When the government makes it a crime for US persons to use particular open source software, or to write and publish it, yes that is an attack on software, and that is something they have done and been attempting to do, in multiple different ways. Now I’ll ask, are you familiar with specifically the actions I might be talking about when I make that claim?
No, I’ve heard no such thing, which is the entire reason I asked. I’ve seen plenty of efforts to make sure money laws still apply on a computer - but even the harshest rebukes of cryptocurrency are not about code.
How this stuff works is not a secret. All problems come from the part where money exchanges hands.
How this stuff works is not a secret. All problems come from the part where money exchanges hands.
Maybe it is a secret, because the worst abuses here are related to situations where there is no entity taking custody of funds. It is currently a felony, per US sanctions (misapplied, as the law does not actually provide for sanctions to be leveled against software), to use the privacy tool Tornado Cash, in which no money changes hands at any point, it remains yours through the whole process. No one is running it, the developers have all been arrested, but it’s just code, so it still functions. This is just one example.
It offers a service that mixes potentially identifiable or “tainted” cryptocurrency funds with others, so as to obscure the trail back to the fund’s original source.
In the movie Office Space, that might as well be what Samir and Michael find in the dictionary, under “money laundering.”
Reading the source code for this automated crime scheme is zero percent of the problem. It’s the part where you use it to build a network which performs crimes. The NSA could put up a webpage saying ‘here is how you do this, here is how we know when you’re doing this, do not do this.’
If someone implemented these algorithms in a single-player video game, no three-letter agency would come busting down doors, to censor the knowledge of how to commit fraud against the lizard queen. But it’s pretty clearly illegal to actually do it in real life with real money, now matter how many extra steps you add.
A pretty crucial element of the definition of money laundering is that the source of funds being obscured is itself a separate crime. There are many non-criminal reasons to seek financial privacy, especially in this case where the default with most cryptocurrencies is that anyone you transact with can then go browse your full transaction history, available on the public blockchain, and TC was in fact widely used for this reason. For instance people used it to make donations to Ukraine, to reduce the possibility of retaliation from Russia. I’ve personally used private cryptocurrency (though not TC) to buy a VPN subscription. It is wrong to consider privacy itself inherently criminal.
To me this is the same sort of thing as the government attacks on encryption itself in the 90s. They recognized that encryption is really powerful, and didn’t trust people to have or use that power, because it disrupts their ability to surveil. But the government doesn’t have a unilateral right to surveil us, and it doesn’t have a right to restrict our knowledge and speech related to encryption keys, including encryption keys that have come to be considered to represent ownership of “money”.
If they want to police financial crimes, well they should start actually doing that instead of attacking privacy and speech in general. In the months before the FTX collapse, when its CEO was lobbying in DC and having private meetings with the head of the SEC, there was abundant evidence that something incredibly shady was going on, but they did nothing until it blew up and there was egg on their faces. Countless cases like this, where in theory they should already have everything they need to stop fraud, but do nothing. The TC actions are similar; because the tool is powerful, it ended up useful to North Korea. So in a ham fisted reaction they sanctioned the tool as if it was a sanctionable entity, and threw the devs in prison on obviously false charges. But nothing the US did actually stopped North Korea from continuing to use it or taking their money out, it couldn’t, as again this is basically just an extension of encryption tech.
So in a ham fisted reaction they sanctioned the tool as if it was a sanctionable entity, and threw the devs in prison on obviously false charges. But nothing the US did actually stopped North Korea from continuing to use it or taking their money out, it couldn’t, as again this is basically just an extension of encryption tech.
The devs definitely did the thing which allows North fucking Korea to continue laundering money.
This was not some incidental whoopsy-daisy - what their code does is launder money. You can split hairs and insist there’s licit and illicit money laundering, but the explicit intent is to disguise where money comes from. No human person is going to smack their forehead and go ‘could that be misused?’ They knew, and they set it up in such a way that North fucking Korea can still evade sanctions, thanks to their actions, even once they are all in jail… for some reason.
The problem is still the active network doing things - not the plaintext files representing the code they run. The cybersecurity industry is aggressively open about code that could be used for evil. Proof-of-concept attacks are rewarded and encouraged. Actual fucking attacks are discouraged. Even when those attacks are “just an extension of” a proof-of-concept.
Contrast when we did ban encryption.
Surely you know that publishing the RSA algorithm used to be treated like espionage. That is what it looks like when software is restricted. The issue here is that some schmucks deployed a money-laundering tool, on the basis that some money-laundering is fine, actually. And. Maybe? Sure, okay, why not. But the negative externalities are hard to miss.
Compare Freenet. Ostensibly it’s a censorship-resistant network for anything that might be censored. In practice it’s full of child sexual abuse materials. You could post your blog on it, and some paranoid weirdos did, but in practice the only people who need that level of paranoia are criminal perverts. Anyone else present is either a random crank or a tourist.
That’s about the level of who’s disguising where their money comes from or goes, online. Most people who support Ukraine only prefer to disguise that support. Any assholes who support Russia need to disguise that support. So a support-disguising network, built to work despite any efforts by law enforcement, is fucking obviously not going to be a font of moral behavior. It primarily empowers bastards.
And efforts to stop that are still about money, not code.
Is it the software? Is it really? Or is it the shitload of money sloshing around?
“Is it”?
Yeah. Are you seeing attacks on software - or on money?
When the government makes it a crime for US persons to use particular open source software, or to write and publish it, yes that is an attack on software, and that is something they have done and been attempting to do, in multiple different ways. Now I’ll ask, are you familiar with specifically the actions I might be talking about when I make that claim?
No, I’ve heard no such thing, which is the entire reason I asked. I’ve seen plenty of efforts to make sure money laws still apply on a computer - but even the harshest rebukes of cryptocurrency are not about code.
How this stuff works is not a secret. All problems come from the part where money exchanges hands.
Maybe it is a secret, because the worst abuses here are related to situations where there is no entity taking custody of funds. It is currently a felony, per US sanctions (misapplied, as the law does not actually provide for sanctions to be leveled against software), to use the privacy tool Tornado Cash, in which no money changes hands at any point, it remains yours through the whole process. No one is running it, the developers have all been arrested, but it’s just code, so it still functions. This is just one example.
Second sentence on Wikipedia:
In the movie Office Space, that might as well be what Samir and Michael find in the dictionary, under “money laundering.”
Reading the source code for this automated crime scheme is zero percent of the problem. It’s the part where you use it to build a network which performs crimes. The NSA could put up a webpage saying ‘here is how you do this, here is how we know when you’re doing this, do not do this.’
If someone implemented these algorithms in a single-player video game, no three-letter agency would come busting down doors, to censor the knowledge of how to commit fraud against the lizard queen. But it’s pretty clearly illegal to actually do it in real life with real money, now matter how many extra steps you add.
A pretty crucial element of the definition of money laundering is that the source of funds being obscured is itself a separate crime. There are many non-criminal reasons to seek financial privacy, especially in this case where the default with most cryptocurrencies is that anyone you transact with can then go browse your full transaction history, available on the public blockchain, and TC was in fact widely used for this reason. For instance people used it to make donations to Ukraine, to reduce the possibility of retaliation from Russia. I’ve personally used private cryptocurrency (though not TC) to buy a VPN subscription. It is wrong to consider privacy itself inherently criminal.
To me this is the same sort of thing as the government attacks on encryption itself in the 90s. They recognized that encryption is really powerful, and didn’t trust people to have or use that power, because it disrupts their ability to surveil. But the government doesn’t have a unilateral right to surveil us, and it doesn’t have a right to restrict our knowledge and speech related to encryption keys, including encryption keys that have come to be considered to represent ownership of “money”.
If they want to police financial crimes, well they should start actually doing that instead of attacking privacy and speech in general. In the months before the FTX collapse, when its CEO was lobbying in DC and having private meetings with the head of the SEC, there was abundant evidence that something incredibly shady was going on, but they did nothing until it blew up and there was egg on their faces. Countless cases like this, where in theory they should already have everything they need to stop fraud, but do nothing. The TC actions are similar; because the tool is powerful, it ended up useful to North Korea. So in a ham fisted reaction they sanctioned the tool as if it was a sanctionable entity, and threw the devs in prison on obviously false charges. But nothing the US did actually stopped North Korea from continuing to use it or taking their money out, it couldn’t, as again this is basically just an extension of encryption tech.
The devs definitely did the thing which allows North fucking Korea to continue laundering money.
This was not some incidental whoopsy-daisy - what their code does is launder money. You can split hairs and insist there’s licit and illicit money laundering, but the explicit intent is to disguise where money comes from. No human person is going to smack their forehead and go ‘could that be misused?’ They knew, and they set it up in such a way that North fucking Korea can still evade sanctions, thanks to their actions, even once they are all in jail… for some reason.
The problem is still the active network doing things - not the plaintext files representing the code they run. The cybersecurity industry is aggressively open about code that could be used for evil. Proof-of-concept attacks are rewarded and encouraged. Actual fucking attacks are discouraged. Even when those attacks are “just an extension of” a proof-of-concept.
Contrast when we did ban encryption.
Surely you know that publishing the RSA algorithm used to be treated like espionage. That is what it looks like when software is restricted. The issue here is that some schmucks deployed a money-laundering tool, on the basis that some money-laundering is fine, actually. And. Maybe? Sure, okay, why not. But the negative externalities are hard to miss.
Compare Freenet. Ostensibly it’s a censorship-resistant network for anything that might be censored. In practice it’s full of child sexual abuse materials. You could post your blog on it, and some paranoid weirdos did, but in practice the only people who need that level of paranoia are criminal perverts. Anyone else present is either a random crank or a tourist.
That’s about the level of who’s disguising where their money comes from or goes, online. Most people who support Ukraine only prefer to disguise that support. Any assholes who support Russia need to disguise that support. So a support-disguising network, built to work despite any efforts by law enforcement, is fucking obviously not going to be a font of moral behavior. It primarily empowers bastards.
And efforts to stop that are still about money, not code.