Defending Open Source: A United Stand for Developer Rights and Software Freedom
Setting the scene
Following the rapid advancement of technology, it has become increasingly challenging to maintain our privacy online. This was highlighted by Edward Snowden, a former National Security Agency (NSA) contractor who in 2013 leaked documents relating to mass government surveillance.
Blockchain technology has introduced a new era of financial transparency whereby transactions and wallet balances are permanently recorded and publicly visible. As a result, privacy coins were created with features designed to boost anonymity and reduce traceability, such as:
Monero (XMR) which utilises ring confidential transactions & stealth addresses
Zcash (ZEC) which utilises zero-knowledge proofs (ZKPs)
Another approach to enhancing privacy was adopted by Tornado Cash which is a decentralised protocol built upon the Ethereum blockchain that indiscriminately facilitates anonymous transactions by obfuscating their origin, destination and counterparties with no attempt to determine their origin.
Tornado Cash: US sanctions
While privacy sometimes takes the spotlight in this discussion, the true essence lies in the rights and freedoms of those who contribute to open-source projects and decentralised technologies.
In reality, Tornado Cash is not a person nor a business entity, rather it is an open-source software tool that does not respond to subpoenas or legal requests. Given that it is not possible to stop the operation of Tornado Cash or Ethereum, OFAC decided to add all Tornado Cash and Ethereum wallet addresses associated with Tornado Cash and its smart contracts to OFAC’s Specially Designated Nationals and Blocked Persons (SDN) list.
The rationale was based on the allegation that these funds were being used for the laundering of stolen crypto funds by North Korean hackers, posing a national security threat. Nonetheless, this measure does not prevent malicious individuals from exploiting it.
What does this mean? In essence, it is illegal to engage in trade, economic transactions or other deals for “all US citizens and permanent resident aliens regardless of where they are located, all persons and entities within the US, all US incorporated entities and their foreign branches”.
One should note that government guidance relating to “other dealings” could include technical transactions such as downloading a software patch from a sanctioned entity. Should this not be overruled, it will inevitably lead to a slippery road, having wide-ranging ramifications extending even beyond the cryptocurrency sector.
The main concerns include but are not limited to:
Privacy & anonymity concerns → This can set a precedent for targeting other privacy-focused cryptocurrencies, especially given governments around the world view cryptocurrencies as a threat to their desire to set up their own central bank digital currencies (CBDCs) whereby privacy does not seem to be front of mind.
Impact on DeFi innovation → The regularity uncertainty and severity of potential consequences could stifle innovation deterring investment and participation in the DeFi ecosystem.
Legal challenges → This case can even set a legal precedent regarding the treatment of smart contracts and decentralised protocols in terms of liability and sanctions enforcement.
International ramifications → While the sanctions discussed primarily relate to the US, this could encourage other jurisdictions such as the EU to adopt similar measures, especially given their strong sway in international affairs.
“Everyone charged with a penal offence has the right to be presumed innocent until proved guilty according to law in a public trial at which he has had all the guarantees necessary for his defence” - Article 11 of the Universal Declaration on Human Rights.
Indeed, it was a court in the Netherlands that initiated legal proceedings concerning Alexey Pertsev, a Russian developer associated with Tornado Cash. While such an action might have been anticipated from the US, considering their recent regulatory posture, the involvement of the Dutch judiciary underscores a larger point of concern.
This is because the situation could end up leading to repercussions across the EU and affect upcoming regulations such as MiCA 2.0, which is in the process of being formulated. Moreover, from a humanitarian perspective, Alex Pertsex was detained for nine months without undergoing trial, raising questions about the balance between legal enforcement and individual rights.
A-legality of blockchain technology
The term ‘a-legality’ popularised by Gavin Wood, co-founder of Ethereum, captures blockchain’s nuanced relationship with traditional legal and regulatory frameworks. In his impromptu speech, found here, he described ‘a-legality’ as referring to actions or systems that operate irrespective of legal or illegal determinations.
This concept echoes the regulatory dilemmas encountered during the advent of Web 1.0, characterised by open protocols and the early stages of the Internet. The evolution to Web 2.0 marked the rise of ‘Big Tech’ companies such as Facebook, Google and Twitter, thereby reintegrating digital platforms within established legal frameworks through identifiable central authorities.
Reference can be made to papers by Walch (2019) and Dixon (2004) which delve into the unfairness of imposing fiduciary duties on open-source developers, who typically enjoy liability exemptions, a critical consideration given the decentralised decision-making processes in public networks.
Historical precedent: Encryption wars
For an in-depth on the encryption wars and cypherpunk movement, reference can be made towards Peter ‘pet3rpan’s Medium post which can be found here. This movement emerged in response to governmental encroachments on personal liberties within the digital realm, which seems to be happening once again. This should be of no surprise given countries’ desire to issue their own CBDCs.
During the ‘90s, governmental efforts to control encryption through initiatives like the Clipper Chip, a backdoor for governmental surveillance in telecommunication was proposed, being met with widespread backlash from the public and cypherpunk community.
Central figures like Phil Zimmerman, who released Pretty Good Privacy (PGP), one of the first openly available public-key cryptography applications that featured end-to-end (E2E) encryption ended up facing legal challenges from the government.
Once again, the cypherpunk efforts were instrumental in challenging these restrictive policies and helped contribute to the dropping of the criminal investigation into Zimmerman, resulting in federal court decisions that protect encryption under the U.S. Constitution’s First Amendment.
Code is speech
In the legal battles involving Alexey Pertsev and Roman Storm, there's a clear parallel to an earlier case, Bernstein v. Department of Justice, where the court decided that computer code is a form of speech. This decision was important because it challenged the rules about exporting encryption software, stating that these rules were infringing on Bernstein's rights to free speech.
On April 15, 1996, Judge Marilyn Hall Patel made a key point, saying, "This court can find no meaningful difference between computer language, particularly high-level languages as defined above, and German or French...Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it.”
This idea that code is speech is relevant to the situations of Pertsev and Storm which ultimately raise important questions about how we treat computer code under the law, especially when it comes to new technologies like blockchain and cryptocurrency.
Vive la résistance
Back in 2022, Coin Center published a detailed explanation of how Tornado Cash operates which can be found here, explaining that Tornado Cash enhances user privacy not by mixing funds but through a process where users deposit tokens and receive a specific note that leverages ZKPs.
This then allows users to withdraw their tokens to a different address without creating a traceable link on the blockchain, issuing a cryptographic proof for a deposit that is pooled with others making it indistinguishable from them.
Coin Center’s analysis also argues that OFAC’s designation of Tornado Cash may overreach the statutory authority granted by the International Emergency Economic Powers Act as the software and addressed on the Ethereum blockchain do not constitute “property in which some foreign country or national has an interest”.
The way forward
A research paper affiliated with the Federal Reserve explicitly mentions Tornado Cash in a positive light, stating that crypto asset mixers have an important role to play on public blockchains, indicating that there may be some light at the end of the tunnel.
Just as the Cypherpunks championed the legalisation and acceptance of open source, to safeguard our right to privacy, it is now our turn to take a stand against these unjust overreaches that could set a dangerous legal precedent.
This will serve as a testament to our collective commitment to rally together to preserve the principles of innovation, decentralization, and individual sovereignty, underpinned in Satoshi Nakamoto’s original vision for Bitcoin.
By supporting this initiative, we affirm our dedication to upholding these principles and defending the right of developers to contribute to the deployment of permissionless open-source software without fear of reprisal or censorship.