The Erosion of Financial Privacy - Marginal REVOLUTION

Here is a bit on privacy from Eric Hughes’s Cypherpunk’s Manifesto of 1993.

Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.

…Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction….In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.

Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.

I am saddened and dispirited by the evolving situation. Privacy is losing. Cash has nearly vanished without being replaced by cryptographically private alternatives. Instead, we rely on credit cards, debit cards, Venmo, PayPal, and other systems that log every transaction in vast databases.

Cash gave us substantial privacy by default because there was no technological alternative but there was never a collective vote for cash or, sadly, a consensus for privacy. You might hope that people would demand to keep the privacy rights they they once had but no. The populace seems indifferent to the erosion of privacy. Instead, paranoia about criminals hijacks the narrative. “What about the sex traffickers and terrorists?!” they shout. People seem more than willing to give up their privacy in exchange for a promise of security–false though the promise may be. Thus, we get ever more draconian regulations, effectively strangling our financial freedom. The $10,000 cash rule, for example, is insane, a reflection of Nixonian paranoia and not fit for a free society.

If you deposit or withdraw cash in excess of $10,000, your bank must fill out a currency transaction report (CTR) on a Department of the Treasury Financial Crimes Enforcement Network (FinCEN) Form 104. The person making the deposit or withdraw must provide identification to the bank, and the bank must report details of the transaction as well as the name, address, social security number, and birthdate of the person making the deposit or withdrawal. Multiple deposits made in one day must be added together and will trigger the reporting requirement if, combined, they exceed $10,000.

Bankers are also required to file suspicious transaction reports (STRs). Withdrawing or depositing amounts just under $10,000 often does not succeed in avoiding reports to the government, because STR’s have no dollar limit. A person who withdraws $8,000 three times in a week may trigger the filing of an STR, and that person will not be notified that the STR was filed. Banks are also directed to perform account audits to look for suspicious activity. If the banking activity is not consistent with the “customer’s profile,” banks are directed to file a suspicious activity report (SAR).

Reporting requirements are not limited to banks. Business are also required to report cash transactions over $10,000. Any business (including a sole proprietorship) that receives more than $10,000 in cash in a single transaction or in related transactions must file an IRS Form 8300. If a business or individual fails to file a Form 8300 when required, the business or individual can be fined. The penalty for intentionally disregarding the filing requirement is the greater of $25,000 or the amount of cash received in the transaction not to exceed $100,000.

Currency transaction reports and suspicious transaction reports, do they not sound like something the Stasi would demand in communist East Germany? A free people would throw off this outrageous transgression. But could we get rid of such rules today? Could we even index the rules to inflation? $10,000 in 1970, when the Bank Secrecy Act was passed, is about $80,000 today.

Privacy suffers from a collective action dilemma: individually it isn’t worth much and so we don’t defend it, but lack of privacy is immensely costly when lost en masse. Moreover, our data, en masse, is worth a lot to corporations and governments. Thus privacy has few defenders and strong attackers.

We are on technology path that by default leads to less and less financial privacy. Another path exists, a path on which technology safeguards our financial privacy, but that path must be chosen and time is running short.