The 2022 sanctioning of privacy tool Tornado Cash by the Office of Foreign Assets Control (or OFAC, the U.S.'s sanctioning authority) has inspired a new privacy idea: Privacy Pools.
An olive branch to OFAC, Privacy Pools will let users choose who they associate with, the idea being that proactive filtering will quickly expose bad actors who try to use the tool, and so OFAC may be less hasty to apply sanctions to Privacy Pools smart contracts. I think it's a neat idea. We'll see where it goes.
Zooko Wilcox, the creator of the original anonymous cryptocurrency, Zcash, doesn't like the notion of bending a knee to OFAC. In an interesting conversation with Vitalik Buterin, one of the creators of Privacy Pools, Wilcox argues that the Privacy Pools regulatory dance is "unnecessary" because OFAC simply doesn't have the authority to sanction a protocol to death. And he puts forward Zcash as an example of a privacy technology that coexists peacefully with OFAC. Which is a fair point. Zcash has been around for seven years now, and OFAC hasn't shut it down.
This piqued Vitalik's interest, who later on in the podcast goes on to ask Zooko why Zcash hasn't been OFAC'ed, given that it does exactly what Tornado Cash does: provide privacy.
I don't think it's a great idea for folks like Vitalik who are designing tools like Tornado Cash and Privacy Pools to take lessons from Zcash's experience with OFAC. And that's because Zcash is a very different beast than Tornado Cash/Privacy Pools. The two just don't land in the same regulatory bucket.
If you've been watching OFAC's dealings with crypto over the years, you'll notice that Zcash falls in the same OFAC bucket as other base layers like Bitcoin, Ethereum, Monero, Ripple, and more. When OFAC catches a sanctioned actor who controls an address on one of these base chains, it updates its list of sanctioned entities with the relevant address. This is how things have worked since 2018, when the first two bitcoin addresses were added to OFAC's list. But OFAC has always left the functionality of the chain itself unhindered, nor does it impinge on the ability of the chain developers to do their job by sanctioning them.
In fact, I've found a handful of Zcash addresses designated by OFAC, including one associated with the disinformation campaigns set up by recently-deceased Russian mercenary leader/oligarch Yevgeniy Prigozhin:
Here are a few more blocked addresses. But that's it. Zcash still works fine.
With the arrival of Tornado Cash/Privacy Pools, we've entered into completely new territory of smart contract-based tools built on programmable chains. How OFAC deals with these tools is going to be much more complex and tricky than how it deals with base chain addresses controlled by sanctioned entities. The Tornado Cash sanctions represent OFAC's first attempt, perhaps a clumsy one. Privacy Pools is a riposte from developers that, after being eyeballed by OFAC, might end up at a different equilibrium.
Zcash's regulatory experience just doesn't translate over to the sorts of things Vitalik is working on. It's in smart contact-space where the current evolution of OFAC's prodding of crypto is occurring, but Zcash doesn't have smart contract-based tools.
So from the perspective of a Zcasher like Zooko, it's just not necessary for him to play games with OFAC. The last five years of OFAC behavior suggests that OFAC can't and/or won't sanction Zcash-the-protocol to death, nor Bitcoin-the-protocl or Ethereum-the-protocl.
But the fact remains that the sanctioning of Tornado Cash (which has already survived one court challenge) suggests that OFAC does seem to have the authority to enact such a ban at the emerging smart contract level. That may not be concerning to Zooko now, but one day it might be possible to build all sorts of automated tools on top of Zcash. And at that point Zcash developers may have to play the same "unnecessary" olive branch game with OFAC that Ethereum smart contract developers like Vitalik are engaged in now.