In a white paper released by Facebook, the company outlined the objectives and specifications of a new cryptocurrency called Libra. The cryptocurrency, which has been in development for a more than a year, is designed to allow payments to be processed over the internet globally, and to incorporate the 1.7 billion people around the world who don’t have a bank account or a line of credit.
While the cryptocurrency won’t fully launch until 2020, here’s what you should know before adopting the platform.
What is Libra?
Rumors have been circulating about a cryptocurrency developed and/or managed by Facebook for at least a year, and now it is finally out in the open for people to see in the form of Libra. Libra is a cryptocurrency managed by the Libra Association that allows users to exchange fiat currency for Libra (i.e. buy and sell Libra) for use in online transactions. In order to drive the widest adoption, Libra does not require users to have a bank account or a line of credit such as a credit card in order to own any Libra cryptocurrency — they simply have to convert money into or out of Libra to use it.
The Libra Association, the guiding hand for the fledgling cryptocurrency, is made up of partner companies. The most notable participants are payment processors like Visa, Mastercard, and PayPal. Together, these partners ensure that payment processing is fast, accurate, and reliable so that transactions are as frictionless as possible.
How does Libra work?
There are a few components that make Libra what it is, but the main ones are the role of the Libra Association and the Libra reserve.
The Libra Association is responsible for running the validator nodes, the computing server clusters that process transactions, and, as such, are the only ones allowed to actually add or remove Libra from circulation. At launch, the association will run 100 of these nodes, but the number will increase as scaling requires, and as more partners join.
This setup distinguishes Libra from most other cryptocurrencies. Whereas more common cryptocurrencies like Bitcoin are decentralized and task the individual with maintaining the global ledger by “mining” coins (i.e. performing cryptographically verifiable “proof-of-work” computations), Libra is centralized and computed entirely by the Libra validator nodes. To maintain accuracy and prevent double-spend attacks, the Libra validator nodes use a system known as Byzantine fault tolerance, in which nodes can find a way to reach a consensus (in this case, on the state of Libra transacted) even when the nodes can’t all agree on the state of other nodes. Specifically, it uses a variant of the HotStuff Byzantine fault tolerance protocol dubbed LibraBFT, which can supposedly accommodate failure or unknown states by up to a third of all validator nodes.
The other major piece to Libra is its reserve. Many decentralized cryptocurrencies, notably Bitcoin, suffer from volatile valuation. While this can prove lucrative for high-risk investment purposes, Facebook sought to create a more stable cryptocurrency to encourage it as a means of facilitating ordinary online consumer transactions. Libra does this by backing all its issued digital currency by a reserve. Founding Members are required to pool money into the reserve, with the prospect of a return on their investment via dividends from low-yield investment of the reserve’s assets. You can also contribute to the reserve when they exchange fiat currency for Libra. By pegging Libra to government-issued currency, the idea is that value will stay relatively constant.
What does this have to do with Facebook?
While Libra is Facebook’s brainchild, and Facebook developed much of the codebase for Libra, the company insists that it will serve as a regular Libra Association member, without being accorded any special authority or privilege. Essentially, Facebook vows it will only get one vote, like every other member. Whether Facebook will have an equal share in the validator nodes, though, is unclear. Ostensibly, since Facebook likely has the greatest compute power of any of the partners, it would host the most validator nodes.
What’s also unclear is how Facebook plans to use Libra throughout its various apps and services. It’s not hard to imagine integration in Facebook Messenger for peer-to-peer transfers or for purchasing products in Facebook Marketplace, but nothing has been confirmed so far.
Can we trust it?
Facebook has been plagued with scandals and data breaches over the past couple of years, making some rightfully dubious about the privacy of this financial services. That being said, Libra does have some important security features in place to protect your money.
The platform is programmed in Rust, which is generally considered good at handling memory, and the smart contract element is written in Libra’s own Move language, which takes pains to restrict how data can be moved. Although Byzantine fault tolerance is considered the hardest class of systemic failures to solve in computing, the HotStuff protocol has significant strengths in its specification.
In terms of privacy, it is unclear how well the platform will handle it. Libra’s website insists that “The association itself is not involved in processing transactions and does not store any personal data of Libra users,” but they are responsible for running the validator nodes, which will be party to your data. They also insist that they will aid law enforcement, which would not be possible unless they retained some amount of user data. Even if validator node operators did not share data among themselves (beyond what is necessary for completing user transactions, obviously), there could be issues. If this platform is truly global, as Libra intends, even the portion of traffic that one node would be handle could be lucrative for data monetization purposes, especially with the network starting out at only 100 nodes.
The Libra site also promises that “transactions do not contain links to a user’s real-world identity.” This also seems hard to believe. The whole basis for how cryptocurrencies function is that any observer can verify where funds have gone, a function which Libra has preserved in spite of its centralized architecture. Even if this claim is true, behavior patterns can easily identify users in the absence of explicit identities.
The announcement from Facebook stated that “Calibra will not share account information or financial data with Facebook or any third party without customer consent. This means Calibra customers’ account information and financial data will not be used to improve ad targeting on the Facebook family of products.” It should be stressed that you technically “consent” when you agree to the arcane user agreements that come with any app or platform, so this is not really a substantive assurance from Facebook. And, second, although Libra may well rule out ad sales, data could be sold to financial institutions for use in determining credit scores, for instance.
Considering Facebook’s less-than-sterling record on user privacy, you are right to be suspicious of Libra’s privacy claims. The open-source codebase, however, could help alleviate concerns, assuming it is properly audited by impartial third-party observers and made accessible.