On an otherwise quiet day last month, the crypto industry woke up to big news – the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) added 45 public Ethereum addresses to the sanctions blacklist, including addresses where the Tornado Cash byte code, or smart contract, was stored, potentially rendering interactions with those addresses a violation of law. Up to this point, all addresses included on the Specially Designated Nationals and Blocked Persons List (SDN List) had been wallets purportedly belonging to known “bad actors,” making the Tornado Cash sanctions an unprecedented expansion of sanctions law.
In essence, Tornado Cash is a mixer that decouples the sender and recipient of crypto to protect users’ privacy in an otherwise public network. But “Tornado Cash” is not a company or an entity; it’s a decentralized, immutable, non-custodial smart contract. Therefore, industry participants were quick to argue that OFAC overstepped its authority when it added a smart contract address to the SDN List, given that its statutory power is limited to sanctioning “persons” or “entities” – and a smart contract is clearly neither. A recent lawsuit also makes clear the catastrophic implications that the Tornado Cash sanctions had for a variety of actors, including people who are trying to preserve their privacy while making donations to Ukraine.
Rodrigo Seira is crypto counsel at Paradigm. Amy Aixi Zhang is policy counsel at Paradigm.
But the most pernicious result of the OFAC sanctions is they have the potential to be misinterpreted by “base layer” participants – which includes validators and other actors such as builders, pool operators, relays, searchers and sequencers – as requiring the censorship of blocks involving sanctioned addresses. This basically means that base layer participants would either exclude any sanctioned addresses in blocks they propose, or refuse to attest to any blocks that include such sanctioned addresses. Either action could result in the respective network becoming censored by default or “forking” into two incompatible versions.
Simply put, this is not the right way to interpret the law. Crypto’s “base layer” is not legally required to monitor or censor blocks involving addresses on the SDN List in order to comply with sanctions just as the Simple Mail Transfer Protocol (SMTP) that enables the transfer and interoperability of email would not be responsible for monitoring spam or illegal activity.
See also: In Crypto, Base Layer Security Isn't Enough - CoinDesk | Opinion
Sanctions are a legitimate tool of the U.S. government, and OFAC, the regulator tasked with enforcing sanctions, has broad statutory authority to which U.S. courts have historically deferred. But the function of crypto’s base layer – publicly recording the order of data blocks – does not entail the type of financial transactions and other activities that are prohibited by sanctions. Critically, sanctions require U.S. persons to employ compliance programs that are “risk based” and tailored to the specific activities in question, not to completely shut down all activity if there is a chance of a sanctions violation.
When OFAC designates a party to the SDN List, U.S. persons are prohibited from transacting with them and required to “block” their property. However, crypto’s base layer is not transacting with sanctioned parties – whether a transaction is confirmed on a blockchain network depends on the broader, global network consensus, regardless of the actions of any individual participant.
Crypto’s base layer participants are also not able to “block” the property of a sanctioned party in the manner that a bank can freeze an account. At no point is any base layer participant in “possession or control” of property of a sanctioned person. Therefore, censorship as applied to crypto’s base layer amounts to an inability to report a transaction; not an ability to “block” it.
See also: Crypto Donations Are About More Than Censorship-Resistance | Opinion
Sanctions also prohibit U.S. persons from “facilitating” transactions with designated parties, including providing “services” to such parties. OFAC has applied these prohibitions broadly when a U.S. person “assists” or “supports” transactions involving sanctioned parties. Nonetheless, construing the actions of crypto’s base layer as “facilitating” transactions or providing “services” would be at odds with prior OFAC regulations and enforcement history.
The public recording of the order of data blocks by crypto’s base layer is no more “facilitating” a transaction with sanctioned parties or providing “services” than the existing communications infrastructure that routes financial messages daily around the world, whether through internet service providers, routers, network switches, email and chat programs, and other network protocols.
Read more: Cloning Tornado Cash Would Be Easy, but Risky | Opinion
OFAC regulations have also stated that “facilitating” does not include activities that are of a purely clerical or reporting nature, which is the core function of crypto’s base layer. Further, the fact that crypto’s base layer infrastructure has been decentralized by distributing basic functions to independent participants makes each individual actor’s actions even less likely to meet this threshold.
OFAC’s recently released FAQs on Tornado seem to support our interpretation of the scope of compliance obligations by focusing on transactions between parties sending digital assets to sanctioned addresses, as opposed to the activities of the base layer. They state that “interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited.”
Requiring the base layer to censor blocks would be an unwarranted expansion of sanctions law. It would also be counterproductive and potentially harm national security interests, which is contrary to both OFAC’s stated goals and U.S. President Joe Biden’s recent executive order. The requirement to censor blocks under the threat of sanctions liability is likely to lead many participants of crypto’s base layer, including important on- and off-ramps, to go offshore. This would limit the U.S.’s ability to influence the development of the technology and result in U.S. regulators having less visibility into transactions.
Censorship at the base layer would also undermine the utility of blockchain technology. Like the telephone network, crypto’s base layer is at its core a communications protocol and part of the technological infrastructure that should be considered a public good. Its key function – publicly recording the order of data blocks – is similar to the role we expect the core internet infrastructure (like TCP/IP) to play, to freely and accurately disseminate information through the network. To maintain its utility, crypto’s base layer must also maintain its neutrality and lack of bias.
Our more extensive analysis on this topic can be found here. This OpEd does not constitute legal advice.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.