Head of Research at Coin Center: Tornado Cash's latest allegations seem to contradict the Financial Crimes Guidance Bureau documents

Original title: "New Tornado Cash indicators seem to run counter to FinCEN guidance"

Written by: Peter Van Valkenburgh, Head of Research, Coin Center

Build: bayemon.eth, ChainCatcher

ChainCatcher Note: Coin Center is a leading non-profit organization focused on cryptocurrency policy issues, engaged in research and education policy formulation, and advocates for a sound regulatory approach to encryption technology in regulation.

Roman Storm and Roman Semenov were indicted on charges including conspiracy to operate an unlicensed money transfer business. So far, all relevant facts have not been fully disclosed, but the limited factual allegations in the indictment do not initially appear to reveal any obvious violations of relevant laws. We may follow up on other allegations related to this new case, but at this point it is worth discussing what constitutes a transfer of funds and what constitutes a "pure" software development or communication service. That's the key issue in this case, and it's at the heart of the rights of U.S. citizens to build and distribute software.

The only pertinent claim in the indictment that “defendants conducted funds transmissions without a license” is that Tornado Cash “provides a funds transmission business for the general public” and that the business is not registered with the Financial Crimes Directorate (FinCEN). But do the indictments state the relevant facts that actually indicate that the defendants engaged in legitimate money transfer activities?

The Bank Secrecy Act (Bank Secrecy Act) implementing regulations define money transmission services (Money Transmission Services) as "accepting the value of currency, funds or other alternative currencies from a person and transmitting said value by any means to another organization or personal".

The 2019 FinCEN Digital Currency Guidance Document explains these regulations in detail, and proposes to anonymous software service providers:

Anonymous software service providers cannot act as money transmitters. FinCEN regulations stipulate that because services such as delivery, communication, or network access in the transfer process are necessarily related to the transaction process, software developers that provide these services cannot act as the money transmitter in the transaction process.

The indictment includes FinCEN's allegations of facts describing the activities of the defendants, but these facts show that the defendants fully complied with FinCEN's guidance for anonymous software providers that they did not act as money transmitters. The alleged activities include:

(a) Pay for web hosting services for the user interface that allows users to send transaction messages to the underlying smart contract;

(b) pay for Github to host the smart contract and user interface software and documentation;

(c) "full control" of the Tornado Cash smart contract for a period of time prior to May 2020.

The service provider is not acting as a money transmitter

For the web hosting and software code storage services mentioned above, these activities themselves do not meet FinCEN's definition of so-called "funds transfer", that is, "accepting funds and transferring them to another party", these activities only involve software and Data exchange and publication. Therefore, according to the 2019 document, these activities clearly do not fall under the category of activities related to funds transfer.

Although providing these "delivery, communication or network access services" through Tornado Cash can make it easier for individual users to access and use its smart contracts to transfer funds, it does not mean that the service provider becomes a money transfer party. As FinCEN’s 2019 guidance document states:

People who use software transactions for anonymity can be divided into ordinary users and fund remitters according to the purpose of the transaction. Among them, ordinary users usually use the software when paying for goods or services in their own names, and fund transfer parties use the software as an intermediary to transfer funds.

Since the official document states that there may be the possibility of users transferring funds through anonymous software. At the same time, the guidance document also mentions that neither the software developer nor the user needs to be a registered money transmitter, and as far as I know, Tornado Cash operates in this way.

Tornado Cash does not have "independent control" of smart contracts

As for the issue of "controlling" smart contracts before May 2020, the analysis may be more complicated. The indictment only says that the contract is completely controlled by Tornado Cash, but in fact, the Ethereum smart contract is variable, and the degree of control is also variable. This is the key fact needed to determine whether a person is acting as a financial counterparty.

For example, if someone has the ability to lock all funds in a contract, then that person can indeed transfer those funds and become a so-called money transmitter. However, if he only has the ability to update some logic related to the contract, but not enough to gain full control over the funds and decide whether to transmit funds for himself, then this person does not have "independence" over all funds in FinCEN's guidance. control”, and therefore are not money transmitters. The indictment does not clearly address the extent of the defendants' control over the smart contracts, so FinCEN did not have sufficient evidence that Tornado Cash engaged in unlicensed money transfers.

The control of Tornado Cash over smart contracts is still under investigation, but as far as we know, Tornado Cash's only control over smart contracts is to change the cryptographic logic related to privacy functions, without any actual inspection Or the ability to move user funds. If this technical analysis is accurate, it is unlikely that Tornado Cash has rights to “independently controlled” smart contracts with funds transmission capabilities as described in the FinCEN guidance document, and thus this single allegation does not prove that Tornado Cash engaged in “unauthorized Permitted Funds Transmission" activity.

Additionally, the government alleges that the defendants “promoted” the Tornado Cash tool and profited from governance tokens while also “deliberately designing” its tool’s functionality. However, like the other allegations, none of these activities involved the "inward and outward transfer" of funds. At the same time, if the software provider only profited from advertising services, it is impossible to explain that the defendant provided financial services that should be regulated, rather than pure software services.

We will continue to pay attention to the progress of this case and will release more reports after subsequent facts are revealed.