News
The latest cryptocurrency privacy battle
At the end of May the US Security and Exchange Commission’s (SEC) latest mass surveillance tool, the Consolidated Audit Trail (CAT), was launched “fully operational.” SEC-registered broker-dealers, exchanges and alternative trading systems now must collect and report trading information relating to every U.S. trade, as well as personal information from every U.S. retail brokerage client.
While this obviously impacts customers of traditional financial institutions, the personal privacy of participants in the digital asset economy could also be seriously compromised.
Marisa Coppel is the legal director of the Blockchain Association. Amanda Tuminelli serves as Chief Legal Officer of the DeFi Education Fund, where she leads the organization’s impact litigation and policy efforts.
Note: The opinions expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.
Designed to collect and store detailed data on customers in U.S. financial markets, the CAT will be the largest securities transaction database ever built. Although built under the guise of “allowing regulators to efficiently and accurately monitor all activity in US markets,” the CAT threatens to make massive, unchecked government surveillance a reality.
Under the SEC’s CAT requirements, regulated entities will be forced to collect a multitude of data on operations, merchants and retail customers, including customer names, addresses and account details. As for digital asset market participants, this information could end up including transaction identifiers and wallet addresses, giving those with access to the database insights into users’ future and retrospective transactions at any point in time.
The implications for the digital asset sector are worrying, especially in light of the recent finalization of Dealer regulation, which the Blockchain Association and others are pushing forward. challenge in federal courtand even more so if the SEC finalizes the proposed rule that would significantly expand the definition of what constitutes an “exchange.”
If these new rules are maintained, the new “dealers” and “exchanges” will be required to report digital asset user information to the CAT.
This means that unprecedented amounts of cryptocurrency trading data and customer personal information will remain caught in the SEC’s surveillance net. To make matters worse, CAT data is not available only to the SEC and its thousands of employees. Individually identifiable data in CAT is accessible to a network of related government agencies and self-regulating private organizations, without a warrant or reasonable suspicion of wrongdoing. This greatly expands the universe of who could potentially gain access to Americans’ personal financial lives and business activities, all in the name of making the SEC’s job a little easier.
Recently former Attorney General William Barr expressed concerns on potential violations of constitutional rights that could occur due to CAT: “The Constitution prohibits mass surveillance of private businesses based merely on the possibility of someone committing a crime… Even when the government seeks information about a citizen… it must normally demonstrate that it is investigating specific alleged wrongdoings.”
However, one searches in vain for a statement from the SEC on how it will respect individual constitutional rights.
In fact, SEC Commissioner Hester Peirce raised the alarm on the state implications of unchecked CAT surveillance for years, explaining that the cost “to freedom and privacy is not worth the purported benefit. After all, monitoring our trading behavior will not prevent bad events from occurring in the markets, it will only make it a a little easier to understand what happened after the fact.”
In addition to privacy concerns, this database represents the ultimate “honeypot” of information, making it particularly attractive to hackers. Although the SEC has recognized this dramatic security risk in a Proposal 2020 to improve database security, it has yet to implement changes to the CAT that would increase cybersecurity, despite organizations such as the Securities Industry and Financial Markets Association (SIFMA) sounding the alarm.
It is therefore not surprising that the SEC has already been sued twice over its implementation of the CAT database. THE American Securities Association and Citadel filed a joint petition with the 11th Circuit in October 2023 and the New Alliance for Civil Liberties filed a complaint in the Western District of Texas in April 2024 to challenge the release of CAT. While these two lawsuits are perfect examples of why the judiciary is so important in curbing gross government interference, the cryptocurrency world must recognize how antithetical the CAT is to its core ethics and the assumed privacy expectations of all Americans .
Remember, privacy is normal. We should not regress to a social norm in which privacy equals wrongdoing, especially in personal financial matters, lest we move closer to Washington DC, described in the Minority Report. One should not feel as if the government is looking over their shoulder as they complete every personal financial transaction, especially when those transactions may include the disclosure of sensitive information, such as through donations to political causes or payment for medical procedures.
As well as take the opportunity to help educate the court how friends in the ongoing lawsuits mentioned above, the crypto community should make our opposition to this latest regulatory overreach known by expressing concerns to elected representatives regarding the CAT. Overly broad financial surveillance regimes like the CAT pose a significant threat to Americans’ constitutional rights and cannot be allowed to pass into law quietly.