Mediaboss Marketing

Storm was right about what it meant for him and his fellow creators of the app. That August, the US Treasury Department put Tornado Cash under harsh sanctions. Days later, officials in the Netherlands arrested codeveloper Alexey Pertsev. And a year later, the US Department of Justice indicted Storm and a third developer, Roman Semenov. They are charged with money laundering, violating US sanctions law, and operating an unlicensed money transmitter.

This May, a Dutch court found Pertsev guilty of money laundering and sentenced him to more than five years in prison. Semenov remains at large. Storms trial is scheduled to begin in September in New York. He faces up to 45 years behind bars.

Federal prosecutors say Storm helped the Lazarus Group launder money, even though they have presented no evidence he gave direct assistance. Storms defenders, who include blockchain technology advocates and the internet freedom group Electronic Frontier Foundation, say all he did was help create a software tool.

Storms lawyers say the First Amendment protects his actions, as for nearly three decades US courts have recognized software code as protected speech. At its heart, this prosecution represents an unprecedented attempt to criminalize the development of software, Storms lawyers argued in March in a motion to dismiss the indictment.

The dispute is technically and legally complex. But at its center is a long-running debate over whether software code is protected by the First Amendment. And the outcome could determine whether a new class of software is effectively off-limits for Americans.

In 1995, mathematician Daniel Bernstein sued the US Department of State. He said the government violated his First Amendment rights by requiring him to register as an arms dealer and apply for an export license before he could publish the source code for Snuffle, his encryption algorithm. A district court judge agreed with Bernstein, rejecting the governments argument that Snuffles code was conduct, not speech.

The Ninth Circuit Court of Appeals affirmed the lower courts decision in 1999. Several other lower court decisions in the late 1990s reached the same conclusion as in the Bernstein case. Judges viewed code as being like speech because it is written in a language and is a mode of communication its expressive.

But contrary to what many in the tech world seem to think, this legal matter isnt settled. In a dissent to the Ninth Circuits decision in Bernstein, Judge Thomas G. Nelson raised a compelling point: The basic function of encryption source code is to act as a method of controlling computers, he wrote. This functional aspect of encryption source code contains no expression; it is merely the tool used to build the encryption machine.

The code that runs Tornado Cash may be expressive, but it also functions. It instructs a blockchain network to anonymize cryptocurrency transactions by using advanced cryptography to untraceably transfer cryptocurrency from one software wallet to another. While the crypto is in the first wallet, it is linked to every transaction the wallet has ever participated in. In the second wallet, all that history is wiped away.

Crypto and privacy advocates are steadfast that encrypting transactions in this way has legitimate uses anonymous donations to a sensitive political cause, for instance. Like real cash, though, Tornado Cash also has illicit uses. The Lazarus Group used it to sweep away digital breadcrumbs that let investigators track criminal funds on blockchains.

What makes Tornado Cash new in the eyes of the law is that although Storm and the other developers knew the cryptocurrency thieves were using Tornado Cash, they couldnt stop the criminals. The core of the privacy tool is a set of smart contracts (a crypto term for software that runs on a blockchain) that no one, not even Tornado Cashs creators, can modify or shut down.

This is the whole point of blockchains: They operate free of the control of any single entity or person. Blockchain-based software can have built-in kill switches and ways for developers to make make upgrades, but the Tornado Cash developers chose to relinquish all control over the core application in 2020. They say their intention was to give cryptocurrency users privacy, not to help criminals.

Its really a question of whether you can be held criminally culpable for the bad things people do with the software you write, even if you didnt intend for them to do those bad things with that software, says Peter Van Valkenburgh, director of research at the policy advocacy group Coin Center, based in Washington, D.C.

In the Netherlands it appears the answer is yes, and Alexey Pertsev must spend more than five years in prison for it. The US Constitution makes Roman Storms case more complicated.

The sanctions law Storm allegedly broke is called the International Emergency Economic Powers Act (IEEPA). Passed in 1976, it gives the president powers to regulate international commerce in the name of national security. In 1988, Congress amended IEEPA to clarify that the president cannot block the international exchange of First Amendment-protected items including books, music, artwork, and other informational materials. This update became known as the Berman Amendments.

Storms defense team has argued that the Tornado Cash software qualifies as informational materials under the Berman Amendments. And even if that law doesnt protect Storm, they argue that the First Amendment does.

The government responds that much of Storms defense rests on a simplistic notion: that he should not be held criminally liable because his conduct involved computer software. That idea would have breathtakingly broad implications, prosecutors wrote in April in a filing with the court. For example, they said, it would keep the president from blocking an American bank with a foreign branch from doing business with a sanctioned person or group over banking software.

But the bank parallel doesnt work, argues Van Valkenburgh. Banks have legal relationships with their customers promises, guarantees, terms of service, etc. Those relationships are conduct (and not expressive conduct, like flag burning), he says, and the First Amendment doesnt prevent the government from regulating that conduct. The Tornado Cash developers had no such relationships with their users, Van Valkenburgh says. Crucially, they never took control of any user funds. As Van Valkenburgh sees it, the developers only conduct, in the legal sense, was publishing software without a backdoor that would let them control its use once it was out in the world.

The complexity of the Tornado Cash case makes it challenging to parse the arguments. But ultimately it is about who is responsible when a novel piece of software is used to break the law.

Therein lies the problem with the claim that code is speech.

If we assume all code is speech, any regulation of software will be vulnerable to a First Amendment challenge. Given the role that software plays in so many of our interactions today, thats not workable, says Xiangnong (George) Wang, a staff attorney at the Knight First Amendment Institute at Columbia University.

In a 2021 article in the Wisconsin Law Review, Wang argued that whether code is speech is no longer the right question for lawyers, judges, and lawmakers to consider. Its really about how its used, he says. What are the actual values at stake? Is it an attempt to participate in democratic discourse? To disseminate useful information to the public? Or is it to distribute a product? There wont always be clear-cut answers, Wang says. But as software becomes even more pervasive and complex even autonomous the public will have to decide what exactly the First Amendment should protect.

Decentralized software applications and AI make things even less clear-cut. But Storms lawyers are still betting they can lean hard into the First Amendment.

Van Valkenburghs organization, Coin Center, has argued that Storms choice to write and publish Tornado Cash is the expression of a powerful political and scientific viewpoint in and of itself. In other words, its arguing that systems like Tornado Cash should be allowed despite the governments distaste for them.

Some in the US Government may strongly have preferred that (the developers) would have published their code with a secret vulnerability or a backdoor for law enforcement, or simply not published their viewpoints at all, Coin Center said in brief supporting Storm. It added: The defendants cannot and should not be held liable for having merely published software as they saw fit.

Mike Orcutt is a founding editor at Project Glitch, a newsletter focused on the future of the internet. He was previously an editor at MIT Technology Review and The Block, a cryptocurrency news publication.

Read more:
A First Amendment fight for the future of the internet - The Boston Globe