How Private Will Facebook’s Libra Currency Be?

Facebook recently announced that they will be creating a new “global currency and financial infrastructure that empowers billions of people” named Libra. They plan to launch in 2020.

Immediately after announcing this they received scorn from many people involved with cryptocurrencies claiming they shouldn’t be trusted based on Facebook’s poor track record when it comes to privacy.

However, even cryptocurrency enthusiasts were divided. Many others were excited to watch the roll out and how it could expose a great number of people worldwide to the power of digital currency.

Who is right? Will Libra be the killer coin or the worst thing to ever happen to cryptocurrency?

Both extremes are still wild conjectures at this point but we do have some material to look at in order to build more practical ideas of what Libra will be like. Our biggest questions relate to the basic qualities of a decentralized currency:

1. Is it permissionless? Meaning no one grants you access to the network, no one can kick you off the network, and no one can stop you from saving or spending your coins.
2. Do users have ownership of their own private keys? This means they have exclusive control of the corresponding coins. No one is able to recover coins if the keys are lost, and no one can access coins without the keys. This is self-sovereignty.
3. Are there terms and conditions or accounts to sign up for? If there are it’s a red flag. In a decentralized currency, your identity isn’t inherently tied to your transactions . This gives you a degree of removal between your sensitive information and your payments-though privacy isn’t assured.

This article looks to explore both sides and to investigate the published material regarding Libra with a focus on financial privacy. The available material is somewhat limited at this early stage, but the information we have indicates that Libra is unlikely to provide much privacy to its users in practice, at least in the near term.

Is Libra Permissionless?

Libra is built on a blockchain, as are all cryptocurrencies. But this blockchain is fundamentally different from most; it’s a “permissioned blockchain” as the Libra white paper (all quotes in the article are from this source unless otherwise stated) explains:

Blockchains are described as either permissioned or permissionless in relation to the ability to participate as a validator node. In a “permissioned blockchain,” access is granted to run a validator node. In a “permissionless blockchain,” anyone who meets the technical requirements can run a validator node. In that sense, Libra will start as a permissioned blockchain.

This means that only a select group of organizations will be able to determine which payments make it into the blockchain and which don’t.

Who are these validators? They are mostly large companies. Libra is aiming to have 100 at launch; thus far they’ve listed about 30 “founding members” including some familiar financial institutions like Mastercard, PayPal, Stripe, and Visa.

It’s important to note that this design is meant to be temporary. They claim that they want to move from a permissioned model towards a decentralized model within five years of launch:

An important objective of the Libra Association is to move toward increasing decentralization over time. This decentralization ensures that there are low barriers to entry for both building on and using the network and improves the Libra ecosystem’s resilience over the long term. As discussed above, the association will develop a path toward permissionless governance and consensus on the Libra network.

Assuming this transition occurs as planned, this means that until that point your ability to use Libra would be determined by this small group of validators.

Is it permissionless? No. But possibly at some point in the future, it might be.

Does Libra Support Self-Sovereignty?

Will Libra users be able to hold their own private keys? Early indications are that people will be able to hold the private keys themselves, though it’s unclear how they will be obtained. More information is needed before we understand how easy it will be for average users to send Libra around the permissioned network without trusting custodians to manage their coins for them.

Does Libra Support Privacy?

We will not be comparing Libra’s privacy against coins built specifically for financial privacy such as Zcash or Monero. Libra’s stated mission isn’t about delivering financial privacy. It’s much more reasonable to compare it to traditional cryptocurrencies such as Bitcoin, which aren’t focused on privacy. Bitcoin’s privacy isn’t great-every transaction is public-but transactions aren’t directly tied to your real identity as they are with traditional banking methods.

Some technical aspects of Libra are more or less the same as Bitcoin in terms of supporting privacy:

The Libra Blockchain is pseudonymous and allows users to hold one or more addresses that are not linked to their real-world identity. This approach is familiar to many users, developers, and regulators.

Pseudonymous means that your actions are tied to an identity, but that identity isn’t your real-world identity. It’s not anonymous-which means there’s no identity at all-nor is it fully tied to your real name.

Libra is built on public key cryptography, and users can control the funds within addresses that aren’t linked to their real-world identity. In this sense, Libra’s ability to remain pseudonymous seems identical to Bitcoin.

While that’s true at the technical level, the fact that Libra is permissioned blockchain means that the ability to act pseudonymously to protect your privacy is dependant on the small group of validators. Those validators could allow users access to the blockchain without requiring identifying information, giving Libra users a similar level of privacy to Bitcoin. Or they could block access to the blockchain unless users reveal their identity, giving Libra poor support for privacy.

The paper itself suggests that the Libra Association expects their validators to administer rules which reduce privacy:

Some projects have also aimed to disrupt the existing system and bypass regulation as opposed to innovating on compliance and regulatory fronts to improve the effectiveness of anti-money laundering. We believe that collaborating and innovating with the financial sector, including regulators and experts across a variety of industries, is the only way to ensure that a sustainable, secure and trusted framework underpins this new system.

Since Libra doesn’t exist yet, we don’t have many details on how these validators plan to act, nor do we have much information about what implementations of Libra will look like. In the few cases where we have information, it doesn’t look good for Libra’s privacy.

One such case is Calibra, which is Facebook’s own service for Libra users. In reading through their customer commitment documentation, it’s clear that Calibra will force their users to give them their real-world identity, and will closely monitor their activity:

Calibra will ensure compliance with AML/CFT requirements and best practices when it comes to identifying Calibra customers (know your customer [KYC] requirements) by taking the following steps:

- Require ID verification (documentary and non-documentary).

- Conduct due diligence on customers commensurate with their risk profile.

- Apply the latest technologies and techniques, such as machine learning, to enhance our KYC and AML/CFT program.

- Report suspicious activity to designated jurisdictional authorities

Calibra is a custodial wallet, meaning they control your coins for you. We don’t know if other wallets will be as strict as Calibra, or not. If all Libra wallets and all validators take the same approach, then it will not be possible for users to use Libra without having their activities tied to their real-world identity and closely monitored.

If Libra does change to a permissionless system in the future, then this might change. Also, it’s possible that some validators will allow people to access the chain without giving up their privacy. We can’t know whether or not this will happen, but there are reasons to be skeptical. The Libra Association has an entire page devoted to compliance where they make clear that they demand validators adhere to all applicable regulations and comply with law enforcement requests.

Is Libra a Cryptocurrency?

Based on the limited information we have so far, it seems Libra likely won’t be a good platform for financial privacy, at least in the near term.

It’s also not clearly a cryptocurrency, based on traditional definitions. The initial purpose of cryptocurrencies was the digital exchange of value without trusted third parties, but Libra is built on top of a handful of gatekeepers that make it a permissioned system.

While detractors may be correct that Libra is unlikely to provide financial privacy, it’s important to realize that the focus of their platform is elsewhere:

The goal of the Libra Blockchain is to serve as a solid foundation for financial services, including a new global currency, which could meet the daily financial needs of billions of people. Through the process of evaluating existing options, we decided to build a new blockchain based on these three requirements:

- Able to scale to billions of accounts, which requires high transaction throughput, low latency, and an efficient, high-capacity storage system.

- Highly secure, to ensure safety of funds and financial data.

- Flexible, so it can power the Libra ecosystem’s governance as well as future innovation in financial services.

Meeting the daily financial needs of billions of people is an ambitious goal, and one that could provide real value around the world. Many people-perhaps the majority-are more than willing to forgo privacy in order to have a useful digital currency, and Libra may be well suited for them. Privacy advocates might not like the idea of a digital currency offered by Facebook, but if it becomes something that provides value to others, users will be able to make choices about it based on their values.

What Are Alternatives to Libra?

For those who do value privacy, there are alternatives. More traditional cryptocurrencies with permissionless blockchains are better (though not perfect) and coins built for privacy are best.

The cryptocurrencies themselves aren’t the only things that matter when it comes to retaining your financial privacy. The places where you use that cryptocurrency may enhance or diminish your privacy as well. That’s why we built Haven, a mobile app focused on privacy which connects you to a peer-to-peer network of people buying and selling goods and services directly with each other, using cryptocurrency.

If you want to read more about how Haven protects your privacy, read this article.

Want to be the first to get your hands on Haven?
It’s releasing soon for iOS and Android. Join the waitlist here!

Originally published at https://gethaven.app on June 28, 2019.