1. 10
  1. 15

    The EFF really wants a new Bernstein vs. US but this isn’t it.

    They’re essentially waiting to see if GitHub takes down Matthew Green’s copy of the Tornado Cash repository because of the OFAC sanctions. It’s not clear to me why GH should do this, and so far they haven’t. If they don’t, the main complaint of the EFF goes away.

    To me it’s quite clear that OFAC targeted the Ethereum DAO called “Tornado Cash”, by placing its endpoints on the sanctions list - not the code itself, and not the authors for the act of writing the code. The money launderers running the mixer will accept this as a cost of business. The only people complaining are cryptobros who are horrified that the government they’ve decided is incompetent and can’t stop their payments actually has done so.

    1. 5

      The money launderers running

      Its autonomous, no-one is running it.

      incompetent and can’t stop their payments actually has done so.

      Oh its still up and running just fine.

      1. 3

        Aren’t miners running it? If OFAC is sanctioning execution of Tornado Cash code, the only reasonable interpretation is that it is sanctioning Ethereum miners.

      2. 2

        I rather think that they want to test whether Github took down the original Tornado cash repositories because of OFAC sanctions. For what it’s worth, Github could’ve just stopped providing any paid for services to them and that should have satisfied OFAC, so I see it more as a test on why did Github took it down: was it just easier to them to take it all down, or were they compelled by the government to do so. The latter is what would bring some interesting questions to the table.

      3. 13

        I’m wary of this argument because it proves too much – for any given US law that bans something, the state of IOT/programmable-everything/etc. is such that it’s probably possible to write a computer program to automate doing the banned thing, and then attempt to hide behind “code is speech” arguments. And I’m fairly certain the EFF doesn’t intend to argue that effectively all US law is invalid under the First Amendment. But that’s unfortunately where the argument leads when taken to its logical conclusion.

        Plus, Tornado Cash and other cryptocurrency “mixers” have facilitating money laundering as one of their primary acknowledged-by-everyone use cases. It should be surprising to nobody that the US government eventually cracked down, and attempting to continue developing and improving the money-laundering tool under the retroactive justification of a research project doesn’t strike me as particularly principled or particularly likely to succeed.

        Or, more simply: I’m sure that to some people it would be a fascinating research project to figure out how to build better money laundering systems. But calling it a research project wouldn’t make it principled or legal to do so, and shouldn’t be a defense to enforcement of the law against the “project”.

        1. 8

          IANAL

          Publishing code to automate something is not the same as doing that something, is it?

          Is publishing a book on how to burn babies protected by the First Amendment? Is it the same as actually burning babies? I’m not asking in a moral sense. Only from the legal PoV. I’m also pretty sure burning babies is already a criminal offence.

          Likewise, Tornado might state that its primary use is money laundering but is publishing the code the same as laundering money?

          1. 4

            IANAL either

            As far as I know, such things fall under the heading “what is its most primary purpose?”. If you are publishing code clearly designed to help people break the law, you are aiding and abetting these people, and a judge would not look kindly upon you or your “free speech” defense. If you are publishing code that could be used to break the law but is also commonly used for other things, it’s fine.

            And “free speech” doesn’t cover everything, even in the USA - you can be sued for libel and slander, for example.

            1. 4

              ditto IANAL

              In the US, structuring goes out to a second order: “structure or assist in structuring, or attempt to structure or assist in structuring.” It seems to me that the argument that a machine purpose built to facilitate money laundering (which is definitionally what’s happening with Tornado, whether the input is illicit or not) is pretty well captured there.

              You need a very odd view of the world to think that putting both dirty and clean money into a box and shaking it makes the money come out clean just because you directed a computer do the shaking.

              1. 1

                Your argument is reasonable but some edge cases are still not clear.

                If I find a software vulnerability and publish a proof-of-concept exploit is that illegal because the primary purpose of the code is aiding breaking of the Computer Fraud and Abuse Act? The most obvious defense is “the code wasn’t intended to be used, just to show how it could be done” which I am morally OK with but struggle to find the tangible difference when applied to a PoC vs the baby burnomatic.

                1. 1

                  A proof of concept tends to be just that, not a weaponised point-and-click exploit that can take over a remote machine. The latter would definitely be closer to the “baby burnomatic”. This is also why traditionally, PoCs that are actually harmful to run would often contain deliberate “mistakes”, to make them not readily usable. But it’s a grey area, for sure.

            2. 5

              Plus, Tornado Cash and other cryptocurrency “mixers” have facilitating money laundering as one of their primary acknowledged-by-everyone use cases.

              I disagree. Everything is public on Ethereum, if I send you some Ether and can look at the sending address and see all of its activity. There are plenty of reason to want privacy and this is one of the best tools for privacy on Ethereum. Privacy is the primary use-case here.

              1. 5

                So why would you use blockchain to send money anonymously if blockchain is not anonymous? If you use normal bank transfer or services like paypal your activity will be hidden from general population.

                1. 3

                  l bank transfer or services like paypal

                  I prefer opensource and censorship resistances methods of sending assets. Also being able to automate things by writing smart contracts is nice ( the ecosystem is still immature though).

                  1. 2

                    Do you consider fighting money laundering a form of censorship that you want to avoid?

                    1. 2

                      This is really about the right to be able to preform an private transaction. The majority of transaction through TC where not from malicious actors. Further more the sanction law works anyone who receives money from TC is criminal liable, which is pretty crazy b/c anyone can send you funds from TC.

                      1. 2

                        This is really about the right to be able to preform an private transaction.

                        What right are you referring to? I think that you have a right to conceal your financial activity from other citizens but I don’t think you have a right to conceal it form state in all possible situations. It’s my understanding that in usa, financial entities are required by law to do various forms of reporting (see for example https://en.wikipedia.org/wiki/Bank_Secrecy_Act). I doubt that the TC entity fulfilled any of that requirements.

                        The majority of transaction through TC where not from malicious actors.

                        Yes, but at the same time ~15% of transactions volume is suspected (known?) to have been from organized crime. I don’t really see how else this could have ended if TC by its very definition is about avoiding required reporting.

                        1. 2

                          What right are you referring to?

                          I simple mean it in the colloquial sense.

                          I don’t really see how else this could have ended if TC by its very definition is about avoiding required reporting.

                          TC allowed you to generate an audit that was a proof of what address the assets came from. If an auditor requested you to prove the source of your funds you could selectively reveal to that person or entity the source. You can still do required reporting with TC without losing totally anonymity.

                          1. 1

                            Please read about required laws mentioned above. Those laws are not about you voluntarily generating some reports. Those reports should be generated without your knowledge:

                            There are also penalties for banks who disclose to its client that it has filed a SAR about the client.

                            and should contain detailed information on both ends of transactions:

                            CTRs include an individual’s bank account number, name, address, and social security number.

                            None of this is what TC can do. Mixers are by definition designed to be illegal to operate in most jurisdictions.

                            1. 2

                              Mixers are by definition designed to be illegal to operate in most jurisdictions.

                              “If a law is unjust, a man is not only right to disobey it, he is obligated to do so.”

            3. 4

              Is the only reason these same arguments don’t apply to Tor or BitTorrent because money is directly involved?

              TornadoCash is basically a VPN for financial transactions.