Privacy Concerns & Surveillance Risks

The privacy implications of CBDCs are arguably the most important aspect of this entire module. A CBDC gives the government a real-time, complete view of every financial transaction made by every citizen. This represents a surveillance capability without historical precedent. Even if current governments have benign intentions, the infrastructure itself creates risks that must be understood.

The Surveillance Architecture

In the current banking system, your financial data is fragmented:

• Your bank sees your account activity.
• Your credit card company sees your card purchases.
• Your mobile payment app sees transactions through their platform.
• Cash transactions are invisible to all of them.

A CBDC system unifies all of this into a single, government-accessible ledger. The central bank can see:

• Every payment you make and receive — amount, time, counterparty.
• Your total balance and spending patterns.
• Your location data (based on merchant locations for in-person payments).
• What categories of goods and services you spend money on.
• Your complete financial relationships — who pays you, who you pay, how frequently.

Specific Privacy Risks

1. Financial Profiling

Complete transaction data enables detailed behavioral profiling. Governments could identify and target:

• Political donors to opposition parties.
• People who attend protests (through purchases near protest locations).
• Individuals with "undesirable" spending patterns (gambling, alcohol, certain media).
• People who send money to or from specific countries or organizations.

Even if a government does not actively target these groups today, the data exists for any future government to use — or abuse.

2. Programmable Restrictions

CBDCs can be programmed with restrictions that physical cash cannot have:

• Spending categories: Welfare payments could be restricted to "approved" purchases. While this sounds reasonable for government subsidies, the same technology could restrict any citizen's spending.
• Geographic restrictions: CBDC could be programmed to only work in certain areas — preventing capital from leaving a region during a crisis.
• Time-based expiry: Money that expires if not spent by a certain date, forcing consumption. This has been openly discussed as a monetary policy tool.
• Social scoring: In extreme scenarios, CBDC access or limits could be tied to a social credit system — rewarding compliant behavior and punishing dissent. While no democracy has proposed this explicitly, China's social credit system combined with the digital yuan demonstrates the technical feasibility.

3. Account Freezing

Unlike cash (which you physically possess) or Bitcoin (which you control with private keys), CBDC exists on a government-controlled ledger. Freezing your CBDC account is as simple as changing a database entry. Governments could freeze accounts of:

• Individuals accused (not convicted) of crimes.
• Protesters or political activists.
• People who owe taxes or fines.
• Anyone flagged by automated systems (with potential for false positives).

This is not hypothetical. In 2022, the Canadian government froze bank accounts of citizens who donated to the trucker convoy protests — without court orders. A CBDC would make such actions faster, more comprehensive, and harder to circumvent.

4. Data Breach Risk

A centralized database containing every financial transaction of an entire population is an extraordinarily valuable target for hackers. A breach would expose:

• Complete financial histories of every citizen.
• Spending patterns, income levels, and financial relationships.
• Data that could be used for targeted fraud, extortion, or identity theft.

No government database has proven immune to breaches. The question is not whether the data will be compromised, but when and how badly.

"Controlled Anonymity" — A False Promise?

Many CBDC designs propose "tiered anonymity":

• Small transactions (e.g., under $50) are anonymous.
• Medium transactions require basic identity.
• Large transactions require full identity verification.

While this sounds like a reasonable compromise, critics point out:

• The thresholds can be lowered at any time by the government.
• "Anonymous" small transactions may still be correlated through metadata (timing, location, patterns).
• The infrastructure for full surveillance exists regardless of current policy — a future government could remove privacy tiers with a policy change, not a technology change.

The Sri Lankan Context

These privacy concerns are particularly acute in Sri Lanka:

• Political instability: Sri Lanka has experienced political upheaval, including the 2022 crisis that forced a presidential resignation. In times of political instability, financial surveillance tools can be misused by those in power.
• Institutional trust: Public trust in government institutions has been significantly eroded by the economic crisis, corruption scandals, and mismanagement. Asking citizens to trust the government with complete financial visibility requires a level of institutional trust that may not currently exist.
• Precedent risk: Even if a CBDC is launched with strong privacy protections, those protections can be weakened by future legislation. The infrastructure, once built, is permanent.