For the Sake of Financial Privacy, IRS Subpoena of Coinbase Should Go

There’s a theory that the Internal Revenue Service hit top U.S. digital currency firm Coinbase with a massive subpoena for user records last year because the Treasury Inspector General for Tax Administration had issued a report highlighting the agency’s lacking strategy for collecting taxes on digital currency trades.

Whether that’s true or not, last November, the IRS sent Coinbase a “John Doe summons” asking for detailed records on every one of its users during the 2013-2015 calendar years. The law doesn’t support such an intrusive demand, and today CEI filed an amicus brief in the U.S. District Court in San Francisco saying so.

The breathtaking scope of the IRS demand attracted a lot of attention—and also an intervenor group to represent Coinbase users in the case. The IRS wanted “complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date.” It wanted to know the details of every single transaction, too.

The IRS’s foundation for wanting this information was as weak as the demand was broad. In a declaration submitted to the court, an IRS agent recounted having learned of tax evasion or error on the part of one Bitcoin user and two companies. The IRS had found fewer references to Bitcoin in filings it had searched than it expected. And on those bases, the IRS claimed “a reasonable basis for believing” that all U.S. Coinbase users “may fail or may have failed to comply” with the internal revenue laws.

When people use digital services, the terms of service and privacy policy lay out who owns what information. Like most services, Coinbase’s 2015 terms accorded most data ownership to the customer, allowing the company only to use personal user data for important operational and business functions. The right to share information with the government was limited to when Coinbase is “compelled to do so by a subpoena, court order, or similar legal procedure.”

That means Coinbase is required to resist invalid subpoenas, as it is doing, and it means that the data is not Coinbase’s to give to the government based on an invalid subpoena. Our filing details the division of property rights in data in a way that applies to many online services. People use property rights in data to protect privacy, security, autonomy, and many related interests.

The IRS pared back the subpoena very late – less than a month ago – once it was crystal clear that the court was going to reject it.

In our filing, we argue that even the narrower subpoena should still be rejected outright. It doesn’t show a likelihood of underpayment of taxes by the thousands of Coinbase users it seeks to expose to IRS scrutiny. And the government should not be permitted to make a massive information demand, observe the reaction of the parties, intervenors, the public, and court, then pare it back to something that’s only grossly distended.

The IRS should have come to court with a well-framed subpoena. It shouldn’t get the benefit of coming to court with a subpoena that represents an extreme bargaining position.

Bitcoin and cryptocurrency are endlessly fascinating. Crypto and our brief in United States v. Coinbase might have a lot to say about what the future of financial privacy looks like.