THE PRIVACY LIMITS OF TRANSACTING IN BITCOIN

The Bitcoin blockchain, a prime example of disruptive technology, has fundamentally altered the way various industries approach remote transactions. Bitcoin grants privacy to its users by anonymizing public keys, provides autonomy by eliminating the need for trusted third parties, and maintains transparency through its public disclosure protocol. Bitcoin is an innovative manifestation of the Fourth Amendment ideals of security and autonomy. It is, thus, no surprise that the Bitcoin blockchain presents unprecedented Fourth Amendment challenges for courts to consider. 
In United States v. Gratkowski, the Fifth Circuit addressed the novel issue of whether Fourth Amendment protections extend to an individual’s Bitcoin transactions. Notably, the court was the first to find that an individual does not have a privacy interest in their information located directly on the Bitcoin blockchain. However, the Fifth Circuit applied inconsistent and flawed reasoning in reaching this decision, demonstrating a fundamental misunderstanding of Bitcoin and its users. 
Accordingly, this Note argues that the Gratkowski decision should be applied narrowly and with caution, especially considering the Supreme Court’s warnings against the incompatibility of current Fourth Amendment doctrine with the digital age. It then suggests implementing a modified reasonable expectation-of-privacy standard, supplementing the current standard with an additional inquiry into what information an individual disclosed when initiating a transaction. This modified standard would preserve the integrity of Bitcoin, while simultaneously articulating a proper framework for assessing privacy concerns in the context of Bitcoin and blockchain technology.


I. INTRODUCTION
Privacy has been central to Bitcoin since its inception. 1 Bitcoin was expressly created as a peer-to-peer form of digital cash, retaining privacy through the anonymity of public keys. 2 Bitcoin's key features of decentralization, distribution, and anonymity seem to reflect the original intent of the Fourth Amendment: preventing abuse by law enforcement. 3 Bitcoin grants privacy to its users, manifesting the Fourth Amendment ideals of security and autonomy in a digital world seemingly devoid of privacy. 4 However, the creation of centralized exchanges, which act as financial institutions, and the government's ability to use commercial services to track transactions threaten the integrity of Bitcoin's blockchain technology. 5 As a result, it is no surprise that Bitcoin presents novel Fourth Amendment challenges for courts to consider. 6 Such challenges are especially significant considering the Supreme Court's repeated warnings against the ill suitability of Fourth Amendment jurisprudence in addressing privacy concerns arising out of technological advancements. 7 As Bitcoin and blockchain technology continue to increase in popularity, 8 it is important to consider how courts might apply Fourth Amendment doctrine when addressing privacy issues related to such technology.
In 1967, the Supreme Court altered the public/private distinction underlying Fourth Amendment doctrine: What is done in public could now be considered private. 9 This landmark decision limited the government's ability to encroach on an individual's privacy. However, the pendulum quickly swung the other way. In 1970, Congress enacted the Bank Secrecy Act, 10 which requires financial institutions to maintain and, if need be, share their clients' personal information with the government to assist in its investigations. 11 Soon after, the Supreme Court established the third-party doctrine, finding that information voluntarily handed over to a third party (e.g., a bank) is not protected by the Fourth Amendment. 12 Today, courts tend to decide whether an individual has a privacy interest by applying the ill suited to the digital age"); id. at 427-30 (Alito, J., concurring) (advocating for legislative action); Carpenter v. United States, 138 S. Ct. 2206, 2217 (2018) (limiting the applicability of the third-party doctrine); id. at 2262 (Gorsuch, J., dissenting) (discussing the interaction between technology and the Fourth Amendment). 8 The number of Bitcoin users has increased by 16 million from December 2020 to January 2021. Moreover, more than $14 billion worth of Bitcoin transactions occur each day and Bitcoin maintains close to 300,000 transaction every month. James Anthony, reasonable-expectation-of-privacy test, a subjective and objective test of perceived privacy. 13 As noted, the Supreme Court has warned that Fourth Amendment jurisprudence is ill-equipped to deal with privacy issues related to emerging technologies. This growing concern led the Court to limit the applicability of the third-party doctrine in Carpenter v. United States. 14 However, it added the caveat that this decision "is a narrow one," leaving open the question of how, when, and to what extent the third-party doctrine applies to investigative tools. 15 Specifically, the Court left open the question of how to apply the third-party doctrine and the reasonable-expectation-of-privacy test to the Bitcoin blockchain. 16 The Fifth Circuit tackled this question in United States v. Gratkowski, a case involving the purchase of child pornography using Bitcoin. 17 In a mere seven-page opinion, the court held that Gratkowski lacked a privacy interest in his personal information on both Coinbase, a centralized 13 Justice Harlan, in his concurrence, understood the rule emerging "from prior decisions is that there is a twofold requirement, first that a person have exhibited an actual (subjective) expectation of privacy and, second, that the expectation be one that society is prepared to recognize as 'reasonable.'" Katz, 389 U.S. at 361 (Harlan, J., concurring). The Katz Court established this "reasonable expectation of privacy" test that has been used in subsequent Fourth Amendment search and seizure litigation. See Miller, 425 U.S. at 440; Smith, 442 U.S. at 745; Carpenter, 138 S. Ct. at 2224 (finding a reasonable expectation of privacy in data acquired through cellphone tracking technology, if held for more than six days). But see United States v. Jones, 565 U.S. 400 (2012) (applying the common-law-trespassory test, stating that it is not necessary to consider whether an individual has a reasonable expectation of privacy when there is physical instruction into a vehicle-an "effect" as written in the Fourth Amendment). 14 Carpenter, 138 S. Ct. at 2208. 15 Id. at 2220. 16 See Belonick, supra note 4, at 114 (arguing that current Fourth Amendment doctrine rests "on physical-world analogies that do not hold in blockchain's unique digital space"); Lawrence J. Trautman, Bitcoin, Virtual Currencies, and the Struggle of Law and Regulation to Keep Pace, 102 MARQ. L. REV. 447 (2018) (describing the struggle for law and regulation to keep pace with emerging blockchain and cryptocurrency technology). 17 United States v. Gratkowski, 964 F.3d 307 (5th Cir. 2020).
cryptocurrency exchange, and on the Bitcoin blockchain directly. 18 Notably, the court was the first to find that an individual does not have a reasonable expectation of privacy in their personal information stored directly on the blockchain. 19 However, in reaching these findings, the Fifth Circuit applied inconsistent and flawed reasoning, demonstrating a fundamental misunderstanding of Bitcoin and its users. 20 The Fifth Circuit did not heed the Supreme Court's warning about the ill-suitability of Fourth Amendment doctrine in addressing privacy concerns arising out of technological advancements. Moreover, the Fifth Circuit went beyond the facts of the case to find that the defendant lacked a privacy interest in his information on the blockchain.
In negating Bitcoin's key features of decentralization and anonymity, Gratkowski may be devastating to the cryptocurrency and blockchain industries. The Fifth Circuit reasoned that Bitcoin users have no reasonable expectation of privacy in their transactions made directly on the Bitcoin blockchain, even though one of Bitcoin's most attractive features is the privacy it grants users. Thus, under Gratkowski, Bitcoin transactions are not afforded Fourth Amendment protection. 21 The Fifth Circuit's finding that users do not have a reasonable expectation of privacy when they transact in bitcoin, regardless of the digital wallet they use, completely nullifies Bitcoin's key features of anonymity and decentralization. Such a finding risks hindering the advancements and advantages of blockchain technology.
This Note argues that Gratkowski should be interpreted narrowly and with caution due to its flawed reasoning and potential ramifications for the blockchain industry. Part II discusses Bitcoin's key features, digital wallets, and cryptocurrency exchanges. Part III explains the evolution of Fourth Amendment jurisprudence, focusing on the Supreme Court case law used to justify the Gratkowski decision. Part IV discusses the Gratkowski opinion in detail and argues that the Fifth Circuit's reasoning is flawed. Finally, Part V makes the case for a narrow reading of Gratkowski and suggests supplementing the reasonable-expectation-of-privacy standard with an inquiry into what information an individual disclosed, if any, upon registration or installation of a digital wallet.
Under the suggested structure, the reasonableexpectation-of-privacy standard would remain. However, it is necessary to articulate a proper framework for applying that standard in the context of Bitcoin transactions. Not all Bitcoin transactions are the same, and not all Bitcoin users utilize the same methods of transacting. 22 Claiming otherwise would be a gross misunderstanding of the cryptocurrency market. 23 Contrary to the Fifth Circuit's over-simplification of all cryptocurrencies as essentially the same, different cryptocurrency wallets require varying types of personal disclosures upon installation and registration that implicate different levels of privacy concerns. 24 Asking what information an individual disclosed when registering may assist courts in reaching a fair and accurate decision regarding an individual's expectation of privacy when transacting in Bitcoin. An individual's expectation of privacy would thus depend on the digital wallet they used to transact and, therefore, what identifying information they gave up in order to register. This solution puts privacy back in the hands of individuals, while simultaneously preserving the integrity of Bitcoin and the Fourth Amendment ideals of ownership, security, and control.

II. THE BITCOIN BLOCKCHAIN AND THE SIGNIFICANCE OF PRIVACY
Blockchain is an immutable, distributed ledger that allows users to timestamp, record, and track transactions. 25 Blockchain technology is used for cryptocurrencies-digital cash secured by cryptography. 26 The Bitcoin blockchain, for example, is a public ledger on which all Bitcoin transactions are recorded. 27 Since blockchain was conceived alongside Bitcoin "to create and record bitcoin transactions, . . . blockchain is often confused with Bitcoin." 28 However, blockchain itself is not a currency. Instead, it is a tool used to maintain an unchangeable, decentralized transaction history. 29 This technology validates and timestamps each change in ownership through cryptography, thus creating a secured ledger of transaction history. 30 Indeed, blockchain technology allows users to retrace ownership and more readily identify the present owner of an asset. 31  already being used for smart contracts, 32 health records, 33 and supply chain management. 34 Bitcoin remains the most popular application of blockchain, 35 and its key features demonstrate Bitcoin's emphasis on privacy. 36 First, Bitcoin is decentralized: It is a peer-to-peer network that eliminates the need for a trusted third party, enhancing privacy by giving users the ability to transact remotely without disclosing any personal 32 See id. at 185 ("Thus, blockchain technology allows to establish contracts using cryptography and to replace third parties (e.g., a notary) that have been necessary to establish trust in the past. Blockchain might disrupt the entire transaction process by automatically executing contracts in a cost-effective, transparent and secure manner."); see also Deborah Ginsberg, The Building Blocks of Blockchain, 20 N.C. J.L. & TECH. 471, 487 (2019) ("Meanwhile, blockchain is changing the way common legal transactions function. The Ethereum programming language, for example, is being used to create smart contracts. These contracts are designed to be launched and run automatically-the parties rely on the code to handle the transaction on its own" (citation and footnote omitted)). 33  information to a financial institution. 37 Second, Bitcoin is distributed and open: No one central authority can control or alter any of the transaction details because they are verified by cryptographic means and recorded on a publicly-viewable blockchain. 38 Finally, Bitcoin is anonymous: Public keys, also known as Bitcoin addresses, are kept anonymous to retain privacy alongside its public disclosure protocol. 39 This Part first describes Bitcoin's key features of decentralization, distribution/openness, and anonymity. Additionally, it explains the use of digital wallets and the privacy considerations in choosing a digital wallet to transact peer-to-peer. It then examines cryptocurrency exchanges, demonstrating how centralized exchanges run counter to Bitcoin's philosophy. Finally, it includes a brief discussion of Bitcoin's association with criminal activity.

A. Bitcoin's Features of Decentralization, Distribution/Openness, and Anonymity
The rising need for decentralization has been attributed to the mistrust of financial institutions stemming from the 2008 financial crisis and the issues it revealed, such as the challenge of retracing ownership. 40 43 Nakamoto begins the whitepaper by stating that internet commerce relies "almost exclusively on financial institutions serving as trusted third parties to process electronic payments." 44 However, this system which uses what Nakamoto refers to as the "trust based model" has inherent weaknesses such as an increase in transaction costs, the loss of the ability to make non-refundable payments for non-reversible services, and fraud. 45 This "trust based model" creates a need for more trust because "[w]ith the possibility of reversal, the need for trust spreads[,]" and "[m]erchants must be wary of their customers, hassling them for more information than they would otherwise need." 46 As a result, people are giving out more information about themselves, giving up their privacy to conform to the current system. 47 Nakamoto further states that although such "costs and payment uncertainties can be avoided in person by using physical currency, no mechanism exists to make payments over a communications channel without a trusted third party." 48 This is where Bitcoin comes in, a peer-to-peer form of digital cash that allows parties to transact directly with one 43 44 Nakamoto, supra note 1, at 1. 45 Id. ("Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non-reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable."); see also Nofer et al., supra note 25, at 183 ("Intermediaries perform the careful checking of each involved party along a chain of intermediaries. However, this is not only time consuming and costly but also bears a credit risk in case an intermediary fails."). 46 Nakamoto, supra note 1, at 1. 47 See id; see also Belonick, supra note 4, at 123. 48 Nakamoto, supra note 1, at 1.
another-that is, without a financial institution. 49 However, without a financial institution, there is no trusted third-party to process digital payments and protect the parties involved in a given transaction. 50 As it is, by its nature, decentralized, Bitcoin must remedy this issue. 51 Bitcoin's solution to these issues is grounding its electronic payment system in cryptographic proof. 52 Relying on math and technology rather than financial institutions remedies the issues of the trustbased model, protecting buyers and sellers from fraud, eliminating mediation costs, and increasing efficiency with instant payments. 53 Bitcoins are transferred peer-to-peer, directly from buyer to seller. 54 As each digital coin is defined as a series of digital signatures, a "payee"-the party receiving bitcoin-uses the digital signatures to verify the chain of ownership and legitimacy of a bitcoin. 55 These signatures contain a timestamp, a hash value of the previous block, and the public key of the next owner (the payee). 56 A hash value is a string of random numbers and letters; it is unique and prevents fraud since any change would alter the hash value. 57 49 Id. 50 See id. at 1-2, 6. 51 Using trusted third parties, the traditional banking method limits access to information to the parties involved. As Bitcoin is decentralizedit does not rely on a trusted third party-it must break the flow of information elsewhere. Otherwise, the Bitcoin's public disclosure of all transactions would provide the information of every party involved. Id. at 2, 6. 52 Id. at 1. 53 Id. ("Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers."). 54 Nakamoto, supra note 1, at 1. 55  A cryptographic "hash" algorithm is a mathematical formula that can convert any amount of data or text into a set length string of seemingly random characters. This conversion is called "hashing." The resulting string is called a "digest." However, the payee also needs to verify that the bitcoin they are receiving has not already been spent (double-spending). 58 This is where Bitcoin's key distribution feature comes in: to eliminate the issue of double-spending without relying on a trusted third party, all Bitcoin transactions must be publicly announced. 59 The only way to confirm that digital cash has not already been expended without a trusted third party "is to be aware of all transactions." 60 The distributed and transparent nature of Bitcoin prevents double-spending and, thus, preserves trust between transacting parties. 61 In this digital payment system based on cryptographic proof instead of trust, individuals who would otherwise give up information to conform to the trust-based model can retain their privacy and transact with one another without the need for a trusted third-party. 62 But the question then becomes: If all Bitcoin transactions are publicly announced, how do users retain privacy? 63 Bitcoin uses a cryptographic key system in which each user needs two keys for each transaction: "[t]he public key, also known as the Bitcoin address, is used to send and accept payments to and from other users, while the private key remains concealed with the user and functions as The genius of hashing is that the tiniest change to the input data generates a wildly different digest, with no apparent relation to the input data or to any other close variant.
Belonick, supra note 4, at 125 (footnotes omitted). 58 Nakamoto, supra note 1, at 2. 59 Id. 60 Id. ("We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a transaction is to be aware of all transactions."). 61 See Nofer et al., supra note 25, at 184 ("Using cryptography, people all over the world can trust each other and transfer different kinds of assets peer-to-peer over the internet. . . . [Bitcoin's distributed ledger] increases trust since people do not have to assess the trustworthiness of the intermediary or other participants in the network."). 62 Id; see also Nakamoto, supra note 1, at 6. 63 See Nakamoto, supra note 1, at 6. a password to unlock the transaction." 64 Moreover, the public key is kept anonymous so that it cannot be used to identify the user. 65 Anyone viewing the Bitcoin blockchain "can see that someone is sending an amount to someone else, but without information linking the transaction to anyone." 66 Nakamoto also recommends using new keys for each new transaction to keep transactions "from being linked to a common owner." 67 Bitcoin's public disclosure protocol-that all transactions are publicly announced-allows the features of decentralization, transparency, and anonymity to merge to innovate the way in which people transact. 68

B. Digital Wallets and Privacy Considerations
A digital wallet is a software that stores and tracks transactions. 69 When choosing a wallet, Bitcoin's website first asks users to select an operating system, giving the options of mobile wallets, desktop wallets, and hardware wallets. 70 Each choice describes the benefits and drawbacks of the particular 64 Jonathan Lane, Bitcoin, Silk Road, and the Need for a New Approach to Virtual Currency Regulation, 8 CHARLESTON L. REV. 511, 516 (2014) (footnotes omitted) ("The software generates two mathematically related keys, one public and one private, that together make up a user's digital signature. . . . For each public key, or Bitcoin address, there is exactly one matching private key that is mathematically related to it and is designed in a way that the public key may be calculated from it, but not vice-versa." (footnotes omitted)). 65 Nakamoto, supra note 1, at 6. Bitcoin's "system uses two keys: a public key that can be shared with others with whom one wishes to interact, and a secret private key known only to an individual user. . . . [T]he public key scrambles data, while only the private key can unscramble the data." Belonick, supra note 4, at 126 (footnotes omitted). 66 Nakamoto, supra note 1, at 6. 67  wallet, with the hardware wallet being "one of the most secure methods to store funds" because it stores a user's data offline. 71 Many desktop and mobile wallets improve privacy by not disclosing any information to peers on the network and using Tor 72 as a proxy to prevent the association of payments with IP addresses. 73 Wallets that are connected to the internet are referred to as "hot wallets," while hardware wallets-wallets that are disconnected from the internet-use the "cold storage method." 74 The cold storage method is a more secure means of storing cryptocurrency, as hot wallets are vulnerable to hacking. 75 Some hot wallets, such as Mycelium, offer the added feature of cold storage integration-allowing users to store data offline on a hardware wallet. 76 Once a new user has a wallet installed, they receive their first Bitcoin address (i.e., public key), which they can disclose 71 Id. 72 Tor, or onion routing, is a means of browsing the web anonymously by routing internet traffic through multiple servers, scrambling data so that the original IP address cannot be traced. to receive payment. 77 A different Bitcoin address is used for each new transaction to avoid associating several transactions with a common owner. 78 Once a payee receives the encrypted public key, a private key is used to decrypt the data and place the electronic cash into the payee's own wallet. 79 The facts of United States v. Costanzo, an appeal of a money laundering conviction involving the transfer of bitcoin, exemplify the use of digital wallets. 80 During the course of an undercover investigation into Costanzo, an undercover agent "explicitly told Costanzo that he was trafficking black tar heroin" and requested to exchange $3,000 in cash for bitcoin. 81 The two made a transaction using Mycelium wallet, a digital wallet which does not require identification of any kind. 82 When making a transaction using a mobile wallet, a "QR code is used to scan the public address needed to transfer bitcoin from the digital wallet on one phone to the digital wallet on another phone, and the recipient can then access the bitcoin using a private key." 83 Costanzo and undercover agents continued to communicate through encrypted messages, and during their subsequent meetings, "the undercover agents made clear to Costanzo that the purpose of the transaction was to conceal illegal activities." 84

C. Exchanges and Privacy Considerations
Bitcoin users also have the option to transact using centralized or decentralized cryptocurrency exchanges. 86 Centralized cryptocurrency exchanges are for-profit private companies that provide cryptocurrency trading services. 87 They are centralized because they are controlled by a single entity-a private company utilizing private servers to facilitate the exchange of digital assets. 88 Moreover, centralized exchanges must require their users to disclose personal information, because they are subject to state and federal laws that impose obligations such as anti-money laundering laws and know-your-customer rules. 89 Thus, when financial transaction" with the intent 'to conceal or disguise the nature, location, source, ownership, or control of property believed to be the proceeds of specified unlawful activity'" (quoting 18 U.S.C. § § 1956(a)(1), (a)(3)(B) (2018))). Notably, the fact that Costanzo transferred bitcoin through a digital wallet that required the internet, implicates an international network and interstate commerce, even though both parties were located in the same state. 88 Johnson, supra note 86, at 37. 89 Id.
As custodians of financial assets, centralized exchanges must comply with state and federal laws relevant to the custody, exchange, and transfer of assets including federal anti-money-laundering and know-your-customer userverification obligations. Consequently, the Financial Crimes Enforcement Network ("FinCEN"), a bureau of the United States Department of the Treasury, may also regulate these cryptocurrency platforms as "money services business." an individual opts for a centralized exchange such as Coinbase, they cannot retain anonymity or hide their identity from the company. 90 Still, centralized exchanges are among the most popular digital wallets because they are more convenient and much easier to use. 91 Using a centralized cryptocurrency exchange has major drawbacks in terms of retaining privacy and anonymity. 92 Coinbase, one such centralized cryptocurrency exchange, is one of the most widely used digital wallets. 93 It is licensed as a "money services business," 94 and money services businesses fall under the regulatory definition of "financial institutions" according to the U.S. Treasury. 95 However, Bitcoin was created to be a peer-to-peer form of digital cash, eliminating the reliance on financial institutions. 96  legitimacy of blockchain technology, especially considering its relatively low prevalence as a share of all transactions. In 2021, "[t]ransactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume." 109 The stereotype that cryptocurrency is only for criminals is simply inaccurate. 110 Although criminal activity should always be a concern for law enforcement and regulatory bodies, it should not be a determining factor in a court's Fourth Amendment analysis. Rather, as this Note argues, courts should continue to apply the reasonable-expectation-of-privacy standard, supplemented with the additional inquiry into what information an individual gave up when opting for a digital wallet. 111

III. TECHNOLOGICAL ADVANCEMENTS AND THE FOURTH AMENDMENT
Technology has not only influenced the way people live their daily lives, but has also transformed the way law enforcement investigates and monitors criminal activity. 112  In order to thwart any future abuse by the country's new federal government, 114 the Fourth Amendment was ratified to protect "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures." 115 A search is per se unreasonable if it is "conducted outside the judicial process, without prior approval by [a] judge or magistrate." 116 A search occurs when the government (e.g., law enforcement) physically intrudes on a protected area "for the purpose of obtaining information." 117 Technological advancements present an array of Fourth Amendment challenges for the judiciary to consider. 118 In some cases, the Court has avoided the issue at the nexus of technology and the constitutional right to privacy by using other interpretive methods to reach the same finding. 119  seeks to preserve as private, even in area accessible to the public, may be constitutionally protected," fundamentally altering the public-private distinction in Fourth Amendment jurisprudence. 123 The majority found that the defendant, who entered a glass phonebooth to make a call, did not preclude his right to make a private call simply because he made the call in a seemingly public place-a place where he might be seen. 124 Justice Harlan, in his concurrence, understood the rule emerging "from prior decisions is that there is a twofold requirement, first that a person have exhibited an actual (subjective) expectation of privacy and, second, that the expectation be one that society is prepared to recognize as 'reasonable.'" 125 The Supreme Court thus established this "reasonable expectation 120 Silverman v. United States, 365 U.S. 505 (1961). 121 Id. at 510. The Court later returned to this issue in Wong Sun v. United States, stating that "the Fourth Amendment may protect against the overhearing of verbal statements as well as against the more traditional seizure of 'papers and effects.'" 371 U.S. 471, 485 (1963). In Katz, the Court found that attaching an eavesdropping device to a public telephone booth constituted a search. Katz v. United States, 389 U.S. 34 (1967). 122 See Jones, 565 U.S. at 414, 417 (Sotomayor, J., concurring) (pointing out that that the majority opinion is too narrow in scope to address technological advancements in surveillance); id. at 419 (Alito, J., concurring) (emphasizing the inadequacies of the common-law-trespassory test). 123 Katz, 389 U.S. at 351. 124 Id. 125 Id. at 361 (Harlan, J., concurring).
of privacy" test that would be used in subsequent Fourth Amendment search and seizure litigation. 126 The Katz decision extended the scope of Fourth Amendment protections to include, in some cases, public places. 127 Soon after, the third-party principle was adopted by the Supreme Court in two cases that both found that "the Fourth Amendment does not prohibit the obtaining of information revealed to a third party." 128 In United States v. Miller, the Court addressed whether an individual has a Fourth Amendment interest in their bank records. 129 The Court answered no, finding that [t]he lack of any legitimate expectation of privacy concerning the information kept in bank records was assumed by Congress in enacting the Bank Secrecy Act, the expressed purpose of which is to require records to be maintained because they "have a high degree of usefulness in criminal tax, and regulatory investigations and proceedings." 130 In Smith v. Maryland, the Court narrowed the scope of Fourth Amendment protections, clarifying its earlier 126 Id.; see, e.g., Jones, 565 U.S. at 401 ("[T]he Katz reasonableexpectation-of-privacy test has been added to, but not substituted for, the common-law trespassory test." (emphasis omitted)). 127 132 Id. at 736 ("This case presents the question whether the installation and use of a pen register constitutes a 'search' within the meaning of the Fourth Amendment, made applicable to the States through the Fourteenth Amendment." (internal citations and footnotes omitted)). 133 Id. at 745 ("We therefore conclude that petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and that, even if he did, his expectation was not 'legitimate.'"). Justice Stewart dissented and argued that, like the Court found in Katz, an individual making a call in the privacy of their home is entitled to their reasonable expectation that that the contents of the call will be kept private. Id. at 752 (Stewart, J., dissenting) ("Just as one who enters a public telephone booth is 'entitled to assume that the words he utters into the mouthpiece will not be broadcast to the world,' so too, he should be entitled to assume that the numbers he dials in the privacy of his home will be recorded, if at all, solely for the phone company's business purposes." (quoting Katz v. United States, 389 U.S. 347, 352 (1967))). 134 See United States v. Jones, 565 U.S. 400, 400, 409 (2012) (holding that using GPS tracking technology to monitor a vehicle's movements constitutes a search and seizure). 135 Id. at 402 ("We decide whether the attachment of a Global-Positioning-System (GPS) tracking device to an individual's vehicle, and writing for the majority, found no need to apply the reasonable-expectation-of-privacy test. 136 This is because a vehicle falls under the category of "effects" as written in the Fourth Amendment and, as such, a physical intrusion into a person's vehicle constitutes a common law trespass. 137 Justice Scalia emphasized that the reasonable-expectation-of-privacy test augments the common law trespass test for determining whether some government action constitutes a search; however, it does not completely replace it. 138 The two concurring opinions in Jones discussed the inadequacies in the majority opinion. 139 Justice Sotomayor noted that the majority opinion is too narrow in scope to address technological advancements in surveillance. 140 Justice Alito, along with three other justices, advocated for applying the reasonable-expectation-of-privacy test, warning that the majority holding "strains the language of the Fourth Amendment; it has little if any support in current Fourth Amendment case law; and it is highly artificial." 141 Justice Alito also pointed out that Justice Scalia employed reasoning very similar to that found in Silverman. 142 Rather than addressing whether conversations are constitutionally subsequent use of that device to monitor the vehicle's movements on public streets, constitutes a search or seizure within the meaning of the Fourth Amendment."). 136 Id. at 406. 137 Id. at 401. ("Here, the Government's physical intrusion on an 'effect' for the purpose of obtaining information constitutes a 'search.' This type of encroachment on an area enumerated in the Amendment would have been considered a search within the meaning of the Amendment at the time it was adopted.") 138 Id. at 409 ("But as we have discussed, the Katz reasonableexpectation-of-privacy test has been added to, not substituted for, the common-law trespassory test.").
protected by the Fourth Amendment, the Silverman Court reasoned that "[e]avesdropping accomplished by means of a physical intrusion" constituted a search into the constitutionally protected personal dwellings of the defendants. 143 Discussing the criticism and aftermath of Silverman, Justice Alito stressed the inadequacy of the common-law-trespassory test. 144 Applying the reasonableexpectation-of-privacy test, Justice Alito found that long-term tracking of a vehicle's location constitutes a search. 145 In their respective concurrences, Justice Sotomayor and Justice Alito stressed the ill-suitability of Fourth Amendment doctrine in addressing privacy concerns arising from technological advancements. 146 Justice Sotomayor discussed the incompatibility of the third-party doctrine with the digital age, explicitly stating that "fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. 144 Jones, 565 U.S. at 423 (Alito, J., concurring) ("Under this approach, as the Court later put it when addressing the relevance of a technical trespass, 'an actual trespass is neither necessary nor sufficient to establish a constitutional violation.'" (emphasis added) (citing United States v. Karo, 468 U.S. 705, 713 (1984))). 145 Id. at 431 (Alito, J., concurring). 146 Id. at 417 (Sotomayor, J., concurring); id. at 427 (Alito, J., concurring). 147 Id. at 417 (Sotomayor, J., concurring). Sotomayor argued, This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their legislative action, stating that "concern about new intrusions on privacy may spur the enactment of legislation to protect against these intrusions" and that the legislative body is bestsuited to address concerns at the crux of technology and privacy. 148 In 2018, the Supreme Court addressed the issue of whether an individual has a reasonable expectation of privacy in the record of their physical movements as captured through cellphone tracking technology (CSLI). 149 CSLI implicates both the third-party doctrine as well as the tracking of physical movement over time 150 -the same issue addressed in Jones. 151 Although the data at issue was voluntarily disclosed to a third party, the Court declined to extend Miller and Smith to CSLI. 152 Cell-phone tracking is unique in that it gives "the Government near perfect surveillance and allow[s] it to travel back in time to retrace a person's whereabouts, subject only to the five-year retention policies of most wireless carriers." 153 Thus, Carpenter limited the applicability of the third-party doctrine in Fourth Amendment jurisprudence. 154 However, the Court added a caveat to its Carpenter opinion: The decision is to be read narrowly. 155 The majority stated that the decision does "not disturb the application of Smith and Miller or call into question conventional surveillance techniques and tools, such as security cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailersI would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

IV. THE GRATKOWSKI DECISION
In a recent case looking at the interplay of cryptocurrency and Fourth Amendment privacy rights, the Fifth Circuit addressed the novel issue of "whether an individual has a Fourth Amendment privacy interest in the records of their Bitcoin transactions." 160 The court held that (1) the defendant lacked a privacy interest in his personal information located on Coinbase, 161 and (2) the defendant lacked a privacy interest in his information located directly on the blockchain. 162 This Part first summarizes the facts of Gratkowski. It then explores the Fifth Circuit's finding that Gratkowski lacked a 156 Id. 157 Will Yakowicz, Startups Helping the FBI Catch Bitcoin Criminals, INC. (Jan. 9, 2018), https://www.inc.com/will-yakowicz/startups-lawenforcement-agencies-catch-criminals-who-use-cryptocurrency.html (on file with the Columbia Business Law Review privacy interest in his Coinbase records, arguing that the court was justified in this holding. Finally, it examines the Fifth Circuit's finding that Gratkowski lacked a privacy interest in his personal information on the blockchain, pointing out the flaws and inconsistencies that highlight the court's misunderstanding of Bitcoin and its users.

A. Facts of United States v. Gratkowski
In 2016, federal agents began an investigation into a child pornography website ("the Website"). 163 Federal agents could not find the Website server's location using conventional investigation methods, such as IP address lookups. 164 This is because it was a Tor-based website, 165 "meaning it anonymize[s] Internet activity by routing user's communication through a global network of relay computers (or proxies), thus effectively masking the internet-protocol ('IP') address of the user." 166 During the course of the investigation, federal agents discovered that some users were paying the site in bitcoin to download material. 167 After setting up an account on the Website and paying for premium access, the federal agents learned that the Website would provide each customer an address-a public key-to which to send bitcoin payments. 168 Bitcoin transactions are publicly announced, but the identities of the transacting parties remain anonymous. 169 However, the federal agents had a remedy: using a commercial service to analyze the blockchain and identify 163 Brief of Appellee at 4, United States v. Gratkowski, 964 F.3d 307 (5th Cir. 2020) (No. 19-50492). 164 Id. 165  "clusters" of Bitcoin addresses. 170 These investigative services analyze the blockchain by identifying patterns or clusters of associated Bitcoin addresses and then tracking that money back to an exchange or bank account. 171 Law enforcement agencies are increasingly using these tools to combat criminal activity funded via Bitcoin, so much so that CipherTrace, a blockchain analytics service, receives more than half of its California-based revenue from law enforcement agencies. 172 The federal agents used one of these commercial services, analyzed the Bitcoin blockchain, and identified the site's Bitcoin addresses. 173 The agents then subpoenaed Coinbase for all information on the users who had sent bitcoin to the site's addresses. 174 Coinbase provided the information and identified Gratkowski as having used bitcoin to pay the child pornography site on six separate occasions. 175 The information Coinbase provided led to a search warrant for Gratkowski's house. 176 During the search, federal agents found a hard drive containing 190 images of child pornography in his home; Gratkowski then confessed and was arrested. 177 Moving to suppress the evidence obtained through the search warrant, Gratkowski argued that the subpoena to Coinbase and the blockchain analysis violated his Fourth 170 Brief of Appellee, supra note 164, at 2-3. 171 Yakowicz, supra note 157. 172  Amendment right to privacy. 178 The district court denied the motion and Gratkowski appealed. 179 The Fifth Circuit addressed this "novel question of whether an individual has a Fourth Amendment privacy interest in the records of their Bitcoin transactions." 180 Specifically, the court addressed (1) whether Gratkowski had a reasonable expectation of privacy in his information on the blockchain and (2) whether Gratkowski had a reasonable expectation of privacy in his information on Coinbase. 181 The court answered no to both of these questions. 182 B. Grakowski: Applying the Third-Party Principle to Coinbase As noted, while the Supreme Court limited the applicability of the third-party doctrine in Carpenter, the Court warned that the decision should be read narrowly and left open the question of which circumstances fall under the scope of Miller and Smith. 183 The Fifth Circuit tried its hand at answering this question as it pertains to Coinbase, becoming the first federal appellate court to address this matter. 184 The Fifth Circuit correctly found that the third-party doctrine applies to Coinbase records. 185 Gratkowski argued 178 Gratkowski, 964 F.3d at 310 ("Under the third-party doctrine, a person generally 'has no legitimate expectation of privacy in information he voluntarily turns over to third parties.'" (quoting Smith v. Maryland, 442 U.S. 735, 743-44 (1979))). Relying on Carpenter v. United States, 138 S. Ct. 2206, 2217 (2018), which limited the applicability of the third-party doctrine in the context of cell phones, Gratkowski argued that the government violated his reasonable expectation of privacy in the records of his Bitcoin transactions on (1) Bitcoin's public blockchain and (2) Coinbase. In that regard, Gratkowski argued "that the district court erred in denying his suppression motion." Gratkowski, 964 F.3d at 310. 179 Gratkowski, 964 F.3d at 310. 180 Id. at 311-13. 181 Id. at 312-13. 182  that Carpenter's limitation of the third-party doctrine should extend to Bitcoin transactions, and that the court should thus find that he has a privacy interest-that is, a reasonable expectation of privacy-in his Coinbase records. 186 However, the court rejected this argument and found that Coinbase records are more similar to bank records than CSLI and consequently fall under the precedent of Miller. 187 The court referenced Smith, pointing out that just as individuals do not have a privacy interest in the phone numbers they dialbecause they are voluntarily disclosing that information to their phone companies-Gratkowski did not have a privacy interest in the information he voluntarily disclosed to Coinbase. 188 Because it is a financial institution, Coinbase falls under the purview of the Bank Secrecy Act 189 and requires its users to provide their personal information. Because Coinbase collects extensive personal information, using it completely negates the key feature of anonymity of Bitcoin and blockchain technology. 190 As noted, Coinbase's User Agreement specifically states that Coinbase "reserve[s] the right at all times to monitor, review, retain and/or disclose any information as necessary to satisfy any applicable law, regulation, sanctions programs, legal process or governmental request." 191 Thus, the Fifth Circuit was justified in finding that an individual does not have a reasonable expectation of privacy in their Coinbase records.

C. Gratkowski's Flawed Reasoning
In finding that Gratkowski lacked a privacy interest in his Coinbase records, the Fifth Circuit reasoned that there is a 186 Id. 187 Id. 188 Id. at 311-12. 189 Id. Coinbase is licensed as a "money services business," which falls under the regulatory definition of "financial institution," subject to the Bank Secrecy Act. 31 CFR § 1010.100(t); see also supra notes 94-95 and accompanying text.
tradeoff when an individual decides to use a third-party intermediary: The individual gives up privacy-privacy they would otherwise have if they transacted on Bitcoin's blockchain directly-for the ease of using a third-party exchange platform like Coinbase. 192 Notwithstanding this reasoning, the court still found no privacy interest in information located directly on the blockchain, which exists even when an individual uses no third-party intermediary. 193 These two findings are inconsistent with one another. On the one hand, the court reasoned that "Bitcoin users have the option to maintain a high level of privacy by transacting without a third-party intermediary." 194 On the other hand, the court reasoned that individuals do not have a legitimate expectation of privacy in their information located directly on the blockchain (i.e., without using a third-party intermediary). 195 This unexplained distinction-that an individual may sacrifice convenience to maintain a "high level of privacy" while simultaneously lacking a "legitimate expectation of privacy"-demonstrates the court's inconsistency in its Gratkowski opinion. 196 Moreover, the court argued that "Bitcoin users are unlikely to expect that the information published on the Bitcoin blockchain will be kept private . . . . [as] it is well known that each Bitcoin transaction is recorded in a publicly available blockchain." 197 While it is true that Bitcoin transactions are publicly announced, 198 this statement demonstrates the 192 Gratkowski, 964 F.3d at 312-13 ("Bitcoin users have the option to maintain a high level of privacy by transacting without a third-party intermediary. But that requires technical expertise, so Bitcoin users may elect to sacrifice some privacy by transacting through an intermediary such as Coinbase. Gratkowski thus lacked a privacy interest in the records of his Bitcoin transactions on Coinbase."). 193 Id. 194 Id. (emphasis added). 195 See id. at 312 ("Bitcoin users are unlikely to expect that the information published on the Bitcoin blockchain will be kept private, thus undercutting their claim of a 'legitimate expectation of privacy.'"). 196 Id. at 312. 197 Id. (citing Nakamoto, supra note 1, at 2). 198 Nakamoto, supra note 1, at 2.
court's misunderstanding of Bitcoin's public disclosure protocol. The court's argument is based on the faulty notion that, since the Bitcoin blockchain is public, users are unlikely to expect that their information will be kept private. 199 However, the reason the Bitcoin blockchain is public refutes the court's logic. Bitcoin transactions are publicly announced to maintain trust, privacy, and decentralization simultaneously. 200 Bitcoin was created with the goal of establishing a peer-topeer version of electronic cash, which allows money to be transferred in a decentralized fashion, as in, without a financial institution. 201 The distributed and transparent nature of Bitcoin prevents double-spending and thus preserves trust between transacting parties. 202 This is because the only way to confirm that digital cash has not already been spent, without a trusted third-party, "is to be aware of all transactions." 203 As for privacy, Bitcoin's cryptographic key system retains anonymity for its users: The public key, also known as the Bitcoin address, is kept anonymous so that it cannot be used to identify the user. 204 Anyone viewing the Bitcoin blockchain "can see that someone is sending an amount to someone else, but without information linking the transaction to anyone." 205 Therefore, the court's reasoning is flawed because it assumes that public announcements make transactions less private, 199 Gratkowski, 964 F.3d 307 at 312. 200 See discussion supra Section II.A. 201 Nakamoto, supra note 1, at 1. 202 See Nofer et al., supra note 25, at 184 ("Using cryptography, people all over the world can trust each other and transfer different kinds of assets peer-to-peer over the internet. . . . [Bitcoin's distributed ledger] increases trust since people do not have to assess the trustworthiness of the intermediary or other participants in the network."). 203 Nakamoto, supra note 1, at 2 ("We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a transaction is to be aware of all transactions."). 204 Id. 205 Id. at 6.
whereas Bitcoin's public-private key system preserves anonymity for the transacting parties. Further, the Fifth Circuit reasoned that the Bitcoin blockchain is more analogous to bank records 206 and telephone logs 207 than CSLI technology. 208 In Carpenter, the Supreme Court reasoned that cell phones are unique in that they are "'such a pervasive and insistent part of daily life' that carrying one is indispensable to participation in modern society." 209 This same logic does not follow to transacting in bitcoin. 210 However, Bitcoin is unique in another way: It was created to retain anonymity for its users. 211 This cannot be said about bank records or telephone call logs. Using Bitcoin, without a cryptocurrency exchange such as Coinbase, does not require the disclosure of any personal information. 212 Similar to cell-phone location, Bitcoin transactions are not "truly 'shared' as the term is normally understood." 213 Bitcoin transactions are anonymously recorded on the public ledger by nature of its underlying blockchain technology. 214 There is no personal information on the Bitcoin blockchain. The Fifth Circuit's statement that Bitcoin users voluntarily share their information by using Bitcoin to transact 215 contradicts the Supreme Court's reasoning that individuals do not give up their privacy interests in their locations by merely using a cell phone. 216 Moreover, the court went beyond the facts of the case in finding that an individual does not have a reasonable expectation of privacy in their Bitcoin transactions when transacting without a third party. 217 As discussed in Section II.B, digital wallets provide varying degrees of privacy and control over Bitcoin and a user's personal information. Coinbase provides practically none, desktop and mobile wallets use Tor to prevent the association of payments with IP addresses, and hardware wallets are most secure as they store data offline. 218 A broad interpretation of Gratkowski would mean that none of the information stored on digital wallets-or any application of blockchain technology alongside a public disclosure protocol-would be protected by the Fourth Amendment. Due to its inconsistencies, the Gratkowski decision is vulnerable to further litigation and should be narrowly interpreted.

V. THE MODIFIED REASONABLE-EXPECTATION-OF-PRIVACY STANDARD
The Gratkowski decision should be interpreted narrowly and with caution. In particular, it should be read to apply only to cases where the defendant uses a centralized cryptocurrency exchange to trade, buy, or sell bitcoin. 219 Such 217 Only after discovering that Gratkowski's public key was associated with a Coinbase account was the government able to subpoena Coinbase for his personal information. See Brief of Appellee, supra note 163, at 2-3. 218 See supra notes 72-76 and accompanying text. 219 As Bitcoin itself is decentralized and anonymous, and there are digital wallets and exchanges that do not require the disclosure of any personal information, it seems that there would be no one to subpoena if not for the presence of a third-party holding information, such as Coinbase. But there are other ways to associate transactions with the identities of a user. First, there are investigative services, such as Cognyte, which "deanonymizes and reveals illicit transactions made by criminals, thus helping security and law enforcement organizations successfully overcome the challenge of cryptocurrency anonymity." Tom Sadon, 5 Reasons Why Criminals & Terrorists Turn to Cryptocurrencies, COGNYTE (Nov. 2, 2021), https://www.cognyte.com/blog/5-reasons-why-criminals-are-turning-tocryptocurrencies/ [https://perma.cc/AT6K-XRME]. These investigative services are often marketed to law enforcement simply because of their a narrow reading leaves open the question of whether individuals using another platform to transact-decentralized exchanges or other digital wallets-have a reasonable expectation of privacy in their Bitcoin transactions.
One solution is to preserve the third-party doctrine and apply it to Bitcoin exchanges. 220 As this Note discusses in the next Section, such a solution would be proper in situations where the exchange is deemed a "financial institution," as is the case with Coinbase. 221 However, it would be improper to apply such a solution to decentralized exchanges because, unlike centralized exchanges, no single entity retains control over a user's assets. 222 The third-party doctrine applies to information an individual voluntarily discloses to a thirdparty. 223 When using a decentralized exchange, the only information an individual discloses is the public key or Bitcoin address, information already recorded on the blockchain regardless of the platform used to transact. In other words, an individual using a decentralized exchange does not effectiveness in combatting and helping to prosecute crime. Some examples include Cognyte, CipherTrace, and CipherBlade. See, e.g., COGNYTE, https://www.cognyte.com/ [https://perma.cc/9448-VU34] (last visited May 10, 2022) ("Over 1,000 government and enterprise customers in more than 100 countries rely on Cognyte's solutions to accelerate security investigations to successfully identify, neutralize, and prevent threats to national security, business continuity, and cyber security."). 220 See Christine A. Cortez, Bitcoin Searches and Preserving the Third-Party Doctrine, 52 ST. MARY'S L. J. 153, 186 (2020) (arguing that "it is imperative the third party is preserved and only limited on a case-by-case basis"). 221 See supra notes 93-95 and accompanying text. Moreover, the thirdparty doctrine properly applies in situations where a defendant voluntarily discloses information to a third-party individual. For example, in United States v. 89.9270303 Bitcoins, the district court correctly found that when the defendant "told his wife that she could keep key fob one or give it to Baker and then gave her the passcode to key fob one [,] . . . he relinquished any legitimate expectation of privacy in the fob and its contents because he voluntarily gave the fob and its passcode to third parties." No. voluntarily disclose any identifying information. Thus, the third-party doctrine simply does not extend to a user's identifying information when using a decentralized exchange.
In addition, the third-party doctrine has been criticized by members of the Supreme Court as being ill-suited to the digital age. 224 Justice Gorsuch went so far as to state that the Carpenter majority is merely keeping the third-party doctrine "on life support," noting that "countless scholars, too, have come to conclude that the 'third-party doctrine is not only wrong, but horribly wrong.'" 225 Thus, relying on the retention of the third-party doctrine and advocating for courts to apply it to cryptocurrency exchanges is seemingly naïve. Moreover, such a solution is simply inefficient because it cannot be applied uniformly to all digital wallets, but only to those that would fall under the regulatory definition of a "financial institution." 226 Decentralized exchanges and wallets are not owned by any single entity, nor do they retain custody of any users' assets. 227 Thus, they are not subject to certain standards, such as know-your-customer obligations and anti-money laundering laws. 228 The third-party doctrine applies to information voluntarily disclosed to third parties. 229 Although this doctrine properly applies to centralized exchanges and digital wallets that require disclosure upon registration, 230 it should not apply to those that do not. In other words, the third-party doctrine should not apply to individuals that do not voluntarily disclose identifying information when installing/registering a digital wallet or exchange.
Another proposed solution is to distinguish data by level of control: controlled, semi-controlled, and relinquished. 231 Professor Paul Belonick argues that this distinction reflects the ideals of the Fourth Amendment: control and ownership. 232 Although this is seemingly a fair and viable solution, it is inefficient because it requires substantial inquiry into the specifics of every piece of data in question. 233 The complexity of figuring out how different data is classified, shared, or distributed with every new case may lead to confusion and division among courts. The question should not be whether a given transaction is protected by the Fourth Amendment, but whether an individual's identifying information is protected.
This Note suggests a modified reasonable-expectation-ofprivacy standard, supplementing the existing standard with the additional inquiry into what information an individual disclosed in the first place. Such a standard would be most beneficial for its simplicity. To properly apply the test, judges should inquire as to what information an individual disclosed, if any, when installing or purchasing a digital wallet. Considering the variety of digital wallets available, individuals have options when deciding on which wallet to choose. 234 If an individual prefers convenience over anonymity, they will likely opt for a centralized exchange. 235 Conversely, if an individual prefers to remain anonymous, they may opt for the cold storage method, the most secure type of digital wallet available. 236 This solution puts privacy back in the hands of individuals, while simultaneously preserving the integrity of Bitcoin and the Fourth Amendment ideals of ownership, security, and control. 231 Belonick, supra note 4, at 177. 232  standard-modified in that it is supplemented with the concrete question of what information an individual disclosed-satisfies both the subjective and objective prongs of the reasonable-expectation-of-privacy test. 244 Asking what information an individual disclosed would provide insight into whether the individual had an expectation their identity would be kept private, while simultaneously discerning whether it is an expectation society is ready to recognize as reasonable.
An individual that opts for a centralized exchange, which requires user to provide an array of personal information when registering for the service does not have a reasonable expectation of privacy. 245 If an individual voluntarily discloses all of this identifying information to a private, commercial service, they do not have a reasonable expectation that their personal information will be kept private and protected.
For additional justification, courts may also look to the exchange's user agreements. For example, Coinbase's user agreement stipulates that Coinbase "reserve[s] the right at all times to monitor, review, retain and/or disclose any information as necessary to satisfy any applicable law, regulation, sanctions programs, legal process or governmental request." 246 Thus, individuals who agree to this stipulation give up future Fourth Amendment protections as they relate to their personal information on Coinbase. Moreover, Coinbase defines itself as a money transmitter, putting it under the purview of the Bank Secrecy Act. 247 As it falls under the definition of a "financial institution," Coinbase is regulated as any other financial institution would be regulated under federal law. 248  manipulate a user's account if requested by a governmental entity. 249 On the other hand, an individual that opts for a decentralized exchange does have a reasonable expectation of privacy in their personal information. As noted, unlike centralized exchanges, decentralized exchanges are not controlled by any single entity, they do not maintain control of any user's assets, and they are not subject to the same userverification obligations. 250 For example, Bisq, a decentralized cryptocurrency exchange, does not require any registration to download and use the service. 251 A new user simply downloads the software onto their computer, without providing any identifying or personal information. 252 Thus, an individual using Bisq does have a reasonable expectation of privacy in their personal information, since they did not voluntarily provide it to any third-party.
This logic can then be applied to individuals using any digital wallet to buy, sell, trade, or store cryptocurrencies. 253 If, upon installation or registration of a digital wallet, an individual provides identifying information, they no longer have a reasonable expectation of privacy in that information.
Digital wallets, private keys, and, especially, hardware wallets may be considered an "effect" as written in the Fourth Amendment, protected in the same way that computers and hard drives are. This issue is beyond the scope of this Note, but it does demonstrate how the Fifth Circuit's finding in Gratkowski may hinder appropriate consideration of whether the Fourth Amendment protects Bitcoin transactions. 249

VI. CONCLUSION
In United States v. Gratkowski, the Fifth Circuit employed reasoning that is both inconsistent and flawed, demonstrating a fundamental misunderstanding of Bitcoin's public disclosure protocol. Moreover, the court went beyond the facts of the case in finding no privacy interest in an individual's Bitcoin transactions, as it is unclear whether the government would have been able to find Gratkowski's personal information had he not been using Coinbase to transact. Thus, United States v. Gratkowski should be interpreted narrowly and with caution. Considering Fourth Amendment jurisprudence may be ill-equipped to deal with privacy issues related to Bitcoin, the adoption of a modified reasonableexpectation-of-privacy standard would be an effective way for courts to address privacy issues related to Bitcoin transactions. As Bitcoin's philosophy mimics the Fourth Amendment ideals of security and autonomy, a user's expectation of privacy should depend on the information they voluntarily disclose when registering for a digital wallet.