John Doe Summons and the Fourth Amendment: The IRS’s Power vs. Digital Privacy

Porter Richards, Contributing Member 2024-2025

Intellectual Property and Computer Law Journal

I. Introduction

When the IRS knocks, do crypto exchange platforms and by proxy, normal citizens have a right to keep the door closed? The answer to this question was one of the main battles over John Doe Summons that took center stage in U.S. v. Coinbase, where the government’s broad demand for user data clashed with Fourth Amendment protections against unreasonable searches. As digital assets challenge traditional legal frameworks, courts must decide: how far can the government go in fishing for financial records without a warrant?

II. Background

What is a John Doe Summons?

A John Doe Summons is a powerful investigative tool used by the Internal Revenue Service (IRS) to obtain information about taxpayers whose identities are unknown but belong to a specific group.[1] Unlike a standard summons, which targets a known taxpayer, a John Doe Summons compels companies—such as financial institutions or exchanges—to disclose names, documents, and other requested information about a broader class of individuals.[2]

While courts have generally upheld the use of John Doe Summons, they have also imposed limits to prevent excessive data collection, acknowledging the significant privacy concerns at stake.[3] The process of the IRS issuing a John Doe Summons to third parties often shifts the responsibility onto these entities to gather Know Your Customer (KYC) information—such as names, dates of birth, addresses, and other personal details— to assess tax obligations.[4] However, an important constitutional question arises: where does the IRS derive the authority to issue these summons while still adhering to legal protections against government overreach?

Where Does the John Doe Summons Get its Authority?

The John Doe Summons derives its authority from IRC § 7609(f) of the Internal Revenue Code (IRC), which grants the IRS the power to issue a summons for information about an unidentified individual or an ascertainable group of taxpayers.[5] IRC § 7609(f) was designed to combat tax evasion by allowing the IRS to collect information from third-party recordkeepers—such as banks, cryptocurrency exchanges, and other financial institutions—when the identities of potential tax violators are unknown.[6]

Under IRC § 7609(f), a John Doe Summons applies to “any summons…which does not identify the person concerning whose liability the summons is issued.”[7] This broad language of IRC § 7609(f) ensures that the IRS can investigate tax compliance within a specific group of taxpayers, even when individual taxpayers remain unidentified.[8]

However, to safeguard taxpayer privacy and prevent abuse, the IRS must obtain court approval before issuing a John Doe Summons.[9] Under IRC § 7609(f), a federal court will approve only if the IRS meets three key criteria: (1) The summons relates to an identifiable tax compliance issue where the IRS must show that the group targeted (e.g., crypto traders) is suspected of tax noncompliance, (2) the IRS lacks other means to obtain the information so if taxpayers aren’t voluntarily reporting and the IRS doesn’t know who they are, a John Doe Summons is the only way to identify them, and (3) the summons is narrowly tailored, meaning courts will reject overly broad requests that sweep in unnecessary data.[10]

The John Doe Summons and its constitutionality and criteria have been at the heart of several cases in recent years with cryptocurrency exchanges, most recently in U.S. v Coinbase and the off-shoot lawsuit from one of coin base users, Harper v Werfel.

What happened in the U.S. v Coinbase case?

In 2021, the IRS served a summons on Coinbase- a crypto exchange- requesting records related to nearly all of the platform’s customers over several years.[11] Initially, the summons sought information on U.S. persons who conducted transactions in convertible virtual currency between January 1, 2013, and December 31, 2015.[12] The summons called for nine categories of documents, including complete user profiles, KYC due diligence, third-party access records, transaction logs.[13]

After Coinbase failed to comply with the summons, the U.S. filed a petition to enforce the summons under 26 U.S.C. §§ 7402(b) and 7604(a), which authorize the government to seek judicial enforcement of IRS summons.[14] Following oral arguments, the IRS narrowed the scope of the summons request, though it still applied to over 10,000 Coinbase account holders.[15] The modified summons then sought information for accounts with at least $20,000 in transactions in any given year during the 2013-2015 period.[16]

The U.S. District Court held that this was a valid summons, and the summons served the legitimate purpose of investigating the discrepancy between the number of Coinbase users during the summons period and the number of U.S. Bitcoin users who reported gains or losses to the IRS for those same years.[17] 

What happened in Harper v Werfel?

In Harper v. Werfel, James Harper challenged the IRS’s issuance of a John Doe Summons to Coinbase seeking records of its customers, which included Harper.[18] Harper argued that the summons violated his Fourth and Fifth Amendment rights and did not meet statutory requirements under the Administrative Procedure Act (APA).[19] However, the court found Harper’s claims unconvincing.[20]

Harper’s Fourth Amendment argument focused on the constitutional right to be free from unreasonable searches and seizures.[21] However, the First Circuit emphasized the Supreme Court’s consistent stance that individuals have no legitimate expectation of privacy in information voluntarily provided to third-parties.[22] The court held that this principle, established in U.S. v. Miller, was applicable in this case.[23] The court in Miller ruled that individuals have no reasonable expectation of privacy in bank records, and the First Circuit extended this third-party doctrine to the records held by Coinbase, a third-party cryptocurrency exchange.[24]

The IRS argued that the information it sought fell squarely within the scope of the third-party doctrine.[25] The documents sought by the IRS—personal identifiers, transaction logs, and account statements—were directly analogous to the bank records at issue in Miller.[26] Moreover, Coinbase’s terms of service explicitly warned users that their information might be disclosed to law enforcement.[27]

The District Court dismissed Harper’s complaint, finding that he lacked a reasonable expectation of privacy in his Coinbase account records.[28] The First Circuit affirmed the dismissal, concluding that Harper had no protected privacy or property interests that would allow him to challenge the IRS’s summons.[29]

The holdings of these both Coinbase and Miller highlight the validity of the John Doe Summons, yet they raise the question of whether the courts got these cases right and what should be done.

III. Discussion

As previously mentioned, IRC § 7609(f) governs the John Doe Summons, requiring the IRS to seek court approval before issuing a summons that does not identify a specific taxpayer.[30] Congress likely intended this provision to prevent the IRS from circumventing privacy protections by adding a known taxpayer to an otherwise broad, unnamed request.[31]

The balance between tax enforcement and privacy is at the heart of IRC § 7609.[32] While it ensures that known taxpayers receive notice when a third-party recordkeeper-such as a bank or crypto exchange- is summoned, its language does not explicitly extend the same protection to unknown taxpayers.[33] Given that third-party recordkeepers hold extensive personal financial data, allowing unrestricted IRS access raises significant privacy concerns.[34] However, imposing the John Doe Summons procedures on all third-party summonses—simply because they might reveal unknown taxpayers—could disrupt the balance Congress intended.[35] This could lead to Fourth Amendment violations.

The Fourth Amendment and Privacy in the Digital Era

The Fourth Amendment guarantees the right to be secure against unreasonable searches and seizures.[36] Historically, the courts have upheld this right by requiring individualized warrants based on probable cause and by demanding that searches be narrowly tailored to the needs of an investigation.[37] Traditional applications of this principle rested on the “third-party doctrine,” which held that individuals have no reasonable expectation of privacy in information voluntarily disclosed to banks and other intermediaries.[38]

However, modern developments challenge that rationale.[39] In Carpenter v. U.S., the Supreme Court recognized that digital data—such as cell site location information—can reveal intimate details of a person’s life, thus warranting enhanced privacy protections even when stored by third parties.[40] It can be argued that the same reasoning should apply to the comprehensive financial and transactional data held by today’s digital platforms. When companies like Coinbase maintain detailed records of users’ transactions, personal identifiers, and activity logs, the information in question goes far beyond the limited data traditionally held by banks. This data aggregation provides a window into an individual’s entire financial behavior and private life.[41]

The Outdated Third-Party Doctrine

The longstanding justification for expansive John Doe Summons rests on the idea that once information is voluntarily handed over to a third-party, an individual relinquishes any reasonable expectation of privacy.[42] Yet, in an era defined by pervasive digital data collection, such a doctrine appears increasingly dated. The vast amounts of personal information now stored on digital platforms are not merely transactional records—they are comprehensive profiles that can reveal sensitive details about one’s habits, associations, and even ideological leanings.[43]

Moreover, it can be argued that John Doe Summons often lack the precision required by the Fourth Amendment. Rather than being supported by individualized probable cause, these administrative orders typically cast a wide net over thousands of accounts, capturing data on individuals who may have no connection to any alleged wrongdoing.[44] The breadth and impersonal nature of these summons render them susceptible to abuse, as they bypass the traditional judicial oversight that a carefully drafted search warrant would provide.[45]

A Violation of Fourth Amendment Principles

At its core, the Fourth Amendment is designed to protect citizens from arbitrary government intrusion.[46] In our digital age, where the lines between public and private information are increasingly blurred, the use of broad, ex parte summons constitutes an unconstitutional search. The lack of prior judicial oversight or the opportunity for affected individuals to challenge the scope of the summons before sensitive information is released not only violates the spirit of the Fourth Amendment but also risks chilling lawful behavior. This could deter individuals from engaging in digital commerce or using innovative financial platforms due to fears of unwarranted government scrutiny.

IV. Conclusion

The traditional third-party doctrine must be reexamined in light of technological advancements. While the doctrine once served as a practical rule in a pre-digital world, the reality today is that personal data is both voluminous and highly revealing. As Carpenter illustrates, modern privacy interests demand a more nuanced approach. To reconcile the need for effective government investigations with constitutional protections, reforms are necessary—either by narrowing the scope of John Doe Summons or by subjecting them to rigorous judicial review before any data is disclosed.

---

[1] Parag Patel, John Doe Summons: A potent investigative tool used by the IRS, Patel Law Offices(January 14, 2025), https://patellawoffices.com/blog/planning-for-tax-minimization/john-doe-summons-a-potent-investigative-tool-used-by-the-irs/# [https://perma.cc/3JVT-4H7H].

[2] Id.

[3] Id.

[4] How the IRS Tracks Crypto: John Doe Summons Explained, Crypto Tax Audit (Aug 15, 2024), https://www.cryptotaxaudit.com/blog/how-the-irs-tracks-crypto-john-doe-summons-explained [https://perma.cc/VGW9-756R].

[5] 26 U.S.C.S. § 7609 (LexisNexis, Lexis Advance through Public Law 118-233, approved January 4, 2025, with a gap of Public Law 118-159)

[6] Id.

[7] Id.

[8] Id.

[9] Id.

[10] Id.

[11] United States v. Coinbase, Inc., No. 17-cv-01431-JSC, 2017 WL 5890052, *2 (N.D. Cal. Nov. 28, 2017). 

[12] Id.

[13] Id. at *3.

[14] Id. at *4.

[15] Id. at *19.

[16] Id. at *16.

[17] Coinbase, 2017 WL 5890052, at *17. 

[18] Harper v. Werfel, 118 F.4th 100, 102 (1^st Cir. 2024).

[19] Id. at 103.

[20] Id.

[21] Id.

[22] Id. at 107.

[23] Id. at 108.

[24] Harper, 118 F.4th at 108.

[25] Id.

[26] Id. at 109.

[27] Id.

[28] Id. at 103.

[29] Id. at 117.

[30] Cecelia Kehoe Dempsey, The Application of the John Doe Summons Procedure to the Dual-Purpose Investigatory Summons, 52 Fordham L. Rev. 574 (1984).

[31] Id.

[32] Id.

[33] Id.

[34] Id.

[35] Id.

[36] U.S. Const. amend. IV.

[37] Third Party Doctrine, Injustice for Justice (Jan. 5, 2023), https://ij.org/issues/ijs-project-on-the-4th-amendment/third-party-doctrine/ [https://perma.cc/Y6RC-PEEH].

[38] Id.

[39] Id.

[40] Carpenter v. United States, 585 U.S. 296, 321 (2018).

[41] Julia Kagan, Account Aggregation: What it is, How it Works, Investopedia (Jan. 29, 2021), https://www.investopedia.com/terms/a/account-aggregation.asp [https://perma.cc/9WRK-G4E7].

[42] Jennifer Safstrom, The Right to Keep Personal Data Private: Carpenter v U.S., ACLU (Sep. 15, 2017), https://www.aclu.org/news/privacy-technology/right-keep-personal-data-private-carpenter-v-us#:~:text=They%20were%20able%20to%20do,probable%20cause%20to%20a%20judge. [https://perma.cc/FKR3-P8QF].

[43] Id.

[44] Id.

[45] Id.

[46] Barry Friedman, The Fourth Amendment, National Constitution Center, https://constitutioncenter.org/the-constitution/amendments/amendment-iv/interpretations/121 [https://perma.cc/3VUE-WHSA].