Cryptocurrency platform Tornado Cash has been placed on the US Treasury Department’s blacklist known as SDN (Specially Designated Nationals) list, operated by the Office of Foreign Assets Control (OFAC), for allegedly being responsible for laundering billions of dollars worth of cryptocurrencies.
On Monday, OFAC announced the decision, which means US residents are prohibited from using the Tornado Cash site and the 44 USD Coin (USDC) and Ether (ETH) addresses that have been added to the SDN list.
Normally, OFAC’s list deals with sanctioning and barring from the US financial system persons for their involvement in terrorism, crimes like drug trafficking, or countries designated as enemy states.
But while announcing the inclusion of Tornado Cash and the 40+ addresses on the list, US officials would not comment when asked if they thought Tornado Cash was linked with a foreign government, nor is the Treasury’s move targeting an individual or persons behind the site or the addresses.
Instead, OFAC alleges that money taken by North Korean hackers Lazarus Group and during the Harmony Horizon Bridge hack has been laundered using Tornado Cash. And the target of sanctions is a piece of software.
But since Tornado Cash involves smart contracts, or is a “crypto mixer” – a tool that automatically manages contracts – rather than a person, the move to sanction it brings up several issues, including the possibility that the First Amendment has been violated, among other reasons, because courts have in the past ruled that it protects source code as speech.
Now, some legal experts and privacy advocates challenge the idea that it is possible to legally sanction software. And sanctioning this tool means that no specific non-US person(s) has been banned from accessing the US financial system; instead, in effect, all Americans have been banned from using the software.
Like almost every other type of technology, Tornado Cash can be used for good and bad purposes, and is not in itself something that can be considered as harmful – a parallel can be drawn with the BitTorrent protocol, and the way it is treated. Both are legitimate tools that can be used to different ends.
Tornado Cash allows those transacting in the crypto market to protect their privacy by anonymizing crypto wallet transfer details and the buyer’s identity.
There have been previous cases when Bitcoin addresses were included in the SDN list, when this involved those addresses being controlled by individuals accused of participating in sanctioned activities – which is significantly different from what is happening now around Tornado Cash.
A statement made by a senior Treasury official, cited by the Financial Times, reveals that the goal is to target mixers in general.
The official added that this is “the second action by Treasury against a mixer, but it will not be our last.”
Back in February, the Treasury spoke about mixers as anonymity-enhancement technologies in the context of money laundering, and described their use as a growing trend.
But the legality and constitutionality of the way the US authorities have decided to go about suppressing this trend are not a clear-cut matter. For one, there is the issue of placing limitations on money spending as a First Amendment concern, in terms of money spending being a core component of disseminating political speech.
This is seen as particularly problematic since an entire software tool is being targeted, thus in theory affecting every US citizen, instead of a particular individual for their involvement in prohibited activity.
In the meanwhile, GitHub has removed the Tornado Cash code, along with the founder’s account, while its email accounts appear to have been taken down.
But as the 1995 Bernstein v. United States case shows, source code is speech protected by the First Amendment. The outcome of that case is the reason why strong cryptography is today available to all; Bernstein sued the government for placing restrictions on cryptography exports, since that would have prevented him from publishing a paper and code of his encryption system.
Several years later the Ninth Circuit Court of Appeals decided that the government restrictions were unconstitutional, and that the First Amendment covered source code as protected speech. This ruling has since been cited by the likes of Apple, who said this was the reason not to hack the suspect’s phone in the San Bernardino shooting case.