> In keeping with our longstanding defense of the right to publish code, we are representing Professor Matthew Green, who teaches computer science at the Johns Hopkins Information Security Institute, including applied cryptography and anonymous cryptocurrencies. Part of his work involves studying and improving privacy-enhancing technologies, and teaching his students about mixers like Tornado Cash. The disappearance of Tornado Cash’s repository from GitHub created a gap in the available information on mixer technology, so Professor Green made a fork of the code, and posted the replica so it would be available for study. The First Amendment protects both GitHub’s right to host that code, and Professor Green’s right to publish (here republish) it on GitHub so he and others can use it for teaching, for further study, and for development of the technology.
The first may protect the right for Github to host the repo (though even that seems somewhat a stretch), but it certainly doesn't grant or protect any right to publish on Github servers.
Every time someone points out that freedom of speech/press/expression doesn't apply to expression in a private forum they are correct. The owner of the forum has rights... but, there is a very important piece of the story this misses:
Is government the reason GitHub is removing the repo?
If so, then this is exactly an abridgment of rights, and GitHub would be an accomplice to the government is that violation. Government asking for someone's rights to be violiated, no matter how politely they do so, is still a violation of rights.
The interesting thing is I doubt the government explicitly contacted Github, it seems there's a somewhat vague "Tornado cash is sanctioned". You could imagine that Github's lawyers aren't going to take any risk. But the government could argue that Github is overreacting.
This is how the white collar world actually works. It's rife with communication characterized by non-written, non-spoken, and completely indirect forms of command giving such that it creates a plausibly deniable link through which the originator of a mandate can state they never told someone to do something, making it seem as if the agent acted entirely of their own volition, regardless of the fact they were constrained by the structure of incentives/risks put in place by the person in a position of higher authority.
Absolutely nobody will admit to the dynamic and will actively avoid any attempt at on paper recognition of it, as to do so will completely destroy/dismantle the PD chain.
In short, the government is effectively accountabilty laundering in order to for keep out money launderers.
It's because being listed is one of the things that has strict liability
https://www.law.cornell.edu/wex/strict_liability
So you're guilty if you do it, regardless of your intent or knowledge with no legal excuse or defense. That's a VERY dangerous place to be in.
It protects the right to publish, "on github", or by any other means, and saying that in no way says "compels github to perform a service against their will"
Why do some people jump to interpret things that way? There's something kind of pathetic at the heart of that.
This is an issue of reading comprehension. The quoted sentence says that GitHub and Green each separately have Constitutional rights. It does not imply a compulsory relationship between Green and GitHub.
Green has a Constitutional right to publish anywhere, and GitHub is somewhere, so he has a Constitutional right to publish on GitHub. That does not mean the Constitution compels GitHub, it simply means the Constitution does not restrict Green.
Github does not have the right to forbid publishing _at the government's request_. They may freely choose not to publish, but would be an accomplice to a crime if this is done for the government.
Granted that github sole reason for not hosting because is government overreach (first part) then in a world where github would allow publishing, then it is within Prof. Green rights to publish it.
The First Amendment rights of corporations is at play here.
> The first may protect the right for Github to host the repo (though even that seems somewhat a stretch)
There's a rather murky limit on freedom of speech, I'm really not sure where it stands with regard to instructional content in general - however some such content has been constrained before; usually regarding weapons (or really any content that the government can argue is weapons related).
It's murky, and subject to government overreach.
> but it certainly doesn't grant or protect any right to publish on Github servers.
The first constrains the government, it in no way constrains private entities.
In fact (given the corporate personhood), to require that a private entity publish content from a third party would be compelled speech, and a breach of the entity's first amendment rights.
What I took it as was “the first protects Green’s right to republish on GitHub [from government censorship].” Of course the first does not compel GitHub to allow him to do anything on their servers, but it does protect what both parties consented to do from government censorship.
>I'm really not sure where it stands with regard to instructional content in general - however some such content has been constrained before; usually regarding weapons (or really any content that the government can argue is weapons related
Common misconception.
You can post the machinist drawings for any unclassified (or classified, if somehow you came across them without having signed any paperwork related to security clearances). That is protected by the Courts.
Where you get into hot water is ITAR and restricted exports where free speech runs into the whole national security/foreign affairs jurisdiction by the Feds. You cannot post the manual for an F-16 for instance, in such a way as it could be accessed by adversaries of the United States. Access to that type of information has to be gated behind some form of arcane onboarding process to ensure one is actually authorized to see it.
There was an attempt at gating 3d printed gun patterns I think, but all the courts would let through is that a manufacturer must ensure the recipient is a U.S. Citizen, so it switched from published on website, to shipped on CD iirc.
> There's a rather murky limit on freedom of speech,
I don't believe it's murky at all, but defined deliberately in fuzzy terms in a number of important ways, one of which is the avoidance of precipitation of criminality. Criminality defined as that which is harmful to society. Although it may sound weak, compared to the presumed unfettered principles invoked above, should one or other of a separating couple used Tornado Cash to rinse common property funds, something that isn't drug dealing or terrorism anyhow, nevertheless it's laundering and using a device to commit a crime without which device that crime may not be possible. Federal proceedings against Tornado Cash have given the unlawful enterprise unprecedented profile and it follows that the motivation for anyone who strives for continuance of the same or similar, in light of the reasons for federal action, could be construed as being potential criminal too. Frankly I am stunned in the era that recognizes hate speech, that the automatic right to unfiltered and inconsequential freedom of speech is claimed so crudely, so reflexively and on such narrow and unexplained grounds..
Github doesn't have to publish or host anything they don't want to, and they may decide not to for many reasons (business, appearances, phase of the moon, etc).
Unless one of those reasons is persistent government requests/pressure on Microsoft/Github. Then it's a convenient way around first amendment protections.
I mean if they don't want to because of someone's race then that is against the law. Same with religion. So start a religion that incorporates these ideals.
IANAL, but I recall a religion needs to have existed before so-and-so date (I don't recall exactly) to qualify as a religious exception. Meaning your Swimming Lasagna Monster religion you created yesterday doesn't qualify.
"Challenging the government" doesn't make sense there, because the government never ordered anyone to take down the source code.
Microsoft just did some risk management and decided that it's not worth it to keep their own users data. I find it quite interesting that someone puts Github's management in a difficult situation. Are they gonna terminate Prof Green's account too? Are they gonna hunt down every copy of the source code on Github? Are they giving high-profile users a special treatment?
Even if some activist executive would allow it, Microsoft’s lawyers would absolutely not.
And the shareholders also wouldn’t.
Don’t forget that the purpose of a business is to create shareholder value (as defined by the shareholders themselves), and I highly doubt that the majority of Microsoft’s shareholders would see any value in this. Just liability.
Conclusion - not worth it.
> Are they gonna terminate Prof Green's account too?
Probably not.
> Are they gonna hunt down every copy of the source code on Github?
Technically, a corporation exists to distribute risk to facilitate a venture that may produce a return, not necessarily fiscal, but nevertheless valuable to the group undertaking it.
It's a perversion of the concept to jump to must produce a positive financial return. Sometimes you just need an organization to coordinate something that eases a societal ill.
That business schools have forgotten this, and that we don't remind people of this consistently is a tragedy. It cuts off entire avenues of collective organization to get things done. Some times "getting it done at minimum outlay" is enough.
> The First Amendment protects both GitHub’s right to host that code, and Professor Green’s right to publish (here republish) it on GitHub so he and others can use it for teaching, for further study, and for development of the technology.
Yeah it proyects it against the government. Everybody else is still free to sue, take down, deny access, whatever.
By that interpretation, any takedown under sanctions law would be considered a first amendment violation. Which I believe the courts have already rejected.
But who wants to do that other than the government? And it was removed directly because of government sanctions. I understand that the first ammendment is poorly understood with regard to private companies and hosting content online, but in this case the first ammendment is applicable.
Well, it could be seen as accessory to many sort of frauds. But to what extent would that be more accessory than using a car for example - and looking for the car manufacturer responsability?
Does the first amendment protect against treaties the US has signed with other countries requiring the government to take action or violate the treaty?
Depends on who you ask. The general feeling in Europe is that treaties signed by the USA (or Russia, China and many more) are basically worthless. I mean, when does USA ever ratify treaties into (federal) law, or into the constitution for that matter?
Republicans would say "hell no it's our sovereignty", Democrats "maybe", the American courts: "maybe but probably not"
I'm not a lawyer, but I don't expect this to be a a "hill to die on" at all.
If this professor is unconnected to the sanctioned Tornado Cash service, then Github shouldn't have to worry about running afoul of the sanctions by hosting the code.
This isn't the first time smart cryptographers have forced an issue like this. He wants the government to threaten GitHub and him with a lawsuit, and they have to sue him in court (which the government wants to avoid as they have a significant chance of losing). Like Clipper and Bernstein v. US, where EFF was involved.
exactly this. Microsoft will always heel to the short leash of US sanctions because the losses for them are tangible: billions in government contracts.
gitlab isn't bought and paid for, so forcing the issue only stands to win them PR with hackers.
> Microsoft will always heel to the short leash of US sanctions because the losses for them are tangible: billions in government contracts.
You seem to be under the impression that "the government" is a monolitic beast that all operates together.
There are other parts of government that would like nothing more than to see OFAC get a bloody nose over this (eg, other agencies that believe they should be the ones regulating crypto).
More commonly, these are simply different matters, and the different parts of Government that handle them don't care.
Even more generally, governments ruled by laws do not care in the sense that they do not, as a system, carry grudges and the like. A government contract is awarded by tender, for which there are rules. And unless you have exactly the same people handling two issues, there's just no mechanism for any interest to bend the rules to be transmitted from one group of people to the other.
There are sometimes cracks in this system, but even those are somewhat formalized: "buy American" rules, for example. There are also rules that apply to government contractors but not businesses operating in the private sector exclusively, such as higher minimum wages, enhanced environmental protection, or union requirements. The reason here is that these can be instituted by the executive alone, without the legislative.
But punishing a single company just because they're taking an issue to court? That'd be consider rather corrupt. It's also silly: there are thousands of lawsuits between governments and private businesses every year. Every single Fortune 500 is probably involved in a few dozens at any given time.
If he stands up and operates a for-profit instance of the service, then he will have committed the crime that led to the sanctions against the original operators of the service.
If he does not, then he is not a participating entity in the sanctioned service, and is unlikely to attract serious attention from the Justice Department.
It’s nice of the EFF to throw down a gauntlet about free speech, but I expect it will be ignored in favor of sanctioning others who operate cryptohash laundering services.
I don't think there's any for-profit argument by the Treasury against Tornado Cash. But for what it's worth, the smart contract is still live on the Ethereum mainnet. Given that it is immutable, it is not possible to take it down. It's also trivial to fork and I imagine several forks already exist on mainnet and across various EVM forks by now.
Unprofitable money laundering operations collapse from the costs of meeting demand at scales large enough to offend the United States government, and so require no special prosecution or censure in order to fail. Cryptocoin laundering is highly desired by those that would launder currency, and so is not exempt from this outcome.
Immutable smart contracts on blockchains are available to anyone with the few dollars worth of ether or other base chain currency necessary to execute the contract on-chain. They do not cost anything to operate after being deployed. In that sense, Tornado Cash is a protocol, that has more in common with HTTPS than with a business operation. Smart contracts can be thought of as software-defined protocols. Given that HTTPS and other forms of encryption are used on the regular, for both good and nefarious purposes, I see no reasonable argument against mixers. There has to be a path for on-chain privacy. It is a human right. It's also a U.S. constitutionally protected 4th amendment human right.
Whatever their benefits, mixers also enable and support the laundering of illegally-obtained currency and the circumvention of government sanctions. These points are both reasonable arguments against mixers. It remains to be seen whether society as a whole will accept your argument that mixers are an innate human right, protected under the constitution.
However, I observe with these sanctions that both the US judiciary and those of many others countries has decided cryptocoin laundering is not a protected human right, due to the balance of harm caused to societies outweighing the rights of the individual. It’s your right here in the US to declare that they’re wrong, but I do not see in your reply any new evidence or arguments presented that would change the course of the US government.
> If the ether is proceeds from a crime, then this is literally just money laundering.
> There’s also this weird delusion that if you put some dirty money in a box with clean money and shake it, then it all comes out as clean — and not that it all comes out as dirty.
> The bad takes were all variations of the fundamental fallacy of cryptocurrency: that you can code your way around the rules of society.
> There’s also this weird delusion that if you put some dirty money in a box with clean money and shake it, then it all comes out as clean — and not that it all comes out as dirty.
That's the exact take that brought to closure of tornado.cash. If you start with two distinct piles and at the end you only get one some-of-these-might-be-dirty pile, the solution to this is to destroy the mixer, not to sift through bank notes. The reason why we don't consider everything that has touched dirty money to be tainted is explicitly to protect people who may have been inadvertently brought into it.
Taking down a more public side to it (tornado.cash) has the effect of restraining the type of users that will now use it. Instead of privacy zealots (10%), money launderers (20%) and random users (70%) (numbers mostly pulled out of my ass for demonstration purposes), by making it only accessible to a much more select audience, you'll basically lose most of the random users. And believe me, if the US Treasury sanctioned it because 20% of the money going through was laundering (and the other 80% making it much harder to trace), when 66% of your traffic becomes money laundering, not only will they sanction harder, but they will also start going after actual people.
Touching the tornado cash contract is a poison pill right now.
Potentially you are challenging one of the world's largest governments to find a way to stop it. I dunno what they can or what they will do but imagine this scenario: they sanction it in a way that you are guilty of money laundering if a copy is found on your computer -- now running the Ethereum mainnet or any fork that contains it is illegal in the United States. Do not think the DoJ won't. Refer https://xkcd.com/538/ or James Mickens' https://www.usenix.org/system/files/1401_08-12_mickens.pdf for some hilarious hard truth on what happens when cryptographic research meets a real world government agency. Also refer the old saying "never wake a sleeping lion".
> you are guilty of money laundering if a copy is found on your computer -- now running the Ethereum mainnet or any fork that contains it is illegal in the United States
This is well beyond the regulatory and legal powers of the U.S. Treasury and the DOJ. That is not the letter of the law with regards to money laundering, and the agency cannot invent new laws out of thin air. Nor can they blanket ban a technology or code just because they have to learn new stuff. Could Congress pass such a law? Sure, but even then, we'll go to the mats in the court and in state legislatures. Nevermind that criminalizing and demonizing a large portion of the population hurts your re-election chances.
Even torrenting, as egregious as the copyright abuse was in Pirate Bay's heyday, was never banned in such a way. Email scams from Nigeria never necessitated the shutdown of email. VPNs continue to operate.
The XKCD example is amusing, but fails even the most basic cross-examination. Surely officers with a court-issued warrant for probable cause of a crime should be able to inspect a person's home or things. Maybe they could find a private key written on a post-it note somewhere in the person's home. That's all fair and good, and no one is arguing against that. Clearly, it's not very scalable, nor should it be. We operate under the presumption of innocence in free societies.
We all have a problem with illegal, abusive, mass surveillance. It is a violation of human liberty and a disturbing trend that has to be pushed against to prevent a full-on dystopian, authoritarian hellscape where you don't even have paper cash as an outlet from the panopticon. To avoid that future outcome, to preserve the freedom of your children, you have to fight for privacy and transactional liberty. My ancestors were willing to bleed and die for liberty. Some of us still are, today. Never wake a sleeping lion, indeed.
I agree, but GitHub is going out of their way to censor this code, and developers in other countries are being arrested for writing it. Maybe a high profile case of "the code will remain available" will dissuade those who intend to follow suit.
Because it was hosted on GitHub initially, and they took it down. There's clearly a protest angle here, and it'll be interesting to watch this play out.
Person that has worked on the defensive side of Money Laundering here.
The Tornado Cash sanction has been fascinating to watch and my key takeaway has been that there are two camps: that TC is a Money Laundering service or a Privacy service. Both are talking past each other, when it can in fact be both. Each camp see the service as their primary concern and consider the other camp as an unintended secondary.
I am seeing a lot of bad takes. "Money laundering requires all three aspects" particularly irks me because you can just point to KYC regulations to disprove that.
"Code is just code" is another, but that is just because the code isn't why someone would be sanctioned or arrested. In the same way that The Pirate Bay was just code, its is how complicit they were in the offence that will get them.
Ultimately, the dichotomy feels like a problem unique to public blockchains, and will only be solved with a ZK L1 chain, whatever that looks like. The solution would require the blockchain equivalent of end-to-end encryption, one where intermediaries have zero knowledge but doesn't require co-mingling of dirty and clean money.
While I think money laundering is a more serious crime than piracy (at least the predicate offenses can be). Watch this play out like Megaupload, never ending legal issues for the first parties, and a technical solution like Mega.
I totally concur to your view. The issue would be the level of complicity in the offense of TC hosts... which will not be studied in theory by analysts studying the code, but by investigators looking at mails, meetings, money, interviewing people, etc.
Tech bros tend to forget that there are real people on the side of Law enforcement and that they can actually investigate in a very real and traditional manner, with surprisingly good results.
> Ultimately, the dichotomy feels like a problem unique to public blockchains, and will only be solved with a ZK L1 chain, whatever that looks like. The solution would require the blockchain equivalent of end-to-end encryption, one where intermediaries have zero knowledge but doesn't require co-mingling of dirty and clean money.
But then either only ever use Monero for everything (like pre-2013 bitcoin), or exchanges will need the will to "proof" the source of funds aren't illicit.
How does Montero solve the problem of co-mingling dirty and clean money. As far as I understand there is still considerable illicit transactions within a block thus supporting indirectly bad actors (in e2ee I do not see that problem that clear)
Is there any cryptocurrency Blockchain (or research) that can limit the amount of currency held by each natural person (e.g. to an equivalent of roughly 10000 USD purchasing power) while providing anonymity for individual transactions to the outside? I would actually be willing to adopt such a trade-off roughly equivalent to cash (even paying transaction fees). At the moment I would not use crypto currencies because I do not feel that I share the values of the block chains.
>one where intermediaries have zero knowledge but doesn't require co-mingling of dirty and clean money
how would that be different from tornado? There's no legal difference between a contract with a balance and an internal utxo tree, and a blockchain with a total balance and an internal utxo tree.
yeah you should ignore the hot takes and just read this article from the EFF and the linked Coin Center article on this.
otherwise nobody else knows what you are talking about and it just reads like strawman arguments to discredit something nobody here actually said.
The issues are that the order does not distinguish between an un/incorporated organization of humans called Tornado Cash, and the autonomous smart contract that those humans do not control. The autonomous smart contract has no way of petitioning to removing itself from the SDN list, which is a prerequisite for inclusion in the SDN list, and a prerequisite for an American to get a license or have any remedy under the Administrative Procedures Act. Another division of the Treasury, FinCEN already has knowledge on this distinction and has said it in the past, while the OFAC division is acting like it is not aware of that guidance at all. There are other issues with that.
The follow-on issues are that this creates a chilling effect on speech and expression. Nobody knows their liability surface, and alters their own behavior because they aren't sure if they're going to prison or not.
> solution would require the blockchain equivalent of end-to-end encryption, one where intermediaries have zero knowledge but doesn't require co-mingling of dirty and clean money
How would you draft a statutory safe harbor for GitHubs and Coinbases when it comes to handling mixers as well as the wallets connected to them?
As someone else has stated elsewhere in this discussion, I don't think GitHub have much to worry about. Tornado Cash the service was sanctioned, and MS would choose to censor the repo out of an abundance of caution.
In the same way that the pair that open-sourced the ransomware PoC didn't get arrested because they are further away from the offenses.
I have mixed thoughts on safe harbor for centralised exchanges, they are the closest thing we have to banks in cryptoland. Mostly because with grey areas like that, a prosecution is only going to be pursued with clear evidence they knew but did nothing.
> In the same way that The Pirate Bay was just code, its is how complicit they were in the offence that will get them.
Can you explain what you mean by this? To me, publishing code that can be used to do something is very different from running it and allowing people to use it.
A smart contract doesn't run on it's own, you still need computers to run it. Not to mention for Tornado cash, you also need people interacting with the contract and sending money to it, since it doesn't do anything on its own
> Typically, it involves three steps: placement, layering and integration. First, the illegitimate funds are furtively introduced into the legitimate financial system. Then, the money is moved around to create confusion, sometimes by wiring or transferring through numerous accounts. Finally, it is integrated into the financial system through additional transactions until the "dirty money" appears "clean."
More-so than that, I see a conflation and confusion on the different stakeholders and components of Tornado Cash, on both sides of the ML/privacy split you describe.
Note that the TC smart contracts are completely autonomous now (no entity with privileged permission or receiving a fee). They are truly non-custodial and necessary functionality is either executing on-chain or locally on the client.
So a user can make full use of tornado cash suite (smart contracts + UI) without ever having to interact with or pay a fee to anyone involved in the project.
Now, if a user withdraws manually, they will still need to submit a withdraw transaction and pay some ETH for gas (transaction cost), which will link that ETH with the withdrawn funds. So there is a chicken-and-egg problem here. To solve this, the UI integrates with a network of relayers who will facilitate the withdrawal transaction and cover the gas for a percentage fee. Relayers aren't hardcoded in the UI or smart contract and users can choose their own third-party relayer. The relayer network is permissionless and autonomous as well - anyone who sets up the software and commits enough funds will be one. In newer versions of the TC UI, only relayer nodes which have staked a minimal amount of TORN tokens are showed for selection, and there is a ranking and preference of relayers who have higher amounts staked.
This relaying, on the other hand, can absolutely be seen as a service. There could be a case for ML to have against that network of relayers. And potentially (though this is new territory for courts I think) TORN token holders and/or governance participants. This clear separation between the components and stakeholders and the removal of the need of privileged actors is precisely what makes TornadoCash different from legacy mixers.
I think it's very unfortunate that even people in the space characterize this TC as such as a "service", as I think it's best viewed as "not a service" - to this point, there are no service providers apart from the serving of the self-hostable client web UI. Which is optional. It's hard to tell in which cases this is a conscious oversimplification and in which cases people aren't aware of the nuance.
If I'm allowed to make a rough comparison from the best of my understanding to Bittorrent for those who remember the TPB saga:
Ethereum nodes: Bittorrent DHT
Tornado Cash UI: Bittorrent client in a web UI
Tornado Cash smart contracts: software executing in the "DHT" (by every node)
Relayer server-side API (old UI): Bittorrent tracker
TORN DAO smart contract (new UI): Bittorrent tracker, except there's no server anymore and it all executes in the DHT
Having the DHT stand in for blockchain is not fully accurate of course but should hopefully get the major point across. Makes sense?
> Person that has worked on the defensive side of Money Laundering here.
Would love to have a follow-up from you with thoughts on the above.
I think mainly that I do not envy the lawyer that has to make the service argument.
We could get lost in the technical details of why it is or isn't a service but ultimately they only need to prove that x person of the project knew about the issues, could have done something about it (like shut it down), and didn't do enough.
It was just the one contract wasn't it? i.e. someone was responsible for deploying the contract that inputs and outputs the blending between addresses. In this scenario, the other permission less stuff is theatre.
My understanding is that a good chunk of the TORN tokens issued by "DAO" are earmarked for developers of TC, and these token could be sold for money, etc.
Plus the initial developers could run relay nodes to make money, and can even do it in a way that is basically impossible to prove, by using TC itself when withdrawing the profits made by their relay nodes. Back before sanctions, even at a centralized exchange, nobody would think anything is odd about TC developers exchanging out coins previously transferred through the TC system. After all they care about privacy and don't want people to be able to trace back to all their previous transactions.
They profited from issuance of the TORN token but they did not take fees out of every deposit. Relayers are the ones who receive fees for withdrawals (about 0.1 ETH) and depending on your point of view could be unlicensed money transmitters (and if they are still operating after Tornado was designated then sanctions violators).
Say what you will about the project and the space in general - the idea that any code licensed to you under an open source license can cause your derivative work to be subject to sanctions that were intended for the code’s original authors… would have a chilling effect on innovation.
The far bigger threat is not the code going away but it being censored at the network level. Already, a single miner has censored tornado transactions, that being EtherMine, which has 28% of hashpower. If the next two biggest miners censor it too, assuming hashrates do not change, then all tornado funds will be frozen. Very bad situation for tornado users. POS may change this but no guarantee. People should be mad at EtherMine, not at the US govt.
No, it won't. A single miner has chosen to *not include* TC transactions in their blocks, but they are not *censoring* TC transactions in the sense that they will validly build upon blocks built by others that feature TC transactions.
As long as 1% of miners include TC transactions, even if 99% choose to not include, TC transactions will still be part of the blockchain, albeit not as timely.
When miners start actively REFUSING to build on blocks that feature TC problems, that is an issue.
For what it's worth, the ethereum development community is actively exploring features that make active censorship a network violation (with censored blocks not being accepted by the network), although this is an area of active research.
Publishing code is not the issue that regulators should be concerned about. Running the code is the issue. Regulators should treat cryptocurrency "miners" as money transmitters and make them comply with the existing regulations that apply to money transmitters. Despite the claims that cryptocurrencies are "peer-to-peer electronic money", that's not entirely accurate. A peer can't send cryptocurrency to another peer. They need an intermediary to do that, which is the so-called "miner". Therefore a "miner" is to all effects and purposes a money transmitter.
You are incorrect. The miner does not intermediate transactions in any way, shape or form.
Firstly, miners do not technically intermediate transactions. Transactions are fixed and sealed by the parties involved and can't be modified. Transferred funds are never in a possession of a miner, not even briefly. Miner can't take them, can't redirect them, can't change the amount, etc.
Secondly, it's not a specific miner that confirms the transaction. It is the ever-growing group of miners. Transaction finality is ever only probabilistic. If you think picking by law the "first" miner then this is completely arbitrary and 1-block chain tips are routinely orphaned in all cryptocurrencies.
Finally, many persons and businesses accept unconfirmed (not mined) transactions, for relatively low-risk goods and services.
If you really want to regulate miners (which is making a crime running certain algorithms on your personal computer - a terrible idea), then at least please come up with a new name and new framework, because "money transmitter" or "financial intermediary" is simply incorrect.
They move money from one party to another by updating a ledger. That's what money transmitters do. Not being in possession of the funds, or the fact that the specific entity that moves the funds is chosen at random, doesn't change the fact that they're money transmitters.
It's a real shame the Treasury Department officially disagrees with you in spite of the fact that there a lot of hardliners there (likely the same types who think e-gold was a money transmitter) who would love to agree with you.
You would think then that the same logic would apply to something like SWIFT, but alas
"SWIFT itself does not monitor or control the messages that users send through its system and recognises that all decisions on the legitimacy of financial transactions under applicable regulations rest with the financial institutions handling them, and with their competent international and national authorities."
There have to be some limits to how big of a burden the government can put on people in the name of stopping money laundering, the current AML model has huge costs, in financial terms but also in terms of the invasion of privacy - if you've ever had to pass a more stringent AML check, you know how invasive and dehumanizing that is.
And it's not even working, estimates put the effectiveness of the current AML regime at less than 1% of money laundering being detected.
Funny how when the crypto industry is asked to follow the rules that everybody else already has to follow the law suddenly becomes an unsurmountable burden.
No, not all nodes are miners. Nodes are peers. Even SPV nodes, which is what is used in mobile wallets etc. Money transmitters are also required to have custody of funds, which is never the case for nodes or miners. You know nothing about the legal side, nor the technical side of this issue, so should probably stay out of it, because now you're just spreading misinformation.
What sense do cryprocurrencies even make without mixing? As I understand mix-less crypto usage lets everyone know every purchase you make. Even if all you buy is an occasional pizza this information is easy for scammers and other malicious parties to misuse.
This seems dumb, to keep relying on the Microsoft company when we got a whole internet and distributed filesystems etc. exactly for this sort of thing.
Specifically, it seems dumb to continue the idea of "github is where all the code is."
This is a collaboration between Matt and the EFF to make a point to Microsoft. The goal here isn't to ensure a safe place for Tornado development. There are plenty of options there. The hope is that Microsoft will maybe learn their lesson and quit fucking developers for stupid reasons.
Fair, and I still think dumb. I guess I'm an old timer, but it really seems to me the much smarter thing to do is route around Github entirely (and encourage others to do the same) then to play little tricks inside their walled garden.
maybe a more pragmatic question: what's stopping people from ignoring the governments restrictions on digital resource blocks? The government doesn't have the means to enforce blocking firearm designs or decentralized cryptocurrencies.
In my opinion an unenforceable law is detrimental and erodes the credibility of the authorities that impose such restrictions.
> what's stopping people from ignoring the governments restrictions on digital resource blocks?
In my opinion? Greed. Cryptocurrencies were supposed to be all about creating a type of money that doesn't depend on a central authority. And then the last 10 years were spent trying to exchange them for dollars, which of course depend on a central authority. "We will be finally free from banks" turned into "banks are being mean and they won't work with us".
likewise greed is why banks will always want to be able to sell their services of being able to exchange various currencies and greed is why there will be countries that allow their banks to do so.
This is where it gets fun. OFAC is very much enforceable and, more importantly, it is entrenched and practiced in many parts of US institutions including various gatekeepers like banks.
Now whether it is an overreach is an interesting discussion, but do not for one second think that it cannot be enforced. Right now it is just a choice that just this particular service was targeted.
And note how most reasonable people would hesitate to just click a link to that code.. when it is not even the sanctioned TC. The chilling effect alone makes it enforceable.
That’s a very myopic view. Cryptocurrencies only have any amount of privacy on chain. Once you use cryptocurrencies on other platforms, or to transact with real world assets or people, you have a huge amount of other identifying metadata now linked to your pseudoanonymous wallet.
Criminals who use cryptocurrencies are identified all the time.
It's interesting that you claim my point of view is myopic while somehow being unaware of the billions (at minimum) of dollars a year exchanged for goods that do not attach an identity to a crypto address.
There are numerous ways to obtain crypto where it would be impossible to identify the owner of a wallet. e.g. mining crypto isn't KYC, or buying KYC crypto and trading it for a private ledger like monero on a non-KYC platform (and many exist, legally)
just to name a couple of ways you can obtain crypto with absolute guarantees your wallet can't be attached to your identity. (provided you don't leak metadata thru other means such as simply telling someone your wallet address)
I agree... if you don't do anything in the real world with crypto, it is difficult to link it to the real world. But that's missing the point.
But criminals do more things than just holding crypto in a wallet. And it's those other things that burn them: Interactions with other people, being subject to search and seizure, transacting for other assets, or committing crimes.
At the end of the day, what point is there in being a criminal if you never spend your money?
I think there's some disconnect here but I'm not sure where. In my scenario I have crypto sitting in my wallet that can't be linked to any other wallet. That means when I buy coffee with that wallet there is zero way for starbucks to also see that I bought something at target with a different wallet.
Again, this is achievable in many different ways. Today, anybody with a trivial amount of knowledge on basic feature sets of various coins can do this.
You can't link me to the coins I earn via mining, you can't link me to the coins I spent on some other private chain (e.g. monero) and thus when I buy starbucks with a wallet, quite literally only starbucks will know that I had enough funds in a wallet to pay for a coffee and unless starbucks goes KYC then they also won't have metadata linking my identity to that purchase anymore than if I had used cash.
There are plenty of exploits that can be used to determine that you transacted with Starbucks, regardless of your payment technology. The idea is simple, you don’t do a direct attack on the technology, you collect information from tangential sources which are not protected by anything on chain.
1. Someone can physically observe you
2. Someone can observe the surveillance camera footage
3. Your device may be compromised
4. The network you are using may be compromised
5. Starbucks may divulge that transaction to others
6. Someone may compel Starbucks to divulge the information
7. Someone may physically steal your private keys while in the Starbucks
8. You might tell the barista your real name
Etc.
Now Starbucks is perfectly legal and nobody cares that you bought a coffee, so nobody does this. But if it were $50m worth of illegal drugs, someone may assign some resources to doing so.
Anyone who engages in crime for profit is inherently interacting with other people, and eventually, hoping to turn those tokens into physical wealth.
Crypto isn’t the first pseudoanonymous currency. The way you catch a drug dealer that uses monero is exactly the same way you catch one that uses cash.
Is it? I do not want to sound condescending, but extraordinary claims like these require extraordinary proof. Actual security is hard and even that only needs one slip.
That said, I am always eager to learn. Would you be willing to share trivial steps that keep your identity separated?
> trivial to keep your identity separated from various digital assets
It’s similarly trivial to hide cash income. I assume keeping this identity separate would also extend to tax fraud, so I guess we’re there in the conversation.
What does tax fraud have anything to do with this? I can't help but wonder if you're just trying to imply that anyone who wants to stay private must be a criminal.
There is quite literally zero reason to suspect tax evasion from somebody just because they want their identity to remain detached from the products they purchase.
That's a practical explanation and I appreciate the honest response. What I find baffling is why, clearly writing zeroes and ones in a bank record is speech, and without some outside context linking the funds directly to violence, non-violent speech at that.
should be fairly easy to do - the original code is still on the Ethereum blockchain. just compile his code and see if the bytecode matches the original - even the slightest modification would make it fail the check. the only required knowledge are the compiler settings, but they're so few that you can brute-force them just to be sure that you're not falsely accusing him of having changed the code.
(btw, I've deliberately outlined a protocol that doesn't rely on other third-party resources - if you're happy to rely eg on Etherscan you can do a simple diff against the original code)
Thank you Matthew Green for dropping your usual pompous egotistical Twitter attitude for this one. Twitter thread is professional and concise. The message is clean and in my opinion incredibly important and interesting. Thank you for putting your stature to use and fighting for a good cause. ++respect.
A good takeaway from this whole thing will be that despite crypto largely being marketed as decentralized and uncensorable, in reality >50% of the validation power is in the hands of private equity and miners who will bend at the first sign of financial and legal risk.
What is the point of republishing it on Github? They (GitHub / Microsoft) will just remove it and ban it again after announcing it.
A better way instead, would be to do what all other projects like GNOME, KDE, Tor, wireguard, etc have done before and that is to just self-host the repositories instead.
So now we'll find out whether this platform is choosing to deplatform this particular speech, now that it's more clear that they're under no legal obligation to do so.
I don't really blame them if they are. The risk:reward for offering essentially a free service to take legal heat on something this "hot" seems like a bad tradeoff for github. Seems like the kind of thing better hosted on some financially fire-walled shell company's website where any losses from a protracted legal battle can fall off into oblivion.
Wishes aren’t statute and GitHub isn’t a public good or commons. There are more valuable efforts for GitHub than fighting sanctions on money laundering code. One can always host the tarball on their website, or the code on their own Gitlab instance. Very common in the edu space.
Freedom of Speech is a principle, a concept, a philosophy. Not a Law
In the US, the 1st amendment prohibits the US government from infringing on a persons natural right to free speech.
"Freedom of speech" is not a law, or provision. Pointing out that a platform "has the right" to violate peoples freedom of speech (and yes it is an infringement of the principle) is both obvious and pointless. People that actually support the principle also have the right to express their deep disappointment that GH would abuse their position of power, abuse the privilege bestowed upon them by the community of open source developers by cowering to the US government and refusing to stand up for the principle of Free speech
First Amendment is the application of the principal of free speech to law
However freedom of speech is also a larger principal then just the first amendment. People seem to only want to focus on the first amendment and government censorship as if that is the only type of censorship
They might also be banking on this giving Microsoft cover to not take it down.
With the original takedown, Microsoft would be worried that the relative nobodies disappear with Microsoft left holding the bag. If Microsoft instead knows that it’s backed by the EFF who is itching for a Supreme Court fight, they might instead tell the USG “here’s their mailing address, you guys settle it in court”.
I think this is about proving a point. The point being "code is free speech" and to not let GitHub / Microsoft slide and set a precedent that takes us back 30 years.
> I’ve worked with this code as a researcher and I use it to teach my classes, so it’s important to me that it stays easily-accessible on a major site like GitHub. (This is not the only copy, in fact it’s a fork of someone else’s.)
It may sound a little odd, but you do not think existing AML regime is already working in overdrive mode punishing regular people ( all while actual big fish manage to get away undetected or, worse, protected )?
It is a much larger percentage of North Korea’s total economy, however, and I think that’s going to turn out to be the primary motivation here: not that OFAC woke up one morning and said that Tornado Cash is public enemy #1 but that the people watching North Korea saw that ransomware proceeds were being laundered using this specific system and wanted to stop it.
And AML wastes tens of billions of good dollars in GDP and revenue per year through added monitoring costs, insurance, enforcement expenses, etc. If AML were 90% effective, it’d be supported; but it’s more like 0.1% effective.
The best outcome is github refuses to repost and this gets moved to a more open site. That site gains some attention and becomes hot for awhile and take some market share away.
the point is to force the US government to not take down repos that have legitimate educational use. He already said that if github takes it down, he'll host it on a university server.
Honest question, why does it have “legitimate educational use”? For me that’s not a given. You could teach how to build a bomb or how to cook meth. I’m sure there are a lot of students who would benefit from that kind of knowledge and would use it for good. I’m also sure that we would have a bunch of Walter White wanna bes. How is this different?
> You could teach how to build a bomb or how to cook meth…
Professionals legally create explosives (military, demolition, mining etc) and literally “cook” meth (the brand name for legal prescription methamphetamine is Desoxyn in the US). These necessary and legitimate jobs require educated individuals.
I'm sure somebody asked how the model train railroad club at MIT was for legitimate educational use, but it helped lead to modern computing. We want to have a bunch of americans who understand crypto- the underlying technology- as a long-term competitive edge. Generally we trust the people who go down these paths to be fairly responsible, and MIT as well as JHU are examples of long-term responsible exploration of things that may not seem to be legitimate educational use in the short-term.
Why would it need to? If Monero transactions can't meet AML/KYC compliance (they can't), then exchanges in the US can't serve as an offramp for Monero/USD transactions. Isn't that sufficient?
Eh? You most certainly do have to provide documents to cash it back out. Your exchange may also review transactions coming into your wallet. This is the part Monero fails at.
Monero is cash-like and exchanges can be compliant and sell Monero in the US (a few do). It's just a lot of extra work, especially including the additional fraud risk it brings them.
I take issue with the claim that tornado can “effectively launder money for criminals.” All it can do is leave you with an asset with a less-than-clear on chain history. If you want to cash out, you still have to explain how you wound up with 100 ETH or whatever.
Kinda. Money laundering consists of placement, layering, and integration. There is a (very weak, imo) argument that TC can be a part of the “layering” process, but it certainly does not do all three.
If that's true, then it can't launder money very well can it?
Definitely feels like a false narrative has been created by the fact they're able to point it out.
Like pointing at someone and accusing them of hiding, but the very fact you can point them out means it's either not actually happening or not happening very effectively.
Anyone can see what amount of money one address has put into Tornado Cash, so it’s no surprise that we can estimate how much money North Korea has put in. The whole reason they do put that money in, though, is so that they can have a different account take that money out, and have it not be clear where the money came from. For a sanctioned country, that output seems much more spendable.
It was very effective. The money went in, and no-one knows where it came out. BUt you can bet it went into thousands of clean, untainted wallets which were then used to cash out.
Yes, Tornado allows you to obtain ETH that is divorced from the original (potentially criminal) source. But exchanges and anyone with a block explorer can still see that your clean wallet received 100 ETH from the Tornado withdrawal address. Exchanges in America at least are supposed to consider accounts receiving funds from mixers as "high risk" and apply extra scrutiny/shut down accounts. There are exchanges in Hong Kong and most of the former Soviet Union that ignore these kind of rules but Tornado still doesn't really "clean" the money in the sense of giving you readily spendable money in a bank account. I guess it may be useful in the process of doing so.
> Exchanges in America at least are supposed to consider accounts receiving funds from mixers as "high risk" and apply extra scrutiny/shut down accounts.
I believe there's a level (I think $3000) for the "travel rule"[1] to apply.
It's obviously easy to bounce the money through some "NFT sales" too if you want.
Money laundering is comprised of three parts: placement, layering, and integration. The government here is attacking the “layering” part of the process that tornado _may_ contribute to (the norks still have to explain how they ended up with a billion of ETH). But to truly be “money laundering” you have to have all three elements. The equivalent here would be banning casino chips or something.
> equivalent here would be banning casino chips or something
If someone pays for a house with casino chips, and you don’t do your diligence on why they chose that mode of settlement, you’re rightfully exposed to legal risk if they were in fact laundering money.
> I take issue with the claim that tornado can “effectively launder money for criminals.” All it can do is leave you with an asset with a less-than-clear on chain history. If you want to cash out, you still have to explain how you wound up with 100 ETH or whatever.
ehhhhhhhh. you can play with asset prices and valuations to fix this.
you have a little clean money savings from your job right?
okay, great, with a little bit of dirty/flaggable money in a different address, launch an erc20 token and liquidity pool, add 100% of the erc20 to the liquidity pool.
now with your clean money, be an early buyer.
now with MORE of your dirty/flaggable money (other tornado cash notes withdrawn to different virgin addresses via the relayer), buy into the liquidity pool. this pumps the price of the token.
now with your clean money, sell. cash out, pay capital gains tax, move on. indistinguishable from any other crypto trader. bots and many others would have bought into the liquidity pool too as they have alerts.
everyone else can play amongst themselves in perpetuity, and it can't go below the initial price that you set when you launched the pool (in Uniswap V2 style liquidity pools, and just if you want to feel better about it). hey, maybe if it keeps running then your tornado cash funded addresses might be able to sell back into the liquidity pool again.
you don't need, there is still benefit in unlinking the transaction history and normalizing that behavior.
virgin addresses funded by a third party relayer does that.
you don't want your $30,000,000 bridge heist funds to be buying a newly launched token. you want a bunch of unknown sources to be buying the newly launched token, various identities.
edit: actually I could see the crypto community finding it hilarious and "aping in" knowing that a large buyer is supporting. easier to blend in.
Even if it does, who gives a shit? The interstate road crew happily builds the interstate, knowing money launderers use it without taking the slightest precaution to stop them. They cash their paycheck, knowing some of the money thrown in the 'mixer' of the treasury was the money of the money launderers paying their taxes that build the interstate.
The road crew is like the workers at an internet provider or maybe an isp, and the vast majority of the traffic is legal. That original analogy makes it seem like the verdict on tornado was already made, now we just need to grasp at arguments to support the pre-made conclusion. It backfires. Don’t shoot the messenger.
Had to look that up. TVL = Total Value Locked. E.g. the code itself doesn't and can't make an effective mixer, a high volume of the money flowing through a specific mixer service is necessary.
A piece of code on GitHub has zero TVL. It's just a bunch of files. (I would assume the treasury department only gets involved when there is actual money involved. Sending money to a contract on the blockchain is finance. Just posting the code somewhere is speech.)
Is it? Given that the original code still exists on mainnet and cannot be taken down. I suppose the main use case of a high TVL fork would be for Americans who wanted to legally regain their privacy without risking a sanctioned contract interaction. Anyone who doesn't care can still use the original.
Maybe, but you might be misunderstanding how that works as well as assumptions about crypto user stories.
there is a sanction on US persons from merely interacting with the deployed Tornado Cash contract, so there is a potential fine and prison sentence for just doing that. The license removes that liability.
the assets you receive out of Tornado Cash can be used the same as before. Exchanges may flag those funds arbitrarily, but other smart contracts and merchants do not. Many people stay directly on chain and pay for goods and services, and invest, without issue. Many people can derive real world benefits from things they purchase with their crypto, whether that thing is digital or physical. Its not about "cashing out", but if so, those people can still just deposit into some onchain lending service and cash out the borrowed funds, as exchanges themselves don't dig that deep and if that individual has the OFAC license it doesn't matter.
for those that choose to go to the treasury to get a license, they can always prove provenance of their tornado cash assets and prove they're clean, which is a key feature of tornado cash. so its not a good assumption that the treasury would target that person to make a deal, because there wouldn't be any liability at all, only the novelty of making the application for the license.
As you evidently know, that's the defining characteristic of a license: it removes criminal or civil liability for an otherwise illicit act. For example a Barber's license permits a person to hold a knife to someone's throat without it being assault, modulo some additional conditions. So much for generalities.
To the specifics, you look to be quite well informed on this particular matter. Are you saying that someone that has assets in Tornado that they cannot otherwise cash out without violating sanctions can lawfully sell them to a licensee, but nobody else? Because if so that sounds like a wonderful buying opportunity for the licensee. Or is getting a license trivially easy, such that anyone with assets legally tied up can just go through a TSA pre level process to establish that they're not an international terrorist drug dealing child trafficker, or whatever activity these sanctions are meant to discourage?
a) the person already having assets in Tornado Cash also being the licensee to withdraw assets from Tornado Cash. the assets they withdraw are as liquid as any other non-TC assets and do not have to go to a fellow licensee.
b) a person that wishes to continue depositing assets into Tornado Cash is also the person that is the licensee.
the only reason for the license is for interacting with the Tornado Cash smart contract - as by default that is currently a sanctions violation for US persons - it has nothing to do with whether another recipient is comfortable accepting those assets, and that isn't a limitation of liquidity at all.
Hope that makes sense. The license is just a bureaucratic nuance for people that dont want to gamble with liability. They can totally try to hide it and risk a sanctions violation charge.
I wonder if it is possible to have a variation of Tornado where the TVL automatically moves to a new deployment at a new random address every N blocks, so that it's not as simple to have specific addresses sanctioned. I don't know Tornado very well and don't know if this would be possible.
You could cascade the sanctions so any addresses touched by sanctioned addresses becomes sanctioned too; that leads you open to trolling and abuse where a sanctioned address sends money to celebrities to impact them. This could probably be dealt with by saying anyone who uses an obvious Tornado-style contract that's been sent money from XYZ address is illegal, so you don't end up with the trolling, but I don't know for sure how that'd work.
He was apparently arrested for actual criminal activity related to the mixer, and not for code contributions.
Jeffrey Blockinger, general counsel at Quadrata, says most developers don’t need to be concerned about an arrest. “While privacy concerns are legitimate, this arrest is reportedly focused on evidence of actual criminal activity,” he told Protocol.
The censorship of the idea of Tornado cash thing reminds me of the old quote: "Ideas are more powerful than guns. We would not let our enemies have guns, why should we let them have ideas." - Joseph Stalin
> The censorship of the idea of Tornado cash thing
No one "censored" anything. The Department of the Treasury didn't sanction an "idea". GitHub took down an actively-maintained software project on their own servers that was in use in practice as a money laundering tool.
Now, should the source code to that project be available from other, more trustworthy maintainers? Maybe. I tend to agree with the EFF here that this is something that needs to be allowed.
But the idea that this is some kind of oppression of innocent open source hackers is... really not what's happening. And pretending otherwise seems unserious to me.
If you want to get pedantic, the source code isn't the tool used for money laundering, it is a description of the tool. An idea.
And github took it down because they fear government reprisals for publishing it. Getting nitpicky about whether you personally call that censorship or not seems like it's being deliberately obtuse, surely you understand the intent and accept it's a reasonable use of the word.
(What's more censorship can even apply to purely private actions under common definitions, and can also be objectionable especially depending on the motive.)
> Now, should the source code to that project be available from other, more trustworthy maintainers? Maybe.
Should an idea be censored if one person publishes it, but allowed to be published by others? I can't follow the logic behind that. There are reasonable arguments for censorship, but they're almost all based on the content of what is published. The only exception I can think of are false or unfounded claims where the knowledge and intent and perception of the person publishing could be factors. That doesn't apply here though, so what's your reasoning?
> But the idea that this is some kind of oppression of innocent open source hackers is... really not what's happening. And pretending otherwise seems unserious to me.
Pretending censorship isn't censorship because it may not fall neatly under a clause in a country's constitution doesn't seem serious to me.
> If you want to get pedantic, the source code isn't the tool used for money laundering, it is a description of the tool. An idea.
No, that's not right. The Tornado Cash contracts, built specifically from that github project, were in active use on the blockchain. That's a machine, not an idea.
You're right, that there's semantic space to talk about the distinction, but that github project was directly conflating the two. So it was killed. Now we have another project, run by a researcher interested in blockchain technologies and not someone trying to run a crypto tumbler. And now the argument seems to have some more reasonable weight.
But please don't pretend that the Tornado github project existed for some kind of abstracted idea of discussion. It was a practical project designed to be used for crypto mixing, and as such deserved to be regulated that way.
I disagree, and I don't think you're being logically consistent when you say it could be available from a more trustworthy maintainer. It's not some autonomous money laundering machine that started committing crimes the instant it is published. Source code is an idea, you could describe the algorithm in a natural language in a book.
I agree that law enforcement and gov't would want to prevent money laundering. They targeting individuals involved in money laundering is right and just - as long as it is done within the confines of the law.
However, the code does not break the law, in the same way that a gun does not kill. It's the person.
So the code should be freely available.
If it turns out that everyone in society ends up using the code to "break the law", then the law needs to be revised.
>that was in use in practice as a money laundering tool.
Visa, Mastercard, Western Union, Paypal and plenty of others are also "in use in practice as a money laundering tool" and yet for some reason they are not shut down.
Western Union has actually paid some substantial settlements to the government regarding AML and sanctions violations. Liability for AML stuff mostly falls on card issuers and is largely related to large cash sales of prepaid cards so Visa and Mastercard aren't really on the hook for that. If you followed the El Chapo trial you may remember the stories about prepaid cards: https://www.reuters.com/article/bc-finreg-money-laundering-i....
There are other uses for an N95 mask than robbing a bank.
Similarly, there are other uses for anonymous money than laundering illegal money, for example, getting an abortion, buying a gift, having a vacation in Las Vegas as a Korean citizen (they get prosecuted for gambling overseas), anonymous donations, etc.
The technology to grow food also grows drugs; to teach technology is to teach all its applications, even if it goes unsaid. That doesn't mean we should forbid people learning to grow food in case they might grow drugs, or might launder money.
Money laundering: the concealment of the origins of illegally obtained money, typically by means of transfers involving foreign banks or legitimate businesses.
Tornado Cash isn't for laundering money, it's for breaking the chain of public transactions on block explorers. It doesn't make withdrawn fees look "legitimate".
> can use Torando Cash to conceal the origins of my paycheck, for example to preserve my privacy when transacting with peers
Probably. After it’s been publicly outed as a known money laundering venue, however, you should switch to another service. It’s also reasonable for everyone who deals with you henceforth to subject you to additional scrutiny, to make sure you were not in face laundering. Because while the privacy vs. friction tradeoff may be acceptable to you, it’s not to everyone, and just as you have a right to privacy they have a right to not associating with you.
But there's no reason to do that unless you're trying to hide a crime.
I'm sympathetic to the free speech argument, but also, if I put up plans for the Kitty Murdulator 9000 whose principally designed to kill kitties, then yeah I'd call that bad. Like sure you could do something else with it I guess, maybe, but it's clearly designed for one thing, and one thing only.
Don't want your transactions to be public? Use a bank like a normal person.
That's great and all, but that doesn't change the responsibilities incumbent on a service that transfers value under the law. And that is to ensure their compliance with AML and KYC rules - and best effort verification that sanctioned individuals aren't using it. None of which this particular service did. RIP.
I think something like 1/4 of all the transactions on Tornado were laundering lol. Imagine any other business that operated like that. For instance, a bank where 1/4 of tellers are stealing the deposits of customers. At some point, the banking that happens is incidental to the actual business.
So like, if you have a legitimate use for the service, and you know that by participating you're facilitating money laundering, you're complicit IMO. And if you don't want to be complicit, go find a different service.
Second, if true, is that a good thing? Or are you saying that if one person is getting away with something then everyone should just be able to do it.
This has big 'but mom, Jeffrey Dahmer got to kill and eat people' energy. Nobody gets to kill an eat people. Just because Jeffrey Dahmer did it doesn't mean you do. And it doesn't mean we should be building tooling that allows people to more efficiently kill and eat each other just because one guy found a way to use it as a hat pin.
Estimated ~60+% of worldwide employment (and 15+% of GDP) is "informal" thus no verifiable source of legal funds would be found if those persons put it into Tornado Cash. I'm not sure how you define the 1/4 cited figured in Tornado Cash, but the point is I'm not sure that it indicates anything unusual about the proportion of transactions, especially considering informal workers tend to have less access to the formal banking system.
Whether that is a good thing? I don't know, I guess it would be better if those people starve to death so they could make sure they had a traceable source of tax-paying employment? This kind of thing probably covers the vast majority of people in places like Argentina where the tax on corporations is 107% of profit [see publication 'doing business argentina'], that is there is basically no legal way to run a business fully above board. I definitely don't see these people trying to survive on otherwise honest employment as Jeffrey Dahmer, but I agree it would be better if they had a way to work that allowed them better access to the banking system.
To put it simply using your analogy, if 1/4 (or more) of the wold is 'Jeffrey Dahhmer' it doesn't look like your service favors Jeffrey Dahmer if only 1/4 of the service is servicing Jeffrey Dahmers.
I deposit 100 ETH to tornado, wait a while, and withdraw in 10 ETH increments. There is still no explanation for the origin of the funds. Money laundering is made up of placement, layering, and integration. Tornado did only one of these (kinda).
I'd really love to hear why you and other commenters are so supportive of transaction tracking.
Cash was and is still not very trackable; it's so untrackable that the IRS has to declare what events trigger tracking. Something like Tornado Cash just mixes what it's comparable to a credit card purchase down to being as trackable as cash. I don't see a problem with that.
Whether or not criminals use it is really not of concern to me. The FBI, CIA, and NSA can do their jobs just fine without transaction tracing. The fact that their jobs remain hard are also an indicator of freedom. Their jobs have already gotten quite a bit easier with the birth and success of the digital world.
Again, Tornado Cash is not money laundering. It only provides transaction privacy. Here is the difference:
The result of money laundering is clean money: you can deposit it into your bank, pay taxes on it, and buy a Ferrari. That only happens if you can give the IRS a plausible explanation for how you obtained the funds legally.
Tornado Cash does not give you this plausible explanation. After using it, you still will not have clean money with an IRS-approved explanation of income. All you gain is privacy from chain analysis.
You could launder money through a restaurant or minting a NFT, since those are otherwise legal activities that could plausibly explain ending the day with more money than you started with. But Tornado Cash does not fit that description.
If you sell $160000 worth of crack for green paper bills that nobody knows are connected to drugs, you cannot buy a Ferrari. The IRS will come knocking and ask where you got the cash. First you would need to launder the money.
If you sell 100 ETH worth of crack and send it through Tornado Cash, you cannot buy a Ferrari. The IRS will come knocking and ask where you got the cash. First you would need to launder the money.
You can trade your green paper USD for a Ferrari. But after you drive it home, the IRS will still come knocking, because you didn't launder your money.
You can trade your Tornado Cash ETH for a Ferrari. But after you drive it home, the IRS will still come knocking, because you didn't launder your money.
Not when your use of the service obfuscates criminal flows and the service intentionally avoids meeting its AML/KYC obligations and doing even the tiniest iota to stop criminal use. That's when it switches from a privacy venue to a money-laundering venue and the fact you're there and using it in a legal way is incidental.
>why you and other commenters are so supportive of transaction tracking
because most people aren't a fan of tax evasion, black markets or crime. The same does in fact apply to cash which is why many jurisdictions heavily restrict large cash transactions and are in the process of reducing the usage of cash or circulation of large bills.
I think the NSA, FBI and CIA being able to do their job is a good thing because I'm not too keen on making the life of money launderers any easier.
No, money laundering obfuscates money sources because the money is illicitly gained or because the money holder doesn't want to pay taxes. It is neither money laundering or a crime to obfuscate the legitimate source of your money, because it is nobody's business but yours.
I deleted my TC repository clones, before the shit hit the fan, when I was studying TC's use of Zero-Knowledge Proofs. I'm glad they still exist, but if not there are other repos like Zcash.
There are research papers that show that TC withdrawals can be linked to TC deposits with a good level of confidence.
I'm sure a great deal of analysis was done by the US, which led to their actions, like it or not.
There are knee-jerk reactions in the Crypto Community fearing that they will be next, and restricting access to their projects. No self-awareness of the truth about the "Decentralized" nature of their projects.
I dont know, if the freedom to circumvent the state and attack it at the cellular level is really worth defending. Oligarchs in the west had that ability since the 1960s and look what it got us.
In this world going ever faster down the drain attacking something that compared to its peers seems fairly benevolent like a democratic state, looks ever more like a bunch of cocks, sitting on a manure heap, sounding the cry to battle, while the whole assembly drifts downstream in a flood.
https://www.eff.org/deeplinks/2022/08/code-speech-and-tornad...
> In keeping with our longstanding defense of the right to publish code, we are representing Professor Matthew Green, who teaches computer science at the Johns Hopkins Information Security Institute, including applied cryptography and anonymous cryptocurrencies. Part of his work involves studying and improving privacy-enhancing technologies, and teaching his students about mixers like Tornado Cash. The disappearance of Tornado Cash’s repository from GitHub created a gap in the available information on mixer technology, so Professor Green made a fork of the code, and posted the replica so it would be available for study. The First Amendment protects both GitHub’s right to host that code, and Professor Green’s right to publish (here republish) it on GitHub so he and others can use it for teaching, for further study, and for development of the technology.