The next chapter in the Tornado Cash saga just dropped. Last week a court ruled last that Tornado Cash, a bot that can be used for obfuscating crypto, is safe from being sanctioned.
I first wrote about Tornado Cash in 2021, before its legal troubles began, warning of the risks ahead. I've been tracking Tornado's legal saga since then. (See here | here | here ). The saga serves as a bellwether for how financial services hosted on blockchains are to be sliced and diced under existing laws, in particular the crucial anti-money laundering statutes and sanctions laws. More generally it foreshadows how autonomous techno-beings, many of which don't yet exist, are to be treated by the law.
In the newest chapter of the saga, a court ruled that America's sanctions authority, the U.S. Treasury's Office of Foreign Assets Control (OFAC), does not have the authority to sanction a certain type of smart contract, or string of autonomous code, that undergirds Tornado Cash: its so-called immutable contracts.
Recall that in August 2022, OFAC sanctioned Tornado Cash, which accepts traceable crypto from users and returns it in untraceable format. Tornado had been used by the sanctioned North Korean hacker group Lazarus to obfuscate its financial tracks. OFAC listed Tornado Cash's website tornado.cash along with 53 Ethereum addresses.
The sanctions were relatively effective. Americans could no longer use the bot without risking fines or imprisonment. Those who had funds deposited in Tornado had to ask OFAC for special permission to withdraw them. In the months after the sanctions were announced, usage of the privacy bot plunged and the amount of crypto deposited fell by over half.
After two different sets of plaintiffs challenged OFAC's actions in court, the appeals court in one of the cases returned a verdict last week. An immutable smart contract is "unownable, uncontrollable, and unchangeable—even by its creators," and therefore it doesn't qualify as property. Because OFAC's sanctioning power is limited to that which is property, it follows that OFAC cannot sanction immutable smart contracts.
This not-property ruling only applies to twenty immutable Tornado Cash contracts that were on OFAC's sanctions list. Tornado's mutable contracts, those that can be controlled and changed, remain property—and thus can stay on the list of sanctioned contracts. Unless OFAC wins on appeal, it will presumably have to unsanction those twenty immutable contracts.
Now, it's possible that as long as the remaining sanctioned mutable contracts are crucial to the functioning of the Tornado Cash bot, the revised sanctions blacklist will still have an effect. And if OFAC adds other key mutable Tornado Cash smart contracts to its list (say like the contracts allowing governance, which for some reason were not originally sanctioned), American users will continue to steer clear of Tornado Cash, the bot's anonymizing capacities remaining lower than otherwise, thus diminishing its ability to serve North Korean interests.
But if not, what can OFAC do?
Sanction users, not code
I've already done a bit of digging on this question. In response to the sanctions, I wrote an article in late 2022 entitled: How to stop illegal activity on Tornado Cash (without using sanctions) The gist was to explore alternative tools for countering illicit activity on Tornado rather than the blunt tool of sanctioning its actual smart contracts. What I suggested was to apply pressure to the users of the smart contracts. "Rather than punishing code, penalize the people who use the code."
The logic goes like this. Any user who deposits crypto to Tornado Cash, even someone with clean crypto, is providing North Korea with prohibited financial services, the Tornado bot being the means by which the two sides are connecting as counterparties. Whether intentional or not, a user's deposits broaden the anonymity set of Tornado Cash, or its ability to obfuscate larger amounts of illicit funds sourced from sanctioned counterparties like Lazarus.
Think of it as sanctioned North Korean users passing on sanctions taint to all other Tornado Cash users by virtue of everyone interacting via the same bot, Tornado Cash. This taint spreads to those who deposited their crypto (clean or dirty) to Tornado at the same time as Lazarus and/or those who have continued to deposit to it in light of the known fact that the North Korean group regularly deposits stolen funds to the platform.
OFAC issues a public alert stating that any foreigner can and will be sanctioned if their funds interact with North Korean funds on Tornado Cash. In response, some foreign users will risk being designated and continue to engage with Tornado. Many will not. As for U.S. users, OFAC can threaten them with potential civil monetary penalties if they aid North Korea using Tornado as their a tool. A $10,000 fine for interacting with sanctioned North Korean actors via the Tornado Cash bot will probably discourage most usage.
Another core set of Tornado Cash users who OFAC has legal leverage over are the relayers—real life individuals who provide an extra layer of privacy to Tornado Cash users. (I explain here why relayers are necessary for full privacy). OFAC can threaten foreign relayers with sanctions and U.S.-based relayers with civil monetary penalties.
Pressuring these various groups of users won't stop Tornado Cash code from functioning, but it will certainly constrain the activity it facilitates, and thus make it harder for North Korea to anonymize its funds. And it is consistent with the court's not-property ruling because users, not contracts, are being targeted.
I'm not saying that OFAC will follow this playbook, or that it should, but it certainly is an option. There is another route, though, and that is to go to Congress and ask for the ability to put sanctions on immutable entities.
More broadly, Tornado Cash may just be the first in an emerging population of unownable and uncontrollable techno-beings—bots, machines, drones, androids, AI agents, automatons, and golems—that operate independently of human control, many of which will end up doing very dangerous things. Society may want the legal ability to protect its members from these immutable contraptions, including by sanctioning them.
For instance, imagine the following scenario...
A Russian AI-guided assassin bot
If a Russian assassin is regularly poisoning people (including U.S. citizens) for criticizing Putin, OFAC can sanction that assassin, thus preventing any American entity from dealing with him and blocking all of his accounts, his car, and his interests in various companies. That might not stop the assassin, but it'll make his job more difficult. In doing so, OFAC is simply fulfilling its mandate to use its sanctioning powers to protect Americans.
Say the assassin creates an artificial intelligence and imbues it with all of his assassin's lore, providing it with an artificial body and then throwing away the keys, rendering the robot immutable. The court's recent not-property ruling suggests that while OFAC can ably defend Americans from the flesh and blood assassin, it cannot protect them from the assassin's immutable killing robot—even though the robot performs the precise same killing function as the living assassin using the exact same techniques.
This is obviously an incongruity, one that seems like it should be fixed. Or is there a specific reason why we should provide legal safe harbor to all unownable and uncontrollable techno-beings? Feel free to explain in the comments.
In any case, OFAC's efforts to apply its national security mandate to Tornado Cash are probably not over. Let's see how it responds. Some sort of resolution is important because we are still in the early stages of being inundated with self-guided autonomous agents.
yeah. I think it's instructive that the written opinion implicitly framed this as a call to Congress to fix an oversight. This new class of decentralized-execution-golems may not be "property" at law but that doesn't mean it isn't a worthy target.
ReplyDeleteI think your proposed alternative - sanctioning users - is interesting. it is better than sanctioning other participants, i.e. participants in the execution or consensus layers. it is much more clearly within existing authority. It also rests on the fundamentally true observation, which I first grokked here, that if you contribute to the privacy set, you contribute to the crimes happening therein (whether or not you can zk-prove your own independent standing, sorry, Privacy Pools).
IMO at a policy level the tradfi financial crime and fraud power-law approach of 'get rid of the worst; know some will get through despite your efforts' is the appropriate one here. There are very important arguments for financial privacy, but I can't think of many that involve being able to launder millions of dollars. crypto will need different tactics than tradfi, because in crypto the marginal cost of a new identity is roughly zero, but there's a clear need. I expect solutions to emerge.
Thanks for sharing. I agree, am not a fan of consensus layer sanctioning but I suppose it's a last-case option. Lots of questions about whether it would actually work, too.
Delete" I expect solutions to emerge."
Any thoughts on what these will look like?
A few thoughts: I expect at least some of the anti-Sybil strategies employed to attempt fairer airdrops will transfer. I expect some of the more advanced analytics methods employed by firms like Chainalysis may transfer, if they can be either bought or built independently. Finally, proof-of-human tools like World might eventually serve, or be paired with some variety of association-set attestation as described by Privacy Pools. Am sure there are other things happening here too - would love to connect with anyone building in this space.
DeleteI like the Privacy Pools association set idea too. It gives OFAC the option of sanctioning only those associate set providers who allow bad actors into the mix while leaving more diligent association set providers free to continue doing their work. It's a very finely grained method of exerting control, one that doesn't sacrifice the entire system.
DeleteWhen you talk of sanctioning users rather than sanctioning code, how would that work for a fully base layer obfuscated chain like Monero? Here there is no specific service that any user needs to use for availing privacy. And since the chain has privacy by default and unoptional, it's also not possible to single out any subset of Monero users as contributing to the privacy set. Unless your logic stretches to suggesting that a sanction should apply to any user who interacts with the Monero blockchain at all in any manner.
ReplyDeleteIn practice OFAC has been dealing with Monero by sanctioning users and their XMR addresses. Last time I checked three XMR addresses had been designated. I confess that I don't know enough about Monero to know if this is useful, but I suspect not.
DeleteThat's completely pointless. Addresses and amounts are completely opaque on the monero blockchain. There is no possible way for a receiver to know that they are receiving monero from a sanctioned address. Nor can OFAC ever determine whether the sanctioned addresses have transacted.
Delete