Bitcoin and the Fourth Amendment
By Ravi Nayyar
A June 2020 ruling by the Fifth Circuit of the US Court of Appeals (‘Court’) comprises an interesting analysis of how the ‘third-party doctrine’, an exception to the operation of the Fourth Amendment of the US Constitution, applies to transaction records on the Bitcoin blockchain and those held by a virtual asset exchange.
What Was the Defendant’s Claim?
The defendant appealed the US District Court for the Western District of Texas’s (‘District Court’) rejection of his motion to suppress evidence collected by US Government (‘Government’) agents through a search warrant for the defendant’s house. The evidence was used by the Government to support charges against the defendant of receiving child pornography and accessing websites with intent to view child pornography.
The motion rested on an argument that the agents’ conduct of Bitcoin blockchain forensics and the grand jury subpoena which they served on Coinbase (based on the fruits of said forensics) — both crucial to the agents’ obtaining of the search warrant for the defendant’s house — violated the Fourth Amendment.
What is Protected by the Fourth Amendment?
The Fourth Amendment protects an individual from ‘unreasonable searches’ by the Government if that individual had a ‘reasonable expectation of privacy’ in the things being searched: United States v. Jones, 565 U.S. 400, 406 (2012).
An exception to this principle is the third-party doctrine, under which, generally, that individual lacks a ‘legitimate expectation of privacy in information he voluntarily turns over to third parties’: Smith v. Maryland, 442 U.S. 735, 743–4 (1979) (‘Smith’). The Court’s ruling outlines the doctrine on pages 4–6.
The defendant sought to rely on the test used by the US Supreme Court in Carpenter v. United States, 138 S. Ct. 2206 (2018) (‘Carpenter’), where it held that the third-party doctrine does not operate to remove Fourth Amendment protection for the privacy of an individual’s cell-site location information (‘CSLI’). CSLI is location data sent by a mobile phone to a telecommunications service provider when it pings a mobile phone tower operated by the provider. In Carpenter, the US Supreme Court, rather than resting its judgement on the individual’s actual turning over of the CSLI, focused on: (wording drawn from pages 2219–20 of the Carpenter, and page 5 of the Court’s, judgments)
- ‘the nature of the particular documents sought’, including whether the data in question was ‘limited and meant to be confidential’; and
- the ‘voluntariness of the exposure’.
How Did the Defendant Fare?
The defendant argued that, when applying the Carpenter test, the third-party doctrine was not engaged in relation to both data on the Bitcoin blockchain, and the data which Coinbase had, on his Bitcoin transaction records.
Regarding the Bitcoin Blockchain Data?
This argument failed, with the Court distinguishing the blockchain data from CSLI. The Court found that the former more readily echoed bank and telephone call records within the application of the third-party doctrine in United States v. Miller, 425 U.S. 435 (1976) (‘Miller’) and Smith, respectively.
Relevant to the first limb of the Carpenter test, the Court found that the blockchain data is ‘limited’ information, that is, by comprising basic transaction metadata (page 7). The publicity of transactions on the Bitcoin blockchain was also found to facilitate the identification of the UBOs of Bitcoin addresses through blockchain forensics, with the Court citing Satoshi’s white paper in support of this
Relevant to the second limb of the test, the Court found that the act of transacting in Bitcoin on one’s own is neither ‘a pervasive [n]or insistent part of daily life’ (page 7). The act needs positive action by the individual, unlike the transmission of CSLI from a mobile phone, given how: mobile phones and telecommunications networks function; and, as the Supreme Court found in Carpenter, the devices are ‘almost a feature of human anatomy’: 138 S. Ct. 2206, 2218 (2018).
Hence, the defendant’s claim of a legally sufficient privacy interest in transaction records on the Bitcoin blockchain failed.
Regarding the Coinbase Transaction Records?
This argument failed as well. The Court found that both Coinbase and traditional banks are regulated by laws including the Bank Secrecy Act, and are thus required to identify customers and monitor their transactions.
Per the first limb of the Carpenter test, the Court focused on the nature of Coinbase’s records as comprising virtual asset transaction information, rather than providing the authorities ‘an intimate window into a person’s life’ like CSLI can by highlighting a person’s personal, commercial, political and other relationships: Carpenter v. United States, 138 S. Ct. 2206, 2217 (2018).
Per the second limb of the test, the Court found that executing transactions via a virtual asset exchange like Coinbase requires ‘affirmative’ action by the customer: Carpenter v. United States, 138 S. Ct. 2206, 2220 (2018). In making the call to transact through a third party (here, Coinbase), despite greater privacy being on offer without using that party, the customer thus decides to ‘sacrifice some privacy’ (page 8).
Hence, the defendant was held to lack a legally sufficient privacy interest in Coinbase’s records of his Bitcoin transactions.
Due to his resultant failure to successfully argue that the third-party doctrine does not apply (and thus that the Fourth Amendment does), the defendant’s motion to suppress the evidence gained from the search warrant failed.
What (Will) Come(s) out in the Wash?
Note that, since the Court was ruling on whether the District Court had correctly denied a motion to suppress evidence, the Court was ‘review[ing] questions of law de novo and factual findings for clear error’: United States v. Ganzer, 922 F.3d 579, 583 (5th Cir.). Therefore, the standard of review was such that the Court would uphold the denial on the availability of ‘any reasonable view of the evidence to support [that denial]’: United States v. Ganzer, 922 F.3d 579, 583 (5th Cir.).
The Court conducted an elegant analysis of how the third-party doctrine does not apply to transaction data on the Bitcoin blockchain and customer transaction data held by a virtual asset exchange like Coinbase. The Court’s logic makes sense in light of the public, pseudonymous nature of the Bitcoin blockchain (and yet its comprising merely basic transaction metadata). Given far lower virtual asset adoption and transactions in the US relative to fiat currencies, as well as the nature of transacting in Bitcoin on one’s own, the rejection of the analogy between Bitcoin blockchain data and CSLI is sound. The Court also arguably made the right call in relation to the Coinbase records, given the clear parallel with the bank records of Miller, which were held to be within the third-party doctrine.
That said, as one of my blockchain colleagues noted, there is a question about how a US court would apply the third-party doctrine to ascertain whether a person has a legally sufficient privacy interest in data from the blockchain of a privacy coin like, potentially, Monero (maybe less so Zcash). Such a virtual asset employs special cryptographic mechanisms to hamper efforts to discover user and transaction data. This is in marked contrast to the Bitcoin blockchain’s being highly amenable to forensics and the publicity of that fact. Then again, forensics vendors like Chainalysis are working to expand their coverage of privacy coins’ blockchains, potentially eroding the ability of users of these virtual assets to cloak their identities as UBOs. In the future, that can go on to help counter the argument that users of privacy coins enjoy Fourth Amendment protections in relation to the records of their transactions on the relevant blockchain, given the likely growing analogy between the latter and the Bitcoin blockchain.
Watch this space.
