Ad
Opinion

Crypto’s Latest Privacy Battle

The SEC's 'CAT' is out of the bag. What will be the the largest database of securities transactions ever represents a massive step towards unchecked government surveillance, crypto law experts Marisa Coppel and Amanda Tuminelli write.

Updated Jun 5, 2024, 7:46 p.m. Published Jun 5, 2024, 7:39 p.m.
CROP 16/9 Cats by a fishbowl by Horatio Henry Couldery (1832–1893)
CROP 16/9 Cats by a fishbowl by Horatio Henry Couldery (1832–1893)

At the end of May the U.S. Security and Exchange Commission's (SEC) newest mass surveillance tool – the Consolidated Audit Trail (CAT) – went "fully operational." SEC registered broker-dealers, exchanges and alternative trading systems now have to collect and report trade information related to every U.S. trade as well as the personal information of every U.S. retail brokerage customer.

While this obviously impacts customers of traditional financial institutions, the personal privacy of participants in the digital asset economy may be seriously compromised as well.

Marisa Coppel is the head of legal for the Blockchain Association. Amanda Tuminelli serves as the DeFi Education Fund's chief legal officer where she leads the organization's impact litigation and policy efforts.

Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.

Designed to collect and store detailed customer data across U.S. financial markets, the CAT will be the largest database of securities transactions ever built. Even if built under the guise to “allow regulators to efficiently and accurately track all activity throughout the U.S. markets,” CAT threatens to make massive unchecked government surveillance a reality.

Under the SEC’s CAT-related requirements, regulated entities will be forced to collect a multitude of data points about trades, traders and retail customers, including customer names, addresses and account details. As for digital asset market participants, this information could end up including transaction identifiers and wallet addresses, giving those with access to the database insight into users’ forward- and backward-looking transaction information for all time.

The implications for the digital asset industry are worrying, especially given the recent finalization of the Dealer rule-making, which the Blockchain Association and others are challenging in federal court, and even more so if the SEC finalizes the proposed rule that would vastly expand the definition of what constitutes an “exchange.”

If these new rules are allowed to stand, the newly-minted “dealers” and “exchanges” will be required to report digital asset users’ information to the CAT.

This means unprecedented amounts of crypto trading data and personal customer information will be caught in the SEC's surveillance dragnet. To make matters worse, CAT data is not available only to the SEC and its thousands of staff. Individually identifiable data in CAT is accessible to a web of related government agencies and private self-regulated organizations, without a warrant or reasonable suspicion of wrongdoing. This vastly expands the universe of who could potentially gain access to Americans' personal financial lives and trading activities, all in the name of making the SEC’s job a little easier.

Former Attorney General William Barr recently expressed concerns over the potential violations of constitutional rights that will occur because of CAT: "The Constitution prohibits mass surveillance of private activities based merely on the possibility that someone might commit a crime ... Even when the government seeks information about a citizen ... it must normally show that it is investigating specific suspected wrongdoing."

Yet, one searches in vain for any statement by the SEC concerning how it will respect individual constitutional rights.

In fact, SEC Commissioner Hester Peirce has sounded the alarm on CAT's unchecked surveillance state implications for years, explaining that the cost "to liberty and privacy is not worth the purported benefit. After all, tracking our trading behavior won’t stop bad events from happening in the markets, it will just make it a bit easier to understand what happened after the fact."

In addition to privacy concerns, this database represents the ultimate “honeypot” of information, making it particularly attractive to hackers. While the SEC recognized this dramatic security risk in a 2020 proposal to enhance security of the database, it has yet to implement amendments to CAT that would increase cybersecurity, despite organizations like the Securities Industry and Financial Markets Association (SIFMA) sounding the alarm.

See also: SEC's Gensler Going Rogue in Solo Quest to Stop U.S. Crypto Regulation | Opinion

It is not surprising then that the SEC has already been sued twice over their implementation of the CAT database. The American Securities Association and Citadel jointly petitioned the 11th Circuit in October 2023 and the New Civil Liberties Alliance filed a complaint in the Western District of Texas in April 2024 to challenge CAT’s release. Although these two lawsuits are perfect examples of why the judiciary is so important in curbing grave government overreach, the crypto world must recognize how antithetical CAT is to its core ethos, and to expectations of privacy presumed by all Americans.

Remember, privacy is normal. We should not regress into a societal norm where privacy equates to wrongdoing, especially in personal financial matters, lest we get closer to the Washington D.C., featured in Minority Report. One shouldn’t feel like their government is looking over their shoulder as they complete every personal financial transaction, especially when those transactions may include revealing sensitive information such as through donations to political causes or paying for medical procedures.

In addition to taking the opportunities to help educate the court as amici in the ongoing lawsuits mentioned above, the crypto community should make our opposition known on this latest regulatory overreach by voicing concern to elected representatives about CAT. Excessively broad financial surveillance regimes like CAT are a significant threat to Americans' constitutional rights and cannot be allowed to quietly become law.

Amanda Tuminelli

Amanda Tuminelli serves as the DeFi Education Fund's chief legal officer where she leads the organization's impact litigation and policy efforts. Prior to joining DEF, Amanda was a lawyer at Kobre & Kim, where she defended clients against criminal and regulatory investigations, government enforcement actions, and large scale litigation. Before Kobre & Kim, she served as a law clerk for the Honorable Ann M. Donnelly of the U.S. District Court for the Eastern District of New York. Prior to her clerkship, Amanda practiced at Dechert LLP in their white-collar and securities litigation group, where she defended corporations and C-suite executives in government investigations and class-action securities disputes.

picture of Amanda Tuminelli
Marisa T. Coppel

As Head of Legal at Blockchain Association, Marisa Coppel helps develop and advocate for policy positions on behalf of the crypto industry as well as manages long-term legal projects and strategic litigation. Prior to joining the Association, she represented corporate clients in regulatory enforcement actions, internal investigations, and civil litigation matters at Covington & Burling and O’Melveny & Myers. She also served as a federal law clerk in the U.S. District Court for the Central District of California and earned her B.A. from Brandeis University, and her J.D. from Loyola Law School in Los Angeles.

picture of Marisa T. Coppel