Paradigm's Study on Base Layer Neutrality: The Impact of Sanctions and Censorship on Blockchain Infrastructure (Base Layer Neutrality)

Authors: Rodrigo Seira, Amy Aixi Zhang, Dan Robinson

Compiled by: Skypiea

Executive Summary

On August 8, 2022, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) added certain Ethereum addresses associated with Tornado Cash (an open-source privacy protocol on Ethereum) to the Specially Designated Nationals and Blocked Persons List (SDN List). Since the announcement of this sanction, many participants in the crypto base layer have expressed concerns that they may be required to monitor or censor blocks involving SDN-listed addresses to comply with the sanctions, thereby undermining the neutrality of the base layer and compromising its integrity and core functions. However, we believe that under current OFAC guidance, base layer participants are not required to monitor or censor these addresses as part of a risk-based sanctions compliance program.

Specifically, while the application of sanctions law raises new legal questions for decentralized blockchain systems and smart contracts, we argue that the Tornado Cash sanctions and blockchain address sanctions implemented to date should not require blockchain technology infrastructure providers—including builders, pool operators, relayers, searchers, sorters, and validators—to monitor or censor transactions involving sanctioned addresses.

The issue raised by applying primarily finance- and transaction-oriented economic sanctions is whether the behavior of the encrypted block production base layer—even when involving sanctioned addresses—constitutes "facilitating" transactions or processing or "contributing" to or providing funds, goods, or services for the benefit of any "sanctioned party" or sanctioned party's "interests."

We believe that the public recording of data block sequencing at the infrastructure layer is no more "facilitating" transactions, dealing with sanctioned parties, contributing to, or providing services than the existing communication infrastructure that routes financial information daily around the world, whether through internet service providers, routers, network switches, email and chat programs, DDoS filters, and other cybersecurity protocols. In our view, the decentralized nature of encrypted base layer infrastructure, which allocates fundamental functions to independent participants, makes it less likely that the actions of any individual participant would meet this threshold.

Moreover, requiring the base layer of cryptocurrency to monitor or censor blocks threatened by sanctions compliance obligations could lead to network reorganization and forks, threatening the viability of the ecosystem. Traditional communication and internet infrastructure has long recognized similar risks. The result would undermine national security interests by pushing offshore blockchain technology development and hindering efforts to trace crypto transactions, which is contrary to OFAC's established goals and President Biden's executive order issued in March.

Sanctions are tools to deter hostile actors, not to undermine technological infrastructure or public goods. This applies to crypto and other technologies alike. For example, it is widely accepted that public switched telephone networks and exchange centers enabling global telephone communications do not filter communications and exclude sanctioned individuals. The same argument applies to the infrastructure of the internet, such as the Transmission Control Protocol/Internet Protocol (TCP/IP) and internet service providers (ISPs). The base layer of crypto is no exception.

We hope that the analysis in this paper can alleviate the uncertainty troubling industry participants and clarify the scope of sanctions compliance obligations. We first describe the crypto base layer and its participants (Section 1), then discuss OFAC's legal authority (Section 2). Next, we discuss why we believe that the current OFAC compliance obligations do not require base layer participants to monitor or censor the public record of data block sequencing (Section 3), the unintended consequences of applying sanctions compliance obligations to base layer participants (Section 4), and the historical treatment of other technological infrastructures by U.S. regulators (Section 5).

1. The "Base Layer" of Crypto

Blockchain can be viewed as a timestamping service that allows data to be ordered in a standardized manner. A fundamental feature is that anyone can submit a large block of data to be timestamped and recorded on the blockchain. This can support ledgers for digital assets like Bitcoin, as well as other applications, including trustless protocols that eliminate counterparty risk and new mechanisms for social coordination.

Like telephone networks, the core of the encrypted base layer is the communication protocols and technological infrastructure that serve as public goods. Its key function—publicly recording the sequence of data blocks—is akin to the role we expect the foundational layer of internet infrastructure to play in disseminating information freely and accurately to the public. To maintain its utility, the encrypted base layer must also preserve its neutrality.

While the key functions of blockchain are straightforward, the infrastructure that provides them in a distributed, scalable, and secure manner has become increasingly complex and continues to evolve with the development of the ecosystem and new technologies. Many blockchains have allocated processes to various base layer participants with specialized roles, including builders, pool operators, relayers, searchers, sorters, and validators.

Each base layer participant plays a specific role in the ordering and proving of new blocks. However, as we further explain below, we believe that the actions of these base layer participants should not be interpreted as dealing with sanctioned individuals or facilitating transactions. Compared to traditional infrastructures like internet protocols, blockchain further decentralizes core computational functions by allocating them to participants playing specific roles. We believe that this decentralization makes it less likely that the actions of any individual base layer participant would require scrutiny.

2. The U.S. Government's Implementation of Sanctions in the Digital Asset Space Serves Legitimate National Security Interests

Sanctions can be an important tool for protecting the United States. In addressing threats from hostile actors like North Korea, a key mission of OFAC is to enforce "economic and trade sanctions based on U.S. foreign policy and national security goals."

At the same time, OFAC's powers are not unlimited, and the standards for implementing compliance programs are that they represent a reasonable "risk-based approach," rather than requiring the cessation of all economic activity whenever there is any opportunity for a sanctions violation. Under the International Emergency Economic Powers Act (IEEPA) and the National Emergencies Act (NEA), which grant the President authority, President Barack Obama issued Executive Order 13694 (E.O. 13694) in 2015. E.O. 13694 authorized the Treasury to address malicious cyber activities that harm the United States or its allies. Under this authority, OFAC implemented a cyber-related sanctions program, under which it can identify certain "individuals" or "entities" on the SDN list if they are deemed "responsible for or complicit in" or "substantially assisting" or "providing financial, material, or technological support" for foreign cyber activities that pose a significant threat to U.S. national security or economy.

Once a party is identified on the SDN list, "U.S. persons" are prohibited from "engaging in transactions" with them, and the sanctioned party's property and interests in property that are "owned or controlled" by U.S. persons or within U.S. jurisdiction may not be "transferred," paid, exported, withdrawn, or otherwise dealt in. The prohibitions also extend to facilitating transactions, including providing "services" to any such party.

OFAC has a history of implementing sanctions in the digital asset space. In November 2018, OFAC first sanctioned blockchain addresses when it added several Bitcoin addresses controlled by Iranian nationals to the SDN list. OFAC also recently sanctioned Blender.io, a centralized custodial cryptocurrency mixing service operated and controlled by several identified participants.

However, OFAC opened new territory in August by adding Ethereum addresses storing Tornado Cash bytecode or smart contracts (a specific, widely used copy of the Tornado Cash protocol) to the SDN list. Previously, additions to the SDN list were wallet addresses owned or controlled by sanctioned individuals or entities. As noted, Blender.io also operates under centralized control.

Since E.O. 13694 allows the Treasury to act only against the property and interests in property of "individuals" or "entities," OFAC's actions against smart contracts—whose core is merely lines of bytecode—have been questioned by legal analysts and have been the subject of recent litigation.

3. Sanctions Law Should Not Require Participants in the Crypto Base Layer to Review the Public Record of Data Block Sequencing

In this section, we analyze two potential sources of direct sanctions liability: (a) enforcement actions against U.S.-jurisdictional persons engaging in transactions or facilitating transactions with sanctioned parties on the SDN list; and (b) potential supplementation from the SDN list itself. We conclude that under current OFAC guidance, a risk-based sanctions compliance program does not require the crypto base layer to monitor or review data blocks that may include sanctioned addresses.

(a) The Crypto Base Layer Should Not Be Subject to Enforcement Actions Regarding the Public Record of Data Block Sequencing Involving Sanctioned Addresses

When OFAC adds a party to the SDN list, that sanctioned party's property or interests in property within the United States or under U.S. jurisdiction must be "blocked" and may not be "transferred, paid, exported, withdrawn, or otherwise dealt in." IEEPA makes it illegal to violate these prohibitions and to "cause" others to do so.

In this context, OFAC's position is that it prohibits "assisting" violations of sanctions. This includes "providing funds, goods, or services by any person, or providing funds, goods, or services for the benefit of" blocked property and interests. OFAC interprets these prohibitions broadly, including situations where U.S. persons "assist" or "support" non-U.S. persons in transactions that directly or indirectly involve sanctioned countries or parties.

Despite OFAC's broad powers, we believe that participants in the crypto base layer are not required to monitor or review data blocks that may include sanctioned addresses as part of their risk-based compliance programs. At no point does any individual base layer participate in "owning or controlling" the property or interests in property of sanctioned individuals. These terms are not defined in OFAC's implementing regulations or enforcement actions and should be understood simply as requiring "holding property within one's power" or "governing" or "managing" property. However, base layer participants lack such influence or power over digital assets.

Participants in the crypto base layer also cannot "block" the property or interests in property of sanctioned parties. The fact that certain participants may be compelled to review blocks does not mean they have the ability to restrict the underlying property. Scrutiny applied to the crypto base layer is akin to an inability to report transactions; it is not the ability to "block" them. Regardless of the actions of any individual participant, whether a transaction is confirmed will depend on broader global network consensus. For example, a transaction filtered by one base layer participant may be picked up by non-filtering participants anywhere in the world, or could lead to a network fork, as discussed further below.

No individual base layer participant would transfer blocked property through their role in the public record of data block sequencing, even if it involves a sanctioned address. As OFAC's implementing regulations clarify, the prohibition on "transferring" blocked property targets actions that transfer or alter legal rights to property, historically excluding the operation of technological infrastructure (e.g., telephone networks). While certain participants in the crypto base layer (like miners) charge fees from users, these fees are akin to internet network fees or telephone service charges.

We also believe that interpreting the actions of crypto base layer participants as processing blocked property, facilitating its transfer, or providing services to sanctioned parties is inconsistent with OFAC's prior regulations and enforcement history. OFAC regulations state that "facilitating" does not include purely clerical or reporting activities, nor does it include further trade or financial transactions. The core function of the crypto base layer—public and decentralized recording of data block sequencing—should be treated the same. Furthermore, to our knowledge, OFAC typically takes enforcement actions when a subject is also responsible for other culpable conduct (e.g., using financial institutions as agents).

For these reasons, we believe that as part of a risk-based sanctions compliance policy, base layer participants are not required to monitor or review data blocks involving sanctioned addresses, nor should they be subject to sanctions enforcement actions for failing to do so. OFAC's guidance suggests using a "risk-based approach" to design compliance programs. OFAC notes that "there is no one-size-fits-all compliance program or solution for all situations or businesses… [and] [a] member of the virtual currency industry will depend on various factors, including the type of business involved, its size and complexity, the products and services offered, the customers and counterparties, and the geographic locations served." Given that the operational roles of base layer participants typically do not involve contact with customers or counterparties, we believe that an appropriate risk-based compliance program does not require monitoring or reviewing data blocks involving sanctioned addresses.

Although the Financial Crimes Enforcement Network (FinCEN) guidance is not binding on OFAC, this view is supported by FinCEN's determination that Bitcoin miners are not money services businesses "because these activities do not involve 'accepting' or 'transmitting' convertible virtual currency and are not money transmission" and FinCEN's findings that "if the person only: a) provides delivery, communication, or network access services used by money transmitters to support money transmission services, then that person is not a money transmitter." In fact, FinCEN has appropriately recognized that the function of miners is to "validate the authenticity of transaction blocks," not to execute transactions.

(b) Crypto Base Layer Operators Should Not Be Added to the SDN List for Failing to Review Data Blocks Containing Sanctioned Addresses

Crypto base layer operators should not be added to the SDN list for failing to review data blocks containing sanctioned addresses. For OFAC to add base layer participants to the SDN list, it must find that they are "individuals" or "entities" that "provide material assistance" or "provide financial, material, or technological support" to anyone engaged in sanctioned cyber activities.

Such a finding is unlikely because, first, many base layer activities are not performed by "persons" or "entities," but rather executed by automated software code. In these cases, there is no basis to designate them, as no "person" or "entity" is taking any action.

As recent examples have shown, when OFAC has historically designated parties under various executive orders' "material support" provisions, it has designated malicious actors taking extreme actions, such as providing sensitive technology to designated parties or secretly transferring funds on their behalf. This is distinct from the function of the crypto base layer, which provides neutral open-source software to validate information and publish it to the blockchain. Therefore, base layer activities differ in kind from activities previously found by OFAC to constitute material support.

(c) Crypto Base Layer Operators Are Handling Information That Is Outside OFAC's Jurisdiction Under IEEPA

Applying IEEPA to the input or output of information also presents statutory limitations, indicating that the activities of the crypto base layer fall outside the scope of the sanctions regime. E.O. 13694 and most modern sanctions are promulgated under IEEPA, a U.S. federal law from the 1970s that grants the President powers during national emergencies.

However, IEEPA is limited in several key respects, including the output of "information." In 1988 and 1994, Congress passed a series of laws known as the Berman Amendments that restrict presidential powers, collectively stating that OFAC cannot regulate "the importation of any information or informational materials from any country, or the exportation of any information or informational materials to any country." This limitation on power exists "regardless of the format or medium of transmission."

Although OFAC has attempted to narrow the scope of the exemptions enacted by Congress, recent court rulings indicate that the regulatory text does not support OFAC's narrow interpretation of the Berman Amendments. Therefore, along with the points above, it can be further argued that the work of the crypto base layer is merely processing information—even if that information has value—thus falling outside the sanctions imposed by the U.S. under IEEPA.

4. Consequences of Sanctions Compliance Obligations for the Base Layer

In this section, we will discuss the destructive and counterproductive consequences of forcing base layer participants to monitor and filter data blocks under the threat of sanctions compliance obligations.

The degree of network censorship resulting from base layer participants filtering data blocks involving sanctioned addresses will depend on significant technical nuances beyond the scope of this paper. Nevertheless, sacrificing the neutrality of the core operational characteristics of blockchain could undermine the critical consensus mechanisms of the blockchain.

For example, if certain censoring validators take the position of denying the proof of previous blocks that include transactions with sanctioned addresses, the network may fork. Censoring validators would oppose non-censoring validators by denying the existence of transactions with sanctioned addresses, leading the network to split into two conflicting realities. Alternatively, if users disagree with the decision of the vast majority of validators to censor transactions, they may "fork" them by choosing not to use those validators. Regardless of the reason, network forks will be highly destructive and undermine the fundamental value proposition of blockchain technology, which is to provide a universal record of data block sequencing.

Such sanction-driven network splits would ultimately harm U.S. national security interests. The fear of sanctions enforcement may drive base layer participants, such as validators and miners, offshore. This would limit U.S. influence over technological development and negatively impact the U.S. economy and its hegemony. These consequences run counter to President Biden's goals, as he stated in his March executive order that "the United States is interested in ensuring that it remains at the forefront of responsible digital asset development and design, as well as the technologies that underpin new forms of payment and technology in the international financial system."

Moreover, such a reaction would increase the difficulty of monitoring base layer participants, including those acting as entry and exit points. As more activities shift offshore, regulators' visibility into exchanges and validators will diminish, as they will have fewer reporting obligations, making it harder for U.S. regulators to trace and track illicit funds. These services will be transferred to other jurisdictions or captured by parties that may be antagonistic to U.S. and allied national security interests.

In fact, the precedent set by the U.S. here is likely to be emulated by other countries, including those with differing values from ours. If the U.S. censors the base layer, other countries may choose to do so as well. This could lead to foreign laws pushing for censorship of cryptocurrencies in the U.S., or each country having its own "compliant" version of cryptocurrency operated by that country's validators, completely isolated from versions in other countries. The current internet has avoided this fate, with few exceptions, which benefits us all.

5. The Importance of Maintaining Neutrality in Technological Infrastructure Is Widely Recognized

An obvious analogy for the crypto base layer is the underlying infrastructure of the internet. ISPs utilize protocols like TCP/IP to collect and send packets of information between users. Just as the neutrality of the base layer is essential for the effective operation of crypto, allowing unfiltered information flow at the foundational level of communication networks is crucial.

From an architectural perspective, networks benefit from pushing discretion to the edges and keeping the core unfiltered so that information can flow freely. Thus, maintaining the integrity of the network is another reason to resist the imposition of jurisdictional policies that would undermine global communication, even if there is strong consensus on sanctions against certain issues like North Korea. Policies have been formulated to balance network integrity with national interests in the way that today's internet messaging functions. In contrast, internet censorship conducted through actions like "packet filtering" is associated with oppression and authoritarian regimes. For blockchain infrastructure, there are other venues more suitable for adjudicating transactions. U.S. regulators should maintain consistency in their approach and recognize that preserving the neutrality of the crypto base layer is vital.

6. Conclusion

OFAC's identification of blockchain addresses on the SDN list should not require any base layer participants to review transactions involving sanctioned addresses.

OFAC regulations require the implementation of risk-based compliance programs tailored to specific activities relevant to base layer participants. Given that the role of the crypto base layer is fundamentally to publicly record the sequence of data blocks, participants should not be required to filter blocks containing sanctioned addresses.

Implementing sanctions compliance obligations at the base layer would also have counterproductive national security implications and drive significant technological development offshore, making it more difficult to trace and track core crypto transactions that protect national interests.

Cryptocurrency holds great promise for the U.S. and the world. Over time, we believe that the industry and regulators can work together to realize the ideals of free speech, privacy, and financial freedom in the United States.

Acknowledgments

Special thanks to Katie Biber, Henley Hopkinson, Linda Jeng, Emily Meyers, Michael Mosier, Georgia Quinn, Rebecca Rettig, Gabriel Shapiro, Justin Slaughter, and Sheila Warren for their reviews and feedback.