Distilling the Tornado Cash and Samourai Suits

There was a lot of news last week, but maybe the biggest news came Wednesday when the U.S. Department of Justice arrested two co-founders of Samourai Wallet, a bitcoin wallet that offered mixing services. The arrest ramps up the federal government's efforts to tamp down on what it sees as money laundering enabled by privacy tools, and sets up a continuation of that broader conversation on where the right to transact in privacy fits within national security interests.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

Controlling interest

The narrative

Between last week’s Department of Justice filing in its case against Roman Storm and its new indictment against Keonne Rodriguez and William Hill, the U.S. government’s concerns around crypto mixing are becoming clearer – as is how the DOJ is approaching these cases.

Why it matters

Is code speech? Are you responsible if you write code and someone else uses it to launder stolen funds? Is that even the correct question, or is that abstracting a legitimate national security issue into a broader hypothetical in an effort to conflate the bigger philosophical question with real – and illicit – activity?

These are now just some of the questions at the heart of a back-and-forth between the U.S. Department of Justice and the crypto industry in the ongoing criminal case against Tornado Cash developer Roman Storm. The stakes rose last week after the DOJ also arrested and charged Rodriguez and Hill, the co-founders of Samourai Wallet.

Breaking it down

There are basically four different main arguments. The first is about the right to privacy. People should be able to send money to another person in a way that others can't track them. This isn't an issue unique to crypto, though crypto being what it is, there are a lot of mixing tools that are genuinely specific to crypto because most digital assets don't have a native, built-in privacy functionality (and the ones that do, don’t see a ton of usage).

The second is the right to create code. If code is speech, merely programming smart contracts cannot in itself be a crime, even if malicious actors use those smart contracts to launder illicit funds.

The third focuses on questions of national security. The U.S. dollar is a tool, and the federal government will use it to try and prevent bad actors, as defined by U.S. and other national authorities, from engaging in economic activity. These sanctions have been imposed on individuals, like private citizens who laundered ransomware proceeds; groups, like Russia's Sovcomflot or Suex; and on nations, like the governments of Iran and North Korea. And they can be effective, research shows.

From that point of view, the fact that crypto mixers allow (maybe even encourage) users from these sanctioned entities or regions to use their services is a pretty obvious red line, and criminal indictments are a logical next step.

And then there’s the most important point of contention: what did the developers actually do, and is the mixer a money-transmitting entity capable of complying with anti-money laundering regulations?

According to the Department of Justice, the answer is yes. The Tornado Cash developers didn’t just build an open-source piece of software; they developed an actual business facilitating transactions that the federal government deemed illegal, the DOJ said in both an indictment last year and a filing last Friday. Tornado Cash isn’t just a set of smart contracts released into the world; it’s an entire ecosystem of smart contracts, a front end, a user interface and experience, and so much more. In pursuing this argument, the DOJ is also raising new questions about the activities an entity might engage in to be deemed a money transmitter.

Questions about a right to privacy are almost a red herring. Sure, it's an important issue, but it's not the main issue at the heart of these cases. However the cases are resolved, the issue in court won’t necessarily be whether Americans (and others) have a right to transact privately or whether code alone is speech; it's what the services providing privacy are doing and how they're doing it.

In other words, just what in the world is a money transmitter, anyway?

We already have some hints. The DOJ recently won a case against Roman Sterlingov, the operator behind crypto mixer Bitcoin Fog, successfully arguing he committed money laundering, operated an unlicensed money transmitter and other related things.

That case touched on these same issues, though, of course, the underlying facts are different. In the Tornado Cash case, the facts themselves seem to be a point of contention between the prosecution and the defense. Storm asserted – as his colleague Roman Semenov did well before Tornado Cash was first sanctioned – that he did not have much control over Tornado Cash at the time. The DOJ disagrees with the premise, writing in last week’s filing that the relevant part of the Financial Crimes Enforcement Network (FinCEN) guidance doesn’t address the idea of “control.”

Rather, the DOJ argued that the money-transmitting business includes relayers, the Tornado Cash pools, a commercial enterprise, etc. Moreover, the DOJ argued that something that can transfer value qualifies as a money transmitter (an assertion that’s drawn quite a bit of pushback online).

Long story short, much of the debate leading up to the trial – and maybe during the trial itself – will center around the question of whether any system of smart contracts that transfer value qualifies as money transmitters. If the answer is yes, does that mean that other decentralized autonomous organizations or similar types of autonomous entities might be transmitters? If that answer is yes, we come back to the question of just what a money transmitter is and where the line is that requires a service to register as such in the U.S. and implement know-your-customer/anti-money laundering (KYC/AML) rules. This case may well define a money transmitter, and the crypto industry is unlikely to like the answer should the DOJ win.

This line of questioning is reminiscent of the unhosted wallet proposal by FinCEN near the end of 2020 – and, coincidentally, the FBI also just published a warning about unhosted wallets just last week.

And this brings us to (also) last week, when prosecutors brought conspiracy to commit money laundering charges against Keonne Rodriguez and William Lonergan Hill, the developers behind Samourai Wallet.

For many in the industry, this was an escalation of the federal government's ongoing efforts against the right to transact privately and/or write code. But it goes back to the basic questions at the top – what are those red lines, and did the Samourai Wallet team create a wallet they controlled and offered privacy mixing features on top of?

Samourai, like Tornado, collected fees for services rendered, the DOJ alleged in its indictment, and the defendants built tools knowing there may be illicit usage.

It remains to be seen how far the comparisons extend, but the core arguments seem to be similar.

Some platforms are announcing blocks against U.S.-based customers as a result, though unless they actually build know-your-customer programs, that may not be enough to satisfy the DOJ's concerns.

Stories you may have missed

This week

Monday

  • 13:00 UTC (9:00 a.m. ET) Samourai Wallet's Keonne Rodriguez appeared before a magistrate judge in the Southern District of New York, where he pled "not guilty" to one charge of conspiracy to commit money laundering and one charge of conspiracy to operate an unlicensed money transmitter. He's been released on a $1 million bond.

Tuesday

  • 16:00 UTC (9:00 a.m. PT) Changpeng Zhao will appear before a federal judge for a sentencing hearing. You can read my preview here, and more about the statements of support Zhao received here.
  • 16:45 UTC (9:45 a.m. PT) Michael Patryn will appear before a Vancouver court to defend against an order asking him to explain where some of his assets came from and prove they weren't ill-gotten gains from QuadriaCX customers.

Elsewhere:

  • (Bloomberg) Bloomberg reports that the Commodity Futures Trading Commission might ban election prediction markets entirely.
  • (BBC) This BBC article relates the experiences of a Sri Lankan who became enslaved in what sounds like the other end of a pig butchering scam.
  • (Rest of World) Rest of World wrote about the cultural differences between the U.S. and Taiwan, and how that's translating into new TSMC chip manufacturing facilities in the U.S. state of Arizona.
  • (The New York Times/The Wall Street Journal) Congress passed a bill requiring ByteDance to sell TikTok or face it being banned. The Times and Journal dig into how that bill became a law.

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at [email protected] or find me on Twitter @nikhileshde.

You can also join the group conversation on Telegram.

See ya’ll next week!