Challenges to Coin Center's defence of Tornado Cash
I have reviewed the analysis of Coin Center in more detail. They have made a valuable contribution to the debate and I always trust their integrity and intention. The arguments presented by Coin Center, however, are challengeable and there is still much to discuss. I have tried to summarise some of the elements raised by Coin Center and why some of those arguments may not work.?
Essentially, Coin Center is trying to protect decentralised systems from legal enforcement. The sentiment is to ensure crypto can continue in a decentralised trajectory without having any regard as to the legal context in which it resides. That, in effect, decentralized systems are above the law and should operate with impunity.?
I know Coin Center share no sympathy for the Lazarus group and surely understand the collateral damage they have caused with stealing and pillaging from others in crypto. That is not the point. For Coin Center, this is a principle of keeping decentralized systems as neutral technologies. Adding compliance to a neutral technology takes away the ‘purity’ of the neutrality of that technology. I agree with this principle and, in a perfect world, would want to preserve that neutrality. But there is no precedent for giving a technology blanket impunity. The internet does not operate with impunity for ISPs. ISPs only benefit from conditional protection from prosecution if they comply with take down notices. We cannot reasonably expect that blockchain networks should be granted a new state of protection that ISPs do not even have the benefit of.?
Let’s look at some of the arguments presented by Coin Center in turn.??
The first argument is that Tornado Cash is both an entity and an application. Coin Center does not deny that there is an entity behind TC (TC Entity). But Coin Center states that there is an application (TC Application) that does the mixing. That application is separate from TC Entity simply because the TC Entity cannot control or update the Application. This is due to TC Application not having an administrator. In other words, the TC Application cannot be shut down.?
Basically, if TC Application was not on a blockchain it would be on server. If it was on a server it would already be shut down as part of it being added to the SDN list. But OFAC cannot shut down that application because the TC Application is running on a distributed system. Because of that it has to target the application itself in the sanctions order. This is to deter continued use of the TC Application and has the equivalent effect of going into the server room and turning off the machine.?
Coin Center then goes on to say that the TC Application should be defined as software and not a service. This is an argument to separate the TC Application again as being a tool that nobody controls. If it is software then maybe it will be out of scope. To argue this Coin Center looks at how FinCEN defines ‘mixing’. Coin Center argues that FinCEN would not define the TC Application mixer as a service but rather as software and therefore it would not be required to be registered as a money services business. This is an interesting argument. However, there is no conclusive evidence that FinCEN would consider that TC Application would not need to be registered with FinCEN. The definition provided by FinCEN regarding software is that it is exempt as it is involved in ‘trade’ not money transmission. You could interpret that as being you may purchase some software online that you install on your computer then run the software on your machine to mix your coins. The person selling you the software is involved in 'trade' not money transmission. I am not sure how that works with the TC Application. The TC Application seems like it is more of a service, you send your coins to it and it mixes the coins for you and it allows you to withdraw to another crypto wallet. It is more a service too, as to effectively use the tool you need there to be existing money in the pool to mix with - the service, in fact, invites bona fide users to deposit funds into the pool for a reward so those funds can be mixed with others. In any event, if the TC Application was run by a company then I believe even Coin Center would agree that it is involved in money transmission. It is simply because there is no well defined entity behind TC and that the TC Application operates independently of its creator. Not having a well defined entity certainly is no argument preventing registration as a MSB, as the entity can register in an unincorporated form. Cutting off the control of the application by the creator is really the only argument to divorce the entity that created the application from the application itself. That separation is clever and designed with the intent to argue that it is owned by no-one and therefore no-one is responsible for it.
Coin Center considers that the intent of sanctions is to change behavior. They advance the argument that you can’t change the behavior of a smart contract which has no administrator. That is a weak argument. The change of behavior referenced by OFAC is more a macro political interpretation. The sanctions regime is designed to ‘change the behavior’ of targeted countries. In this case the target is North Korea.
There is an analysis by Coin Center as to where OFAC derives its powers from. That analysis states its powers only come from one statute, IEEPA. The argument from Coin Center is that IEEPA covers only the blocking of ““property” and it must be property in which some foreign country or national has an interest.” Coin Center then goes on to state that TC Entity does not have a property interest in TC Application. And that the TC Entity has “no physical ability to control that application”. Then Coin Center states that the TC Application is not ‘property’. These are good arguments. But practically speaking, the property is the funds laundered or being laundered by North Korean hackers in the TC Application. The factual question is simply whether at the time of the order the TC Application contained funds of North Korean hackers. If it is true then the order should be within scope.?
领英推荐
Coin Center then looks at constitutional questions as to whether there is any basis for claiming the actions of OFAC are unconstitutional in the US. The constitutional questions are all loosely argued as they mainly abstract in nature. For example, everyone is entitled to due process and protection of their liberty and property - I think everyone would agree with such statements as principles. Let’s look at some of the purported rights infringements in turn.?
The first argument is that US persons liberty and property are being denied without due process. On liberty, American users can no longer use the TC Application and that is a restriction on their liberty. This is a poor argument as they can compliantly mix their funds to preserve their privacy by simply depositing to an Exchange and withdrawing to another crypto address.?
Then Coin Center argues that the US persons have their funds locked in the TC Application and cannot withdraw them even though they have not committed a crime. This is, without doubt, unfortunate and is part of the collateral damage of any Sanctions Order. The users can withdraw them subject to obtaining a license. Coin Center then goes on to argue that the order has been applied retrospectively to those persons and as such is unconstitutional. This is not true. If the funds were held in the TC Application at the time the order is made then the ‘freezing’ is happening at that present moment. The order does not affect the persons who have already withdrawn from the TC Application prior to the order being published. I think the main argument is whether or not these measures were broadly proportionate compared to the collateral damage resulting. When all travel to Cuba is banned then a lot of people who have family in Cuba become estranged and that is collateral damage. Shutting down the entire internet to stop North Korean cyber hacking would not be a proportionate measure compared to the collateral damage caused on industry and society. It is just a matter of proportionality. Freezing the client account of a rogue bank will have some collateral damage, as there will always be innocent users of the bank in question.?
The argument of Coin Center then focuses on the fact that normally when a bank is the subject of a freezing order there is some support provided to bona fide users for them to recover their assets. That support, Coin Center claims, is not possible due to there not being a defined organization called Tornado Cash which can liaise with OFAC on the same. The fact is there is no need to deal with any organisation. The TC Application functions as it has done before and after the Order was issued. The Order has not changed any of the technical functions of the smart contract. Therefore, the user can simply withdraw their funds from the TC Application themselves once they have sought a license from OFAC.?
A good argument of Coin Center is to state that the TC Application itself has no mechanism to remove itself from the SDN List and that, as such, this is a failure of due process. Coin Center claims that a third party cannot bring the request to OFAC but does not provide any supporting evidence. The creator of Tornado Cash could arguably bring the request to OFAC. Again the main thread of Coin Center's arguments is that by creating something that is ‘unstoppable’ that thing exists separate to the creator and is owned by no-one. That thing created has no agency, cannot be prosecuted, cannot be stopped or interfered with regardless of the consequences to others. If I create a time bomb then that too is independent of me and has no agency - it operates based on self-executing code, for Coin Center, the government has no right to defuse that explosive device. It is an absurd logic but I respect the sentiment.?
The sentiment is trying to stop a precedent being created that would allow decentralized systems to be the direct subject of legal enforcement. If so, it could lead to adding controls into crypto which would detract from the legalistic vision of censorship resistance. Also, there is an argument that has to be addressed: ISPs have safe harbors provided by law to protect against misuse of their systems. Those safe harbors are only reliable if the ISP responds to take down notice and legal enforcement. A decentralized system (as we have seen with TC) cannot respond itself to a take down notice and so, in principle, would not have a safe harbor defense. This creates significant potential exposure for decentralized systems if a precedent is established that the system can be the subject of legal enforcement. This will most likely lead to permissioned components being added to decentralised systems so that the same system can benefit from an equivalent safe harbour. The systems that balk at compliance may face marginalization as a result.?
Reference:
https://www.coincenter.org/analysis-what-is-and-what-is-not-a-sanctionable-entity-in-the-tornado-cash-case/