Late last month the Treasury Department published a proposed regulation to define when a person in crypto qualifies as a “broker” under the tax code and therefore must collect personal information about the users of their crypto tools and report that information to the IRS for tax purposes. We are busy readying our comment letter, due by October, but here is a preview.
Treasury’s notice of proposed rulemaking is around 280 pages, but our comment will be pretty simple: As we detailed in a lengthy paper in 2019, the Fourth Amendment makes it unconstitutional for the government to force a private person (as in an individual or business that is not a state actor) to collect and report the personal information of another person if they (a) don’t already collect that information as part of their business, (b) have no reason to collect that information apart from the government demand, and (c) if the target of that information collection does not already voluntarily provide that information to them.
That’s the standard in Carpenter v. United States, a relatively recent Supreme Court case that overruled significant aspects of the “third-party doctrine,” an interpretation of the Fourth Amendment that, in older cases, allowed similar forms of deputized state surveillance by telephone companies and financial institutions. The Court today is even more poised to further narrow that standard given its current composition, including several justices aligned with Justice Gorsuch, who, in his dissent to the opinion in Carpenter wrote, “I do not agree with the Court’s decision today to keep [the third-party doctrine] on life support.”
Treasury’s proposed standard is broader than the standard articulated in the third-party doctrine cases from the 1970s up to the Carpenter case in 2018 (because it allows more people to be forced to collect more information about other people), and it is vastly broader than the new post-2018 standard. In other words, there’s no way it should survive constitutional scrutiny.
But what is that broad and unconstitutional standard? Treasury proposes that a person in the crypto ecosystem is obligated to collect user information when they are “in a position to know” their users. That standard is far broader than the constitutional limit set out above. If being in a position to know something was the constitutional standard for deputizing private actors to engage in state surveillance, well, then, it would be game over for the Fourth Amendment.
When I’m walking down the street I’m “in a position” to take notes about all the people I see, and I could report questionable characters to the cops. Perhaps I should be ordered to do so? When I’m at my doctor’s office I’m “in a position” to record and report her medical advice, including whether she will prescribe federally prohibited marijuana, or offer advice about family planning methods. Maybe I should be ordered to do so.
While we’re at it, let’s force John Deere to report to the Department of Agriculture which seeds farmers are planting with their internet-connected tractors, and whether they might be planting proprietary GMO seeds without paying for a license. Let’s force Apple to report a list of the apps I’m using on my iPhone and whether I’m installing anything that’s built to share views on the political fringe. Let’s have cell phone carriers record our calls, have teachers report anti-social kids, and kids rat-out their parents.
All of these absurdly intrusive hypotheticals would be perfectly acceptable if the standard for when the government can force someone to spy on other Americans was merely whenever they are in a position to know something juicy about their fellow Americans. Fortunately, that’s not the standard. Indeed the standard is narrow especially after the Carpenter case.
Our comment will be about that standard and how Treasury’s attempt to force participants in crypto to spy on users of their software violates it and is, therefore, unconstitutional. Ideally, the Treasury Department will significantly tailor their standard to something like the holding in Carpenter before the final rule is published.
Finally, those familiar with Fourth Amendment case law might argue we’re stretching the Carpenter holding too far, that the Court merely expressed a special solicitude with regard to the highly intrusive geographic data collected in that case and that such special limits on deputized surveillance shouldn’t be applied more broadly to other areas of data collection and, perhaps, especially not to things like money and crypto. To that critic we would say, read our full comment letter when it is published. For otherwise, as Justice Gorsuch warned in his Carpenter dissent,
What’s left of the Fourth Amendment? Today we use the Internet to do most everything. Smartphones make it easy to keep a calendar, correspond with friends, make calls, conduct banking, and even watch the game. Countless Internet companies maintain records about us and, increasingly, for us. Even our most private documents—those that, in other eras, we would have locked safely in a desk drawer or destroyed—now reside on third party servers.
And as Justice Brennan predicted in the 1970s,
For all practical purposes, the disclosure by individuals or business firms of their financial affairs to a bank is not entirely volitional, since it is impossible to participate in the economic life of contemporary society without maintaining a bank account. In the course of such dealings, a depositor reveals many aspects of his personal affairs, opinions, habits and associations. Indeed, the totality of bank records provides a virtual current biography. … Development of photocopying machines, electronic computers and other sophisticated instruments have accelerated the ability of government to intrude into areas which a person normally chooses to exclude from prying eyes and inquisitive minds. Consequently, judicial interpretations of the reach of the constitutional protection of individual privacy must keep pace with the perils created by these new devices.
Something that’s remarkable about crypto is that it is the one technology that began to reverse the death of privacy long heralded by Justice Brennan and others. With crypto you can transact online without any need to disclose anything personal to a financial intermediary. Treasury’s proposed rule would not only peel back the evolving constitutional protections for data held by third parties, it would artificially force people to become third parties, creating by law rather than technological necessity the very privacy vulnerabilities that an unscrupulous wielder of state-power would exploit to achieve the very privacy violations the Fourth Amendment was meant to guard against.