Digital assets vary. They can be a virtual currency that has no analog in the real world, and exists only on the blockchain used as a substitute for money. For this reason, virtual currencies are generally considered to be secure and offering a high degree of privacy. A recent decision from a US federal court of appeals, however, may cast a different light on this generally held view.

USA v. Gratkowski

 In United States v. Gratkowski, 1 the Fifth Circuit Court of Appeals held that a defendant in a child pornography prosecution did not enjoy Fourth Amendment protection against unreasonable searches in records held by Coinbase, his cryptocurrency exchange. Instead, both the nature of the information, and the voluntariness of the exposure of that information, weighed heavily in favor of ruling that he did not have reasonable privacy interest in the information held by Coinbase, thus only requiring a subpoena for the government to gain access to his information.

The key finding in this case is the legal standard of protection afforded to customer account information held by crytocurrency exchanges like Coinbase: “reasonable expectation of privacy” requiring a warrant under the Fourth Amendment versus the “third party doctrine” requiring only a subpoena.

Where a court determines that an individual has a “reasonable expectation of privacy,” then that individual is entitled to the protections against unreasonable searches by the government afforded under the Fourth Amendment. This is a high standard of protection. By contrast, if a court determines that an individual cannot claim to have a reasonable expectation of privacy because he or she “voluntarily” disclosed information
to a third party, then those records are subject to a lower standard, and subject to disclosure via a subpoena similar to bank record.

Defendant here did not have a reasonable expectation of privacy in Coinbase records that documented his cryptocurrency transactions because those records were limited, and provided only information about his virtual currency transactions. Also, transacting Bitcoin through Coinbase required an affirmative act on part of the user, and users had the option to transact without a third-party intermediary. Accordingly, the appellate
court found that cryptocurrency exchanges are subject to the Bank Secrecy Act of 1970, the statutory authority requiring financial institutions to turn over financial records.

Comparing this case against a recent Supreme Court opinion in Carpenter v. United States, 2 the Fifth Circuit distinguished information held by cryptocurrency exchanges from cell-site location information center to the Court’s opinion, since those contain an all-encompassing record of the holder’s whereabouts, and intimate revelation about his or her familial, political, professional, religious, and sexual associations. Here, the Fifth
Circuit reasoned that no one considered Bitcoins to be as central to someone’s daily life like a mobile phone.

Important Takeaways

So what does this ruling mean for companies in the marketplace? Consider the following.

  • Regulators are watching. As a result of this ruling, it is more likely that law enforcement authorities—civil and criminal—will be seeking more information from Bitcoin exchanges via subpoenas. Companies or insurers making payments to ransomware attackers or others may, in turn, come under greater scrutiny for those activities.
  • A push for technical or legislative solutions. Cryptocurrency exchanges will likely publish less information and seek enhanced privacy protections via technical and legislative solutions. More to come on that, to be sure.
  • Buyer beware. Cryptocurrencies remain a novel and viable form of alternate payment, but it may not be as “private” as previously thought. Before transacting in cryptocurrencies, carefully discuss the risks with counsel, and understand what expectations of privacy can be expected under the current rule of law.
  • Private causes of action? In the wake of the California Consumer Privacy Act, private litigants are watching, too. And under the less restrictive “third party doctrine” applied by the Fifth Circuit, civil litigants may now gain access to information held by cryptocurrency exchanges, too.

If you have any questions about these developments or any other privacy law, please do not hesitate to reach out to Brian Hengesbaugh, Brian Whisler, and Harry Valetk.

Author

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He is Chair of Baker McKenzie's Global Data Privacy and Security group.

Author

Harry is a partner based in New York. He advises global organizations on privacy and data security compliance requirements. His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions.

Author

Brian Whisler is the immediate past Chair of the DC Litigation and Government Enforcement Practice Group and a member of the Compliance and Investigations, Dispute Resolution and Global Health Care and Life Sciences Practice Groups.

Write A Comment