Discussion
Still don’t know what happened to some trillions at the pentagon….
frustrating, but not a surprising outcome.
So messed up.
Fuck this!
The key part here is this.
"Moreover, the DOJ alleged they maintained control over Tornado Cash, which they could have used to implement transaction monitoring or other anti-money laundering features, despite publicly saying they could not actually control it."
It’s not decentralised and resistant. So it will fail.
This is really big, and really bad news.
The essential point seems to be that there is an argument that they *could* have exerted control. Did they actually have backdoor keys into the smart contract after they wrote and deployed it? I can't remember a clarification on that crucial point.
If they didn't, then this is even worse, because it means US LE are prepared to make *really* tortuous arguments to go after privacy software developers.
In the not so distant future:
"A chain analysis firm identified a transaction involving Bitcoin linked to a government-opposed group that includes a Bitcoin address found in one of your social media posts. It appears you received a payment from Bitcoin that was previously held by this group. Can you explain your connection to this group? Can you prove that? Do you mind if we come in and ask you a few more questions?"
Every “upgradable” smart contract has a back door that allows the author to change the code. So it’s a fair assessment to claim that they did have control.
Depends on what functions can be upgraded. Also there's a limit to how convoluted an argument they'll get away with. The Coin Center article suggests that the DoJ is being a bit handwavy here.
I don’t think the essential point has anything to do with backdoors. It’s actually much worse than that.
They’re arguing that since the devs 1) made the software and 2) knew it would be used for “illegal” things, and yet 3) did nothing to stop this, that they are complicit.
What kinds of things could they have done to stop things? Not made the software in the first place. Attempted to take the software down after the fact. Or blocked certain inputs as Wasabi does.
Scary precedent
This is horseshit, but also predictable.
NCET can go fuck themselves
but this doesn't sound decentralized enough
Don't think this is a good sign for #cashu or fedi mints
This is so messed up 🤦🏽♂️
CoinCenter doesn't believe so: https://www.coincenter.org/new-tornado-cash-indictments-seem-to-run-counter-to-fincen-guidance/ (ht nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc )
Yes I agree with what I read there, I found myself musing along similar lines: just the ability to *update* the contract shouldn't logically be interpreted as "money transmission" .. although, you could choose to.
Compare with non-blockchain software that's just an open source project - there, updates are made and users can *choose* to download and run the update, so there's even less centralized control, but it's still the same basic type of thing - the developer can at least influence, *very* strongly, what the user runs.
In other words, while we as open source bitcoin software developers can *hope* that the fine distinction between 'update the smart contract' and 'update the software' might make the latter remain legal, it's pretty thin gruel ... I would not trust that line to hold.
Hmm I'm not sure whether I completely buy what I just wrote there 😆
Take this passage from the coincenter article:
"We’re still researching but to our knowledge the only control that the defendants ever had over the smart contracts was the ability to change aspects of cryptography related to Tornado Cash’s privacy features and never had any ability to actually access, move, or direct the user funds in the contract. If that technical analysis is accurate then it does not seem likely the defendants ever had the sort of “independent control” over the transmitted value that FinCEN describes in its guidance, and, accordingly it seems that this alleged activity would also not constitute unlicensed money transmission."
If the ability to update the contract exists, one naturally assumes that it means ability to update *anything*, so one can sort of claim they have custody of funds.
And then on the other hand, these updates are always going to be 100% public (even if code is obfuscated), so "in theory" people can just not send funds to it when it changes in a way they don't want.
I honestly have no idea at this point 😆
Not necessarily. You can specify which functions can be upgraded and which can't. For example some functions could be hard-code in the main smart contract, whereas others delegate to another smart contract, the address of which is stored in a variable. Ideally then those variables can only be changed by token vote, but my guess is that initially there was an admin who could do that.
However if "aspects of cryptography" could be changed, then most likely it would have been possible to brick the contract. But that would be destroying the company entirely, and so may not be an reasonable thing to demand. Plus it's rather pedantic, which itself doesn't always go well in court.
But imo the admin override doesn't matter. If it was a pure DAO then you just say "criminal conspiracy" and now all the token holders and developer are liable for the whole thing. Then all you need to do is *not* arrest the token holders (including the VC) and only arrest the developers and presto.
That said, the DAO didn't control the core contract. So to the extend that the core contract was used *without* any of the ancillary tools (website, DAO controlled smart contracts) then you COULD still maintain you had no control over that activity.
Unfortunately the DoJ probably just needs to prove *one* money launderer using the UI (based on CloudFlare records or something) for the money laundering charge to hold.
So then the defense in the US would have to fall back on the non-custodial side of things. At minimum they didn't need a license.
And it's worse. IIUC the money laundering charge is *conspiracy*. So they needed to have the intention of someone using the UI to launder money, and take one concrete step towards it (like writing the code). If such a charge survives, even if a license wasn't needed, that's a problem.
The Netherlands doesn't even have a license system for this, so it's really just about the question whether or not this was (actual, not conspiracy to) money laundering.
(where "intention" is a bar perhaps as low as "disregard for the risk of")
nostr:npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7 nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx
But yeah, if this case it not defeated, then it's not non-custodial privacy tools that are next. They might even try an all out attack on non-custodial wallets. Starting with the ones run by for profit companies. These currently enjoy protection in both the US and EU, for very different legal reasons. But as more people use them, they make sense as the next choke point.
I'll help 10 people on how to earn 45k USDT in just 72hours from the crypto market.
Send me a friend request and Direct message to know (How)
F the tyrannical US gov and F their fiat fiefdom. This is just a protective action to chill and dissuade devs from working on privacy tech.