Why Your Rights Are At Stake In The Tornado Cash Trial

Last Friday saw a significant pretrial hearing in the criminal case against Roman Storm, one of three developers of a cryptocurrency mixing protocol called Tornado Cash. The case is about much more than just one man: it is likely to have implications for how the U.S. Constitution is applied to new technology and financial flows.

The word “protocol” is key to the case’s wider implications: Tornado Cash was less a service run by Storm, Roman Semenov, and Alexy Pertsev, than a piece of software they wrote and released. That distinction, as much philosophical as it is material, is the single knife’s edge on which Storm’s case, and its broader implications, are balanced.

Many onlookers have warned that a bad outcome in the case risks holding software engineers responsible for how others use their code. Judge Katherine Failla echoed those worries in last week’s hearing when she opined that the charges might be similar to charging the creators of WhatsApp for crimes committed using its encryption features. A bad precedent could lead to a “chilling effect” on software development, parallel to the risk of chilling free speech that makes prosecutions for speech almost unheard of in the United States.

More broadly, the case raises questions about users’ rights to financial privacy. There are many non-criminal reasons to use a service like Tornado Cash, and prosecutors agree that many known users were non-criminal. Because such services must inherently be permissionless, it is difficult to a priori filter out undesirable users, so an attack on such services amounts to a denial of cryptocurrency users’ right to financial privacy.

This is not merely a fringe concern of crypto-anarchists. U.S. Congressman Tom Emmer, a major partisan of the crypto industry, criticized the sanctioning of Tornado Cash in strong terms in 2022, including for its implications “The sanctioning of neutral, open-source, decentralized technology presents a series of new questions, which impact not only our national security, but the right to privacy of every American citizen,” wrote Emmer. “Technology is neutral, and the expectation of privacy is normal.”

Storm’s trial, now scheduled for early December of this year, will set at least some degree of precedent for these larger issues. But while legal precedents are universal and abstract, they come from real cases that are complicated, human, and messy. Storm’s case has several complicating factors that the government has already signaled it will use to argue that he is responsible for the money laundering conducted using Tornado Cash. Those include that he and his team solicited venture capital to help create the software; maintained a user interface for the protocol; and issued tokens that amounted to profiting from it.

Some of the government’s arguments on this front are truly incoherent, but others do seem material – Storm’s case will if nothing else provide some good lessons in what not to do when deploying a decentralized service. It’s also uncertain to what degree a jury will understand and accept the idea of an autonomous and immutable software agent as distinct from its creators.

For those and other reasons, even some observers sympathetic on the larger software and free speech issues consider Storm’s conviction very plausible, and even likely.

Who “Ran” Tornado Cash? (And Who’s Running it Now?)

Government prosecutors have consistently foregrounded one incident in their discussion of Tornado Cash and money laundering. In September of 2020, North Korea’s Lazarus Group used Tornado Cash to launder on the order of $1 billion worth of ETH stolen in the Ronin bridge hack. However, Storm’s defense team has argued that the smart contracts constituting Tornado Cash were immutable by that time, and therefore that neither Storm nor anyone else actively participated in the laundering.

There is also no evidence that the Tornado Cash team at any time communicated with the North Korean hackers, or with any other alleged criminal counterparty that used Tornado Cash. Instead, the government broadly alleges that the creation and operation of Tornado Cash, and its creators’ awareness that criminals were using it, constitute a conspiracy to commit money laundering.

In one of several amicus briefs filed in support of Storm, the Washington, D.C. think tank Coin Center argued that this theory of the case “betrays a fundamental misunderstanding of how the Tornado Cash privacy protocol works and what role the developers of that protocol have in its use and operation.” Coin Center and others agree with the defense that Storm did not “run” or “manage” the protocol in any meaningful sense after the full code was released: “Once a smart contract’s code is added to Ethereum’s records, it ... can be interacted with by any user to automatically carry out the rules and operations it supports.”

This is perhaps the single most important idea in the Tornado Cash trial: That a smart contract automatically executes its financial logic. If the defense team is smart, they might use the “vending machine” metaphor coined by Nick Szabo: a smart contract is a piece of mute, dumb, digital machinery that only cares about the conditions of its input. No humans are involved in deciding whether it does its thing, any more than a human decides a train will roll down inclined tracks.

However, the government argues the opposite, and more. Core to their case is the idea that “Tornado Cash” was not merely the set of smart contracts that mixed tokens, but a larger system with various parts. Perhaps the weakest element of their argument is the position that a front-end web interface created, maintained, and paid for by Storm constituted a key component of “Tornado Cash.”

Again and again in trial documents, the prosecution leans on control of the UI as equivalent to control of Tornado Cash – an argument which appears to stem directly from FATF recommendations attempting to equate control over user interfaces as control over assets. That includes arguing that “Semenov and the other Tornado Cash founders had the ability to implement a KYC process, an AML program, and other compliance features into the Tornado Cash UI,” but didn’t. In Friday’s hearing, prosecutors alluded to an attempt by Storm and team to implement such controls, but dismissed it as mere window dressing. This may have been an allusion to TC’s implementation of an oracle-based OFAC filtering system built by Chainalysis, which could again suggest some misunderstanding of the nuances.

The defense won’t have a terribly hard time arguing that while the UI made accessing Tornado Cash easier, it wasn’t a fundamental component of its operation. It will also be easy to argue that the government is badly overplaying claims about the ability to implement KYC/AML through the web frontend controlled by Storm et. al. One strong piece of evidence here (though perhaps one that’s complicated for the defense to put in front of a jury) is that Tornado Cash continues operating to this day, even with Storm no longer paying for or maintaining the UI.

Who, the defense might very well ask the jury, is criminally liable for the anonymizing of funds taking place via Tornado Cash (or, for that matter, via copies of its open-source code) in 2024? If the answer is “no one,” the case against Storm loses a major pillar.

A more obscure argument that the government has put forward is that Storm, Semenov, and Pertsev “whitelisted” a set of so-called ‘relayers’. These relayers solved a major problem with anonymizing ETH flows, which is that to receive anonymized funds a wallet must already have enough ETH to pay transaction fees, and that ETH itself could be traced. Relayers paid those initial fees to ensure user privacy. But the prosecution may simply be off base here: while prosecutors used the term “whitelist” in Friday’s hearing, it doesn’t seem Storm et. al. had any active role in selecting relayers. Instead, relayers staked the TORN token for the right to serve users, a process as permissionless as using Tornado Cash itself.

Following The Money: Investors and the TORN Token

The government has a much more obviously compelling case when it comes to money: Storm and others behaved at various points as if Tornado Cash was a centralized company, not a neutral protocol.

This most notably includes when they raised money from venture capitalists, who were of course promised returns from future revenue. Funding flowed to an entity called Peppersec. Storm used a debit card issued via Peppersec to pay hosting and service fees for the Tornado Cash front-end. This is another leg of the government’s broad case that “Tornado Cash” was not simply a decentralized set of contracts, but a set of features including the UI, and a corporate entity that Storm and company controlled.

Revenue generated by Tornado Cash fees was ultimately to be collected through the TORN token, which the team issued to fill security roles in the system. TORN was allocated to builders and investors in what crypto old-timers would call a “pre-mine.” According to prosecutors, 30% of the TORN allocation went to investors, and each founder got 8%.

This ability to direct financial flows seems hard to square with the broader claim that Storm’s team had no direct control of something called “Tornado Cash.” It also speaks to one of the core practical conundrums of building decentralized public-goods infrastructure like Tornado Cash: any attempt by individual creators to profit from it creates a strong impression of control and involvement.

There is a final, more nuanced element here: To what degree is obscuring ETH movements actually, in practical terms, “money laundering”?

Whatever the aspirations of crypto natives, the U.S. dollar is still by far the most widely used currency in international trade. North Korean agents would very likely have wanted to convert their stolen ETH, not just into more anonymous ETH, but into more widely usable fiat currency. Exchanges or other entities at the interface of the crypto and fiat systems already have high and enforced demands for controlling those exchanges, so it’s very likely that after using Tornado Cash, the Lazarus Group engaged in an illicit or obscured transaction with a conventional bank on the other side.

In short, is it reasonable to claim that a decentralized tool for anonymizing ETH flows constitutes money laundering, when a centralized entity must also have played a more clearly intentional role in getting that money into the mainstream global financial system, where it can do the harms prosecutors seem to fear?

Is Money Expression? Is Code Speech?

Even all this is only a first glance at the key practical question of control that will be weighed by a jury come December. But if Storm is convicted, and in the likely event that conviction would be appealed, the deeper principles of the U.S. Constitution are more likely to come into play.

The relevant issues include unsettled questions about the scope of the Consitution’s guarantee of free expression. First are questions about money: whether U.S. citizens have a constitutional right to financial privacy, and the related question of whether money is constitutionally protected expression; Second is the question of whether computer code is constitutionally protected expression.

Rep. Emmer’s invocation of a right to financial privacy highlights a trend towards the view that there is some right to financial privacy, and the related view that money is in some cases a form of protected expression. Though it’s likely distasteful to some of the same people arguing on Storm’s behalf, the strongest precedent here is the Supreme Court’s decision in Citizens United, which broadly carved out more space for anonymized donations to U.S. political causes.

The logic of the Citizens United decision rhymes with some of the reasons advocates from crypto critic Molly White to Ethereum cofounder Vitalik Buterin have argued that services like Tornado Cash have a right to exist, even if one side effect is enabling money laundering. Buterin specifically cited Tornado Cash as a useful tool for making anonymized political donations internationally, in his case to support Ukraine in its war against Russia. While that support was material, it was also in a sense ideological – a means of supporting the case that Ukraine deserves to win its fight with Russia. Further on the privacy-centric end of the spectrum, White has argued that there are many legal activities that are made more difficult or impossible without financial privacy, such as seeking an abortion.

Whether at trial or on appeal, the defense could argue something to the effect that cryptocurrency networks are uniquely suited to facilitate the global movement of money to causes such as Ukraine, or to local activists or dissidents against authoritarian regimes. They might further argue that something akin to Tornado Cash is the only means to protect donors from tracing by hostile opponents. In this case, a Constitution-focused decision could weigh the risk of money laundering posed by mixers, as less significant than the threat to freedom of speech posed by sanctioning them.

Finally, there is the question of whether code is speech. As detailed above, this question may not play a large role in Storm’s case if prosecutors can convince the court that Storm operated Tornado Cash in a meaningful sense, rather than just writing code.

But there is very strong precedent for the general argument that code is protected speech, going back more than three decades now to the case Bernstein v. Department of Justice. That case forced the U.S. to remove encryption code from classification as “munitions,” which among other effects would have required a cryptography expert to register as an arms dealer. The case, notably, didn’t even have to go all the way to the Supreme Court for the Constitution to win.

Strong encryption for communication today is legal in the U.S., and effectively worldwide, partly because of the Bernstein decision. More generally, it helped establish the now largely taken-for-granted idea that computer code per se is protected expression under the First Amendment. This has had massive social implications: the U.S. position continues to act as a bulwark against persistent antidemocratic calls, largely emerging from Europe, to make strong encryption for communications illegal.

It is not impossible that the Storm case could follow a similar path to setting a new precedent. It is unfolding against a backdrop of greater U.S. concern for protecting privacy in general, and financial privacy specifically. Of course, just like encrypted WhatsApp messages, the continued existence of these tools will come with serious tradeoffs, including the potential for bad actors to conceal their activities.

But the availability of strong encryption and communications privacy has not led to the downfall of civilization. While there are many serious differences between speech and money, there are also many anti-crime tools that could be brought to bear if one relatively small element of the overall financial system – crypto networks – offered permissionless anonymity. It would be a mistake for a judge, a jury, or the public to accept the fearmongering argument that your privacy should be forfeit because of the evils committed by strangers.

This article was made possible with your donations. If you enjoyed this read, please consider donating to our Geyser Fund.