Cyber & Technology

Facebook’s Cryptocurrency: Stop It Before It Starts

By Nicholas Weaver
Wednesday, June 19, 2019, 5:05 PM

On June 18, Facebook announced its forthcoming cryptocurrency, Libra. The company says it intends to integrate it into Facebook’s Messenger and WhatsApp products. Although Facebook says it has created an “independent” subsidiary, Calibra, and purports that the currency itself will be controlled by an independent Libra Foundation, the coin is really a Facebook project. It is not live yet, giving governments the opportunity to kill this project before it gets off the ground and gives rise to cybercriminals who couldn’t capitalize on existing cryptocurrencies. In particular, the IRS and FinCEN should take action now.

Apart from the Facebook backing, Libra has two major differences from the other major cryptocurrencies: The currency is supposed to be “stable” because it’s pegged to a basket of government currencies such as a combination of dollars, euros and yen, and transactions using the currency are initially validated by a few identified participants, not by a distributed network. Otherwise, it is similar to Bitcoin, Ethereum, and the like, including by offering pseudonymous transactions, as a user can have as many wallets as desired, each identified only by a long random number.

Facebook aims to make Libra more stable by pegging the value of Libra to a basket of currencies with a large reserve fund. The reserves are then invested in low-risk assets, with any profits returned to shareholders in the Libra Foundation. The intent is to create something of a global currency not bound to any particular government.

Despite the “independent” foundation structure, this is almost exclusively a Facebook project. Every other participant is merely contributing $10 million in investment and may commit to validating transactions. This token investment should generate interest income as this forms the seed capital for the stability mechanism, meaning the commitments on the part of others in the foundation are rather trivial.

Facebook, however, is committing to integrating Libra as the payment channel into its applications, bypassing the opportunity to integrate a more conventional solution similar to Venmo, M-Pesa, Zelle, or ApplePay. Given that a conventional solution would probably result in a payment channel rivaling PayPal’s $2 billion annual net income, this represents a huge opportunity cost. It makes sense for Facebook only as a moral crusade rather than as a business decision: It seems intended to be exempt from any government’s controls.

Fortunately for the rest of the world, Libra may well fail. People prefer assets that hold their value relative to either the local currency or, in an unstable situation, dollars or euros. Nobody wants to receive $10 from a friend only to have it turn into $9.80. But since Libra is pegged to a basket of currencies, it is not actually stable. Like other cryptocurrencies, every Libra transaction thus involves exchange-rate risk, and the only way Libra can succeed is if Facebook makes a concerted effort to force its adoption.

Libra’s succeeding would be far worse. What currently limits how criminals can use cryptocurrencies is the cost of currency exchange and the inherent volatility of the currency’s value. Reduce or eliminate these constraints, and there’s likely to be an inundation of new ransomware, extortion and online drug trade. Libra intends to reduce (but doesn’t eliminate) volatility, and the only way Facebook can get widespread adoption is through making easy on-ramps and off-ramps. A Libra “success” would represent a huge policy failure. It is better to kill this now than let it even get a chance to succeed.

Fortunately the U.S. government and others may already have the legal and policy tools necessary to do that. In the U.S., two in particular could be especially useful: the tax treatment of cryptocurrencies and requirements for payment processors globally to enforce Know Your Customer and Anti Money Laundering (KYC/AML) laws.

A true cryptocurrency such as Bitcoin or Libra is considered property by the Internal Revenue Service. That means a gain of $1 due to volatility between when the cryptocurrency is acquired and when it is transferred to someone else is a $1 taxable event. And since any integration into Facebook Messenger or WhatsApp is under the control of Facebook, Facebook should probably file income tax documents and keep track of the otherwise difficult cost-basis math on behalf of Facebook’s customers, like other investment brokerages do. The IRS needs to remind both Facebook and the public of these implications and requirements. Of course, this would make Libra completely useless in the U.S. by increasing the cost of using it beyond any utility.

A similar problem exists for all validator nodes. Even non-U.S. companies need to respect U.S. KYC/AML restrictions if transactions end up involving U.S. persons. The founders of Liberty Reserve learned this lesson when they pleaded guilty to money laundering and received 20-year sentences. But how can firms do KYC/AML on pseudonymous transactions?

This makes Libra’s permissioned-based system, where the validators are known, pre-selected and responsible, fundamentally incompatible with the pseudonymous nature of a cryptocurrency. The U.S. Treasury’s Financial Crimes and Enforcement Network (FinCEN) should remind all members of the Libra Foundation of these requirements. Each validator node that accepts transactions from participants should be held accountable for ensuring that the transactions meet KYC/AML requirements. That it can’t be done while maintaining pseudonymity is not FinCEN’s problem.

With luck, Libra will not get off the ground. A failure to launch is the best-case scenario to reduce cybercrime. Although Libra’s inherently bad design might be sufficient, it is best not to leave things to chance. The IRS and FinCEN should make sure that Libra doesn’t fly.