|
Crypto enthusiasts protest the trial of Alexey Pertsev
|
As the multiple Tornado Cash legal cases wend their way through courts in the Netherlands and the U.S., we continue to learn how society's money laundering laws will be applied to some of the more unique financial entities being created on the new technological medium of blockchains.
Last month Alexey Pertsev, a co-creator and co-administrator of privacy platform Tornado Cash, was found guilty of money laundering by a Dutch court. (The full decision translated into English is here). Meanwhile, Roman Storm and Roman Semenov, Pertsev's colleagues, are under indictment in the U.S. for engaging in money laundering, among other charges. Separately, Tornado Cash continues to be sanctioned by the U.S. Treasury.
In general, I think a guilty verdict is the right decision. It would have been dangerous to find Pertsev innocent, since to do so would have given all sorts of hardened money launderers – the mob, drug lords, and terrorist networks – the perfect techno-legal loophole for avoiding future money laundering charge. Shifts in the underlying technology used for disguising dirty money should not be enough to turn a crime into a non-crime.
Before I get into my reasoning, here's some context for people who are new to the issue of Tornado Cash.
Tornado Cash was introduced by Pertsev, Storm, and Semenov in 2019 as a means for crypto users to enjoy privacy, but it wasn't long before thieves and hackers began to regularly deposit large amounts of stolen crypto into the utility to be obfuscated. This was plain as day to anyone who was watching. Blockchains are radically transparent (that's why privacy tools like Tornado are needed) which meant that everyone could watch in real-time as criminal trails converged on Tornado Cash.
Court cases in both the U.S. and the Netherlands reveal that Pertsev and his colleagues were well-aware that illicit activity passing through Tornado, yet they continued to work on the utility anyways. This is important because possessing a "knowing" state-of-mind is a key ingredient to being found guilty of money laundering. If he had had no idea that the money being disguised was dirty, Pertsev could not have been charged in the first place.
Criminals were not the only users of Tornado. Licit actors who wanted privacy also deposited funds into the entity, including Ethereum co-creator Vitalik Buterin. But the presence of good transactions amongst the bad ones doesn't dilute the seriousness of the alleged crime. All it takes to trigger a money laundering charge is a few dirty transactions. "C'mon! 82% of the money was licit!" is no alibi.
Tornado Cash is by no means the crypto economy's first privacy platform. The original generation of privacy tools, so called "mixers" or "tumblers," began to emerge in the early 2010s with the likes of ChipMixer, Helix, Bitcoin Fog, Sinbad, and Blender. Anyone who required anonymity could send their bitcoins to the platform owner, who would proceed to commingle, or "mix," all incoming bitcoins in a single address under their control, thus rendering them untraceable. After some time had passed, the platform owner manually re-sent the now obfuscated bitcoins to their original sender, less a fee.
Like Tornado Cash, the first generation of privacy utilities was used by both criminals and regular folks seeking privacy. None of these original mixers have had happy endings. The owners of Bitcoin Fog and Helix, Roman Sterlingov and Larry Harmon, were both found guilty of money laundering and are currently serving jail sentences. Minh Nguyen, the administrator of ChipMixer, has been indicted for money laundering and is on the FBI's most wanted cyber list. Blender and Sinbad have both been sanctioned by the U.S. government.
By any legal standard, these bad endings were well-deserved. They may have been technological novelties, but ChipMixer, Helix, Bitcoin Fog, Sinbad, and Blender were very much text-book examples of money laundering. The owners of these entities knew that some of the transactions they were participating in involved proceeds derived from criminal sources, yet despite this knowledge they proceeded to disguise them anyways. The only thing new about Helix and the other first generation mixers was the medium they were disguising
– bitcoin instead of cash or deposits.
And so professional mixers like Harmon and Nguyen join a long line of traditional money launderers
– dirty bankers, drug cash couriers, crooked remittance shop owners, and hawala operators. The law shouldn't be fooled by technological novelty, and in the case of the first generation of mixers, it wasn't.
That these were textbook cases of money laundering isn't disputed by the crypto community. Crypto advocates are a vocal bunch, and while they have loudly voiced their complaints about the legal action taken against Tornado Cash, they have for the most part quietly accepted the punishments meted out to the first generation privacy platforms. A legal fundraiser to support the Tornado Cash accused, for instance, has raised
hundreds of thousands of dollars; there have been no equivalent efforts to raise a legal defence for Harmon, Sterlingov, or Nguyen. Crypto lobbyists have gone to war for Tornado Cash by
launching court appeals and filing amicus briefs in its support. But when it comes to defending the Bitcoin Fog or Helix operators, or challenging the government's sanctioning of Sinbad and Blender
– crickets.
The Tornado Cash legal cases have been more controversial than those of the first generation mixers thanks to a technical innovation in Tornado's construction. Most of us would consider this to be a relatively obscure change, but crypto enthusiasts see it as a defining one.
Harmon and his counterparts controlled their platforms outright, taking possession of the dirty crypto before manually sending it back to criminals in disguised form. Not so Tornado Cash. When it was built, a layer of automation was inserted between Tornado Cash's users and Pertsev and his colleagues.
Instead of sending their crypto to wallets controlled by the trio, as users did with Helix, crypto was now deposited by users into a set of automated pools. These pools were not managed on an ongoing basis by Pertsev and his colleagues. Rather, they were built using fully automated code on the Ethereum blockchain. Originally co-created by Pertsev in 2019, this code was frozen in time by the designers in early 2020, at which point it could no longer be upgraded or changed by anyone, even Pertsev. To this day the pools continue to operate, even though the Tornado Cash creators are either jailed or under indictment.
Other parts of the Tornado Cash platform are not so set-in-stone and remained under the control of Pertsev and his colleagues throughout. This includes the main website by which users accessed the automated pools, which was regularly upgraded over time, as well as the relayer service. (A relayer is a way to guarantee the privacy of Tornado Cash users). Pertsev and his colleagues profited from their ongoing control over the website and relayers.
The lawyers for Pertsev, Storm, and Semenov have argued that this layer of automated code exonerates the trio of money laundering. After all, if they no longer control what the utility is doing, then how can they be said to be operating a money laundering enterprise? The lawyers also argue that as writers of code, Pertsev, Storm, and Semenov are protected by speech laws, much like an author who has written a book. It is the code-is-speech claim that has particularity riled up the crypto community.
I don't like the idea of someone being sent to jail, but I think it's a good thing that the Dutch court chose not to accept these arguments.
Using go-betweens is a time-tested criminal strategy for distancing oneself from the crime. In more conventional money laundering operations, this strategy might involve separating the leader of a cash laundering operation from the actual dirty cash with a layer of underlings. In the age of crypto, no need to use living human underlings; just insert a buffer of unliving code.
But the law shouldn't be fooled by artificial distances between a launderer and dirty money, whether those intervening layers be living people or code.
Allowing a buffer of automated code to absolve folks like Pertsev of money laundering would make it much easier to be a professional money launderer. Bad actors like Harmon and Sterlingov who have already been deemed by the courts to be criminals would suddenly have the perfect
techno-legal loophole at their disposal if they decide to reengage in crypto laundering once their jail terms are up. Instead of manually running their operations as before, Harmon an Sterlingov could insert a mute layer of automated code between them and their illicit clients, their criminal mixing no longer being a crime.
But this would be an absurd state of affairs. A simple technological change to the way a criminal mixer administers their back office shouldn't convert them into a non-criminal.
The danger of the
"it was the code that did it" defence extends beyond the crypto economy. In the much-larger traditional economy, laundering physical cash is a relatively common criminal profession. Take the fictional example of Marty Byrde, the star of Ozark. If the Tornado Cash defence were to be accepted in a court of law, then Byrde need only program a set of self-operating cash-handling robots to do most of his tasks for him, and he can get away scot-free. "I don't exercise any control over the packages of cash, your honor. The robots did!"
Or take the example of drug cash couriers, who run the risk of being convicted for money laundering when they move cash across the U.S.-Mexico border. Taking a cue from Tornado Cash, if a courier were to deploy an autonomous fleet of AI-powered drones instead, then when charged with a money laundering offence he or she need only invoke the now-standard defence: "it was the drones who controlled the cash, not me."
Taken to an extreme, the Tornado Cash defence means that money laundering effectively ceases to exist as a crime. All the culpability shifts onto the undead intermediaries, which can't be punished. This eclipsing of money laundering laws would be unfortunate. Professional money laundering is a key sector within the broader criminal economy, greasing the wheels for the entire enterprise. Without any legal defences against launderers, we are all much more vulnerable to crime-in-general.
In what follows, I want to provide a historical example of how the law
should act when confronted with the changing tactics and technologies of money launderers.
Money laundering is a relatively new crime, but it has a much older predecessor in the crime of
fencing, also known as
receiving. The laws against fencing and money laundering are similar, the idea being to punish not the original criminals but the third-parties who knowingly participate in the crime by accepting dirty proceeds.
Any thief runs a big risk of being caught with stolen goods. At some point in the middle ages, specialized intermediaries, or fences, emerged to absorb this risk by accepting stolen property from professional thieves and redistributing it. Thieves could now offload their goods much quicker, thereby achieving a degree of safe harbor. For their part the fences themselves were safe from prosecution. After all, they hadn't committed the original theft, and accepting stolen property was not a crime.
The addition of specialized wholesalers to the thievery production process helped drive a rise in the incidence of theft, according to historian
Rictor Norton. To close this loophole, fencing was criminalized in England in 1692. For the first time, a third-party who knowingly accepted stolen goods could be punished as an accessory to the original theft. The business of reselling hot property, risk-free until then, suddenly became much more dangerous.
The illegal fencing market quickly evolved new tactics. Enter Jonathan Wild, an incredibly successful launderer of stolen goods who, by the mid 1710s, is said to have been the "undisputed leader in the fencing business of London," according to marketing professor
Ronald Hill. Wild evaded the 1692 anti-fencing law by never himself handling stolen property. Instead, he acted as an early version of Craigslist, but for stolen objects. He arm-twisted all of London's thieves to secretly report any robbery immediately to him, asking them to retain possession until he contacted them. At the same time, the unfortunate victims of those thefts were encouraged to approach Wild with requests to help locate their missing property.
Once Wild knew who was at both ends of a theft, he would pay the thief and tell him to return the goods to the victim using an anonymous porter. The happy victim got their stolen goods back, paying Wild a large reward for his troubles.
With Wild running circles around the law, Parliament passed an additional anti-fencing law in 1718 that punished anyone who took a reward under the pretence of helping a victim of theft, without actually prosecuting the original felon. In 1725, Wild was apprehended, tried, and condemned to death on the basis of this statute.
|
A gallows ticket to view the hanging of Jonathan Wild (Wikipedia)
|
Now, a death sentence is extreme. But this is a good example of the law
staying hip to both the changing technology of theft and its evolving
division of labour. As the profession began to be subdivided into specialist
thieves and an emerging class of allied wholesalers of stolen goods,
lawmakers recognized that wholesaling was really just an appendage
of theft, and thus fencing was criminalized. Later on, when fences like
Wild adapted with new methods, the law kept up by finding
additional means to reach fencing operations.
With Tornado Cash,
we are at a "Jonathan Wild" stage of the modern money laundering profession's
development. Control of dirty proceeds is being shifted to autonomous
intermediaries so that the perpetrators can avoid prosecution. Much like
how the law adapted in the 1700s to encompass Wild's tactics of distancing himself from dirty property, it will have to do the same with money
launderers who use crypto code, autonomous robots, or AI drones to
dissociate themselves. While I don't enjoy the idea of anyone spending
time in jail, finding Pertsev guilty is part of that process.
Unlike Jonathan Wild, who was a criminal mastermind, Alexey Pertsev and colleagues seem to have bungled into the crime partly out of an ideological commitment to crypto ethics, the wider community unhelpfully egging him on. That doesn't mean he's not guilty, but it does suggest a lighter sentence than the 64-month one he received might be appropriate.
I've been arguing throughout this article that money laundering law should extend to innovative financial entities created on blockchains, such as Tornado Cash. I want to close by pushing back on this a bit.
A guilty verdict for Pertsev and his colleagues should not be tantamount to a ban the creation of autonomous financial institutions, particularly those focused on privacy. If a coder wants to create an open privacy mechanism for crypto, promote it, and financially profit from it, I think that he or she should have the right to do so, subject to the following condition. The code needs to include a component that screens out dirty crypto – and this filter shouldn't be a sham attempt, it has to be a genuine effort.
While I think the law got it right in this instance, shame on lawmakers and law enforcement if they don't accommodate future generations of code-based entities (and their creators) that actually do make good faith efforts to freeze out dirty money.