United States v. Gratkowski, 964 F.3d 307 (5th Cir. 2020), filed June 30, 2020: No Expectation of Privacy in Information Located on Virtual Currency’s Blockchain
Information captured on blockchain or used by virtual currency exchanges is more analogous to bank records than cell-site location (CSLI) data, and not protected by Fourth Amendment.
Here is an interesting emerging legal issue as we continue to see more cases involving virtual currencies such as Bitcoin in the criminal law context. In this case, the defendant was using Bitcoin to gain access to a child pornography site. I’m sure this happens frequently as virtual currency would seem to offer some anonymity for its users. Here’s how he was discovered: It appears that law enforcement first located this website that contained these illegal images. Law enforcement then used an “outside service” to analyze the publicly viewable Bitcoin blockchain and identified a cluster of Bitcoin addresses that had transferred money to the website (probably this “outside service” was Chainalysis, which is being used more and more often by different agencies including the IRS, the SEC, the FBI, and the DEA). Once they located these addresses, law enforcement then served a grand jury subpoena on Coinbase, seeking information on the Coinbase customers whose accounts had sent Bitcoin to any of the addresses in the website’s cluster. So—Chainalysis to view the publicly available blockchain and to identify money going to the website, and then Coinbase—which is a virtual currency exchange (like a regular bank, only for virtual currency)—to obtain information about the people who purchase and exchange Bitcoin for fiat currency.
The defendant here argued that he had a reasonable expectation of privacy in both the blockchain and the information possessed by Coinbase under the Fourth Amendment. He relied on the recent United States Supreme Court case, Carpenter v. United States, __ U.S.__, 138 S. Ct. 2206 (2018) as support. Carpenter held that individuals do have reasonable expectations of privacy in cell-site location information (“CSLI”) which is generated by cell phone usage. In that case, the Court considered 1) “the nature of the particular documents sought,” which includes whether the sought information was limited and meant to be confidential, and 2) the voluntariness of the exposure. Id. at 2219-20. In short, in Carpenter, the Court found that since cell phones are such an integral part of our society now and are capable of revealing so much about us—our location, our religious preferences, political associations, etc., this information is entitled to protection under the Fourth Amendment. Not so with blockchain or virtual currency exchanges—the Fifth Circuit analogized these as being like traditional bank records, or telephone call logs. See United States v. Miller, 425 U.S. 435 (1976) (bank records not subject to Fourth Amendment protections); Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (a person generally “has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”). So, no Fourth Amendment claim for blockchain data or personal data collected by virtual currency exchange.
This appears to be the first circuit court of appeals that has addressed this issue. I imagine we’ll see more litigation on this point as virtual currency continues to grow in popularity.