Tuesday, September 19, 2023

How did Zcash avoid getting OFAC'ed?

The 2022 sanctioning of privacy tool Tornado Cash by the Office of Foreign Assets Control (or OFAC, the U.S.'s sanctioning authority) has inspired a new privacy idea: Privacy Pools

An olive branch to OFAC, Privacy Pools will let users choose who they associate with, the idea being that proactive filtering will quickly expose bad actors who try to use the tool, and so OFAC may be less hasty to apply sanctions to Privacy Pools smart contracts. I think it's a neat idea. We'll see where it goes.

Zooko Wilcox, the creator of the original anonymous cryptocurrency, Zcash, doesn't like the notion of bending a knee to OFAC. In an interesting conversation with Vitalik Buterin, one of the creators of Privacy Pools, Wilcox argues that the Privacy Pools regulatory dance is "unnecessary" because OFAC simply doesn't have the authority to sanction a protocol to death. And he puts forward Zcash as an example of a privacy technology that coexists peacefully with OFAC. Which is a fair point. Zcash has been around for seven years now, and OFAC hasn't shut it down.

This piqued Vitalik's interest, who later on in the podcast goes on to ask Zooko why Zcash hasn't been OFAC'ed, given that it does exactly what Tornado Cash does: provide privacy.

I don't think it's a great idea for folks like Vitalik who are designing tools like Tornado Cash and Privacy Pools to take lessons from Zcash's experience with OFAC. And that's because Zcash is a very different beast than Tornado Cash/Privacy Pools. The two just don't land in the same regulatory bucket.

If you've been watching OFAC's dealings with crypto over the years, you'll notice that Zcash falls in the same OFAC bucket as other base layers like Bitcoin, Ethereum, Monero, Ripple, and more. When OFAC catches a sanctioned actor who controls an address on one of these base chains, it updates its list of sanctioned entities with the relevant address. This is how things have worked since 2018, when the first two bitcoin addresses were added to OFAC's list. But OFAC has always left the functionality of the chain itself unhindered, nor does it impinge on the ability of the chain developers to do their job by sanctioning them.

In fact, I've found a handful of Zcash addresses designated by OFAC, including one associated with the disinformation campaigns set up by recently-deceased Russian mercenary leader/oligarch Yevgeniy Prigozhin:

Source: OFAC

Here are a few more blocked addresses. But that's it. Zcash still works fine.

With the arrival of Tornado Cash/Privacy Pools, we've entered into completely new territory of smart contract-based tools built on programmable chains. How OFAC deals with these tools is going to be much more complex and tricky than how it deals with base chain addresses controlled by sanctioned entities. The Tornado Cash sanctions represent OFAC's first attempt, perhaps a clumsy one. Privacy Pools is a riposte from developers that, after being eyeballed by OFAC, might end up at a different equilibrium.

Zcash's regulatory experience just doesn't translate over to the sorts of things Vitalik is working on. It's in smart contact-space where the current evolution of OFAC's prodding of crypto is occurring, but Zcash doesn't have smart contract-based tools.

So from the perspective of a Zcasher like Zooko, it's just not necessary for him to play games with OFAC. The last five years of OFAC behavior suggests that OFAC can't and/or won't sanction Zcash-the-protocol to death, nor Bitcoin-the-protocl or Ethereum-the-protocl. 

But the fact remains that the sanctioning of Tornado Cash (which has already survived one court challenge) suggests that OFAC does seem to have the authority to enact such a ban at the emerging smart contract level. That may not be concerning to Zooko now, but one day it might be possible to build all sorts of automated tools on top of Zcash. And at that point Zcash developers may have to play the same "unnecessary" olive branch game with OFAC that Ethereum smart contract developers like Vitalik are engaged in now.


  1. Thanks for surfacing this interview, it looks great, looking forward to listening.

    I'd poke a little bit at the assertion that Zcash as a protocol is in a 'different regulatory bucket' than smart contracts on Ethereum; I don't think OFAC or the DOJ would hesitate to bring the pain, probably by focusing on the responsible persons as they did with Tornado Cash (analogous to what Treasury is doing, and IOSCO suggests in their recent Defi recommendations), if they had evidence that Zcash was enabling sanctions evasion or money laundering on the scale that Tornado Cash or the other sanctioned mixing operations have. I'd be interested in hearing more on your views there.

    'Base layer neutrality' is a nice ideal, but I am deeply skeptical that it's going to survive, precisely because of the relative geopolitical importance of KYC/AML laws. As the tech behind private transactions decentralizes further, I think the pressure on base layer participants will increase. At least in the US, there seems to be an impending collision between individual constitutional rights (e.g. the 1st and 4th Amendments), and the state's motivations for KYC/AML laws.

    1. You make a good counterpoint.

      Mind you, even Monero, which has been much more prominent when it comes to criminal activity than Zcash, hasn't been sanctioned yet (though a number of XMR addresses have been designated), nor its developers indicted, suggesting that there is some sort underlying distinction being made at OFAC between the protocol and the protocol's users.

      On the other hand, I suppose I could imagine something like an Iran-created base chain being sanctioned by OFAC. In fact, Venezuela's Petro digital currency was put on the sanctions list (https://www.federalregister.gov/documents/2018/03/21/2018-05916/taking-additional-steps-to-address-the-situation-in-venezuela) back in 2018, so I guess we've already got a first case of base layer neutrality being violated.

      Perhaps there is a distinction to be made between base layers built by already-sanctioned parties, and base layers built by non-sanctioned parties.

      As for base layer neutrality surviving, I suppose I'm more bullish. One thing that chains like Zcash, Bitcoin and Ethereum have going for them is that they attract so much mindless speculative activity and gambling that this drowns out the criminal activity. And that gives the KYC/AML police less ammo to regulate at the base layer, pushing them to other parts of the stack.