Can the U.S. government sanction computer code?
That simple yet complex question is at the heart of a burgeoning legal fight backed by one of the world’s largest cryptocurrency exchanges. The answer will likely have major implications for the government’s power to control the functions of digital assets.
Coinbase is sponsoring a lawsuit brought by six Tornado Cash users against the U.S. Treasury Department, which last month sanctioned the currency mixer for its alleged role in laundering illicit funds. The exchange and other cryptocurrency advocates fear the application of such powers could disrupt broader networks unrelated to illegal activities, like the entire Ethereum blockchain, and create yet another massive legal uncertainty for the industry.
“The power that’s delegated to OFAC simply authorizes them to target persons or property,” Paul Grewal, Coinbase’s chief legal officer, told The Block. “The smart contracts that they’re talking about,” that enable Tornado Cash, “these are neither persons nor property.”
The U.S. government, which has yet to file a response, will likely want to preserve broad powers to cut off funds to criminals, which in this case, include North Korean government-backed hackers. According to Treasury, Tornado Cash was used to launder over $7 billion since 2019, including $455 million stolen by a group sponsored by Pyongyang.
Brian Nelson, undersecretary for terrorism and financial intelligence, laid out Treasury’s stark view of the matter when the department announced its sanctions against the currency mixer last month.
“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” Nelson said in a release. “Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”
A spokesperson for Treasury declined further comment. As is typical in challenges to government decisions, the Justice Department will represent Treasury in the case.
Though legal precedent in the U.S. maintains source code as free speech under the First Amendment as a result of another national security-related case, judges often defer to the U.S. government on deterrence decisions like sanctions. Lawyers with backgrounds in national security expect the attempt to fail.
“OFAC will argue that Tornado Cash, decentralized or not, was the go-to money laundering mechanism for Lazarus Group which resulted in North Korea having funds for weapons proliferation,» said Ari Redbord, a former Treasury sanctions attorney who is now head of legal and government affairs for TRM, a consulting firm for digital currency-related projects.
Though digital currencies like bitcoin and ether have been involved in other sanctions and criminal cases, the U.S. government hasn’t come down on them like it did with Tornado Cash. The sanctions were likely the result of Tornado Cash being used by North Korean hackers and a TRM analysis estimating that 41% of all funds deposited through its mixing pools in June and July were stolen assets. Historically, Treasury sees its sanctions role as one of its most important responsibilities—doing what it can to hinder terrorism or nuclear programs of authoritarian, belligerent regimes without loss of life.
Still, Coinbase appears ready for a lengthy fight. The exchange sought out the most sympathetic plaintiffs it could find, including two of its own employees.
One, Tyler Almeida, says he used Tornado Cash to donate to Ukraine’s government following Russia’s invasion of the country. Former Amazon engineer Joseph Van Loon says he used Tornado Cash mixing pools—code that hides transactions from being public on Ethereum’s blockchain by pooling them with several other simultaneous anonymized transactions to create a sort of virtual safety deposit room—to keep from being targeted by hackers who could otherwise see where the ether moved.
Coinbase matched these six users—two of whom are employees of the company—with the chair of the Supreme Court and appellate practice group at international law firm Paul Weiss: Kannon Shanmugan. He is an ex-clerk to former Supreme Court Justice Antonin Scalia and lead counsel in a high-profile legal challenge over whether the president can replace the director of the Consumer Financial Protection Bureau at will–a challenge he won in a 5-4 Supreme Court decision.
Because of Coinbase’s bankroll, the plaintiffs, and Shanmugan’s legal pedigree, experts see the suit as having a chance of success, despite significant hurdles.
“I think that the plaintiffs that they have gotten are excellent, exactly who I would want, and the arguments that they have made are excellent as well,” said Jerry Brito, executive director of the D.C.-based nonprofit Coin Center, which is also weighing a legal challenge to the sanctions.
Treasury seemed to undercut standing for a lawsuit when, on Sept. 13, OFAC issued guidance for how Tornado Cash users who still have funds in the frozen pools but did not engage in illicit activities can apply for exemptions.
“OFAC would have a favorable licensing policy towards such applications, provided that the transaction did not involve other sanctionable conduct,” the guidance reads.
Brito rejected that Treasury’s notice would affect the case much.
“That shouldn’t change the case because there’s still an injury here,” said Brito. “It doesn’t change the fact that they sanctioned something that cannot be sanctioned under law.”
Legal experts following the lawsuit see the Tornado Cash sanctions as a distinct next step beyond the ‘code is speech’ precedent—one with potentially broad implications for digital assets. If the government wins and can continue to target specific code running on a blockchain, advocates fear there will be little to stop it from targeting that entire blockchain.
“The worry here is that OFAC criminalizes basic infrastructure, basic crypto ecosystem infrastructure without knowing about it,” said Ahmed Ghappour, a professor at Boston University’s law school and chief legal officer for privacy-focused blockchain project Nym.
Brito echoed concern about government sanctions affecting broader networks like Ethereum, where a majority of users probably aren’t state-sponsored hackers.
“I think this is not so much an attack on the freedom to publish code, but instead an assault on the freedom to run specific code,” Brito said.
He went on to echo arguments made by Coinbase and the plaintiffs which say that current sanctions law can’t apply to code because of how it’s written.
“If your right as an American to privacy is only if North Koreans never use that tool,” Brito said, “Then you don’t have a right to privacy.”