The fallout from the Treasury Department’s sanctions on Tornado Cash continued this week. The department’s Office of Foreign Assets Control (OFAC) claims that the crypto-mixing service, which is a decentralized application (dApp) running off Ethereum’s blockchain, was used by hackers in North Korea to launder more than $7 billion worth of cryptocurrencies.
Privacy activists in crypto are decrying the sanctions as an assault on “free speech” because open-source code was established as such in the Ninth Circuit Court of Appeals’ 1992 decision for Bernstein vs Department of Justice.
That argument has failed to convince their counterparts, however. In addition to stablecoin issuer Circle, many other services have cut off their interface for transactions involving Tornado Cash. The list includes derivatives trading exchange dYdX, Ethereum wallet Metamask, and Ethereum API firm Infura.
Meanwhile, crypto advocacy firm Coin Center says that the department “overstepped its legal authority” and that it will work with digital rights advocates “to pursue administrative relief.” As usual, the crypto community has produced a colorful graphic (this one’s from crypto forensics firm Chainalysis) that purports to show Tornado Cash’s usage statistics. While criminals form a significant chunk (almost 30%) of its use cases, almost half of them emerge from decentralized finance (DeFi) apps.
The Complicated Case of Tornado Cash
On the face of it, the case involving Tornado Cash might seem simple. A snippet of open-source code is freely available to everyone and there is no single entity or individual that is responsible for its execution. In effect, once it is released into the public domain, the code exists on its own.
The Treasury Department has sanctioned smart contract addresses and all those who interact with it. It is the equivalent of sanctioning a product or service with a defined use case and customer demographic.
But that is not how cryptocurrencies work. The Ethereum network is accessible to anyone with an Internet connection and Tornado Cash is available to a variety of customers.
Therefore, Tornado Cash cannot and must not be censored.
Questions of Intent and Profits
But the case is more complicated than it seems at first glance. A software consists of lines of code that are meant to accomplish a specific task or function. There is intent behind those lines of code. Free speech is also not a carte blanche. In the past, courts have clamped down on free speech that has veered into criminal behavior territory.
The question of intent also becomes important when you consider Tornado Cash’s workings. Most open-source projects use a variety of methods to raise funds to develop and maintain their operations.
Tornado Cash used a token – TORN – that was listed at cryptocurrency exchanges. While there may not be a legal entity responsible for Tornado Cash, a decentralized autonomous organization (DAO) consisting of TORN token holders and community fund were in-charge of major decisions, financial or those related to strategy, at the service.
The latter’s role has especially come under a cloud because TORN, some experts say, was not necessary. The fund’s signatories have ‘relinquished’ their roles after the sanctions were announced, according to reports. The DAO had 9,300 members and went silent following the Treasury Department’s announcement. It is reported to be considering a legal recourse to the sanctions now.
Much Ado About Nothing?
In the end, the Tornado Cash case may turn out to be a case of much wrangling about a non-sequitur. The OFAC sanctions have not stopped people from interacting with or sending money to addresses purportedly located in the United States. In fact, the case has demonstrated the futility of using geographic jurisdictional authority on a decentralized entity with servers spread out across the globe.
Besides, Tornado Cash already offers a compliance tool that enables its users to selectively share the footprints of their transactions, instead of hiding them, with parties of their choice. Thus, the tool enables privacy and ensures compliance with US laws. Making the tool mandatory for all users might be one way out of the current stalemate.