Even in an increasingly digital world, people have the right to engage in private financial transactions.
Rule proposed by FinCEN is neither deliberative nor reflective. As we wrote before, this rule – which would require regulated companies to keep records of cryptocurrency transactions over $ 3,000 and report cryptocurrency transactions over $ 10,000 to the government – would force cryptocurrency exchanges and ‘other money services businesses to expand their identity data collection far beyond what they are currently doing. In fact, this would not only require these companies to collect information about their own customers, but also the information of anyone who deals with those customers using their own cryptocurrency wallets.
In addition to concerns we have already raised, EFF believes the proposed regulation as drafted would undermine the civil liberties of cryptocurrency users, give the government access to tons of sensitive financial data beyond what is contemplated by the regulation , and would have unintended consequences for certain blockchain technologies, such as smart contracts and decentralized exchanges – which could chill innovation.
The agency has not given enough time to properly examine all of these risks. And, by announcing this proposal with a short comment period over the winter break, the FinCEN process has failed to give many members of the public and experts the necessary opportunity to comment on the potentially huge consequences of this regulation.
This is why the EFF urges the agency not to implement this proposal. Rather, we are asking that FinCEN meet directly with those affected by this regulation, including innovators, technology users and civil liberties advocates, to understand the effect it will have. And we are asking the agency to significantly extend the comment period to a minimum of 60 days and to offer additional time for comments after adjustments are made to the proposed settlement.
This rushed proposal threatens financial privacy, speech and innovation
Even in an increasingly digital world, people have the right to engage in private financial transactions. These protections are crucial. We saw protesters and dissidents in Hong Kong, Belarus, and Nigeria make deliberate choices to use cash or cryptocurrency to protect against surveillance. The ability to transact anonymously allows people to engage in political activity, protected in the United States by the First Amendment, which may be sensitive or controversial. Anonymous transactions must be protected whether these transactions take place in the physical world in cash or online.
The proposal would force companies to collect much more information than necessary to achieve the agency’s policy objectives. The proposed regulation claims to require that cryptocurrency transaction data be provided to the government only when the transaction amount exceeds a particular threshold. However, due to the nature of public blockchains, the regulation would actually cause the government to gain tons of data on cryptocurrency users far beyond what the regulation contemplates.
Bitcoin addresses are pseudonyms, not anonymous – and the Bitcoin blockchain is a publicly visible record of all transactions between these addresses. This means that if you know the name of the user associated with a particular Bitcoin address, you can glean information about all of their Bitcoin transactions that use this address. In other words, the proposed regulation would give the government access to a massive amount of data beyond what the regulation claims to cover.
This scale of such a collection presents a considerable risk. Databases of this size can become a honeypot of information that tempt bad actors, or those who might abuse them beyond their initial intended use. Thousands of FinCEN-specific files have already been exposed to the public, clearly indicating that FinCEN’s security protocols are not adequate to prevent leaks, even on a large scale. This is of course not the first time that a sensitive government database has been leaked, mismanaged or breached. In recent weeks, the SolarWinds hacking US government agencies has made headlines and details are still emerging – and it is hardly only example large-scale government hacking.
There are also some The fourth amendment concerns. As we say in our comments:
The proposed regulation violates the Fourth Amendment protections for individual privacy. Our society’s understanding of individual privacy and the legal doctrines surrounding it are evolving. As court opinions from the 1970s felt that consumers were losing their right to privacy over data they entrust to third parties, modern courts have become skeptical of these pre-digital decisions and started to draw different lines around our expectations of privacy. Recognizing that our world is increasingly digital and surveillance has become cheaper and more ubiquitous, the Supreme Court has begun to undermine the doctrine of the third party – the idea that an individual has no right to privacy. data shared with a third party. Some Supreme Court justices have written that “it may be necessary to reconsider the premise that a person has no reasonable expectation of privacy in information voluntarily disclosed to third parties.” In 1976, the Supreme Court referred to the doctrine of the third party in ruling United States v. Miller that the reporting requirements of the Bank Secrecy Act then in effect did not violate the Fourth Amendment.
Two developments make the continued use of the doctrine of third parties suspect, including as a source of regulations such as those contemplated here.
First, since the Meunier decision, the government dramatically broadened the scope of the bank secrecy law and its intrusion on individual financial privacy. Although the Supreme Court upheld the 1970s regulations in an as applied challenge, Justice Powell, author Meunier, was skeptical that more intrusive rules would be constitutionally approved. In California Bankers Association v. Shultz, Justice Powell wrote: “Financial transactions can reveal a lot about a person’s activities, associations and beliefs. At some point, a government intrusion into these areas would imply legitimate expectations of privacy. The government’s intrusion into financial privacy has increased dramatically since Meunier and Shultz, presumably interfering with society’s legitimate expectations of privacy and more directly in conflict with the Fourth Amendment.
Second, since Meunier, we have seen strong pro-privacy opinions from the United States Supreme Court in several digital technology cases that reject the government’s abuse of third-party doctrine. This includes: United States vs. Jones (2012), in which the Court found that law enforcement’s use of a GPS tracking device to continuously track a vehicle over time was a Fourth Amendment search; Riley c.Californie (2014), in which the court ruled that the warrantless search and seizure of cell phone data upon arrest was unconstitutional; and Carpenter v. United States, in which the court ruled that police must obtain a warrant before accessing a cell site’s location information from a cell phone company. The EFF is heartened to see these steps taken by the courts to better recognize that Americans do not sacrifice their privacy rights when interacting in our modern society, which is increasingly mediated by companies holding data. sensitive. We believe this understanding of privacy can and should extend to our financial data. We urge FinCEN to heed the more nuanced understanding of privacy rights seen in modern court opinions, rather than grounding its thinking on privacy protection in precedents from a more analogous era of American history.
Finally, we urge FinCEN to consider the potential cooling effects that its regulations may have on technology development. FinCEN needs to be extremely careful about crafting regulations that could interfere with the growing ecosystem of smart contract technology, including decentralized exchanges. We are at the very beginning of the exploration of smart contract technology and decentralized exchanges. Just as it would have been a mistake to view the Internet as just an extension of the existing postal service, it is important not to view the risks and opportunities of these new technologies solely through the prism of financial services. The proposed regulations would not only cool experimentation in an area that could have many potential benefits for consumers, but would also prevent US users and businesses from participating when these systems are deployed in other jurisdictions.
Due to the potential impact of the proposed regulation on the civil liberties interests of technology users and its potential deterrent effect on innovation in a wide range of technology sectors, we urge FinCEN not to implement this proposal as is. Instead, we ask him to do due diligence to ensure that civil liberties experts, innovators, technology users and the public have an opportunity to voice their concerns about the potential impact of proposal.
Read EFF’s full reviews.