Banning a service because it "might be used for illegal purposes" is insufficient. This is a problem with law enforcement in general: they are lazy and seek to have automated solutions to so much of what used to be called police work. This applies to warrant-less wiretaps, pulling information on people from 3rd party data brokers to side-step warrant and FOIA requirements, and more. I would rather money-launderers get away with things and for freedom to prosper than to have an all-encompassing surveillance state.
"Might be used for illegal purposes" is a significant understatement. The chief selling point of Tornado Cash is money laundering, which is in and of itself a crime in both the US and Netherlands.
Normally, there'd be an aspect of plausible deniability: torrent index operators can, for example, rightfully claim that they're facilitating legal filesharing, or that they're entirely agnostic to the content being shared (if all they're doing is sharing URLs). What's key in this case is that law enforcement claims that Pertsev was aware of the crimes his service was being used for. Whether or not that's actually true is up to a court to decide.
"The chief selling point of Tornado Cash is money laundering, which is in and of itself a crime in both the US and Netherlands."
You have a fundamental misunderstanding of US law with regard to money laundering. Obfuscating the source of funds, by itself, is not money laundering. Money laundering requires a "predicate offense" - the money that is being laundered must be proven to have had an illicit source. Further, the entity accused of doing the "laundering" also must know that the source of funds is illicit before doing it. Intent to promote the carrying on of "specified unlawful activity" must also be proven in order for a money laundering conviction to occur. You can read the entire statute here [1].
Therefore, the "chief selling point" cannot be money laundering, at least under US law, because the contracts were deployed with no prior knowledge of how or by whom they would be used. One cannot form intent without prior knowledge. The chief selling point was anonymity, not money laundering, which has a highly specific legal meaning.
You're addressing 18 USC 1956 (a)(1)(A)(i) and (a)(1)(B)(i).
I'm concerned with (a)(1)(B)(ii), which concerns reporting requirements. The kind of financial transactions that Tornado Cash enables are fundamentally incompatible with the US's Federal reporting requirements.
My understanding of the Dutch criminal code (which is not great!) is that their standard is even weaker: it is sufficient to demonstrate mere concealment, not a failure to meet particular reporting requirements.
At least under US law, intent is still required. Meaning that while some users of TC may have violated this law, the devs did not, nor did they knowingly aid in it or have any provable intent to do so.
I don't know what Dutch law says with regard to intent/knowing participation, but I suspect that any system of laws in a civilized country would generally require it for criminal convictions.
(B)(ii) does not require specific intent. It requires knowledge that the transaction fails to meet reporting requirements.
The intent in question is manifested in Tornado Cash's design, which doesn't pass the malfeasance smell test: you can't absolve yourself of illegality by automating the illegality.
The intent in question is manifested in Tornado Cash's design, which doesn't pass the malfeasance smell test: you can't absolve yourself of illegality by automating the illegality.
Given that it also has legitimate uses, I think that's a very difficult case to make. Also, with very limited exceptions, nearly all crimes in the US require intent and/or knowing participation. It's a fundamental tenet of our system. There is a reason that they aren't being prosecuted in the US, and those reasons are outlined above. Perhaps Dutch law is different enough to allow a conviction; time will tell.
I'd also point out that Apple's device encryption scheme was specifically designed so that Apple itself cannot unlock devices, which thwarts law enforcement subpoenas for assistance. They can legitimately throw their hands up in the air and say "we have no ability to help you" - and that's by design. It is not illegal to design systems in this way. It just shifts the legal liability for misuse onto the users, where it should be.
No, they are not. They aren’t actively participating in the transactions, and thus have no reporting requirement. Users are not allowed to structure transactions, as it is illegal for them to do so.
Also, with very limited exceptions, nearly all crimes in the US require intent and/or knowing participation.
The fact that this statement is 100% completely wrong in totality is common knowledge.
I recently bought a kayak. In my state I'm required to register the kayak and have a registration sticker on it. If I was unaware of this, there is no, "Oopsie! Didn't know" defense.
This principle goes back to Roman law - ignorantia juris non excusat. You may have heard Thomas Jefferson saying the English version, "Ignorance of the law is no excuse". It's one of the favorite things for judges to say as they sentence people in criminal proceedings.
Is it “100% wrong in totality”? Mens rea (“guilty mind”) is a required element of many crimes [1]. Moreover, there’s the whole annoying concept of due process [2]:
> as due process required that the defendant have notice of the crime at issue. The Lambert decision explicitly recognized this fair notice requirement as an exception to the general rule that ignorance of the law is no defense.
I’m not saying that necessarily applies here but clearly ignorance of the law can sometimes be an excuse, no?
Sure, I used to use it. I won't explain the strategy, but I have a crypto trading bot that sometimes profits at the expense of other bots. The owners of these bots got so annoyed at this that they would blacklist the address at which my bot was, and would then track any addresses that I sent funds to from there and blacklist those in advance. TC broke this ownership chain, so they could no longer preemptively blacklist the addresses my bot operated from.
Privacy - just the general desire to participate in crypto as if it were cash, like originally intended. Right now if you aren't running a miner, you've lost that ability without tumblers.
Anonymity and privacy is very useful in a lot of legal use cases. One example is buying domain name without disclosing who is buying (disclosing that information may dramatically inflate price).
There are obviously workarounds without tornado cash but tornado cash is probably the cheapest option.
I know a little bit about HFT, and I don't have anything particularly nice to say about it. But it's more or less unrelated to the particular crime of money laundering.
Structuring though is one of the dumbest, laziest and most arbitrary law ever. If you say that the limit is, say, max 100 K USD for something but plan to attack for structuring the person who did 5 times 100 K USD, then simply make the law clearer: make the law say 100 K USD max and, say, max 200 K USD over five years. But don't come after people who did respect the numbers written in the law for "structuring".
It's another crazy concept of overreaching states and IRSes enjoying way too much power. They can arbitrarily decided what's structuring and what is not. Arbitrary decisions aren't how a democracy should work.
You want to prevent people doing these kind of transfers? Make it clear what the limits are. Don't come after people doing precisely what the limit allows several times: precise it can only be done once or x times over a certain time period.
That's by the way, how some laws do work. For example in France you're allowed to give your kids up to 150 K EUR of real estate (or something), tax and inheritance tax free, once every 15 years. After 15 years you're free to do it once again.
But putting limits and then attacking people respecting the limits? To me it's the sign of something deeply rotten in the state and that such laws exists isn't something that should be cheered.
Your real estate example is not a great fit, because real estate transfers are not common. That particular tax-free status on the transfers would probably be best interpreted as a carve out or loophole, with the normal status being that the transactions should be taxed.
On the other hand, depositing money is the normal status. Depositing what amounts to large sums over arbitrary periods of time is also normal. Directly to the point, the limit in place is not a restriction, but merely one that triggers mandatory reporting. The limit is very clear and absolute -- though at their discretion banks may report smaller transactions. Structuring is specifically about avoiding that limit and the accompanying questions and reporting.
So how would you rewrite this law to require mandatory reporting, but also not allow structuring? Because it's not apparently trivial how to achieve that goal any better than they did.
I feel like the signal-to-noise ratio must be terrible, especially as inflation gradually lowers the meaning of a $10,000 reporting limit. Selling a used car is enough to trigger a reportable amount of cash.
I'd think what we need is less magic numbers, and instead a better training/reporting ecosystem that insulates people with good intentions but gives them the right tools to identify criminal behaviour.
Actually expecting banks to know their customers at a personal level should be the goal.
I suspect, in contrast, everyone involved likes a fixed 10k limit because it provides a convenient liability hand-off. Compliance can be automated on a much greater level and they can say "we filled out the appropriate forms when required, how were we supposed to know that Hamas Cupcakes Inc was a front?"
Agreed on the last bit. Having a clear-cut line where "this must be reported" is I think necessary for liability reasons. There are definitely other transactions that should be reported, in the spirit of the actual AML (anti money laundering) issue. But I think it's necessary to be able to say, in a legal setting, that the required obligation was met and discharged, even if something happened that probably should have been caught.
The government is well-aware of how inflation erodes reporting thresholds. If you look at the obligation to report non-US bank accounts to FinCEN, they've indexed the penalties ($10,000 per line item) to inflation but not the $10,000 aggregate reporting threshold.
I must say that I dislike the rationale for banning structuring. It's basically a law that bans attempts to comply with the letter of another law without complying with its spirit. Complying with any law should be completely straightforward.
I must say that I dislike the rationale for banning structuring.
So there are two possibilities.
1. You think the government shouldn't be allowed to track money laundering
2. You have a suggestion on improving money laundering tracking without anti-structuring laws
If you believe the government has a legitimate vested interest in stopping money laundering and you set a $10,000 limit before something must be reported, the reporting requirement might as well not exist if someone can deposit $9999.99 literally 100 times per day without a report being generated.
So what would your suggestion be on how to track money laundering? Or do you just think that's none of the government's business?
The answer isn't to then set the $10,000 limit and add an opaque criteria of "but the limit doesn't matter if we look at your transactions and think you are hiding something".
Something more reasonable may be: a limit of $10,000 per month (or any time frame) before mandatory reporting. That of course means dropping the hand wavy exception completely.
Yes, but the same intent provisions still apply to the entity that enabled the structuring. Tornado Cash has legitimate use cases - I had one prior to the OFAC issue (hiding the source of funds to an address in order to prevent certain bots from reacting to it). So the devs cannot have formed intent to aid in any of the crimes that TC may have unwittingly enabled.
Casinos are used as vehicles for structuring and money laundering every minute of every day - on a much larger scale than anything Tornado Cash could ever have achieved. They don't have the intent to aid in these activities though, which is why they are allowed to operate.
[Casinos] don't have the intent to aid in these activities though, which is why they are allowed to operate.
Casinos are allowed to operate because not only do they not have the intent to aid these activities, they happily track and report everything they're required which is just as much as a bank is required. They aren't the hotbed of money laundering you seem to think they are.
They aren't the hotbed of money laundering you seem to think they are.
I spent a fair amount of time in the gaming business, and I can tell you that this statement is patently false. Very little of it gets caught, because the people involved in such schemes know what the rules are and simply work around them. Casinos themselves also sometimes turn a blind eye to such activity when it is especially profitable for them. Example [1]. That occurred even with the reporting requirements.
There really seems to be a lot of mental gymnastics going on here.
Your original point was that casinos are allowed to operate because of their "lack of intent". I respond that it's actually because they're as heavily regulated as banks are. Your response is, "But sometimes they break the law!"
Who cares? Casinos are heavily regulated and most of the time they follow their regulations. Or they would be shut down.
And here we go back to the real original point... what regulations were Tornado Cash following? Were they ever following AML/BSA regulations? Did they do anything significant to attempt to comply with regulations that all money exchange companies have to comply with?
Your little example of Casino money laundering was $47 million and was touted as “the largest all-cash, up-front gambler the Venetian-Palazzo had ever had to that point,”.
Now read that link from treasury.gov:
Tornado Cash, which has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. This includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group
It's not even comparable. $47 million is 0.6% of $7 billion. Tornado Cash's raison d'être was money laundering and it was right to shut them down.
> chief selling point of Tornado Cash is money laundering, which is in and of itself a crime in both the US and Netherland
Also, law enforcement publicly announced Tornado was used to launder billions by North Korea [1]. Months ago [2]. Everyone continued as if nothing happened. This wasn’t based on hypotheticals.
Just going to point out that Tornado cash did invoke chainalysis oracles for all of their interface tools. The problem is that on ethereum it's not possible to censor a deployed contract.
There is a possibility that miners could collude not to authenticate blocks with tornado cash transactions in them, but that gets into some interesting game theory in a globally distributed system. Not every miner is subject to US law.
> The problem is that on ethereum it's not possible to censor a deployed contract.
It is possible, via a hard work. Similarly as it was possible to transition from PoW to PoS. The question is, if there is political will for that. Clearly changing the protocol rules is possible has it has been done with ethereum in the past, including for censorship reasons (in the earlier hard fork the reason was to cancel a hack).
At some point the law can say "you must do this" and ethereum can either go underground or comply. The countries can higher blockchain experts as well as anyone else can, and word the laws as needed.
It is ridiculous how most crypto people fail to understand that the government can compel you to do a bunch of things and if the blockchain doesn't allow they don't just shrug their shoulders and move on with their lives.
It is delightfully ironic to see code as law slowly chipped away by Law until law is code and you’re back to finance business logic on a slow distributed computer fabric.
As a counterexample to the DAO hack, the parity multi-sig hack of 2017 resulted in over $160M worth of ether being frozen on-chain. There were calls to hard fork Ethereum to return it, but the hard fork was never tenable. That was barely a year after the DAO hack and fork.
Personally, I believe there is a zero chance that a hard fork based on Tornado Cash becomes viable. It's not nearly a big enough issue for enough users to care (and exchanges, and wallet software companies, and stakers). Why would the 90% of users who don't use Tornado Cash risk helping the other 10% perform some fork, knowing that the fork would add fuel to the mutability argument and set more precedent for mutability?
Laws bind people, and people should comply with laws. Technology is not a person.
People who make technology should not be expected to add measures to it to make sure that nobody is ever able to use it to commit a crime. This kind of thinking would have resulted in guns being banned until technology exists for the gun itself to detect who was firing it and what it was being fired at, to prevent any crimes from occurring.
>People who make technology should not be expected to add measures to it to make sure that nobody is ever able to use it to commit a crime
Why not? It's quite common, e.g. a lot of photocopiers have safeguards to prevent currency counterfeiting and will refuse to copy bank notes containing the EURion constellation and other common bank note markers. Pretty much any decent financial software will have sane defaults for audit trails, separation of duties, and so on to try and prevent fraud. Etc.
If you deliberately build something that can facilitate money laundering and ignore finance laws about KYC and mandatory reporting and and so on, you only have yourself to blame if you run into legal trouble. It doesn't matter if you don't like the law or think it shouldn't apply.
>This kind of thinking would have resulted in guns being banned until technology exists for the gun itself to detect who was firing it and what it was being fired at, to prevent any crimes from occurring
You'd have to ban all blades, any kind of explosives (mining), any kind of vehicle, etc. ... a creative person can misuse just about any technology to commit a crime. At some point it is simply not possible to build safeguards. How would you put access controls on a sharp rock?
I don't want to open the whole gun control can of worms, but down here in Australia we have strict firearm control and our firearm-related death rate is very low (0.92/100k population, vs. 10.95/100k for the USA [1]). It still happens of course, but the rate is low enough that strict technological controls wouldn't add much value. And I believe, though can't find the source I remember seeing a while ago, that a pretty big chunk of those are suicides / accidents and there is very low violent crime.
> If you deliberately build something that can facilitate money laundering and ignore finance laws about KYC and mandatory reporting and and so on, you only have yourself to blame if you run into legal trouble. It doesn't matter if you don't like the law or think it should apply.
Do you believe that code is protected speech? Do you believe that people should be prosecuted for publishing source code that has the potential to be used maliciously if compiled and run?
We have a right to freedom of expression and opinion (Australia is party to the International Covenant on Civil and Political rights), but there are a number of areas where this can be restricted e.g. using a telecommunications network with intent to commit or facilitate a crime is forbidden.
I think probably writing/hosting the code might be ok (although Github et. al are certainly not obliged to host it), but deploying it to a cryptocurrency network would be where it becomes a problem. I don't think any reasonable person would believe that Tornado Cash wouldn't be used to commit money laundering offences, and intent does matter when it regards facilitating crime. I would also think that participating in a DAO (exercising voting rights or what have you) that controls a cryptocurrency tumbler would count as facilitating crime assuming you didn't immediately try to shut the thing down once it became clear it was being used for money laundering.
But, I am not a lawyer (and this is not legal advice). That's just my surface-level understanding.
If the people writing the laws wish it, then yes, technologies should be expected to do so. In practice, your gun detector wouldn't solve all gun crimes, just like crypto regulations don't stop all crypto crimes and littering regulations don't stop all littering crimes. They just reduce those crimes to the point that society seems reasonable.
Also, with PoS coming in a few days, the game changes. IIUC, stakers will be obligated to validate all (valid) transactions unless they are willing to forfeit their staked ETH... No preferential treatment anymore.
(This is still new to me, please correct me if I'm wrong)
Even if the "vast majority" of stakers agree with the regulation, the regulation is ambiguous as to whether stakers are expected to refrain from including TC transactions in their own blocks, or actively orphan all blocks that include TC transactions. The latter hurts their staking revenue and effectuates a soft fork. (Staking revenue is hurt due to the inactivity correlation factor that the network uses to calculate rewards.)
If the regulation only demands the former, then the network will continue status-quo, except that TC transactions may take a couple minutes to be included instead of 12 seconds.
> Normally, there'd be an aspect of plausible deniability
If it was publicly known that you had exactly 1 ton of legally acquired gold in your house, would you feel perfectly safe sleeping at night? Is there not 1 sicko out there that would be willing to torture your family to find the combination to your vault?
Plausible deniability exists here. It's called wanting privacy, and there's perfectly valid and non-criminal reasons to want privacy, despite repeated false claims.
Here is the problem. Many cryptos are not actually anonymous. If somebody has somebody's wallet address, they can look into tracing information about them like their net worth and their purchasing history. Even if you were smart enough to use a different wallet address for each transaction, you inevitably have to spend money to live or send money to others and then you can be traced. As tools grow more sophisticated and more data about wallet address ownership gets out there, the more at risk people will be. And once your identity gets out there, there's no shaking the ability to track it short of some form of mixing or obfuscation. In an of itself, mixing or trading to obfuscate your identity shouldn't be considered a crime or unreasonable in the slightest.
> Why don't you use the traditional banking system, which doesn't result in publicly listed transactions?
You mean the banking system that freezes protesters' accounts when they do something doubleplusungood?
Personal choices that don't violate the rights of others shouldn't require any explanation to retain your rights. But it's not hard to think of a lot of reasons for somebody to use crypto over banks besides the state not being able to trivially shut you out of your life. There's other good reasons to choose crypto over banks, but that's a good one in my book.
Exchanges could freeze any crypto you deposit with them and seize any UTXOs originating from your wallet just as easily. That's another reason to avoid crypto, having to worry about where it came from.
And I struggle to find a legitimate use case for being required to share anything whatsoever with any authority without a court order.
There is a huge difference between sharing the details of your finances with a tax or other authority by default and them being able to compel you to provide such information if they have good cause to believe (and convince a court) that you are evading taxes.
The fact the government required six illegitimate things of me before breakfast does not make them legitimate, it just means the abuse has become normalised to the point that people start believing this shit is reasonable.
I assume you mean the overturning of and the lengths to which certain states appear to be going in order to determine whether women have attempted to have now-illegal abortions?
I'd agree that's a pretty reasonable example of why we still need the ability to pay for things in an untraceable manner and why to object to any attempt to phase out cash as a legitimate method of payment.
But I'd also much rather have constitutional protections that don't allow governments to declare consensual surgical procedures on your own body to be illegal.
> But I'd also much rather have constitutional protections that don't allow governments to declare consensual surgical procedures on your own body to be illegal.
Interesting concept, but a few quick thoughts on this.
1) I'd only point out that there exists a point of view that that says that a baby's body is a separate life from a woman's body.
2) Such a constitutional protection would open up some very complicated issues when it comes to children, particularly with regards to sexuality.
3) Many of the same people who very eloquently speak out on personal choice in some medical matters "lost the plot" during Covid. Who can credibly make this argument and advocate for such a policy credibly?
Well I have no desire to turn this into an abortion debate, but it certainly concerns me how easy it is in a country like the US for governments to criminalise women's personal health decisions. But mainly it is a reminder that there likely will always be legitimate reasons to hide your activities from authorities in certain cases.
> 1) I'd only point out that there exists a point of view that that says that a baby's body is a separate life from a woman's body.
By that point of view it would be reasonable to separate both bodies if one of them wishes to be left alone, so both can move on with their lifes. Equal rights.
The vast majority of the time, you don't need a wire transfer. And if your debit/credit card doesn't work on the weekend, you need a new bank; That's not the fault of banking as a whole.
Sure. But, examples like buying a high end guitar off criagslist, or a car from a private party, aren't less of a use case because they aren't every day transactions.
> In an of itself, mixing or trading to obfuscate your identity shouldn't be considered a crime or unreasonable in the slightest.
"Financial privacy" isn't a real thing, because you owe taxes on income and investments. Can you explain to me how your tax assessor is able, then, to properly identify your income and tax you on it as appropriate?
(Money laundering and tax evasion do not always go hand-in-hand. Many launderers pay taxes as a cost of doing business. Cryptocurrency mixers seem to treat tax evasion as a feature.)
Privacy exists even if the government violates it due to their tax schemes. A _right_ to privacy may even exist as a natural human right.
If a country decides collectively that this is the case, then what ought to change is the tax policy, not every user service.
We can argue over how easy it would be, but I would presume its possible for a government to switch over to taxing hard assets like land, machines, and shipments at ports rather than income and investment products if we decide those should be shielded by a right to privacy.
Most of human history existed without a tax on income or loans (investments), an argument that a right cannot exists because of the present tax structure is like the ultimate status quo warrior-ing.
> If a country decides collectively that this is the case, then what ought to change is the tax policy,
Your post is largely meaningless because, while this line is inarguably true, this also hasn't happened and so AML and KYC are still a thing--and there's precious little to indicate that anyone really cares about it aside from starve-the-beast conservatives and cryptocurrency enthusiasts, and that's not a majority.
If a country does decide so collectively, great! We haven't. So yeah, it's illegal, and the currently-fictive right to financial privacy remains so.
I guess we differ on what rights are. I am arguing that a right to privacy including financial privacy could be a natural right and its recognition or lack thereof alone by the _current_ tax scheme cannot inform of of its existence or not.
The legality under existing laws has nothing to do with whether the right exists or not if its a natural right.
I also fail to see how one could construct a right to privacy that would include communications but not include financial transactions especially exchanges of value done over a btc-protocol (or one of its descendants) that exchange value with pure speech.
If congress and/or the judiciary was full of privacy enthusiasts, then the tax law would be changed majority be damned.
Your employer has your salary on record, so having financial privacy in no way prevents taxes being collected. Likewise you trade stocks through a broker, who knows how much you have in your brokerage account.
If I had 45 million dollars in my house, I'd look into whatever the hell individuals of that net worth are doing to protect themselves.
Which, as I understand it, mostly consists of not keeping it as a gold brick in their basement, and not living in a shitty neighbourhood. It's harder to rubber hose attack someone who isn't keeping all their wealth in a crypto wallet.
The chief purpose of a mixer is financial privacy. It’s just that on a public blockchain privacy from snoops and privacy from law enforcement can’t be differentiated.
If the Treasury or Dutch authorities are to be believed, the chief purpose of this mixer was to facilitate money laundering. That is key to this entire discussion: they have reason to believe that Pertsev knowingly ran a money laundering service, rather than running a service that criminals can abuse to launder money.
That's interesting. As a Tornado Cash user, I have never associated this with an intentional money laundering service, but rather a bunch of developers advancing zk-SNARKs and other cryptographic primitives.
As someone who was excited by the original Bitcoin whitepaper back in 2011, zk-SNARKS was what excited me about cryptocurrency again in 2021.
Your association isn't what regulators are concerned with. They're concerned with the intent of the creator and operator of the service, which is why he's the one who's been arrested.
And you're buying into propaganda suggesting someone pushing the envelope in cryptography is creating tooling specifically for money laundering. 30 years ago, the NSA toed a similar line in their war on PGP, saying it was used in practice for "money laundering, child pornography, and terrorism" - https://reason.com/video/2020/10/21/cryptowars-gilmore-zimme...
For the umpteenth time in this thread: intent matters. Regardless of what the NSA said 30 years ago, it is manifestly apparent to every single person in this conversation that neither HTTPS nor PGP nor any other cryptographic scheme designed for individual privacy was designed with money laundering in mind.
At the absolute worst, they were agnostic to the presence of criminal activity. This is in contrast to Tornado Cash, which was repeatedly told that their service was being used to launder money.
What project? PGP was bundled up and thrown onto the Internet; there was no development or services community established around it. The US Government threw a hissy fit over that and they ended up distributing it as a "book" instead, converting it into a question of free expression.
There is no meaningful sense in which PGP could ever be said to "facilitate" terrorism in the same way that Tornado Cash is rightfully characterized as facilitating money laundering. PGP is a program that runs on your host, encrypting your email. Tornado Cash is a service, run by an individual who was warned to cease serving sanctioned entities, and failed to do so.
> Tornado Cash is a service, _run by an individual_ who was warned to cease serving sanctioned entities, and failed to do so.
This is false. The (vast majority of the) Tornado Cash contracts were either deployed to Ethereum as immutable contracts, or updated in 2020 to revoke mutability (once the final zkSNARK parameters were included) [0], meaning that they could not later be updated by the user(s) that deployed them. Arguing that Tornado Cash is run by an individual means arguing that the entire Ethereum network is run by an individual. There was no way for a warned individual to comply with that warning.
>The (vast majority of the) Tornado Cash contracts
Thousands of little contracts doesn't absolve a financial institution from a few many-billion dollar illegal transfers, especially after they've been warned repeatedly.
What do you mean by "thousands of little contracts"? I haven't looked at Tornado's source code too much, it's entirely possible there are additional contracts created by their contracts as part of the protocol, but this would be pretty unusual.
Usually a smart contract protocol is a set of contracts working together, deployed to the blockchain, which provide application logic that executes regardless of who is interacting with it (via "transactions")
Thousands of different private keys doesn't absolve a corporation from billions of illicit conversations, especially after they have been warned repeatedly.
Ignoring the front-end (which is unnecessary to use it), Tornado Cash is a protocol, run by a decentralized network of computers. The code for the protocol is shared by a network of computers execute this code according to specific rules and validate transactions. A specific deployment of the code was sanctioned, but this means anyone else using the code (which has to be deployed to this network to be used trustlessly) is risky to use now
Well it probably was, among other things. But we're censoring a network here, not just a tool. Nobody is making the cryptography behind Tornado illegal.
The open source software and cryptographic protocol is implicitly targeted with this order. You can see it in how private companies are now handling the Tornado Cash code and contributor accounts. If you create a similar privacy tool with zk-SNARKs do you really think it won’t also become a target for sanctions in time?
This is known as “chilling effect” in a legal context.
To expand on this, the chilling effect here is that even if the code behind tornado cash isn't explicitly illegal, using it on a blockchain in practice is incredibly risky.
People who might otherwise want to use this for financial privacy would be wary, since if they deposit funds to the contract, they don't have any way to know if they'll be able to use the unlinked funds later if withdrawn.
> have never associated this with an intentional money laundering service
Most customers of a canonical money launderer, a laundromat, don’t realise it’s a front. That doesn’t matter if the owner is laundering money.
Tornado laundered money for North Korea [1]. (It announced this months before the sanctions, a period in which the developers could have reacted but didn’t [EDIT: in any meaningful way].) That it was also obfuscating legitimate flows is frankly irrelevant.
> Tornado devs blocked all OFAC addresses from accessing the frontend, which is the only power they had, since the contracts themselves are immutable
Which does nothing in practice. Any AML lawyer would have advised them so. The fact that the service was designed to be incompatible with the law isn’t a get-out-of-jail card.
I read the lawsuit in question. None of the plaintiffs were arrested. Their issue is that OFAC overstepped the bounds of their statutory authority, which none of your arguments address.
I'm also not aware of what US law would have been violated by either
1. Coding and publishing the tornado source code
2. Deploying several instances to the blockchain in 2019.
There's no US prosecutions based on creating or operating tornado. The Dutch one has not charged the person they arrested yet, according to https://www.coindesk.com/policy/2022/08/24/alleged-tornado-d..., so I don't know what unlawful actions they think he's responsible for.
> issue is that OFAC overstepped the bounds of their statutory authority, which none of your arguments address
Plaintiffs' argument relies on Tornado Cash not being "a person, entity, or organization" [1]. The complaint declares OFAC exceeded its statutory authority, but provides no specifics. (The code cited in ¶ 9 [2] gives courts the authority to tell agencies not to do bad things. That isn't an argument for or against OFAC's specific actions in this case.)
In summary, it's a hope-and-a-prayer complaint. Maybe someone at OFAC fucked up the paperwork, thereby giving rise to some modicum of relief.
> What would you say about Signal, designed to be incompatible with the law around lawful subpoenas?
It’s not. Subpoenas require handing over what you have. If you don’t have it there is no obligation to disclose. Signal may run afoul of data-retention laws. But there are no such requirements in America.
Not sure. Their problem. If the only option was shutting it down, that. It would have looked better, which could have prompted sympathetic legislation. At the very least, it would have likely avoided sanctions.
Close down until you figured out a way to react. Money laundering is serious crime, helping North Korea is as well. Tornado cash did apparently both, and authorities gave them a heads up. If it was me, I would close my shop down.
It cannot be shut down. The contract is immutable. It's still live, and it will still be live for decades to come, with new duplicates of the contract being published every day.
> It cannot be shut down. The contract is immutable.
If that’s truly the case, shut down as in stop developing it and advise users to stop using it. Then the addresses get sanctioned and nobody is surprised.
The part where Tornado Cash as an exchange couldn't shut down for a while. And the fact that those, well, "contracts" cannot be nullified like literally any other contract signed in any jurisdiction is troublesome in itself.
Lucky for Elon that he didn't use one of those contracts to buy Twitter.
Don't get confused by the terminology and don't get into word-thinking. A "contract" on the blockchain is nothing like a "contract" in the legal sense. Even if I get your signature on a blockchain saying that you are transferring your assets to me, there won't be any court willing to uphold this. In the same vein, it's not because that people talk about TC as a smart contract that gives it legal backing or makes it subject to the legalities of a "real world" contract.
You could call it "stored procedures" if you prefer, but at the end of the day outlawing tornado cash based on its code is as ridiculous as outlawing RSA.
What you describe, person A agreeing to sell over something to person B, even if just verbally, is a legal contract. Verbal contracts are perfectly legally binding, if somewhat hard to enforce for lack of proof. The lack of proof part is not a problem when it comes to blockchains, is it?
Just because it is virtual doesn't mean real world laws don't apply. What gave you that idea?
> person A agreeing to sell over something to person B, even if just verbally, is a legal contract.
This is not at all what I am saying. What I am saying is that a contract is the definition of terms of a transaction, while a smart contract is the execution of a transaction.
A "contract" defines what parties are supposed to do and the courts use to determine the legal process in case of disputes. Enforcement is not part of the contract.
A "smart contract" is just about enforcement. It makes no sense to talk about the "smart contract" being legally binding or not, much like it makes no sense to talk about "running computer code" or "firing a gun" being legally binding. Sure, you can discuss if the actions resulting from someone running a program to be legal or not, but this has nothing to do with those actions where established in a "legally bound contract" or not.
To put a proxy contract means that there will be an admin able to make contract upgrades. IOW, you need to have offchain trust in the contract deployer. This is widely regarded as a measure that defeats the purpose of decentralization.
So, yes, you could have an upgraded version of TC, but if you want to go that route you might simply use a centralized exchange as a mixer.
Sure, you are partially correct in your understanding.
I was only responding to some one who doesn't understand the ETH tech stack who said it was impossible. It most certainly isn't impossible and proxy contracts are how we deal with things like this in ETH.
You can't reasonably expect a random commenter to have full insight into their legal situation. They should have talked to their lawyers and found options. There is a chance that their financial service is incompatible with the laws in some jurisdictions, and so they might not be able to do business in those jurisdictions. Financial services are heavily regulated...
I think you’re confused about the facts of the situation here. There was no financial service being operated. There was no ongoing business. There was open source code that was thrown over the wall and was locked on the blockchain and immutable.
There's nothing inherent to Tornado Cash that makes it better for money laundering than for privacy.
It's very basic software from a functionality perspective. You put coins into a pool, then at a later date, you take coins back out of the pool. That's all.
It's hard to ascribe specific intent to a system like that, beyond the intent to give people a tool to transact without the entire history of their account being broadcast publicly and permanently on the blockchain.
No, that would be the chief purpose of reddit.com. Try posting CP to r/furries and see how long that sub, (or reddit itself if they ignore it) stays online.
Tornado Cash ignored the warnings. Enabling money laundering and providing a means to avoid economic sanctions will get you in serious trouble.
You hit it on the head: this is a War on Privacy being presented as a war on money-laundering. The biggest money laundering schemes involve commercial banks and real estate (*ahem* TRUMP! *ahem*....) and not online cryptocurrency schemes. It's not like the North Koreans have no other way to mask the trail on what they steal, and I suspect those saying they are certain the North Koreans are bad guys here will insist they cannot divulge how they know this (under the aegis of National Security or some other excuse).
> I suspect those saying they are certain the North Koreans are bad guys here will insist they cannot divulge how they know this (under the aegis of National Security or some other excuse).
My understanding is that the aegis of National Security isn't unwarranted sometimes. For example, if they know NK are bad guys here because one of their spies literally witnessed the laundering (as a secretary, paper-pusher, programmer, or similar) then there is no way to disclose the source. Even a "we have an eyewitness" will tip NK off to look into the people in the process (NK will be able to definitively rule out their technology being hacked, or a bug planted somewhere).
Too bad for national security that people have rights.
I saw a post recently about the fact that nobody could easily identify the users of pay phones in the past and how modern day lawmakers would probably ban them out of fear of anonimity. It showed just how much privacy the average person has lost over the years...there has to be pushback.
Most ledgers are not public, or based on any methodology requiring public view, because the only way to both transact, keeping intact a tightly coherent paper trail as required by law is, and ensure privacy is to not make the ledger available in all it's glory to everyone.
Doing what Tornado.cash does, is by definition, laundering, and if you didn't want your financial matters known to the world, mayhaps you should not have used a technology based on public ledger?
Tornado cash does something different from money laundering. If you use TC you can actually provably undo the mixing and reveal your financial history to a third party. If the government came and asked “what’s the source of these funds?” You could open the commitment and show which input is yours.
It just breaks the last model law enforcement is used to where they just siphon up all private financial data for their own uses.
In the U.S. this is a no go for criminal investigation, as there is no way law enforcement to compel you to offer up that proof that isn't able to fall under 5th Amendment protections, whereas Third Party Doctrine actually gave them a way to get at the tramsaction chain through the service provider. Now, unless you want to run into some creative reinterpretation of the 4th and 5th amendments a la the definitional butchering that is generally applied to the 2nd you can't push that question onto someone who is the subject of credible allegations of money laundering
Believe it or not, there is such a thing as a pointedly not implenented feature. This has been one of them, because it is the difference between essentially making financial crime tractable to investigate vs. not.
I'm not taking a side, just trying to make more obvious some of the more subtle nuance most people won't articulate for you, as it tends to be part of "the quiet part". You must employ 2nd and higher order thinking to the U.S. and international regulatory state.
GP isn’t wrong, though. Even if the primary value of Tornado Cash is dubious, I’m still uncomfortable with the contemporary attitude of “block first, ask questions later (maybe)”.
Everytime a major bank is caught doing something like that, UBS and Deutsche Bank come to mind, there is huge outcry about the lack of consequences. If a crypto exchange get's caught doing it, and there are consequences, there is huge outcry (among certain people) because there are consequences. Added severity, in the case of tornado cash, was helping North Korea. So not just money laundering but also circumventing sanctions that are taken very seriously by every political power that actually matters. Heck, even the Chinese at least try make it look like they adhere to the North Korea sanctions.
It's plain old double standards, Tornado Cash is the "peoples" money laundering service, anyone can use it, so it could be of benefit to them at some point.
Global banks that could facilitate the same thing would only consider doing it for the super-rich to hedge against the possibility of getting caught and fined. So are not open to the average person, hence people have no problem calling for them to be held to account.
Both should get the same treatment. That goes doubly for the global banks that have historically caused far greater problems than TC.
Banks are organizations made out of people who can be held responsible. Tornado Cash is a piece of software that is not run by any person.
Banks can be fined and people can be imprisoned, but you can't fine or imprison software. The Treasury ban is a direct ban on software, which is a departure from precedent.
That's what makes this legal case unique, and why it's not simply a double standard.
Note that "money-laundering" is only a thing you have committed if you are dealing in funds that are the proceeds of another crime. If you are not committing another crime, you are more than welcome to conceal the source and destination of your financial transactions.
The chief selling point of Tornado Cash was addressing the significant privacy problems inherent in a currency based on a public ledger. The idea that we should destroy privacy tools because criminals use them is ridiculous.
I think the First Amendment might have something to say on the matter of "the president" unilaterally prohibiting people from interacting with code, something that has already been determined to be protected by the right.
The chief selling point of Tornado Cash is money laundering
Firmly disagree. The chief selling point of Tornado Cash is a mixer. Please see my reply to essentially this same misconception a month ago, which includes concrete, legal use cases:
It can be proven they're not agnostic by doing the bad data test (malware, supposed (not real) child porn). If it gets removed, that's a sign of moderation. And all big, previously known torrent or DHT hosters remove such. Combine it with the fact an %x is illegal content (e.g. copyright infringement) which does not get removed and you have a case.
Yes it can. The vast majority of crime is done with paper money.
This is also why cops willy-nilly decide to seize it if you have too much of it. There are countless examples of normal people who happened to have large sums of paper money, on their way to buy a vehicle, being stopped and their life savings being taken away through civil asset forfeiture.
I have no problem with Tornado Cash being openly available software under a permissive license. I have a problem with people running a Tornado Cash-based service that is really just a money laundering service.
You should take a step back: "open source" does not rinse away the underlying properties of a service. I can't write and deploy a web application that contracts hitmen and use the MIT license as a defense; the latter simply isn't being litigated.
Money crimes should be prosecuted and solved at their start points and endpoints, not within the financial system. Failure to adhere to this standard is why we no longer really control the money in our bank accounts anymore. Want to send a wire to your friend living in the middle east with a sketchy name? Might get flagged. Want to purchase something out of the ordinary for you online? Your debit card will probably block it at least at first. Law enforcement has become lazy and we have as well. Instead of solving actual crimes, we just use ML algorithms to find sketchy-looking transactions and then block them and investigate later maybe. This has significantly reduced our privacy and freedom at a much higher cost than the purported gains. This is the whole motivation behind the original push into crypto in the early 00s. We need something not beholding to any government that is as good as cash but digital, and the US gov sanctioning a mixer is just proof of this dire need.
> Money crimes should be prosecuted and solved at their start points and endpoints, not within the financial system. Failure to adhere to this standard is why we no longer really control the money in our bank accounts anymore
That's easier said than done. It's drastically easier to catch crime by it's results (money) than in the act. Famously that's how Capone was caught. And what would be the advantage of that, to anyone? I doubt that erroneously flagged transactions are a real problem. Do you have any numbers on the matter?
And this is where it gets fun. Banks will absolutely not tell the customer that their transaction is flagged for one reason or another partly so that they do not lose their 'safe harbor' status under BSA. Any numbers you will see might be from the government, but FinCEN is relatively tight lipped about those for a variety of reasons. The discussion is taking place now, because it has become fairly onerous on an average person, who sends anything to MOHAMMED HASSAN. Instead of data, I can only offer anecdata. Long long time ( or not long ago depending on your perception of time ), we had a person, whose transaction matched some OFAC info, which resulted in bank holding the transaction. I cannot go into details beyond saying that eventually even OFAC representative seemed to admit to that it does not seem to apply to him. To the best of my knowledge, a year after that person still did not get his funds.
It may have not happened to you, but I do not think it is as uncommon as you think. Parent is right. We are doing this backwards.
Yeah, but those numbers are not reported beyond those parties and for a good reason. That is why I listed FinCEN as a source, because they typically put some data out.. just nothing that could be useful for this discussion.
I suspect a federal open records request could get a count by month. Would need to craft request so it is clearly not going to ask for detailed info. And be ready to sue if they deny the request.
What's the difference between money launderying features and privacy features?
Tornado Cash in itself does is not launderying money because you still have to prove to the IRS how you got the money or the asset(i.e bills, invoice etc) and you still have to obey KYC rules. You can't just say the money is from Tornado Cash and be done with it.
Is the U.S Mint a money launderying service because it provides an untraceable method (cash) to conduct transactions?
The features don't matter. What matters is intent and demonstrating that intent.
Both the Treasury and Dutch authorities have reason to believe that Tornado Cash was operated with the intent of facilitating money laundering. It's up to a court to determine the veracity of that accusation.
Not only am I not a court of law, but I specifically said that it's up to a court to make a decision of legal guilt here.
In the mean time, yes: the government is allowed to halt activities that it believes are part of an active criminal scheme. Every country with a functioning legal system proscribes this, and establishes a broad swath of controls to ensure that the government can't indefinitely tie up resources.
FWIW, the money sanctioned under OFAC is still that of the owner so there is a process in place that has a semblance of the rules of law. However, getting that money released by the bank is nothing short of a herculean effort based on cases I have seen over the years.
-- if I move $10k - my institution automatically tells the government I moved $10k - if in the US - the receiving institution also tells the government - I don't have an expectation of privacy - is this also true with Tornado Cash? --
To your last question, this is why financial institutions are required to report cash transactions over $10,000. There are a number of constraints on how untraceable cash is.
No. Also, there were several recent articles/speeches from various AML/BSA/Fraud folks to lower that amount even further for several purposes including CTR. For better or worse, BSA has become its own industry with a lot of money riding on keeping things annoying to regular people ( and barely doing anything to stop actual criminals, who have skills, patience and resources to bypass all the safeguards ).
> What's the difference between money launderying features and privacy features?
Really good question.
I'd say "if your privacy feature allows you to trade above the trigger limit (usually 10K USD/EUR/GBP) without having to state the source of your funds, then it's actually a money laundering feature"
If the funds aren't procured through criminal activity, then it can't be considered money laundering. Only if the individual doesn't declare a taxable event to a tax authority has a crime been committed.
no, it's money laundering even if the funds haven't been procured from criminal activity. The regulations don't care where the money comes from, they're just specifying what reporting needs to happen around the movement of money. Not being able to properly describe where the money comes from is a crime.
I've worked in the finance industry, and I've worked with people who've seen bad guys turn up with suitcases full of other people's money. I'm totally happy that these regulations are in place.
>>no, it's money laundering even if the funds haven't been procured from criminal activity.
You are wrong.
FINCEN "Money laundering involves disguising financial assets so they can be used without detection of the illegal activity that produced them."
WIKIPEDIA "Money laundering is the process of concealing the origin of money obtained from illicit activities such as drug trafficking, corruption, embezzlement or gambling, by converting it into a legitimate source."
KYC applies to money transmitters directly. End consumers only indirectly by virtue of any financial institution ending up in hot water for non-compliance.
You don't get to shift regulatory burden to the consumer.
You actually could publish “illegal code” because code is protected under 1st amendment, as free speech. Legal precedent has been set by Bernstein v US DoJ.
There is an open question about whether publishing non custodial contract code on Ethereum counts as providing a service. If you post 10 lines of immutable code onto Ethereum, and some years later a user chooses to run this code on their machines for criminal behavior, should you be prosecuted?
An AK-47 is not relevent to a murder investigation.
There are thousands of them in the U.S. and owned by innocents. It would be unreasonable to come after all AK-47 owners because one was used in a crime. Rather, it would be up to the cops to find other facts about the weapon, perhaps how much more metallic it looked than your standard AK, and in which spots. Wear marks can be just as revealing as serial numbers.
It's a service specifically designed to facilitate money laundering. It's a bit like running a business that produces paperwork to make stolen cars indistinguishable from legal ones - there's no reason such a service should be allowed to exist.
That's like saying knives are designed to facilitate murder.
TC is made for privacy, which either is or should be a basic right.
Without tools such as TC if I send you money, show you some POAPs[1] I own, or otherwise interact in any way with my crypto, it is fairly simple to deduce or make educated guesses of how much crypto I own, who I send it to or from, and more. This has serious implications not only for privacy, but for safety reasons too.
TC makes it so you can transfer from your cold wallet to your hot wallet, without trivially revealing what your cold wallet is (and thus your funds).
Furthermore TC also allows you to keep a receipt of these anonymous transfers, so you can in the future prove the origin of your funds or reveal such transactions.
> That's like saying knives are designed to facilitate murder.
There are plenty of knives that are designed to facilitate murder, and they are correspondingly regulated.
We don't regulate kitchen knives in that way, because they don't represent the same intent.
If your financial instrument leaks all of your transactions and makes you a target of criminal scrutiny, you should consider using a different instrument. Society is not going to throw the baby out with the bathwater to accomodate your public immutable ledger.
Come to Scotland, we do regulate kitchen knives in the same way as we regulate knives designed as weapons.
It's actually quite challenging to find a decent pocket knife that's legal to carry here: if the blade locks in place, it's not legal. So pretty much any Leatherman or Gerber that's not one of the mini ones is out, and all the cheaper brands are the same. I've taken to carrying a Geekey[1] and a knock-off Raptor[2].
[1]: https://geekey.com/ -- although the feature being headlined is the one I'm least likely to use.
Victorinox split their pocket knives into three categories: small, medium, and large. Only the large are comparable in size to multitools, and they all seem to have locking blades.
I'm actually pondering getting a basic medium-size pocket knife though, to complement what I'm carrying at the moment. Thank you for reminding me :).
Case in point. Ginsu knife - not regulated. Switchblade - regulated. One is intended to slice a tomato, the other is intended for concealed carry and stabbing people (who are not a tomato).
Odd that you would bring up a tool banned in a wave of media-provoked hysteria, one so useful to the disabled that the ban has been overturned, which was never in fact intended as a weapon, isn't a very good one, and just looks cool.
Probably because banning knives is ludicrous behavior, so there aren't better examples.
You're right - the switchblade is an odd example. I've now learned a good bit about it from that link!
But the core point is that societies will ban things that generate more harm than benefit, be it real or perceived. This is the crux of the gun debate in America right now.
It also depends on context. You can't bring a kitchen knife on an airplane. You will get funny looks from most if you walk around outside with one, even if that isn't specifically banned, but laws evolve out of social convention, so if enough people did it, you could plausibly see it legislated. I'd bet that if you committed some other offense like public intoxication or indecent exposure, and then resisted arrest, you'd have a couple knock on charges regarding said knife.
So here's the context for TD AFAICT: crypto is a competitor to fiat currency and all the hegemony that comes with it. It is a power play, and power doesn't come for free, and often is ultimately paid for with blood. Governments aren't just going to let a new wild west open up on that without any say-so. I think crypto enthusiasts either don't understand the implications of the tech or reject them on philosophical grounds, which I sympathize with but understand that doesn't change the reality as far as every stakeholder is involved.
True, walk around with a Ginsu knife outside and you better have a chef's hat on...
I'm not sure I 100% agree with the statement "crypto is a competitor". Sometimes it's a currency, sometimes it's a commodity but at the end of the day, it's a store of value that humans own.
US dollars deposited in a bank and crypto in a wallet are owned by the same people, so it cannot be a competitor. It's just another asset class. The fact that Coinbase is a publicly traded company shows that the US government 100% accepts crypto as what I've described.
What they do care about are items and processes who's main purpose is for illegal activities. Guns are a perfect example. You want to buy and register a gun from a licensed dealer, no problem. You want to buy one from a guy in a van and scratch off the serial number, that's a problem. In the eyes of the government, Tornado Cash is too much like the guy in the van.
>> There are plenty of knives that are designed to facilitate murder, and they are correspondingly regulated.
We don't regulate kitchen knives in that way, because they don't represent the same intent.
I'm pretty sure the majority of knives used for criminal activities are rather kitchen knifes.
Compare Tornado Cash with cash money and tell me how they are different. Being untraceable does not make it a criminal instrument or does it? Is it criminal to conceal your financial transactions from the government?
> I'm pretty sure the majority of knifes used for criminal activities are rather kitchen knifes.
Regardless of whether this is true (which it probably isn't, at least in the US), it doesn't change the intent. We regulate different things differently based on their intended use.
This should cover your second question as well. Intent is what the government cares about in this instance. And yes, it is indeed illegal to conceal your transactions from the government, at least insofar as they concern money that the government is entitled to tax or review.
It is not that straightforward, but as general statements go, you are not wrong. The issue seems to be that the government lately ( via various distributed actors ) has recently deemed some entirely legal transactions unsavory, which then banks/processors and so on deemed as risky and then those unsavory yet not illegal transactions become defacto verbotten. I hate to say it, but it really is one of those 'the tighter you grip' situations. Case in point, one few years ago, most people did not know what SDN list or OFAC is. But now more and more customers, and not just business customers seem to be aware of how expansive BSA really can be.
In the life without crypto. The only way to achieve this is like movies in the 80s, you hand over a suitcase of cash and get whatever you need.
With the invention of paperless transaction, Government steps in and ensure every transaction record is there to show the party of the transaction. This happened, before the invention of the internet.
If you wanna fight, then you will have to undo all the legal changes.
Compare of the little loss of the privacy, and the possibility of funding the evil state like North Korea and its infamous neighbour. I would choose get rid of the evil country.
> Compare of the little loss of the privacy, and the possibility of funding the evil state like North Korea and its infamous neighbour. I would choose get rid of the evil country.
Damn, those goalposts moved like lightning. From "making it a bit harder for North Korea to get a bit of extra cash" to "abolishing the North Korean government" in a single sentence.
Financial privacy is a limited right in the US (and in most other countries), you’re not allowed to hide financial assets or transactions from the government. You can think that’s bad, but it’s unambiguously the law (the Supreme Court ruled on the constitutionality of the Bank Secrecy Act back in the 70’s.) The sanctions were entirely predictable, no one should be surprised.
> The Bank Secrecy Act (BSA) is U.S. legislation aimed at preventing criminals from using financial institutions to hide or launder money.
> The law requires financial institutions to provide documentation to regulators whenever their clients deal with suspicious cash transactions involving sums over $10,000.
> The law does not require documentation for every transaction over $10,000, but businesses must file Internal Revenue Service (IRS) Form 8300 if they receive more than $10,000 in cash from one buyer.
So are casinos, banks, money exchanges, and hot dog stands. There are tons of reasons for wanting privacy that have nothing to do with money laundering. Avoiding kidnapping & ransom because someone can’t see the size of your crypto wallet for example.
None of these things has an efficient end in laundering money. That's in contrast to Tornado Cash, which was designed to launder money.
In other words: you can use a hot dog stand to launder money. But if you were to intentionally establish a hot dog stand for the purpose of laundering money, the government would be absolutely correct in seizing your stand.
You're almost getting it. We still allow hot dog stands to exists, even though you could launder money via them. Instead, we let police investigate cases where money laundering is happening, and if it happens to be via one hot dog stand, take down that specific one. Rather than banning hot dog stands in general.
Same goes for Tornado Cash. It was not designed for money laundering, although you could use it for that. If the US government finds cases of money laundering happening, take down the entities doing the money laundering instead of attacking a tool.
If you think Tornado Cash was designed for money laundering, please point us to the documents where this is mentioned. I've personally followed the development of the project, but never saw any mentions of money laundering at all, anywhere.
> take down the entities doing the money laundering instead of attacking a tool
This is what they’re doing. North Korea laundered money via Tornado Cash [1]. Authorities announced it and watched Tornado Cash do nothing. So it got sanctioned. Every other mixer is untouched.
No, Tornado Cash is code, not a service operated by any entity.
North Korea also used HTTP for navigating websites which helped them hack targets and also launder more money. Banning Tornado Cash is like banning the HTTP specification/IETF for that, instead of going after the group in North Korea doing the money laundering/hacking.
The sanctions are literally added to the OFAC's SDN list, and consists of addresses and contracts. Neither of those things are services or operations, they are quite literally just executable code. See for yourself: https://home.treasury.gov/policy-issues/financial-sanctions/...
> consists of addresses and contracts. Neither of those things are services or operations, they are quite literally just executable code
Guns are quite literally just atoms. The context matters. Not all guns are illegal. But ones used to commit crimes will get lawfully seized. The code exists in context, and the developers’ actions and intentions are relevant. None of this is novel.
>No, Tornado Cash is code, not a service operated by any entity.
This is the kind of sociopathic irresponsibility that's too common in tech. "Oh, it's not my fault my lab-grown monster decided to terrorize the countryside!"
OFAC's attacks on privacy are sociopathically irresponsible, and unlike Tornado Cash the federal government has actual monsters with weapons terrorizing the countryside.
I think danaris's point stands - if you design an iron maiden style murder chamber but simply alter the name to "one time use changing room", you're not fooling anyone, the purpose is still clear, and illegal.
Alright, so there is no proof that Tornado Cash was setup to facilitate money laundering, yet so many here on HN keeps saying "was designed to launder money". What does "designed to X" mean if not that the tool itself was intentionally, purposefully and explicitly made to do X? And if that's true, why isn't there any public evidence of that being true?
They did not include an automated KYC process for when the transactions are larger than 10k USD.
Therefore, they intended it to be used to hide transactions from the US government. They could have also limited the service to not run on amounts larger than 10k?
I think the confusion is one of definitions. Basically, the whole point of cryptocurrency tumblers like TC is to obscure the original source of funds. That can be used for both legal and illegal funding sources. I think some folks in this thread are using the term "money laundering" to refer to both legal and illegal fund-source-obscuring, while others are using it to refer purely to illicit sources.
You're almost clever... Tornado is accused of being designed to facilitate money laundering and, realistically, has very little other purpose.
By contrast, a hotdog stand is typically designed to cook and sell hotdogs and, in the rare instances where money laundering occurs, it's not a primary service the hotdog stand offers to clients, and will still get the owner arrested.
> You're almost clever... Tornado is accused of being designed to facilitate money laundering and, realistically, has very little other purpose.
It does have other purposes, hiding transactions from the public, which I have used Tornado Cash for many times in the past.
> I used Tornado Cash (non-US citizen here) for hiding transactions from the public (not hiding from the government), and when I filed my taxes, I still accounted for everything that is stored there + transacted via Tornado Cash, just like I do for my bank account. Appendix contained instructions for how they could access the proof of my transactions and accounts to verify themselves.
Not sure why people think what I did should be illegal, I'm paying my taxes and declare everything just like everyone else, but somehow I shouldn't be allowed to hide my transactions from randoms on the internet?
> somehow I shouldn't be allowed to hide my transactions from randoms on the internet
You can do this. But it doesn’t come without risk.
If you kept using Tornado even after it was found Pyongyang used it to launder money, yes, you lose your money. It’s analogous to local law enforcement announcing a laundromat has been laundering money for the mafia, and then—months later–someone getting upset the clothes they dropped off have been seized. They may eventually get them back. But there is reasonable suspicion in the meantime.
1) Those are major banks. Many thousands of people have accounts with them for 100% legitimate purposes, and most of them have likely not heard that they were involved in money laundering (which, see also #2)
2) Because those are major, highly entrenched banks, they not only have the resources to ensure that stories about them engaging in bad behavior get swept under the rug (which doesn't mean "no coverage", but does mean they don't get covered as much as they might perhaps deserve), they also have the connections to make it very unlikely that they will face any kind of meaningful repercussions for this.
This is quite unfortunate, and a decidedly negative aspect of our current system. But the answer to it is not "so other companies like TornadoCash should be allowed to break the law with impunity, too!" It's "so we need to find ways to change our system so that we can genuinely hold accountable big banks and others who currently break the law with impunity."
No, it isn't. Banks exist to induce stability and liquidity (i.e., the efficient flow of capital) within the economy. Hot dog stands exist to sell hot dogs. Money exchanges exist to transfer currencies to (you guessed it) facilitate commerce in different regions.
The hair you're attempting to split between "laundering" and "washing" does not exist in the financial world, and would not impress financial regulators.
There's no such thing as financial privacy when you, by virtue of being a citizen of a country, consent to be taxed on income and investment. Your financial actions may not be necessarily public to your fellow citizens but they absolutely and without possible argument must be to your tax assessor, and this exists to hide transactions from them. Of course it's illegal.
You can revoke that consent, as it is possible to become a citizen of no country, but I wouldn't recommend it.
>>this exists to hide transactions from them (tax assessor)
Not true, this tool exists to provide privacy on an otherwise public ledger. Your tax assessor has no right to know about a transaction as soon as it occurs. A crime is only committed if you don't voluntarily declare it at a certain point in the future.
LE laziness and citizens conceding territory unnecessarily is creating a nanny state.
My poor, so-very-put-upon friend: you can choose to leave.
But there is a collectively hashed-out social contract you accept by staying, and it should be of no surprise that the law takes that contract as table stakes and acts according to it.
US Citizens can't leave. They must pay tribute to the United States globally and beyond until they die. Income earned in outer space is taxed as income earned in country.
Yeah, that's the price of retaining your American citizenship, which is among the most valuable in the world to have if you ever have a "I need to call my consulate" problem. But you don't have to retain your American citizenship--there are a lot of countries out there!
Granted, that's assuming you're a valuable enough contributor to society that you'll find another country interested in taking you, one that won't similarly have expectations around "people in a society should pay taxes", but that's a you problem.
It's not that tough. You just need another citizenship, $2_350 to pay the renouncement fee, and an appointment at a USA consulate/embassy to formally renounce. You also need to pay an exit tax if you have a net worth of $2 million+.
Rosa Parks publicly broke the law and was publicly punished for it, because that's how civil disobedience works. In doing so, she engendered significant public sympathy and acted as a spur to change minds and, eventually, laws.
Comparing that to hiding your financial transactions so you avoid KYC is genuinely embarrassing.
-- as it was explained to me (I don't crypto) - because everything is public - you might want to disassociate (wash) transactions from yourself for perfectly legitimate reasons - not really needed in traditional finance as people typically don't have access to your bank account - however - this is not necessarily the same as wanting to take money you gained illegitimately and make it legitimate (launder) --
This is the hair splitting I mentioned: no government in the world cares that you're doing money laundering because you're opted into a public-by-default money transfer system. The answer is to simply not use an immutable public ledger for your finances, since you're not required to.
The government will not carve out a subset of crimes because of an unnecessary self-imposed restriction on financial privacy.
-- by the same token - it's a bit uncouth to support and provide frameworks of legitimacy for "future focused technology projects" - however not enable services that account for edge cases in said new systems - I generally agree with you - but playing the devils advocate a bit - the crypto folks should probably be able to wash their "cash" if the reporting parameters are implemented correctly - no? --
The primary reason casinos, banks, money exchanges and hot dog stands exist aren't to facilitate money laundering, unlike Tornado, according to the government.
Why do you use a pseudonym on here instead of your real name? Oh right because you care about privacy. Same reason tornado cash exists. Playing the ML card is like saying Tim Berners-Lee invented the internet to facilitate digital crime.
This is an argument largely championed by the richest of the rich as a way for them to commit financial crimes without getting caught - think old time Swiss bank privacy. When they finally got leveraged by the U.S. government to turn over records, people were cutting deals by the thousand to avoid doing time for tax fraud they knowingly committed.
Then produce distinct legislation that bans the specific practices used, otherwise it's just giving preference to currently entrenched forms of money laundering.
It's not illegal whatsoever to mix up my dollar bills with a group of other people and get the same amount out that I put in. Such a statement is ridiculous.
If you ran an establishment where people would come in with big bags of cash with dubious source, swirl them around in a big vat, and someone else would come in with a chit to take out some cash from your vat, I am sure your establishment will get investigated and shut down. In this way it's no different from the real world. Just because it's online doesn't make it ok.
Prosecute the road crews building the interstate. They know building the road helps people sell and transport stolen goods, yet the road crew does nothing to stop them.
If you use Pokemon cards in such a way as there is a reasonable expectation they may get converted back to dollary-dos, you are required to track that too. Sorry mate. Nice try. But no.
Thank you, come again.
I get it. It's frustrating. If only the means of exchange wasn't such a pivotal part of criminal enterprise, or people would just not do illegal things, we could have nice things. Alas, tis not the case.
it does doesnt it. Casinos certainly were money laundering establishments for the mob since their inception. The mobsters became politicians and stupid people argued that casinos provide public benefit on their behalf. The government decided that the only way to launder money through a casino was if the casino itself was in on it, and opted for heavy regulation on who can run casinos and how. People have still gotten away with money laundering through casinos but the regulations are onerous enough, and casinos profitable enough on their own, that the risk of getting completely shut down isnt worth it.
Furthermore, actions are not usually the things that are illegal. Usually the law prohibits actions which cause a specific effect. Like murder or pollution. You dont get one free murder every time you figure out a new way to kill people.
Do you think the statements "sounds like" and "is exactly" are the same thing? Almost like your point is that there's distinct legislation targeting a distinct pathway of money laundering, just like my original point was?
U.S. Code § 1955 - Prohibition of illegal gambling businesses [1] stops you from starting a gambling parlor or casino on your basement without a government license.
That depends entirely on what the intent is. If the intent is to launder money then yes it is probably illegal. If the intent is to swap notes with your favourite serial numbers then yes it is probably legal. Intent is a important part of most legislations.
Folks like to hate on lobbyists (including myself! very much so) but this is exactly the function they serve. They inform the legislators on what legislation would help their industries succeed, and encourage it across the line.
I don't think the crypto industry is lacking in funding enough to be able to hire lobbyists, so I'm not sure why we might blame a legislature that can't be experts in literally everything (setting aside the fact that they tend to be fuddy-duddies for other reasons, it's not even theoretically practical that they could be perfectly informed on everything) for not having made perfect laws around a new industry.
Correct assuming you maintain documentation that keeps the evidence chain intact and produceable on request.
If you don't, you're laundering. It's like a bunch of tech people waltzed into finance, ignored the entire history of the institution, and lessons paid for in blood, and expect everyone else to bend over backwards for them.
450m is a whopping 6% of all deposits on Tornado Cash[1]. The total percentage of illicit activity on the protocol is reported to be in the 10-30% range[2].
What percentage of activity in an E2EE chat application like Matrix is illicit? If a significant but minority percentage of its use is facilitating criminal discussion, should those open protocols also be sanctioned?
This isn't about the fraction of illicit use. A large fraction of Americans with numbered/anonymous Swiss bank accounts did nothing wrong with them - a much larger fraction than tornado cash users. However, they were still banned for US citizens due to US KYC rules.
The land of free speech is obsessed with being able to trace money as it travels. No surprise they would go after a service whose explicit purpose is to break the chain of custody on money.
Sure. Then it is irrelevant how much money was funding whom, only that a non-zero amount of value was not strictly traceable through typical financial surveillance systems, and so the US automatically deems this activity illegal regardless of how the funds were used.
This is where the “privacy on the blockchain should be a basic right” argument comes in, and what the plaintiff appears to be arguing.
When you want to make legal arguments, you do it when you have good facts, and this is not that time.
The facts about Tornado cash are terrible: pretty much everyone using it is either doing something provably illegal or trying to avoid being found, you have to go out of your way to use it (and pay an extra fee), and it's been part of a large number of bad news stories about crypto theft. A minimum of 10% of its throughput is provably due to frauds and thefts, and probably a lot more. It is not an exaggeration to say that many people's life savings have been funneled through Tornado cash into the wallets of criminals. In comparison, numbered Swiss bank accounts likely had more legitimate use than Tornado cash.
In comparison, the facts about Monero, Zcash, and the Wasabi BTC wallet (another mixer, but attached to a wallet) are a lot better. Privacy is free and/or the default option with those services, and they are a little more like cash: lots of victimless crimes (darknet sales, etc.), some use by ransomware attacks, but also a lot of legitimate use.
This lawsuit has a nonzero chance of throwing out the baby (privacy on blockchains) with the bathwater (tornado cash).
25% of funds being illicit does not mean “pretty much everybody” is using it for illicit reasons. Your argument really falls apart here, but the sweeping generalizations don’t help.
Monero and TC are equal parts useful for non-criminals who are seeking privacy.
It's also worth noting the headline of that link: "Crypto Mixer Usage Reaches All-time Highs in 2022, With Nation State Actors and Cybercriminals Contributing Significant Volume"
Quoting from later in that study, "Overall, if we label cybercriminal organizations with known nation state affiliations, we can see that these groups make up a significant and growing share of all illicit cryptocurrency sent to mixers."
It's not 10-30% as you summarized. It's 12% last year increasing to 23% this year, or nearly doubling from a 1/8 to 1/4 share.
This source does not support the position that illicit traffic is an insignificant share of mixer traffic.
There is no doubt known cyber criminals and enemies of the US are using this tool. The question I raised is: what percentage of illicit activity is acceptable? If the E2EE chat app Matrix facilitates 10-30%, should it also be considered a primarily criminal tool worthy of a sanction?
I will point out that of the 170 or so nations recognized widely on Earth right now.. many or most have changed borders substantially, pretty recently.. and almost every one has changed leadership and political control. The concept of a Nation being illegal somehow is related to markets control and military alliances.. I am not convinced that individuals from the three or four major world powers get to declare whole nations with different law, to simply be illegal.
Let's imagine for a second that I owned a physical bricks-and-mortar business with a shopfront that took physical cash (USD banknotes), then mixed it up in a big laundry machine with banknotes from other customers, and then I give you back some other banknotes which are totally random (less a fee).
Let's also say I don't do any Know Your Customer checks (KYC).
Do you think that should be legal (like highways and SMS) or illegal (like money laundering)?
You can literally go through the rekt leaderboard [1] and count how many of the stories end with "and then the funds were routed to tornado cash, fin." It's not exactly a secret, and it doesn't require any specuation.
That's a very limited way of looking at things. You're fine with banning X and Y because you don't see them impacting you. When Z is banned and you care about Z you'll have a rude awakening.
You could just read what treasury wrote and argue with facts instead of vague rhetoric about lazy law enforcement
> “Today, Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cybercrimes, including those committed against victims in the United States,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”
There are two Tornado Cash entities: one is made of people, and the other is autonomous code running on chain. The OFAC action confuses those two, and it's not clear they have the authority to sanction code.
Why should North Korea be allowed to steal and hack from other country’s people and organizations? It should be shut down immediately.
I feel like your trying to say NK and Tornado should be able to do illegal activities that harm people. Just because you don’t like the police or something.
The very fact (or assumed fact) that we know North Korea is using this undercuts the argument that we need to shut this down because it allows for anonymous money laundering. (By definition: the only way money laundering can be "dangerous" is if it cannot be detected or the players identified.)
Just because they know they sent money in doesn't mean they know where and how the money was distributed on the way out. Which is literally the whole point of sanctioning it.
No, in this, the authorities had the time/money to track down the hackers. The vast majority of tornado transactions are mostly illegal, but nobody cares enough to spend their efforts on them.
If it's a mafioso bank used mostly by the mafia, then yes, absolutely, they should be investigated and shut down.
As for data, just as a first-order estimate, check out the rekt leaderboard [1] and see how many of the stories end with "and the stolen funds were routed through tornado, fin." If all crypto-adjacent crimes are reported to FBI at some point I am sure they have a much clearer statistics, but even as a civilian you can see that it's not small.
As I said, this is only a first order estimate, but even that is over hundreds of millions. I am sure the FBI has a much more detailed forensic account of tornado that they will bring up in the courts, which will then rule according to the law based on the evidence.
On the other hand, if you don't trust FBI, the law, or the courts to do the right thing, you have a different problem entirely, at which point none of what I say should matter to you.
There are at least 2 things here: 1) the laws and how they are applied and 2) what is in the interest of the people and what should the laws be?
I can trust law enforcement to do its job. Heck I might even trust it to do the right thing when it comes to gray areas / methods they use. But... I can definitely disagree with some laws. In fact, people doing something because it's law without critically thinking about it has worse consequences than disagreeing with the law.
Right. Fuck KYC. Just let people use money and actually solve crimes instead of just blocking transactions and infringing on people's privacy like crazy. Digital cash is still a pipe-dream because of this censorship/no-privacy/gov owns your money you don't mentality.
It is lazy. It is lazy to just stop people on the street who look "sketchy" instead of actually investigating crimes. That is the moral equivalent of our current financial system. We used to have the right to look sketchy but we pissed that away years ago.
Wait, what? The inventor of Bitcoin said that it was cash? Well, that settles it then: nobody is allowed to disagree with an inventor about what their invention is or does.
Sarcasm aside, I think Bitcoin functionally bears much more resemblance to a distributed bank than to distributed cash. It's not perfect resemblance, and there are people who disagree with me. Just saying that it's cash isn't sufficient evidence to convince me, even if the speaker happens to be the inventor.
Interesting how you think I don't know what a bank is, or what Bitcoin is. I know what Bitcoin is; I have read both the whitepaper and (more importantly) most of the code (at the time). I do concede that I have an incomplete understanding of what a bank is, since banks do a lot of different things. Adjusting the money supply and intermediating/securing transactions are both among the things that banks do. Those are the only things Bitcoin does, which is why I think Bitcoin more resembles a bank. Bitcoin can't facilitate offline transactions, which is the main thing cash does that banks don't.
I've tried to look into Fedimint, just because I thought it would help me understand your misconceptions about banks. I will admit to not fully understanding what they are up to, but assuming my scam radar had a false positive it seems to be a privacy-oriented sidechain service. That... doesn't seem particularly relevant here?
> Banks store money, right? Does bitcoin store money?
You mean physically? Plenty of banks (especially online banks and investment banks) don't physically store any more cash than something like a jewelry store. Physical storage is hardly a core characteristic of banking; I've never been to a branch of any of my current banks. If you don't mean physically, I can't see how this is different than "have accounts"...
> Banks have accounts, right? Does bitcoin have accounts?
An account is just a ledger of credits and debits coupled with some form of access control. How is a bitcoin address meaningfully different from an account? Keep in mind that not all accounts are interest bearing, and it's very possible (even common) for one individual to have multiple accounts.
> How is a bitcoin address meaningfully different from an account?
Well, for one, it's only an address. Not a ledger.
Bitcoin transactions point money at one or more address. Transactions, you might argue, are one-off ledgers. But then bitcoin is just a collection of those transactions & relevant/necessary data to support them them, compiled & validated using a variety of mathematic calculations.
My answer is still "no (but many banks don't either)", as I said in my previous reply. Unless you mean digitally, but that's just "having accounts". If you mean digitally, then my answer is "obviously yes".
> Well, for one, it's only an address. Not a ledger.
What? The entire mechanical basis of Bitcoin (the blockchain) is a ledger (big database of timestamped transactions) with a somewhat unusual timestamping and tamper proofing mechanism. Each transaction has a set of associated addresses. I was going to say that this is not meaningfully different from individual account ledgers, but actually, this is literally how transaction history would be stored in an RDBMS. It's not different at all.
The existence of this (public) ledger is what creates the demand for things like Tornado Cash in the first place.
> Bitcoin transactions point money at one or more address.
Banks can facilitate transactions between arbitrary whole numbers of accounts also (off the top of my head: 1- paying interest; 2- payment; 3+- escrow)
> bitcoin is just a collection of those transactions & relevant/necessary data to support them them, compiled & validated using a variety of mathematic calculations.
Yes. Functionally, that results in a (limited) bank. Or at least, it's closer to that than it is to cash.
> Unless you mean digitally, but that's just "having accounts".
But you must open an account with a bank, and deposit money before they can process transactions for you.
There's no way to deposit money *into* bitcoin. Bitcoin is money.
> Each transaction has a set of associated addresses.
Yes, and you suggested addresses are the equivalent of accounts. They are not.
> Banks can facilitate transactions between arbitrary whole numbers of accounts also (off the top of my head: 1- paying interest; 2- payment; 3+- escrow)
Accounts, which hold money, are a tool of banks[0]. Bitcoin doesn't have accounts. Bitcoin is not a (limited) bank. It is a distributed digital cash system.
"Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network."[1]
I have not deposited money into my bank account in many years. I have, instead, had money transferred to my account from other accounts. This is not only possible in Bitcoin; without it, Bitcoin would be useless. It's quite possible to open an account at a traditional bank with a transfer from another account; for online and investment banks, this is usually the only way to do it.
> Yes, and you suggested addresses are the equivalent of accounts. They are not.
Still waiting for you to tell me how they are not. It seems obvious to me that they are functionally equivalent, and I have made a case for why. An address is an identifier associated with a transaction history and access control. An account number is an identifier associated with a transaction history and access control.
You have made no corresponding case for why they are not, apart from citing your belief and citing PR from bitcoin.org. The former is convincing of what you believe, but it is not convincing with respect to the functioning of Bitcoin or banks. The latter is convincing of what bitcoin.org wants me to believe, but it is not convincing with respect to the functioning of Bitcoin or banks.
Driving a car requires a license and registration of the vehicle. You can go to jail for driving a car without a registration or license.
In very much the same way, if you are running a money transmitting business, you need to register with the government and follow the government laws. Otherwise, you risk going to jail. It's not rocket science. Just because it is on the internet doesn't make it a whole new thing.
No one is running Tornado Cash. Tornado Cash is a smart contract running on the Ethereum blockchain. At one point someone uploaded the contract, but that person can no longer modify the contract and they are not running the contract. You can arrest that person and shut down all of their servers and the contract will continue to run.
Here is an example: in Texas, unauthorized use of a vehicle, which would include driving a car that you can't prove is yours, can be punishable by two years in jail. [1] From what I understand getting caught driving without a license the first time is generally a misdemeanor, but for repeated offence in for example CA can land you in jail.
Running a whole operation around driving without a license is what tornado cash is more similar to, not accidentally forgetting your license once, which is what the misdemeanor is for.
You can actually operate and drive a car on private property without a license in Texas. In fact in Texas you can even drive a car drunk if it's on private property not open to the public, like a fenced off private parking lot.
Using your analogy, an instance of TC on private property would not be licensed.
Then using your analogy it should not be sanctioned. There is nothing illegal about a North Korean coming to your property and driving a car without a license. Your logic that _because North Korean, therefore public property_ is nonsensical.
And as an aside:
>Driving a car requires a license and registration of the vehicle.
Let's suppose you have Bob's Traditional Bank. They keep meticulous records, and comply with US government requests for them (regardless of what you think of such practices, let's just say that this particular bank happens to do those things). They also facilitate transactions on behalf of North Korea.
Bob's Traditional Bank would be sanctioned here, because transacting with North Korea in that way is what triggers these sanctions. This is why Tornado is being sanctioned. The privacy thing may or may not be illegal, despite its ineffectiveness, but the transacting with North Korea thing definitely is.
How much of it is used for legitimate reasons versus illicit ones? If the overwhelming majority of the transactions are illicit, it makes sense to ban it.
I agree with you, but I'd like to point out that the same logic could be applied to e.g. game console emulators.
...and as much as I hate to say it, I do think the logic might be correct in both situations. (I say this as a heavy user of console emulators—albeit also as someone who does go through the trouble to legally dump his own games.)
One way to look at it is to say "I derived this rule based on what the ratio of licit to illicit usage is, thus it should apply everywhere." From that perspective, then yes, your observation that it would apply to both situations is correct.
Another way to look at it is "for this particular scenario, what is the optimal outcome?" If you're running a game console emulator for a system that's not being sold anymore, with games that are not being sold anymore, one could argue that that scenario would be net positive considering the lack of harm; in other words, you get to enjoy the game, while nobody gets hurt, so it's positive overall.
The first perspective is called "rule utilitarianism," while the latter is called "act utilitarianism," in case you want to learn more about those.
I don't know that it's really an apples-to-apples comparison. Console emulators are a copyright issue and those are generally (but not always) civil matters.
How much of $100 bill use is for legitimate reasons versus illicit ones? If the overwhelming majority of the transactions are illicit, it makes sense to ban the $100 bill.
if central powers stop being lazy then nothing was illicit. No violence can be inflicted from trading digital currencies. It's lazy policing to try and control resources rather than stop the actual violence.
If someone owns a resource, no matter who they are, why shouldn't they be able to utilize it? If that resource was acquired with violent means such as human trafficking - then maybe our policing efforts should be to catch the perps trafficking humans, then they'll have everything they need to confiscate any and all resources those perps have.
This roundabout, lazy method of hurting innocent people in hopes that you only mostly hurt guilty people doesn't sit well with me and I don't think it's good for society to allow this kind of behavior.
That may be true if law enforcement authorities have unlimited resources, but in practice they don't.
Imagine that a hypothetical service is used at 99% for illicit transactions and 1% for legitimate ones. Is the best outcome for society to spend say 5 million dollars to shut down that service, or 500 million to figure out who is using that service maliciously and sue only the people who are using it maliciously?
impossible to answer that question - what if the 1% of activity continues to grow and encourages billions more dollars of pro-social economic activity in the future?
All we can know for sure is that shutting down a white-market financial service or worse, blacklisting its users, has the guarantee that innocent people will be harmed.
Further: disrupting a single avenue of finances for the funding of illicit activity at best slows down the criminals. The overwhelming majority of crime is financed in fiat and the overwhelming majority of laundering happens in fiat, which can't be "shutdown".
It's simply ineffective and hurts innocent people. I'm not in favor of hurting innocent people even with modest efficacy and I don't believe that's what we're seeing here. I believe we're hurting innocent people with little to no efficacy.
What's the legitimate use case for using cryptocurrency mixers? What would be this kind of activity that would grow and encourage "pro-social economic activity?" What harm is encountered by these innocent people?
From my perspective, an economically rational actor would want to minimize overall money transmission costs, so they'd avoid cryptocurrency mixers unless they had a particular reason to.
with open ledgers everyone can see your revenue. This isn't something businesses want to show competitors. Anything that can obscure your wallet (which gives away how much you own as well as shows income) can help obscure this data, which is extremely valuable to some types of businesses.
I'm sure there are other examples, but this is a good one off the top of my head and I personally have used mixers for this very purpose - to allow someone to pay me for a white-market trade without exposing how much crypto I owned in my wallet.
Hadn't considered the fact that wallet balances are public, but it seems like a rather niche need as opposed to having the ability to launder funds and irrevocably transfer them. The latter I believe is very appealing to people who are transferring proceeds from criminal activities.
Thanks for sharing though, I hadn't thought of wanting to hide one's wallet balance from other people as a need.
Yeah, no doubt it's attractive for money laundering, but the thing is that it's impossible to stop at this point. There are entire digital currencies built on top of zero-knowledge transactions at this point and they aren't hard to get your hands on those coins in my experience.
With that in mind, if in fact it's impossible to stop, it seems rather arbitrary to pick and choose which products get targeted and serves no real purpose to even slow down the undesired behavior.
That's a fair point. Not knowing much about the space, I assume that they picked an important mixer. If that's not the case, then maybe it's just for show and it won't have a meaningful impact, just like the war on drugs hasn't really stopped drugs from being consumed.
Criminals are most certainly going to get away with it regardless of how many restrictions and surveillance you apply to the little people, as they have the means (capital) to do so. I don't want to stretch it too far, but the current rules seem nearly purposefully pointed towards the least effort category. There's quite a lot of coverage on this matter, some (and a lot in the cryptocurrency scene) like to cite works from Ronald F Pol who has done a lot of heavy handed criticism on AML et cetera (as far as claiming less than one percent of real-world regulations effectiveness), these claims can be disputed, but it's apparent even to mainstream publications most unlawful flows are uninhibited and the approach is ineffective, expensive and dangerous.
wait what ? literally the entire point of financial regulations is to avoid it to "possibly be used for illegal purposes". Starting with the very basic KYC regulation, or the fact that in many countries cash transaction above a limit are forbidden.
I'm all about privacy and anonymity of transactions personally, but tornado investors going all "surprised pikachu" right now after a more-than-previsible ban is a bit laughable...
> This is a problem with law enforcement in general: they are lazy and seek to have automated solutions to so much of what used to be called police work. This applies to warrant-less wiretaps, pulling information on people from 3rd party data brokers to side-step warrant and FOIA requirements, and more.
The flaw with this line of reasoning is that behaviors have changed. In the past, when the police did "police work", people had no choice but to meet in person to discuss their criminal enterprises. You could follow them, and listen in. Many illicit schemes also left a trail of paper that needed to be stored in physical space.
It's not that the police have gotten lazy, it's that if you expect criminals to hang out in a shady dockside speakeasy like they did when Al Capone ran the town, you're simply not going to find anything.
This is a real tricky problem to which I'm not sure there are good solutions. There's a mounting conflict of interest upholding the law on the one hand, and the interests of law-abiding citizens on the other.
The USA PATRIOT Act requires every financial institution and money service business have an AML department. There are thousands of people in the US that are paid to look at your bank account and decide if you've been naughty or not and narc to the feds if you have. This is happening everyday. We are already living the surveillance state.
Not one to defend Silk Road, but pause and think about it for a second: it enabled you to buy something deemed illegal by the authorities (drugs) in a safe manner and the products bought were higher quality than what you could buy on the street. Why was it a problem to begin with and why where significant resources used to shut it down? (Again, not defending it, and the founder was probably a scumbag, I am just asking the question)
People were breaking stupid laws from the 70s established after mass hysteria around drugs by one of the scummies US president ever. More than that, the tax man was not getting its cut.
> it enabled you to buy something deemed illegal by the authorities (drugs) in a safe manner and the products bought were higher quality than what you could buy on the street. Why was it a problem to begin with and why where significant resources used to shut it down? (Again, not defending it, and the founder was probably a scumbag, I am just asking the question)
Because there was all sorts of white washing like this. "It's drugs, but safer, and without the violence and crime!"
If you think that violence, crime are magically gone because of Silk Road, you'd be considered ignorant or naive. Production still happens in the same places, the poverty, corruption and violence-stricken areas.
It's just invisible to you now, because you don't have to worry about your dealer stealing from you, getting mugged, or buying from an unknown source, or being arrested.
All those people in Mexican and Colombian villages subject to the tyranny of the cartels... oh well.
Because it would only remove the violence in our neighborhood and not the violence 1000s of miles away. This plan is not worth pursuing.
We can grant everything you said that the Silk Road may have only reduced violence in our immediate vicinity. That is still a huge success that should have been continued. Its not a failure for only reducing local violence.
That local win could have grown more globalized acceptance; reducing the niche cartels fill. Even if it had merely encouraged greater local production of illegal drugs that alone could have reduced cartel violence in Mexico.
my claim was that buying the drugs was safer (my words: in a safe manner). Everything else in the "pipeline" being equal if one part of it becomes safer the whole thing is safer.
Want to eliminate production that happens in places with poverty/corruption/violence? Just make them legal. Seriously. Offer rehabilitation instead of jail. Other countries have done this and it work.
People talk a big game when it comes to "our freedoms" but real freedom is to be able to do whatever you want as long as you don't impact your neighbor/other.
But let's not pretend that Silk Road is some panacea saying "Hey, violence-free drugs!"
I tend to be on the legalization side of the spectrum but the notion of Silk Road as some humanity-improving place, versus a method of making Ross rich is definitely in need of citation.
You have to remember that access to the US financial system is a privilege not a right. To be granted that privilege, a financial institution has a number of obligations. Thesee include various KYC/AML obligations.
So this isn't Tornado Cash "might be used for illegal purposes" so much as it's clear evidence they're failing to meet their legal obligations.
There's a larger point here too: as much as proponents tour crypto's extragovernmental status, it would take very little effort by governments to completely cripple any crypto assset in practical terms.
So proposing a hypothetical. If the only issue here is obligation to the U.S. financial system what if the only on-off ramps to e-coins were cash only?
So as an individual, I convert my cash to e-coins through some e-coin dedicated ATM-like machine. And I can redeem my e-coins for cash at another e-coin-ATM somewhere else (maybe anywhere in the world).
Would coin pools like Tornado Cash then be acceptable? It would not be tied in any way to the credit or banking systems, it takes cash only, and then just a basic utility internet connection. Maintenance for the machines and paying the internet utility would just be a fraction of a percentage fee on each transaction.
Now all e-coins would simply exist as a privacy themed alternative ecosystem to cash.
Since we are not joining the U.S. financial system, these e-coins should not be expected to have any obligations to that system correct?
It's not a black and white issue; things aren't getting banned because they might be used for illegal purposes, that is even explicitly stated in the article.
If its used for a high percentage of criminal purposes (for example 90%) banning is legitimate.
Also, who are these "investors"? They're speculators. When you speculate, there's risk involved. This is one of them. This case is an unnecessary burden on our legal systems, I hope it gets thrown out of court ASAP.
You seem to think that freedom means a world in which you are allowed to hide your assets from the government. You have never been allowed to do that. You're going to have to change the law, and because you live in more or less a democracy, you're going to have to convince people that its good to change the law.
History did not start in 1913. Income is not an asset, they have been two different things for longer than the United States has existed as a country. Most governments in recorded history have managed to exist without taxing income.
It would in fact be better live in a country with financial privacy where assets form the tax base instead of income. In terms of convincing the public, I think time will do the former and education the later.
For the time being the government has yet to decide wether crypto is money, a currency, an asset, or a security. Instead it has been going after people for all of them.
It probably depends. I live in Chicagoland. Cops here are a lot of things, but I can't honestly say they are underfunded. The pension alone is likely worth the risk ( source: couple cops in my extended family ) even if money is not staggering ( and it still not on the low end by any means ).
But to go back to the original query. It is just so much more easier to click couple of buttons than go somewhere and ask questions. It is cheaper too. The convenience trumps most of the other reasons. The same goes for privacy. The convenience killed it.
Tornado Cash has a great feature that you can use to prove the source of funds that were withdrawn from it as needed. This would allow exchanges to implement something where funds from Tornado could have to provide this proof before depositing. It could be fully compliant with both privacy and what exchanges/governments want. Coin Center does a great write up of it here, under "Compliance Tool"
Mixers never fail to astonish me. They are explicitly a product to facilitate money laundering. They are marketed as a way to wash illicit funds. And then the folks who run them get mad when law enforcement tries to shut them down?
They are explicitly a product for user privacy. Given that the depositor can prove the source of funds put into tornado cash via a zk-proof there is no reason that this should be shut down.
That's the facade. In my experience, Bitcoin is still the main ecoin demanded in phishing/ransomware incidents, even when more privacy-friendly ecoins exist. A tumbler's purpose is distorting Bitcoin's public blockchain (one of its core tenets), and that's very attractive to criminals.
Well, it's not banned, but over $10k USD in cash you need to fill out an IRS form 8300 [1] precisely to curb criminal use of cash. (Although I'd argue it should be upped and pegged to inflation as 10k isn't what 10k used to be.)
Wouldn't filing a form 8300 be unconstitutional violation of the 5th amendment if the cash is an element of the crime of both parties? As an example, felons can't be charged with NFA violations for owning a short barrel rifle for example because registering their firearm would be self-incrimination. I believe Timothy Leary also got out of being charged with Marijuana reporting [tax] requirement because filing for the tax would self-incriminate his possession.
I have NEVER heard of any of this. Can you provide any sources?
I think the 5th has been restricted enough by the courts that it literally only matters if you EXPLICITLY invoke it. (At least this is my understanding of Berghuis v. Thompkins.)
Criminals are still required to pay taxes, they just aren't required to list its source (misc entry on income form). Leary's case was won on the basis that the registering provision violated the right to not self-incriminate (and that you couldn't pay that tax without registering).
Similar for the NFA case - they can't get then for the failure to register, but they can still get them for manufacturing/possessing it (especially since it was amended after the ruling).
Ultimately though the issue wasn't the tax, but that you had to register the evidence of your crime. If you could pay the tax anonymously it would have been fine. On the flipside, merely a requirement to register without paying the tax would still be self incrimination.
The form 8300 actually requires you to state both counterparties of the illegal transaction, which goes well within furnishing evidence useful in incriminating yourself. It's far more incriminating than the annual tax return, which shows an aggregate yearly amount rather than granularity of single transaction (or collection of "associated"-transaction) along with the date and name of both counterparties and a host of other details.
> VPNs are "data mixers" - by combining all your traffic with others
If a VPN is used to help North Korea, and the developers won’t or can’t shut it down, yes, it will be sanctioned. More broadly, speech is generally protected under U.S. law in a way financial transactions are not.
It is always the same charade in which a government tells you that by banning x they will solve y. Or that by removing any form of privacy to everyone (but themselves) they will solve y.
In the end they never solve it, even worse the people in charge of the surveillance (banks in this instance for money laundering) are repeatedly caught actively taking part in the laundering and they occasionally get punished by "fines" that are rarely enough to discourage them from continuing.
So people want to take their privacy back now and tear down means ridiculous theatricals we call AML/KYC/KYB procedures. Obviously governments aren't happy, they are welcome to try to stop us.
>They are explicitly a product to facilitate money laundering
How is HN so consistently cryptophobic?
Imagine the reaction you’d get here suggesting say, E2EE is “explicitly a product for {crime}”. You’d be rightly mocked, but throw in crypto and it’s like 75% of the people here lose basic reasoning skills. I’d be less frustrated if it wasn’t so common.
No, it’s like saying E2EE encryption is designed to secure private communications between two parties, which is what it’s designed to do.
Mixers are designed to facilitate money laundering. You can claim it’s for legitimate privacy, etc but it doesn’t change the fact that it’s money laundering.
I have no horse in this race and pardon my nitpicking but those two phrases are not equivalent.
For E2EE,you describe the base level capability: Secure message between two parties.
For Mixers, you describe an act that the capability of making money hard to trace enables: Money laundering. If you applied a similar argument to E2EE (as many have and will keep doing), encrypted communications are a way for people to do illegal things away from the eyes of the law. Trade illegal items, send banned/illegal/questionable content, etc.
From a pure capability standpoint, mixers, like E2EE, are a way to secure XYZ activity (Which happens to be money transfer) from prying eyes.
People aren't surprised that they're trying to shut them down, the concept gets more and more resilient with every.single.enforcement.action and so the enforcement actions have to follow the law, that's what we're talking about here, in court.
Has anyone done research on whether more financial crime happens in crypto or traditional finance? I'd be interested to see the result, adjusted for market cap or daily transaction volume or whatever makes the most sense.
This is definitely a pandora's box type issue. I believe it is different from the "code is speech" series of arguments around PGP because a deployed smart contract is not merely source code / compiled bytecode, but also a wallet containing funds. Of course, you still need the Ethereum "world computer" to make it run, and Tornado Cash is not very helpful without a significant amount of liquidity to sufficiently provide cover for people who want to obfuscate the source of their funds. These issues are likely to arise in court and I don't believe the conclusions will all be favorable to crypto supporters because I don't think the situation is as clear cut.
When a smart contract is deployed, literally all that happens is that the code is broadcast to the network. It is true that the contract itself has a wallet and runs operations, but it operates autonomously outside the control of the person who deployed the contract.
If a smart contract does something illegal, the person who deployed it has no more responsibility than if someone does something illegal with encryption software downloaded from Github. The only responsible part you could really argue for is the Ethereum node operators, since they're the ones actually carrying out the illegal computation. But is the government really going to outlaw the Ethereum network?
Here's a thing: when technology is designed in a way that makes it hard to work within the bounds of the legal system, it's usually the case that the legal system wins, not the technology. The view of the legal system is focused around people and their intentions, regardless of how much you try and confuse things with technology.
They will most likely view the smart contract and its wallet as one entity, despite that being technically not how it works technologically. Because as many people have tried and failed to figure out over the years, laws are interpreted by juries and judges, not computers. Technological roadblocks are things they don't have any problems jumping over, and deliberately trying to add roadblocks like that with the imagination they're untouchable also tends to piss them off even more.
> when technology is designed in a way that makes it hard to work within the bounds of the legal system, it's usually the case that the legal system wins, not the technology.
If this was true, Internet pornography would have been successfully squashed by the existing obscenity laws that heavily regulated pornographic material.
It was, though? And continues to be. In the mid-90s, you could pretty easily find illegal material without looking too hard. It was already illegal by the Child Protection and Obscenity Enforcement Act, an early Internet bill which mostly said "illegal porn is still illegal, even if it's on a computer", and it also required producers of pornography to keep detailed records on talent & crew in the production. By the mid 2000s, large sweeps of enforcement happened, and thousands of studios without proper documentation and recordskeeping shutting down. The CIPA act required schools, libraries and public places where children could be to install internet filters, and make policies preventing children from viewing such material.
Pornography isn't illegal in the US, it's pretty well-regulated, and once the Internet started entering mainstream culture, it quickly adapted to the existing legal framework and culture that was already there.
This is, of course, a very US-centric view, but so is a lot of early Internet history, along with its culture.
I'm sorry, but this isn't true. At the early onset of the web there were a huge number of state and local laws regulating obscene material. Many states even tried to explicitly regulate Internet pornography:
> Between 1995 and 2002, almost half of the states were considering bills to control internet pornography, and more than a quarter of states enacted such laws.[1]
Along similar lines, sex toys were prohibited or heavily regulated in a number of US states before 2000. The technological reality of e-commerce means that the vast majority of the enforcement of those laws became impossible, and sex toys are de facto legal in every jurisdiction in America.
> If a smart contract does something illegal, the person who deployed it has no more responsibility than if someone does something illegal with encryption software downloaded from Github.
If I rig up my car to explode when someone walks by whistling the right tune, am I without responsibility? I didn't blow up the car.. the car blew itself up.
Obviously I'm at fault. There is no debate here. Any automation you create is acting on your behalf - and you are liable for it. If I hire a hitman.. I am guilty of murder.
AI or software isn't some clever loophole here. If you deploy an autonomous money laundering system.. you are doing money laundering.
SCOTUS has already carefully defined this in the Brandenburg test. Speech is only not protected when it results in direct, imminent lawless action. And SCOTUS has consistently ruled that the boundary for the test is extremely concrete. (Contrary to popular opinion yelling fire in a crowded theatre is actually protected by Brandenburg under the First Amendment.)
Sending a text message to a hitman telling him to "wack Tony at midnight" fails the Brandenburg test because it leads to imminent lawless action. But you can literally publicly advocate for an ideology to overthrow the United States government and murder millions of people, and that's Constitutionally protected because there's no imminent lawless action.
Writing and publishing open source software is Constitutionally protected, because the simple act of publishing software does not lead to imminent lawless action. Even if it's reasonable to assume that the software will likely be adopted for illegal purposes. Again this isn't hypothetical, SCOTUS has consistently ruled that the government cannot restrict the ability to publish instructions on how to make pipe bombs or 3D printed guns.
The person you're responding to wasn't making a "free speech argument". And I don't see how this is in way way a free speech issue.
He's saying just because you set up an ATM in the middle of a city and say, and then say feel free to wash your illegal cash here to do some money laundering.
The act of it being on blockchain and "decentralized" wont make a difference, anyone offering said "launder ATM" could be convicted of a crime.
An ATM machine is not protected as speech. Courts have consistently ruled that software is protected speech. So, yes blockchains do make a substantial difference because they divorce the act of writing software (protected by the 1st Amendment) from the act of operating the business around that software.
SCOTUS has consistently required an extremely high bar to regulating speech, so it's simply not enough to say "well we regulate this other non-speech thing, what's the difference".
Contract devs don't execute the code. They simply broadcast the it to the Ethereum network. Deploying a contract is conceptually no different than publishing source code to GitHub. It's actually the Ethereum node operators that execute the code. (Hence why the contract devs can't stop a running smart contract.)
If you want to make the argument that the persons executing the code are liable, than it should be the Ethereum network nodes, not the developer who deployed the smart contract. As it stands, it's pretty unlikely that the Treasury department has the political capital or the operational reach to shut down Ethereum. And that's why blockchain is different.
Given that the treasury department has frozen Tornado, and generally made the whole project persona non grata, I believe your theory here is fairly thoroughly debunked.
Trying to find a loophole in the law by trickery is why we use human courts - the judge can still find you guilty and punish the living crap out of you for abetting money laundering.
> Given that the treasury department has frozen Tornado
They haven't though. Tornado Cash is still happily running. If you post your address here, some kind soul might even send you some ETH via Tornado Cash right now. They have asked regulated financial institutions to not receive ETH that came directly from Tornado Cash. That's it; that's all that they can do. While that puts a damper on people converting directly between ETH and USD at such institutions, it does bugger all for people conducting small/informal transactions
There hasn't been a court case yet. Not even a judicial hearing. The article we're commenting on is about how there's a very good chance that courts will disagree. This SCOTUS has repeatedly shown a willingness to restrict executive overreach in the Biden administration.
Can anyone defending Tornado Cash provide a concrete example of mixing crypto revenues in a way that is not clearly illegal? I've scrolled this whole thread, and there are a lot of people defending it, but none of them provided a full e2e example of
"I sell x to y, y can only use crypto, y will be persecuted if I don't obscure my transactions from z, so therefore this is a good thing"
Yes we can all do the hypothetical "dissident in AUTHORITARIAN_COUNTRY needs to buy x and will totally be persecuted otherwise" but I want an actual production example not a moral whataboutism.
> One plaintiff in the lawsuit is a crypto investor who used Tornado Cash to send funds to support the Ukrainian war effort, hoping to preserve his anonymity and avoid retaliation from the Russian government.
Although I agree that this is a morally good usage of TC, I think that given the intent of using TC is to avoid retaliation from the Russian government it would probably be considered illegal in the users jurisdiction.
A better example might be to pay for a legal service without revealing your entire wallet balance to that service.
Ok so a user who already has crypto and doesn't want to convert it first (fees) may be encouraged to mix it (privacy) and that is a legitimate usecase. That makes sense to me, though it seems like a very rare event that should not be the sole basis for the underlying platform.
> though it seems like a very rare event that should not be the sole basis for the underlying platform.
not rare, 12,000+ unique users on just the ethereum network alone
only a handful would be from large scale hacks, a bigger handful from phishing
even the treasury's estimates were that less than 20% of use was illicit, it is a totally new standard to vilify it based on whatever it is vilified for
Though I personally support breaking Russian law in this case - I also think this is almost certainly in the "clearly illegal" category for Russian law.
Oh this NYTimes article doesn't go into detail but Coinbase's blog entry about them spearheading the lawsuit does have specific use cases, and the associated court filing has even more use cases, that are not theoretical at all.
They all do it for privacy. Someone with a publicly labelled address doesn't want people watching them to know they're making a large purchase, so funds go in through tornado cash, and out to a new address nobody is looking at.
If you are not aware, Tornado Cash already comes with tools to solve investigative zeal, anyone audited can prove the prior source of funds with Tornado Cash, at which point the investigator can tell if they were clean or not, as opposed to just assuming because they aren't familiar with "a concrete example of mixing crypto revenues in a way that is not clearly illegal"
Do you know that crypto is normally completely traceable?
So if I for instance withdraw 100 million from an exchange, in a completely legal manner, and then visit a store or webshop to buy something with the same funds, then the store now knows that I have 100 million dollars?
> So if I for instance withdraw 100 million from an exchange, in a completely legal manner, and then visit a store or webshop to buy something with the same funds, then the store now knows that I have 100 million dollars?
The more common this example of legitimate use becomes, the less useful it is, defeating the purpose.
If it becomes common for crypto known to have come from Tornado to be there because the person is concealing ownership of a large amount of crypto, the store can infer the same thing the previously could see on-chain: this person probably has a large amount of crypto. And then all the same risks apply, albeit with a minor unknown as to the amount.
But since we're basically talking about a "rubber hose" attack here it doesn't really matter if they can directly see it on-chain, they're still going to assume it and likely do the same thing.
The obvious point is that everyone should mix it, not only the very rich people. Of course that means that something like Monero is far superior, since every transaction is always hidden and "mixed".
I get paid in crypto. My colleagues don't know how much I earn. If any of them discovered the address I'm paid into, they'd know my salary by looking up my address.
I used Tornado Cash (non-US citizen here) for hiding transactions from the public (not hiding from the government), and when I filed my taxes, I still accounted for everything that is stored there + transacted via Tornado Cash, just like I do for my bank account. Appendix contained instructions for how they could access the proof of my transactions and accounts to verify themselves.
I think you misunderstand. Transactions happening on most blockchains are public, meaning if I send a transaction on the network, if others know my address, they know it was my transaction.
Tornado Cash allows you to sever the tie between addresses on the Ethereum blockchain, so I don't have to have my transactions public, all while still being able to legally declare my taxes as if I didn't use Tornado Cash at all.
I kind of agree that Treasury should not have exactly this power to ban Tornado protocol. However, I believe Treasury certainly has the power to ban all transactions with networks hosting money laundering protocols.
It would certainly be worse for crypto if it were illegal to buy sell ETH and friends because their networks host Tornado protocol. I see this attempt to moderate the network itself as “going easy” on crypto investors.
The crux of the issue comes down to moderation. In a sufficiently large and complex network, moderation becomes a necessity not an option. This won’t be the last case.
Regulators generally strike when sufficiently popular technology makes it sufficiently easy to perform sufficiently damaging illegal activity.
Moderation is generally not required under US law.
For example, Section 230 of the Communications Decency Act provide safe harbor provisions: 'No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider'.
It doesn't matter if I run a site with 10 users or 100 million users: the law's provisions and protections are the same.
You are right that regulators generally strike when there is a critical mass. However, my 2c is that this is not backed by statue, and US Treasury does not have the right to sanction software code. They can certainly sanction users who use TC for money laundering, but code itself?
That's like sanctioning PGP or end-to-end encryption...
Sorry to be clear, I’m not claiming moderation is legally required, I’m claiming it effectively becomes necessary for a network to avoid stepping on landmines.
For example, it’s impossible to run a social network website of 100 million users without users uploading illegal content. Moderation is a necessity to avoid being taken down by the feds for hosting illegal content.
I agree that treasury doesn’t have the right to sanction code. They do have the right to ban exchanges from exchanging ETH. However, nobody wants that, so they’d rather try and extend their powers to effectively become ETH moderators.
The reality is Treasury does not have the political capital to outlaw Ethereum. It's a $200 billion asset that one in ten Americans and many of the largest pensions, hedge funds, and Biden's largest donors are invested in.
Yes. That’s why they would rather try and moderate crypto networks rather than ban.
If they don’t succeed, I’d expect more heavy handed attempts by other branches of government.
I don’t think the government will ever give up, in large part because I think there is political capital and mandate to regulate crypto (just not ban it). If crypto crashes even further, a full ban might be possible some day.
cryptocurrency is a challenge to the state. Bitcoin’s first block quotes a news headline “Chancellor on brink of second bailout for banks” in order to establish the chain’s age. that message isn’t a mistake: Bitcoin emerged to challenge the state’s control over the monetary system.
13 years later we’re all caught up in surface-level details like “is this cryptocurrency thing a security” and “is this cryptocurrency mixer money laundering” meanwhile the basic premise/existence of cryptocurrency has been accepted de-facto.
surface-level regulations just kick the can down the road. beneath that surface is still a massive challenge to the state, only more diffuse, and that interior shapes the surface much more than the other way around. governments need to make up their mind: are they OK with yielding control over the money system, or not?
right now the answer looks like “yes, but we’re going to drag the process out”, which is sort of the worst thing for everyone. drawn-out wars hurt everyone. US ought to either ban cryptocurrency (private currencies) altogether, or step aside and let it happen.
Tornado is nice because you can stay entirely within the Ethereum blockchain- no need to involve a centralized entity like an exchange to facilitate this.
It's also arguably more private than monero. Tornado uses zk math instead of coinjoin; tornado also sticks to only a few values (1 eth, 10 eth, 100 eth...) which minimizes traceability
Changenow and Morphtoken have very high slippage when you get in the millions of dollars also these are (temporarily) custodial exchanges who could basically take your money and say GFY. Coins from these exchanges are tainted anyways so it doesn’t really make a difference from a laundering perspective along with the fact that the fees are higher.
Well idk how one would go about banning Monero. You can ban it from exchanges that connect with the banking system but via decentralized exchanges it's still possible to convert.
I think the same applies to Tornado? I am not sure and would be happy to be corrected.
As far as I can tell, being sanctioned like this makes it illegal for US companies and people to do business with you. So I think in either case it would be users who were prosecuted?
Enforcement is always the even messier bit of these broad and badly defined laws...
Generally you need to use a custodial exchange to do this, which creates a point of failure/censorship. Doing this onchain / trustlessly on protocols such as thor have significant liquidity limits afaik.
the Ethereum client ecosystem is one of the most robust. yeah, one can go eth -> zcash/monero back to eth, but that’s like a day-long process once you factor in blockchain syncing and blocktime/transaction settlement. TC is/was 5 minutes to enter and 5 minutes to exit.
More power to them. The idea that you shouldn't be able to use something because it CAN be used for crimes is repugnant and dangerous to a free and open democratic society. Plus this is all pretty much settled law is it not?
Tornado was used to launder something like a billion dollars by the north koreans. This is not a CAN be used for crimes situation. It was used to facilitate crimes.
> "Tornado Cash is not “property,” a “foreign country or a national thereof,” or a “person” of any kind under IEEPA."
The president has much discretion here. That was the whole idea of IEEPA. I think the best case outcome of this lawsuit to crypto is that courts just toss it. Worse case is that IEEPA is effectively amended to say that a DAO is a person.
Look treasury can ban Bitcoin addresses and then make tumbler not accept incoming money from certain addresses. But if they haven’t done it they cannot go retroactively say tornado cash laundered North Korean money. If the address was obviously North Korean treasury should have banned it.
The argument made by the plantiffs is that they were harmed by the Treasury Dept's action. One of the plantiffs deposited funds into Tornado for personal privacy, and now cannot legally access these funds.
Is it possible the court will just say "Plaintiffs get a one-time opportunity to declare the source of and withdraw their funds from the contract"?
I don't know if this is the sort of thing a court can do but it seems like the obvious solution to eliminate the damages to the plaintiffs while keeping the sanction in place.
The US military itself uses Tor. They don't want to ban it, because even if the traffic on Tor is illicit, it still serves to mask the military's own traffic. Don't forget that Tor was originally developed by the US Navy.
I’d be willing to bet there is US government black budget money that moved over Tornado Cash, too. The issue then becomes that Tornado Cash wasn’t originally developed by the govt and whatever further implications that has.
That is the point of your parent comment: defeating their argument by their logic. To be logically consistent, the US should either ban both Tornado Cash and Tor or allow both.
No. Despite attempts to conflate code on a blockchain with code as a concept, the code comprising Tornado Cash hasn’t been banned. You can publish it. Hell, you can re-deploy it, though that would be stupid.
Right, I was referring to the wholesale banning operation of the service, not the source code. Sure, you can print the source code on a t-shirt or something like DeCSS, but that's less relevant.
Hasn't precedent already been set for privacy protocols? I know the government tried to stop encryption by listing it as a munition, but they eventually lost that fight on first amendment grounds. It is hard to argue that code is not a kind of speech or expression and thus it gets some of the highest legal protection possible under U.S. law.
Tornado Cash is just a coin mixer implemented through smart contracts yes? The 'coins' themselves already enjoy some first amendment protection by being built on top of the protected encryption protocols. The smart contract itself is just another communication protocol defined in code. So it seems patently obvious that TC is allowed to exist under U.S. law.
The only remaining question is whether anyone can be allowed to use it. We actually have to get deep into first amendment jurisprudence to answer that question. Generally speaking all speech is permitted but, when it is paired with conduct, the conduct can be regulated by time, place, and manner. This at first appears a simple distinction for us. Users of TC or any e-coin standard are _conducting_ transactions. But this is thorny.
Commerce used to be conducted entirely physically with an exchange of cash. Then it was done with an exchange of electronic funds on a banks balance sheet; essentially a change on two different excel spreadsheets. But the btc-protocol and its derivatives don't function like this. They use a ledger. When we transact in e-coins we don't exchange anything. No digital coins fly from my computer to yours or vice versa. Rather all that happens is a message is sent to a public server which contains enough information to allow that server to determine that we both agreed to send that specific message. The server then updates the ledger and publishes this change to other servers hosting the ledger so there is agreement that we exchanged value.
It's not actually 100% clear that when communicating this way we have conducted anything. Sending encrypted messages like this has been determined to be first amendment protected activity as pure speech. Indeed we wouldn't have an internet today if it weren't. Having a message be encrypted inherently provides privacy and precludes restrictions on a message's content. Even when that message's content includes information to exchange value. Citizen's United also has some precedent over whether speech + conduct regarding money transactions are permitted speech when that speech is political in nature.
This leaves us only with the few recognized non-speech categories with which to regulate pure speech:
> lewd, obscene, or pornographic content; defamatory content; insulting or “fighting words”; expressive content that tends to inflict injury; speech that incites an immediate illegal conduct such as riot or violence; speech that poses an imminent threat to public safety or national security; false or misleading commercial advertising; and perjury.
There are a few categories here that may help us. Inciting immediate illegal conduct and imminent threat to public or national security. To qualify as incitement to illegal or a threat to public safety the speech has to pass the 'clear and present danger' test. This test has two parts:
* first, the speech must impose a threat that a substantive evil might follow
* second, the threat is a real, imminent threat.
This test is extremely hard to meet and just because the TC protocol is may be or even if it is likely to be used for money laundering it will likely never rise to the threshold of this test in a U.S. court. Cases where speech does meet this threat are specific threats or instructions. If TC included specific instructions on how to evade law enforcement then that may qualify.
This leaves only threats to national security as a legal basis. We have to begin by saying that many of the use of national security as a means to restrict the rights of Americans has an extremely checkered past. These were the arguments that bullied journalists under the red scare, interned the Japanese in WWII, attempted to stifle the pentagon papers after the Vietnam War, maintained the patriot act of 2001, lead to secret courts with secret evidence, torture, suspension of habeas corpus, etc. However, the standards for what constitutes a threat to national security have been much degraded in the past two decades. You could probably convince a judge or even SCOTUS that the use of TC by foreign hostile powers like North Korea and its potential to be used as a tool of terrorism from the likes of Iran and ISIS constitute a threat to national security. But arguing this not only degrades your moral character, it is also unlikely to be effective in the long term. We did reinstate habeas corpus, we un-interned the Japanese, and we did publish the Pentagon papers. Hopefully we will also get rid of the Patriot Act in the coming decades. And even if TC was determined to be a threat to national security, that determination would likely one day be reversed as an understanding of the technology and its necessity aged into the judicial system.
It hasn't been, it is still widely used. The fact that people outside of the software world are unaware of that even happening shows how few people actually hopped on board that train
I just want to say, I find it very Orwellian that HN shuts down immediately any conversation about theft of IP through these 'archive.ph' links, and even removes the 'reply' button to ensure so.
Just watch how quickly this comment will disappear or get downvoted.
You needn't use your real name, of course, but for HN to be a community, users need some identity for other users to relate to. Otherwise we may as well have no usernames and no community, and that would be a different kind of forum. https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...
I think the crypto framing obscures the story here. If the government issued sanctions against a traditional financial organization engaged in money laundering, and then Goldman Sachs bankrolled a lawsuit arguing that the organization is allowed to engage in money laundering due to some quirk of the organizational structure, everyone would understand what's going on and nobody outside of the finance industry would be on the pro-lawsuit side.
The sanctioned entity here is a piece of code that uses zk-SNARK cryptography, in a permissionless and immutable way. There are no admin keys, there is no ownership, it is code.
It's not an organization. This is more like the FBI banning GPG because terrorists use it.
FTA:
> They contend that the Treasury Department lacks the authority to restrict access to a software program.
This is the point. No one would have batted an eye if OFAC sanctioned addresses that used TC to launder money. Nobody would have batted an eye if the FBI prosecuted criminals for using GPG to plot a crime.
But what happened here is akin to the FBI, using powers that it hasn't been granted in law, to ban GPG.
Tornado Cash is obviously an organization. This was clear from their website before it was taken down, and you can still see from their Medium blog history (https://tornado-cash.medium.com/) that they consider themselves to be a "we" who can take reports, make governance proposals, etc. The people who've told you otherwise are playing shell games (and sometimes outright lying) to advance their financial interests.
