<div dir="ltr"><div>Howard,<br><br>Thanks again for continuing this conversation. I appreciate your clarity even when we disagree.<br><br>Here's where I think we need to zoom out.<br><br>This case started with the assertion that Tornado Cash was operating a profitable service that failed to comply with financial regulations.<br><br>Fine.<br><br>That's a reasonable interpretation... if that's where it ended.<br><br>But it didn't.<br><br><br><br>Let's look at the government's own words:<br><br>"The government alleges that while it was possible to access the smart contracts powering Tornado Cash directly, most users relied on the native interface, and 98% of users utilized the optional relayer network, which was set up and operated by relayers manually whitelisted by Tornado Cash's co-founders until March 2022."<br><br>They said it was a service with a UI, and that nobody used the smart contract directly. Fine.<br><br><br>Then the prosecution says:<br><br>"Though the Tornado Cash developers implemented a UI change to screen out OFAC-sanctioned wallets, the government alleges this action was insufficient to prevent illicit activity by the Lazarus Group, a North Korean hacking organization."<br><br>So even after Tornado Cash attempted to comply with sanctions, suddenly, it wasn't enough. The goal post moved.<br><br>The issue became about failing to prevent misuse of code that is, by design, immutable.<br><br><br>The implication is that even autonomous, decentralized code, post compliance, is criminal if the government believes its existence enables unwanted behavior.<br><br>That should concern anyone building at the edges of technology. That should concern cypherpunks.<br><br><br>It sets a precedent that the mere existence of infrastructure outside the traditional financial system is a liability, regardless of how it's used, how it's governed, or whether attempts were made to comply.<br><br><br>Privacy preserving financial infrastructure threatens their ability to monitor, intervene, and ultimately, shape how value moves.<br><br>We all know this is the real issue. We've been fighting this battle, even outside financial systems, for some time. What do you think DJB went to court for?<br><br>The short term justification may be about compliance gaps which clearly have achieved some level of narrative success based on some of the responses I've seen here.<br><br>However, the point I am making is const. I'm not moving goal posts.<br><br>And, to be clear, welcome to the mud.<br><br>This is the front-line battlegrounds that cypherpunks have been continually fighting therein, and we will continue to fight until we win.<br><br>- Andrew<br><br>P.S.: To be clear, Lazarus and many other criminal groups continue to use VISA, Mastercard, ACH, SWIFT, FEDWIRE, Discover, AMEX, Checks, EBT, Bitcoin, Ethereum, and many other methods for moving money and/or storing value.<br><br>When are we going to go after these vicarious enablers? :P </sarcasm><br><br><br><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Aug 7, 2025 at 8:20 AM Howard Chu <<a href="mailto:hyc@symas.com">hyc@symas.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Howard Chu wrote:<br>
> Andrew Lee wrote:<br>
>> Howard, Peter and all readers,<br>
>><br>
>> Respectfully, I think we should be very careful about the precedent this case sets.<br>
>><br>
>> The core issue here isn’t whether privacy tools are sometimes used by bad actors as any powerful technology carries that risk.<br>
>><br>
>> The deeper concern is assigning criminal liability to the people who build foundational infrastructure, especially when it’s open source and autonomous.<br>
> <br>
> That is not what is happening here. You're still stirring sensationalist nonsense. Quit amplifying a false narrative.<br>
> <br>
>> Roman Storm wrote code.<br>
>><br>
>> That code was deployed and became immutable, operating independently on a decentralized network.<br>
>><br>
>> Hard stop.<br>
> <br>
> The authorship of the code is irrelevant to the case.<br>
> <br>
> Roman is being prosecuted because he operated a commercial enterprise, profiting off use of that code. It is brazenly<br>
> a for-profit enterprise, backed by venture capitalists. As such, that enterprise was subject to the regulations that<br>
> apply to businesses that deal in transferring money for customers.<br>
> <br>
> None of this has anything to do with the fact the code is open source.<br>
> <br>
>> With all due respect, let’s be thoughtful.<br>
> <br>
> Let's also be truthful. The facts of the case are already outlined in the article I linked previously.<br>
<br>
To be completely clear:<br>
<br>
"The government argues that characterizing Semenov’s alleged crime as merely writing code obscures his role in promoting and maintaining the Tornado Cash<br>
service, even when he knew it was being used to launder illicit proceeds from hacks.<br>
<br>
The prosecutors’ motion asserts that the Tornado Cash service was a “commercial enterprise carried on for profit or finanancial [sic] gain” and that Semenov<br>
himself profited from its operation through his control, along with others, of key components of the service.<br>
<br>
...<br>
<br>
The government further alleges that actions taken by Semenov and his co-founder Roman Storm to keep Tornado Cash running, such as payments to host the site,<br>
paying gas fees for blockchain transactions, “refusing” to implement proper anti-money laundering programs, maintaining the relayer network, and developing new<br>
features to enhance anonymity, are part of the charged conspiracy."<br>
<br>
It's not about writing code. It's not about code running autonomously. It's about explicitly funding and operating a commercial service.<br>
<br>
> They are not what your fear-mongering states. Your attempt to conflate the issue of open source development here<br>
> is the only thing that could cause harm to software developers. Stop muddying the water.<br>
<br>
-- <br>
-- Howard Chu<br>
CTO, Symas Corp. <a href="http://www.symas.com" rel="noreferrer" target="_blank">http://www.symas.com</a><br>
Director, Highland Sun <a href="http://highlandsun.com/hyc/" rel="noreferrer" target="_blank">http://highlandsun.com/hyc/</a><br>
Chief Architect, OpenLDAP <a href="http://www.openldap.org/project/" rel="noreferrer" target="_blank">http://www.openldap.org/project/</a><br>
</blockquote></div>