[HN Gopher] US Treasury FAQ on Cyber-Related Sanctions ___________________________________________________________________ US Treasury FAQ on Cyber-Related Sanctions Author : thinkmassive Score : 40 points Date : 2022-09-13 20:57 UTC (2 hours ago) (HTM) web link (home.treasury.gov) (TXT) w3m dump (home.treasury.gov) | toomuchtodo wrote: | > While engaging in any transaction with Tornado Cash or its | blocked property or interests in property is prohibited for U.S. | persons, interacting with open-source code itself, in a way that | does not involve a prohibited transaction with Tornado Cash, is | not prohibited. For example, U.S. persons would not be prohibited | by U.S. sanctions regulations from copying the open-source code | and making it available online for others to view, as well as | discussing, teaching about, or including open-source code in | written publications, such as textbooks, absent additional facts. | Similarly, U.S. persons would not be prohibited by U.S. sanctions | regulations from visiting the Internet archives for the Tornado | Cash historical website, nor would they be prohibited from | visiting the Tornado Cash website if it again becomes active on | the Internet. | | This is very reasonable! It balances economic sanctions around | money laundering and transmittal with freedom of speech. | staringback wrote: | "You're allowed to talk about this speech, teach it in | textbooks and include it in other written publications, but | you're not allowed to actually speak it" | colinmhayes wrote: | Executing code isn't speech. Code is speech, and it's being | allowed. | staringback wrote: | > Executing code isn't speech | | This is for the courts to decide I guess | metacritic12 wrote: | Seems like a forced defensive move given the new Coinbase | sponsored lawsuit. | | Treasury would probably prefer these freedom aren't even given, | but they'll lose on these points so badly that it's face-saving | to concede first. | salawat wrote: | Not really, I'd rank this as "saying the obvious stuff to get | it done and over with". | | Treasury knows it has standing, and how. They don't give a | squib what you do with the code. As long as you don't | facilitate transaction processing with it (i.e. money | transmitting) with it. The legal teams of the Crypto world | basically have to convince the Supreme Court that the Executive | does not have the right to engage in economic foreign policy. | | I don't see that happening. | DennisP wrote: | Here are Coincenter's arguments that OFAC actually has | exceeded their authority: | | https://www.coincenter.org/analysis-what-is-and-what-is- | not-... | woodruffw wrote: | The argument advanced here is perverse: you can't erase the | illegality of an action by making it autonomous. In other | words: putting a brick on the car's accelerator doesn't | absolve you when the car runs someone over -- the law | recognizes that a human or set of humans is the efficient | cause of the crime, regardless of how much code (or steel) | you obscure it with. | notch656a wrote: | The entertaining thing here, though, is the creators of | TC made the blueprint for a brick and then told a bunch | of other people running ethereum virtual machines they | they had a plan for a brick. Some initial gas fees were | paid so the users would actually absorb the 'brick' | program. | | Then the creator of TC stepped away. | | The node operators took the gas fees in exchange for | putting the brick on their accelerator and validated the | brick contracts. | | Who's to sanction here? Honestly the node operators | running the Ethereum virtual machine 'car' look like the | closest human to hold accountable, if that's the | desirable outcome. Continuing our logic, ethereum should | basically be shutdown if the runners of the brick program | are to be held accountable, because that's basically | every node. | woodruffw wrote: | This is a fantastic point, and (IMO) reveals the | government's actual intended strategy here. | | For better or worse, the government seems to be intent on | making a lesson out of the Tornado Cash developer, rather | than attempting (probably pointlessly) to shut down all | of Ethereum. The point seems to be to send a message: if | you publish the brick blueprint, you will be considered | the entity responsible. This accomplishes both of the | government's goals: it disincentives future attempts to | launder money through smart contracts, _and_ it avoids a | protracted legal and technical battle over individual | cryptocurrencies and their networks. | buildbot wrote: | Are they lawyers who specialize in Federal law and | financial crime? | shiado wrote: | With FinCEN Notice 2020-2 it's clear that the US wants to treat | crypto as foreign bank accounts to coerce disclosure but that | severely limits the scope of regulation they can do as it would | place public blockchains as strictly not being American | jurisdiction, and it would make monitoring American activity on | these blockchains outside of the scope of domestic agencies and | spy agencies would not be legally able to spy on American | activities on these blockchains. When you understand these facts | it explains why the US pursued dubious NK sanctions over what | would be a much stronger case of considering the Tornado Cash | protocol an unregulated bank which it is. There is a very big | technical and legal distinction between what centralized BTC | mixers do with UTXOs to be considered laundering and how the | Tornado Cash protocol exploits how ETH works on-chain to combine | ETH in a single account without taking KYC. | notch656a wrote: | I read the sanctioned SDN List. Am I reading incorrectly that if | someone merely created a new TC instance with new addresses and | website, it would not violate sanctions? I don't see the sanction | list sanction the actual code, nor the execution of the code, but | IANAL. | | The SDN here just shows the associated addresses, the published | contract instance, and tornado cash website, no? | | https://home.treasury.gov/policy-issues/financial-sanctions/... | salawat wrote: | You cannot in any way facilitate the moving out of any | denomination of value from the addressed on the SDN list. | | Moving value cross-chain is itself a violation of sanctions. If | you start up a new Tornado.cash instance, you're still probably | not going to get touched by the rest of the financial network. | Risk departments are going to have dig into the details, and | legal (if smart) will steer clear. Further, law enforcement | will likely root out and make known to Treasury any additional | instances of the same infrastructure they uncover, given that | inevitably, the usual suspects will be running things through | said channels until caught if they don't. | | ...And you will be hard pressed to find a judge that has the | gumption to go so activist from the bench that they go against | what Congress has already authorized. | notch656a wrote: | >f you start up a new Tornado.cash instance, you're still | probably not going to get touched by the rest of the | financial network. | | This is what I'm referring to. In the hypothetical that | someone tweaks TC to call it something besides Tornado Cash, | and runs it with different addresses. It seems to me by the | letter of the SDN, from a layman's perspective, it wouldn't | violate sanction. | | IMO they should have sanctioned any execution of all forks of | TC if their desired effect was to stop the service of TC. | rmah wrote: | They can't "sanction all forks". Sanctions are applied | against people and organizations, not technologies. | Criminal money laundering is still a crime. It doesn't | matter if you use TC or not. | from wrote: | Most of the value in a mixing service comes from how many | people use it. If another one gets significant enough usage | they will just sanction that one (assuming the current | lawsuit results in a ruling saying they have the authority | to). | salawat wrote: | So... To clarify, When you say "start another instance | pointing at different addresses" are you referring to | addresses TC previously used as stores of value prior to | having it withdrawn from the Ethereum Chain? | | Simply starting another with another set of pool addresses | will probably not last long. One of the benefits of a | public ledger is it's possible to statically analyze | transaction traffic in a statistical manner to quickly home | in on new sections of the address space. A sanction will | come along once the intelligence community or law | enforcement has enough actionable intel to say with | confidence that that pool address is channeling activity it | shouldn't be, then onto the list it goes, locking any value | stored therein out of being moved out of those addresses. | | Over time, this will create black holes in the address | space essentially. More and more quickly as | LE/Treasury/Intelligence Community tooling improves. | vorpalhex wrote: | If you run the code in a way that nobody can interact with it.. | that probably isn't a crime (not a lawyer). | | If you facilitate money laundering, that is still illegal. | notch656a wrote: | >If you facilitate money laundering, that is still illegal. | | If that is your intent, then sure. But merely mixing funds | does not meet the criteria for money laundering. | | The road crew who builds the interstate knows 100% it will be | used for money laundering, yet builds it anyway and does | nothing to stop it. (Same for guys at the gas station who | sell the gas). Surely knowing money launderers use something | isn't enough to be criminally culpable. | | >If you run the code in a way that nobody can interact with | it. | | IANAL and not legal advice, but it looks to me though that a | fresh published contract of TC to new addresses doesn't | violate this SDN list, even if it interacts with others. | rmah wrote: | If you are moving money around on behalf of others and you | have a reasonable belief that some of your users are | Americans or will eventually deal with American financial | institutions (pretty much everyone in the world), then you | should have AML (Anti-Money Laundering) and KYC (Know Your | Customer) processes in place. Not doing so is just asking | for trouble. When you are eventually investigated by the | authorities, saying "we didn't ask so we didn't know" is | not considered a valid defense. | | More to the point, crypto mixers are obviously being used | to hide the origin of funds. This is money laundering in | the colloquial sense. Whether it reaches the level of | criminality will obviously depend on a case by case basis. | Running a mixer is, IMO, a very very dangerous road to go | down. | everfree wrote: | Road builders do not actually move money around on behalf | of others, and Tornado Cash developers do not actually | move money around on behalf of others. They don't "run a | mixer" or otherwise operate the Tornado Cash smart | contract. They did provide an interface for interacting | with it, but that's not really the issue in question. | | Tornado Cash runs autonomously on immutable code. Nobody | can force the already-running code to start doing | AML/KYC. | | In my eyes, you either argue that it was not against the | law for the devs to publish the code, or you argue that | code is not protected by the first amendment. There's not | really an in-between. | staringback wrote: | Nobody using tornado cash is moving money around on | behalf of others. | 3np wrote: | The relayers are. Relayers are a subset of TC users and | are an optional part of the process. | rmah wrote: | Tornado Cash is described as a decentralized crypto- | mixing service. Given that description, all it did was | move money around. Is this a mischaracterization? | 3np wrote: | Calling it a "service" might be a (frustratingly common) | mischaracterization, yes. | salawat wrote: | Only in the sense that DoT has not looked into the matter | long enough to figure out if somebody needs a sanctioning. | | If you do not comply with AML best practices, you'll still | eventually be on the hook the first time a ne'er do well | facilitates something through ya. Repeat that process till | normal folks start catching on, or someone takes Confress | by the hand, and you'll find the regulations come quicker | than you think. | from wrote: | Treasury says mixing is money transmission so if you were a | US person operating such a service you'd need a MSB license | and a license for the states you operate in. Tornado Cash | had no US persons operating it (arguably no one was | operating it as it cannot be shutdown and does not take | fees) and really no US nexus so they just used sanctions | instead of criminal or civil charges to get their way. | diebeforei485 wrote: | This is fairly unclear. Can I run this code on my machine? What | about contributing to it? | lizardactivist wrote: | If the US government feels it's so important to be able to track | the origins of all financial transactions, and preventing money | laundering, why don't they start by accounting in full for, say, | all the means by which the CIA is funded? ___________________________________________________________________ (page generated 2022-09-13 23:00 UTC)