Roman Storm’s conviction over Tornado Cash has sparked a debate about whether US authorities are narrowing crypto privacy rights despite the White House’s recent report emphasizing the importance of self-custody and individual freedoms.
The case has drawn comparisons to earlier battles over Silk Road, raising questions about criminal intent, control of immutable smart contracts and whether privacy itself can ever outweigh security concerns. Meanwhile, the White House is pushing for a clear taxonomy of digital assets — commodity or security — highlighting how unresolved definitions and liability standards continue to shape US crypto policy discussions.
To explore the legal implications of Storm’s conviction and the broader policy context, Magazine spoke with Joshua Chu of the Hong Kong Web3 Association, Yuriy Brisov of UK law firm Digital & Analogue Partners and Charlyn Ho of US law firm Rikka.
The conversation has been edited for clarity and length.
Magazine: Does Storm’s conviction highlight the tension between US policy recommendations on privacy rights and the way liability is assigned in crypto cases?
Chu: If I’m putting on my asset recovery lawyer hat, we always say we target the infrastructure to safeguard our clients’ interests. There are crypto mixers that argue the nature of their activity doesn’t automatically mean they’re always used for illicit purposes.
I do a lot of these cases, and I always say that it doesn’t matter if assets are going through centralized or decentralized platforms. Just because somebody purports that it’s a decentralized operating vehicle, it doesn’t mean you’re just publishing codes out there. At the end of the day, laws are laws. The real question is not whether we need new ones, but whether existing laws have been followed.
Brisov: I would also add to this discussion another case regarding Tornado Cash, which was Joseph Van Loon, et al. v. Department of the Treasury. It was a very important case where the court found that immutable smart contracts are not property and cannot be controlled by the people who created them if they’re a purely enforceable smart contract.
One important point is: If we can prove that no one controls the technology, then it isn’t property, which means no one can own it or be held liable for it. The Storm case with Tornado Cash is different. In the Howey case, the “economic reality” principle said we should look not just at the form of a transaction but at its actual economic structure. If you create something with malicious intent, that changes the analysis.
In US criminal law, liability depends on both actus reus (a guilty act) and mens rea (a guilty mind). If you design a tool to break the law, that shows criminal intent. The Silk Road case illustrates this: Ross Ulbricht argued that he wasn’t personally conducting illegal transactions, but the court found that by creating the platform with the intent for it to be used illegally, he was still liable.
Lack of control today doesn’t erase the criminal intent at the moment of creation.
Magazine: Do you agree with crypto advocates who criticize Storm’s conviction as an attack on privacy?
Ho: I don’t think it’s accurate to frame this conviction simply as an attack on privacy. Instead, it underscores this ongoing, unresolved tension, with different stakeholders falling at different points on the spectrum of how much privacy versus how much security is acceptable.
Crypto purists argue that the technology exists to reduce the power of centralized authorities by enabling self-custody and peer-to-peer transfers without intervention. But at the same time, major banks have begun adopting crypto in ways that run counter to that original philosophy. We see the same tension play out with Tornado Cash and even discussions around central bank digital currencies (CBDCs). Privacy is a key goal, but in practice, governments and courts have consistently taken the position that privacy cannot come at the expense of public safety.
A useful analogy is encryption. When encrypted messaging platforms like WhatsApp first appeared, or when Apple refused to unlock the San Bernardino shooter’s iPhone, the same arguments were raised: individual rights to encryption versus law enforcement’s need for access. Over time, courts and regulators have developed clearer boundaries around when communications can remain private and when law enforcement can compel access. That precedent may ultimately help guide how courts think about crypto privacy tools like Tornado Cash.
Magazine: With privacy…
cointelegraph.com