After Roman Storm’s conviction, can crypto policy in the United States maintain privacy?

Roman Storm’s Tornado Cash conviction reflects the same privacy-versus-security struggle seen in earlier encryption battles, legal experts say.

Despite the White House’s recent report emphasizing the significance of self-custody and individual freedoms, the conviction of Roman Storm in connection with Tornado Cash has sparked a debate about whether US authorities are restricting crypto privacy rights. Questions about criminal intent, control over immutable smart contracts, and whether privacy concerns can ever outweigh security concerns have been raised by the case, which has drawn comparisons to previous Silk Road conflicts. In the meantime, the White House is trying to get a clear taxonomy for digital assets, like a commodity or security, to show how US crypto policy discussions are still shaped by unresolved definitions and liability standards. To explore the legal implications of Storm’s conviction and the broader policy context, Magazine spoke with Joshua Chu of the Hong Kong Web3 Association, Yuriy Brisov of UK law firm Digital & Analogue Partners and Charlyn Ho of US law firm Rikka.

Magazine: Does Storm’s conviction highlight the tension between US policy recommendations on privacy rights and the way liability is assigned in crypto cases?

Chu: If I’m putting on my asset recovery lawyer hat, we always say we target the infrastructure to safeguard our clients’ interests. Crypto mixers assert that the nature of their activities does not necessarily indicate that they are always used for illegal purposes. I do a lot of these cases, and I always say that it doesn’t matter if assets are going through centralized or decentralized platforms. It is not enough to simply publish codes online just because someone claims it is a decentralized operating vehicle. In the end, laws are just laws. The real question isn’t whether we need new ones; rather, we need to know if the laws that are in place have been followed.

Brisov: I’d also like to add another Tornado Cash case, Joseph Van Loon, et al. v., to the discussion. Department of the Treasury. It was a very important case where the court found that immutable smart contracts are not property and cannot be controlled by the people who created them if they’re a purely enforceable smart contract.

One important point is: If we can prove that no one controls the technology, then it isn’t property, which means no one can own it or be held liable for it. The Storm case involving Tornado Cash is unique. In the Howey case, the “economic reality” principle said we should look not just at the form of a transaction but at its actual economic structure. If you create something with malicious intent, that changes the analysis.

Photo of Ross Ulbricht walking out of prison while holding a plant

Silk Road founder walks free after receiving a pardon from US President Donald Trump. Rosen Ulbricht In US criminal law, liability depends on both actus reus (a guilty act) and mens rea (a guilty mind). Criminal intent is demonstrated when a tool is designed to violate the law. The Silk Road case illustrates this: Ross Ulbricht argued that he wasn’t personally conducting illegal transactions, but the court found that by creating the platform with the intent for it to be used illegally, he was still liable.

The criminal intent that existed at the time of creation cannot be erased by today’s lack of control.