Senate Attaches Controversial Crypto Sanctions Bill to Must-Pass Intelligence Legislation

The Terrorist Finance Prevention Act threatens crypto freedom with new sanctioning powers. Here's why it needs urgent revisions before moving forward.

A version of the Terrorist Finance Prevention Act (TFPA) has been attached to a must-pass intelligence authorization bill in the Senate. We have not written about the TFPA before because, as a standalone bill compared with other bills at the intersection of national security and crypto, it is less damaging to civil liberties than other bills we have seen in this Congress (e.g. Senator Elizabeth Warren’s DAAMLA). Now that it is attached to a vehicle that could move by the end of the year, we feel it is imperative to share our thoughts.

The TFPA requires the President to implement significant secondary sanctions against persons in the crypto space who are involved with terrorist financing. These sanctions could apply to regulated financial institutions (e.g. custodial exchanges) but also to non-custodial entities (as the bill calls them “foreign digital asset transaction facilitators”). Thankfully, these sanctions can only be implemented against foreign persons and cannot apply to US persons who are mining, relaying, developing software, or performing other non-custodial activities in the cryptocurrency ecosystem. Also thankfully, the bill requires a showing that the persons to be sanctioned “knowingly” facilitated “significant” transactions with terrorists. These two limits to the sanctioning authority take some of the bite out of what would otherwise be a significantly anti-crypto and anti-freedom bill. Nonetheless, there are several aspects of the TFPA that still trouble us and that we would like to see addressed before it moves any further.

First, the bill could create liability for Americans who are merely using decentralized networks with no intent to enrich or otherwise transact with sanctioned entities. For example, if any foreign Bitcoin miners (or any other kind of validators on other chains) are sanctioned under this law, then an American could be liable merely for broadcasting their transaction message to the larger network if the miner who ultimately put that transaction into a block and took the mining fee from the user happened to be one of the sanctioned miners. This could be true even if the American had no knowledge or intent to have that fee go to that sanctioned person. This is just the nature of permissionless blockchains; you ask the network to validate your transaction but you don’t pick your validator. Because of that, you should not be culpable if the validator you get happens to be a sanctioned entity. To address this issue there should be an intent standard necessary to find Americans culpable for violations of the law. An American should only be culpable if they knowingly and willfully transact with a sanctioned person.

Second, the bill creates new sanctions authorities in addition to the existing authorities under the International Emergency Economic Powers Act (IEEPA). IEEPA has commonsense statutory carve-outs from the President’s authority to ban transactions for any “transactions in information.” These carve-outs, known generally as the Berman Amendments, mirror First Amendment protections for speech activities. Even without Berman Amendment carve-outs it would be unconstitutional for the President to use this law to ban the publication of code. However the statutory carve-outs afforded by the Berman Amendments help buttress constitutional rights by providing two avenues by which a challenger can argue it is being over-applied: both because the statute is self-limiting and because the Constitution limits the statute. To address this issue the law should be amended to clarify that the Berman Amendment carve-outs from IEEPA also limit presidential authority in the TFPA.

Finally, the bill requires the President to sanction anyone who fits the definitions and knowingly transacts with terrorists. The bill has only limited carve-outs from that mandatory sanctions regime for national security interests. Existing sanctions authority is permissive rather than mandatory: the President “may” not “shall.” That discretion likely provides the President with breathing room to avoid overzealous application of sanctions laws in contexts where other equities are present, for example the potential of broad sanctions to exacerbate inequality because of collateral de-risking at financial institutions. That optionality should be preserved.

Even with these improvements it is unclear why the President needs additional sanctioning power beyond the already broad authority granted by IEEPA. Without these improvements the proposed law is a trap for innocent Americans who simply want to use and build cryptocurrency technologies for good.