Financial records contain a trove of sensitive information about people’s personal lives, beliefs, and affiliations—which is why law enforcement should be required to get a warrant in order to obtain financial transaction data. Courts and lawmakers have gotten this wrong in the context of traditional banks—and a June 30 ruling by a federal appeals court applied this outdated thinking to cryptocurrency. This is particularly concerning because one of the most important aspects of cryptocurrency is that it imports the privacy protections of cash into the digital world.
In U.S. v. Gratowski, the U.S. Court of Appeals for the Fifth Circuit ruled that law enforcement does not need to get a warrant in order to obtain financial transaction data from cryptocurrency exchanges. In deciding that Gratowski lacked a reasonable expectation of privacy in records of his cryptocurrency transactions, the court relied on the third-party doctrine. Under that doctrine, when people use services like banks, they lose their reasonable expectation of privacy in the information that they voluntarily turn over to a third party. This means that, instead of getting a warrant, law enforcement can use subpoenas—which do not require probable cause or prior approval by a judge—to obtain people’s data from those third parties.
This doctrine, and the court’s reliance on it in Gratowski, is wrong. Users should not lose their reasonable expectation of privacy in their data just because it is stored by a third party. In today’s digital world, it is almost impossible to navigate daily life without using essential services like email that give third parties access to sensitive information. With cryptocurrency transactions, people’s expectations of privacy are arguably even stronger, given that the technology allows for anonymous transactions online.
The defendant in the case, Gratkowski, was accused of accessing a child pornography website. Federal agents found him by analyzing transactions on the Bitcoin blockchain and asking a cryptocurrency exchange for information about his identity and cryptocurrency transactions. The defendant challenged the legality of obtaining this information without a warrant.
The Bitcoin blockchain is a distributed ledger that publicly and permanently records all Bitcoin transactions. For each Bitcoin transfer, the information that is publicly displayed includes the Bitcoin address of the sender and the receiver—an alphanumeric string akin to a username, which a user can use once or for multiple transactions. Bitcoin addresses are pseudonymous. While the information recorded on the Bitcoin blockchain ledger might be that address “123…” transferred 1 bitcoin to address “456…,” if someone independently knows that Jane Smith controls address 456, they will know that in fact the user who controls address 123 transferred 1 bitcoin to Jane Smith.
In today’s digital world, it is almost impossible to navigate daily life…