I am Spartacus (I am Tornado Cash)
Unlike most missives I send you, I will go straight to the point, and then quote from a fight I entered for privacy.
Thanks for reading BlockProf! Subscribe for free to receive new posts and support my work.
Let’s start with the news that the US Treasury Office of Foreign Asset Control (OFAC) recently sanctioned “Tornado Cash.” A privacy focused protocol that helps users of the Ethereum blockchain maintain their privacy.
I wrote to OFAC to request a personal license exemption. If Treasury denies my license, I fully intend to sue them. I paste my request for a license, submitted today, below. Tell me if you agree with me. Tell me if you may want to fund my litigation!
Below language literally went into an OFAC filing over Tornado.
I write to amend my license application to provide more detail about the project for which I am making this license application.
Before your recent designation of “Tornado Cash” and related names, was made, I was planning to utilize the Tornado Cash application as a teaching tool in my courses to teach students both how to maintain privacy in their transactions on the Ethereum blockchain and about financial forensics practices related to the Ethereum blockchain using materials in my forthcoming book on crypto privacy and forensics.
I am in the final stages of a book publication process with a top 5 book publication house to publish a book about financial privacy using crypto, and part of that project includes information in the book itself and in website tools provided to book purchasers to help them maintain their financial privacy on crypto networks like Ethereum using tools like Tornado Cash.
I had intended to include something similar to the Tornado Cash website as part of those materials. The economic damage to my project from your purported sanction of Tornado Cash is high, perhaps measured in the millions of dollars.
As a result of your haphazard designation of “Tornado Cash,” without defining what that means, and in a manner that has led leading crypto sanctions lawyers and former Treasury staff to warn against any effort to use the underlying smart contract code associated with Tornado Cash in a new smart contract execution of that code as a possible violation of law that might put me in jail for 30 years, and indeed suggestions by former OFAC staffers that even referring to a new execution of the underlying Tornado Cash smart contract code in a blog post or other online communication may lead to similar liability, I am no longer able to do any of those things I anticipated doing in my forthcoming book, in the online supplements to my book, and in my law school course teachings.
What precisely did you mean when you added “Tornado Cash” to the sanctions list?
Did you mean to include the source code for the Tornado Cash application in your designation? If you did, with respect…you lack the authority to do so, and it would be a constitutional violation if you did.
If not, you need to make that clear in your response to my license application.
The prevailing assumption among sanctions lawyers I have spoken with is that OFAC and Treasury staff are aware that they do not possess the authority to sanction the smart contract code that underlies the Tornado Cash application, but that OFAC hopes that the ambiguous language in the sanction designation will discourage people from using the code for any other applications in the future out of risk aversion given the apparent strict and astronomical liability associated with sanctions violations.
The sanctions lawyers I have spoken with also suggest, as they read the tea leaves from your pronouncements, that OFAC is unconcerned that this tactical approach would limit other legitimate privacy focused projects using smart contract that copies or is inspired by the smart contract code that underlies the pre-sanction code associated with the “Tornado Cash” project in the future.
Quite the opposite, the prevailing view is that sanctions lawyers assess that OFAC sees that chilling effect as a “feature, not a bug” and “hope it chills use of the Tornado Cash code by other parties.”
That form of chilling effect features prominently in constitutional jurisprudence that has struck down a wealth of government regulations in the past.
And it is further a clear attempt by your office to exceed your authority under your authorizing statutes to only designate persons or entities. “Tornado Cash” is not a person, it is not an entity.
And in any event, and no matter what your office originally intended when you listed “Tornado Cash” in your sanctions designation, my application puts a very fine point on this question.
If you did intend to formally designate stand alone, smart contract code that facilitates the Tornado Cash project, then I suppose you cannot approve my license application. But you also thereby admit that you have sought to sanction “code” that is neither person nor entity, and which you have no authority to sanction.
Fahrenheit 451 is a great book, I highly recommend it to you and to the court that later reviews this application. The collected works of Kafka wouldn’t hurt as additional citations for the record.
There was a DAO associated with Tornado Cash, were they your only target in your designation of “Tornado Cash?” If that is the case, you will have an opportunity to make that clear in this license application, because my license application does not suggest creating some type of “DAO” with control over a smart contract code.
My application would copy an existing, open source immutable smart contract code that could never be changed by anyone, deploying it to the Ethereum blockchain, burning any “admin key,” and stepping away from it with no power on my part to affect the underlying smart contract code in the future as a public service to the privacy community.
My primary motivation in embarking on this project is my belief that financial privacy is a fundamental human right. Ethereum’s leading founder Vitalik Buterin has stated publicly that he used the Tornado Cash application to make ETH donations to Ukrainian refugees while limiting the risk that Russian state actors like hackers or worse would personally target him.
As crypto projects like Ethereum have evolved into now a $223 billion dollar market cap project, where individuals can transmit value in the form of money on a public blockchain, privacy applications take on a new importance to the fundamental human right of privacy. This is why I am writing this book, teaching law students about this technology, and writing with this application.
We know that blockchains like Ethereum are public, once you transact with someone in ETH anyone can know your public address, and once they know your public address they can look up every transaction you have ever made.
Without privacy tools on blockchains like Ethereum, like Tornado Cash….
What happens when someone pays using ETH for a book, at a gay bookstore, who is not out about their orientation?...
…What happens when an abused spouse using the Ethereum blockchain searches for a privacy solution to secure wealth to help them escape a domineering spouse, only to be rebuffed because they have attempted to use a crypto privacy tool for that blockchain that is subject to a rough, blanket ban on that technology from OFAC?...
…What happens when the oppressed internationally, like the Uighur community in China, where over a million people of Muslim faith have been put into internment camps, or the Ukrainians in their war against Russia, try to utilize crypto privacy tools to facilitate transfer of value that the US Treasury has done it’s best to discourage utilizing overly vague designations that seem to prohibit smart contract code itself.
This indicates that language in the OFAC designation flippantly and vaguely designating “Tornado Cash” as a target of sanctions, directly works against the clearly expressed national security interests of the United States.
I personally appreciate that OFAC wants to target hackers affiliated with North Korea like the Lazarus Group. That is a noble effort, that is an effort where I would assist you if I am able.
The language in your most recent designation is however overbroad, vague, and appears to sanction smart contract code itself. The overbroad designation of every transaction over “Tornado Cash” affects a minority of transactions that involve North Korea, and is a sanction that affects the vast majority of transactions that I would describe, as a professor of banking law at Scalia Law School, as entirely legitimate uses of financial privacy technology.
That is unacceptable.
Thus my application for a license from your office (an application that I will remind I do not believe is necessary, that if denied I intend to challenge in court, and an application that if not timely responded to I also intend to challenge in court).
Here is a very precise description of the activity that would be permitted by the license I am asking you to grant to me:
I will utilize either the same or a close variation of the Ethereum smart contract code that was used in the “Tornado Cash” application on the Ethereum blockchain that you have purported to sanction. In any event, I will deploy a close copy of the Tornado Cash affiliated source smart contract code to the Ethereum blockchain to secure financial privacy for ETH transactions for those who want to use it.
This does not implicate any association with any sanctioned actor, it is an entirely new deployment of an open source code. There is literally no basis for you to deny me this license application. There can be no indication that any sanctioned actor is affiliated with what I am describing.
I am literally copying and pasting words and math and then clicking a box to deploy that code in a way that I can never change in the future, before anyone has ever used my executed application for any purpose.
The smart code associated with the Tornado Cash application is open source, and is therefore not property of “Tornado Cash.”
Anyone can copy it, and anyone can use it and deploy it on the Ethereum blockchain.
In that sense, I would not be using “property” of “Tornado Cash.”
The smart contract code in question is certainly not a person or entity, even as defined under regulations promulgated by OFAC, much less under a proper understanding of the implementing statute.
I will “deploy” the smart contract code onto the Ethereum blockchain. Any admin keys associated with that technology will immediately be “burned.” I do not intend to run, administer, or amend the copy of the Tornado Cash smart code after it is deployed or attached to the Ethereum blockchain. No one else will have the power to change or affect that code either. I do not want to have any power to do anything to the code after I deploy it and I will make certain that I do not and nobody else does either.
I will not myself create what some DeFi developers describe as a “front end” to that technology. If other developers want to create a “front end” to that tech, they may consider doing so, and may consider whatever regulatory obligations they may have in doing so, but that would no longer be my business as I would have no power over their ability to do so and no power to change the underlying smart contract code.
I will then provide a wealth of information in my forthcoming book about crypto financial privacy, and in websites associated with that book, about how to access the smart contract code I executed (but relinquished control over), whether via traditional websites or via sites associated with the TOR network.
All My Love,
Professor J.W. Verret
Thanks for reading BlockProf! Subscribe for free to receive new posts and support my work.
Thank you very much for this one sir!
You have balls of steel.