Thursday, July 11, 2024

Your finances are being snooped on. Here's how

We all have a pretty good idea that our finances are being snooped on, but most of us aren't quite able to articulate how. We know that we're being snooped on by two groups, corporations and the government. This post will focus on how the government surveils our transactions, because democratic governments generally (but certainly not always!) tell us ahead of time what information they will gather, and how the data will be used.

Governments snoop on law abiding citizens' financial data for good reasons  they are trying to trace the money in order to catch bad guys. The government has been given the power to collect this information without having to ask a judge for approval, say by requesting a search warrant. 

I think there is a degree of acceptance among citizens that some amount of warrantless financial snooping is okay, because it reduces crime. But as the intensity of surveillance increases it eventually reaches creepy territory, at which point most of us would prefer the brakes be applied.

Where is this line? I'm a committed comparativist. To get a good sense of how one is snooped on, and whether it has passed over the line to being creepy, one needs a reference point. So in this blog post, I'll compare how two groups of citizens  Americans and Canadians are being surveiled by their respective governments, so that both groups can better understand, by reference to each other, where they stand.

The first section focuses on the inflows of personal financial data from citizens to the government. The second section will focus on the outflows of data from the government to law enforcement.

***How citizens' personal financial data flows into the government***

Both the U.S and Canadian governments collect large amounts of financial data about their citizens. They do so by requiring banks and other financial institutions to record information about their customers and submit reports to the government about their customers' transactions when certain triggers have been met.

First, let's touch on the total amount of data being hoovered up. On this count, Canada far exceeds the U.S. In the 2022-23 reporting period, Canadian financial institutions submitted a total of 36 million reports to the government containing information about Canadians' financial transactions. That's almost one report per Canadian every year. 

Meanwhile, U.S. institutions sent 27.5 million reports to their government about Americans' financial dealings in 2023, a rate of around 0.1 report for every American, which is ten-times less intensive than in Canada. So based purely on the quantity of data collected, Canada seems to be closer to the "it's getting uncomfortable" level than the U.S. (See table below).

What accounts for this big difference in reporting intensity? In short, it's due entirely to cross-border wire transfers. In Canada, every electronic fund transfer leaving or arriving in Canada must be reported by banks to the government if it sums up to $10,000 or more. So if you've sent an $11,500 wire transfer from your Bank of Montreal account to your son or daughter who lives in London or Paris, congratulations, your name is in a Canadian government database. Or if you run a business and have received a $15,000 digital payment from a U.S. company for services rendered, your corporate data is sitting somewhere in an Ottawa government server.

If you're an American making a foreign wire transfer, your information will not get sent to a government database. The U.S. authorities do not require financial institutions to submit personal information on digital cross-border flows. (Mind you, they have been trying for some time to get the ability to collect this data.)

In the 2022-23 financial year, 27 million of these cross-border wire reports were submitted by Canadian banks, accounting for the lion's share of all 36 million reports submitted to the Canadian government that year.

Apart from cross-border transaction reporting, the nature of Canadian and U.S. eavesdropping is broadly similar.

Let's start with cash transaction reports, or CTRs. When a Canadian goes to their bank and deposits $10,000 or more in cash, the bank will generate a report that it sends to the Canadian government. U.S. banks report deposits and withdrawals of $10,000 in cash to the US government.

So if you're selling a used car and the buyer pays you $12,000 in banknotes, and you deposit that to your bank account, you're now in a government database, whether that be in Canada or the U.S.

Canadian banks generated 8 million CTRs in 2022-23 whereas U.S. banks generated 20.8 million in 2023. Pound for pound, Canadian banks submit more cash transaction reports to their government than U.S. banks, around 0.21 per Canadian compared to 0.06 per American. I'm not sure why. The threshold for reporting a cash transaction in Canada is lower in the U.S. (CAD$10,000 is worth around US$7,300) which may explain some of the difference? Dunno.

With CTRs and cross-border wire transfers, the invasiveness is kept relatively low thanks to the objective criteria that triggers a filing. Exceed the $10,000 threshold and at least you know ahead of time that your information is going to be recorded. A law-abiding citizen who is uncomfortable having their finances being collected by the government can choose to avoid sending cross-border payments or dealing in large amounts of cash. But this objectivity doesn't exist with the next type of report: those related to suspicious activities. 

On both sides of the border, financial institutions must submit reports about transactions deemed suspicious to their respective governments. If you've made a transaction that a bank deems to be suspicious, you'll never know that you've landed in a government database. That's because banks are prohibited from notifying their customers that their activity has been snitched on.  

The determination of what qualifies as suspicious involves a fair amount of subjectivity. Canada requires that financial institutions have a reasonable grounds to suspect that a transactions is linked to terrorism or money laundering before reporting it. That means that mere hunch won't cut it  a Canadian banker must be able to articulate a clear reason for suspicion. Mind you, there's no penalty for banks that fail to attach a specific reason to a report, so the reasonable grounds to suspect standard is often ignored. 

We know that many of these hunch-based reports end up in the government's database. Over the years the Office of the Privacy Commissioner of Canada has collected a list of reports that failed to reach the reasonable grounds to suspect standard, including one case in which some individuals were suspected simply because they had Middle Eastern passports:

From the Office of the Privacy Commissioner's 2017 audit of FINTRAC [source]

My reading of the U.S. requirements for reporting a suspicious transaction suggest a looser standard than in Canada. While U.S. bankers are encouraged to provide a specific red flag in their CTRs, the implementing regulations say they can still file a report if they merely "suspect" a transaction to be associated with money laundering or terrorism, which is a lower standard then the requirement to have a "reason to suspect."

In Canada, there is no size threshold for suspicious activity reporting: even a $50 payment can be reported by a bank. By contrast, the U.S. has set a $5,000 threshold before a suspicious action report must be filed. (When suspicious activity reports were first introduced to the U.S. in 1994, the government floated the idea of not including a threshold at all, as Canada would later do in 2001, but retreated because this would impose a "burden of reporting.")

This difference in thresholds suggests Canada should have a much higher intensity of suspicious transaction reporting than the U.S. Not so. Canadian banks generated 560,858 suspicious transaction reports in 2022-23, around 1.4 reports for every 100 Canadians. Compare this to the 4.6 million reports filed by U.S. banks in 2023, which also comes out to 1.4 reports per 100 Americans. So even though bankers in the U.S. are required to ignore small suspicious transactions below $5,000, they more than make up for it by reporting a larger proportion of transactions than Canadian bankers do. I can only guess why, but this may be due to the looser standard for suspicion, discussed above.

There are several other types of transactions that must be reported to the government, including large virtual currency reports in Canada and foreign bank and financial accounts reports (FBAR) in the U.S., but the volume of this sort of reporting isn't as significant as the other types already discussed, so I won't touch on them.

So to briefly sum up, pound for pound a Canadian is more likely to appear in their government's financial database than an American is. This is because Canadian financial institutions collect personal information linked to cross-border wire transfers the U.S. doesn't. The most privacy-invasive reports are suspicious ones. Compared to Canadian banks, U.S. banks are more trigger-happy when it comes to deeming a given transaction as suspicious, but the US$5,000 floor on reporting suspicious transactions somewhat mitigates this eagerness. 

Having dealt with what sorts of data flow in to the government, let's talk about what happens next with the data.    

***How personal financial data flows from the government to law enforcement***

The personal financial data accumulated by the two governments are managed by each nation's respective financial intelligent unit, or FIU. In Canada, this institution is known as the Financial Transactions and Reports Analysis Centre of Canada, or FINTRAC. In the U.S., the body that collects personal financial data is known as the Financial Crime Enforcement Network, or FinCEN.

It's here with the management of harvested financial data that the policies of the two countries really start to diverge.

To begin with, let's start with the length of time that data can be kept. In the U.S., FinCEN holds data indefinitely, so its database is forever growing. Canada allows FINTRAC to keep data for at least ten years and up to fifteen years, but after that FINTRAC must destroy any identifying information if it was not disclosed to law enforcement. Since most of FINTRAC's data is not disclosed, that means large amounts of data fall out of FINTRAC's database every year, and thus the amount of personal information collected grows at a slower rate than FinCEN's data hoard.

The differences between the two countries grows even wider when it comes to the question of who has access to citizens' financial data. In brief, U.S. law enforcement is granted broad access to the raw data whereas Canadian law enforcement's ability to see the data is strictly limited.

472 different U.S. law enforcement agencies at the Federal, state, and local levels have the ability to directly query FinCEN's database of CTRs, suspicious activity reports, and more. This amounts to around 14,000 law enforcement officers who can search through the personal financial data of American citizens. In 2023, these 14,000 users conducted 2.3 million searches using FinCEN's query tool.

FinCEN's data can also be downloaded in bulk form to the in-house servers of eleven different federal agencies, including the FBI, ICE, and the IRS. Bulk access (also known as Agency Integrated Access) means that the FBI, ICE, IRS, and eight other agencies don't need to use FinCEN's query tool. This bulk data can be access by another 35,000 agents. Alas, FinCEN doesn't track how many in-house searches were conducted by these agents in 2023, but I'd guess it's in the tens if not hundreds of millions.

By contrast, Canadian law enforcement agencies do not get direct access to FINTRAC's financial data trove. Instead, FINTRAC employs an internal force of a few hundred data analysts to parse the database for clues that suggest participation in money laundering or terrorist financing. Only when FINTRAC employees have attained a reasonable grounds to suspect that a pattern of transactions has crossed the line can they pass a report on to a Canadian law enforcement body, such as the RCMP or municipal police. This report is known as a financial intelligence disclosure and includes information like the name of the transactor, their address, telephone number, criminal record, and more.

FINTRAC submitted 2,085 of these disclosures to law enforcement in 2022-2023.

So to step back for a moment, tens of thousands of U.S. law enforcement officials conduct tens of millions of searches through Americans' personal financial data to get leads. In Canada, this same database can only be accessed a small number of FinCEN FINTRAC analysts, who selectively push a few thousand reports out to Canadian law enforcement each year. 

That's quite the contrast. Put differently, unlike their U.S. equivalents the RCMP, Sûreté du Québec, Ontario Police Police, and other policy agencies do not have the power to pull personal financial data willy-nilly from the government's database. This means far fewer eyeballs on Canadian financial records. As far as protecting the financial privacy of citizens, the Canadian access model does a better job. The U.S. access model is friendlier to law enforcement and stopping crime.

A disadvantage (or advantage, depending on your tolerance for being watched) of the American system is it allows the 11 agencies with bulk access to create "data cocktails"  personal financial data downloaded from FinCEN spiked with their own data sources  in order to better investigate suspects. For instance, according to a 2009 report from the Government Accountability Office, the FBI incorporates bulk FinCEN suspicious activity reports into its Investigative Data Warehouse along with 50 other data sets from different sources. The IRS's Reveal System, portrayed below, ingests FinCEN reports along with tax data to conduct more complex investigations.

The IRS's Reveal System, which ingests FinCEN CTRs along with other non-FinCEN data [source]

I don't know if the FBI and IRS data cocktails still exist, and in what form, but they certainly give a flavor of what sorts of broad access law enforcement can get to personal financial records in the U.S.

By contrast, Canadian law doesn't allow for U.S.-style data cocktails. An agency like the RCMP can't mix FINTRAC's store of personal financial data with their own bespoke data sources because the RCMP is prohibited from pulling raw CTRs, cross-border wire transfer reports, and suspicious transaction reports out of FINTRAC. Only FINTRAC gets to determine what information gets pushed out to the RCMP.

This firewall isn't accidental. As Horst Intscher, a former director of FINTRAC explains, a degree of privacy protection was purposefully built into FINTRAC's original design: "Because of the very broad range of information that the [Proceeds of Crime (Money Laundering) and Terrorist Financing Act] makes it possible for us to receive from reporting entities, it was determined at the original passage of the legislation that protections had to be built, so it would not be construed that there was a flow-through of massive amounts of personal information directed to law enforcement agencies."

In other words, FINTRAC was designed to prevent the likes of the RCMP from creating an FBI-style Investigative Data Warehouse. 

However, the wall imposed between Canadian law enforcement and FINTRAC does have a degree of porosity, enough to provide law enforcement with an indirect way for pulling data out of FINTRAC. If the RCMP is investigating a suspected money launderer, it can submit information about the suspect to FINTRAC in the form of a voluntary information record. For example, it might say that "Joe Blow and his sister-in-law Martha are the subjects of an investigation for drug trafficking and money laundering, and we just thought you should know that." This new data becomes part of FINTRAC's database, against which FINTRAC's agents will check all other data. If the agents spot a match, and it meets the bar for a "reasonable grounds for suspicion", then they must send the RCMP a disclosure containing the relevant personal financial information.  

In 2022-23 FINTRAC received 2,550 voluntary information records from Canada’s law enforcement and national security agencies (including from members of the public), a large number of these eventually boomeranging back to law enforcement in the form of a disclosure. How many? The head of FINTRAC once claimed that "65% to 70%" of FINTRAC's ultimate disclosures to law enforcement are triggered by voluntary information submitted by law enforcement, which hints at how porous the wall is.


That sums up my comparison of the inflows and outflows of personal financial data to the U.S. and Canadian governments. This is just a cursory analysis. There are all sorts of other vectors across which to compare the scope of the two nations' data collection efforts that I haven't explored. I've focused on the factors that I think are the most important.

Readers from other countries may be curious to find out about their own FIUs to determine where they stand relative to Canada and the U.S. If so, leave your findings in the comments. My Australian readers, for instance, may be interested to note that their government collects far more private information than the U.S. and Canada combined. AUSTRAC, the Australian FIU, collected 192 million transaction reports in 2023, an astonishing 7 reports per Australian!  This is because AUSTRAC receives information on all cross-border wires, with no lower threshold.

At the outset of this article I suggested that many of us would tolerate some loss of privacy in order to make it easier for the police to catch criminals. A few of us will accept a large loss. Others will not tolerate even the smallest infringement on privacy. An individual's line in the sand is very much a personal matter. I'm going to leave it to the reader to decide which country (if either) approaches the right balance. Is Canada too lax relative to the U.S.? Does the firewall we've erected between the cops and the trove of financial information give criminals free rein? Or does the U.S. not sufficiently respect privacy? Should the FBI and its sister agencies lose some of their unfettered access to Americans' personal financial data?

Monday, June 17, 2024

The intensifying effort to isolate Russia's banks

Last week the U.S. government expanded the coverage of its Russian secondary sanctions program to encompass most of Russia's banks. It's a very big step, one that has been long-awaited by sanctions watchers, and will likely have significant repercussions for Russia and its trading partners. Here's a quick explainer.

Stepping back, we can think about the U.S.'s sanctions war on the Putin regime as an effort proceeding in two acts. The first involved a "casual" round of primary sanctions beginning as far back as 2014 when the Russians invaded Crimean. Then the heavy round began in December 2023, almost nine years later, with the arrival of secondary sanctions.

Pound for pound, U.S. secondary sanctions are far more impactful than primary sanctions. Primary sanctions cut off American entities from dealing with designated Russian targets but allow non-American actors to step into the breach and take their place. This merely shifts or displaces trade routes, creating a nuisance rather than reducing trade outright.

Secondary sanctions like those introduced last December aim to curb this displacement effect by extending prohibitions on dealing with Russia to non-U.S. actors, in particular foreign banks. The gist of secondary sanctions is: "If we can't deal with them, then neither can you!"

Why do non-American actors in third-party nations like China and Turkey bother complying with U.S. secondary sanctions on Russia? The U.S. wields an incredible amount of influence by threatening to cut third-parties off from the U.S. economy should their ties to Russia be maintained. The importance of accessing the U.S., in particular its financial system, far outweighs lost Russian business, prompting quick compliance.

So what exactly happened last week? Let's first re-explore what occurred in December 2023.

If you recall from my previous article, the December secondary sanctions targeted foreign banks. Their aim was to prevent bankers in places like India, Turkey, China and everywhere else from interacting with Russia, but only with respect to a narrow range of transaction types  those linked to the Russia's military-industrial complex.

More specifically, a Chinese or Turkish bank could continue to deal with Russian customers as long as the transaction in question involved goods like cars or dishwashers. The novelty is that they were now prohibited from conducting any transactions with Russia that involved weapons, military equipment, and dual-use goods, on pain of losing access to the crucial U.S. financial system.

In addition to a flat-out prohibition on military-industrial goods, the U.S. Treasury also compiled a blacklist of around 1,200 or so Russian individuals and entities that support Russia's military-industrial complex by working in allied sectors such technology, construction, aerospace or the manufacturing sectors. The December order stipulated that if caught dealing with any of these 1,200 or so names, a foreign bank could be cut off from the U.S. banking system. Russian individuals and businesses who were not on said military-industrial complex list, however, could still be served by foreign banks, even if they had been otherwise sanctioned. (Remember, primary sanctions only apply to U.S. actors.)

As I wrote back in February, anecdotal data from the first two months of secondary sanctions suggest that they are having an effect. Below I've updated the chart from an earlier tweet showing Turkish exports to Russia, which continues to trend downwards (note the 12-month moving average.)

In a recent article, The Bell assessed customs statistics and found that since the start of 2024, imports from some countries are down a third in some countries compared to 2023, notably Turkey (-33.8%) and Kazakhstan (-24.5%).

Source: The Bell

Which finally gets us to last week's announcement.

The scope of the secondary sanctions has been dramatically widened by adding around 3,000 or so additional names to the original 1,200 or so individuals and entities involved in Russia's military-industrial complex, for a total list that is now 4,500 long, according to FT. The reasoning for this extension is that now that Russian is a war economy, pretty much everyone is contributing to the war effort. 

The most important of the additions to the list are Russia's banks. The Treasury's press release drove home this point by specifically drawing attention to the branches of Russian bank in New Delhi, Beijing and Shanghai that are now are off limits.

Going forward, any bank in China or India that interacts with a Russian bank, say Sberbank, now risks losing its crucial connection to the U.S. This is huge! The majority of global trade is conducted by banks in one country interacting with banks in another on behalf of their respective customers. If Russian banks are cut off from this global network, that's tantamount to severing the entire Russian economy from the international economy. With their bankers now isolated, Russian firms won't be able to buy or sell stuff overseas, nor repatriate funds to pay their local employees.

I'm still trying to get my mind around the enormity of this. Russia has become the top destination for Chinese auto exports, for instance, and those purchases require getting a Russian bank and a Chinese bank to interact with each other. How on earth will Russia import Chinese cars without the intermediation of Russian banks? Or appliances, or smartphones?

There are two significant exemptions to the secondary sanctions coverage: agricultural products and  crude oil. What this means is that while a bank in India can no longer deal with a Russian bank like Sberbank, that prohibition ends if they want to conduct transactions with Sberbank that involve grain or oil. Since Russia's economy is so reliant on its oil exports, this exemption is a gaping hole in the sanctions wall that Ukraine's allies are trying to build.

How will Russia and its trading partners react?

A few sacrificial banks

To keep trade flowing between Russia and trading partners like China, it may be necessary for China to serve up a sacrificial bank or two to the U.S. sanctions regime. Who to sacrifice? A small bank with little to no U.S. business is a prime candidate. Such a bank may be able to afford being cut-off from the U.S. financial system in order to ensure that its mostly Russian-linked clientele can keep making bank-to-bank payments.

An example of a willing-to-be-sanctioned financial institution is the Bank of Kunlun, a small Chinese bank which continued to facilitate Iranian transactions even after secondary sanctions were levied on Iran in late 2011. The U.S. government reacted the following year as it had threatened that it would: it cut the Bank of Kunlun off from the U.S. financial system, a state of affairs that continues to this day. Kunlun remains the only bank in the world on the U.S.'s CAPTA (Correspondent Account or Payable-Through Account) list; a register of financial institutions which cannot get a U.S. bank connection.

An appearance on the CAPTA list hasn't stopped the Bank of Kunlun from doing business, however. According to the Atlantic Council, Kunlun has become one of the main connection for so-called Chinese "teapots" small independent refineries  to buy oil from Iran. Apparently, one of its flagship products is "Yi Lu Tong," which means "Iran Connect." Of course, the Bank of Kunlun can't do a shred of U.S. business, which severely limits its clientele.

In any case, the Bank of Kunlun, or something like it, could end up being the linchpin of Russian sanctions avoidance.

AML-dodging stablecoins

Another alternative option for Russian trade will be to turn to U.S. dollar stablecoins like USDC and Tether. Stablecoins are blockchain-based payments platforms that offer balances pegged to national currencies, usually the U.S. dollar. Unlike banks, which do due diligence on their customers, stablecoin issuers will allow anyone to use their platforms, no questions asked. This feature offers Russian firms a reliable non-bank payments option for settling purchases of Chinese or Turkish products.

Stablecoins are not a new route for Russians keen to evade the long-arm of U.S. sanctions. I wrote last year about how intermediaries linked to a sanctioned Russian oligarch purchased oil from Venezuela's sanctioned state-owned oil company using Tether stablecoins, or USDT. "No worries, no stress," says the Russian to his Venezuelan contact. "USDT works quick like SMS."

"...quick like SMS" [link]

More recently, a Russian sanctions evader describes how he uses Tether to "break up the connection" between buyers like Kalashnikov and sellers in Hong Kong, making it harder for US authorities to trace the transactions. "USDT is a key step in the chain." 

Turning to the U.S., what might its next steps be in the sanctions war?

Extend the secondary sanctions to oil

Sanctions are a cat and mouse game. As Russia inevitably finds ways to adapt to last week's actions, the U.S. will have to find alternatives to keep up the pressure on the Putin regime. A prime candidate for the next ratcheting up of secondary sanctions will be to extend their reach to Russia's oil industry.

The U.S., EU, and other coalition countries are currently trying to cap Russian oil prices at $60 in order to reduce Russia's revenue base, with mixed success. One option would be bring the rest of the world into the price cap effort in order to make it more effective. A simple upgrade to the secondary sanctions regime would allow for this. Foreign banks would still be able to conduct transactions with Russian banks that involve oil, but only if these banks have verified that those purchases have been made at a price of $60 or lower. Any international bank caught breaking the price cap would risk losing its financial connection to the U.S.

Locked up in escrow

Another way to tighten the noose on Russia would be to modify the secondary sanctions program to impede the ability of Russian oil exporters to repatriate or easily utilize the funds they receive for oil sold abroad. 

How would this work? As before, foreign banks in, say, India would still be allowed to conduct oil transactions with Russian banks at prices not exceeding $60, subject to a new sanctions feature stipulating that all oil proceeds must be confined to escrow accounts in the buying nation, in this case India. If Putin does wish to use the funds in Indian escrow accounts to make purchases, they can only be used to buy Indian products. If an Indian bank fails to keep oil proceeds "locked up" in India, and lets them escape by wiring them back to Russia or a third party like Dubai, then it could face the threat of losing its U.S. banking access.

If implemented, this locking restriction would dramatically reduce Putin's ability to repurpose oil revenues. Stuck in foreign banks with only a limited menu of local goods to buy (and likely earning sub-market interest rates), Russian resources would languish, illiquid and uncompensated.

This sort of restriction isn't a new idea. It was successfully tried out on Iran beginning in 2013 in the form of the notorious Section 504 of the Iran Threat Reduction and Syria Human Rights Act (TRA), once described as a bit of sanctions warfare that was "so well constructed and creative that in some respects it can be considered… beautiful." I wrote about it eleven years ago. It's time to dust it off.

Monday, June 10, 2024

"I didn't launder the cash, your honor. The robot did."

Crypto enthusiasts protest the trial of Alexey Pertsev

As the multiple Tornado Cash legal cases wend their way through courts in the Netherlands and the U.S., we continue to learn how society's money laundering laws will be applied to some of the more unique financial entities being created on the new technological medium of blockchains.

Last month Alexey Pertsev, a co-creator and co-administrator of privacy platform Tornado Cash, was found guilty of money laundering by a Dutch court. (The full decision translated into English is here). Meanwhile, Roman Storm and Roman Semenov, Pertsev's colleagues, are under indictment in the U.S. for engaging in money laundering, among other charges. Separately, Tornado Cash continues to be sanctioned by the U.S. Treasury.

In general, I think a guilty verdict is the right decision. It would have been dangerous to find Pertsev innocent, since to do so would have given all sorts of hardened money launderers  the mob, drug lords, and terrorist networks  the perfect techno-legal loophole for avoiding future money laundering charge. Shifts in the underlying technology used for disguising dirty money should not be enough to turn a crime into a non-crime.

Before I get into my reasoning, here's some context for people who are new to the issue of Tornado Cash.

Tornado Cash was introduced by Pertsev, Storm, and Semenov in 2019 as a means for crypto users to enjoy privacy, but it wasn't long before thieves and hackers began to regularly deposit large amounts of stolen crypto into the utility to be obfuscated. This was plain as day to anyone who was watching. Blockchains are radically transparent (that's why privacy tools like Tornado are needed) which meant that everyone could watch in real-time as criminal trails converged on Tornado Cash. 

Court cases in both the U.S. and the Netherlands reveal that Pertsev and his colleagues were well-aware that illicit activity passing through Tornado, yet they continued to work on the utility anyways. This is important because possessing a "knowing" state-of-mind is a key ingredient to being found guilty of money laundering. If he had had no idea that the money being disguised was dirty, Pertsev could not have been charged in the first place.

Criminals were not the only users of Tornado. Licit actors who wanted privacy also deposited funds into the entity, including Ethereum co-creator Vitalik Buterin. But the presence of good transactions amongst the bad ones doesn't dilute the seriousness of the alleged crime. All it takes to trigger a money laundering charge is a few dirty transactions. "C'mon! 82% of the money was licit!" is no alibi.

Tornado Cash is by no means the crypto economy's first privacy platform. The original generation of privacy tools, so called "mixers" or "tumblers," began to emerge in the early 2010s with the likes of ChipMixer, Helix, Bitcoin Fog, Sinbad, and Blender. Anyone who required anonymity could send their bitcoins to the platform owner, who would proceed to commingle, or "mix," all incoming bitcoins in a single address under their control, thus rendering them untraceable. After some time had passed, the platform owner manually re-sent the now obfuscated bitcoins to their original sender, less a fee.

Like Tornado Cash, the first generation of privacy utilities was used by both criminals and regular folks seeking privacy. None of these original mixers have had happy endings. The owners of Bitcoin Fog and Helix, Roman Sterlingov and Larry Harmon, were both found guilty of money laundering and are currently serving jail sentences. Minh Nguyen, the administrator of ChipMixer, has been indicted for money laundering and is on the FBI's most wanted cyber list. Blender and Sinbad have both been sanctioned by the U.S. government.


By any legal standard, these bad endings were well-deserved. They may have been technological novelties, but ChipMixer, Helix, Bitcoin Fog, Sinbad, and Blender were very much text-book examples of money laundering. The owners of these entities knew that some of the transactions they were participating in involved proceeds derived from criminal sources, yet despite this knowledge they proceeded to disguise them anyways. The only thing new about Helix and the other first generation mixers was the medium they were disguising  bitcoin instead of cash or deposits.

And so professional mixers like Harmon and Nguyen join a long line of traditional money launderers  dirty bankers, drug cash couriers, crooked remittance shop owners, and hawala operators. The law shouldn't be fooled by technological novelty, and in the case of the first generation of mixers, it wasn't.

That these were textbook cases of money laundering isn't disputed by the crypto community. Crypto advocates are a vocal bunch, and while they have loudly voiced their complaints about the legal action taken against Tornado Cash, they have for the most part quietly accepted the punishments meted out to the first generation privacy platforms. A legal fundraiser to support the Tornado Cash accused, for instance, has raised hundreds of thousands of dollars; there have been no equivalent efforts to raise a legal defence for Harmon, Sterlingov, or Nguyen. Crypto lobbyists have gone to war for Tornado Cash by launching court appeals and filing amicus briefs in its support. But when it comes to defending the Bitcoin Fog or Helix operators, or challenging the government's sanctioning of Sinbad and Blender  crickets.

The Tornado Cash legal cases have been more controversial than those of the first generation mixers thanks to a technical innovation in Tornado's construction. Most of us would consider this to be a relatively obscure change, but crypto enthusiasts see it as a defining one.

Harmon and his counterparts controlled their platforms outright, taking possession of the dirty crypto before manually sending it back to criminals in disguised form. Not so Tornado Cash. When it was built, a layer of automation was inserted between Tornado Cash's users and Pertsev and his colleagues.

Instead of sending their crypto to wallets controlled by the trio, as users did with Helix, crypto was now deposited by users into a set of automated pools. These pools were not managed on an ongoing basis by Pertsev and his colleagues. Rather, they were built using fully automated code on the Ethereum blockchain. Originally co-created by Pertsev in 2019, this code was frozen in time by the designers in early 2020, at which point it could no longer be upgraded or changed by anyone, even Pertsev. To this day the pools continue to operate, even though the Tornado Cash creators are either jailed or under indictment.
Other parts of the Tornado Cash platform are not so set-in-stone and remained under the control of Pertsev and his colleagues throughout. This includes the main website by which users accessed the automated pools, which was regularly upgraded over time, as well as the relayer service. (A relayer is a way to guarantee the privacy of Tornado Cash users). Pertsev and his colleagues profited from their ongoing control over the website and relayers.

The lawyers for Pertsev, Storm, and Semenov have argued that this layer of automated code exonerates the trio of money laundering. After all, if they no longer control what the utility is doing, then how can they be said to be operating a money laundering enterprise? The lawyers also argue that as writers of code, Pertsev, Storm, and Semenov are protected by speech laws, much like an author who has written a book. It is the code-is-speech claim that has particularity riled up the crypto community.

I don't like the idea of someone being sent to jail, but I think it's a good thing that the Dutch court chose not to accept these arguments.

Using go-betweens is a time-tested criminal strategy for distancing oneself from the crime. In more conventional money laundering operations, this strategy might involve separating the leader of a cash laundering operation from the actual dirty cash with a layer of underlings. In the age of crypto, no need to use living human underlings; just insert a buffer of unliving code.  

But the law shouldn't be fooled by artificial distances between a launderer and dirty money, whether those intervening layers be living people or code.

Allowing a buffer of automated code to absolve folks like Pertsev of money laundering would make it much easier to be a professional money launderer. Bad actors like Harmon and Sterlingov who have already been deemed by the courts to be criminals would suddenly have the perfect techno-legal loophole at their disposal if they decide to reengage in crypto laundering once their jail terms are up. Instead of manually running their operations as before, Harmon an Sterlingov could insert a mute layer of automated code between them and their illicit clients, their criminal mixing no longer being a crime.

But this would be an absurd state of affairs. A simple technological change to the way a criminal mixer administers their back office shouldn't convert them into a non-criminal.

The danger of the "it was the code that did it" defence extends beyond the crypto economy. In the much-larger traditional economy, laundering physical cash is a relatively common criminal profession. Take the fictional example of Marty Byrde, the star of Ozark. If the Tornado Cash defence were to be accepted in a court of law, then Byrde need only program a set of self-operating cash-handling robots to do most of his tasks for him, and he can get away scot-free. "I don't exercise any control over the packages of cash, your honor. The robots did!"

Or take the example of drug cash couriers, who run the risk of being convicted for money laundering when they move cash across the U.S.-Mexico border. Taking a cue from Tornado Cash, if a courier were to deploy an autonomous fleet of AI-powered drones instead, then when charged with a money laundering offence he or she need only invoke the now-standard defence: "it was the drones who controlled the cash, not me."

Taken to an extreme, the Tornado Cash defence means that money laundering effectively ceases to exist as a crime. All the culpability shifts onto the undead intermediaries, which can't be punished. This eclipsing of money laundering laws would be unfortunate. Professional money laundering is a key sector within the broader criminal economy, greasing the wheels for the entire enterprise. Without any legal defences against launderers, we are all much more vulnerable to crime-in-general.

In what follows, I want to provide a historical example of how the law should act when confronted with the changing tactics and technologies of money launderers.

Money laundering is a relatively new crime, but it has a much older predecessor in the crime of fencing, also known as receiving. The laws against fencing and money laundering are similar, the idea being to punish not the original criminals but the third-parties who knowingly participate in the crime by accepting dirty proceeds.

Any thief runs a big risk of being caught with stolen goods. At some point in the middle ages, specialized intermediaries, or fences, emerged to absorb this risk by accepting stolen property from professional thieves and redistributing it. Thieves could now offload their goods much quicker, thereby achieving a degree of safe harbor. For their part the fences themselves were safe from prosecution. After all, they hadn't committed the original theft, and accepting stolen property was not a crime.

The addition of specialized wholesalers to the thievery production process helped drive a rise in the incidence of theft, according to historian Rictor Norton. To close this loophole, fencing was criminalized in England in 1692. For the first time, a third-party who knowingly accepted stolen goods could be punished as an accessory to the original theft. The business of reselling hot property, risk-free until then, suddenly became much more dangerous.

The illegal fencing market quickly evolved new tactics. Enter Jonathan Wild, an incredibly successful launderer of stolen goods who, by the mid 1710s, is said to have been the "undisputed leader in the fencing business of London," according to marketing professor Ronald Hill. Wild evaded the 1692 anti-fencing law by never himself handling stolen property. Instead, he acted as an early version of Craigslist, but for stolen objects. He arm-twisted all of London's thieves to secretly report any robbery immediately to him, asking them to retain possession until he contacted them. At the same time, the unfortunate victims of those thefts were encouraged to approach Wild with requests to help locate their missing property.

Once Wild knew who was at both ends of a theft, he would pay the thief and tell him to return the goods to the victim using an anonymous porter. The happy victim got their stolen goods back, paying Wild a large reward for his troubles.

With Wild running circles around the law, Parliament passed an additional anti-fencing law in 1718 that punished anyone who took a reward under the pretence of helping a victim of theft, without actually prosecuting the original felon. In 1725, Wild was apprehended, tried, and condemned to death on the basis of this statute. 

A gallows ticket to view the hanging of Jonathan Wild (Wikipedia)

Now, a death sentence is extreme. But this is a good example of the law staying hip to both the changing technology of theft and its evolving division of labour. As the profession began to be subdivided into specialist thieves and an emerging class of allied wholesalers of stolen goods, lawmakers recognized that wholesaling was really just an appendage of theft, and thus fencing was criminalized. Later on, when fences like Wild adapted with new methods, the law kept up by finding additional means to reach fencing operations.

With Tornado Cash, we are at a "Jonathan Wild" stage of the modern money laundering profession's development. Control of dirty proceeds is being shifted to autonomous intermediaries so that the perpetrators can avoid prosecution. Much like how the law adapted in the 1700s to encompass Wild's tactics of distancing himself from dirty property, it will have to do the same with money launderers who use crypto code, autonomous robots, or AI drones to dissociate themselves. While I don't enjoy the idea of anyone spending time in jail, finding Pertsev guilty is part of that process.

Unlike Jonathan Wild, who was a criminal mastermind, Alexey Pertsev and colleagues seem to have bungled into the crime partly out of an ideological commitment to crypto ethics, the wider community unhelpfully egging him on. That doesn't mean he's not guilty, but it does suggest a lighter sentence than the 64-month one he received might be appropriate.

I've been arguing throughout this article that money laundering law should extend to innovative financial entities created on blockchains, such as Tornado Cash. I want to close by pushing back on this a bit.

A guilty verdict for Pertsev and his colleagues should not be tantamount to a ban the creation of autonomous financial institutions, particularly those focused on privacy. If a coder wants to create an open privacy mechanism for crypto, promote it, and financially profit from it, I think that he or she should have the right to do so, subject to the following condition. The code needs to include a component that screens out dirty crypto  and this filter shouldn't be a sham attempt, it has to be a genuine effort.  

While I think the law got it right in this instance, shame on lawmakers and law enforcement if they don't accommodate future generations of code-based entities (and their creators) that actually do make good faith efforts to freeze out dirty money.

Tuesday, May 28, 2024


An English penny minted by William the Conqueror, who brought monetagium to England. Source: History in Coins

The way that a modern mafia protection racket works is the mafia starts doing very bad things to regular folks, say you and your business. To stop the damage, you pay them a regular fee. Both sides come out ahead. The mafia earns a tidy stream of income. Your suffering comes to an end.

In feudal Europe, a monetary practice called "monetagium" worked along the same principles as a mafia protection racket. It began with the feudal lord threatening to do very bad things to the coinage. To prevent these very bad things from happening, the public would pay a fee called monetagium to the lord. Both sides came out ahead. The lord earned revenue. His vassals avoided a worsening of the coinage.

To better understand the intricacies of monetagium, or monetary blackmail, we need to explore how the monetary system worked back in the 11th and 12th centuries.
A feudal lord had a number of ways to earn revenue. These included gabelle, a tax on salt; heriot, a death duty that was paid to the lord upon the death of a tenant; merchet, fee paid on marriage, and the Saladin tithe, a tax paid by all those who did not go on Crusades. Another common revenues source was the prince's monopoly over the coinage. Anyone could bring their personal silver to the royal mints and have it be converted into coins, for a fee. This revenue source was known as seigniorage. The lord of the realm, or seigneur, often outsourced the running of their mints to professional third-parties, or moneyers, who collected the fee and remitted it to the seigneur after subtracting what was needed to pay their own costs and earn a profit.

Seigniorage provided a steady stream of revenue to the lord. But if he really wanted to turbocharge his revenues, a debasement of the coinage could be introduced.

A debasement means a reduction in the silver content of new coins. Post-debasement, a canny merchant could bring a chest full of old silver coins to the mint and get those converted into even more new ones. So for example, if he had 1,000 old coins on hand, and a 20% debasement had been introduced, a merchant would be able to have his 1,000 coins reminted into 1,200 new coins. He might have to pay 50 of those to the lord, leaving 1,150 coins. The extra 150 coins now in his possession provided him with the opportunity to buy more goods & services than before (at least until prices adjusted) and settle more debts.

To take advantage of the opportunity provided by the debasement, a wave of customers would arrive at the mint to convert their silver into new coins, the result being a temporary boost to the seigneur's minting profits. If a single debasement provided a one-time boost to the lord's revenues, a series of such debasements could repetitively turbocharge those revenues. (Henry VIII notoriously used this technique to fund his expensive French wars.)

Debasements may have boosted feudal revenues, but they were generally unpopular with the public, a fact that many writers from that period have commented on. And you can understand why. Debasing the coinage caused inflation, or a rise in the price level, and in no age has inflation ever been popular. Furthermore, the penny was the unit of account, or the means by which people reckoned and computed their financial lives. As the penny was mutated, its ability to serve as a measuring tool was compromised.

By the 11th century, Normandy's dukes had been resorting to regular debasements as a revenue device for some time. But they soon had an epiphany. They realized that they needn't enact an actual debasement to earn a profit. Instead, they could just threaten to enact one, and then extort the public for a ransom to prevent it from going through.

This tax was known as monetagium. By the late 11th century, monetagium was being levied on Norman citizens every three years in return for the Duke's promise not to reduce the silver content of the coinage. The tax worked out to 12 pennies per household, or hearth, which according to historian Thomas Bisson amounted to the wages of "a day's field work per year." Knights and the clergy were exempt. In scope, monetagium was an "important but unspectacular financial resource," says Bisson, raising a fraction of the much larger land tax on farms.

In other parts of France, including Orléans and Paris, the monetagium was known as the "tallage on bread and wine," writes Bisson. Calculated based on the amount of provisions that subjects had on hand, including measures of winter wheat and spring oats, the bread and wine tax was justified to the population as the king's generous substitute for debasement.

From the perspective of the king or feudal lord, monetagium must have been a superior tax policy to debasing the coinage. Gone was the need to force the population to trudge each few years with their silver coins to the mint for recoinage every three years. And the coinage at least stayed constant, removing the difficulties and uncertainties imposed by inflation on the feudal economy. But while monetagium was less capricious, it was still abusive  in the same way that the mafia's protection payments are abusive. This was especially apparent to the inhabitants of England.

There is evidence that the Normans exported the practice of monetagium to England after William the Conqueror's successful invasion of the island in 1066. The English version of monetagium appears to have operated on slightly different principles than the Norman one, however.

Whereas Normandy had a long history of debasement, England's coinage up till 1066 had remained relatively consistent in weight and purity, a tradition that the Norman invaders were expected to (and did) uphold. Unable to use the threat of a debasement to extract monetagium, England's new Norman lords came up with another excuse.

For almost a century prior to the Norman invasion, the English coinage had been regularly renewed each three years. That is, a new version of the penny was regularly issued, the imagery being updated but the silver content staying the same. So this was not debasement. The older versions of the penny were generally allowed to stay in circulation, although from time-to-time the most dated coins would be declared void, says W.J. Andrew, a numismatist. Once they ceased to be legal tender, citizens were required to bring in these discontinued coins to be reminted into new ones, for a fee. The fees earned from demonetization were one of the ways the English kings earned income.

According to Andrew, the English tradition of recurring triennial renovatio monetae gave the Norman kings the missing hook they needed to extract monetagium from the English population. By declaring all coin types to be void each three years (instead of just some of the oldest ones), as was his right, England's new Norman kings could place a costly burden on the population. English-folk would have to regularly haul all their coins to the local mint for costly conversion. To avoid this burden they were proffered an alternative: pay the monetagium every three years instead, and in return the king would let old pennies remain as legal tender.
This was not a popular practice with the English. When Henry I came to power in 1100 he would officially end it, proclaiming the following: "The common monetagium... which was collected through the cities and through the counties, which did not exist in Kind Edward's time, this I utterly abolish from now on."

The phenomenon of monetagium also pops up in Denmark in the 13th century in the form of a "plough tax," as recounted by historian Sture Bolin. Like many parts of Europe, Denmark's coinage was subject to renovatio monetae whereby it was routinely recalled and cancelled. The conversion rate was costly; for every three demonetized coins submitted, a Dane might receive only two in return. The policy of renovatio monetae was brought to an end in 1234 by King Valdemar II. In its place, a new tax was levied such that for every plough owned, Danes had to pay one öre in coin. Valdemar justified the plough tax to his Danish subjects as the price they had to pay to enjoy permanent coinage.

Notably, the coins that Valdemar issued in 1234 have the distinction of being the first European coins in the Christian era to have a date stamped on them. In the image below, they are dated MCCXXXIIII, although I must confess that I can't quite make it out. (This source may help you pick out the numerals.)

A penny from Roskilde, Denmark dated 1234 holds the honor of being the earliest Anno Domini dated coin in the history of European coinage Source: Reddit

Bolin suggests that the novelty of coin dating was intended to commemorate both the permanent nature of Danish coinage and the simultaneous introduction of the plough tax.


So what are we to make of all this today? Modern democracies are not feudal mafioso, yet they often face the similar dilemma of what mix of revenue sources to rely on, one of those sources being monetary debasement. A literal debasement of the coinage is no longer a policy that can be pursued  our currencies are no longer metallic. The modern equivalent would be for a democratic government to lean on the central bank to fund government spending, too much of this resulting in inflation.

In general, democracies have not resorted to modern version of debasement as a revenue source due to the unpopularity of rising prices. Instead, contemporary policymakers tend to rely on income taxes, consumption taxes, and property taxes. I suppose we can think of these obligations as our modern version of monetagium. They are the "better taxes," akin to the Danish plough tax or the Parisian grain and wine tax, that we subject ourselves to instead of the not-so-good taxes that get levied via the monetary system.

Wednesday, May 8, 2024

Renovatio monetae

This silver pfennig from the Archbishopric of Magdeburg (1152-1192) was subject to a policy of renovatio monetae. Twice a year whoever held it had to bring it in to be changed for new coins at a rate of four old coins to three new coins. That suggests an annualized tax rate on coinage of 44%. Image source: British Museum

This is another post in a series that explores how European monarchs harnessed the minting of coins to earn revenues for their coffers. 

A king or queen generally resorted to two different strategies for profiting from the mints. The first was to mint long-lived coinage. The second involved issuing short-lived coinage subject to a policy of renovatio monetae, which is the topic of this post. These aren't mutually exclusive buckets. It's possible for elements of both policies to be blended together.

Almost everything I've written about medieval coinage on this blog has been about the long-lived sort, because that was the dominant pattern in Europe. Under a long-lived coinage system, once a coin had been minted it remained in permanent legal circulation. For example, England's long-lived coinage policy meant that an English penny produced in 1600 would have been just as valid a hundred years later, in 1700, as a penny produced in 1699.

The monarch earned a one-time fee from the original minting of the coin. More specifically, a citizen who brought raw silver to the royal mint left with that same amount of silver now transformed into coin form, less a small part going to the crown. This profit was known as seigniorage. In England, the seigniorage rate on silver typically hovered around 5%, my source for this number being The Debasement Puzzle by economists Rolnick, Velde, and Weber. Once a particular coin was produced, however, the king or queen no longer earned revenue from it.

As society grew and more coins were needed, raw silver was constantly brought to the royal mints by the public in order to be coined, the monarch earning a steady stream of income. This was known as free coinage, since everyone had the right to access the royal mints.

Short-lived coinage subject to a policy of renovatio monetae was an entirely different manner. Under this model, coins didn't circulate permanently. When a king or queen announced what was known as a renovatio monetae, or a renewal of the coinage, all existing coins had to be brought back to the mint to be recoined into new coins. The monarch collected a fee upon each renovatio monetae. 

To help reinforce the monarch's ability to collect a profit, only the most recent coin was allowed to be used within the monarch's domain. Older local coins and coins from other realms were illegal. To distinguish the new version from the outgoing version, the new type was stamped with a different pattern. The penalties for not obeying the rules of renovatio could be harsh. According to Philip Grierson, a numismatist, anyone caught using expired coinage could face imprisonment, a fine, or have their face branded with the old pattern of coin.

Source: Svensson

The period of time between one renovatio monetae and the next varied widely. In England, the monarch initially adopted an interval of nine years, beginning in 973 AD with Edgar. Later on, this was shortened to just three years. In many parts of Germany and Poland, renovatio monetae occurred yearly, as recounted by economist Roger Svensson in his wide-ranging book on the topic. In the Archbishopric of Magdeburg it was carried out twice a year, coinciding with important market days in the spring and autumn. The Teutonic order in Prussia used a much slower ten-year cycle, according to Svensson. 

The date for the switch was often chosen to occur just prior to annual tax payment day or, as in the case of Magdeburg, ahead of a regularly occurring market or festival (see figure above). Requiring that all tax payments or market transactions be conducted with new coins reinforced the necessity of  bringing in old coinage to be melted down into new coinage, thus guaranteeing a boost to the monarch's revenues.

The coinage that prevailed in Poland and Germany from the 12th century almost seems to have been designed with a short lifespan in mind, since it is leaf-thin and fragile. Coins minted in this style are known as bracteates, one of which can be seen below. Svensson speculates that the bracteate format was better suited for the purposes of renovatio monetae than standard coins since the costs of periodically reforming silver into thin and pliable coin would have been lower than heavier coins. 

Leaf-thin bracteates from Frankenhausen. Source: Svensson

How much profit did the monarch collect from renovatio monetae? 

For many years the Teutonic order in Prussia used a conversion rate of seven old coins to six new ones, says Svensson. Combined with the fact that renovatio only occurred every ten years, the effective tax rate was relatively light. According to Christine Desan, a law professor, English royal profits amounted to 25% of the metal minted (she cites Spufford), but recall that this tax was levied only every three years so that works out to a yearly tax of around 8%. (Some people may notice the similarity of renovatio monetae to ideas promulgated by Silvio Gesell, who came up with the idea of stamped scrip—money that depreciates.)

In some cases, though, the conversion rate bordered on exploitative. Svensson says that a common exchange rate in Germany was four old bracteates for three new ones. Given two renovatio per year in places like Magdeburg, that works out to a yearly tax rate on coinage of 44%! If a citizen of Magdeburg started the year with 16 bracteates in their stash, and they complied with both renovatio, by year-end target would only have nine bracteates.

This may have created a very weird effect whereby coins became "cheaper and cheaper" over the course of the year in anticipation of the inevitable withdrawal day, according to historian Sture Bolin. Since everyone would have known ahead of time that there was to be a 4:3 conversion on a fixed date, and no one wanted to be stuck holding coins and bearing the conversion tax, sellers would only accept coins at a discount to compensate them for conversion. That discount varied with time. As the final day approached, it would have got progressively wider.

In modern times we don't have to deal with the hassles of renovatio monetae. The coins and banknotes we use are long-lasting: a nickel from 1956 is just as valid as one from 2022. Or consider that while the $1 note is no longer printed in Canada, anyone can still bring them to a bank to be deposited for free. If a policy of renovatio monetae were to be announced by the Bank of Canada in 2025, and Canadians were required to bring our coins and banknotes in each year to be exchanged for new ones, there would probably be a revolt against the inconvenience of it, especially if the fee was high.

This combination of exploitation and inconvenience may explain why the English abandoned renovatio monetae in the middle of the 12th century in favor of permanent coinage. "The renovatio monetae witnessed to the extent of royal control and suggests that coining was routinely coercive," writes Desan. "This new system reduced the burdens placed on people required so frequently to remint their money at a cost."   

However, if renovatio monetae was inconvenient (and frequently exploitative), it also had a key benefit. As silver coins passed from hand to hand, they suffered from natural wear and tear. On top of that, bad actors regularly clipped off their edges, keeping the silver shavings for themselves. By renewing the coinage every year or two, the monarch ensured that the coinage was kept in relatively good condition.

Alas, the same can't be said for long-lived coinage systems, which were particularly prone to the wear and tear problem. After a decade or two of circulating, a typical coin would have lost a significant amount of its original silver content, at which point it would no longer be equal in weight to new coins. This meant that the realm's coins were no longer fungible, or interchangeable, with each other. The familiar problem of Gresham's law would now begin to plague the monetary system, whereby the "bad" coins, which meant the old underweight coins, drove out the "good" coins, the new full-weighted ones. With only shabby coins being used in trade, the money supply was more prone to counterfeiting and clipping, leading to an even shabbier coin supply, and more counterfeiting and clipping. 

Mind you, there were ways to defend against the inevitable downward spiral of long-lived coinage. By adopting a policy of defensive debasements, which I've written about before, the fungibility of coins could be restored.

Nor were long-lived coinage systems spared from being exploitative in nature. The method of abuse was different than that used to exploit short-lived coinage, involving a policy of repetitive debasements in the silver content of coinage.

As an example of this, I wrote a post last year exploring how Henry VIII financed his wars in France using debasement of his long-lived coinage. Do read it, but in short the trick was to increase the number of people visiting the royal mints to convert raw silver into new coins. This would in turn boost the monarch's profits. After all, he or she earned a 5% cut from each new coin produced.  The rush to the mint was linked to the fact that, post-debasement, the public could now get more silver pennies from the mint than before for a given quantity of silver, which in turn allowed them to buy more goods and services than they would have otherwise been able to purchase.

After a series of such debasements, Henry VIII was much richer, but the coinage was debauched. Going into 1542, for instance, the English penny contained 92.5% silver. Nine years later its purity stood at just 25% silver, the majority being base metal such as copper. 

To sum up, short-lived coinage issued under a policy of renovatio monetae was one of several ways to administer the monetary system. It had some advantages over other methods, but was also easily abused. This abuse was linked to the fact that coinage was simultaneously a crucial tool for day-to-day commerce, both as a medium of exchange and a unit of account, and also a way for the monarch to fund itself. Maximizing its latter role by relying on frequent and onerous renovatio may have done severe damage to money's capacity to perform the former role. 

This tension was not necessarily resolved with the move towards long-lived coinage, as Henry VIII demonstrates. And while we may think we have left these these medieval issues behind in the 21st century, I don't think that we can ever fully escape the tensions embodied in money's dual roles as crucial tool of commerce and source of government funding.

Friday, April 19, 2024

Thoughts on the Tornado Cash defence and what happens when everyone adopts it

Payments companies are regularly punished for engaging in money laundering. MoneyGram, for instance, has has to pay multiple fines. Western Union was famously busted in 2017. Meanwhile, Cash App is being probed as we speak for inadequate anti-money laundering controls.

In the future, these companies may have in their grasp a very simple techno-legal trick that allows them to deal with dirty money and get away with it. All they need to do is transfer their entire IT apparatus from a regular set of databases onto "immutable" smart contracts hosted on blockchains.

This, at least, is what happens when you take the arguments put forward by the Tornado Cash defence team to their logical conclusion.

If you follow this blog, you'll know I've written a lot about Tornado Cash.

Cryptocurrency isn't private; it's radically transparent. The function that Tornado Cash serves is to accept traceable crypto from users, both licit and illicit, and return it to them in untraceable format. Beginning in late 2020, a steady stream of stolen crypto began to be moved by thieves onto Tornado Cash for the purposes of obfuscation. In effect, money laundering was now occurring on the platform. But who were Tornado Cash's money launderers? More specifically, someone was to blame for helping these thieves to disguise their tracks  who was this someone?

Last August the U.S. government indicted two people involved with Tornado Cash for conspiracy to commit money laundering.  I wrote about the government's indictment here. (They were also indicted for conspiracy to evade sanctions and the operation of an unregistered money transmitting business, but that's another story.)

Roman Storm and Roman Semenov, the accused, wrote the original smart contracts for Tornado Cash and exercised a degree of control over a key website for accessing those smart contracts. The government alleges that Storm and Semenov knew that the property being transferred to Tornado Cash was criminally derived, and that they also knew that the hackers wanted to disguise its source. Yet the duo conducted the financial transactions anyways. These three elements knowledge, the conducting of financial transactions, and the presence of unlawful money  are key ingredients to building a money laundering charge. (See specifically 18 U.S.C. § 1956(a)(1)B(i).)

Last week the defence lawyers for one of the accused parties, Roman Storm, filed a motion to dismiss the case, giving observers some initial insights into what arguments will be used to try and beat the government's money laundering charge. As I'll show, assuming these arguments are right, then a big chunk of the existing payments system has a fool proof plan for avoiding money laundering laws.

The distinction between the Tornado Cash front end and the actual Tornado Cash smart contracts looms large in the case, so let's touch on that briefly. The smart contracts are bits of code that reside directly on the Ethereum blockchain. This code allows users to deposit their trackable crypto to a pool along with many other users and then withdraw it, obfuscated. A front end, by contrast, is a regular website that allows users to interact with the smart contracts, and is hosted through a normal internet provider .

While users are free to interact directly with the Tornado Cash code, the most popular way to access Tornado was allegedly via the intermediation of the main website that was under the control of Storm and his colleagues.

The key argument made by Storm's lawyers is that the accused are not subject to the money laundering statutes because the money laundering statutes only apply to people who "conduct" what are defined as "financial transactions," and Storm did not conduct financial transactions.

The defence says that in order to show that someone was conducting a financial transaction it must be the case that control was exercised by that person over the actual criminally-derived funds. Storm may have had some control over the front end, but the defence claims this doesn't really matter because the front end itself did not exercise any control over the proceeds. "It did not access the funds directly," the lawyers argue. "It merely provided an interface to permit a user to interact with the smart contracts."  

As for the smart contracts, Storm clearly had no control over them. He had relinquished control back in May 2020, when a trusted setup ceremony ensured that no further changes could be made to the code. At that point, the smart contracts worked automatically. Bad actors only discovered Tornado Cash several months after the ceremony, at which time Storm had long gone. Furthermore, the smart contracts didn't actually control the funds, say Storm's lawyers, it was users of Tornado Cash who controlled the funds within the pool.

So, there you have it. The government's money laundering charge against Storm and Semenov requires locating a person or institution who is in control of the dirty funds and conducts financial transactions with them, says the defence. But it isn't the accused who exercised this control, it is the users who did so, via the intermediation of a set of financial automatons, the smart contracts.

For the philosophically crypto-pilled, the defence's arguments will make sense, since according to this view crypto is a revolutionary force for good, one destined to "break" what they see as a corrupt and old-fashioned financial system. For this breaking to happen, crypto shouldn't be forced to conform to the same old laws as stodgy payments companies like Western Union. New laws, or new ways of looking at old laws, should be shaped around crypto.

But to the non-crypto pilled, a successful defence of Storm and Semenov is quite concerning. As described by Bruce Schneier and Henry Farrel, it could potentially mean that anyone who wants to facilitate illegal activities would have a strong incentive to copy Tornado Cash, effectively turning their operation into a "golem"  a deathless artificial being run on smart contracts  and then throwing away the keys to avoid the law.

More specifically, by shifting their entire IT infrastructure over to smart contracts or some other equivalent automaton, payments institutions like MoneyGram that are currently subject to the money laundering statutes (and have already been punished under them several times) might be able to avoid future prosecution. If criminals start using the autonomous MoneyGram robot to make payments, MoneyGram can simply say: "The robot allowed them to do it, not us!" As for the official MoneyGram front end, even if the mob becomes a happy customer MoneyGram needn't worry since the front end is nothing but a filmy gauze between users and the autonomous robot, the company never actually controlling the funds (although according to the Tornado Cash lawyers the front end can continue to safely generate a profit for its owners!)*

The money laundering statutes  18 U.S.C. § 1956 and § 1957  are two of democratic society's key legal bulwarks against criminal behaviour. In a world in which the Tornado Cash defence prevails and payments companies adopt it as a techno-legal shield against money laundering charges, 1956 and 1957 become much less effective  and not because we decided to soften them via a democratic process, but because financial institutions found sneaky ways to get around the rules.

Mind you, the money laundering statutes wouldn't disappear entirely. The Tornado Cash defence's point is not that there is *no* money launderer. Rather, their argument is that it is the users of Tornado Cash, the public, who had "exclusive control," and not Storm and Semenov, so the latter duo aren't the guilty parties. Taking this control theory further, if the government wants to charge anyone with money laundering, it should probably be trying to target folks like Vitalik Buterin, a member of the public who regularly put his funds into Tornado Cash and thus potentially participated in the concealment of unlawful proceeds deposited by criminals.

What a dangerous financial tool to make available to the public!

Right now, I can safely transfer $1000 to Western Union without having to worry about commingling my $1000 with a criminal and thus facing a potential money laundering charge. The company takes on that liability for me. But if Western Union stops performing this legal responsibility by building financial automatons to which everyone has open access, both good and bad actors, then I am suddenly at risk of being a counterparty to criminals when I transfer $1000 to Western Union, and that could turn me into a money launderer. Money launderers can face up to 20 years in prison.

For users, a Western Union transfer suddenly becomes the financial equivalent of handling nuclear waste or operating a five-story crane. It's a task most people can't, and shouldn't, handle. Given the inherent legal risks, it's possible that the market will never widely adopt financial services delivered in the form of robots or golems or immutable smart contracts, preferring to stick with the traditional safe intermediaries who take on the burden of compliance. Or not?

Storm's lawyers may win this particular case. Their logic certainly seems sound, but I'm no lawyer. If so, there's a good argument to be made for lawmakers to consider modifying the definitions of words like "conducting" and "financial transactions" found under the money laundering statutes to prevent future efforts to use the Tornado Cash techno-legal trick. If  by merely swapping the technology used to deliver financial services a payments institution can suddenly avoid the law and offload legal responsibility onto users, that's probably a hole that needs closing.

* MoneyGram would still be able to financially profit from the combination of smart contracts and a front end, much like how Storm and Semenov did with Tornado Cash, by finding canny ways to use their control over the front end. According to the indictment, Storm and Semenov, along with others who had control over the front end, curated a list of "relayers"  third parties who provided users with bolstered privacy protection  and then extracted resources from relayers who wanted the privilege of getting on the list.

This profit motive can't help prove that Storm was engaged money laundering, says the defence, since there are many examples of criminals using "lawful tools for unlawful ends," and even though the tools' developers have "profited from that use" those developers were not punished.