However, actually running the code to facilitate North Korean hackers launder money and personally profiting off of it? That's not covered by the first amendment, and I sincerely urge you to not try to find that out in the hard way.
> However, actually running the code to facilitate North Korean hackers launder money and personally profiting off of it?
Who is "running" the code?
The US government, to this date, has not made an argument that the developers of Tornado Cash, who have deployed the code to the Network, have committed a crime; at least one of them seems to be living in the US.
Nor has the government made an argument that operators of Ethereum nodes are committing a crime; they might also be considered to be running the code.
What the government has done is, through sanctions, instituted restrictions on Americans interacting financially with the smart contract. This has nothing to do with "running code"; this is operating under the assumption that the Tornado Cash smart contracts are an entity that is party to financial transactions.
Whether they have the power to sanctions non-entities like a smart contract is what the suit intends to find out.
Using any encryption protocol increases the anonymity set of the protocol and therefore will inadvertently help criminals who are trying to stay anonymous. That is not an argument for doing away with constitutional rights and human rights.
That covers you publishing software. It doesn’t cover providing a service to criminals and personally profiting from it, and the constitution definitely gives the government authority to police that so it’s going to come down to how well they can prove that those guys were going more than just releasing code.
The tornado cash smart contracts simply encrypt your transaction. When you use it you are not profiting off of it. It would be akin to banning. The use of communication encryption protocol period this is completely unprecedented in the US.
That's not accurate: my choice to encrypt a message does not directly assist you in committing a crime but that is unavoidably true for using a mixer. The guy who was arrested wasn't just arrested because he released something on GitHub but because he operates a service with North Korea used to launder money and received payment for it, and it's the operations part which brings the most risk — that service isn't complying with legal requirements for record keeping and since it's not free to use, that means that there's a transaction record showing the operators receiving a non-trivial sum of money from a criminal group.
That last part is potentially defensible – bankers aren't charged just because a criminal stores money in a checking account – except that each KYC law not followed is not only its own offense but also a chance for prosecutors to argue that the decision not to do so was intentional and the operators knew their service was predominantly used by criminals. That's going to be an interesting case with potentially significant implications for the entire field.
1. Your choice to encrypt metadata can in fact make it more difficult to identify criminal correspondents. Your choice to use Tor similarly makes it more difficult to track criminals' web usage. Both of these help criminals to engage in certain nefarious actions.
To generalize, every user of a privacy protocol increases the protocol's anonymity set, and thus its utility to all users.
In other words, Tornado Cash shares this property with every other privacy protocol.
2. The guy who wrote the Tornado Cash code operated no aspect of the Tornado Cash smart contract. That operates entirely autonomously. It's code, deployed to a massively distributed blockchain, that any one can use to encrypt their transaction.
Yes, which is why most people do not run Tor exit nodes because it’s inherently riskier to have your equipment directly involved in legal activity. Tor is actually safer than this since the traffic is encrypted so a node operator can quite confidently say they don’t know the contents. Some of the charges in this case will depend on whether these developers were in fact similarly unaware of who their heaviest users were. That doesn’t help with charges related to not following KYC, of course, because unlike an IP network financial services are fairly heavily regulated.
Your belief expressed in #2 is at odds with the charges specifically saying he profited from money laundering activity. We’ll see when that goes to court exactly what that meant and whether there’s evidence suggesting that he knew where those fees were coming from.
The developers deployed the Tornado Cash code, and subsequently, had no control over it. They did control one of the front-ends to it, and they instituted blocking of transactions originating from hacks in that front-end. But criminals were free to use any front-end to access the deployed code, and there was no way for the developers to stop that.
In any case, what is being criticized in this particular thread is OFAC prohibiting all Americans from using Tornado Cash code. This is unprecedented, and clearly outside OFAC's statutory powers to sanction "entities".
Despite the US Treasury's claims, Tornado Cash is not in any way an entity, as it is not controlled by any party. It is simply code, running autonomously on a massively distributed blockchain. When someone uses it, they are using zero knowledge proofs to encrypt their transactions. The fact that this act of encryption adds their activity to the same anonymity pool as criminal activity is no more an argument for banning this encryption protocol as it is for banning any other encryption protocol.
Again, the problem is not the code but the running service. If you are involved in processing a transaction, you are required to follow applicable laws and risk consequences if you don’t. The technical details might explain how you got involved but they don’t remove the legal requirement.
