In an effort to close perceived loopholes, Treasury recommends massive expansion of warrantless surveillance and power to sanction open-source software

While portions of the proposal may be workable, much will depend on how legislation is ultimately drafted

This week, the U.S. Department of the Treasury sent a letter to the heads of the Senate Banking and House Financial Services Committees following a briefing on how Hamas and terrorist groups were financing their operations. Included with the letter was a memo titled “Potential Options to Strengthen Counter-Terrorist Financing Authorities.” There were several recommendations, but three are particularly noteworthy.

We understand Treasury’s desire for tools to limit the abuse of crypto systems by enemies of the United States like Hamas and we support efforts to appropriately fill legitimate gaps in the law. We, of course, also support strong national security, but it has to be constitutional and respectful of our civil liberties. Otherwise, what are we defending? Appropriate regulation and, just as importantly, enforcement of those regulations should focus on trusted intermediaries and not on tools or their publishers. The goal, as it always is in the realm of financial regulations, should be reasonable deterrence of illicit activities. The goal cannot be ubiquitous surveillance and perfect prevention of crime. That goal would freeze the global economy with impossible compliance obligations and systematically deny even the innocent their freedom and privacy.

Treasury’s proposals begin with a vague recommendation about a new authority analogous to secondary sanctions. While vague in form, Treasury has previously advocated for limitations on certain “transmittals of funds,” a term intended to give the Treasury Department authority to stop U.S. financial institutions from engaging in certain cryptocurrency transactions. We think this proposal could look like existing measures often termed “311” and “9714” special measures. These special measures range from information-gathering and record-keeping requirements (as we saw Treasury recently impose on financial institutions interacting with mixers), to a complete prohibition on a U.S. financial institution from having a correspondent account or a payable-through account for a foreign financial institution.

A new special measure may be reasonable depending on how it’s drafted. Special measure five applies to banks and financial institutions today. We see no reason existing authorities to limit U.S. financial institutions from interacting with terrorists and criminals abroad should not include other financial institutions like centralized cryptocurrency exchanges. In addition, these actions are accompanied by a notice to the public and an opportunity for the public to comment on the proposed action. Any new special measure ought to have the same level of public input.

The recommendations go on, however, to claim to close “loopholes in Treasury authorities.” It does this by defining “virtual asset wallet providers, certain blockchain validator nodes, and decentralized finance services” as “financial institutions.” This definition would make each of these entities subject to the Bank Secrecy Act (BSA). Treasury also recommends that “DeFi service providers, noncustodial wallet providers, miners, and validators” all be treated the same as financial institutions and banks.

First, it should be noted – there aren’t loopholes in Treasury’s authorities. As we have recently explained, the BSA already gives Treasury extremely broad discretion to monitor any financial transactions and, if anything, the existing authority can already be used to go much further and potentially criminalize everyday life.

Second, many of the entities Treasury proposes regulating as financial institutions are engaged merely in the publication of software and are not in any trusted or agency-like relationship with the users of their software. Non-custodial wallet providers may simply be publishing wallet software. “DeFi service providers” may be merely publishing smart contracts and websites. Miners and validators are merely relaying transaction messages and republishing them into blocks. None of these activities involve a legal or regulated relationship between the publisher of the software or data and the user of that software or data.

As we wrote in our recent comments to the IRS, there is a justiciable and constitutional standard for the limits of financial regulation; a centuries-old standard that can tell us when regulation of crypto is and is not justified:

The existing standard, in a nutshell, asks if the person to be regulated is either an agent of the customer or a principal in a sale to the customer. The existing standard reflects common law principles of agency, privity, and fiduciary duty. These principles have worked for centuries to determine when a person is actually in a position of trust vis-a-vis their counterparty or customer and it is that position of trust that justifies regulatory oversight and legal obligation. Persons who merely make available software (or any other speech for that matter) are not in a position of trust and should never, therefore, be the target of permission-based regulation. To target them is to target our freedom of expression itself.

As with the proposed IRS broker regulations, Treasury’s proposal to treat mere publishers as financial institutions would run afoul of both our First and Fourth Amendment rights.

Finally, the recommendations also include making “blockchain nodes or other elements of cryptocurrency transactions” subject to the International Emergency Economic Powers Act (IEEPA). This authority would allow Treasury to sanction these entities, some of which may only be software. The explanation for why this is necessary includes a mention of Tornado Cash litigation, which includes a lawsuit Coin Center has filed against Treasury. While stopping short of admitting that Treasury does not currently have this authority, Treasury says that the recommended legislative action is to “resolve this issue.”

As we have also said, Tornado Cash is simply software run on the Ethereum network, and the indictments of those involved in creating it run counter to Treasury-articulated principles for financial regulation. Existing sanctions are limited to actions against persons or entities, and as Treasury notes in their recommendations, limited to designations against a “person’s property or interest in property.” No one runs Tornado Cash, Ethereum, or Bitcoin. Authorizing Treasury to sanction particular blockchain nodes or networks is not only technologically infeasible, but it would be a dramatic extension of administrative authority to sanction software and free speech. It would also not cure the constitutional deficiencies that we also raise in our suit.

So much of the analysis of these proposals will ultimately depend on how they are drafted in legislative text. These measures could be extremely problematic or potentially workable. We will be watching developments closely and look forward to working in a coordinated way with lawmakers, regulators, and the industry as Congress considers developing the details.