"DeFi Gives Financial Privacy — Will Regulation Take It Away?"

I consult occasionally for Andreessen Horowitz, and they commissioned me to write this piece for their Future site; I think it turned out nicely, and I thought I'd pass it along. Here's the introduction:

The Fourth Amendment protects our privacy rights in material that we keep private. The government can't search our homes or computers, for instance, unless it has a warrant based on specific probable cause to believe that the searches will uncover evidence of crime.

Nor can the government just summon us to court to provide testimony that will yield such evidence of crime: The Fifth Amendment's privilege against self-incrimination protects against that.

On the other hand, the Fourth Amendment has been read as providing little protection for material that we turn over to third parties — even to one trusted third party, such as a bank. This "third-party doctrine," which is the key to the government's power to gather information from financial intermediaries, lets the government easily get transaction information from businesses, without a search warrant or probable cause. (This is supplemented by requirements, which the Court has upheld, that banks keep records of financial transactions.[1])

The third-party doctrine, for better or worse, is well-established. But when technological innovation — such as DeFi (decentralized finance) — cuts out the third party, the government can no longer use the third-party doctrine to monitor such transactions.

The question then becomes: May the government restrict such DeFi tools, and force people to use third-party intermediaries, precisely to take advantage of the extra surveillance power that the third-party doctrine would provide?

And here's an excerpt from what strikes me as the most theoretical interesting portion:

A right to use rights-protecting technologies?

[A] mandate that coders monitor who is using their code — essentially a prohibition on privacy-protection financial technologies — may well violate the Fourth Amendment….

To begin with, if the government seeks to stop the creation and distribution of intermediary-less DeFi code,[6] the government would be doing so precisely to bring back the third party — not for the sake of financial necessity (the way that a third party had historically been necessary for electronic transactions), but for ease of surveillance.[7] The premise of the third-party doctrine is that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties," because he "assume[s] the risk that the [third party] would reveal to police the [information]."[8] If the government takes away the option of a private transaction, and requires that information be turned over to third parties, then the turning over of the information is no longer truly voluntary. Nor are such people assuming the risk of disclosure: the risk is being thrust upon them by government mandate.[9]

Likewise, the third-party doctrine rests on the theory that, by handing over informa­tion to a third party, a person "is deemed to surrender any privacy interest he may have had" in that information.[10] Thus, by banning privacy-protecting technologies, precisely to bring third parties back into the transactions, the government would be requiring people to "surrender" their "privacy interest[s]" that would otherwise be protected by the Fourth Amendment — something the government may not require….

Prohibitions on privacy-protecting tools

To offer an analogy: The Court has held that, when a driver of a car is arrested, (1) the police may search the car's passenger compartment for weapons that might be within the driver's reach without needing to show probable cause, but (2) they may not search any separately locked trunk. Imagine that a state required that all cars on the roads lack a separate trunk (i.e., that they be SUVs, hatchbacks, or station wagons), precisely so drivers have fewer Fourth Amendment protections.[11] Perhaps, by following the analogy to the broad reading of HR 3684, imagine that a state required unworkable record-keeping obligations of car manufacturers who make cars with separate trunks: Say that manufacturers were ordered to report the names and addresses of everyone who drives such a trunk-less car, even though the manufacturers lack any business relationship with many drivers (who might buy or borrow a car from a third party).

Imagine that a state required that all cars on the roads lack a separate trunk, precisely so drivers have fewer Fourth Amendment protections.

Though there is no precedent squarely on point, this would likely be unconstitutional, as a circumvention of the normal Fourth Amendment rules. Just as the government can't, for instance, circumvent the Fifth Amendment's prohibition on "be[ing] compelled in any criminal case to be a witness against [your]self" by coercing you to testify in a civil case and then using the information in a criminal case,[12] so it shouldn't be able to circumvent the Fourth Amendment's protection of privacy by denying you privacy-protecting tools.

Constitutional rights to technologies that protect other constitutional rights

Indeed, courts have long recognized that certain technologies are necessary to protect constitutional rights, and that banning the use of the technologies would therefore violate those rights. For instance, lower courts have held that the First Amendment includes the right to video-record government employees (such as police officers) in public places.[13] The courts began with the premise that the public has a First Amendment right to "access … information about their officials' public activities."[14] And they therefore held that the First Amendment must likewise protect the technology necessary to effectively gather that information — technology that lets one "record what there is the right for the eye to see or the ear to hear," "corroborat[ing] or lay[ing] aside subjective impressions for objective facts."[15] …

If you're interested, check out the whole piece.