Markets
Crypto’s Latest Privacy Battle
At the end of May, the US Security and Exchange Commission’s (SEC) newest mass surveillance tool – the Consolidated Audit Trail (CAT) – was launched. “fully operational.” SEC-registered broker-dealers, exchanges and alternative trading systems must now collect and report trading information related to each U.S. transaction as well as the personal information of each U.S. retail brokerage client.
While this obviously impacts customers of traditional financial institutions, the privacy of participants in the digital asset economy may also be seriously compromised.
Marisa Coppel is Head of Legal at the Blockchain Association. Amanda Tuminelli is Legal Director of the DeFi Education Fund, where she leads the organization’s impact litigation and policy efforts.
Note: The opinions expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.
Designed to collect and store detailed customer data in U.S. financial markets, the CAT will be the largest securities transaction database ever created. Although constructed under the guise of “enabling regulators to effectively and accurately track all activity in U.S. markets,” CAT threatens to make massive, unchecked government surveillance a reality.
Under the SEC’s CAT-related requirements, regulated entities will be required to collect a multitude of data points about transactions, traders and retail customers, including customer names, addresses and account details. For digital asset market participants, this information could end up including transaction IDs and wallet addresses, giving those with access to the database insight into users’ prospective and retrospective transaction information. at any time.
The implications for the digital assets industry are worrying, especially given the recent finalization of rulemaking for dealers, which the Blockchain Association and others support. challenge in federal courtand even more so if the SEC finalizes the proposed rule that would significantly expand the definition of what constitutes a “stock exchange.”
If these new rules are upheld, new “resellers” and “exchanges” will be required to report digital asset user information to the CAT.
This means that unprecedented amounts of crypto trading data and personal customer information will be captured in the SEC’s surveillance net. To make matters worse, CAT data is not available only to the SEC and its thousands of employees. Individually identifiable data in CAT is accessible to a network of related government agencies and private self-regulated organizations, without warrant or reasonable suspicion of wrongdoing. This greatly expands the universe of people who can access Americans’ personal financial lives and business activities, all in an effort to make the SEC’s job a little easier.
Former Attorney General William Barr recently expressed concerns on potential violations of constitutional rights that will occur because of CAT: “The Constitution prohibits mass surveillance of private activities based simply on the possibility that a person may commit a crime… Even when the government seeks information about a citizen… it must normally show that it is investigating specific wrongdoings.”
Yet one looks in vain for a statement from the SEC on how it will respect individual constitutional rights.
In fact, SEC Commissioner Hester Peirce sounded the alarm on the uncontrolled implications of years-long state surveillance of CAT, explaining that the cost “to freedom and privacy is not worth the supposed benefit.” After all, tracking our trading behavior won’t stop bad things happening in the markets, it will just make them a problem. It’s a little easier to understand what happened after the fact.”
Aside from privacy concerns, this database represents the ultimate “honeypot” of information, making it particularly attractive to hackers. Although the SEC recognized this dramatic security risk in a proposal 2020 to improve database security, it has yet to implement changes to CAT that would increase cybersecurity, despite organizations like the Securities Industry and Financial Markets Association (SIFMA) sound the alarm.
It is therefore not surprising that the SEC has already been sued twice over the implementation of the CAT database. THE American Securities Association and Citadelle jointly petitioned the 11th Circuit in October 2023 and the New alliance for civil liberties filed a lawsuit in the Western District of Texas in April 2024 challenging CAT’s release. While these two lawsuits are perfect examples of why the judiciary is so important in combating serious government excesses, the crypto world needs to recognize how antithetical the CAT is to its core philosophy and the privacy expectations assumed by all Americans.
Remember, privacy is normal. We should not regress to a societal norm where privacy equates to wrongdoing, especially when it comes to personal finances, lest we move closer to Washington DC, featured in Minority Report. One should not feel like their government is looking over their shoulder when they make every personal financial transaction, especially when those transactions may include revealing sensitive information, such as through donations to causes policies or payment for medical procedures.
In addition to taking the opportunity to help educate the court as friends In the ongoing lawsuits mentioned above, the crypto community should make its opposition to this latest regulatory overreach known by expressing its concerns to elected officials regarding the CAT. Overbroad financial surveillance regimes like CAT pose a significant threat to Americans’ constitutional rights and cannot be allowed to quietly become law.