A new transparency report from cryptocurrency exchange Coinbase shows that law enforcement interest in its customers comes overwhelmingly from just three countries: the United States, the United Kingdom and Germany. US law enforcement agencies make up the majority of the information requests and nearly all of the “three letter” players are getting in on the action, from the FBI to the IRS.
Coinbase transparency report covers January 1 to June 30, 2020
The Coinbase transparency report covers information requests made pursuant to legitimate interests of governments in the first half of 2020. Even though the specific information that the report reveals is limited, this sort of voluntary disclosure is relatively rare in the world of financial services.
Coinbase received a total of 1,914 government requests during this six-month period. These were overwhelmingly pursuant to criminal cases: 1,848 requests, or 96.6%. The remaining requests were classified as “civil or administrative.”
Of these requests, 1,113 came from the United States. The United Kingdom was next at 441, followed by Germany with 176. Those were the only countries with request totals in the triple digits. France was next with 45; no other country on the list had more than 20 and the vast majority were in the single digits.
Since the US had the overwhelming majority of information requests, Coinbase broke down exactly which agencies they came from. At least a dozen federal agencies called on the exchange, as well as a category that amalgamates all state and local agencies (which represented 16.2% of the requests). The FBI was the most frequent individual visitor with 30.5% of the requests, followed by Homeland Security Investigations (HSI) with 16.5%. HSI is the Department of Homeland Security’s (DHS) investigative branch and falls under the umbrella of Immigration and Customs Enforcement (ICE). Other frequent callers were the Drug Enforcement Agency (DEA) with 9.3%, the Offices of the United States Attorneys of the Department of Justice (USAO-DOJ) at 6.8% and the IRS with a total of 8.8% between its criminal investigations division and a number of smaller offices.
Coinbase addressed its handling of the information requests in a blog post: “As a financial institution with a duty to detect and prevent prohibited activity on its platform, we respect the legitimate interests of government authorities in pursuing bad actors who abuse others and our platform. Yet we do not hesitate to push back where appropriate, even when it is inconvenient or costly to do so. That’s why each request we receive is handled by a team of experienced specialists in accordance with set procedures to confirm the validity of the request and narrow or object to requests that are overly broad.”
Increasing transparency for information requests
The voluntary issuance of a transparency report by Coinbase followed a direct call from the Electronic Frontier Foundation (EFF) for the exchange to issue regular reports of this nature in the interests of user privacy and free speech. The EFF highlighted a special responsibility that cryptocurrency exchanges have in protecting internet privacy and supporting free expression, primarily by providing activists with a means of receiving funding and moving money around. There was also some pressure as major crypto platform and direct competitor Kraken had issued some similar information on its government information requests in the form of tweets in 2019.
Of course, there are legal obligations that Coinbase must contend with as well. The San Francisco-based company is a registered and regulated money services business in the United States, subject to honoring legal FinCEN requests as well as compliance with the Bank Secrecy Act (which requires that customer identities or transactions be unmasked to the US government in certain situations) and the compliance requirements of the USA Patriot Act. Coinbase is also obligated by state regulations and interstate money transmission laws.
In 2018, Coinbase publicly assured its users that it intended to only share “certain limited categories of information” that it was legally obligated to with US government agencies. The company has had court battles with these agencies before, most notably a 2017 tilt with the IRS over customer identities that ended with it having to turn over documentation about users that had engaged in transactions of over $20,000 between 2013 and 2015.
With 38 million users, Coinbase is the largest crypto exchange in the United States. Given its very large userbase, just a little over one thousand investigative requests in a six-month period revealed by the transparency report appears to be a relatively trivial amount and is probably well within expectations for legitimate criminal cases. However, it is also double the amount of information requests that chief rival Kraken revealed that it had received in 2019.
Coinbase has vowed to fight to protect user privacy, but it faces an unfriendly legal landscape in the US. In addition to being regulated like a bank, a federal court ruling earlier this year (U.S. v. Gratowski) determined that the government can obtain financial transaction data from cryptocurrency exchanges without a warrant. The transparency reports are, at least in part, a response to that requirement. The US and UK also have a tax treaty in place that allows the foreign nation to make similar information requests that are backed up by force of law.