Daniel S. Alter is a Shareholder in the New York, NY office of Murphy & McGonigle P.C. and is the WLF Legal Pulse’s Featured Expert Contributor, Legal & Regulatory Challenges for Digital Assets.

According to the United States Court of Appeals for the Fifth Circuit, law enforcement officials do not need a search warrant to get account records from a cryptocurrency exchange.  This past June, in U.S. v. Gratkowski, 2020 WL 3530575 (5th Cir. June 20, 2020), the court ruled that crypto exchange account holders do not have a constitutionally cognizable privacy interest in their records and therefore do not enjoy the search and seizure protections ensured by the Fourth Amendment.  The rationale for the court’s decision both is ironic and raises more questions than it answers.  It is certainly out of step with the Supreme Court’s developing approach to the intersection of Fourth Amendment challenges and rapidly evolving technology.

The defendant in Gratkowski was convicted of possessing child pornography, which he had bought online using bitcoin.  During their investigation, federal authorities used a grand jury subpoena to get Gratkowski’s account records from Coinbase, a leading cryptocurrency exchange.  Those records disclosed that Gratkowski had sent bitcoin to an address associated with a child pornography website.  Based upon that information, the authorities were subsequently able to get a judicial warrant to search Gratkowski’s home and to seize his computer containing the banned pornography.

Gratkowski moved in the district court to suppress the incriminating evidence arguing, in part, that the criminal investigators needed a search warrant to access his Coinbase account, not just a subpoena.  Gratkowski claimed that, under Fourth Amendment principles, he had a reasonable expectation that his Coinbase account would remain private.  The district court rejected that claim and denied his suppression motion.

On appeal, Gratkowski renewed his Fourth Amendment claim.  The Fifth Circuit rejected it too.  In finding no Fourth Amendment violation, the court of appeals relied primarily on U.S. v. Miller, 425 U.S. 435 (1976), in which the Supreme Court held that bank account holders do not have a reasonable expectation of privacy in their bank records.  The majority in Miller reasoned that: first, account records are “business records of the bank,” not property of the depositor, 425 U.S. at 440; and second, that such documents “are not confidential communications but negotiable instruments to be used in commercial transactions” and thus “contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business,” id. at 442.

The Fifth Circuit concluded that crypto exchange records are “akin to bank records” and are thus governed by Miller. Gratkowski, 2020 WL 3530575, at *4.  Indeed, as the court saw it, the “main difference between Coinbase and traditional banks . . . is that Coinbase deals with virtual currency while traditional banks deal with physical currency.”  Id.

At this point in reading the decision, a true crypto enthusiast will likely get up and scream.

But the Gratkowski opinion goes on.  To bolster its determination, the court further observed that “Bitcoin users have the option to maintain a high level of privacy by transacting without a third-party intermediary.” 2020 WL 3530575, at *4. The Fifth Circuit surmised, though, that “Bitcoin users may elect to sacrifice some privacy by transacting through an intermediary” because transacting without an intermediary “requires technical expertise.”   Id. (emphasis added).

By now, the crypto enthusiast has probably gone from a scream to a howl.

Gratkowski is a reflexive application of the “third-party doctrine,” a principle of Fourth Amendment law under which “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”  Carpenter v. U.S., 138 S. Ct. 2206, 2216 (2018).  But the Supreme Court has recently warned against “mechanically applying the third-party doctrine,” especially considering “the seismic shifts in digital technology.”  Id. at 2219.  

Thus, in cases dealing with advanced technology, the present mode of analysis is much more nuanced.  “When an individual seeks to preserve something as private, and his expectation of privacy is one that society is prepared to recognize as reasonable, . . . official intrusion into that private sphere generally qualifies as a search and requires a warrant supported by probable cause.”  Carpenter, 138 U.S. S. Ct. at 2213 (internal quotation marks omitted).  Lower courts should calibrate this test keeping in mind that at least five present justices well understand that “technological advances” are “shaping the evolution of societal privacy expectations.”  U.S. v. Jones, 565 U.S. 400, 415 (2012) (Sotomayor, J., concurring); see also id. at 427 (Alito, J., concurring in the judgment).

Justice Sotomayor has even gone so far as to suggest that it “may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed.”  Jones, 565 U.S. at 417 (Sotomayor, J., concurring).  In her view, the third-party doctrine is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”  Id. at 417 (Sotomayor, J., concurring).

But without going that far, many would still strongly disagree with the Fifth Circuit’s assertion that crypto exchange transactions are “akin” to those of ordinary banks.  Objectively speaking, they differ in many ways.

To start, the very use of cryptocurrency—which is the practical offspring of advanced digital cryptography—is often motivated by the users’ efforts to remain anonymous.  In other words, at the core of many cryptocurrency transactions is an additional effort “to preserve something as private.” Carpenter, 138 U.S. S. Ct. at 2213.  The same can’t be said for ordinary banking transactions.  But whether an expectation of privacy through cryptography is reasonable in light of a technologically fluid culture remains an open legal question of immense importance.

The Fifth Circuit’s attempt to answer the matter is not very persuasive.  For example, the court’s observation that both crypto exchanges and banks “are subject to the Bank Secrecy Act,” and therefore must “keep records of customer identities and currency transactions,” is largely beside the point.  Gratkowski, 2020 WL 3530575, at *4.  Although the Bank Secrecy Act maintains a reservoir of data for criminal investigations, the statute cannot displace Fourth Amendment protections against unreasonable searches and seizures.  In appropriate cases, the government may still need a search warrant to access Bank Secrecy Act material.

Carpenter illustrates the point clearly.  There, the Supreme Court ruled that a court order under the Stored Communications Act directing a mobile phone company to provide an individual’s cell-site phone data to police “was not a permissible mechanism for accessing historical cell-site records.”  138 S. Ct. at 2221.  Because the statutory showing required for authorities to get such an order “falls well short of the probable cause required for a warrant,” the Court instructed, “the Government’s obligation is a familiar one – get a warrant.”  Id.

More fundamentally, though, and from a privacy perspective, crypto exchange records and ordinary bank records are actually quite different.  Crypto exchange records usually show only an account holder’s virtual currency deposits from, and transfers to, numerically identified accounts at other exchanges or locations on the blockchain.  They do not identify the transacting parties or the purpose of the transaction as does “information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.”  Miller, 425 U.S. at 442.

And finally, the Fifth Circuit arguably drew the wrong conclusion from the fact that bitcoin users could achieve even greater confidentiality “by transacting without third-party intermediaries.” Gratkowski, 2020 WL 3530575, at *4.  The court interpreted a party’s decision to transact in virtual currency through a crypto exchange as an election “to sacrifice some privacy.” Id.  There is another, equally valid interpretation of such conduct, however—a view that sees the glass more full than empty.  By using a crypto exchange in place of a bank, an individual clearly demonstrates a desire to increase his or her transactional privacy.

Gratkowski tries only half-heartedly to address what Justice Sotomayor has described as “difficult questions” concerning digital technology and Fourth Amendment jurisprudence.  Jones, 565 U.S. at 418 (Sotomayor, J., concurring).  Consider also that constitutional adjudication may not be the most effective way to deal with privacy issues generated by scientific innovation.  As Justice Alito has astutely observed, in “circumstances involving dramatic technological change, the best solution to privacy concerns may be legislative.”  Jones, 565 U.S. at 429 (Alito, J., concurring in the judgment).  Legislatures, he recommends, are “well situated to gauge changing public attitudes, to draw detailed lines, and to balance privacy and public safety in a comprehensive way.”  Id. at 429-30 (Alito, J., concurring in the judgment).

Whatever the approach, judicial or legislative, the level of privacy associated with cryptocurrency transactions certainly merits deeper consideration.  The cryptographic technology underlying virtual currencies is by no means limited to financial applications.  And with its expansion into other digital infrastructures, this technology could someday soon offer “an intimate window into a person’s life, revealing . . . his familial, political, professional, religious, and sexual associations.”  Carpenter, 138 S. Ct. at 2217 (internal quotation marks omitted).  It therefore bears remembering that, in law, superficial analogies to the past can take you only just so far in governing the future.