The US DoJ's indictment against the open source developers who wrote the Tornado Cash code

The indictment is deeply disturbing in its utter disregard for the truth. The basis for it is summarized by this paragraph:

New Tornado Cash indictments seem to run counter to FinCEN guidance - Our initial thoughts on a case that could potentially criminalize the publication of software code

The allegations include that the defendants: (a) paid for web hosting services for a user interface that allowed users to send transaction messages to the underlying smart contracts, (b) paid for a software repository (Github) where smart contract and user interface software and documentation was hosted, and (c) had (for a time before May 2020) “complete control” over the Tornado Cash smart contracts.

Paying for Github hosting of open source software, and running a server that serves the HTML/JS of a web interface, that people run locally to interact with a blockchain-based smart-contract, are completely protected under the First Amendment.

The last of the three allegations refers to an admin key that the developers could use to upgrade the smart contract, that they destroyed two years before any alleged criminal use of the smart contract.

The indictment is disingenuous, containing mischaracterizations, contradictions and lies of omission. You can find it here:

https://www.justice.gov/usao-sdny/pr/tornado-cash-founders-c...

It first claims they made no modifications to the "service" (by which they mean a supposed combination of the web front and the smart contract that the indictment alleges was run by them) to prevent criminal use:

STORM and SEMENOV knew about these money laundering transactions and received complaints and requests for help from victims of hacking and other cybercrimes. However, they refused to implement any controls and continued to operate the Tornado Cash service and facilitate these money laundering transactions.

Then it contradicts itself in acknowledging they did change the "service", as they changed the web front to prevent criminal use:

They implemented a change in the service so that they could make a public announcement that they were compliant with sanctions, but in their private chats, they agreed that this change would be ineffective.

But they couch this acknowledgment in an absolutely false/fabricated implicit claim that they deliberately neutered the modification to allow illegal use.

The indictiment follows this with the claim that they proceeded to run their "service"—by which they refer to the combination of the web front end and the smart contract—to process criminal deposits:

They then continued to operate the Tornado Cash service and facilitate hundreds of millions of dollars in further sanctions-violating transactions, helping the Lazarus Group to transfer criminal proceeds from a cryptocurrency wallet that had been designated by the Office of Foreign Assets Control as blocked property.

The assertion is that the private chats confirm all of this, which again, is an absolute lie.

The missing context here is that the developers ran a server that served a web front end, that users ran locally to interact with the distributed smart contract.

The chats the indictment reference discuss how even with the filtering they instituted on the front end, bad actors would continue to be able to use the immutable smart contracts, because users were able to switch from using the sanctions-compliant front-end the developers provided, to their own front-end that was not sanctions-compliant.

The chats demonstrate the developers expressing frustration at the fact that criminals would be able to bypass the front end they provided, and continue using the autonomous Tornado Cash smart contract, putting to a lie the claim that 1. they could have done more to prevent criminal use of the smart contract, and 2. that they controlled the "service"—by which they refer to the web front end and smart contract they allegedly ran—used by criminals. The only uses of any software that they ran—after they implemented the changes the indictment references—were sanctions-compliant ones.

The truth is exactly the opposite of what this indictment claims.

--

Echoing my comment earlier in the Daily: the US risked nuclear war with the Soviet Union, which had 40,000 nuclear warheads, to protect its way of life and Constitution.

Now the US DoJ blatantly violates First Amendment rights to publish open source code, and criminalizes financial privacy for 330 million Americans, based on the dubious claim that this will stop some hermit state from funding its primitive nuclear weapons program.

Shame on Damian Williams and Merrick Garland—the attorney generals behind the indictment of the open source developers who wrote the Tornado Cash code. This is nothing less than fascism.