Good Afternoon Decentralized Way Subscribers!
Today’s topic is one of the most vital but often overlooked in our modern age. Privacy.
Today we will dive a little deeper into why your financial privacy matters and how a little more was taken from you on Monday (8/8/2022).
I’ve heard friends and family make the case of I have nothing to hide, who cares?
Saying you don't care about privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say.
-Edward Snowden, March 2016
Destroying your trail of breadcrumbs
On Monday, the U.S. Department of the Treasury’s Office of Foreign Assets Control, otherwise known as OFAC, sanctioned an open source, decentralized protocol called Tornado Cash, citing that it has been used for “illicit activities” by a North Korean hacker group. Source.
For starters, that means that OFAC sanctioned a website. Beyond that, Tornado Cash is an open source (meaning anyone can contribute or see the source code - something that Google or Facebook would never do) and decentralized protocol (or crypto website if you prefer), meaning no one entity can take it down.
Tornado Cash is what’s known as a mixer, allowing users to deposit funds into what is basically a big bucket of money, and then withdraw them later. If that’s a little fuzzy, keep reading.
One thing to understand about blockchain is that it leaves a trail of breadcrumbs. Meaning you can actually trace every transaction from origin to destination. This is a huge win for transparency (imagine seeing where your tax dollars actually go). But sometimes you may not want your trail of breadcrumbs to be found. That’s where Tornado Cash comes in.
The key here is that by depositing into the big ‘bucket’ with other peoples money, it destroys the trail of breadcrumbs left on-chain that accompanies every single Ethereum transaction because all the deposits are mixed together. Think of it like a big black box that doesn’t allow you to see where the money originally came from.
It’s a tool to anonymize transactions, which, like any tool, can be used in many different ways.
A hammer could be used to harm someone or it could be used to hang a picture on the wall. It’s still just a tool. All that matters is how you use it. We’ll touch on a number of different ways you could use Tornado Cash that are perfectly legal in just a bit.
And to be clear, Tornado cash has been used by North Korean hackers - no one is debating this. But it is also used by law abiding citizens around the world, just like any other tool.
Can you even sanction code…?
The US Treasury added a list of Ethereum addresses in ‘violation’ to the SDN, or Specially Designated Nationals list. This is a list that acts like the no fly list for businesses in the US, and I promise you do not want to be on it.
This list is typically reserved for individuals, hence the name. But for the first time, the US Treasury has added a financial tool to the list. By using it, you would be in violation regardless of your intent, good or bad.
But here’s the thing, in 1995 a landmark case was brought against the US Government, Bernstein v. Department of Justice established that code is free speech. Source.
Meaning that sanctioning Tornado Cash is in direct violation of the first amendment of the United States Constitution.
This is bigger than any Government
By sanctioning an open source, decentralized financial tool under the guise of restricting North Korean hackers, the US Treasury has not only not affected the North Korean hackers in question at all, they’ve instead only restricted the financial freedom of US citizens.
The very nature of open source code means that anyone can read it, use it, modify it, or interact with it. It ‘lives’ on-chain, on the internet, where it is a public good. It’s simply bigger than any single individual or Government because of that.
Taking the website down does not stop Tornado Cash from existing. The contract still exists, written on the blockchain, as it will forever. And anyone can interact with the contract since the whole system was designed to be impervious to any kind of Government overreach, just like this one.
This creates a remarkably dangerous precedent and draws comparisons to authoritarian regimes as freedoms are taken away under the guise of protection from foreign entities.
To be clear, North Korean hackers can still use Tornado Cash. US Citizens cannot (legally). It begs the question, who really got sanctioned?
Frozen assets everywhere
The sanction resulted in ~$440 million dollars worth of crypto assets being frozen, as stablecoin issuers such as Circle, who issue USDC, were forced to comply with the designation as they are domiciled in the US.
This ruling will not affect issuers outside of the US such as Tether’s USDT, or decentralized stables such as Maker’s DAI, who could not comply even if they wanted to due to the very nature of their design.
The Tornado Cash website was taken down (for now), and the founders Github accounts were frozen, as seen below. For those unfamiliar, Github is the place where all code writing and sharing happens across the web.
But why would anyone want to use Tornado Cash that isn’t a criminal?
Great question. Here are a few reasons off the top of my head.
Maybe you get paid in crypto, but you don’t want your employer being able to track all of your financial transactions?
Maybe you paid for a service using crypto, but don’t want the other party to be able to see everything you’ve ever done on-chain?
Just like your bank account is private to you only, maybe you don’t want anyone who knows your address to be able to see your net worth?
Maybe you believe that widespread adoption of crypto is inevitable and retailers, banks, and potential employers will one day be combing through transaction data to compile a profile on you, but you’re not sold that they’ll use this information ethically?
Or maybe you want to donate to a polarizing cause, such as the trucker convoy in Canada that resulted in thousands of Canadians having their bank accounts frozen with no recourse because the Government ordered it? Regardless of political affiliation, unilateral financial censorship based on party lines is an incredibly dangerous tool for any authority to wield and should be opposed by everyone. You may not be the target today, but ask yourself this - if power changed hands, is it possible you could be the target?
Or maybe it’s none of these, but you believe that privacy is a universal right.
Where is the line drawn?
If you interact with Tornado Cash as a US Citizen or business, you’re in violation of the OFAC sanction.
So someone with a great deal of ETH in the crypto community has decided to make a bit of a joke out of this and is sending 0.1 ETH (~$170) to a number of well known, public figures that have ETH addresses, in what seems to be a protest against OFAC.
If that sentence didn’t make sense, here it is more simply. There’s a number of celebrities, companies, and well known figures that have public ETH addresses. If you wanted to send them $5 bucks using crypto, you can and they’d be able to see it came from you.
Using Tornado Cash, you can’t see where the money is coming from so you can’t prove who sent it. That’s the whole point of it and it’s why the US Treasury has taken action against it. Like we talked about earlier, despite taking the website down, the code lives on and can still be used by anyone because it’s open source and decentralized. OFAC doesn’t seem to understand this point.
So someone is sending ~$170 bucks in ETH to a ton of public figures and public companies from Tornado Cash, which effectively violates the OFAC sanctions since technically it looks like these people and companies used Tornado Cash. Or at least, you can’t prove that they didn’t.
Some include Jimmy Fallon (seen below), Brian Armstrong (CEO of Coinbase), Shaquille O’Neal, PUMA, Logan Paul, Steve Aoki, Randy Zuckerberg, the Ukraine Crypto Donation Fund, Dave Chapelle, and the list goes on.
Does that mean everyone listed above will face up to 30 years in prison and fines totaling in the millions?
Will these individuals and companies be sanctioned? Or will the US Treasury realize how ineffective their attempt to sanction Tornado Cash truly was and exceptions will be made?
That begs the question, where is the line drawn?
If you remember anything, remember this
You cannot effectively sanction open source, decentralized code. It simply does not work because it is bigger than any single entity, government, or jurisdiction as we talked about before. It is a public good, just like the internet itself. It exists for you, and me, and everyone else. No single authority can take that away.
I’ve written about how China has tried to ban Bitcoin in different ways 5+ times, and yet it still keeps chugging along. Open source, decentralized. Impervious to regulation and sanctions. Impervious to greed and short sighted decision making.
And in the US it’s Tornado Cash today, but maybe Bitcoin tomorrow. The digital financial revolution is bigger than anyone, and it’s coming fast.
US legislators will only strangle innovation by trying to impose their lack of understanding and antiquated legislation upon it, but it seems that lesson still has yet to sink in.
Hope you all have a great day, and I’ll see you in the next edition of The Decentralized Way.
great piece. it’s mindblowing to me that we live in a world where open source code can be pronounced illegal, while simultaneously, banks holding customers’ money are not mandated to disclose how those deposits are being invested.