Friday, April 19, 2024

Thoughts on the Tornado Cash defence and what happens when everyone adopts it

Payments companies are regularly punished for engaging in money laundering. MoneyGram, for instance, has has to pay multiple fines. Western Union was famously busted in 2017. Meanwhile, Cash App is being probed as we speak for inadequate anti-money laundering controls.

In the future, these companies may have in their grasp a very simple techno-legal trick that allows them to deal with dirty money and get away with it. All they need to do is transfer their entire IT apparatus from a regular set of databases onto "immutable" smart contracts hosted on blockchains.

This, at least, is what happens when you take the arguments put forward by the Tornado Cash defence team to their logical conclusion.

If you follow this blog, you'll know I've written a lot about Tornado Cash.

Cryptocurrency isn't private; it's radically transparent. The function that Tornado Cash serves is to accept traceable crypto from users, both licit and illicit, and return it to them in untraceable format. Beginning in late 2020, a steady stream of stolen crypto began to be moved by thieves onto Tornado Cash for the purposes of obfuscation. In effect, money laundering was now occurring on the platform. But who were Tornado Cash's money launderers? More specifically, someone was to blame for helping these thieves to disguise their tracks  who was this someone?

Last August the U.S. government indicted two people involved with Tornado Cash for conspiracy to commit money laundering.  I wrote about the government's indictment here. (They were also indicted for conspiracy to evade sanctions and the operation of an unregistered money transmitting business, but that's another story.)

Roman Storm and Roman Semenov, the accused, wrote the original smart contracts for Tornado Cash and exercised a degree of control over a key website for accessing those smart contracts. The government alleges that Storm and Semenov knew that the property being transferred to Tornado Cash was criminally derived, and that they also knew that the hackers wanted to disguise its source. Yet the duo conducted the financial transactions anyways. These three elements knowledge, the conducting of financial transactions, and the presence of unlawful money  are key ingredients to building a money laundering charge. (See specifically 18 U.S.C. § 1956(a)(1)B(i).)

Last week the defence lawyers for one of the accused parties, Roman Storm, filed a motion to dismiss the case, giving observers some initial insights into what arguments will be used to try and beat the government's money laundering charge. As I'll show, assuming these arguments are right, then a big chunk of the existing payments system has a fool proof plan for avoiding money laundering laws.

The distinction between the Tornado Cash front end and the actual Tornado Cash smart contracts looms large in the case, so let's touch on that briefly. The smart contracts are bits of code that reside directly on the Ethereum blockchain. This code allows users to deposit their trackable crypto to a pool along with many other users and then withdraw it, obfuscated. A front end, by contrast, is a regular website that allows users to interact with the smart contracts, and is hosted through a normal internet provider .

While users are free to interact directly with the Tornado Cash code, the most popular way to access Tornado was allegedly via the intermediation of the main website that was under the control of Storm and his colleagues.

The key argument made by Storm's lawyers is that the accused are not subject to the money laundering statutes because the money laundering statutes only apply to people who "conduct" what are defined as "financial transactions," and Storm did not conduct financial transactions.

The defence says that in order to show that someone was conducting a financial transaction it must be the case that control was exercised by that person over the actual criminally-derived funds. Storm may have had some control over the front end, but the defence claims this doesn't really matter because the front end itself did not exercise any control over the proceeds. "It did not access the funds directly," the lawyers argue. "It merely provided an interface to permit a user to interact with the smart contracts."  

As for the smart contracts, Storm clearly had no control over them. He had relinquished control back in May 2020, when a trusted setup ceremony ensured that no further changes could be made to the code. At that point, the smart contracts worked automatically. Bad actors only discovered Tornado Cash several months after the ceremony, at which time Storm had long gone. Furthermore, the smart contracts didn't actually control the funds, say Storm's lawyers, it was users of Tornado Cash who controlled the funds within the pool.

So, there you have it. The government's money laundering charge against Storm and Semenov requires locating a person or institution who is in control of the dirty funds and conducts financial transactions with them, says the defence. But it isn't the accused who exercised this control, it is the users who did so, via the intermediation of a set of financial automatons, the smart contracts.

For the philosophically crypto-pilled, the defence's arguments will make sense, since according to this view crypto is a revolutionary force for good, one destined to "break" what they see as a corrupt and old-fashioned financial system. For this breaking to happen, crypto shouldn't be forced to conform to the same old laws as stodgy payments companies like Western Union. New laws, or new ways of looking at old laws, should be shaped around crypto.

But to the non-crypto pilled, a successful defence of Storm and Semenov is quite concerning. As described by Bruce Schneier and Henry Farrel, it could potentially mean that anyone who wants to facilitate illegal activities would have a strong incentive to copy Tornado Cash, effectively turning their operation into a "golem"  a deathless artificial being run on smart contracts  and then throwing away the keys to avoid the law.

More specifically, by shifting their entire IT infrastructure over to smart contracts or some other equivalent automaton, payments institutions like MoneyGram that are currently subject to the money laundering statutes (and have already been punished under them several times) might be able to avoid future prosecution. If criminals start using the autonomous MoneyGram robot to make payments, MoneyGram can simply say: "The robot allowed them to do it, not us!" As for the official MoneyGram front end, even if the mob becomes a happy customer MoneyGram needn't worry since the front end is nothing but a filmy gauze between users and the autonomous robot, the company never actually controlling the funds (although according to the Tornado Cash lawyers the front end can continue to safely generate a profit for its owners!)*

The money laundering statutes  18 U.S.C. § 1956 and § 1957  are two of democratic society's key legal bulwarks against criminal behaviour. In a world in which the Tornado Cash defence prevails and payments companies adopt it as a techno-legal shield against money laundering charges, 1956 and 1957 become much less effective  and not because we decided to soften them via a democratic process, but because financial institutions found sneaky ways to get around the rules.

Mind you, the money laundering statutes wouldn't disappear entirely. The Tornado Cash defence's point is not that there is *no* money launderer. Rather, their argument is that it is the users of Tornado Cash, the public, who had "exclusive control," and not Storm and Semenov, so the latter duo aren't the guilty parties. Taking this control theory further, if the government wants to charge anyone with money laundering, it should probably be trying to target folks like Vitalik Buterin, a member of the public who regularly put his funds into Tornado Cash and thus potentially participated in the concealment of unlawful proceeds deposited by criminals.

What a dangerous financial tool to make available to the public!

Right now, I can safely transfer $1000 to Western Union without having to worry about commingling my $1000 with a criminal and thus facing a potential money laundering charge. The company takes on that liability for me. But if Western Union stops performing this legal responsibility by building financial automatons to which everyone has open access, both good and bad actors, then I am suddenly at risk of being a counterparty to criminals when I transfer $1000 to Western Union, and that could turn me into a money launderer. Money launderers can face up to 20 years in prison.

For users, a Western Union transfer suddenly becomes the financial equivalent of handling nuclear waste or operating a five-story crane. It's a task most people can't, and shouldn't, handle. Given the inherent legal risks, it's possible that the market will never widely adopt financial services delivered in the form of robots or golems or immutable smart contracts, preferring to stick with the traditional safe intermediaries who take on the burden of compliance. Or not?

Storm's lawyers may win this particular case. Their logic certainly seems sound, but I'm no lawyer. If so, there's a good argument to be made for lawmakers to consider modifying the definitions of words like "conducting" and "financial transactions" found under the money laundering statutes to prevent future efforts to use the Tornado Cash techno-legal trick. If  by merely swapping the technology used to deliver financial services a payments institution can suddenly avoid the law and offload legal responsibility onto users, that's probably a hole that needs closing.

* MoneyGram would still be able to financially profit from the combination of smart contracts and a front end, much like how Storm and Semenov did with Tornado Cash, by finding canny ways to use their control over the front end. According to the indictment, Storm and Semenov, along with others who had control over the front end, curated a list of "relayers"  third parties who provided users with bolstered privacy protection  and then extracted resources from relayers who wanted the privilege of getting on the list.

This profit motive can't help prove that Storm was engaged money laundering, says the defence, since there are many examples of criminals using "lawful tools for unlawful ends," and even though the tools' developers have "profited from that use" those developers were not punished.

Thursday, April 11, 2024

Why I'm in favor of financial illiteracy

I'm not a fan of mandatory investor education classes. The issue was brought up recently by former chair of FDIC, Sheila Bair, who sees early financial education as ways to stop future FTX-style disasters.

The model of finance I've been using for many years is the fairly dismal dark forest model. The financial industry is a shadowy forest full of sly foxes waiting to prey on retail investors. The list of sly foxes is long: all sorts of Samuel Bankman-Frieds, IRS scammers, internet ponzi schemers, stock con-artists, bankers hocking high-fee products, fly-by-night gold mine promoters, and shady crypto platforms. It's truly horrifying out there.

So why not implement mandatory high school financial literacy classes to upgrade the retail class's defences against this dark forest?

My first concern is that high school students can only absorb so much. Mandatory financial literacy classes will inevitably come at the expense of learning other very important things like math, writing, and science, which are at the base of so many vital disciplines.

Second, while I'm sure financial literacy classes might help a bit to protect us against the dark forest, I don't think they'll do much. The prototypical retail investor's single biggest weakness is that we are all incredibly busy people. As we rush through the dark forest we simply don't have enough time to familiarize ourselves with its many arcana. This incapacity to pay sufficient attention makes us easy pickings, no matter whether we've had a few financial literacy classes or not.  

The dark forest preys not only on our rushed lives, but also our need to keep up with the Joneses, our precarious and stressful financial situations, and our worries for loved ones. I'm just not convinced that a few years of high-school financial literacy classes will release us from these eternal and very-exploitable emotions.

Luckily, we have two other major defences against the dark forest: the competitive market and the government.

The government can make the dark forest safer by flushing out bad actors and pushing fraudsters to the nether regions, then nudging us retail investors towards the parts made safe. It does so by regulation, standard investor protections, licensing requirements, and through law enforcement and the court system.

As for the market, its competitive nature gives rise to a class of trained and experienced financial professionals who are generally equipped to lead retail investors through the dark forest.

If we get these two defences right, then we can afford ourselves a great luxury: a retail investor class that gets to remain relatively ignorant of finance while being safe in its ignorance. This ignorance is a thing of beauty. Instead of folks having to waste time and energy learning about the forest's fox population, its patois, and its dangerous pathways, they can focus on their own very busy lives, families, studies, hobbies, and careers. That's what we want them to do. We don't want a world where the average person needs to give up an hour or two each week slogging through financial literacy 101. We want them to blithely use financial products and take for granted they will be safe, and then get on with more important things.

Alas, if we get these two defences wrong, then we get disasters like Sam Bankman-Fried's FTX, which destroyed the financial lives of thousands of innocent retail investors. 

What happened with FTX? In the case of FTX's offshore exchange, there was a complete absence of government regulation. Not so FTX's US arm. Alas, FTX-US operated under a bare-bones regulatory framework courtesy of state licensing boards, which are simply not appropriate for overseeing a trading venue like FTX, and are more equipped for watching over remittance companies like Western Union. (See my article Let's stop regulating crypto exchanges like Western Union.) This was the dark forest at its darkest.

To see how see this first line of defence can be properly deployed, take a look at what happened in Japan when FTX collapsed. FTX's Japanese customers were made 100% whole a few months after the debacle. (American ones are still waiting). That's because Japan got things right and forced FTX Japan to adopt appropriate regulation, effectively preventing the sly fox Bankman-Fried from preying on Japanese citizens. (See my article Six reasons why FTX Japan survived while the rest of FTX burned.) 

The second defence against predators like Sam Bankman-Fried, a market-supplied legion of trained and experience financial professionals, was lacking, too, since stuff like dogecoin and dogwifhat is outside the ambit of the financial professional class, and deservedly so. Had seasoned institutional investors and other financial professionals been operating in the sector, they would have used their training to suss out the FTX fraud much earlier, guiding folks away to safer exchanges.

The two defences entirely lacking, the result was a wave of innocent retail investors left free to venture into into the dark forest. But mandatory financial literacy classes don't fix this. Government regulation and elite financial professionals do.