Privacy, National Security and Sanctions Don’t Mix
We’ve said since the day that the US Treasury Department’s Office of Foreign Assets Control sanctioned Ethereum coin mixer Tornado Cash that it was at best misguided and unconstitutional, and at worst counterproductive.
Cointelegraph makes the case that Treasury’s actions actually damage national security. And this is not based simply on principle or partisan position, but actual practice. And as a bonus, the site even makes the argument we have, which is that no just society sanctions tools just because a bad actor may misuse them. A just society goes after the bad actors.
Much has been written about the sanction and the threat represented by sanctioning code as speech, and two lawsuits have been filed to push back against OFAC’s efforts.
What has been lost in the FTX drama over the last few weeks is the deft maneuvering that OFAC has engaged in to improve its strategic position in the litigation. On Nov. 8, OFAC “redesignated” Tornado Cash “on the basis of new information.”
Two significant legal challenges brought forward a few weeks prior that poked holes in OFAC’s designation are the likely source of the “new information.” OFAC can only sanction groups, not computer code, and OFAC seems to be pushing a novel theory in its second designation that the decentralized autonomous organization around Tornado Cash was part of a group, even though the DAO had no power to change the code since the admin key was burned.
Supporters of the designation argue it was overall a fair trade to achieve national security goals. The stated reason for the designation was that Tornado Cash “obfuscated the movement of over $455 million stolen in March 2022” by North Korean hackers.
But did it really? Privacy tools require a large anonymity set to work. That’s the only way that small transactions by ordinary users can hide in a large crowd. And it works only if privacy tools are used correctly, without privacy mistakes like making mirror transfers into and out of shielded assets within a short timeframe.
Consider that when North Korean hackers made that specific transfer, it represented 20% of the entire Tornado Cash pool. The sheer volume of ETH North Korea was trying to move through the Tornado Cash protocol meant that it wasn’t obtaining any meaningful privacy by using the tool. It evokes a comical vision of Godzilla trying to cover himself with a fig leaf.
The Treasury Department would have achieved more for national security by allowing North Korean hackers to maintain a false sense of confidence and continue using the tool while it surveilled their transactions using statistical tracing analysis. What OFAC achieved instead amounts to little more than national security theater.
Meanwhile, it has done real harm to the Ethereum blockchain. One example, as noted by Ethereum co-founder Vitalik Buterin, is that Tornado Cash anonymized donations to support Ukraine. If the Treasury Department’s sanction against Tornado Cash is allowed to stand, it can sanction anything from computer code and applications to specific assets.
Almost as if on cue, former Treasury official Juan Zarate argued in a recent interview that the Treasury Department should use the Patriot Act more “creatively” to sanction entire classes of assets in crypto. It’s a short step from there to sanctioning gold coins or other everyday assets.
Society doesn’t countenance the sanctioning of things merely because criminals happen to use them. Criminals drive on roads. They use tools available at the hardware store. They use these things in furtherance of their crimes.
If OFAC’s vague sanction of “Tornado Cash” is allowed to stand, it can sanction any protocol or asset in crypto. And that threatens to destroy any meaningful vision of crypto’s future.