it just records transfers of certain amounts from one ‘address’ (a bit like an account) to another, with no personal details attached. There are many pros to Bitcoin and its like, but a major con is if someone finds a way to link your identity to a single transaction, it’s possible for them to follow the chain to find all your other transactions. People are developing ways around this, but at the moment using Bitcoin as a genuinely anonymous payment system requires a high level of technological sophistication. If you’re interested in more about Bitcoin privacy, it’s well worth reading this (external) article: How Anonymous is Bitcoin?

In contrast, the Transactions Data in the system we outlined above is private: only the Bank of England has the full transactions history (and your DCA Provider will have the portion of the history that relates to your transactions). So in this sense, a centralised digital cash system may provide more privacy and anonymity than a distributed ledger system.

One other major con for Bitcoin-style currencies is that if you lose your private key (effectively the password that allows you to spend your bitcoin or other cryptocurrency), you’ve lost access to the money forever. There is no possibility of recovering the password. Also, if you get hacked and your private key is stolen, there is no way to reverse the transaction or recover those funds. It’s worth being aware that there are these tradeoffs if you want to move towards complete anonymity.

In Summary

With a simple bit of database design, we’ve got a system where the Bank of England only has records of transactions between anonymous payment accounts. It could only require a DCA Provider to reveal who you are if it had an order from a court, which is the same level of anonymity you get with normal bank deposit accounts.

It may be possible to go even further so that not even your Digital Cash Account Provider knows who you’re making payments to. In other words, you would be the only person able to ‘unlock’ your transactions data.

Is this enough to address the privacy concerns around digital cash? Let me know your thoughts in the comments below.

Stay in touch

Trackback from your site.

  • Marco Saba

    “Because Digital Cash is a liability of the Bank of England, it must be stored in the Bank of England’s computer systems.” – actually it is not. As Buiter pointed out in his paper SEIGNIORAGE:

    “Note that while the Central Bank does not, in its solvency constraint, view irredeemable base money as an effective liability, households do view base money as an asset in their solvency constraint. This asymmetry is the formal expression of the view that fiat money is an asset of the holder but not a liability of the issuer.”
    A reform should consider this problem by making digital cash a liability of the bank TO THE TREASURY (i.e. 100% seigniorage allocation to the public), and an asset in the balance sheet of the Treasury. But actually it is not so.

    • Ben Dyson

      Good point Marco. To clarify, banknotes and reserves are currently recorded as liabilities of the Bank of England, and digital cash could be treated in the same way. But that doesn’t imply that it represents a debt of the central bank or government (because there’s nothing they have to pay out to holders of digital cash).

      • Marco Saba

        In a nation where sovereignty is retained at the state level, issuing money should generate 100% seigniorage for the TREASURY. This actually don’t happen because by recording a fake liability against nobody, the seigniorage disappear. We know that there is an accounting mismanagement of money creation by the banks thanks to a paper on Cash Flow accounting (2014): Cash Flow Accounting in Banks— A study of practice, Ásgeir B. Torfason, University of Gothenburg, 2014
        We know that in UK this argument is a taboo due to the role of BoE, but elsewhere we can discuss freely about the issue.

  • theGreatFuzzy

    I’m no expert on encryption but it seems to me the key to it all is public key encryption[1].

    Using public key encryption it’s possible for (1) Alice to send an encrypted message to Bob that only Bob can decrypt and (2) for Alice to (digitally) sign the message so as Bob knows Alice sent it.

    Given (1) and (2) it’s a simple matter for Louis to send the Message & Reference to Ella encrypted, assuming Louis and Ella have public/private key pairs (as described in [1]) and the DCA providers are willing to pass the encrypted message on. An alternative is for the DCA providers to have public/private key pairs and for them to encrypt/decrypt the Message & Reference for Louis and Ella (this means the DCA providers don’t need to share any keys, they just need to publish their public keys).

    But I don’t see how “Louis’s DCA Provider doesn’t know who Louis is making a payment to” can be achieved, given DCA providers map account numbers to user names. I mean, the transaction must contain at least [sender account number, receiver account number, amount], so if Ella’s DCA is the same as Louis’s then the DCA will know Ella is the receiver.


  • SteveB

    I am glad to see that this issue has been addressed in the blog pages of Positive Money, as I am one of the people who raised concerns about the privacy implications when the paper on Increasing Competition in Payment Services came out.

    I have long been a supporter of Positive Money but the issues of digital cash, anonymity and privacy are challenging my support of the idea and the campaign.

    I believe that in the coming decades that the world will see an inevitable contraction in national and global economies : there simply is not a way to maintain the level of economic activity at the same time as sharply decreasing our use of fossil fuels. We should consider what this means for the likelihood of a decline in democratic institutions. The biggest challenge for the state corporate powers that sit atop our world system will be that of maintaining social control in a time of increasing hardship. What is more, they have been well aware of the peaking of resource reserves and pollution limits (see ‘Limits to Growth’ published forty years ago), they have been considering this problem for some time.

    So the prediction of a highly centralised state in an Orwellian future society might read as ‘alarmist’ to Ben Dyson, but it doesn’t to someone who has studied the revelations within the Edward Snowden leaks in any detail, which clearly show the intentions of the security state to collect all available data on all citizens and to go to extra-ordinary lengths to do so. As such the very sensible suggestions made above regarding separating account details and transaction histories and the use of encryption are all very well; except that we are told that essentially all digital communication should now be regarded as collected by the secret state. Who is to say that protections put in place now would not easily be removed in a turbulent future (all it takes is a means of linking one ID number with another). NB The security state is currently growing significantly at a time when the rest of the state seems to be shrinking.

    Consider the development of payment technology in recent times:
    -Metal coins are completely anonymous.

    -Paper notes are identifyable by serial numbers.
    -Cheques identify the persons making a transaction.
    -Electronic transfers identify the time, date, place and persons of a transaction.
    -Contactless payments require a smartcard/ smartphone/ RFID technology – the carrying of which identify the user and their location at all times. (Note the emergence of smart cities and the appearance of wireless transcievers everywhere : the ‘internet of things’).

    Sound paranoid to you? I guess that the consideration of money, what it is and how it works inevitably leads one to consider their relationship with society; the perception of the state as an essentially benevolent or malevolent institution colours one’s view of how to best go about reforming money.

    • James Murray

      I agree Steve.

      The State can never be trusted.
      The State will always find plausible reasons to encroach on its citizens rights.

      As you say, This years benevolent democracy is next years control freakery.

      But your dystopian earning has regretfully little importance.

      Right now, there is no real need for ID cards as so much of who we are exactly, and what we are doing exactly, is contained in the electronic records of what we spend.

      And these records are, by law, open to the various manifestations of the “authorities” for all sorts of reasons, substantial and artificial.

      And the monitoring by the courts, I’m afraid, is all the time lessening so that a licence to infringe on privacy is increasingly being granted to civil servants, local government officers, the police and the like.
      And that includes the opening bank accounts.

      Do you know that in the case of suspected money laundering, despite customer confidentiality, it is a criminal offence for the bank to warn the account holder that they have been reported and are being monitored by the relevant apparatchiks?

      So, in the face of that level of State monitoring, I fail to see that the introduction of BoE transaction electronic accounts of whatever encryption is affected by supposed level of encryption.

      Ben Dyson is correct that transactions CAN be hidden but it is unlikely the State will be so beneficent.

      The extremely low level of civil liberties we ‘enjoy’ at the moment, will not be lessened by the proposals of PM – they are negligible now, to all intents and purposes.

      • SteveB

        I think you are probably right in all you say.
        I do think that physical cash has a limited future and that its disappearance will be a significant door closing. More could/should be made of the civil liberties and democratic implications of monetary reform proposals IMO.

    • theGreatFuzzy

      Interestingly decentralised systems are on the rise, and offer some hope. For instance bitcoin is a decentralised system and while it’s only psuedanominous it is possible to make it pretty near impossible to trace transactions (I don’t know if it can be made totally impossible to trace). Of course it requires people to start using bitcoin (or whatever alternative) to be of any use and that, I think, is the real problem – people are so like sheep and while they remain that way that’s how they’ll be treated. Any black sheep will be culled.

  • Lucian Aeris

    The desire for anonymity and privacy largely comes down to how much trust there is amongst the general population in the authorities. If Positive Money’s proposals were to come into effect it might be assumed that people, having experienced the benefits, would regain a level of trust in the authorities and thus the debate surrounding privacy and anonymity would have a different character than it currently does. In other words, until the proposed changes are implemented it is not of prime importance how they will affect privacy and anonymity.

    However, I do understand people’s apprehension surrounding the issue, given the valid concerns arising from, for example, the “snoopers charter”.

back to top