About two years ago, we wrote a post about actions being taken by the U.S. Internal Revenue Service (“IRS”) in connection with its concern that cryptocurrency owners were underreporting or failing to report gains. One such action was the use of John Doe summonses. The IRS issues a John Doe summons when it wants to obtain information about a group of unidentified taxpayers where it suspects many are non-compliant. If successful, a John Doe summons allows the IRS to obtain information which both identifies the taxpayer and allows the IRS to determine if the taxpayer has been properly reporting his or her income. A John Doe summons must be approved by a federal district court judge.
One such John Doe summons that the IRS has been pursuing for a number of years is against Kraken, one of the largest cryptocurrency exchanges in the U.S. (the “Exchange”). The IRS did not allege that the Exchange had engaged in any wrongdoing. However, the IRS cited two different government reports identifying tax compliance issues related to cryptocurrency, one completed by the Government Accountability Office in 2013 and the other completed in 2016 by the Treasury Inspector General for Tax Administration, for its belief that tax non-compliance is an issue with crypto-related assets. Further, the IRS noted the relatively small number of taxpayers reporting cryptocurrency transactions on their tax returns compared to the total number of users on the Exchange, which caused the IRS to view the individuals using the Exchange as likely tax avoidance suspects. In addition, as part of its Electronic Payment Systems Initiative to address U.S. taxpayers who use virtual currencies for tax avoidance purposes, the IRS theorized that some U.S. taxpayers were also using the Exchange to expatriate and repatriate funds to and from offshore accounts.
In 2021, the IRS served the Exchange with the John Doe summons in order to obtain customer and transactional information belonging to members of the John Doe class that it could then use to conduct examinations of persons that may not have complied with the internal revenue laws. The summons requested information regarding unknown U.S. taxpayers who had the equivalent of USD 20,000 in value of transactions, regardless of type, in any type of cryptocurrency for any year between 2016 to 2020. If a user met this value threshold, then the IRS requested two types in information: (i) “User Identity Information”; and (ii) “Transaction Activity.” The requested User Identity Information included such things as account registration records, user profiles, names, addresses, dates of birth, historical changes to personal information, payment methods, KYC and AML documents, etc. The requested Transaction Activity information included all transaction activities on the user’s account including purchase/sale values, dates and times of purchases/sales, blockchain addresses for cryptocurrency units transferred, value received as a result of chain splitting, hard forks or promotional events and all other records of account funding events.
The Exchange refused to comply with the summons because of its overbreadth and the heavy burden that compliance would impose on it. It relied heavily on the fact that the summons served on it was broader than the one that was approved in a well-publicized John Doe summons case involving Coinbase. The IRS, in turn, argued that it had demonstrated there was a reasonable basis for enforcement of the summons, which it argued was narrowly tailored. It further contended that the limitations imposed by the court in Coinbase as to the scope of the summons were excessive and that the limitations the IRS agreed to, without the involvement of the court, when negotiating with Coinbase had no bearing on whether the summons in this case was proper.
The U.S. District Court for the Northern District of California applied the same standard as was used in the Coinbase John Doe summons case, as set forth in United States v. Powell, 370 U.S. 48 (1964). Under this standard, to obtain a court order enforcing an IRS summons, the IRS must show that the summons: “(1) was issued for a legitimate purpose; (2) seeks information relevant to that purpose; (3) seeks information that is not already in the IRS’s possession; and (4) satisfies all of the administrative steps set forth in the Internal Revenue Code.” As was the case with the Coinbase summons, the dispute centred around whether the John Doe summons on the Exchange was issued for a legitimate purpose and sought relevant information.
Addressing first whether the summons was issued for a legitimate purpose, the District Court found that the purpose indeed was legitimate because it had been issued in connection with the IRS’s investigation to identify and correct the federal income tax liability of U.S. persons who conducted cryptocurrency related transactions during 2016 to 2020. In particular, the District Court found the number of taxpayers filing tax returns referencing Bitcoin during that time period to be persuasive. The District Court noted that the Exchange had over 4 million clients with USD 140 billion of trading activity since 2011 and had been registering as many as 50,000 new users per day by the end of 2017. Yet, only 4,164 taxpayers in 2016, 88,040 in 2017, 93,848 in 2018, 102,278 in 2019, and 253,265 in 2020 reported Bitcoin transactions on their returns.
Further, the District Court found persuasive the evidence the IRS presented showing tax non-compliance was higher when there was no third-party reporting involved (such as occurred with the Exchange) as compared to banks that issued a Form 1099-INT to the IRS and the taxpayer. The IRS was also able to point to five concrete examples of users of the Exchange who had committed tax code violations involving cryptocurrencies.
Turning next to the issue of whether the John Doe summons sought relevant information, the District Court noted that the standard to be applied is lower than relevance standards for evidence used in federal court. Instead, the standard is “whether the inspection sought might [throw] light on the correctness of the taxpayer’s return.” At the same time, citing the Coinbase case, the District Court noted that the summons should not be “broader than necessary to achieve its purpose.”
With this standard in mind, the Exchange argued a number of items requested in the summons were overly broad. First, the IRS’s definition of “User” was overly broad because it included a set of users which would not have qualified as a user in the summons approved in the Coinbase case. Namely, the IRS requested information on a “User” who had the equivalent of USD 20,000 in value of transactions, regardless of type, in cryptocurrency in any year between 2016 to 2020. In Coinbase, the summons was more narrowly construed to apply if there was USD 20,000 in any single transaction. The Exchange argued that accepting this wider definition would cover 59,931 Exchange accounts and would sweep in many users who transact only in smaller amounts and do not have taxable gain. However, the District Court noted that the IRS had offered evidence showing it voluntarily limited the definition of “User” in the Coinbase summons based on facts it learned during its negotiations with Coinbase. The District Court also noted that there was nothing in particular about the Coinbase decision which required summonses issued in subsequent cases to follow the exact same requirements and there was nothing in the tax code requiring a de minimis exception for reporting taxable gains or losses. Hence, the Court rejected the Exchange’s arguments that the definition of “User” should be restricted to the Coinbase standard.
Second, the Exchange argued that the summons was overly broad because it included customers who had bought and held cryptocurrencies during the relevant period. The Exchange argued that, in these cases, the customers had only made deposits, purchases or withdrawals and that such activities would likely not be considered taxable events. The District Court sided with the IRS’s arguments that such transactions could reflect wages paid in cryptocurrency, a hard-fork or a chain-split, each of which could be a taxable event, depending on the circumstances. Hence, the District Court found that such a request was not overly broad.
Third, the Exchange argued that the summons was overly broad because it would include users who were not U.S. taxpayers. Hence, the IRS would not have any interest in auditing such individuals and would at the same time put the Exchange at risk for violating foreign privacy laws. The District Court noted that the Exchange could not point to any authority which suggested the summons must be limited on this basis, nor did it offer any alternative way to protect the privacy rights of non-U.S. person users. The District Court therefore allowed the language to remain in the summons.
Fourth, the Exchange argued that the summons was overly broad because it improperly invaded the privacy of Exchange users due to the substantial amounts of personal information and financial data which would be transferred to the IRS. In particular, the Exchange argued that the IRS’s Enterprise Case Management System did not meet all of the security requirements necessary in its cloud-based system to house such data. The District Court was satisfied, however, with the IRS’s response that the IRS does not use that system for storing John Doe summons information. As such, the District Court sided fully with the IRS on the issue of privacy rights.
Finally, the Exchange argued that the summons was overly broad with respect to certain categories of documents and that full compliance with the summons would take months, or even years, given the total number of accounts at issue and the extensive information requested. The District Court agreed with the Exchange on certain points and tailored the summons accordingly. In particular, the District Court found that the following information requests were broader than necessary for the IRS to achieve its purpose: (1) requests for historical information about changes to a user’s personal information, IP addresses and payment methods; and (2) requests for KYC due diligence questionnaire information including employment, net worth, source of wealth, and AML Logs and investigatory records related to AML monitoring activities.
In sum, after about two years of litigation, the District Court issued an order which requires the Exchange to produce significant personal and financial information about its users. This includes identifying information such as names, dates of birth, taxpayer identification numbers, telephone numbers, physical addresses and email addresses. The Exchange must also produce significant financial information including all funding and transactional ledger data.
With respect to takeaways going forward, this case is important because it illustrates that courts will not necessarily rely on the reasoning used in connection with previously issued summonses. Rather, courts should give each summons a proper review to determine if it is adequately tailored to the facts of the situation. In addition, due to the IRS’s success with this particular summons, exchanges and taxpayers can expect that the IRS will continue to use John Doe summonses to obtain information on users of crypto exchanges in order to identify non-compliant taxpayers. Taxpayers who have failed to report or underreported their gains can also expect to be audited by the IRS as a result.
The District Court’s full decision can be accessed here.