EFF has become increasingly concerned that payment processors are being asked to turn over information on their customers, without any mechanism for the public to know who is making those requests, or how often. That’s why we are calling on Coinbase—one of the largest cryptocurrency exchanges in the country—to start releasing regular transparency reports that provide insight into how many government requests for information it receives, and how it deals with them. These are difficult decisions with serious consequences, and they should not be made in the dark.
Cryptocurrency exchanges should especially understand the importance of the privacy of this information
Financial data can be among the most sensitive types of information we produce. How you spend your money can reveal a lot about your daily habits, the causes you care about, who you hang out with, and where you go. Choosing to comply with or reject a government request for this user data—or choosing to shut down an account—can have a huge impact on what types of speech can thrive online. Transparency reports are important tools for accountability for companies that make these important decisions. Cryptocurrency exchanges should especially understand the importance of the privacy of this information, as their users tend to prize both the cash-like anonymity of cryptocurrency, and its inherent resistance to censorship. For these reasons, cryptocurrency transactions are often sensitive—and more likely to carry with them an expectation of privacy.
At least one of Coinbase’s competitors, Kraken, has already recognized the importance of being open on this topic, and publicly released information on global law enforcement requests it receives. Providing this accountability is particularly important when it comes to financial data, as they can often be turned over with a subpoena, a 314 (a) request, or a National Security Letter— none of which require review from a judge before being sent to the financial service provider. And the need for cryptocurrency companies such as Coinbase to be open with consumers is only growing, as courts have not sided with consumer privacy when it comes to these requests.
As we wrote in July, in U.S. v. Gratkowski, the U.S. Court of Appeals for the Fifth Circuit ruled that law enforcement does not need to get a warrant in order to obtain financial transaction data from cryptocurrency exchanges—in this instance, the exchange was Coinbase. In that case, the court relied on the third-party doctrine. This doctrine holds that when people use services such as banks, they lose their reasonable expectation of privacy in the information that they turn over to a third party.
The third-party doctrine, and the court’s reliance on it in Gratkowski, is wrong. Storing your data with a third party should not mean that users lose any reasonable expectation of privacy. That makes no sense in a world where everyone navigates through their daily life by relying on services such as email that provide third parties with access to sensitive information.
But we do not know how many other cases are out there like Gratkowski, which is why we need more transparency from Coinbase. In providing the public with data on how often law enforcement seek user data and how often services comply, transparency reports show whether companies are living up to their promises to protect user privacy. They also serve an important secondary role by providing details on government surveillance activities.
As one of the largest individual companies in the U.S. cryptocurrency market, Coinbase wields tremendous power and influence over this dynamic. It should stand up for its users and also use its market power and influence to show others that transparency reports are an industry standard for all cryptocurrency exchanges. Releasing a transparency report would be one way for Coinbase to display leadership and fill in the gaps in our current knowledge, by simply shining a much-needed light on government requests for information.