Billions of words have already been said and written about the new ambitious project “made in” Facebook, Libra. In the following lines, we will not examine the project when it comes to its White Paper and its pretty clear ambitions, but we will try to propose a privacy-centric analysis based on Facebook statement.

Far from a cynical use of the recent scandals related to privacy and user data protection, the intent of this article finds its roots in a profound and somewhat justified concern in regards to the privacy question Facebook asks for the last decade and the financial privacy question Facebook will ask from 2020. As for the methodology, we will use Facebook’s official sources primarily, including but not limited to its Libra White Paper and Calibra’s website.

A Privacy Journey with Libra

calibra.com

Our journey began when David Marcus and his team released the so-expected White Paper of Facebook’s Global Cryptcoin, aimed to be launched in 2020. All the cryptosphere has seized the subject with no time, accompanied by most of the financial press and the high tech community.

As for us, we proceeded to a straightforward game, ctlr F: privacy, to check how will live the upcoming Facebook Coin in the light of an uncommon increasing concern when it comes to our privacy death foretold.

And here are the elements we have found.

Safe. Secure

On Calibra’s website, under the tab “About the Currency”, you can easily find the company’s vision when it comes to privacy:

“Your transaction activity is private, and we will never post it publicly. Calibra is a subsidiary of Facebook that has been set up to be separate to help protect your financial and account information. Learn more about security and privacy on Calibra.”

The first impression is that Facebook took it seriously this time and commits to keeping our Libra transactions private, statement illustrated by the fact the State-size-Company has set-up a separate company to handle the development of the coin.

Learn more about Privacy

So we’ve clicked on Learn more, but we didn’t learn that more actually.

The link redirects us to a PDF where we can read:

“Facebook teams played a key role in the creation of the Libra Association and the Libra Blockchain, working with the other Founding Members. While final decision-making authority rests with the association, Facebook is expected to maintain a leadership role through 2019. Facebook created Calibra, a regulated subsidiary, to ensure the separation between social and financial data and to build and operate services on its behalf on top of the Libra network. Once the Libra network launches, Facebook, and its affiliates, will have the same commitments, privileges, and financial obligations as any other Founding Member. As one member among many, Facebook’s role in governance of the association will be equal to that of its peers.”

In another word, Calibra, as a separate legal entity, owned by Facebook Inc., shall be considered as the guarantor of Libra’s users’ privacy. A little light, you’d admit.

In the same document, Calibra provides its vision when it comes to sharing account information or financial data with Facebook.

Pretty straightforward actually, as you may see:

“Aside from limited cases, Calibra will not share account information or financial data with Facebook, Inc. or any third party without s customer consent. For example, Calibra customers’ account information and financial data will not be used to improve ad targeting on the Facebook, Inc. family of products.”

Let us rephrase, Calibra will not share any kind of financial data with Facebook or any 3rd party unless you, meaning the user, will provide your consent.

Question is how Calibra will request your consent? Won’t it be hidden somewhere in a long “Terms of Use” document that nobody reads but everyone agrees to? And how you will be able to review this expected acceptation over time?

We still don’t know.

But let’s get back to the corpus, the first sentence of the quoted passage says everything about Calibra’s consideration when it comes to financial data.

“Aside from limited cases.” Privacy in general and Financial Privacy, in particular, are not asymmetrical. Nuances are quite dangerous, especially when the Judge is a for-profit company with very questionable ethics.

What are these limited cases, according to Calibra?

Here we go: Preventing fraud and criminal activity — Compliance with the law — Payment processing and service providers.

Let’s review these limited cases one-by-one.

Preventing fraud and criminal activity

This is the easiest one actually since Calibra will share your financial data when it feels you are using Libra to commit fraud, pose a security threat or any kind of criminal activity. Here no surprise, as a subsidiary of a US-based public entity, Calibra will collaborate with authorities to avoid illegal use of its coin.

But who is the judge? Is Calibra pretending to appreciate by itself what is a criminal activity, or will it answer to an official request to access financial data? No clue here. The answer, according to Facebook past, finds itself in the middle.

Calibra will most likely build and implement automated SOPs and AI-based tools to prevent any kind of malicious use of the coin, and for sure, it will share data with relevant authorities. But will you know, as a coin holder, that you will be under an “investigation” if and when it will happen? Will you know, if you are aware, what are the charges? Or will Calibra act as both judge and executioner?

Compliance with the law

Calibra will respect the law. Fine. But which one? The US one, since Facebook is American? Swiss one? Since Calibra is based in Geneva? And again, will you know in real-time once Calibra will share your financial activities with your local Tax office?

Payment processing and service providers

Here, Calibra’s quote talks for itself.

“When you authorize a payment, we share data with third parties necessary to process that transaction. We also share Calibra customer data with managed vendors and service providers — including Facebook, Inc. — that support our business (e.g., to provide technical infrastructure or direct payment processing). In both cases, we share only the Calibra customer data that is necessary for completing the defined activity or service.”

In another word, each time you will proceed to a payment using Libra, third parties, vendors, service providers, and even Facebook will get your data.

Well, here, the “limited cases” statement falls apart. No limitation. I all cases Calibra will share your financial data with everybody.

To summarize, based on what Calibra released earlier this week and although it claims officially financial privacy of Libra’s users will be protected, it is easy to understand Facebook Coin does not aim to respect its troth.

In no cases, it seems Libra’s user financial data will be protected and kept private.

Libra is Beam’s Doppelganger

Courtesy to CW — The Flash — Zoom, The Flash’s Doppelganger

We will have to be patient since Libra’s launch is scheduled for 2020, and far from the jealousy-based critics, we offered here a text commentary… in the text to find Libra has been thought and designed as a Doppelganger of all cryptocurrencies.

To simplify things, crypto users will have to choose whether they are willing to renounce on their financial privacy by using Libra, or will they want to protect it and keep it private by using Beam?

So a word to the wise.