By Katie Haun
Several weeks ago, the Treasury Department sanctioned the Tornado Cash application. We don’t profess to know all the facts of what Tornado Cash as a particular application did or didn’t do and assume it may take some time for those facts to come to light. We’re assuming, for the purposes of this post, that OFAC sanctioned no more than a piece of code based on the information publicly available to us now.
I have had many conversations about this with crypto founders who are concerned about the implications of this action and where it could lead. Regardless of where you fall on the specifics of what Tornado Cash may enable, this conversation is important and timely as advances in privacy-preserving technologies are underway that we believe will have beneficial societal impacts including increased consumer privacy, control, and ownership.
Many in the crypto community have been talking about a 1st Amendment freedom-of-speech defense. As I thought about this further, I called Eugene Volokh, a professor of constitutional law and one of the world's leading authorities on the 1st Amendment (he literally wrote the book on it). He’s also a programmer who graduated with a CS degree at 15. His response to the code-as-speech argument surprised me. That’s because despite being a self-described 1st Amendment maximalist, he thought that some of the better legal arguments might not be freedom-of-speech-based at all.
We recently hosted a Twitter Spaces on the topic with Eugene. Here is what he had to say about assuming speech protections under the U.S. Constitution for code:
“I'm pretty skeptical of there being much by way of 1st Amendment protection for, let's say, code that you can run because the freedom of speech is tremendously important. I do generally take a pretty broad view of freedom of speech, but it really is freedom of speech. It's not freedom of action. It’s not freedom of stuff. In many ways, code looks a lot like stuff ….”
“I do think [code is] protected by the 1st Amendment in some situations . . . distributing source code might be protected if it's the sort of thing that people will just read, think about, and talk about. But if it's something that is directly executable then, by and large, it stops communicating things, or at least communicating things to people, and starts doing things . . . so I am pretty skeptical about the prospect that one can just set up mechanisms for doing all sorts of things and have them be protected because those mechanisms operate through code.”
When asked to put himself in the mindset of the Treasury official who is coming to a novel set of questions and a very novel set of new innovations and trying to think about how they reconcile those with the Constitution, Eugene was circumspect:
“There may be some 4th Amendment protection for certain kinds of privacy protecting technologies. And remember the 4th Amendment, unlike the 1st Amendment or the 2nd Amendment, actually specifically says that unreasonable searches and seizures are forbidden. So it recognizes that there could be reasonable restrictions on privacy. Let me offer an analogy, and this is an area where analogies are really all we have to go on here. So it turns out that there is a rule under the 4th Amendment that when a driver of a car is arrested, the police may search the passenger compartment, but they can’t search any separately locked trunk . . . let's say that's the rule. Imagine the state says, oh, all right. We just say all cars on the roads have to lack a separate trunk. They have to be SUVs or hatchbacks, or station wagons. They just can't have a separate trunk. I'm inclined to say that that might raise some pretty serious 4th Amendment problems precisely by requiring people to step away from what has been recognized as standard default privacy protections…and by banning a certain kind of technology…you're interfering with the right to be free from unreasonable searches and seizures.”
“If the government wants to, for example, search inside your car…then it needs probable cause. But of course if they just look in through the windows, why that's not a search. That's … just looking at things that are in plain view. The state says we're going to insist that cars be made out of glass— let's say transparent materials—so that more will be in plain view. Of course, we still will need probable cause in order to actually look inside for the things that aren't visible from the outside, but we'll just require a lot more to be visible from the outside by requiring the cars be made out of transparent material. That too, I think, would pose some … likely 4th Amendment problems.”
“When we try to extend the analogy to modern electronic technologies, that's hard to tell. But I do think that this highlights that there are some limits, I think, to what the government can do to interfere with privacy protective technologies.”
What Eugene casually shared top of mind that day caused me to return for a moment to my legal roots. For those who don’t know, I was a Supreme Court clerk, then a constitutional lawyer turned prosecutor. I litigated countless 4th Amendment challenges and know from experience that this area of law is particularly dynamic, not to mention fact and jurisdiction-dependent, and this argument definitely merits further analysis. The Supreme Court has made clear that the 4th Amendment needs to keep up with emerging technologies – holding, for example, in a recent case that the amendment limits the ability of law enforcement to track location through cell site data obtained from a provider, something that was previously viewed as falling outside a user’s expectation of privacy.
Aside from the 4th Amendment the OFAC action raises other legal issues that are not being widely talked about in the crypto community. OFAC took this action based on a federal law that gives Treasury the power to block the property of bad foreign actors (think the North Koreans or international arms dealers). But that federal sanctions law was likely not intended, and may not encompass, the power to block access to open-source software applications, which are not the property of anyone, much less foreign actors.
And recall that the Due Process Clause requires that the government give people fair notice before taking actions that deprive them of their property or could even expose them to criminal sanctions. Treasury’s action here, relying upon a decades-old law, therefore raises some pretty interesting constitutional and statutory questions. That’s why we’ll be going deeper on this topic with a full analysis we’ll release later this month.
In the meantime, consider this:
First, this involves several unsettled areas of law that will take many years to shake out. And even then the vehicle(s) that winds its way through the court system will not necessarily be of the crypto community’s choosing. It will likely be the government who chooses the vehicle and the facts. And as a former judge I worked for was fond of saying “bad facts make bad law.”
Second, if you’re building privacy preserving tech in crypto, it’s worth familiarizing yourself with other relevant aspects of the law aside from hanging your hat on one amendment related to speech.
Third, speaking of laws, Tornado Cash is yet another reminder that we are going to need new rules for bleeding edge technologies. For a long while the crypto community has focused on the executive branch and agencies. However, in this next chapter the other two branches of government, the legislative and the judiciary, will feature prominently. On the legislative side, if you are a developer, a founder, or someone who cares about web3 and products that protect privacy for the average person, it is important to engage in the process and make your voice heard. As we saw with the Infrastructure Bill, the crypto community can have an impact on these outcomes. For the judiciary, it means the industry has to turn up its efforts with more thought leadership that reaches a different sort of audience including legal academics through scholarship, contributing to journals, filing amicus briefs, and much more.
And finally, we’ve been talking about this from a US-centric point of view. We know that web3 is a global community. However, the United States has historically played a leading role in setting policy and creating laws that many jurisdictions around the world will look to as a model.
These are serious issues. They will require serious leadership. Many of the founders we back have chosen to work in web3 precisely because they understand the need for digital systems that can broaden access to innovation while protecting user privacy. We see some signs of progress that the United States is moving in the right direction. That said, if indeed the government sanctioned an open-source blockchain application, that would raise serious legal questions that demand further conversation. We look forward to sharing our continued thoughts on this topic.