The Volokh Conspiracy
Mostly law professors | Sometimes contrarian | Often libertarian | Always independent
"DeFi Gives Financial Privacy — Will Regulation Take It Away?"
Particular twists: "A right to use rights-protecting technologies?" and "constitutional rights to technologies that protect other constitutional rights."
I consult occasionally for Andreessen Horowitz, and they commissioned me to write this piece for their Future site; I think it turned out nicely, and I thought I'd pass it along. Here's the introduction:
The Fourth Amendment protects our privacy rights in material that we keep private. The government can't search our homes or computers, for instance, unless it has a warrant based on specific probable cause to believe that the searches will uncover evidence of crime.
Nor can the government just summon us to court to provide testimony that will yield such evidence of crime: The Fifth Amendment's privilege against self-incrimination protects against that.
On the other hand, the Fourth Amendment has been read as providing little protection for material that we turn over to third parties — even to one trusted third party, such as a bank. This "third-party doctrine," which is the key to the government's power to gather information from financial intermediaries, lets the government easily get transaction information from businesses, without a search warrant or probable cause. (This is supplemented by requirements, which the Court has upheld, that banks keep records of financial transactions.[1])
The third-party doctrine, for better or worse, is well-established. But when technological innovation — such as DeFi (decentralized finance) — cuts out the third party, the government can no longer use the third-party doctrine to monitor such transactions.
The question then becomes: May the government restrict such DeFi tools, and force people to use third-party intermediaries, precisely to take advantage of the extra surveillance power that the third-party doctrine would provide?
And here's an excerpt from what strikes me as the most theoretical interesting portion:
A right to use rights-protecting technologies?
[A] mandate that coders monitor who is using their code — essentially a prohibition on privacy-protection financial technologies — may well violate the Fourth Amendment….
To begin with, if the government seeks to stop the creation and distribution of intermediary-less DeFi code,[6] the government would be doing so precisely to bring back the third party — not for the sake of financial necessity (the way that a third party had historically been necessary for electronic transactions), but for ease of surveillance.[7] The premise of the third-party doctrine is that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties," because he "assume[s] the risk that the [third party] would reveal to police the [information]."[8] If the government takes away the option of a private transaction, and requires that information be turned over to third parties, then the turning over of the information is no longer truly voluntary. Nor are such people assuming the risk of disclosure: the risk is being thrust upon them by government mandate.[9]
Likewise, the third-party doctrine rests on the theory that, by handing over information to a third party, a person "is deemed to surrender any privacy interest he may have had" in that information.[10] Thus, by banning privacy-protecting technologies, precisely to bring third parties back into the transactions, the government would be requiring people to "surrender" their "privacy interest[s]" that would otherwise be protected by the Fourth Amendment — something the government may not require….
Prohibitions on privacy-protecting tools
To offer an analogy: The Court has held that, when a driver of a car is arrested, (1) the police may search the car's passenger compartment for weapons that might be within the driver's reach without needing to show probable cause, but (2) they may not search any separately locked trunk. Imagine that a state required that all cars on the roads lack a separate trunk (i.e., that they be SUVs, hatchbacks, or station wagons), precisely so drivers have fewer Fourth Amendment protections.[11] Perhaps, by following the analogy to the broad reading of HR 3684, imagine that a state required unworkable record-keeping obligations of car manufacturers who make cars with separate trunks: Say that manufacturers were ordered to report the names and addresses of everyone who drives such a trunk-less car, even though the manufacturers lack any business relationship with many drivers (who might buy or borrow a car from a third party).
Imagine that a state required that all cars on the roads lack a separate trunk, precisely so drivers have fewer Fourth Amendment protections.
Though there is no precedent squarely on point, this would likely be unconstitutional, as a circumvention of the normal Fourth Amendment rules. Just as the government can't, for instance, circumvent the Fifth Amendment's prohibition on "be[ing] compelled in any criminal case to be a witness against [your]self" by coercing you to testify in a civil case and then using the information in a criminal case,[12] so it shouldn't be able to circumvent the Fourth Amendment's protection of privacy by denying you privacy-protecting tools.
Constitutional rights to technologies that protect other constitutional rights
Indeed, courts have long recognized that certain technologies are necessary to protect constitutional rights, and that banning the use of the technologies would therefore violate those rights. For instance, lower courts have held that the First Amendment includes the right to video-record government employees (such as police officers) in public places.[13] The courts began with the premise that the public has a First Amendment right to "access … information about their officials' public activities."[14] And they therefore held that the First Amendment must likewise protect the technology necessary to effectively gather that information — technology that lets one "record what there is the right for the eye to see or the ear to hear," "corroborat[ing] or lay[ing] aside subjective impressions for objective facts."[15] …
If you're interested, check out the whole piece.
Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post comments
It would be great if this "right to use rights-protecting tools" were brought into existence. But past and present behavior by governments, including ours, suggest it won't happen.
Consider the rights that the IRS and Treasury Department have now, not only to see and audit your financial records on bare suspicion that you might evade taxes, but to insist that you report foreign accounts or share-holdings annually and report receiving large cash payments within a few days.
And finally, consider how the law has treated crypto currencies. Today's crypto, for instance bitcoin, is allowed because using a blockchain means that transactions are not anonymous at all, but are public and traceable. But that public nature is not inherent in cryptocurrencies. As early as the 1980s, a truly anonymous digital currency was offered -- "e-gold." The Treasury Department raided them and put them out of business for enabling money laundering.
Bitcoin is pseudonymous and without the KYC laws, it would be effectively anonymous. Because KYC laws exist and apply here, it's possible to identify ends of the transactions and trace back.
What "e-gold" are you referring to? The only one I can find that was a business of any scope was the one run by the Gold & Silver Reserve (and several other shell-ish companies) as "e-gold Ltd". It was founded in 1996.
It was raided by Treasury, for failure to get the necessary state permits for money transfers, and the founders pled guilty. The business shut down a few years later after still being unable to get the necessary state licenses.
The wikipedia article also states that all transactions - including account logins and customer info - were permanently recorded, meaning it was neither private or truly anonymous.
Were you referring to something else?
This is especially nonsensical and completely devoid of thought with regards to existing laws and arguing to the principles behind them.
Like... it has nothing to do with "prohibitions on privacy-protecting tools" (made-up nonsense worthy of this space full of grifters) and money laundering....
Sorry, wish there was an edit. The issue here are financial regulations around money laundering, not abstract and invented concepts of privacy that only serve as a basis for this bloviated article.
There are some well-established privacy barriers that the government cannot breach without a warrant, despite the use of a third party. One is called an envelope. This should be the principle under consideration here. If messages are enclosed, encrypted, or otherwise kept from the 3rd party passing them along, 4th amendment protections should apply. That those protections seem not to apply to a large set of communications, technology will continue to develop to create barriers to invasive observation of private matters. And there should be no legal barriers to the development of such technologies. But commerce is something else, and more subtlety is called for. The government should not be able to know my purchasing history on Amazon, absent a warrant looking for a particular purchase, but it should be able to review commerce writ large, and in particular require KYC of, and related reporting by, private parties offering commercial services for the purposes of assuring suitability, maintaining market integrity, enforcing AML and sanctions, etc.
The third party doctrine sucks. Sounds like this financial invasion sucks even more. But does it suck as much as the likelihood that probably everything else you do online and in your email is being surveilled and recorded by government? And what government misses, surveillance capitalism records? Does any of that suck as much as the fact that most young people don't care about any of this at all?
Do you, old person, have any idea how DeFi works? Sounds like you don't
Need to keep hammering the idea that The People should not have to give up their rights as the cost of participating in modern conveniences.
As life turns to online virtual worlds, your papers move there along with it. So what if a 3rd party manages it? If you paid them to come into your house to sort your filing cabinets, that doesn't mean the government can intrude without a warrant.
That's not the issue with DeFi, that's just something EV made up to blog about. DeFi can't/wont remain private because of money laundering laws
Ok, ok, ok. We'll mandate that trunks have a clear viewing panel for safety reasons. You never know when an unconscious child might be trapped inside.
Ah, I see Eugene is trying to pump his stash of Monero.
As pretty much everyone knows, intuitively, there is some way that use of DeFi will end up causing a government mandate to eat broccoli.
And no, IPlawyer, I do not have much idea how DeFi would work. Which may mean that you and I are in the same boat. Except that I may have more experience with explanations which never quite arrive at cogency. I know from experience that you can understand those down to the last jot and tittle, without becoming a bit the wiser. If I am mistaken, and you do know how DeFi would work, assume its widespread acceptance, and explain how society will change on that account.
When did I say that society would change because of DeFi? I'm not a proponent of DeFi, I'm just pointing out that you clearly don't know how DeFi works