Facebook’s announcement of its upcoming cryptocurrency launch is making some lawmakers and security experts uneasy. Dubbed “Libra” and slated to debut in 2020, the currency has the potential to threaten privacy on a global scale unless regulatory action is taken to minimize the risks to consumers’ data and identities.
What is Libra?
Facebook defines Libra as a “stable currency built on a secure and stable open-source blockchain, backed by a reserve of real assets.” This makes it a form of “stablecoin,” a cryptocurrency designed to remain relatively safe from wild fluctuations in value, which is achieved by backing the coins with actual currencies. Unlike bitcoin, Libra won’t start out as a decentralized currency. Rather, the currency will be available to users of Facebook products like Messenger and WhatsApp to enable low-cost domestic and international funds transfers. Each transaction will be recorded in the Libra blockchain, and the entire system is governed by the Libra Association, a not-for-profit organization of which Facebook is just one member.
Does Libra Threaten Consumer Privacy?
The impact a cryptocurrency apparently under the control of a social network already known for questionable privacy practices could have on users’ identities is causing enough concern that even the U.S. House Financial Services Committee is calling for Facebook to put off the launch until risk assessments can be performed and security concerns addressed.
As a new form of digital payment, Libra requires a platform through which users can access and transfer the stablecoins. Facebook is solving this problem by creating a subsidiary called Calibra, which will make a digital wallet available as a standalone app, as well as within Messenger and WhatsApp. In the future, this Libra wallet could allow brands to push into Facebook, selling products directly to users of the social network and collecting payment in Libra cryptocurrency. Proponents are touting this breaking down of barriers as a boon for international markets, particularly in developing areas with unstable currencies, but critics cite data mining as a serious privacy concern.
Transaction information can reveal a lot about consumers, and some say this doesn’t bode well with companies like PayPal, Visa and Mastercard on the list of founding members of the Libra Association. If Libra becomes popular enough to expand from funds transfers to a viable e-commerce currency, the metadata stored about each transaction could contribute to “super profiles,” which financial companies and retailers could potentially use to reach consumers with highly personalized marketing.
Facebook has stated it won’t use personal information from Libra transactions without consent and doesn’t plan to make user data a factor in improving targeted advertising but hasn’t provided details on how information will be secured once the Libra blockchain makes the switch from permissioned to permissionless five years after its launch. Once the blockchain becomes more accessible, there appears to be little to prevent developers and businesses from mining Libra transaction data for their own purposes. Integrating Libra payments into products may provide benefits, but each additional Libra-enabled platform would collect more data.
Of paramount concern is how Facebook plans to protect the private keys required for maintaining security in the blockchain environment. Hackers gaining access to these keys could completely take over users’ identities, which may allow them to take over numerous accounts and move from platform to platform without detection.
Is Facebook Creating a Decentralized Identity?
Reading the Libra whitepaper reveals an interesting secondary purpose for the cryptocurrency as it grows. According to Facebook, the Libra Association also seeks “to develop and promote an open identity standard.” Such a “decentralized and portable digital identity” isn’t a new concept. However, with 2 billion people around the world already using Facebook, Libra may prove to be a viable way to realize a goal many are working toward but haven’t yet achieved on a wide scale.
If Facebook were to succeed in deploying Libra in this way, users may face a host of new identity and privacy challenges. Libra’s links to Facebook and its products make it potentially vulnerable if accounts are hacked. Even if additional security measures were implemented, there’s still the question of whether or not it’s wise for users to trust Facebook with even more sensitive personal information than the social network already handles.
Because cryptocurrency is still a relatively new technology and the blockchain on which it relies is also in the early stages of development and implementation, cybersecurity professionals have a legitimate reason to be concerned about the launch of Libra. It’s unclear how hands-on Facebook intends to be once the Libra blockchain becomes permissionless and public, and without details regarding who will control users’ information or how this data will be secured, caution is required to prevent today’s uncertainties from becoming tomorrow’s identity theft crisis.