Tuesday, September 26, 2023

Thoughts on Privacy Pools and the law


Here's my quick first-pass take on Privacy Pools, the heir apparent to privacy tool Tornado Cash. My comments are on the legal side, and less so the technical side, although the two aren't mutually exclusive. 

I've already written a bunch of times about Tornado Cash on this blog. Financial privacy is an important topic. 

The quick story is that after attracting a few billion in criminal funds, the Tornado Cash "stack" was sanctioned by the Office of Foreign Assets Control (or OFAC, the U.S.'s sanctioning authority). Privacy Pools is the Ethereum community's attempt to offer up an olive branch to OFAC. "We know you didn't like the last attempt, but we're going to make some changes. What do you think?"

I'm fascinated with the Privacy Pools idea, which will allow users to pick and choose who they associate with, thus excluding potentially bad actors. With fewer bad actors, OFAC may be less hasty to sanction the tool. 

While in theory that sounds great, here's my worry. Privacy Pools still relies on an old Tornado Cash feature: relayers. (For this observation, I'm indebted to Jon Reiter, who wrote a useful article on Privacy Pools for Blockhead.) It also relies on a new type of third-party: association set providers or ASPs.

Relayers and association set providers are a problem, as I'll show below. And the reason has nothing to do with OFAC or sanctions law, but a set of Federal statutes against racketeering found in Chapter 95 of the U.S. criminal code.

Let's assume that Privacy Pools gets deployed and begins to successfully screen out bad actors. That'll make it an even more tempting target for dirty money seeking redemption, bad actors devoting ever more resources to sneak into the mix. Inevitably, some of them will get through and when they do, the authorities will have to find an actor in the Privacy Pools stack to blame. I suspect they'll target relayers and ASPs.

Let's start with relayers. It's likely that the authorities can show that relayers are engaged in an activity defined under a key section of U.S. racketeering law, § 1960, as "money transmission." To avoid breaking this law, relayers will need to register with the Financial Crimes Enforcement Network, or FinCEN, the U.S. government's money laundering watchdog. Registration will obligate relayers to set up an iron-clad customer identification program, which involves collecting and verifying user ID cards, as well as filing Suspicious Activity Reports (SARs) with FinCEN, thus undoing much of Privacy Pools' stated benefits.

Let's back up a sec. Who are relayers?

Doing stuff on the Ethereum blockchain requires paying a small processing fee, and these fees are visible to everyone. When a privacy seeker withdraws from Privacy Pools or Tornado Cash, this fee payment effectively reveals who the user is. To solve this problem, both systems rely on a group of third-party individuals or entities relayers to pay this fee on behalf of users, thus restoring privacy, an effort they are remunerated for. But this sounds to me like "transferring funds on behalf of the public," which is Chapter 95's definition of money transmission, which leads me to suspect that relayers can be drawn into said law's licensing and registration requirements.*

Now, I'm just a maritime lawyer, so if I suspect that relayers are money transmitters, who really cares, right? But it's not just me who is making this claim. In its recent indictment of individuals involved in the Tornado Cash stack, the Department of Justice named relayers as engaging in money transmission.

Let's move on to ASPs. With Privacy Pools, users can build unique association sets that allow them to dissociate from potential bad actors. In a recent paper, the Privacy Pools designers suggest that in practice, professional intermediaries – association set providers will emerge to set up and curate these sets. Users will in turn subscribe to whatever ASP-provided sets meet their needs.

It's inevitable that ASPs will make mistakes and let bad actors into their sets, resulting in illicit money being laundered through Privacy Pools. In response, the authorities may try to follow the same script they used for relayers and accuse a faulty ASP of being an unlicensed money transmitter. But that may not stick; unlike a relayer, an ASP doesn't actually transfer any money. The Department of Justice has more up its sleeve than that, though. They can charge faulty ASPs with breaking other laws in Chapter 95, specifically the money laundering statutes §1956 and 1957.

To avoid a potential money laundering indictment, the intermediaries that curate association sets will have to make a good faith effort to exclude bad actors. Simple blacklists derived from chain tracing tools provided by companies like Chainalysis probably won't cut it. ASPs will have to undertake the same level of customer due diligence as banks and other financial institution. That means painstakingly collecting ID, doing background checks, and more. As before, that may unravel some of the purported anonymity of the Privacy Pools system.

The fact that relayers and ASPs may face FinCEN registration requirements and/or other anti-money laundering obligations isn't necessarily a death knell for projects like Privacy Pools, but it may pose some challenges.

1) Relayers and ASPs may try to sidestep U.S. law by operating outside the U.S. and, if possible, set up their operations to exclude Americans. That means cutting off a big chunk of the world from using the tool. With fewer users, the ability of Privacy Pools to obfuscate the tracks of all its non-U.S. users will be limited.

2) Some relayers and ASPs may choose to accept American customers in a compliant way. They'll verify their users, submit reports to FinCEN, and more. But at that point an American will probably be roughly indifferent between getting privacy from Privacy Pools or Coinbase, a centralized exchange that already complies with the requirements. Any U.S. user who becomes a customer of Coinbase can deposit ether and withdraw it to a new address, thus removing the outside world's ability to track the transaction, albeit at the expense of disclosing their personal information to Coinbase. Privacy Pools would afford this same level of privacy. It would offer U.S. users privacy from the broader community, but not from the employees of a relayer or ASP.**

If Privacy Pools is only providing Coinbase-levels of privacy to Americans, what's the point?

3) Lastly, perhaps the developers can figure out now  before Privacy Pools is even deployed  how to do away with relayers while still preserving privacy, thus entirely bypassing Federal racketeering law's definition of money transmission. Or maybe they can figure out how to design the relaying system such that it falls out of the definition. 

Whether that's even possible is a technical issue that goes waaay beyond my abilities.


* Why can't other elements of the Privacy Pools stack, including the core smart contracts and the people who develop them, be pulled into being defined as money transmitters? My assumption in this post is that if the smart contracts are: 1) non-upgradeable, that is, they are set in stone from the moment they are published, 2) the developer no longer has any association with the "stack" after publishing the contracts; 3) the system is not governed by a DAO; 4) there is no stream of profits thrown off by the system; and 4) there is no token (as was the case with Tornado Cash's TORN), then it is probably less likely that the smart contracts and/or their designers would fall under the definition of a money transmitter. But I could be wrong.

** Mind you, Coinbase and a fully-compliant Privacy Pools wouldn't be perfect substitutes. Whereas Coinbase takes ownership of one's ether, thus subjecting privacy seekers to the risk of Coinbase going bankrupt, Privacy Pools is just a smart contract, and not subject to that same risk. For a sub-group of privacy seekers who worry about Coinbase going bust, FinCEN-compliant relayers and ASPs may be strictly superior to Coinbase.  

No comments:

Post a Comment