The European Parliament in Strasbourg gave its approval in a first reading on Thursday to the legislative package for the digital euro. The trilogue could start as early as next week, said parliamentary rapporteur Fernando Navarrete Rojas (EPP). At the same time, scientists from a project funded by the German Ministry of Education and Research are warning about unresolved security issues in the planned concept.
With 416 votes to 169, Parliament adopted the parliamentary position prepared by Rojas, which had been the subject of lengthy negotiations. In his initial draft, the former Spanish central bank expert had initially advocated for limiting the digital euro to a token-based offline payment option. However, in June, the majority in Parliament’s Committee on Economic and Monetary Affairs then approved the parallel introduction of the offline and an account-based online version of the digital euro.
In a press briefing, Rojas emphasized that the regulation also reiterates the equal usability of cash. They want to give citizens the choice of how they pay.
He dismissed “rumors” that the account-based digital euro would make payment processes easily traceable. “No one will know what we are spending our money on,” Rojas promised in the plenary session.
No Confidentiality Plus
Scientists at the University of Dresden, on the other hand, assess the current plans of the ECB and EU legislators skeptically. While the account-based digital euro promises Privacy by Design and Default, they emphasize that the separation of identification and transaction data — the former handled by end-customer banks, the latter aggregated by the ECB — is unsuitable for guaranteeing true confidentiality, they stated in a press release published shortly before the vote.
The ECB numbers issued by the customer banks can be too easily resolved through transaction histories or by adding other data, assures Mikolai Gütschow from the Chair of Distributed Networked Systems at TU Dresden.
Once the pseudonym is compromised, the user’s payment behavior becomes transparent. Furthermore, from the researchers’ perspective, the centralization of transaction data is problematic, as it is likely to make the created ECB infrastructure an attractive honeypot.
European data protection authorities also see the risk of de-pseudonymization and therefore recommended in the spring that the ECB numbers be assigned dynamically at least.
Tokens and Their Disadvantages
In their paper, the data protectionists fundamentally advocated for token systems for both digital euro variants. This would make a level of anonymity comparable to cash achievable, was the assessment.
However, in their press release, the researchers warned of the security problems of the token solution. “It’s a nice idea,” Gütschow said in an interview with heise online. “But the problem of double spending is unsolvable.” Once cracked from the secure element of the mobile phone, digital euros can be copied at will. The list of cracked secure elements is long, noted Gütschow and colleagues from Hamburg in a detailed paper.
According to Recital 60c, introduced by Parliament, the central bank would ultimately have to bear the costs for losses incurred due to infrastructural weaknesses.
Expensive Undertaking
Regarding the total costs of the mega-project, the researchers, along with colleagues from Hamburg, Groningen, and Basel, further note in a study. The originally estimated costs of 1.3 billion euros by the central bank have already been spent on external service providers. The study is available on the arXiv document server.
The ECB has allocated up to 55.8 million for the alias lookup function alone, which payment service providers can use to find the counterparty’s bank. For the development of the offline euro token system, being prepared by Giesecke+Devrient, the ECB has planned up to 661 million euros.
This leaves little room for the internally planned development of the core infrastructure for payment processing between customers, payment service providers, central banks, and the ECB, the researchers conclude.
In the “Concrete Contracts” project, funded by the Federal Ministry of Education, Science and Space Exploration, the scientists favor digital payment systems with double-blind signatures. The GNU Project Taler has developed and tested the necessary software for this. However, the creators of the free software ideas could not gain traction at the ECB. They lacked the necessary background for submitting offers.
(mho)






