Tornado cash is illegal for US citizens. Not illegal for anyone else. And a lawsuit against the overreach of the Treasury department will likely make it legal again.
What exactly is the "overreach" argument? In terms of statutory authority, the Treasury hasn't done anything particularly unusual in adding a known money-laundering vehicle to the OFAC list.
All tornado notes generate a proof that you can use to show where it came from. It’s the same as monero, another privacy coin which is not illegal.
There is a long list of issues here but tornado is just a program. The users of that program can use it for good or bad. They sanctioned the creators and Tornado is still chugging along. It’s equivalent to banning cryptography because money launderers encrypt their messages.
Here is a good summary of the argument against Treasury by Coin Center
None of this amounts to an "overreach" argument. Again: statutorily, where has the Treasury Department mis-stepped?
You'll note that all kinds of entities, including full banks, are on the OFAC list[1]. This doesn't amount to a blanket ban on banking, and "it's just a bank, there are others" is not an argument that anyone finds convincing.
Pretty straightforward — Treasury said we couldn't use a particular
computer program rather than interact with a particular entity, and that's outside their authority.
I think you are misunderstanding the Treasury's position. You are free to run the code on your own computer on a VM for a made up Blockchain however many times you want, no problem. You can even run a permissioned version of it yourself, where you and your 40 permissioned friends mix their transactions for privacy, and everyone knows (through, let's say, off chain trust) that none of them are committing crimes, I personally don't think that would be a problem either. However, if you are running the same code on a public Blockchain and mixing your transactions with literal criminals [0], well, that is a crime now.
"Running a computer program" is too vague, and legality of it depends on the context.
[0] since everything on this Blockchain is public, you can easily see proceeds of cybercrime coming into tornado. It's not really a point of contention.
> You can even run a permissioned version of it yourself, where you and your 40 permissioned friends mix their transactions for privacy, and everyone knows (through, let's say, off chain trust) that none of them are committing crimes,
Even if you 100% knew that all of the money was legal mixing is money transmission according to the government which means you need to register in every state you operate, register with the federal government, and have a compliance program, or you will get up to 5 years in prison. Hawaladars/various ethnic equivalents especially post 9/11 have learned the rules on money transmission the hard way, even when they literally "know their customers" in a much more real way than banks do. Here's an example where I'm from https://apnews.com/article/yemen-us-news-ap-top-news-mi-stat... - fortunately these guys were spared prison though.
I think there are procedural issues not statutory ones. Procedure can undermine the statutory one, in this case there is a requirement for an entity to be able to argue on its own behalf to be removed from the sanctions list, this is not possible with the Tornado Cash contract addresses.
There is also the issue of determining how it is a Foreign Asset to begin with. Is it based on the developer they identified? They have to prove that it was not deployed by an American which probably cannot be proven by the nodes (maybe records of an API could do it, but not when running your own nodes)
This is an interesting point, but is it uniformly true? The OFAC list also includes aircraft and boats, which presumably can't argue on their own behalf.
Tornado Cash autonomous contracts cannot. They need to establish proof of who or what organization deployed it. I believe they skipped this step for incompetence or for needing it clarified in court
The previously linked article makes 4 arguments but this is the one I find most compelling:
even Treasury’s own regulations and past executive orders limit the applicability of sanction controls to transactions with persons, entities, or their property. The Tornado Cash sanction was made without statutory and also without regulatory authority. It was made contrary to law.
I've read that post a couple of times, and even wrote a response to it[1]!
TL;DR: The Treasury Department doesn't care that Tornado Cash is "just" a computer program, because a computer program is an instrument made and operated by human beings. Even an autonomous program does not escape this, for the same reason that you can't escape a murder charge by throwing a bomb into the air and claiming gravity as a defense.
I genuinely don’t see any link between a bomb going off and a privacy protocol used to move financial assets.
The government is not allowed to put a camera in my house and watch me 24/7. Sure, I might be committing crimes inside my house. But unless the government can convince a judge that they suspect me of committing crimes that justify such a camera, they cannot install said camera.
Similarly, merely using a technique to obfuscate the origin of my own money is not enough to claim I am a criminal. I can do similar with gold coins and paper cash, and in high dollar amounts.
Eventually I’ll want to use my financial assets to purchase something, and at that point the receiver should ask me where I got my money (if legally required to) and with Tornado Cash I can fully explain the origin of my legal funds.
Acting like Tornado itself is enabling crime is absurd.
regurgitating anti encryption talking points to justify regulating other people’s wallets, I guess it’s only natural to oppose financial privacy when your economic policies depend on having the right to other people’s money.
I'm very pro-encryption. I'm not convinced that sanctions against Tornado Cash pose a serious risk to E2EE or other civically important (necessary!) applications of encryption.
I don’t need to justify my right to privacy to prevent you from violating it. Come up with a better defence than the redistribution of consequences, this not the EU.