Alexey Pertsev's conviction is a conviction against privacy
Is developing privacy enhancing sofware going to be illegal soon?
Alexey Pertsev, one of the developers of Tornado Cash, was sentenced after being arrested in 2022. The conviction comes before that of the two founders, who are instead defendants in the United States.
According to Dutch judges and the prosecution, the developer is guilty of money laundering and thus deserves a sentence of 5 years and 4 months.
In reality, the sentence reflects a different idea: Pertsev is not strictly guilty of laundering money (is Ethereum money?), but of facilitating this activity through the development and dissemination of the Tornado Cash software, and of doing nothing to prevent the transfer of illicit funds.
In short, according to the prosecution, Pertsev should have implemented technical measures to control the origin of the funds and the identity of those transferring them.
This raises a significant issue regarding the ability to control funds through a non-custodial (p2p) system, which has recently been highlighted in the case against Roman Storm, co-founder of Tornado Cash, and which I have already discussed.
The Dutch judge seems to have accepted the interpretation of the Department of Justice and the American prosecution:
Tornado Cash never had any control over the funds passing through the software... and yet, Alexey Pertsev is still guilty. We will see what American judges on the other side of the ocean will decide.
As of now, there’s another issue at hand.
The judge has effectively ruled on a very important principle: those who create open-source software designed to protect users' privacy in various ways can be considered accomplices if such software is used for illegal purposes.
Tornado Cash offers the technical possibility of hiding the act of money laundering, therefore it is the Court's opinion that Tornado Cash cannot be seen as a mere tool for the user (but isn't this the very definition of a tool?).
The argument is extremely bold, especially considering that in the European Union, as well as in the United States, there are laws specifically designed to exclude any liability on the part of providers of information society services (such as information trasmission) for the content that passes through them:
"Member States shall ensure that, in the provision of an information society service consisting of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, the provider is not liable for the information transmitted, provided that the provider:
a) does not initiate the transmission;
b) does not select the receiver of the transmission; and
c) does not select or modify the information contained in the transmission."
eCommerce Directive (EU)
Considering that neither the founders of Tornado Cash nor developers like Pertsev were able to initiate the transmission of funds, select the recipients, or modify the information contained in the transactions... it is unclear why they should be held responsible. Blockchains are, after all, information networks.
In any case, this is also the opinion expressed by FBI Assistant Director in Charge James Smith, who commented last year on the indictment of Roman Storm and Roman Semenov, the Tornado Cash co-founders under investigation:
"Today’s indictment of Tornado Cash co-founders Roman Storm and Roman Semenov highlights their alleged role in creating a cryptocurrency mixer that ultimately served as a gateway for laundering more than $1 billion in criminal proceeds. According to the allegations, when it became clear that a sanctioned North Korean cybercrime organization was using the platform to launder hundreds of millions of dollars derived from cyber heists, Storm and Semenov turned a blind eye to the illicit activity…"
And similarly, this was the comment from US Attorney Damian Williams:
"While publicly claiming to offer a sophisticated privacy service, Storm and Semenov knew very well that they were helping hackers and criminals hide the proceeds of their crimes."
If the principle is that developers of open-source and p2p software must somehow be held accountable for the crimes committed by users, what should we say about all the companies that develop systems for encrypted communications, such as Signal?
Some might say that services like Signal are fully covered by liability exclusions. That is true, but similarly, software like Tornado Cash should also be covered. And in any case, over the past four years, authorities have often reminded us that encryption is exploited by criminals and terrorists to communicate securely, away from authorities' scrutiny.
Shouldn't a platform like Signal, aware of this, introduce measures to block such illegal communications? And what about the numerous networks of pedophiles who, thanks to encrypted communications and open-source protocols available online, can distribute child pornography without fear of being discovered?
Aren’t secure communication between criminals actually a precursor to crime? If criminals couldn't communicate securely with each other, we would have fewer crimes, and they probably wouldn't even be able to launder their dirty money!
And then: isn't the distribution of pornographic material or the preparation of terrorist attacks far more serious than mere money laundering (which is a victimless crime)?
It might seem absurd, but the reasoning is exactly what underlies legislative proposals like Chatcontrol. So you see, extending the argument against Tornado Cash to other services doesn't seem so far-fetched.
Pertsev's conviction is a conviction against privacy
The problem for the founders and developers of Tornado Cash (and soon for many others) is having created tools capable of protecting the privacy of both criminals and honest people.
It doesn't matter that once released, it’s literally impossible to control the dissemination of open-source software (which is pure information)... what matters are the intentions!
Given the way Tornado Cash was conceived and built, there is no other way — the judges say — but to consider its creators as accomplices in money laundering activities.
It follows, therefore, that if this argument prevails, anyone developing privacy tools will be guilty of knowingly aiding the criminals who will use them.
At the same time, anyone choosing to use these tools will be considered a potential criminal.
Everything that has happened in recent years aimed precisely at reaching these conclusions.
Every public statement, every agreement and political document, every guideline and recommendation, every judicial action... everything has been done to gradually shift the Overton window to ultimately make the concept of privacy coincide with that of criminality.
The climax has not yet arrived, but the social and political pressure might be so strong that I wouldn't be surprised to see, in the near future, the beginning of a real witch hunt against all those who develop and use tools that enhance privacy...
Who knows, maybe one day this newsletter will also be illegal — subversive.
And the effects of the vigorous persecution by legislators and law enforcement in Western governments are also reverberating on those who already comply with all KYC and AML regulations today, in a desperate attempt to be completely compliant and safe from any retaliation.
No CEO wants to end up in jail, so they will do everything possible to be good watchdogs.
Are your money really yours if you have to explain how you use them? And what is a financial system without privacy in the Digital Age, if not... social scoring?