[HN Gopher] US Treasury FAQ on Cyber-Related Sanctions
___________________________________________________________________
US Treasury FAQ on Cyber-Related Sanctions
Author : thinkmassive
Score : 40 points
Date : 2022-09-13 20:57 UTC (2 hours ago)
(HTM) web link (home.treasury.gov)
(TXT) w3m dump (home.treasury.gov)
| toomuchtodo wrote:
| > While engaging in any transaction with Tornado Cash or its
| blocked property or interests in property is prohibited for U.S.
| persons, interacting with open-source code itself, in a way that
| does not involve a prohibited transaction with Tornado Cash, is
| not prohibited. For example, U.S. persons would not be prohibited
| by U.S. sanctions regulations from copying the open-source code
| and making it available online for others to view, as well as
| discussing, teaching about, or including open-source code in
| written publications, such as textbooks, absent additional facts.
| Similarly, U.S. persons would not be prohibited by U.S. sanctions
| regulations from visiting the Internet archives for the Tornado
| Cash historical website, nor would they be prohibited from
| visiting the Tornado Cash website if it again becomes active on
| the Internet.
|
| This is very reasonable! It balances economic sanctions around
| money laundering and transmittal with freedom of speech.
| staringback wrote:
| "You're allowed to talk about this speech, teach it in
| textbooks and include it in other written publications, but
| you're not allowed to actually speak it"
| colinmhayes wrote:
| Executing code isn't speech. Code is speech, and it's being
| allowed.
| staringback wrote:
| > Executing code isn't speech
|
| This is for the courts to decide I guess
| metacritic12 wrote:
| Seems like a forced defensive move given the new Coinbase
| sponsored lawsuit.
|
| Treasury would probably prefer these freedom aren't even given,
| but they'll lose on these points so badly that it's face-saving
| to concede first.
| salawat wrote:
| Not really, I'd rank this as "saying the obvious stuff to get
| it done and over with".
|
| Treasury knows it has standing, and how. They don't give a
| squib what you do with the code. As long as you don't
| facilitate transaction processing with it (i.e. money
| transmitting) with it. The legal teams of the Crypto world
| basically have to convince the Supreme Court that the Executive
| does not have the right to engage in economic foreign policy.
|
| I don't see that happening.
| DennisP wrote:
| Here are Coincenter's arguments that OFAC actually has
| exceeded their authority:
|
| https://www.coincenter.org/analysis-what-is-and-what-is-
| not-...
| woodruffw wrote:
| The argument advanced here is perverse: you can't erase the
| illegality of an action by making it autonomous. In other
| words: putting a brick on the car's accelerator doesn't
| absolve you when the car runs someone over -- the law
| recognizes that a human or set of humans is the efficient
| cause of the crime, regardless of how much code (or steel)
| you obscure it with.
| notch656a wrote:
| The entertaining thing here, though, is the creators of
| TC made the blueprint for a brick and then told a bunch
| of other people running ethereum virtual machines they
| they had a plan for a brick. Some initial gas fees were
| paid so the users would actually absorb the 'brick'
| program.
|
| Then the creator of TC stepped away.
|
| The node operators took the gas fees in exchange for
| putting the brick on their accelerator and validated the
| brick contracts.
|
| Who's to sanction here? Honestly the node operators
| running the Ethereum virtual machine 'car' look like the
| closest human to hold accountable, if that's the
| desirable outcome. Continuing our logic, ethereum should
| basically be shutdown if the runners of the brick program
| are to be held accountable, because that's basically
| every node.
| woodruffw wrote:
| This is a fantastic point, and (IMO) reveals the
| government's actual intended strategy here.
|
| For better or worse, the government seems to be intent on
| making a lesson out of the Tornado Cash developer, rather
| than attempting (probably pointlessly) to shut down all
| of Ethereum. The point seems to be to send a message: if
| you publish the brick blueprint, you will be considered
| the entity responsible. This accomplishes both of the
| government's goals: it disincentives future attempts to
| launder money through smart contracts, _and_ it avoids a
| protracted legal and technical battle over individual
| cryptocurrencies and their networks.
| buildbot wrote:
| Are they lawyers who specialize in Federal law and
| financial crime?
| shiado wrote:
| With FinCEN Notice 2020-2 it's clear that the US wants to treat
| crypto as foreign bank accounts to coerce disclosure but that
| severely limits the scope of regulation they can do as it would
| place public blockchains as strictly not being American
| jurisdiction, and it would make monitoring American activity on
| these blockchains outside of the scope of domestic agencies and
| spy agencies would not be legally able to spy on American
| activities on these blockchains. When you understand these facts
| it explains why the US pursued dubious NK sanctions over what
| would be a much stronger case of considering the Tornado Cash
| protocol an unregulated bank which it is. There is a very big
| technical and legal distinction between what centralized BTC
| mixers do with UTXOs to be considered laundering and how the
| Tornado Cash protocol exploits how ETH works on-chain to combine
| ETH in a single account without taking KYC.
| notch656a wrote:
| I read the sanctioned SDN List. Am I reading incorrectly that if
| someone merely created a new TC instance with new addresses and
| website, it would not violate sanctions? I don't see the sanction
| list sanction the actual code, nor the execution of the code, but
| IANAL.
|
| The SDN here just shows the associated addresses, the published
| contract instance, and tornado cash website, no?
|
| https://home.treasury.gov/policy-issues/financial-sanctions/...
| salawat wrote:
| You cannot in any way facilitate the moving out of any
| denomination of value from the addressed on the SDN list.
|
| Moving value cross-chain is itself a violation of sanctions. If
| you start up a new Tornado.cash instance, you're still probably
| not going to get touched by the rest of the financial network.
| Risk departments are going to have dig into the details, and
| legal (if smart) will steer clear. Further, law enforcement
| will likely root out and make known to Treasury any additional
| instances of the same infrastructure they uncover, given that
| inevitably, the usual suspects will be running things through
| said channels until caught if they don't.
|
| ...And you will be hard pressed to find a judge that has the
| gumption to go so activist from the bench that they go against
| what Congress has already authorized.
| notch656a wrote:
| >f you start up a new Tornado.cash instance, you're still
| probably not going to get touched by the rest of the
| financial network.
|
| This is what I'm referring to. In the hypothetical that
| someone tweaks TC to call it something besides Tornado Cash,
| and runs it with different addresses. It seems to me by the
| letter of the SDN, from a layman's perspective, it wouldn't
| violate sanction.
|
| IMO they should have sanctioned any execution of all forks of
| TC if their desired effect was to stop the service of TC.
| rmah wrote:
| They can't "sanction all forks". Sanctions are applied
| against people and organizations, not technologies.
| Criminal money laundering is still a crime. It doesn't
| matter if you use TC or not.
| from wrote:
| Most of the value in a mixing service comes from how many
| people use it. If another one gets significant enough usage
| they will just sanction that one (assuming the current
| lawsuit results in a ruling saying they have the authority
| to).
| salawat wrote:
| So... To clarify, When you say "start another instance
| pointing at different addresses" are you referring to
| addresses TC previously used as stores of value prior to
| having it withdrawn from the Ethereum Chain?
|
| Simply starting another with another set of pool addresses
| will probably not last long. One of the benefits of a
| public ledger is it's possible to statically analyze
| transaction traffic in a statistical manner to quickly home
| in on new sections of the address space. A sanction will
| come along once the intelligence community or law
| enforcement has enough actionable intel to say with
| confidence that that pool address is channeling activity it
| shouldn't be, then onto the list it goes, locking any value
| stored therein out of being moved out of those addresses.
|
| Over time, this will create black holes in the address
| space essentially. More and more quickly as
| LE/Treasury/Intelligence Community tooling improves.
| vorpalhex wrote:
| If you run the code in a way that nobody can interact with it..
| that probably isn't a crime (not a lawyer).
|
| If you facilitate money laundering, that is still illegal.
| notch656a wrote:
| >If you facilitate money laundering, that is still illegal.
|
| If that is your intent, then sure. But merely mixing funds
| does not meet the criteria for money laundering.
|
| The road crew who builds the interstate knows 100% it will be
| used for money laundering, yet builds it anyway and does
| nothing to stop it. (Same for guys at the gas station who
| sell the gas). Surely knowing money launderers use something
| isn't enough to be criminally culpable.
|
| >If you run the code in a way that nobody can interact with
| it.
|
| IANAL and not legal advice, but it looks to me though that a
| fresh published contract of TC to new addresses doesn't
| violate this SDN list, even if it interacts with others.
| rmah wrote:
| If you are moving money around on behalf of others and you
| have a reasonable belief that some of your users are
| Americans or will eventually deal with American financial
| institutions (pretty much everyone in the world), then you
| should have AML (Anti-Money Laundering) and KYC (Know Your
| Customer) processes in place. Not doing so is just asking
| for trouble. When you are eventually investigated by the
| authorities, saying "we didn't ask so we didn't know" is
| not considered a valid defense.
|
| More to the point, crypto mixers are obviously being used
| to hide the origin of funds. This is money laundering in
| the colloquial sense. Whether it reaches the level of
| criminality will obviously depend on a case by case basis.
| Running a mixer is, IMO, a very very dangerous road to go
| down.
| everfree wrote:
| Road builders do not actually move money around on behalf
| of others, and Tornado Cash developers do not actually
| move money around on behalf of others. They don't "run a
| mixer" or otherwise operate the Tornado Cash smart
| contract. They did provide an interface for interacting
| with it, but that's not really the issue in question.
|
| Tornado Cash runs autonomously on immutable code. Nobody
| can force the already-running code to start doing
| AML/KYC.
|
| In my eyes, you either argue that it was not against the
| law for the devs to publish the code, or you argue that
| code is not protected by the first amendment. There's not
| really an in-between.
| staringback wrote:
| Nobody using tornado cash is moving money around on
| behalf of others.
| 3np wrote:
| The relayers are. Relayers are a subset of TC users and
| are an optional part of the process.
| rmah wrote:
| Tornado Cash is described as a decentralized crypto-
| mixing service. Given that description, all it did was
| move money around. Is this a mischaracterization?
| 3np wrote:
| Calling it a "service" might be a (frustratingly common)
| mischaracterization, yes.
| salawat wrote:
| Only in the sense that DoT has not looked into the matter
| long enough to figure out if somebody needs a sanctioning.
|
| If you do not comply with AML best practices, you'll still
| eventually be on the hook the first time a ne'er do well
| facilitates something through ya. Repeat that process till
| normal folks start catching on, or someone takes Confress
| by the hand, and you'll find the regulations come quicker
| than you think.
| from wrote:
| Treasury says mixing is money transmission so if you were a
| US person operating such a service you'd need a MSB license
| and a license for the states you operate in. Tornado Cash
| had no US persons operating it (arguably no one was
| operating it as it cannot be shutdown and does not take
| fees) and really no US nexus so they just used sanctions
| instead of criminal or civil charges to get their way.
| diebeforei485 wrote:
| This is fairly unclear. Can I run this code on my machine? What
| about contributing to it?
| lizardactivist wrote:
| If the US government feels it's so important to be able to track
| the origins of all financial transactions, and preventing money
| laundering, why don't they start by accounting in full for, say,
| all the means by which the CIA is funded?
___________________________________________________________________
(page generated 2022-09-13 23:00 UTC)