First they came for the socialists, and I did not speak out – Because I was not a socialist.
Then they came for the trade unionists, and I did not speak out – Because I was not a trade unionist.
Then they came for the Jews, and I did not speak out – Because I was not a Jew.
Then they came for me – and there was no one left to speak for me.
- Martin Niemöller
Will crypto return to its cypherpunk values, or will it cascade into a playground for authoritarian governments?
Tornado Cash
I am writing this post in response to the recent OFAC sanctions of Tornado Cash. Since the sanctions were placed, a developer – Alexey Pertsev – was arrested and imprisoned in Amsterdam. Just yesterday, a judge ruled that he must stay in jail for 90 days awaiting trial (without any charges). This is devastating; coding is not a crime.
In addition to this abuse of authority, many service providers have blacklisted addresses associated with Tornado Cash – not just the addresses that were sanctioned, but addresses with some arbitrary level of association. Tornado Cash developers preemptively built compliance tools so that law-abiding citizens could prove to any party that the source of their funds was legitimate. But these service providers have ignored any technical nuance and instead blanket blacklisted any users who have touched the sanctioned addresses within a series of hops – preventing any users who were simply using it for privacy or their own safety to prove their legal origins (for example, if they were donating to Ukraine while using Tornado to hide this fact from the Russian government).
As a brief aside on the compliance tools: for non-illicit users of TC, it's not about obscuring funds from everyone forever; we live in a society, and transacting with others is expected and good. It's about selectively choosing who we want to be able to see our finances, in contrast to the public ledger's default mode, which is that anyone in the world can see your entire financial history. Privacy is normal.
In the interest of blog post capacity, I don’t want to spend too much time discussing why privacy matters, why Tornado is important, and why these sanctions don’t make sense – these conversations are being had 24/7 on twitter, by the EFF and others.
But I do want to communicate why you should care.
Can the US protect our freedoms?
This commentary is US centric, but that’s only because the sanctions came from the US. It could similarly apply to any country.
While there are structures in place that are designed to protect our freedoms in the US, it is unfortunately true that the government will not protect our freedoms until we force them to do so. This is evident when we look at history through many lenses, but I'd like to highlight one lens in particular.
The origins of the crypto industry lie with the cypherpunks. Pet3rpan’s series, Before Bitcoin, is a fantastic overview of the cryptography and cypherpunk movement from the '70s through the early 2000’s. Throughout this period, several battles were fought between early cryptographers and the US government, after the government took extreme authoritarian actions to silence or otherwise punish this group. Read the posts for full effect, but here are some highlights:
- Tried to pass a bill that would allow the government access to voice, data, and all other communications at will. The section was ultimately not included after significant effort from civil liberties groups like the EFF. (it's interesting to note that it was proposed by a younger President Biden in 1991).
- The NSA tried to reclaim and classify (i.e. not allow the public to access) a series of textbooks on relatively simple cryptographic techniques from an early cypherpunk, John Gilmore. They only dropped the pursuit and surveillance after Gilmore gave his story to the press and they published it.
- Classified cryptography as munitions (!!) and anyone who released cryptographic algorithms to be a war criminal. It was only removed from the munitions list in 1996 after a series of court cases.
- Prosecuted the creator of PGP, an algorithm that could be used to send private messages to others. Dropped the case after years, when cryptography was removed from the munitions list. I know I said I would refrain from discussing why privacy is important, but I do like this snippet from Zimmerman’s (the creator’s) article Why I Wrote PGP:
If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defence contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organisations mostly have not had access to affordable military grade public-key cryptographic technology. Until now…
…PGP empowers people to take their privacy into their own hands. There’s a growing social need for it. That’s why I wrote it.
- Released the "Clipper Chip" – a manufacturing standard that encrypted data. It gave the government a backdoor into, well, everything. Fortunately, the public erupted against it.
- The NSA hid public key cryptography from the public until it was independently discovered by Diffie, Hellman, and Merkle.
Why you should care
It’s easy to forget – or never have even known – about the history of digital freedoms. Our rights are not handed to us, they’re fought for. Without these battles, we wouldn’t be able to do simple things like access internet sites securely, send and receive private text messages, or write open source cryptographic code without it being considered an act of treason.
The running theme throughout the examples above (and others) is that:
- Someone did something. Usually it included some behavior that could be considered a legal gray area. But it was also a pretty reasonable thing to do, if you understand the technology behind it and aren’t an authoritarian government.
- The government did something that was a clear overreach of power, but took advantage of the gray area.
- Cypherpunks fought back – in court, with publicity, or with code.
- The government stepped down after the public challenge.
It is abundantly clear that regulators and intelligence organizations will infringe upon our rights unless we protect ourselves. It is our responsibility to protect our own freedoms. Operating under the assumption that whatever the government does, we must obey, is operating on a faulty premise. The government often does things that are illegal, and it’s our responsibility to push back when they overstep their mandates. And if we don’t, we risk building our future on a foundation that is fundamentally authoritarian.
The fact that some freedoms are protected in the United States is the result of a perpetual dance between regulators and innovators. There is a continuous interplay between government operators proposing new frameworks for regulation, and individuals pushing back, working with regulators to understand new technologies, and ensuring that innovators have a secure and open foundation to build on. As tech keeps evolving, this will never end. But it’s an essential dance to maintain, and to continue to participate in as we invent new technologies. New technology has the ability to free us or imprison us; it is our responsibility to ensure that it’s the former.
I am hopeful that the US government will protect my freedoms in the long term, but I'm under no illusion that they'll protect them by default. It will take long, hard, deliberate work to get there. This is why I work in crypto.
What to do about it
- Donate to the EFF and / or Coin Center
- Migrate to using credibly neutral solutions where possible (self-custody, stablecoins, service providers)
- Build protocols and frontends on credibly neutral infrastructure like IPFS
- Build better UX for decentralized applications to support self hosting
- Run your own nodes!
