Are CBDCs Surveillance Money?
๐ 10 min read
Quick Answer
Few money topics generate more heat than this one. To critics, a CBDC is the end of financial privacy, programmable money that can be switched off, geofenced, or set to expire if you displease the state. To defenders, that is paranoid: CBDCs are just efficient digital cash with privacy safeguards. The honest answer lives between the slogans. The surveillance and control powers are real and built into the technology; whether they are used depends on law, governance and politics. Pretending otherwise in either direction is how people get this wrong.
๐ก A loaded tool, not a loaded gun
A CBDC is like installing a master switch in every electrical outlet in a country. By itself the switch does nothing sinister, it can be left permanently on, and might only ever turn off a faulty circuit. But the capability now exists, centrally, to cut power to a person, a place or a purpose. The danger is not that the switch is evil; it is that the capability is created, and capabilities tend to get used once they exist. Judging a CBDC means judging both the switch and the hands that hold it.
What the technology genuinely enables
These powers are not speculation, they are documented design features. A retail CBDC can be identity-linked, giving the issuer a potential view of payments. It can be programmable: money with expiry dates (tested in China to spur spending), funds restricted to certain goods or regions, and the ability to freeze or claw back balances directly. None of this requires new invention; it is what putting money on a central, rule-bearing ledger makes possible. So the first honest point is simple: yes, the surveillance and control capabilities are real.
What is overblown
Now the other side. Most everyday digital payments are already surveilled, your bank and card network see everything, so a CBDC is not the birth of financial tracking. Many designs include genuine privacy tiers for small payments. No major economy has switched off a citizen's money by CBDC, and several Western central banks have publicly committed to privacy protections and against programmable retail restrictions precisely because of public backlash. And a clumsy, surveillance-heavy CBDC tends to fail in the market, as China's low adoption shows. Apocalyptic certainty is as wrong as naive dismissal.
Why the safeguards matter more than the code
The decisive variable is not whether a CBDC can surveil, it can, but what the law forbids. A CBDC with strong, enforceable privacy guarantees, hard limits on programmability, and independent oversight is a very different thing from one designed to maximise state control. The same technology serves both. This is why the fight worth having is political and legal: demand that any retail CBDC come with cash-like privacy floors, prohibitions on expiry and behavioural restrictions for ordinary money, and real accountability, before it ships, not after.
The trust problem
A CBDC asks citizens to trust that powerful capabilities will not be misused. In a high-trust society with strong institutions and an independent press, that may be a reasonable bet. In an authoritarian system, or one with a track record of financial coercion, it plainly is not, and people there have rational reason to keep an exit. This is the uncomfortable truth: the same CBDC is acceptable or dangerous depending on the government holding it. The technology is neutral; the regime is not.
The honest bottom line
A CBDC is not automatically a surveillance dystopia, and it is not just harmless digital cash. It is a tool that hands the issuer real powers of observation and control, powers that are benign or dangerous depending entirely on the rules and the regime around them. The rational response is neither panic nor complacency: engage on the safeguards, insist on privacy and programmability limits in law, and keep a non-state option, like self-custodied Bitcoin, available as an exit. Freedom is preserved by having a choice, not by trusting that the switch will never be flipped.
๐ Key takeaway
CBDCs genuinely enable surveillance and control, identity-linked payments, programmable expiry and spending restrictions, and direct freezing are documented design features, not fantasies. But the dystopian certainty is overblown: card payments are already tracked, many designs include privacy tiers, and surveillance-heavy CBDCs tend to fail (see China's low adoption). The decisive factor is law and regime, not code: the same CBDC is acceptable under strong privacy safeguards and dangerous under an authoritarian state. Demand legal limits, and keep a non-state exit.
What it means for you
Asia spans the full spectrum, from authoritarian systems building surveillance-capable CBDCs to democracies weighing privacy safeguards, so the "are CBDCs surveillance money" question is being answered differently across the region in real time. For Asian readers the stakes are immediate and concrete, making an honest, non-hysterical understanding, and an available exit, genuinely protective.
Frequently asked questions
Can a CBDC be programmed to expire or block purchases?โผ
Yes, these are documented design features. China has tested digital yuan with expiry dates to encourage spending, and funds can be restricted to specific purposes. The capability is real; whether it is applied to ordinary money depends on law and policy. Several Western central banks have said they will not impose such restrictions on retail CBDCs, partly due to public pushback.
Are CBDCs more invasive than my bank or credit card?โผ
Not necessarily more than what already exists, your bank and card network already see your transactions. The concern is structural: a CBDC can centralize that view and add direct control (freezing, expiry, restrictions) at the issuer level and potentially at scale, rather than spread across many private institutions. The risk is concentration of power, not the birth of tracking.
How can I protect financial privacy if a CBDC launches?โผ
Keep options open: use cash where it survives, understand the privacy tier of any CBDC you must use, and hold some value in a non-state, self-custodied asset like Bitcoin as an exit. Politically, the highest-leverage move is demanding enforceable privacy floors and programmability limits in law before a retail CBDC ships.
Keep reading
Related topics across the hub
๐ Sources & further reading
Authoritative references and primary sources used in this guide.