Facebook announced recently that by 2020, they will roll out Libra — their blockchain-based cryptocurrency. It is, of course, major news, as it has the potential to disrupt the payment and banking sector. If you want to read all the surrounding newsworthy details, you can read the TechCrunch article. I will instead focus on a few observations and thoughts about Libra — from a few perspectives — technical, legal/compliance, and possibly financial.
First, replacing banks, bank transfers, credits cards, payment providers, and ATMs with just your smartphone sounds appealing. Why hasn’t anyone tried to do that so far — well, many have tried, but you can’t just have the technology and move towards gradual adoption. You can’t even do it if you are Facebook. You can, however, do it, if you are Facebook, backed by Visa, Mastercard, Uber, and many, many more big names on the market. So, Facebook got that right — they made a huge coalition that can drive such a drastic change forward.
I have several reservations, though. And I’ll go through them one by one.
- There is little completed – so far, there is a website, a technical paper, and an open-source prototype. It’s not anywhere near production. The authors of the paper write that the Move language is still being designed (and it’s not this existing Move language). The open-source prototype is still a prototype (and one that’s a bit hard to read, though that might be because of the choice of Rust). This means they will work with tight schedules to make this global payment system operational. The technical paper is a bit confusing and hard to follow. Maybe they rushed it out and didn’t have time to polish it, and maybe it’s just a beginning of a series of papers. Or maybe, it’s my headache and the paper is fine.
- The throughput sounds insufficient – the authors of the paper claim that they don’t have any performance results yet, but they expect to support around 1000 transactions per second. This section of the paper assumes that state channels will be used and most transactions won’t happen on-chain, but that’s a questionable assumption, as the use of state channels is not universally applicable. And 1000 TPS is too low compared to the current Visa + Mastercard transactions (estimated to be around 5000 per second). Add bank transfers, western union, payment providers, and you get a much higher number. If from the start you are presumably capped at 1000, would it really scale to become a global payment network? Optimizing throughput is not something that just happens – other cryptocurrencies have struggled with that for years.
- Single Merkle Tree – I’m curious whether that will work well in practice. A global Merkle tree that is being concurrently and deterministically updated is not an easy task (ordering matters, timestamps are tricky). Current blockchain implementations use one Merkle tree per block and it’s being constructed based on all transactions that fall within that block when the block is “completed.” In Libra, there will be no blocks (so what does “blockchain” mean anyway), so the Merkle tree will always grow (similar to the certificate transparency log).
- How to get money in? — Facebook advertises Libra as a way for people without bank accounts to do payments online. But it’s not clear how they will get Libra tokens in the first place. In third world countries, consumers’ interactions are made with telecoms where they get their cheap smartphones and mobile data cards. The realistic way for people to get Libra tokens would be if Facebook had contracts with Telecoms, but how and whether that is going to be arranged, is an open question.
- Key management – key management has always been, and will probably always be, a usability issue for using blockchain by end users. Users don’t want to manage their keys, and they can’t do that well. Yes, there are key management services and there are seed phrases, but that’s still not as good as getting a centralized account that can be restored if you lose your password. And if you lose your keys, or your password (from which a key is derived to encrypt your keys and store them in the cloud), then you can lose access to your account forever. That’s a real risk and it’s highly undesirable for a payment system
- Privacy – Facebook claims it won’t associate Libra accounts with Facebook accounts in order to target ads. And even if we can trust them, there’s an inherent privacy concern — all payments will be visible to anyone who has access to the ledger. Yes, a person can have multiple accounts, but people will likely only use one. It’s not a matter of what can be done by tech-savvy users, but what will be done in reality. And ultimately, someone will have to know who those addresses (public keys) belong to (see the next point). A zcash-based system would be privacy-preserving, but it can’t be compliant. Is that worse than the status quo? Yes, because currently, only the payment provider, the bank, and possible law enforcement have access to your transactions. With a blockchain, everyone may know (even though addresses don’t have names, you can deanonymize them). Unless the blockchain is not public at all, of course. Which, in the long run, won’t be good for trust in the system (but yes, you can get your Merkle proofs even without a fully public blockchain)
- Regulatory compliance – if you are making a global payment system, you’d have to make regulators around the world happy, especially the SEC, ESMA, ECB. That doesn’t mean you can’t be distruptive, but you have to take into account real-world problems, like KYC (know your customer) processes as well as other financial limitations (you can’t print money after all). Implementing KYC means people being able to prove who they are before they can open an account. This isn’t rocket science, but it isn’t trivial either, especially in third world countries. And money launderers are extremely inventive, so if Facebook (or the Libra association) doesn’t get its processes right, it risks becoming very lucrative for criminals and regime officials around the world. Facebook is continuously failing to stop fake news and disinformation on the social network despite the many urges from the public and legislators, I’m not sure we can trust them with being “a global compliance officer”. Yes, partners like Visa and Mastercard can probably help here, but I’m not sure how involved they’ll be.
- Oligarchy — while it has “blockchain” in the tagline, it’s not a democratizing solution. It’s a private blockchain based on trusted entities that can participate in it. If it’s going to be a global payment network, it will be a de-facto payment oligarchy. How is that worse from what we have now? Well, now at least banks are somewhat independent power players. The Libra association is one player with one goal. And then, antitrust cases will follow (as they probably will immediately, as Facebook has long banned cryptocurrency ads on the website only to unveil its own)
Facebook has the power to make e-commerce website accept payments in Libra. But will consumers want it? Is it at least 10 times better than using your credit card, or is it marginally better so that nobody is bothered to learn yet another thing (and manage their keys)? Will third world countries really be able to benefit from such a payment system, or others will prove more practical (e.g. the m-pesa)? Will the technology be good enough or scalable enough? Will regulators allow it, or will Facebook be able to escape their grasp with a few large fines until they’ve conquered the market?
I don’t know the answers, but I’m skeptical about changing the money industry that easily. And given Facebook’s many privacy blunders, I’m not sure they will be able to cope well in a much more scrutinized domain. “Move fast and break things” can easily become “Move fast and sponsor terrorism”, and that’s only partly a joke.
I hope we get fast and easy digital payments, as bank transfers and even credit cards feel too outdated. But I’m sure it’s not easy to meet the complex requirements of reality.