Constitutional challenges erupt over IRS crypto summonses

John Doe summonses are IRS tools that compel third parties (like cryptocurrency exchanges) to produce records about unnamed taxpayers. 

Rather than targeting a specific individual, a John Doe summons seeks information on a class of taxpayers the IRS suspects of noncompliance. In the cryptocurrency arena, the IRS has used these summonses to obtain customer data from major exchanges, such as Coinbase (in 2016) and Kraken (in 2021), as part of its efforts to identify taxpayers who underreport crypto-related income. 

The breadth of these requests has sparked constitutional challenges under the Fourth and Fifth Amendments (an initial summons to Coinbase sought roughly 500,000 customer records). A core question is whether obtaining individuals' cryptocurrency transaction records from exchanges without a warrant violates the Fourth Amendment's protection against unreasonable searches or the Fifth Amendment's protections (such as due process or the privilege against self-incrimination). 

Fourth Amendment: privacy, reasonableness and the third-party doctrine

The Fourth Amendment safeguards "persons, houses, papers and effects" from unreasonable searches and seizures. Under modern doctrine, a "search" occurs when the government intrudes upon an expectation of privacy that society recognizes as reasonable (the Katz test) or physically trespasses upon persons or property. Individuals challenging IRS summonses for crypto records argue they have a reasonable expectation of privacy in their financial information held by exchanges. However, courts have consistently rejected this argument by invoking the third-party doctrine, which holds that information voluntarily disclosed to a third party carries no reasonable expectation of privacy.

In United States v. Miller, 425 U.S. 435 (1976), the Supreme Court held that bank customers have no Fourth Amendment interest in their bank statements and records because those documents are business records of the bank containing information voluntarily conveyed to the bank and exposed to its employees in the ordinary course of business. Similarly, in Smith v. Maryland, 442 U.S. 735 (1979), the Court held that there was no reasonable expectation of privacy in the phone numbers dialed, as the phone company possessed that data. Lower courts have treated cryptocurrency exchanges as analogous to banks for Fourth Amendment purposes. For example, the Fifth Circuit in United States v. Gratkowski, 964 F.3d 307 (5th Cir. 2020), ruled that a user does not have a constitutionally cognizable privacy interest in records of his crypto transactions held by an exchange. 

The court concluded that cryptocurrency account records are akin to bank records and thus squarely governed by Miller. The main difference that the exchange deals in virtual currency instead of physical cash was legally irrelevant in the Fifth Circuit's view. In fact, the Gratkowski opinion emphasized that Bitcoin users who choose to transact through an intermediary, such as an exchange, sacrifice some privacy, whereas those transacting without third-party intermediaries (peer-to-peer or through a private wallet) can maintain a higher level of anonymity. By opting for the convenience of an exchange, the user voluntarily divulged information to a third party, undermining any reasonable expectation of privacy. This same logic was applied in the recent Coinbase summons litigation. 

Carpenter v. United States: a narrow opening and its limits

Critics of the third-party doctrine argue that this 1970s-era rule is ill-suited for the digital age, where individuals routinely entrust vast amounts of sensitive data to third-party service providers. They point to Carpenter v. United States, 138 S. Ct. 2206 (2018), as a signal that the Supreme Court may recalibrate Fourth Amendment privacy in light of modern technology. In Carpenter, the Court held that a person has a reasonable expectation of privacy in historical cell phone location records held by his phone company. Thus, police generally must obtain a warrant to access them. Chief Justice John Roberts's opinion recognized that cell-site location information provides an all-encompassing record of one's whereabouts and can reveal a detailed, intimate portrait of one's life. Even though a third party holds those location logs, the nature of the data was deemed so sensitive that the third-party doctrine should not apply automatically. Carpenter was a narrow decision, expressly not overruling Miller or Smith, but it signaled caution against mechanically applying the third-party rule without accounting for seismic shifts in digital technology and the privacy implications of extensive data aggregation.

However, courts have consistently declined to extend Carpenter to cryptocurrency records, instead treating them under the third-party doctrine established in Miller. In Harper v. Werfel, 118 F.4th 100 (1st Cir. 2024), the First Circuit emphasized that Coinbase's customer records have little in common with the continuous, involuntary location tracking at issue in Carpenter, likening them instead to ordinary bank records. The panel emphasized that cell phones are integral to modern life and generate CSLI without user intervention, whereas using a crypto exchange is voluntary, and users can avoid disclosure through self-hosted wallets or peer-to-peer trades. 

Harper, the court noted, "chose to sacrifice [a] greater level of privacy for the technological convenience of using an intermediary" and thereby relinquished any reasonable expectation of privacy. The Fifth Circuit reached the same conclusion in United States v. Gratkowski, 964 F.3d 307 (5th Cir. 2020), holding that exchange records are not entitled to greater Fourth Amendment protection than bank transactions and that blockchain and account data are far less revealing than CSLI. Critics argue that this reasoning undervalues the privacy motivations of crypto users, who often view digital assets as a form of digital cash designed to preserve anonymity. However, courts have uniformly adhered to Miller and the third-party doctrine, leaving any expansion of Fourth Amendment protection in this context to the Supreme Court.

Self-incrimination and related concerns

The Fifth Amendment's self-incrimination clause does not protect taxpayers from IRS John Doe summonses directed at cryptocurrency exchanges. The privilege applies only to compelled testimonial acts by the individual; when the IRS obtains existing records from a third party, no compulsion is placed on the account holder. The Supreme Court made clear the government may acquire a person's documents from third parties without implicating self-incrimination because the individual is not forced to produce them. In Harper's case, the Fifth Amendment claim was framed as a due process challenge, rather than a self-incrimination claim, and courts have consistently reaffirmed that users cannot invoke their Fifth Amendment privilege to block an exchange from complying with a valid summons.

If the IRS were to serve a summons directly on a taxpayer, act-of-production issues could arise, since producing documents may implicitly admit their existence, authenticity or the taxpayer's control. Even then, the privilege is narrow: the government often overcomes it through the "foregone conclusion" doctrine (when it already knows the facts sought) or by granting use immunity. With John Doe summonses, those nuances rarely surface, as the compulsion falls entirely on the exchange, which has no Fifth Amendment privilege. This design is why the IRS favors third-party summonses. They bypass constitutional barriers that would apply if the agency were to seek records directly from the taxpayer.

Although historically the Court in Boyd v. United States, 116 U.S. 616 (1886) linked compelled production of private papers to both Fourth and Fifth Amendment protections, that approach has long been displaced by the third-party doctrine and modern subpoena law. Today, unless the individual is personally compelled, self-incrimination is not implicated. Courts have applied this reasoning in analogous contexts, such as bank and phone records, and the crypto context is no different. Thus, while a John Doe summons may yield incriminating evidence, it does so without requiring the taxpayer to testify or produce records, and constitutional challenges on Fifth Amendment grounds have uniformly been unsuccessful.

Post-2023 rulings and Supreme Court posture

The most significant recent ruling was the First Circuit's Harper decision in late 2024, which, as detailed, came down squarely in favor of the IRS's position. That decision, now reinforced by the Supreme Court's denial of review in mid-2025, leaves a clear (if controversial) rule: crypto exchange users have no Fourth Amendment or Fifth Amendment due process right to prevent the IRS from obtaining their account records via a John Doe summons. The Supreme Court's refusal to hear the case suggests that, at least for now, a majority of the justices did not see an urgent reason to revisit the doctrine in this context. It is possible the Court is waiting for more division in the lower courts or a more compelling fact pattern. It is noteworthy that Justice Neil Gorsuch has openly criticized the third-party doctrine (in Carpenter, he invited litigants to argue a property-based theory). Still, Harper's petition, which explicitly pressed those points, failed to garner the four votes needed for certiorari. This could indicate that the Court is content to let Congress or societal consensus develop further before taking up financial privacy in the digital age.

Nonetheless, the issue remains unsettled in a broader sense. Dissenting voices and privacy advocates remain active. The Electronic Frontier Foundation, the Cato Institute, the Coin Center and others continue to argue that the third-party records doctrine should be narrowed or abolished for personal data stored in the cloud. If a future case presented a starker clash — for example, if an exchange's records were used to surveil individuals' activities without any specific tax investigation (a hypothetical scenario) — courts might become more sympathetic to constitutional limits. Or, if another circuit were faced with these facts, it might conceivably depart from the First and Fifth Circuits' reasoning, creating a split. So far, though, every court to consider the issue (including district courts in the Ninth Circuit for Coinbase/Kraken, the Fifth Circuit and the First Circuit) has sided with the IRS. In the absence of a circuit split or new technology shifting expectations, the Supreme Court may continue to stay out.

It's also worth noting that outside the tax context, the Supreme Court in recent years has shown interest in digital privacy (Carpenter, Riley v. California (2014) for cell phone searches, etc.). Therefore, one cannot rule out the possibility that the Court might eventually grant cert in a case raising the question: Should Miller's rule (no privacy in financial records held by a bank) be reconsidered in light of modern digital finance? Indeed, in denying cert in Harper's case, no justice dissented or wrote separately — but that could simply mean they did not view that vehicle as ideal. If Congress or states express strong concerns, or if there is public outcry over financial surveillance, the pressure on the Court to act could intensify.

IRS and legislative developments

The IRS has made clear that cryptocurrency tax compliance is a top enforcement priority, hiring digital asset experts and expanding detection programs. With the Infrastructure Investment and Jobs Act of 2021, exchanges and brokers are classified as "brokers" for tax reporting. Once the IRS's proposed Form 1099 reporting rules take effect (expected by 2025–2026), vast amounts of crypto data will be automatically reported. This reduces the IRS's reliance on John Doe summonses going forward, but the agency will continue to use them aggressively for past years and for platforms not covered by new reporting rules. Congress has largely supported this expansion, despite occasional pushback from lawmakers who frame the new regime as financial surveillance. Proposals to reform the Bank Secrecy Act or add privacy protections have gained little traction, resulting in the IRS's authority continuing to grow.

Courts, meanwhile, continue to uphold John Doe summonses under the third-party doctrine, even as other areas of law show unease with dragnet surveillance tools (for example, recent rulings against "geofence" warrants). For now, crypto users should assume the IRS can scrutinize their exchange-linked transactions without a warrant, and that constitutional challenges will fail. The convergence of statutory reporting, John Doe authority and blockchain forensics creates an unprecedented level of visibility into digital assets.

The implications are dire: Taxpayers who once believed cryptocurrency offered privacy now face a compliance environment where the IRS can access their data both prospectively and retroactively. Given the complexity of this evolving regime, the only viable defense is proactive strategy. That means retaining experienced dual-licensed cryptocurrency tax attorneys and CPAs who can navigate both the substantive tax rules and the procedural protections of attorney-client privilege and Kovel. Without that expertise, taxpayers risk civil audits escalating into life-altering criminal tax investigations with devastating consequences.