Mark Zuckerberg is known for his boundless ambition. He’s had a longstanding fascination with Caesar Augustus, the Roman emperor who (in Zuckerberg’s words) “established 200 years of world peace.” So having conquered social networking, Zuckerberg has his eyes on something bigger: reshaping the global financial system.
Payment services from rivals like Apple and Google essentially offer an improved user interface for conventional credit card networks. Facebook, by contrast, is aiming to use blockchain-like technology to build a new payment network from scratch, complete with its own currency.
Facebook has assembled an impressive roster of launch partners for its Libra project. Visa, MasterCard, and PayPal are backing the effort. So are Uber and Lyft, as well as several venture capital firms and non-profit organizations.
But Libra’s future remains murky. Facebook is months away—at least—from actually launching a network. The documents Facebook released in June left a lot of unanswered questions about how the network will actually work—and in particular, how the network will deal with the wide range of legal and regulatory requirements that apply to payment networks.
Since Libra’s unveiling, the project has gotten a chilly reception from some policymakers. On Wednesday, Federal Reserve Chairman Jerome Powell signaled skepticism about Facebook’s plans for Libra.
“I don’t think that the project can go forward … without there being broad satisfaction with the way the company has addressed money laundering, all of those things,” Powell said in testimony before the House Financial Services Committee. He added that the project raised “serious concerns” for regulators.
According to The New York Times, even some of Facebook’s official partners are lukewarm on the project. Partners are slated to contribute $10 million each to help fund the launch of the network. But the Times’ Nathanial Popper reported in late June that “no money has changed hands so far,” and he noted that some of the companies who agreed to lend their names to the project avoided making strong public statements in support of it.
That reflects significant uncertainty about how Libra will actually work—and if it’s even possible to launch a network like this within the bounds of the law. Facebook is trying to build a payment system that combines the best characteristics of blockchain and conventional networks. But the result may wind up just being a contradictory mess that leaves almost everyone dissatisfied.
Libra will be optimized for performance
In the bitcoin network, thousands of computers called full nodes work together to maintain a shared ledger of bitcoin transactions. Bitcoin’s shared ledger is organized in a sequence of blocks—hence the term blockchain. Nodes use a computationally expensive technique called “proof of work” to decide who gets to add the next block in the chain. Each block contains a list of new transactions that becomes part of the official bitcoin transaction history.
At a high level, the Libra network is designed to work the same way. A group of computers distributed across the Internet will maintain a shared ledger of Libra transactions. To make a Libra payment you’ll submit a cryptographically signed transaction to one of the nodes in the network so it can be incorporated into the shared ledger.
But Facebook deliberately departed from the bitcoin template in some important ways—changes that are designed to avoid the bitcoin network’s shortcomings.
The most fundamental difference: the bitcoin network is fully open, while Libra isn’t. Anyone with significant computing power can participate in bitcoin’s process for verifying bitcoin transactions, a process known as mining because participants win newly created bitcoins. By contrast, participation in Libra’s transaction clearing process will be limited to a few dozen pre-approved organizations that are members of the Libra Association: those are the partners like Visa, MasterCard, and Uber we mentioned at the start of this story.
This design locks out potential troublemakers, allowing Libra to use a more lightweight consensus mechanism: one that won’t consume vast amounts of computing power—and energy—like bitcoin’s proof-of-work approach.
Bitcoin’s developers have maintained a hard cap on the size of blocks in the bitcoin blockchain. This keeps down the bandwidth and storage costs of running a bitcoin node, which allows small organizations and even individuals to participate. But the result of this is that the network can only process a handful of transactions per second.
The Libra network is designed for much higher throughput. “We anticipate the initial launch of Libra protocol to support 1,000 payment transactions per second,” Libra’s technical white paper states.
The bitcoin network adds new blocks to the blockchain once every 10 minutes, on average, and experts recommend waiting up to six blocks before considering a transaction final (the more blocks that appear after a particular transaction, the harder it will be to reverse the transaction). Hence, an hour can go by before bitcoin transactions are considered truly final.
Libra aims for a much shorter 10-second finality time. This is easier for Libra to achieve because it has a much smaller number of validation nodes, each of which can be assumed to have fast network connections.
Listing image by Aurich
Libra will support smart contracts—eventually
Ethereum introduced the concept of smart contracts: computer programs that are executed deterministically by a cryptocurrency network, with results stored in the blockchain. Not only does Libra employ a variant of smart contracts, the technology is deeply baked into the network’s design.
Facebook has developed a new programming language called Move that is designed to make it easy to write secure and verifiable code for execution on a blockchain. Nodes in the Libra network run a virtual machine that interprets Move bytecode. Many core functions of the Libra network will be implemented using bundles of Move code called modules that are stored in the Libra blockchain. Facebook argues that this design enhances the security and extensibility of Libra, since it will be possible to add new features to the Libra network merely by writing new modules.
At the same time, the complexity of executing a general-purpose programming language could create scalability challenges. So rather than letting users write modules with arbitrary code in them, the Libra network will initially come with a collection of pre-defined modules that perform common functions.
“While Move is used to define core system concepts, such as the Libra currency, users are unable to publish custom modules that declare their own resource types,” Libra’s technical white paper says. “This approach allows the Move language and toolchain to mature—informed by the experience in implementing the core system components—before being exposed to users.” Libra’s designers say that they “intend for future versions of the Libra protocol to provide open access to the Move language.”
This means that in principle Libra could become much more than just a payment network. The Ethereum community has experimented with a wide range of smart contracts that range from online gambling to collectible cryptokitties. But so far, no one has developed an application for smart contracts with truly mainstream appeal. If such applications do emerge, however, Libra may be well-positioned to take advantage.
Libra will be pegged to conventional currencies
Among the biggest hurdles to mainstream use of bitcoin and other conventional cryptocurrencies are their wild price swings. In the month of June alone, bitcoin’s value soared from $7,500 to almost $14,000, then crashed to around $10,000.
There have been a number of efforts to make “stablecoins:” cryptocurrencies whose value is permanently pegged to a conventional currency like the dollar. Facebook is pursuing a variant of this approach, pegging Libra to a basket of major conventional currencies.
This design will make it easier for Facebook to position Libra as a new global standard that’s not tied to any specific economy. Pegging Libra to a basket of mature currencies means that its value won’t fluctuate as much as bitcoin. But Libra’s value won’t be fixed to the dollar or any other conventional currency.
In practice, ordinary users probably won’t have to learn to think in a new currency. Their Libra balances will display in their home currency, and they’ll have the option to draw additional funds from a bank account or credit card as needed. But if users choose to hold balances in their Libra accounts, they’ll find that the dollar value fluctuates a bit from day to day. It’ll be interesting to see if users find this annoying, infuriating, or no big deal.
Facebook is wading into a regulatory thicket
US law imposes a wide variety of legal requirements on companies that run payment networks. Customer-facing payment networks must verify the identities of their customers and report suspicious transactions to anti-money laundering authorities. They must block payments to terrorist groups and hostile nations like Iran and North Korea. They may have to register as money transmitters in each state where they operate, and many states require money transmitters to post bonds to ensure they won’t defraud customers. And that’s just in the United States. Other governments around the world have their own rules.
Satoshi Nakamoto, the pseudonymous creator of bitcoin, found a clever way to sidestep all of these issues: design a network so that no one controls it. The bitcoin network operates by a strict set of rules that are collectively enforced by a global network of bitcoin miners. No single miner or group of miners has the ability to block, modify or delete transactions, limit access to the network, or change the network’s design. This decentralized structure effectively puts the bitcoin network beyond the reach of regulators because there’s no Bitcoin Inc. or any other entity they can fine for non-compliance.
US regulators started thinking seriously about these issues around 2013. Theoretically, regulators could have tried to shut down the bitcoin network for failing to comply with laws about money laundering, foreign sanctions, and the like. But bitcoin advocates convinced US officials that this would be counterproductive. Attacking bitcoin in the United States would have just driven mining activity overseas. The network would likely continue operating somewhere, and Americans could still access it using virtual private networks.
Instead, US regulators took a more pragmatic approach. They left the core bitcoin network unmolested and focused on enforcing compliance by cryptocurrency exchanges and other bitcoin intermediaries.
If you want to buy bitcoins on a mainstream exchange like Coinbase, you’re required to supply the same kinds of identifying documents you need to open a US banking account. Coinbase complies with the regulations of the Office of Foreign Assets Control, which administers sanctions against countries like Iran and North Korea.
This is an arrangement law enforcement can live with. If someone commits a crime using bitcoin (say, using it to pay for child pornography), investigators can conduct forensic analysis on the bitcoin blockchain (which makes every transaction public) to figure out where the bitcoins came from and where they went. Often, the user will have purchased his bitcoins with an intermediary like Coinbase. Investigators can subpoena Coinbase in the same way that they’d subpoena a conventional bank.
“I don’t understand how this is possible”
Facebook envisions a Libra ecosystem that looks a lot like the existing bitcoin ecosystem. Just as people use intermediaries like Coinbase to acquire and manage their bitcoins, Facebook envisions users interacting with the Libra network via exchanges and user-friendly apps—including Facebook’s own app called Calibra. Each company building a Libra payment service will need to hire its own lawyers to make sure it’s complying with all applicable laws.
A key assumption behind this plan is that the Libra network itself will operate beyond the reach of any country’s regulatory regime in the same way that bitcoin does. A Libra Association representative, Dante Disparte, articulated this principle in a recent interview with blockchain podcaster Laura Shin. Shin asked Disparte what would happen if a government like the United States demanded that the Libra Association blacklist certain Libra addresses in order to comply with sanctions laws—something that’s required of most conventional payment networks.
“The Association won’t interact with any jurisdiction,” Disparte said. “The Association has three macro-level functions: governance, management of a reserve, management of an open-source technology. The companies that offer consumers and citizens in different jurisdictions around the world are the regulated entities that provide an on- and off-ramp to Libra the currency.”
But this position has a fair number of skeptics. One of them is Jerry Brito, a lawyer who runs a blockchain-focused think tank called the Coin Center.
“I don’t understand how this is possible,” Brito tweeted. If the US government asked the Libra Association to block a list of Libra addresses, the Association’s members—big companies like Facebook, Mastercard, Visa, and Uber—would have little choice to comply, he argued.
Libra could get bogged down with regulations
And the same point applies to other laws governing payment networks. Brito pointed out that the Libra Association likely qualifies as a money transmitter under the Bank Secrecy Act. Other experts agree. That means the Libra Association may have to ask its users for identification and report suspicious transactions to authorities in the United States—and possibly in other jurisdictions, too.
You can make a similar point about any situation where payment networks interact with the legal system. For example, if someone hacks your computer and transfers your bitcoins to another account, there’s nothing the legal system can do about it—even if your stolen funds are still sitting in the hacker’s bitcoin account. No one has the technical ability to reverse a bitcoin transaction, and so the legal system can’t order that it happen.
But the situation is likely to be different if a hacker steals someone’s Libra coins. A judge could order the fraudulent transaction to be reversed, and it’s hard to see how the Libra Association or its members could refuse.
Of course, we can expect Facebook to dispatch an army of lobbyists and lawyers to argue that Libra should be treated like bitcoin. But Congress never passed a law stating that blockchain networks should be treated differently from conventional financial networks. The bitcoin network has been able to ignore regulations only because there’s no one for regulators to punish for bitcoin’s non-compliance. The Libra network won’t have that advantage.
Fed Chairman Jerome Powell made that clear in his Wednesday congressional testimony.
“Libra raises many serious concerns regarding privacy, money laundering, consumer protection and financial stability,” Powell said.
A group of Democratic lawmakers led by Rep. Maxine Waters (D-Calif.) raised similar concerns earlier this month. Libra “raises serious privacy, trading, national security, and monetary policy concerns for not only Facebook’s over 2 billion users, but also for investors, consumers, and the broader global economy,” they wrote.
Regulatory compliance could force changes to Libra’s design
Regulatory compliance won’t just be an implementation headache for the Libra Association and its members. It could have big consequences for the technical design of the Libra network.
For example, one of the most distinctive things about the bitcoin network is that all transactions are final. As we noted above, if a hacker steals your bitcoins, you’re just out of luck. This is a potential downside for users, but it also has some significant upsides. It’s a boon for merchants, who don’t have to worry about payments being reversed after a product has been delivered. And it simplifies the development of financial services built on top of the bitcoin network, since confirming the validity of a transaction is strictly a matter of cryptography.
But the Libra network may not have the option to just ignore fraudulent transactions. Courts and regulators may compel the Libra Association to return stolen funds. And even if they don’t, Facebook and the other Libra Association members will have strong incentives to avoid having fraud run rampant on the Libra network. Hence, the Libra Association will face strong pressure to add the capability to reverse fraudulent transactions.
But making transactions reversible—even occasionally—would mean giving up the simplicity of the bitcoin payment model. Merchants could no longer assume that a transaction was final as soon as it’s been accepted by the network. Financial services built on top of Libra would have to take into account the risk that a seemingly-valid transaction could get reversed hours or days after the fact.
Another example: the Libra network claims that “the Libra Blockchain is pseudonymous and allows users to hold one or more addresses that are not linked to their real-world identity.” But this design choice seems hard to square with the Bank Secrecy Act’s requirement that money transmitters identify their customers. So the Libra Association could be forced to add some rules requiring anyone building a Libra-based payment service to not only collect users’ identifying information but also to share it across the Libra network.
Facebook wants to make Libra permissionless, but that might not be possible
No single change here is going to be fatal to Libra’s ambitions to build a new global payment network. But if you combine all of these changes, you could easily wind up with a network that looks more like a conventional payment network than a blockchain network. You could wind up with a network where would-be payment app developers have to do stacks of paperwork before they can write their first line of code, where small organizations struggle to get approval to create Libra-based services, and where the functionality of services is constrained by legal requirements.
To be clear, this is not where Facebook and the Libra Association think Libra is going. “Our ambition is for the Libra network to become permissionless,” the Libra Association wrote in a white paper, using blockchain jargon for a bitcoin-like network that no one controls. “One of the association’s directives will be to work with the community to research and implement this transition, which will begin within five years of the public launch of the Libra Blockchain and ecosystem.”
But this aspiration may prove unrealistic. Beyond the issues we’ve already mentioned, Libra’s status as a stablecoin creates a problem. Libra has promised to hold conventional assets to back the value of all Libra in circulation. Someone is going to need to have custody of those funds. But it’s hard to see how such a stablecoin network can become permissionless, since whoever controls the funds backing the network’s currency will have de facto control over the network.
So far from gradually giving up control, the Libra Association is going to face pressure to exert ever more active control over the network to deal with issues like fraud and money laundering.