信息来源：Paradigm 作者：Rodrigo Seira, Amy Aixi Zhang, Dan Robinson

制裁和审查对区块链基础设施的影响 1

执行摘要

2022年8月8日，美国财政部外国资产控制办公室（OFAC）将与以太坊开源隐私协议Tornado Cash相关的某些以太坊地址添加到特别指定国民和被封锁者名单（SDN名单）2。然而，我们认为，根据目前OFAC的指导，基础设施参与者不需要作为基于风险的制裁合规计划的一部分来监测或审查这些地址。

具体来说，虽然对去中心化区块链系统和智能合约适用制裁法带来了新的法律问题，但我们认为龙卷风现金制裁和迄今为止实施的区块链地址制裁不应要求区块链技术基础设施供应商，包括建设者、资金池运营商、中继器、搜索者、排序者和验证者监测或审查涉及被封锁地址的交易。

适用主要以金融和交易为导向的经济制裁所引起的问题是，加密货币的区块生产基础层的行动（即使涉及受制裁的地址）是否相当于“促进”交易，或与任何受制裁方或受制裁方的“利益”打交道或“向其提供或...资金、货物或服务”。

我们认为，在基础设施层公开记录数据块的顺序，并不比现有的通信基础设施更 “促进”交易，或与受制裁方打交道，或向受制裁方捐款或提供服务，这些基础设施每天在世界各地传送金融信息，无论是通过互联网服务提供商、路由器、网络交换机、电子邮件和聊天程序、DDoS过滤器和其他网络安全协议。在我们看来，加密货币的基础层基础设施已经通过将基本功能分配给独立的参与者而实现了去中心化，这使得每个行为人的行为更不可能达到这个门槛。

此外，要求加密货币的基础层在遵守制裁义务的威胁下对区块进行监控或审查，可能会导致网络重组和分叉5，威胁到生态系统的生存能力。传统的通信和互联网基础设施也早已认识到类似的风险。其结果将损害国家安全利益，将区块链技术的发展推向海外，并阻碍追踪和跟踪加密货币交易的努力，这一结果与外国资产管制处的既定目标6和拜登总统在3月发布的行政命令7相悖。

制裁是阻止敌对行为者的工具，而不是破坏技术基础设施或公共产品。这对于加密货币和其他技术来说都是如此。例如，人们普遍认为，公共交换电话网络和允许全球各地的电话进行通信的交换中心不应该过滤通信和排除受制裁者。同样的说法也适用于互联网的基础设施，如传输控制协议/互联网协议（TCP/IP）和互联网服务提供商（ISP）。Crypto的基础层也不例外。

我们希望本文的分析能够缓解困扰行业参与者的不确定性，并明确制裁合规义务的范围。8 我们首先描述了加密货币的基础层及其参与者（第1节），然后讨论了OFAC的法律授权（第2节）。然后我们讨论了我们认为OFAC的合规义务至今没有要求基础层参与者监控或审查数据块顺序的公开记录的原因（第3节），对基础层参与者适用制裁合规义务的意外后果（第4节），以及美国监管机构对其他技术基础设施的历史处理（第5节）。

1. 加密货币的“基础层”

区块链可以被看作是一种时间戳服务，允许以规范的方式对数据进行排序。一个基本特征是，任何人都可以提交一大块数据，以便在区块链上打上时间戳和记录。这可以支持像比特币这样的数字资产的分类账，以及其他应用，包括消除对手方风险的无信任协议和社会协调的新机制。

像电话网络一样，加密货币的基础层的核心是作为公共产品的通信协议和技术基础设施。它的关键功能（公开记录数据块的顺序）类似于我们期望互联网基础设施的基础层所发挥的作用，即自由和准确地向公众传播信息。为了保持其效用，加密货币的基础层也必须保持其中立性。

虽然区块链的关键功能很简单，但以分布式、可扩展和安全的方式提供它的基础设施已变得越来越复杂，并随着生态系统的发展和新技术的开发而不断变化。许多区块链已经将这一过程分布在具有专门角色的各种基础层参与者之间，包括建设者、9资金池操作员、10中继器、11搜索者、12排序者、13和验证者14。

每个基础层参与者在新区块的排序和验证中都扮演着特定的角色。但正如我们在下文中进一步解释的那样，我们认为这些基础层参与者的行为不应该被解释为与受制裁的人打交道，或为其提供交易便利。与互联网协议等传统基础设施相比，区块链通过将核心计算功能分配给扮演特定角色的行为人，进一步分散了核心计算功能。我们认为，与传统的基础设施相比，去中心化使得每个单独的基础层行为者的行为更不可能需要审查。

2.美国政府在数字资产领域执行制裁有合法的国家安全利益

制裁可以成为保护美国的一个重要工具。在应对诸如DPRK这样的敌对行为者的威胁时，OFAC有一项重要的任务，即执行“基于美国外交政策和国家安全目标的经济和贸易制裁”。

同时，外国资产管制处的权力不是无限的，执行合规计划的标准是合理的“基于风险的方法”，而不是说只要有任何违反制裁的机会，就必须关闭所有的经济活动。根据《国际紧急经济权力法》（IEEPA）17和《国家紧急状态法》（NEA）18赋予总统的权力，巴拉克-奥巴马总统于2015年发布了第13694号行政命令（E.O. 13694）。19 E.O. 13694授权财政部处理危害美国或其盟国的恶意网络活动。根据这一授权，外国资产管理处实施了与网络有关的制裁计划，根据该计划，如果某些“人”或“实体”被认为是对美国国家安全或经济构成重大威胁的外国网络活动“负责或共谋”或“提供实质性协助”或“提供财政、物质或技术支助”，它可以将其列入SDN名单21。

一旦某方被确定列入SDN名单，“美国人”23 将被禁止与其进行“交易”，美国人 “拥有或控制”的被制裁方的所有财产和财产利益，或受美国管辖的财产，不得由美国人“转让、支付、出口、撤回或以其他方式处理”。

外国资产管制处在数字资产领域有执行制裁的历史。2018年11月，OFAC首次对区块链地址进行制裁，当时OFAC将伊朗国民控制的几个比特币地址列入SDN名单。26 OFAC最近还制裁了Blender.io，这是一个由几个可识别的行为者运行和控制的集中式保管加密货币混合服务。

然而，外国资产管制处在8月份突破性地将Tornado Cash字节码或智能合约（Tornado Cash协议的一个特定的、广泛使用的副本）存储在以太坊上的以太坊地址添加到SDN名单中。

由于第13694号行政命令允许财政部只对“个人”或“实体”的财产和财产利益采取行动，30 外国资产管制处对智能合约（其核心是几行字节码）的行动受到了法律分析家的质疑，并成为最近一场诉讼的主题。

3. 制裁法不应该要求加密货币基础层的参与者对数据块顺序的公开记录进行审查。

在这一节中，我们分析了直接制裁责任的两个潜在来源：(a)对受美国管辖的人进行交易或为交易提供便利，或与SDN名单上的受制裁方进行交易的执法行动；(b)可能对SDN名单本身进行补充。我们的结论是，根据目前OFAC的指导，基于风险的制裁合规计划不要求加密货币的基础层监测或审查可能包括受制裁地址的数据块。32

3a.加密货币的基础层不应该因为公开记录涉及受制裁地址的数据块的顺序而成为执法行动的对象。

当外国资产管制处将某一方列入特别敏感名单时，该受制裁方在美国境内或由 “美国人”“拥有”或“控制”的任何财产或财产利益必须被“封锁”，不得“转让、支付、出口、撤回或以其他方式交易”。 33 《经济、社会、文化权利国际公约》规定，违反这些禁令以及“导致”他人这样做是非法的。

在此背景下，外国资产管制处的立场是，禁止为违反制裁提供“便利”。35 这包括“向财产和财产利益被封锁的任何人提供任何捐助或提供资金、货物或服务，或为其提供利益。”36 外国资产管制处对这些禁令进行了广泛解读，包括美国人在直接或间接涉及受制裁国家或当事方的交易中“协助”或“支持”非美国人的情况。

尽管外国资产管制处有广泛的权力，但我们认为加密货币基础层的参与者不需要监测或审查可能包括受制裁地址的数据块，作为其基于风险的合规计划的一部分。38 这些术语在外国资产管制处的实施条例或执法行动中没有定义，因此应根据其普通含义进行解释，要求“在自己的权力范围内持有财产”或有权“治理”或 “管理”该财产，39 但基础层参与者对数字资产缺乏这种影响或权力。

Crypto的基础层参与者也不能“封锁”被制裁方的财产或财产利益。某些参与者可以被迫审查区块并不意味着他们有能力限制基础财产。适用于加密货币基础层的审查制度相当于无法报告交易；而不是“阻止”交易的能力。一笔交易是否被确认将取决于更广泛的全球网络共识，而与任何个别参与者的行为无关。例如，被一个基础层参与者屏蔽的交易可能被世界上任何地方的非审查参与者捡到，或导致网络分叉，如下文进一步讨论。

任何个人基础层参与者也不会通过发挥他们在数据块顺序的公开记录中的作用来转移被封锁的财产，即使涉及被制裁的地址。正如外国资产管制处的实施条例所澄清的，禁止“转移”被禁财产40的目的是为了捕捉转移或改变财产的合法权利的行为，历史上并不包括技术基础设施（如电话网络）的运作。41 虽然加密货币基础层的某些参与者，如矿工，因其行为而从用户那里获得费用，这些费用类似于互联网网络费或电话服务费。

我们还认为，将加密货币基础层参与者的行为解释为处理被封锁的财产，为其转移提供便利，或为被制裁方提供服务，与外国资产管制处先前的法规和执法历史不符。外国资产管制处的法规指出，“便利”不包括纯粹的文书或报告性质的活动，也不促进贸易或金融交易。42 加密货币基础层的核心功能——公开和分散地记录数据块的顺序——应得到同样的对待。此外，据我们所知，外国资产管制处通常会在主体同时负责其他应受谴责的行为（如利用金融机构作为代理人）时，提起包括便利索赔的执法行动43。

由于这些原因，我们认为基础层参与者不需要作为基于风险的制裁合规政策的一部分来监测或审查涉及受制裁地址的数据块，也不应该因为没有这样做而成为制裁执法行动的对象。44 外国资产管理处指出，“没有任何单一的合规计划或解决方案适合每一种情况或业务......并且虚拟货币行业成员的适当合规解决方案将取决于各种因素，包括所涉及的业务类型、其规模和复杂性、提供的产品和服务、客户和交易方以及服务的地理位置。 ”45 鉴于基础层参与者发挥的业务作用，在大多数情况下不涉及与客户或交易方的接触，我们认为，适当的基于风险的合规计划不需要监测或审查涉及受制裁地址的数据块。

虽然金融犯罪执法网络（FinCEN）47 的指导意见对 OFAC 没有约束力，但这一观点得到了 FinCEN 的支持，FinCEN 认为比特币矿工不是货币服务企业，“因为这些活动既不涉及可兑换虚拟货币的接受，也不涉及传输，而且不是资金传输”，48 FinCEN 认为 “如果一个人只是：a）提供货币传输者用于支持货币传输服务的交付、通信或网络接入服务，那么他就不是一个货币传输者。”49 事实上，FinCEN已经适当地认识到，矿工的职能是 “验证交易块的真实性”，而不是执行交易。

3b. Crypto的基础层活动不符合被列入SDN名单的标准

加密货币的基础层运营商不应因为未能审查包括受制裁地址的数据块而被列入SDN名单。外国资产管制处将基础层参与者列入SDN名单，需要发现他们是“实质性协助”或提供财政、物质或技术支持给任何从事受制裁网络活动的人的个人 或 实体。

这样的结论不太可能，因为首先，许多基础层活动不是由“个人”或“实体”进行的，而是由自我执行的软件代码进行的。在这些情况下，由于没有“人”或“实体 ”采取任何行动，所以没有依据来指定它们。

正如最近的例子所示，52 当外国资产管制处历史上根据各种行政命令的 “物质支持 ”条款指认当事方时，它指认的是采取极端行动的恶意行为者，如向被指认的当事方提供敏感技术或暗中代表他们输送资金。因此，基础层的活动与OFAC之前认定的足以构成物质支持的行为在本质上是不同的。

3c.加密货币的基础层运营商正在进行信息交易，根据IEEPA，这不属于OFAC的管辖范围。

对IEEPA适用于信息的进口或出口也有法定限制，这表明加密货币基础层的活动不在制裁制度的范围内。第13694号行政命令和大部分现代制裁措施是根据IEEPA颁布的，这是一部20世纪70年代的联邦法律，在发生国家紧急情况时授予总统权力。

然而，IEEPA在几个关键方面受到限制，包括对“信息”的出口。1988 年和 1994 年，美国国会通过了一系列对总统权力的限制，称为“伯尔曼修正案”，这些修正案共同规定，外国资产管制处不能管制“从任何国家进口或向任何国家出口......任何信息或信息材料。”54 这一权力限制“无论其形式或传播媒介如何”。

虽然外国资产管理处试图缩小国会规定的豁免范围，56 但美国法院最近的裁决表明，外国资产管理处对伯尔曼修正案的狭义解读并没有得到法规文本的支持。57 因此，结合上述观点，可以进一步认为，加密技术基础层的工作只是在处理信息（即使这些信息具有价值）因此可以豁免于美国根据《国际紧急状态法》颁布的制裁。

4. 在基础层施加制裁遵守义务的结果

在这一节中，我们将讨论在遵守制裁义务的威胁下，强迫底层参与者监控和筛选数据块所带来的破坏性和反作用。

基层参与者筛选涉及受制裁地址的数据块所导致的网络审查程度将取决于本文范围之外的重要技术细微差别。58 尽管如此，放弃区块链核心操作特征的中立性有可能破坏区块链的关键共识机制。

例如，如果某些审查验证者采取的立场是拒绝验证包含受制裁地址的交易的先前区块，那么网络可能会分叉。审查验证者将与非审查验证者意见相左，否认有受制裁地址的交易存在，网络将分裂成两个相互冲突的现实。另外，如果用户不同意大多数验证者审查交易的决定，用户可以通过选择不使用这些验证者来“分叉”。无论其原因是什么，网络分叉将是高度破坏性的，并破坏区块链技术的基本主张，即提供数据块顺序的普遍记录。

这种由制裁驱动的网络分裂将最终损害美国的国家安全利益。对制裁执行的恐惧可能会导致验证者和矿工等基础层参与者走向海外。这将限制美国对技术发展的影响，并对美国经济和美国的霸权产生负面影响。这些后果与拜登总统的目标背道而驰，他在3月份的行政命令中指出，“美国有兴趣确保其在负责任地开发和设计数字资产以及支撑国际金融体系中新形式的支付和资本流动的技术方面保持领先地位”。

此外，这种反应将增加监控基础层参与者的难度，包括那些作为上线和下线的参与者。随着更多的活动转移到境外，监管机构对交易所和验证人的能见度会越来越低，因为他们的报告义务会越来越少，这使得美国监管机构更难跟踪和追查非法资金。这些服务将被驱赶到其他司法管辖区，或被可能与美国及其盟友的国家安全利益对立的各方所捕获。

事实上，美国在这里开创的先例很可能会被其他国家效仿，包括那些与我们的价值观不同的国家。如果美国对基础层实行审查制度，其他国家也可能选择这样做。这可能导致外国法律对美国的加密货币进行审查，或者，每个国家都有自己的“合规”加密货币版本，由该国的验证者操作，与其他国家的版本完全隔离。目前的互联网避免了这种命运，除了有限的例外情况，对我们所有人都有好处。

5. 保持技术基础设施的中立性的重要性已被广泛认可

对加密的基础层的一个明显的比喻是互联网的基础结构。60 正如基础层的中立性对密码的有效运作是必要的一样，61 在通信网络的底层允许不受审查的信息流动是至关重要的。

从架构的角度来看，网络受益于将自由裁量权推向边缘并保持核心部分不受审查，这样信息就可以自由流动。因此，维护网络的完整性是抵制通过管辖政策决定来分裂全球通信的另一个原因，即使某些问题如制裁朝鲜有强烈的共识。在互联网信息传递今天的运作方式中，已经做出了政策决定，允许平衡网络完整性和国家利益。相比之下，通过“数据包过滤”等行动进行的互联网审查与压迫性和独裁政权有关。62 对于区块链基础设施，还有其他地方更适合裁定交易。美国监管机构的做法应该是一致的，并认识到保持加密货币基础层的中立性是最重要的。

6. 结语

OFAC将区块链地址确定为SDN名单，不应要求任何基础层参与者审查涉及被制裁地址的交易。外国资产管制处的法规要求实施基于风险的合规计划，以适应有关基础层参与者的具体活动。鉴于加密货币的基础层的作用从根本上说是公开记录数据块的顺序，不应要求参与者筛选包括受制裁地址的数据块。

在基础层适用制裁合规义务，也会对国家安全产生适得其反的影响，并将重要技术的开发推向海外，从而使保护国家利益的核心部分——加密货币交易更难跟踪和追查。

加密货币为美国和世界带来了巨大的希望。随着时间的推移，我们相信行业和监管机构可以通过合作，实现美国的言论自由、隐私和金融自由等理想。

鸣谢

特别感谢Angela Angelovska-Wilson, Katie Biber, Henley Hopkinson, Linda Jeng, Emily Meyers, Michael Mosier, Georgia Quinn, Rebecca Rettig, Gabriel Shapiro, Justin Slaughter和Sheila Warren的审查和反馈。

披露

本内容仅用于提供信息，不应作为法律、商业、投资或税务建议来依赖。情况各不相同，人们应该咨询他们自己的顾问和律师的意见。此处包含的某些信息是从第三方来源获得的。虽然取自被认为是可靠的来源，但作者没有独立核实这些信息，也不对信息的当前或持久的准确性或其对特定情况的适当性作出陈述。对任何证券或数字资产的提及仅用于说明目的，并不构成投资建议或提供投资咨询服务的提议。

脚注

1. A position paper drafted by the Crypto Council for Innovation (CCI) and Paradigm. This paper should not be relied on as legal advice. ↩
2. This action prohibited any U.S. person without a license from sending to, or receiving crypto from, the listed addresses, including the addresses where the Tornado Cash bytecode or smart contract (a specific, widely-used program that implements the Tornado Cash protocol) is stored on Ethereum. ↩
3. “Censoring” by a base layer participant would entail either excluding any transactions that involve sanctioned addresses in blocks they propose, or refusing to attest to any blocks that include such transactions. ↩
4. To be clear, our analysis solely addresses the infrastructure layer composed of the blockchain network that underlies on-chain transactions. ↩
5. A “fork” occurs when the community of a particular blockchain’s protocol makes changes to the basic set of rules, such that the chain splits. This creates a new version of the blockchain that shares history with the original, but additional blocks are no longer backward-compatible with earlier rules. ↩
6. OFAC, “Sanctions Programs and Information,” available here (noting OFAC administers sanctions “based on US foreign policy and national security goals”). ↩
7. Executive Order 14067, 87 Fed. Reg. 40881 (2022), available here. ↩
8. This paper is limited to analysis of U.S. sanctions laws. It does not address the applicability of other statutes, such as 18 U.S.C. §§ 1956, 1957, to base layer activities. ↩
9. Builders construct full blocks and send them (or their headers) to validators. ↩
10. Mining pool operators collect transactions into blocks and distribute the block headers to miners. Miners on some chains, including Bitcoin, typically do not choose what transactions they mine, and only see the block headers, not the individual transactions. See, e.g., Gert-Jaap Glasbergen, “Who is Monitoring Mining Pools?” (Aug. 21, 2020), available here. ↩
11. Relays collect bundles from searchers or builders and send them to builders or validators. ↩
12. Searchers collect transactions and bundle them together to submit to builders or relays. ↩
13. Sequencers act like builders for “rollups,” which are blockchains that are built on top of another blockchain. ↩
14. Validators include miners in proof-of-work blockchains and stakers in proof-of-stake blockchains. ↩
15. OFAC, “Sanctions Programs and Information,” (last visited Sept. 7, 2022), available here. ↩
16. See, e.g., Department of the Treasury, “A Framework for OFAC Compliance Commitments,” available here, and OFAC, “Sanctions Compliance Guidance for the Virtual Currency Industry,” (Oct. 2021), available here. ↩
17. 50 U.S.C. § 1701 et seq. ↩
18. 50 U.S.C. § 1601 et seq. ↩
19. Executive Order 13694, 80 Fed. Reg. 18077 (2015), available here. ↩
20. See Executive Order 13757, 82 Fed. Reg. 1 (2017), amending E.O. 13694, available here. ↩
21. E.O. 13694 specifically defines these terms: “the term ‘person’ means an individual or entity…the term ‘entity’ means a partnership, association, trust, joint venture, corporation, group, subgroup, or other organization.” See § 6(a)-(b). ↩
22. Id., § 1(a)(ii)(A). ↩
23. A U.S. person is generally defined as “any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States.” See, e.g., 31 C.F.R. § 560.314. ↩
24. E.O. 13694 § 1(a). ↩
25. Executive Order 13694, 80 Fed. Reg. 18077 (2015), available here, as incorporated in Executive Order 13757, 82 Fed. Reg. 1 (2017) amending the E.O., available here. See also, Stefan Reisinger, The Facilitation Prohibition (Dec. 2013), available here. ↩
26. U.S. Department of Treasury, “Treasury Designates Iran-Based Financial Facilitators of Malicious Cyber Activity and for the First Time Identifies Associated Digital Currency Addresses,” (Nov. 28, 2018), available here. ↩
27. U.S. Department of the Treasury, “U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats,” (May 6, 2022), available here. ↩
28. U.S. Department of the Treasury, “Cyber-related Designation: Specially Designated Nationals List Update,” (Aug. 8, 2022), available here (listing website, ETH addresses, including smart contract addresses, USDC addresses and “Organization Established Date 2019,” although no information was provided as to “what” the organization is). ↩
29. See, e.g., U.S. Department of Treasury, “Treasury Designates Iran-Based Financial Facilitators of Malicious Cyber Activity and for the First Time Identifies Associated Digital Currency Addresses,” (Nov. 28, 2018), available here; U.S. Department of Treasury, “Cyber-related Designations and Designations Updates,” (Nov. 8, 2021), available here (designating individuals and associated virtual currency addresses). ↩
30. E.O. 13694, as amended. ↩
31. Coin Center, “Analysis: What is and what is not a sanctionable entity in the Tornado Cash case,” (Aug. 15, 2022), available here. On September 8, a group of plaintiffs filed a federal complaint against OFAC in the Western District of Texas, challenging the sanctions of the Tornado Cash smart contracts and asking the Court to remove them from the sanctions list. In a blog post announcing Coinbase’s funding of the litigation, Coinbase CEO Brian Armstrong wrote, “Sanctioning open source software is like permanently shutting down a highway because robbers used it to flee a crime scene.” Coinbase, “Defending Privacy in Crypto,” (Sept. 8, 2022), available here. ↩
32. This paper is limited to U.S. sanctions laws. It does not address the applicability of other statutes, such as 18 U.S.C. §§ 1956, 1957, to base layer activities. ↩
33. E.O., § 1(a). ↩
34. 50 U.S.C. § 1705(a). ↩
35. See, e.g., U.S. Department of the Treasury, “A Framework for Compliance Commitments at 9-10,” (May 2, 2019), available here (identifying a common root cause of sanctions violations as “Facilitating Transactions by Non-U.S. Persons”). See also, 31 C.F.R. § 578, effective as of Sept. 6, 2022. U.S. Department of the Treasury, “Amendment to the Cyber-Related Sanctions Regulations and Associated Administrative List Updates,” (Sep. 2, 2022), available here. ↩
36. Executive Order 13694, 80 Fed. Reg. 18077 (2015), available here. See also Executive Order 13757, 82 Fed. Reg. 1 (2017) amending E.O. 13694, available here. ↩
37. See, e.g., Stefan Reisinger, “The Facilitation Prohibition,” (Dec. 2013), available here. ↩
38. E.O. 13694, § 1(a). ↩
39. “Possession” means “1. The fact of having or holding property in one’s power; the exercise of dominion over property. 2. The right under which one may exercise control over something to the exclusion of all others; the continuing exercise of a claim to the exclusive use of a material object.” POSSESSION, Black’s Law Dictionary (11th ed. 2019); see also Merriam-Webster Dictionary (“control of the ball or puck”), available here. “Control” means “[t]he direct or indirect power to govern the management and policies of a person or entity, whether through ownership of voting securities, by contract, or otherwise; the power or authority to manage, direct, or oversee .” CONTROL, Black’s Law Dictionary (11th ed. 2019). In the context of traditional banking transactions, OFAC has explained that banks, for instance, are required to block an “opening deposit” from an SDN or a request from a customer to send money to a relative on the SDN list. U.S. Department of Treasury, “Frequently Asked Questions No. 42,” (Aug. 11, 2020), available here. In other words, “[y]ou might think of the analogy of a bouncing ball,” and “[o]nce the ball starts moving, you must stop it if it comes into your possession.” Id. ↩
40. “The term ‘transfer’ means any actual or purported act or transaction, whether or not evidenced by writing, and whether or not done or performed within the United States, the purpose, intent, or effect of which is to create, surrender, release, convey, transfer, or alter, directly or indirectly, any right, remedy, power, privilege, or interest with respect to any property.” 31 C.F.R. § 578.316. ↩
41. While OFAC has brought enforcement actions against companies that provided technology services to sanctioned parties, the penalized actions amounted to direct assistance to sanctioned parties as opposed to enabling the fundamental operation of a network. See, e.g., OFAC, “OFAC Settles with SAP SE for Its Potential Civil Liability for Apparent Violations of the Iranian Transactions and Sanctions Regulations,” (April 29, 2021), available here (noting that “violations arose from SAP’s exportation of software and related services from the United States to companies in third countries with knowledge or reason to know the software or services were intended specifically for Iran”) and OFAC, “Enforcement Action against Société Internationale de Télécommunications Aéronautiques SCRL,” (Feb. 26, 2020), available here (noting that SITA knowingly provided commercial services and software that benefitted specially designated global terrorists). ↩
42. 31 C.F.R. § 538.407(a). We note that the Sudan sanctions are no longer in effect. ↩
43. See, e.g., OFAC, Enforcement Release - Sojitz (Hong Kong) Limited (Jan. 11, 2022) (finding Sojitz HK caused “multiple U.S. financial institutions to (i) engage in unauthorized financial transactions related to goods of Iranian origin in violation of § 560.206 of the ITSR and (ii) facilitate Sojitz HK’s Iran-related financial transactions that would have been prohibited if performed by a U.S. person in violation of § 560.208 of the ITSR”), available here; and OFAC, Enforcement Release - PT Bukit Muria Jaya (Jan. 14, 2021) (finding PT BMJ “caused U.S. banks to: (i) deal in the property or interests in property of a Specially Designated National or Blocked Person; (ii) export financial services to the DPRK; or (iii) otherwise facilitate export transactions that would have been prohibited if engaged in by U.S. persons in apparent violation of §§ 510.201, 510.206, and 510.211 of the NKSR”), available here. ↩
44. See, e.g., Department of the Treasury, “A Framework for OFAC Compliance Commitments,” available here, and OFAC, “Sanctions Compliance Guidance for the Virtual Currency Industry,” (Oct. 2021), available here. ↩
45. OFAC, “Sanctions Compliance Guidance for the Virtual Currency Industry,” (Oct. 2021), available here. ↩
46. We note that OFAC has stated in guidance that “All companies in the virtual currency industry, including technology companies, exchangers, administrators, miners, and wallet providers, as well as more traditional financial institutions that may have exposure to virtual currencies or their service providers, are encouraged to develop, implement, and routinely update, a tailored, risk based sanctions compliance program. Such compliance programs generally should include sanctions list and geographic screening and other appropriate measures as determined by the company’s unique risk profile.” OFAC, “Sanctions Compliance Guidance for the Virtual Currency Industry,” (Oct. 2021), available here. This guidance, which by its own admission does not have the force of law, overtly states that it is a summary of general guidelines to companies. It does not demand firms follow specific protocols, but merely states that firms are “encouraged” to build compliance programs, ones that “generally” should include “appropriate measures.” It would be a mistake to read this broad but brief language as requiring a specific action such as the destruction of the base layer. ↩
47. FinCEN, along with OFAC, is a Treasury bureau that protects the financial system from illicit use of funds and money laundering to promote national security. See FinCEN, “What We Do,” (last visited, Sept. 7, 2022), available here. ↩
48. FinCEN, “Application of FinCEN’s Regulations to Virtual Currency Mining Operations,” (Jan. 30, 2014), available here. ↩
49. FinCEN, “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies,” (May 9, 2019), available here. ↩
50. Id. ↩
51. E.O. 13694, § 1(a)(ii)(B). ↩
52. In October 2017, for instance, three entities were designated pursuant to E.O. 13224 for providing material support in the form of military equipment — including radar systems, missile design components, and navigation-related gyrocompasses — to designated Iranian entities. U.S. Department of the Treasury, “Treasury Designates the IRGC under Terrorism Authority and Targets IRGC and Military Supporters under Counter-Proliferation Authority,” (Oct. 13, 2017), available here. Similarly, in May 2018, OFAC designated the Chairman and Chief Executive of a bank for providing material support to the IRGC by using the bank to enable the IRGC to move funds from Tehran to Hizballah. Treasury Department, “Treasury Targets Iran’s Central Bank Governor and an Iraqi Bank Moving Millions of Dollars for IRGC-Qods Force,” (May 15, 2018), available here. And in June 2018, OFAC designated three entities under E.O. 13964 — at issue here — for (1) working on a project to increase the Russian FSB’s offensive cyber capabilities, (2) being a research institute with “extensive ties” to the FSB, and (3) procuring underwater equipment and diving systems for Russian agencies. U.S. Department of Treasury, “Treasury Sanctions Russian Federal Security Service Enablers,” (Jun. 11, 2018), available here. ↩
53. As of the release of new cybersecurity regulations last week, “the term ‘financial, material, or technological support,’ as used in this part, means any property, tangible or intangible, including currency, financial instruments, securities, or any other transmission of value; weapons or related material; chemical or biological agents; explosives; false documentation or identification; communications equipment; computers; electronic or other devices or equipment; technologies; lodging; safe houses; facilities; vehicles or other means of transportation; or goods. ‘Technologies’ as used in this section means specific information necessary for the development, production, or use of a product, including related technical data such as blueprints, plans, diagrams, models, formulae, tables, engineering designs and specifications, manuals, or other recorded instructions.” 31 C.F.R. § 578.306. See “Amendment to the Cyber-Related Sanctions,” (Sep. 2, 2022), available here. ↩
54. 50 U.S.C. § 1702(b)(3). ↩
55. Id. ↩
56. 31 C.F.R. § 510.213(c)(2). ↩
57. TikTok Inc. v. Trump, 507 F. Supp. 3d 92, 108–09 (D.D.C. 2020), appeal dismissed sub nom. TikTok Inc. v. Biden, No. 20-5381, 2021 WL 3082803 (D.C. Cir. July 14, 2021). ↩
58. See, e.g., Bitmex Research, “OFAC Sanctions & Ethereum PoS - Some Technical Nuances,” (Aug. 19. 2022), available here. ↩
59. Executive Order 14067, 87 Fed. Reg. 40881 (2022), available here. ↩
60. Rus Shuler, “How Does the Internet Work?” (2002), available here. ↩
61. Wired, “The WIRED Guide to Net Neutrality,” (May 5, 2020), availablehere. ↩
62. Berkman Klein Center, “The Shifting Landscape of Global Internet Censorship,” (2017), available here (analyzing global internet content restrictions, especially state-sponsored filtering through technical means). ↩