On June 30, 2020, the US Court of Appeals for the Fifth Circuit affirmed a decision by the US District Court for the Western District of Texas, finding that cyber currency exchange institutions can share user data with the government without a warrant, thereby supporting the notion that, like traditional bank transactions, cyber currency transactions are not granted fourth amendment protection.
The appeal was made by defendant Richard Gratkowski, who was charged with two counts of child pornography, based on information obtained from his Coinbase Bitcoin account. According to the opinion, federal agents analyzed publicly viewable blockchain transactions, then served a grand jury subpoena instead of warrant on Coinbase, an Bitcoin exchange institution, requesting customer information for transactions within a certain web address cluster. The information from Coinbase enabled federal agents to obtain a search warrant of the defendant’s home, which led to additional evidence and charges against him. Gratkowski moved to suppress the evidence, alleging that the blockchain analysis and the subpoena sent to Coinbase violated his fourth amendment rights. The district court denied the motion to suppress, and after final judgment, Gratkowski appealed.
The Fifth Circuit agreed with the district court’s application of the third-party doctrine in US v. Miller, 425 US 435 (1976), that held a bank's records are negotiable instruments containing voluntarily conveyed information not subject to fourth amendment protection. The Fifth Circuit found that the blockchain transaction and the Coinbase account were analogous to the bank records in Miller, concluding that Coinbase was simply a financial institution that dealt with virtual currency rather than physical currency, and there was little expectation of privacy because transactions on Coinbase, like other cyber currency exchange institutions, were widely known to be made on a public blockchain.
Gratkowski argued that there was a heightened expectation of privacy for Bitcoin transactions, similar to the customer in Carpenter v. US, 138 S.Ct. 2206 (2018), where the Supreme Court held that a warrant was required to access cellphone records providing details of a customer’s past movements. To determine the heightened nature of the documents sought in Carpenter, the court considered two factors - whether the information sought was limited and meant to be confidential, and whether the exposure was voluntary. After applying the Carpenter test, the Fifth Circuit determined that the blockchain provided limited information about the parties involved, and held that cyber bankers voluntarily sacrificed some privacy when using cyber currency exchange institutions like Coinbase, that are often utilized when customers lack the technical expertise to make virtual exchanges without them. Based on the Carpenter analysis and the third-party doctrine, the Fifth Circuit upheld the district court's decision to deny the motion to suppress.