FinCEN's Crypto Surveillance Rule Violates the US Constitution

In the late afternoon on the Friday before Christmas, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) proposed a regulation introducing data collection and reporting requirements for cryptocurrency. FinCEN gave the public only 15 days to comment, over the holidays, instead of the usual 60 days. This was a clear attempt to push through a midnight regulation without giving the public time to respond, and it backfired. Despite the short timeline, roughly 7,500 people and entities submitted comments decrying the proposal, the most FinCEN has received on any proposed rulemaking. The comments on this proposal constitute nearly 70% of all comments FinCEN has received on all rule-makings since 2008 combined.

Marta Belcher, a cryptocurrency and civil liberties attorney, is special counsel to the Electronic Frontier Foundation, general counsel to Protocol Labs and an attorney at Ropes & Gray. She is also Board Chair of the Filecoin Foundation and the Filecoin Foundation for the Decentralized Web. Her views are her own.

So many people spoke up about this proposed regulation because it is a blatant violation of civil liberties. The proposal would require certain businesses like cryptocurrency exchanges to collect identity data not just about their own customers but also about non-customers who transact with their customers, and to keep that data and hand it over to the federal government when the transactions exceed a certain amount. This would give the government access to troves of sensitive financial data, going well beyond FinCEN’s requirements for non-cryptocurrency transactions.

In addition, the regulation would give the government far more data than what the regulation itself even contemplates. The proposed regulation would give the government the identities associated with cryptocurrency wallet addresses. Because of the nature of public blockchains, that means the government would know the identity associated with all transactions for those wallet addresses, even when the amounts of those transactions are far below the reporting threshold.

In the Electronic Frontier Foundation’s comment on FinCEN’s proposal, Rainey Reitman, Danny O’Brien, Aaron Mackey and I argue that the proposed regulation violates the Fourth Amendment of the U.S. Constitution.

See also: JP Koning - FinCEN’s Crypto Rules Aren’t as Unfair as Jack Dorsey Says

The Fourth Amendment requires that law enforcement obtain a warrant supported by probable cause before conducting a search or seizure. So why is it that, in the traditional financial system, law enforcement can engage in mass surveillance of bank customers without a warrant? The answer is the third-party doctrine – the idea that people do not have a reasonable expectation of privacy in the data that they share with a third party like a bank. In 1976, the U.S. Supreme Court held in U.S. v. Miller that the Bank Secrecy Act (as it was implemented at the time) did not violate the Fourth Amendment because of this third-party doctrine.

But I believe the Court would come to a different decision if faced with FinCEN’s proposed regulation – or, indeed, the mass surveillance that we have come to accept as normal in today’s banking system. Even in the 1970s, the Supreme Court justice who authored Miller wrote in another case that “financial transactions can reveal much about a person's activities, associations and beliefs. At some point, governmental intrusion upon these areas would implicate legitimate expectations of privacy.” Since Miller, the government has greatly expanded the Bank Secrecy Act’s reach – and the 1976 decision was an as-applied challenge of the law as it was implemented at the time. FinCEN’s proposed regulation goes even beyond FinCEN’s other activities in non-cryptocurrency contexts.

More important, in the decades since Miller, the Supreme Court has issued strong pro-privacy opinions in multiple cases, chipping away at the third-party doctrine in the context of the digital world. For example, it held in Carpenter v. U.S. that law enforcement must have a warrant to obtain location information from a cell phone company. The information that could be gleaned from bank data in the 1970s is a world away from the detailed picture of a person’s life that can be painted with access to digital financial transactions today.

Our financial transactions provide an intimate window into our lives – what organizations we donate to, what books and products we buy, who we support and even where we go. Recent images from the Hong Kong protests show pro-democracy protesters waiting in long lines at subway stations to purchase tickets with cash so their electronic purchases would not place them at the scene of the protest. These photos underscore the importance of financial privacy, and why we must protect our Fourth Amendment rights in the context of financial transactions.