The Importance of Digital Privacy

Why the Tornado Cash sanctions are a big deal

👋 Welcome to the 31st issue of The Syllabus from Invisible College — a weekly newsletter that helps you navigate the fast-moving world of web3. To get this newsletter delivered to your inbox, subscribe here:

Before we begin, a disclaimer — nothing in this piece should be construed as financial or legal advice. With that, let’s dive in.

---

Upcoming Events

We’ve got some great events coming up:

• Fri. 8/26 @ 9 am PT: Learn about the latest updates from Invisible College at Town Hall*

• Mon. 8/29 @ 1 pm PT: Join faculty member Rockwell Shah on Twitter for his weekly Crypto Office Hours

• Tues. 8/23 @ 2 pm PT: Get up to speed on what’s happening in the NFT space during NFTuesday*

*To access these events, you’ll need to hold at least one Decentralien NFT.

Now onto this week’s post…

---

What do the curtains in your home, the door to the conference room at your office, and the padlock icon in your web browser all have in common? They’re all forms of privacy.

Most people would likely agree that privacy is one of the most important rights they have. This is part of why the recent sanctions levied by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) on Tornado Cash are so troubling.

What is Tornado Cash?

Tornado Cash is a crypto mixing service built using a smart contract on the Ethereum blockchain. Users plug potentially identifiable cryptocurrency funds into the protocol where they’re then mixed with a large pool of other funds. One important point is that users get exactly the same funds back, not anyone else’s. Their funds are held for a long period of time and distributed at random times so as to make them difficult to trace.

If you had heard of Tornado Cash before OFAC’s decision, you probably read about one of the many times it was used by nefarious hackers to launder crypto.

In fact, this is exactly what OFAC references in their press release, writing that Tornado Cash “has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. This includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group…” Then they go on to mention several other instances where lower amounts were laundered.

There’s no doubt that $7 billion is a staggering number. And there’s no doubt that money laundering is an important problem that should be taken seriously by government agencies.

But, as with most things, the more legitimate (i.e. boring) uses of the technology don’t garner the headlines.

According to Chainalysis, as of last month, “Illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% in 2021.” Despite year-over-year the increase, the data clearly show that the vast majority of mixer use is above board, and most of it comes from centralized exchanges and DeFi protocols.

Who exactly is in trouble here?

Perhaps the most striking aspect of the OFAC sanctions is that they imposed them on a smart contract, which is essentially just open source code. Typically, they add people who are tied to illegal activity—and, in the case of crypto, their wallet addresses—to the Specially Designated Nationals (SDN) list, not the software program they used.

Coin Center, a non-profit crypto advocacy group, believes this is a massive overreach by the U.S. government and they’re considering challenging it in court:

Neeraj K. Agrawal @NeerajKA

We believe OFAC has exceeded its statutory authority by sanctioning the Tornado Cash smart contract. Coin Center is exploring a court challenge. coincenter.org/analysis-what-…

August 15th 2022

297 Retweets1,555 Likes

In Amsterdam, a 29-year-old developer who worked on Tornado Cash was arrested in conjunction with his work on the protocol and “suspected involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies.”

To be clear, he was arrested in The Netherlands, not the U.S. But the timing of the arrest, mere days after the OFAC press release, and the implications of a developer being arrested for building open-source privacy software sent crypto Twitter reeling.

This tweet from Greg Osuri, founder of the Akash Network, sums it up well:

Greg Osuri (Hiring) @gregosuri

Arresting an open-source privacy software developer because his code was used for money laundering is like arresting Edison for war crimes because his bulb was used by the Nazis. I better hope there are other charges; if not, this arrest is a direct assault on free speech.

RYAN SΞAN ADAMS - rsa.eth 🦇🔊 @RyanSAdams

They arrested the developer of tornado cash. 🚨 I repeat: a man was arrested for writing code that served as a public good for people to maintain their privacy online. They put a man in jail because bad people used his open source code. This cannot stand in any free society.

August 12th 2022

101 Retweets484 Likes

The arrest made finding out the answers to these questions feel all the more pressing: What happens to people who interacted with Tornado Cash, even if their reasons for doing so weren’t illicit? What happens if you sent funds into it or received funds that came from it?

Could this hilarious shitpost actually come true?

gaut @0xgaut

web1: read web2: read, write web3: read, write, jail

August 13th 2022

699 Retweets7,057 Likes

The Importance of Digital Privacy

A common retort you’ll hear when stories of this nature come out is, “Well, I’m not worried because I’m not planning on doing anything illegal.”

It’s an understandable stance to take. Most people won’t get involved with state-sponsored hacking groups and find themselves with the need to launder millions of dollars worth of crypto. But keep in mind Tornado Cash is (was?) also used by everyday people who wish to keep their financial activity private given the transparent nature of the blockchain. 

Dan Finlay from MetaMask outlined a bunch of non-illicit reasons someone might want financial privacy in this Tweet thread:

Dan Finlay 🦊💙 @danfinlay

Starting a thread of reasons you might want financial privacy. - You're buying birth control and are afraid it might become illegal at a later date. - You're paying dues at a religious institution that may be the target of hate.

August 16th 2022

136 Retweets622 Likes

Dan Finlay 🦊💙 @danfinlay

- Preparing your exit from an abusive situation. - Excluding your kinks from your work life. - Donating to political causes that are contentious. - Hiding your holdings so you don't become a target of theft. - Buying things that you (dear reader) have no business knowing about.

August 16th 2022

9 Retweets209 Likes

And other users sounded off in the replies with even more ideas. Yet, the most important takeaway is that nobody should have to justify why they want to keep their financial activity private in the first place.

As more and more of our financial lives move online, we have to figure out ways to address the cost of criminals being able to use these new technologies for nefarious purposes without undermining our fundamental right to privacy. 

---

Other Recommended Reads and Listens

• The Death of Crypto Privacy?
  Lawyer and head of policy for the Blockchain Association, Jake Chervinsky, joins the Bankless podcast to dive deep into the Tornado Cash situation

• The Case for Modular Maxis
  David Phelps uses apt analogies to explain the complex topic of modular blockchains

• NFT Investing Lessons
  Matt Kim writes a tweet thread with 19 helpful NFT investing tips

---

Invisible College, is a school that helps people learn to build and invest in web3. To access our courses, events, and learning community, you’ll need to hold at least one Decentralien. You can get yours on Magic Eden.

Get Your Decentralien