Financial Surveillance and the State
- Chapter 10: Financial Surveillance and State Control
- Introduction
- 10.1 Intervention Theory: Autistic, Binary, Triangular
- 10.2 Autistic Intervention and Privacy
- 10.3 Binary Intervention and Privacy
- 10.4 Triangular Intervention and Privacy
- 10.5 Central Bank Digital Currencies as Total Intervention
- 10.6 The Adversarial Decision Cycle
- Chapter Summary
- Endnotes
Chapter 10: Financial Surveillance and State Control
“The State is an organization of the political means.”
Franz Oppenheimer, The State (1907)^1^
Introduction
Murray Rothbard’s intervention typology distinguishes autistic and binary intervention from triangular intervention, in which the state imposes on third-party exchanges.^2^ The framework illuminates how states surveil and control through finance, culminating in Central Bank Digital Currencies that combine all three intervention types.
10.1 Intervention Theory: Autistic, Binary, Triangular
Rothbard’s Framework
Rothbard developed a systematic typology of government intervention in Power and Market.^2^ All intervention involves the use or threat of violence to alter behavior that would otherwise occur in unhampered markets.
Autistic intervention involves commands directed at individuals without any exchange taking place. (Rothbard uses “autistic” in its technical economic sense, derived from Mises, meaning self-contained or non-exchange action, not in any psychological sense.) The state orders: do this, do not do that. No transaction occurs; the individual is commanded. Examples include conscription and compulsory schooling, as well as prohibitions on consumption.
Binary intervention involves the state as a party to an exchange, typically involuntary from the other party’s perspective. Taxation is the classic case: the state takes wealth from individuals, giving nothing in return that the individual would have voluntarily purchased. Asset seizure and eminent domain, along with confiscation, are binary interventions.
Triangular intervention involves the state imposing on exchanges between third parties. The state is not a party to the transaction but dictates its terms. Price controls and licensing requirements, along with mandatory contract terms, are triangular interventions. The state forces or forbids exchanges it does not participate in.
Application to Financial Privacy
This framework illuminates financial surveillance. Autistic intervention encompasses commands regarding privacy behavior, such as encryption bans or prohibitions on anonymous transactions. Binary intervention involves state extraction of information or assets through subpoenas and seizures, along with compelled disclosure. Triangular intervention imposes mandates on private transactions, such as KYC requirements forcing banks to collect customer information before providing services.
Most financial surveillance operates through triangular intervention. The state does not directly surveil citizens (which would require resources and face constitutional constraints). Instead, it forces private institutions to surveil on its behalf, bearing the costs while providing the data.
10.2 Autistic Intervention and Privacy
Direct Criminalization
Autistic intervention in privacy takes the form of direct prohibitions on tools and behaviors. U.S. export controls until 1996 classified cryptographic software as “munitions,” treating mathematical algorithms as weapons that required government permission to share, and some nations still restrict encryption strength or require key escrow.^15^ Proposals to ban privacy coins, coinjoining^16^ services, or anonymous communication tools fit the same category: the individual is commanded, and no exchange with the state occurs.
Economic Analysis
Autistic intervention in privacy faces inherent limitations. The state cannot easily detect privacy tool usage without the surveillance it seeks to impose; encryption looks like random data, and its presence is deniable. Direct prohibition requires identifying violators, which requires the surveillance capability that privacy tools defeat; the intervention is self-undermining. Digital tools cross borders, so prohibition in one jurisdiction shifts activity instead of eliminating it.
These limitations explain why states prefer triangular intervention for financial surveillance. Direct prohibition is resource-intensive and often ineffective against technically sophisticated users.
10.3 Binary Intervention and Privacy
State as Extracting Party
Binary intervention places the state as a party to involuntary exchange, extracting from individuals instead of imposing on third-party transactions.
Civil asset forfeiture enables seizure without criminal conviction. Property is accused of connection to crime; the owner must prove innocence to recover assets. This binary intervention extracts wealth while creating chilling effects on financial privacy.^17^
Court orders forcing individuals to reveal passwords or encryption keys, as well as account information, are another form of binary intervention. The state extracts information directly, using contempt sanctions to coerce compliance.
Government demands for records held by individuals (as opposed to third-party reporting requirements) are also binary interventions. The individual must surrender information to the state.
While taxation itself is binary (the state takes, the individual receives nothing), compliance requirements impose additional binary burdens. Individuals must disclose financial information to demonstrate compliance, revealing private activity regardless of tax liability.
Resistance and Limits
Binary intervention faces the target directly. Unlike triangular intervention operating through intermediaries, binary intervention requires the state to identify, locate, and coerce specific individuals.
In some jurisdictions, direct government extraction faces procedural requirements (warrants, probable cause) that triangular intervention circumvents. The Fourth Amendment constrains what the state can demand directly but not what third parties collect and report.^18^
Forced disclosure of encrypted data faces the practical problem that compliance cannot be verified. If the defendant claims to have forgotten a password, proving otherwise requires showing knowledge that, if the state possessed it, would make compulsion unnecessary.
Properly implemented encryption resists binary intervention entirely. The state can demand keys, but if keys were never stored or are forgotten, the demand cannot be satisfied. The Axiom of Resistance operates in practice here.^3^
10.4 Triangular Intervention and Privacy
The Preferred Mechanism
Triangular intervention is the primary mechanism of financial surveillance. Instead of directly commanding individuals or extracting from them, the state imposes on private transactions, forcing parties to modify their exchanges.
The Bank Secrecy Act of 1970 exemplifies this mechanism. Despite its name, the BSA destroyed bank secrecy by requiring financial institutions to maintain records and report transactions. Banks must file Currency Transaction Reports (CTRs) for cash transactions over $10,000 and Suspicious Activity Reports (SARs) when they know, suspect, or have reason to suspect that a transaction meets the applicable suspicious-activity standard.^4^ This is triangular intervention: the state imposes on bank-customer relationships it is not party to. The bank must surveil customers; customers must submit to surveillance to access banking.
Know Your Customer mandates force financial institutions to collect and verify customer identity before establishing relationships. The customer-bank exchange is conditioned on information disclosure to satisfy government requirements. Anonymous purchase threshold laws follow the same structure: Alice and Bob wish to transact privately above a specified amount, and Charlie (the state) forbids it. The state is not a party to the exchange; it dictates terms to parties who would otherwise have agreed differently. The threshold triggers a disclosure obligation imposed on both buyer and seller, not a command directed at either in isolation. KYC and Customer Identification Program rules require specified identifying information for customers and, for legal-entity customers, beneficial-ownership information; depending on the customer’s risk profile, institutions may also request proof of address or source-of-funds documentation. This information serves surveillance, not the bank’s commercial interest. Banks would prefer simpler, less costly customer relationships; KYC is imposed externally.
Third-party reporting requirements compel financial institutions to report to government agencies: CTRs, SARs, FATCA filings for foreign accounts, Form 1099s for income. The individual’s financial activity is reported without their consent, often without their knowledge.
Monopoly Grants as Triangular Intervention
Monopoly, in the praxeological sense, is a grant of exclusive privilege by the state, not a dominant market position achieved through superior service. Rothbard distinguished between market dominance (where a single seller emerges through voluntary exchange) and monopoly privilege (where the state prohibits competition). Only the latter is monopoly proper.
Financial surveillance relies on monopoly grants. Banking licenses restrict who may accept deposits, creating a cartel that must obey surveillance mandates to maintain its privilege. Payment network regulations restrict who may transmit money, ensuring all major pathways are surveilled. Legal tender laws require acceptance of state currency, channeling transactions through monitored systems. Each monopoly grant creates a point of control: the state offers exclusive privilege, and the price is surveillance compliance.
The most fundamental monopoly grant is the exclusive right to issue the currency itself. The Federal Reserve holds the sole legal authority to create U.S. dollar-denominated base money.^19^ The surveillance dimension is secondary to the fiscal one: any good produced under competitive conditions will see its price driven toward its marginal cost of production. Paper currency costs fractions of a cent per note to print. If competitors could legally issue dollar-denominated currency, competition would drive the exchange value of that currency toward its production cost, eliminating the gap between face value and cost (the gap the state captures as seigniorage). The currency monopoly is therefore the precondition for money printing as a revenue source. Open competition in currency issuance would extinguish seigniorage as surely as open competition in any other industry extinguishes above-cost returns. Legal tender laws and counterfeiting prohibitions together preserve this gap, ensuring that base-money creation remains a state fiscal instrument, insulated from competitive pressure.
This explains why privacy-preserving alternatives face legal attack. Bitcoin threatens the currency monopoly,^5^ unlicensed money transmission threatens the payment monopoly, and privacy coins threaten the surveillance infrastructure built on these monopolies. The legal response is predictable: extend monopoly protections to exclude competition.
Why States Prefer Triangular Intervention
Triangular intervention offers advantages over autistic and binary approaches.
Banks bear surveillance costs; compliance infrastructure (personnel, technology, reporting systems) is privately funded but serves government objectives. Major banks spend billions annually on compliance, and these costs are ultimately borne by customers and shareholders.
Information collected by private parties under commercial authority faces fewer legal protections than information the government collects directly. Third-party doctrine holds that information shared with private parties loses constitutional protection. Banks serve millions of customers, so forcing banks to surveil achieves broad coverage that direct government surveillance could not match.
Rothbard observed that interventions create problems requiring further intervention, and Mises analyzed the underlying mechanism.^6^ Interventionism is unstable because each intervention produces consequences it did not intend, and those consequences invite further intervention to address. At each step the state confronts a choice between withdrawing the original intervention and extending it; the political economy of administration produces extension, because the apparatus built for the first step is already paid for and staffed. Financial surveillance has followed this pattern across five decades. The Bank Secrecy Act of 1970 imposed reporting requirements that revealed gaps. The Money Laundering Control Act of 1986^20^ closed some gaps by making the underlying conduct a predicate offense and adding Suspicious Activity Reports to the Currency Transaction Report regime. The USA PATRIOT Act of 2001^21^ extended the regime to non-bank money-service businesses whose growth had been one of the revealed gaps. The 2016 Customer Due Diligence rule^22^ required banks to identify beneficial owners behind legal-entity customers, closing the gap that shell companies had opened. The FATF Travel Rule extension to virtual-asset service providers in 2019 and its global rollout through 2024 closed the gap that non-custodial crypto transfers had opened. Each step was a logical response to a gap the previous step exposed, and each step enlarged the surveillance apparatus that would expose the next gap. No equilibrium holds at any intermediate level: the retreat direction has no political constituency inside the apparatus, and the extension direction has a predictable one on every budget cycle.
Economic Effects
Triangular intervention distorts the transactions it targets.
Resources devoted to surveillance (personnel, technology, legal, reporting) are unavailable for productive activity. This is a deadweight loss: surveillance does not create value for the parties to the transaction. Banks, facing regulatory risk from “suspicious” customers, deny services to entire categories: cryptocurrency businesses, cannabis companies, politically disfavored groups, even individual account holders flagged by opaque algorithms. The intervention cascades into complete exclusion from financial services.
Knowledge of surveillance alters behavior. Market participants avoid legitimate transactions that might trigger reports, and economic coordination suffers as parties steer away from flagged activities. Financial privacy disappears as full transaction records accumulate in government databases. The “financial panopticon” makes economic activity legible to state observation.
10.5 Central Bank Digital Currencies as Total Intervention
From Triangular to Direct Intervention
Chapter 9 established that today’s monetary architecture interposes commercial banks between citizens and base money. Citizens hold money substitutes (claims on banks), not base money itself. This buffer forces the state to work through intermediaries: banks collect data under regulatory compulsion, and the state accesses it through legal process. Financial surveillance currently operates primarily through triangular intervention.
In the strongest retail CBDC designs, this indirection would narrow sharply or disappear. As Chapter 9 explained, some CBDC models give citizens digital base money directly at the central bank, bypassing much of the commercial-bank buffer. From an intervention perspective, that shift is decisive because the state would need fewer third parties to compel. The closer the central bank moves toward being the bank, the more direct the account relationship becomes.
This changes the economics of intervention. In the strongest versions, observation no longer depends on subpoenas because the state reads its own ledger. Control no longer depends on the same regulatory mandates because the state administers its own system. The costs and frictions of triangular intervention shrink sharply. What once required legal process and institutional compliance can move much closer to automatic administration.
Total Intervention
Central Bank Digital Currencies can combine all three intervention types into a unified control mechanism. Some CBDC architectures support programmability and can expand surveillance and control well beyond what cash allows, while others are publicly framed as more privacy-preserving or more tightly intermediated.^7^ Programmability is a design choice within digital currency, and a CBDC could be designed to replicate more cash-like properties: anonymous or bearer-like, and free of spending restrictions. Institutional incentive runs in one direction: most public proposals move toward greater traceability and control than physical cash allows.
CBDC rules can prohibit transactions directly through what amounts to autistic intervention embedded in the monetary infrastructure. The currency itself refuses to execute disfavored payments. Prohibitions on anonymous transactions or purchases of restricted goods, as well as payments to blacklisted recipients, become automatic. No prosecution is needed; the transaction fails.
Where CBDCs establish direct central bank accounts for citizens, they enable binary intervention without third-party collection: the state extracts transaction data directly, and economic activity becomes visible to the monetary authority at the point of settlement. There is no subpoena to issue and no bank to compel. Observation becomes much more immediate because the state is closer to being the counterparty to every balance.
A strongly programmable CBDC can also impose on private transactions through triangular intervention, for example by pressuring merchants to accept the currency, verify customer compliance status, or enforce spending restrictions. The state then controls exchanges it is not party to through the monetary medium itself.
Programmable Control
Certain CBDC designs can support interventions impossible with physical cash or current digital money. Money can be programmed to expire, forcing spending and preventing saving; this implements negative interest rates without the zero lower bound. It can be constrained to specified regions, so that a welfare payment might spend only at approved vendors or a regional stimulus might not leave the targeted area. It can refuse purchase categories, blocking payments for alcohol, tobacco, firearms, or politically disfavored goods at the monetary level. Transactions can require verified identity of both parties, making anonymous exchange impossible and ensuring every transaction is attributed. Some designs could also tie spending to broader compliance conditions.
The Two-Tier Illusion
Some central banks propose “two-tier” or intermediated CBDC designs that maintain commercial banks as customer-facing intermediaries, claiming this preserves the existing architecture. That claim needs qualification.
In a two-tier or intermediated CBDC, commercial banks or payment service providers remain customer-facing while the central bank retains issuance and core infrastructure functions. The commercial bank can become more of a front-end interface than an independent monetary intermediary, though the degree of disintermediation depends on the design. The buffer that Chapter 9 identified, where citizens hold claims on commercial banks and not direct central bank liabilities, may narrow sharply depending on how much control the central bank retains over settlement and rules.
Because the money is its liability, the central bank can set or constrain key rules around settlement and access. Depending on the legal and technical architecture, it may also gain broad visibility into retail payments or the ability to impose restrictions through intermediaries. Commercial banks in a two-tier CBDC can remain service providers operating within parameters the central bank defines instead of fully independent institutions creating money substitutes. The surveillance and control capabilities can remain substantial even when the user interface is delegated.
The Adoption Mechanism
Praxeological analysis reveals why explicit prohibition is unnecessary for CBDC adoption.
Autistic intervention (banning cash) is costly: it requires enforcement and generates resistance, while also making the control objective visible. The state has strong incentive to achieve the same outcome through less resistant means. If citizens adopt CBDCs voluntarily, enforcement costs vanish and political opposition never mobilizes.
The incentive structure favors voluntary adoption because CBDCs can offer real conveniences such as instant settlement, integration with government services, and smartphone accessibility. For individuals with high time preference, immediate convenience outweighs abstract future risks. Revealed preference in existing digital payment adoption shows that most individuals choose convenience over privacy when the tradeoff is not salient. The state need only ensure CBDCs are more convenient than alternatives.
Network effects create path dependency that is hard to reverse once established. As CBDC adoption increases, cash-handling infrastructure becomes less economical: banks face costs maintaining cash services for declining usage, while merchants face costs handling physical currency for fewer transactions. Each actor, pursuing their individual interest, rationally reduces cash infrastructure. The aggregate effect is that cash becomes progressively less practical regardless of legal status.
This dynamic has historical precedent. Sweden’s use of cash fell sharply over the 2010s without a formal cash ban, reaching roughly one in ten purchases as digital payments became dominant and cash infrastructure contracted.^8^ The economic logic operates independently of CBDC specifics.
The likely endpoint of this path is clear enough even if the timeline is not: when cash infrastructure contracts beyond practical usability, CBDC usage can become mandatory in effect though voluntary in form. Surveillance that individuals first choose for convenience can become surveillance that is costly to escape without exiting the national currency entirely.
The Human Rights Foundation tracks this progression globally. As of 2025, more than 130 countries and currency unions are exploring CBDCs, though these activities differ substantially.^9^ Research and study are widespread, but full deployment remains limited. Most jurisdictions are in exploratory phases, running pilots with limited participation or studying technical feasibility. Exploration does not commit a jurisdiction to deployment, and many pilot programs are discontinued before they reach the public. Several authoritarian regimes have launched retail CBDCs, with China’s digital yuan the most prominent example, while democratic nations generally proceed more cautiously. The Foundation argues that autocracies remain the leading edge of live deployment.
The Rollout Record
Empirical results from the first wave of retail CBDC launches illuminate what the theoretical analysis predicted and what it did not.
The Nigerian eNaira is the clearest negative case. The Central Bank of Nigeria launched it in October 2021 as the first retail CBDC in a large African economy. Adoption remained below one percent of the adult population through 2024, and in late 2024 the central bank withdrew a substantial fraction of circulating tokens as part of a broader policy shift. Nigeria did not show that CBDCs fail. Nigeria showed that the adoption mechanism described above depends on the CBDC being more convenient than the available alternatives, and Nigerians had access to mobile-money services that were already more convenient than the eNaira. When the state’s product is less convenient than the incumbent and the autistic alternative of cash prohibition is too politically costly to pursue, the voluntary-adoption pathway fails.
China’s e-CNY is the clearest positive case in a state that has both the regulatory capacity and the surveillance ambition to impose adoption. The People’s Bank of China reports cumulative transaction volumes in the trillions of renminbi and deployment across every major city. Deployment depth tracks regulatory depth. Adoption is highest in jurisdictions where state employers and local tax authorities and merchant regulations together steer transaction flow into the system. China confirms what section 10.5 argued. A retail CBDC reaches deployment scale when the regulatory architecture around it routes payments into it and out of alternatives, and the monetary design choices matter less than the institutional pressure applied by the issuer.
The European Central Bank moved the Digital Euro from its preparation phase into its next phase at the end of October 2025. On the published schedule, the pilot begins in late 2026 assuming the supporting legislation is adopted, with potential first issuance in 2029. Design decisions remain open on the privacy architecture, on the holding limit, on the online-versus-offline treatment, and on the range of programmability permitted at the protocol level. The open questions illustrate that the politics of CBDC deployment in a democratic monetary union turn on the currency’s capabilities, and the public debate in the member states has focused on whether an offline mode can deliver cash-like privacy in practice and whether programmability can be constrained by statute.
The United States moved in the opposite direction. Executive Order 14178, signed in January 2025, prohibits federal agencies from developing or issuing a U.S. retail CBDC. The order terminated the research activity authorized under the preceding administration. Regulated dollar-backed stablecoins are the explicit alternative favored by the order. A retail CBDC and a regulated dollar-backed stablecoin share many of the same surveillance capabilities when the stablecoin issuer is subject to KYC and AML and asset-freezing obligations. The difference is that the stablecoin leaves the surveillance compulsion with private issuers, which preserves the triangular-intervention mechanism the chapter has already analyzed, whereas the retail CBDC would have moved the compulsion directly onto the central bank. A preference for the older architecture over the newer one is not a rejection of financial surveillance.^10^
Cross-Border Settlement and the BRICS Split
The retail CBDC question is one axis. The wholesale cross-border question is a separate axis, and its politics have moved quickly enough that the history now divides cleanly.
The Bank for International Settlements’ mBridge project connected the central banks of China, Hong Kong, Thailand, and the United Arab Emirates, with the Saudi Central Bank joining in mid-2024. The project’s stated goal was to demonstrate multi-CBDC cross-border settlement without correspondent banking. In late 2024 the BIS withdrew from the project. The public framing emphasized that mBridge had reached minimum viable product status and that the BIS had completed its role. Several analyses published afterward observed that mBridge had become usable as an alternative to correspondent channels that run through the U.S. dollar and SWIFT, and that the withdrawal coincided with the political sensitivity of the BIS hosting such an alternative in the context of the 2024 BRICS summit. Whatever the causal weight assigned to those factors, the project has continued without BIS participation.
The BIS launched Project Agora in April 2024 as a parallel effort connecting the Federal Reserve Bank of New York, the European Central Bank, the Bank of England, the Bank of France, the Bank of Japan, the Bank of Korea, the Bank of Mexico, the Swiss National Bank, and the Central Bank of Brazil. Project Agora is designed around wholesale CBDC and tokenized commercial-bank deposits, and its participant list is the set of central banks in political alignment with the post-Bretton Woods financial order. The cross-border monetary architecture has split along the same lines the surveillance architecture has split. One group of central banks is building cross-border rails that route around U.S.-denominated settlement and its associated reporting regime. Another group is building cross-border rails that integrate with it. The choice of rails determines the choice of observer.^11^
The Travel Rule and the Chain-Analysis Layer
Financial surveillance does not stop at the bank perimeter. The Financial Action Task Force’s Recommendation 16, commonly called the Travel Rule, requires that transfers above a threshold carry originator and beneficiary information through the entire payment chain. Extended to virtual-asset service providers in 2019 and rolled out through 2024 across most jurisdictions that regulate cryptocurrency exchanges, the rule extends the triangular-intervention architecture into the crypto-asset market. The architecture is the same as the banking architecture: regulated intermediaries are compelled to surveil on the state’s behalf, and the compulsion extends to every transfer that crosses an intermediary boundary.
Chain-analysis firms, including Chainalysis, Elliptic, and TRM Labs, sell the complementary capability. Their products ingest the public blockchain record and cluster addresses into entities using heuristics that the firms themselves treat as trade secrets. One KYC touchpoint anywhere in a cluster’s history labels the cluster’s real-world owner, and the label propagates across the cluster’s subsequent transactions. The chain-analysis industry is the intelligence layer that converts blockchain transparency into identified enforcement targets. Chapter 20 examines the specific heuristics and their limits; the point here is that the chain-analysis layer is the enforcement infrastructure that makes the Travel Rule operational, and its existence illustrates why transparency is not a substitute for privacy in any regulated intermediary market.^12^
The Surveillance Endpoint
In their strongest surveillance-oriented forms, CBDCs are the culmination of financial surveillance. Every payment, to any party, for any amount, can be recorded and attributed; the full financial history envisioned by earlier surveillance programs moves much closer to automatic collection. Unlike post-hoc reporting, CBDC transactions are visible immediately, so intervention can occur before completion and not after detection. If CBDCs become mandatory and cash is eliminated, little or no unsurveilled economic activity remains inside the national-currency system; underground economies must develop alternative currencies entirely.
Sound money requirements from Chapter 9 therefore include censorship resistance and privacy. Money that can be surveilled and controlled fails as money in the Mengerian sense and functions instead as a mechanism of intervention.
10.6 The Adversarial Decision Cycle
State Surveillance Follows the OODA Pattern
Chapter 1 introduced John Boyd’s OODA loop: Observe, Orient, Decide, Act.^13^ Every intervention examined in this chapter follows this pattern.
Financial surveillance infrastructure exists to enable observation: CTRs report cash transactions, SARs flag suspicious activity, KYC requirements collect identity documents, third-party reporting creates transaction records. The Bank Secrecy Act and its successors are about observation. Without observation, subsequent stages cannot proceed.
Observation feeds orientation, where raw data becomes actionable intelligence through pattern correlation and suspicious-indicator evaluation, leading to target identification. KYC data becomes useful here: linking transactions to identified individuals enables the orientation that anonymous transactions would prevent. Orientation produces prioritized targets for decision, where finite resources are allocated among potential investigations. Finally, action takes the form of asset seizure, prosecution, regulatory sanction, or account closure, but action is only possible against identified targets whose behavior has been observed and selected. The entire apparatus of enforcement depends on the preceding stages.
Breaking the Loop at Observation
Privacy technology breaks this cycle at its most vulnerable point. If the state cannot observe, it cannot orient on patterns it does not see, cannot decide to investigate transactions it does not know occurred, cannot act against targets it cannot identify.
Consider the contrast between traditional banking and carefully managed Bitcoin privacy. Traditional banking provides full observation: every transaction is logged with the account holder’s identity attached and reported to authorities, and the state’s OODA loop operates smoothly from observation through action. Bitcoin transactions remain public, but privacy practices examined in Chapter 20 can reduce easy attribution and degrade the state’s observation quality. The decision cycle becomes harder to start cleanly, not magically blind.
States therefore work aggressively to restore observation. KYC requirements at exchanges attempt to link Bitcoin transactions to identities, restoring the observation that Bitcoin’s pseudonymity impairs. Travel-rule regimes attempt to extend reporting requirements to many transfers handled by regulated crypto intermediaries. Blockchain analysis firms sell orientation capabilities, pattern-matching services that attempt to deanonymize transactions. Each effort aims to restore the observation that enables subsequent stages.
Cost Asymmetry
The OODA framework reveals a fundamental cost asymmetry. Observation infrastructure is expensive: building and maintaining the financial surveillance apparatus requires substantial ongoing investment in reporting systems, analysis capabilities, storage, and personnel. Each stage of the loop consumes resources.
Privacy, by contrast, can be cheap. Generating a cryptographic key costs nothing, and using CoinJoin^23^ or Lightning Network^24^ adds minimal friction. Running transactions through privacy-preserving infrastructure imposes modest costs on the user while imposing massive costs on the adversary attempting to restore observation.
This asymmetry explains why privacy is strategic. The defender who prevents observation imposes costs far exceeding their own expenditure. The attacker who must overcome privacy protections faces costs that may exceed the value of the intelligence gained. When observation becomes expensive enough, the entire attack cycle becomes uneconomical.
CBDCs as Observation Infrastructure
Central Bank Digital Currencies attack the observation stage directly. Transactions moving through state-controlled infrastructure are visible close to the point of settlement, so the state no longer relies on compelled third-party reporting or incomplete data. By sharply narrowing the possibility of unobserved transactions, a retail CBDC would attack the most effective point at which privacy breaks the decision cycle. The response developed in Part V is to build monetary systems where observation is structurally expensive. The goal is not perfect unobservability but raising observation costs beyond what adversaries are willing to pay.^14^
Chapter Summary
Financial surveillance operates through Rothbard’s intervention typology. Autistic intervention prohibits privacy tools directly; binary intervention extracts information from individuals through subpoena, seizure, and compelled disclosure; triangular intervention, the dominant form, forces private institutions to surveil on the state’s behalf. The Bank Secrecy Act and its successors built the third mechanism into the core of the financial system, and the Misesian logic of intervention explains why the apparatus has expanded across every decade since. Central Bank Digital Currencies, in their strongest surveillance-oriented forms, narrow or remove the commercial-bank buffer between state and citizen and can combine all three intervention types into a single programmable instrument. The FATF Travel Rule and the chain-analysis industry extend the same triangular logic to virtual-asset service providers, converting blockchain transparency into identified enforcement targets by anchoring address clusters to KYC touchpoints.
Nigeria’s eNaira stayed below one percent adoption because voluntary adoption requires the CBDC to outcompete incumbents, and mobile money was already more convenient. China’s e-CNY reached every major city through regulatory pressure routing transaction flow into the system. The EU’s Digital Euro is in deliberative preparation for potential 2029 issuance, and the U.S. reversed course through Executive Order 14178 (January 2025), prohibiting federal retail CBDC development and favoring regulated dollar-backed stablecoins instead. Cross-border settlement split along the same lines: the BIS withdrew from mBridge in late 2024, leaving it as a BRICS-aligned alternative, while Project Agora, launched April 2024, carries the Western-aligned parallel. The architecture splits by political alignment, and the choice of rails determines the choice of observer.
Privacy breaks the state’s decision cycle at observation. Boyd’s OODA loop depends on it, and when privacy technology degrades observation, orientation, decision, and action all degrade behind it. The cost asymmetry favors defenders: cryptographic defense is cheap and attack is expensive. This does not make every CBDC design equally surveillance-oriented; the cash-like bearer designs sit at one end of the spectrum and the fully programmable systems at the other, and it does not make the state blind. Chapter 20 examines the specific tools and their limitations; this chapter has set the threat model, and Part V develops the technical response.
Endnotes
^1^ Franz Oppenheimer, The State, trans. John M. Gitterman (Indianapolis: Bobbs-Merrill, 1914), 15.
^2^ Murray N. Rothbard, Power and Market: Government and the Economy, 4th ed. (Auburn, AL: Ludwig von Mises Institute, 2006), chapters 1-2.
^3^ The Axiom of Resistance is Eric Voskuil’s formulation; see Chapter 5, note 1, for the primary citation.
^4^ For the evolution of BSA reporting requirements, see U.S. Department of the Treasury, Financial Crimes Enforcement Network, “History of Anti-Money Laundering Laws,” available at https://www.fincen.gov/history-anti-money-laundering-laws.
^5^ Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System” (2008), https://bitcoin.org/bitcoin.pdf; reference implementation at Bitcoin Core, https://bitcoincore.org/.
^6^ Rothbard analyzes intervention cascade effects in Power and Market, chapter 3; see also Man, Economy, and State, Scholar’s Edition (Auburn, AL: Ludwig von Mises Institute, 2009), chapter 13. Mises’s underlying treatment is in Human Action: A Treatise on Economics, Scholar’s Edition (Auburn, AL: Ludwig von Mises Institute, 1998 [1949]), Part Six, especially chapter 30 (“Interference with the Structure of Prices”); and Interventionism: An Economic Analysis, ed. Bettina Bien Greaves (Indianapolis: Liberty Fund, 2011 [1940]). The argument that each intervention invites the next, with middle-of-the-road policies producing either a slide into socialism or retreat toward the free market, is the central structural claim of both Mises works.
^7^ For economic analysis of CBDCs, see Jörg Guido Hülsmann, The Ethics of Money Production (Auburn, AL: Ludwig von Mises Institute, 2008). For technical analysis, see Agustín Carstens (General Manager, BIS), “Digital Currencies and the Future of the Monetary System,” speech at the Hoover Institution, January 2021.
^8^ Sveriges Riksbank, Payments Report 2023, https://www.riksbank.se/, documents the long-run decline of cash in Sweden across the 2010s and into the early 2020s; the share of payments made in cash at point of sale fell from roughly 39 percent in 2010 to roughly 9 percent by the end of the decade.
^9^ Human Rights Foundation, “CBDC Tracker,” available at https://cbdctracker.hrf.org. The tracker monitors CBDC development globally with particular attention to civil liberties implications. Launched in 2023, it is the first monitoring effort focused specifically on the human rights impact of central bank digital currencies. The Foundation notes that dictatorships are leading CBDC deployment, with nearly half the world’s population living under autocracies actively developing these systems.
^10^ The 2021–2025 retail CBDC rollout record divides into a negative case (Nigeria), a positive case (China), a democratic-deliberation case (EU), and a reversal case (U.S. Executive Order 14178 in January 2025 prohibiting federal retail CBDC development). Central Bank of Nigeria eNaira, https://enaira.gov.ng/. People’s Bank of China digital yuan (e-CNY), overview at http://www.pbc.gov.cn/en/3688006/3688253/4157443/index.html and test-app information at https://money.163.com/special/ecny/. European Central Bank Digital Euro project, https://www.ecb.europa.eu/paym/digital_euro/html/index.en.html. U.S. Executive Order 14178, “Strengthening American Leadership in Digital Financial Technology,” 90 Fed. Reg. 8647 (January 23, 2025), https://www.federalregister.gov/documents/2025/01/31/2025-02123/strengthening-american-leadership-in-digital-financial-technology. Cross-jurisdictional tracker at Atlantic Council, “Central Bank Digital Currency Tracker,” https://www.atlanticcouncil.org/cbdctracker/, and Human Rights Foundation, https://cbdctracker.hrf.org/.
^11^ The BIS withdrew from mBridge in late 2024, and mBridge now runs as a BRICS-aligned cross-border settlement alternative; Project Agora, launched April 2024, is the BIS’s parallel effort with Western-aligned central banks; the two projects split cross-border settlement rails along the same lines the surveillance architecture has split. BIS mBridge project page, https://www.bis.org/about/bisih/topics/cbdc/mcbdc_bridge.htm. BIS announcement of withdrawal, October 31, 2024, https://www.bis.org/press/p241031.htm. BIS Project Agora page, https://www.bis.org/about/bisih/topics/fmis/agora.htm, with April 2024 launch announcement at https://www.bis.org/press/p240403.htm. Independent analysis of the geopolitical context in Atlantic Council and CSIS commentary, accessible at https://www.atlanticcouncil.org/ and https://www.csis.org/.
^12^ The FATF Travel Rule (Recommendation 16, extended to virtual-asset service providers in 2019) requires regulated crypto intermediaries to transmit originator and beneficiary information across transfers; Chainalysis, Elliptic, and TRM Labs are the chain-analysis firms that convert blockchain transparency into identified enforcement targets. FATF Recommendation 16 (Travel Rule), “Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers” (October 2021), https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html. Chainalysis, https://www.chainalysis.com/. Elliptic, https://www.elliptic.co/. TRM Labs, https://www.trmlabs.com/. On Travel Rule implementation across jurisdictions, see the FATF mutual-evaluation reports at https://www.fatf-gafi.org/en/publications/Mutualevaluations.html. Critical analysis of chain-analysis heuristics in Sergio Demian Lerner and others’ blog posts at https://bitslog.com/ and Coinbase’s public analyses of chain-analysis methodology.
^13^ For Boyd’s primary OODA-loop formulation, see Chapter 1, note 4.
^14^ Further reading on CBDCs and financial surveillance: see note 25 below.
^15^ U.S. export controls on cryptographic software were codified in the Export Administration Regulations (EAR) under the International Traffic in Arms Regulations (ITAR) and later EAR Category 5, Part 2 (Information Security), treating strong encryption as a munition requiring State Department export license through 1996. The Clinton administration’s relaxation followed litigation in Bernstein v. United States Department of Justice, 922 F. Supp. 1426 (N.D. Cal. 1996), in which Judge Marilyn Patel held that source code constitutes protected speech under the First Amendment. Export Administration Regulations, 15 C.F.R. Parts 730–774. On the Clipper Chip and key-escrow proposals (1993–1996), see Steven Levy, Crypto: How the Code Rebels Beat the Government - Saving Privacy in the Digital Age (New York: Viking, 2001), chapters 10–13. Countries retaining encryption restrictions or mandatory key escrow include Russia (FSB registration requirements under SORM) and China (commercial encryption licensing under the Cryptography Law of 2020).
^16^ “Coinjoining” refers to the CoinJoin protocol, a privacy technique for Bitcoin transactions. For the original technical proposal, see Gregory Maxwell, “CoinJoin: Bitcoin Privacy for the Real World,” BitcoinTalk forum post (August 22, 2013), https://bitcointalk.org/index.php?topic=279249.0. For the regulatory context around coinjoining services, see FinCEN guidance on mixing services and the prosecutions of Tornado Cash and Samourai Wallet developers discussed in Chapter 13.
^17^ Civil asset forfeiture in U.S. federal law proceeds under 18 U.S.C. § 981 (civil forfeiture) and 21 U.S.C. § 881 (drug-related forfeiture), with state equivalents across all fifty states. The constitutional standard requires only probable cause that the property is connected to crime; the owner bears the burden of proving innocent ownership. Leading cases include United States v. $8,850 in United States Currency, 461 U.S. 555 (1983), and Bennis v. Michigan, 516 U.S. 442 (1996). For systematic documentation of abuses, see the Institute for Justice, Policing for Profit: The Abuse of Civil Asset Forfeiture, 3rd ed. (2020), https://ij.org/report/policing-for-profit/. In 2019 Congress required that federal agencies report forfeiture proceeds to FinCEN, creating the data trail that documents scale; for the fiscal data, see U.S. Department of Justice, Annual Asset Forfeiture Report, https://www.justice.gov/afp/annual-reports.
^18^ The third-party doctrine holds that information voluntarily shared with a third party loses Fourth Amendment protection. The foundational cases are United States v. Miller, 425 U.S. 435 (1976) (bank records) and Smith v. Maryland, 442 U.S. 735 (1979) (phone numbers dialed). The Supreme Court partially limited the doctrine in Carpenter v. United States, 585 U.S. 296 (2018), holding that cell-site location information collected over seven days requires a warrant, but the core doctrine remains intact for financial records. On the tension between the doctrine and digital-era surveillance, see Paul Ohm, “The Fourth Amendment in a World Without Privacy,” Mississippi Law Journal 81 (2012): 1309; and Orin S. Kerr, “The Case for the Third-Party Doctrine,” Michigan Law Review 107 (2009): 561.
^19^ On the currency monopoly, seigniorage, and the praxeological analysis of the Federal Reserve’s exclusive money-creation privilege, see Murray N. Rothbard, The Mystery of Banking, 2nd ed. (Auburn, AL: Ludwig von Mises Institute, 2008 [1983]), https://mises.org/library/mystery-banking, especially chapters 1–4 on money and banking and chapters 10–14 on central banking. For Mises’s treatment of the relationship between monopoly currency issuance and inflation as a form of taxation, see Human Action, Scholar’s Edition (Auburn, AL: Ludwig von Mises Institute, 1998 [1949]), chapter 17 (“Indirect Exchange”), sections 8–12. For the legal structure of the Federal Reserve’s issuance authority, see Federal Reserve Act of 1913, 12 U.S.C. § 411 (issuance of Federal Reserve notes as legal tender).
^20^ Money Laundering Control Act of 1986, Pub. L. 99-570, 100 Stat. 3207 (1986), codified at 18 U.S.C. §§ 1956–1957. The Act created the first federal money-laundering offense as a standalone crime (not merely a predicate of drug trafficking) and required financial institutions to file Suspicious Activity Reports. It was the first major legislative extension of the Bank Secrecy Act framework.
^21^ Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act) of 2001, Pub. L. 107-56, 115 Stat. 272 (2001). Title III (“International Money Laundering Abatement and Anti-Terrorist Financing Act”) extended BSA obligations to money-service businesses, broker-dealers, and other non-bank financial institutions, closing regulatory gaps that had allowed alternative remittance channels to operate outside the reporting regime. For FinCEN’s implementing regulations, see 31 C.F.R. Part 1022 (money-service businesses).
^22^ FinCEN Customer Due Diligence Requirements for Financial Institutions, 81 Fed. Reg. 29398 (May 11, 2016), codified at 31 C.F.R. § 1010.230. The rule added a fifth pillar to the BSA/AML framework: covered financial institutions must identify and verify the beneficial owners of legal-entity customers (natural persons owning 25% or more of equity, plus one control-person nominee), closing the shell-company gap the prior regime left open. Amended by the Corporate Transparency Act of 2021, Pub. L. 117-54, which moved beneficial-ownership reporting to FinCEN’s own registry rather than relying solely on bank-level collection.
^23^ CoinJoin is the primary Bitcoin privacy technique combining multiple users’ inputs and outputs into a single transaction, making it harder to trace individual payment flows. For the original protocol description, see Gregory Maxwell, “CoinJoin: Bitcoin Privacy for the Real World,” BitcoinTalk (August 2013), https://bitcointalk.org/index.php?topic=279249.0. Major implementations include Wasabi Wallet (WabiSabi protocol, https://wasabiwallet.io/) and JoinMarket (https://github.com/JoinMarket-Org/joinmarket-clientserver). For analysis of CoinJoin’s privacy guarantees and limitations, see Adam Ficsor (nopara73) et al., “WabiSabi: Centrally Coordinated CoinJoins with Variable Amounts,” Financial Cryptography and Data Security 2022; and Malte Möser et al., “An Empirical Analysis of Traceability in the Monero Blockchain,” Proceedings on Privacy Enhancing Technologies 3 (2018), which contextualizes CoinJoin by comparison.
^24^ The Lightning Network is a second-layer payment protocol for Bitcoin enabling fast, low-cost payments through off-chain payment channels that settle on the base layer. The original specification is Joseph Poon and Thaddeus Dryja, “The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments” (January 14, 2016), https://lightning.network/lightning-network-paper.pdf. The protocol is specified in the BOLT (Basis of Lightning Technology) standards at https://github.com/lightning/bolts. For privacy properties and limitations, see Rene Pickhardt and Mariusz Nowostawski, “Imbalance Measure and Risk-Minimization for Lightning Network Payment Channel Rebalancing,” and George Kappos et al., “An Empirical Analysis of Privacy in the Lightning Network,” Financial Cryptography and Data Security (2021), which analyzes probing attacks and routing-graph deanonymization.
^25^ Further reading on CBDCs and financial surveillance. For the specific CBDC design space, the Bank for International Settlements’ working papers are the broadest official source: Raphael Auer, Giulio Cornelli, and Jon Frost, “Rise of the Central Bank Digital Currencies: Drivers, Approaches and Technologies,” BIS Working Paper No. 880 (2020), https://www.bis.org/publ/work880.pdf; Codruta Boar and Andreas Wehrli, “Ready, Steady, Go? Results of the Third BIS Survey on Central Bank Digital Currency,” BIS Papers No. 114 (2021); and the annually updated CBDC surveys cited in the preface. On the political economy, Eswar S. Prasad, The Future of Money: How the Digital Revolution Is Transforming Currencies and Finance (Harvard University Press, 2021), is the balanced academic treatment; Christopher Leonard, The Lords of Easy Money: How the Federal Reserve Broke the American Economy (Simon & Schuster, 2022), supplies the institutional context. For the civil-liberties case against retail CBDCs, Nicholas Anthony and Norbert Michel, “Central Bank Digital Currency: Assessing the Risks and Dispelling the Myths,” Cato Institute Policy Analysis No. 941 (2023), https://www.cato.org/policy-analysis/central-bank-digital-currency; and Human Rights Foundation, “The Case Against Central Bank Digital Currencies,” at https://hrf.org. On China’s digital yuan (e-CNY) as the leading deployed example, Eswar Prasad’s work again; for the EU’s digital-euro trajectory, see ECB publications at https://www.ecb.europa.eu/paym/digital_euro/html/index.en.html. For the broader financial-surveillance literature: Nicholas Anthony, The Infrastructure of Control: A Global Look at the Dangers of CBDCs (Cato, 2024); Allen J. Dickerson and Lloyd M. Pierson, “Central Bank Digital Currencies: Privacy Implications,” Journal of Law and Liberty (2022). On the underlying legibility problem the state solves through monetary surveillance, James C. Scott’s Seeing Like a State (Yale, 1998), already cited in Chapter 1, is the historical frame; Rainer Böhme et al., “Bitcoin: Economics, Technology, and Governance,” Journal of Economic Perspectives 29, no. 2 (2015): 213–238, is the reference cryptocurrency-vs-state treatment. On the regulatory machinery specifically, Todd Zywicki and Max Raskin, “CBDCs in the United States: A Constitutional Analysis” (2024), addresses the separation-of-powers concerns that U.S. retail CBDC deployment would raise.
<- Previous: Money and Privacy |
-> Next: Corporate Surveillance and Data Extraction |The Praxeology of Privacy – third edition. New chapters publish daily at 1600 UTC.
More from The Praxeology of Privacy
Write a comment