(KF6) Governance and transparency: exclusionary process and missed opportunities of an open distribution model
The design process has been exclusionary, with critical decisions being set in stone before public consultations. Alternative and open design ideas have not even been discussed by the ECB.The proclaimed openness of the digital euro design finding process (Q17) is questionable, given that many of the core design features— such as the online-offline separation, the waterfall concept, and the reliance on “secure hardware”— have been defined before public consultations began [1]. On the contrary, the ECB has largely ignored expert advice on how to design for privacy, security, and usability [2;3;4;5]. The ECB engagement with private companies (Q17) has excluded small and medium enterprises by setting high thresholds for potential participants, requiring, among others, a yearly average total net turnover of €100,000,000 [6;7]. The digital euro rulebook (Q19) is developed behind closed doors and leaves no room for questioning fundamental digital euro design choices impacting privacy (KF1), security (KF2), and usability (KF5).
While the ECB emphasizes the need for open standards and public infrastructure to foster inter-operation of systems across Europe (Q2) and beyond, it misses on the opportunity to specify the distribution model for the software that will be run by the ECB and third-party providers (for the backbone of the digital euro), the merchants (in order to accept payments in digital euro) and the end-users (in order to pay). The distribution models of the software/hardware co-design of any digital solution can be broadly categorized into four types. Ordered from most restrictive to most freedom respecting, these are:
- Proprietary, where the design and implementation is kept as a secret, and users or other third parties are legally forbidden to inspect the internals;
- Source-available, where part of the design and/or implementation is available to allow for high-level analysis and restricted integration with third-party services, potentially only to certain actors;
- Open-core, building on a system where the base implementation is publicly available for anyone to view, modify and redistribute, but where key features are kept proprietary; and
- Fully free software,
which emphasizes the user’s human right to have full control over the software run on their devices
and thus excludes proprietary extensions or other forms of digital shackles such as hardware locks.
In particular,
free'' in this context refers tofreedom’’, and not to the price [8].
| Distribution model | ||||
|---|---|---|---|---|
| User Right | Proprietary | Source-available | Open-core | Free software |
| Execute | ✓ | ✓ | ✓ | ✓ |
| Analyze/integrate | ✗ | (✓) | ✓ | ✓ |
| Modify/improve | ✗ | ✗ | (✓) | ✓ |
| Fully self-determine† | ✗ | ✗ | ✗ | ✓ |
The option for third-parties to analyze, re-use and improve a certain design and implementation allows for broader acceptance (e.g., in other parts of the world) and joint innovation [9]. It also stimulates competition and improves user choice by enabling the provision of end-user services and devices by a larger number of providers. However, the design of the offline digital euro is expected to rely on its proprietary nature for security [10]—contradicting Kerckhoffs’ principle (KF2). The ECB has not communicated any clear licensing model for the online version yet, but reserved all the rights on the implementation for themselves in the public tenders [6].
- C. Lagarde and F. Panetta, Report on a digital euro. European Central Bank, 2020.
- H. Uhlig, M. Alonso, and J. Frost,
Privacy in digital payments—escaping the panopticon,
Georgetown Journal of International Affairs, vol. 24, no. 2, pp. 174–180, 2023. - A. Aligny, E. Benoist, F. Dold, C. Grothoff, Ö. Kesim, and M. Schanzenbach,
Who comes after us? The correct mindset for designing a central bank digital currency,
SUERF Policy Note, no. 279, pp. 1–9, 2022. - K. Wüst, K. Kostiainen, N. Delius, and S. Capkun,
Platypus: A central bank digital currency with unlinkable transactions and privacy-preserving regulation,
In Proc. Proceedings of the 2022 ACM SIGSAC conference on computer and communications security, 2022, pp. 2947–2960. doi:10.1145/3548606.3560617 - C. Grothoff and T. Moser,
How to issue a privacy-preserving central bank digital currency,
SUERF Policy Briefs, no. 114, 2021. - European Central Bank, Tender ID: PRO-009488. not public, available upon request, 2024.
- European Central Bank, Tender ID: PRO-007480. per Email, https://www.ecb.europa.eu/ecb/jobsproc/proc/pdf/2022-ojs040-099799-en.pdf, 2022.
- Free Software Foundation, What is free software?. https://gnu.org/philosophy/free-sw.html, 1996.
- E. Raymond,
The cathedral and the bazaar,
Knowledge, Technology & Policy, vol. 12, no. 3, pp. 23–49, 1999. - A. Giovannini and M. Stibane, Euro 2.0 – der euro wird (auch) digital - oesterreichische nationalbank. Statement on stage in discussion with audience, https://mastodon.social/@taler/112084243675777718, 2024.