[00:00:00] Ray Salmond: Crypto is for everyone, not just rocket scientists, venture capitalists, and high-IQ developers. Welcome to The Agenda, a Cointelegraph podcast that explores the promises of crypto, blockchain and Web3 and how regular-ass people level up with technology.
[00:00:24] Jonathan DeYoung: Welcome to another episode of The Agenda podcast. I'm Jonathan, your host for this episode, and we are in the middle of a series of episodes that we recorded live with some fun and fascinating guests while Ray and I were at Consensus 2024 in Austin. While Ray was busy attending a panel, I caught up with Harry Halpin, who is a privacy advocate and the CEO of the Nym privacy project. He had just moderated a panel discussion titled OFAC Sanctions Compliance: The Good, the Bad and the Ugly. I asked him in our conversation about some of the takeaways of the panel, as well as what he thinks about the sentencing of Tornado Cash developer Alexey Pertsev, the implications of AI for privacy and human rights, whether central bank digital currencies are truly a privacy nightmare, and much more. Regular listeners may remember Harry because we actually had him on the show before, back in December 2023, when he was joined by Chelsea Manning to discuss privacy, security and state surveillance, as well as how Nym is fighting to keep people safe and secure. If you enjoyed that episode, you'll love this one. And if you've never heard Harry speak before, well, you're in for a treat. So, here's my interview with Harry Halpin, recorded May 29, 2024.
[00:01:40] Jonathan DeYoung: One thing I found interesting that you were discussing on the panel was the sort of struggle of you, proverbially, Nym as a privacy project, trying to figure out how to navigate the sort of waters of OFAC sanctions and not wanting to necessarily serve customers in certain countries and yadda yadda yadda. And you asked a sort of a question to the panel of what should people be doing who don't want to be caught up down the line with these sort of regulatory or sanctions issues or whatever, but who want to help people in countries where people may be sanctioned or those countries may be difficult to work in, etc. So what are some of the things — you mentioned this a bit on your panel — but what are some of the things that Nym does, or what are some of the concerns that are on your mind when you think of approaching that?
[00:02:28] Harry Halpin: Yeah. So, I think it's important to remember that as a crypto entrepreneur, as someone that runs a company, we do have to comply with regulations even if we don't personally like them because otherwise, our company could be subject to fines or even shut down. And I consider the software that we're building important enough for humanity that I don't want that our company to be shut down. That being said, the rules are pretty confusing. So, I used to be at MIT. At MIT, I, you know, met Gary Gensler when he was not yet the head of SEC. And he made it very clear that he thought all token sales were illegal. And so when I founded the company, we moved to Switzerland, and we explicitly blocked basically anyone on an OFAC list, which includes, for example, North Korea or Iran, from participating in our token sale. And then we also blocked people from the United States or people domiciled in the United States. So we treated North Americans like North Koreans, and we did that in order to remain compliant, both with federal regulations and also with federal U.S. government sanctions, even though we're a Swiss company. The fact of the matter is the U.S. government pursues sanctions compliance no matter where you're at. there's no way to get away from it. So we found it weird, but, you know, as a privacy company, when we did our token sale, we forced every single person who participated in the token sale to go through a KYC check in order to check them against the sanctions list, A) to prove that they weren't American, and B) to check them against sanctions list both in the U.S. and Switzerland because we also have to comply with Swiss law. That being said, there are, you know, it's getting more and more troublesome. For example, we have many people in Iran that would like to use our software. Iran has a lot of internet censorship. Iranians were blocked from holding our token, but they would like to use the software. And we're currently legally investigating is that even possible? You know, I think the brave women who, you know, supported the Jin Jiyan Azadî movement — Women, Life, Freedom — should be supported. But it seems like U.S. sanctions are such a blunt tool that they may make that impossible, even though the U.S. government itself funds VPNs that barely work, such as Psiphon, in order to be used by people in Iran. So I'm not really sure what the right way for it is. And I find it particularly dangerous because even though we did all this work in terms of compliance as an engineer, how do you cryptographically prove you comply, right? So, OFAC has a database on their website. We get a name, someone wants to buy a token or buy access to the VPN. We check that name against the database. How do we prove in the future that we did actually check that name? The website, the database are not cryptographically signed. Screenshots can be faked, right? It's sort of crazy. So, I would like to see more and more people basically build solutions which both preserve privacy without basically forcing developers to do unreasonable things to their users, right? Because I think people do have the right to privacy, and they do have the right to free internet access. And I feel uncomfortable, you know, we did it with a token sale, but I do feel uncomfortable with like people using the VPN. I don't think that they necessarily should be part of any kind of surveillance mechanism. The whole reason you're using a VPN or mixnet is to escape surveillance. So I think there has to be a solution here. And the panel was to discuss possible approaches and solutions.
[00:05:50] Jonathan DeYoung: So one of the things you also discussed in the panel, and it's been a big topic in everywhere crypto/privacy land, is the Tornado Cash verdict. So, what are your general thoughts on the verdict? Was it too harsh? Are they trying to send a message? Yeah, what are your thoughts on that?
[00:06:07] Harry Halpin: I mean, the verdict was definitely a surprise. I've never used Tornado Cash, nor do I know the developers personally, but I believe unless there is some kind of evidence that they willingly and willfully cooperated with U.S. sanctions evasion, such as, for example, using Tornado, they willingly let Tornado Cash be used by North Koreans to ship Bitcoin to build North Korea's nuclear program. It does seem sort of crazy that just building a piece of software that North Koreans use makes somehow the Tornado Cash developers liable. That's crazy. By that logic, you know the... I was living in France. A person from Daesh took a car in Nice and drove it into a crowd of people. So, should the car manufacturer be held liable? Or the car seller that he sold a particular car to a terrorist? Should, for example, the person that made the road be liable that someone could drive a car off that road and hit people? That just seems crazy. Yet somehow, with software, they're willing to apply that standard to developers of privacy software. To me, that's radically unfair and unreasonable. I was particularly surprised because the court case came from the Netherlands. The Netherlands, of all countries, should know the danger of excessive identity collection. When the Holocaust happened and World War Two, the Netherlands vastly exterminated most of their Jewish population, unlike, say, France, because they had a very high-tech, modern, at least in the 1930s, identity system which let the Nazis when they took over the country, track down and kill Jewish people very easily. So, you know, it seems like the GDPR, General Data Protection Regulation, and all these privacy laws coming out of Europe are meant to prevent exactly the kinds of identity-based surveillance that the Dutch judge is demanding that Tornado Cash comply with. So to me, it seems kind of historically unwise and hypocritical. And then the punishment is not proportional either. Years in jail because some guy from North Korea used your software. I mean, people in North Korea use Linux. Are you going to put Richard Stallman in jail? They probably use stolen copies of Windows. They're going to put Bill Gates in jail? That's crazy. So, we need to have some way where, you know… I don't think developers should be held liable for all use of their software and that the punishment should fit the crime. And I don't really see much of a crime here. So I think that Alex, the developer in the Netherlands, should probably appeal, and the judge just seemed to be being a lapdog of the U.S., and the U.S. just wanted to shut Tornado Cash off by placing Tornado Cash in a sanctions list. And that doesn't seem to work, either. Tornado Cash, even with all of the main developers in jail, is still running, sending, I forget, last stats I saw, $215 million have gone through it, so it’s not like it's turned off. So, I would like to see Alex take it to appeal. And I would like to see the United States drop the charges against Roman, Roman Storm, the developer they arrested in the U.S.. And I do think it's important that we support these developers and support them in their legal costs, can be very expensive, and essentially defending their right to create privacy-enhanced software. I would rather have developers funded by cryptocurrency create privacy-enhanced software than create surveillance-based ad tech. The best minds of my generation ended up working at Google and Facebook, creating a surveillance nightmare and internet that, to be honest, most people hate using. We should create a better internet. That's the vision of Web3, and I think privacy is an integral part of that vision. And if you basically put developers that work in privacy in jail for arbitrary reasons, you're creating the foundations for further surveillance and further authoritarianism, which is exactly what we don't need right now at this point in human history.
[00:09:44] Jonathan DeYoung: Do you feel like the future of privacy or the presence of privacy is being threatened with this? And people could bring in CBDCs trying to push that through also? Or do you feel like this is a blip on the radar and privacy will be just fine?
[00:10:01] Harry Halpin: Well, I mean, I am neither an optimist nor a pessimist because neither is political. Really, it's a political struggle and making code and making companies and making blockchain projects and raising money and lobbying. These are all parts of a larger political struggle for privacy. If we do not commit to that struggle, there's no guarantee that we will have privacy. Our children may very well grow up in a surveillance state, so we need to be creating these kinds of privacy-preserving solutions today and educating people about them and making sure that they're legal. So, for example, at Nym, we're working on what's called zk-nyms, zero-knowledge nyms; Nym, N-Y-M, just means name in ancient Greek. It means identifying, you know, like... A zero-knowledge nym is a technology which uses zero-knowledge proofs without creating permanent identifiers for people that people have attributes such as maybe I'm a citizen of the U.S., I'm a citizen of Switzerland, that I have KYC, they have a KYC, some sort of proof of whatever it is that you're interested in — you're over 18, you're under 18, whatever. And we think that these kinds of technologies, which allow us, as the great cypherpunk Eric Hughes said, to selectively disclose our identity to the world, are not just privacy-enhancing, they’re freedom-enhancing. They give people more freedom. And we as a society should be encouraging these technologies. And people that try to prevent these technologies from being produced are effectively against freedom and for surveillance and authoritarianism. And we need to be actively fighting those people. The Universal Privacy Alliance, which Nym co-founded with Filecoin and Electric Coin Company, otherwise the company that invented Zcash and Aztec and Aleo and others — we're really pushing very hard to make sure that privacy remains legal and that developers don't have a chilling effect from these kind of crazy, arbitrary court cases that we're seeing a really enforce the state of exception on the privacy developers, such as the Tornado Cash case. So we think, you know, we're all kind of fingers in a larger fist, which is, you know, coming together to struggle for privacy. And we hope that everyone can join us. And there's a role for everyone. Non-technical people can lobby, can educate, can use privacy-enhancing technology. Technical people can build code, inspect code, look for bugs. There's roles for everyone in this kind of larger political struggle we're in together for privacy.
[00:12:21] Jonathan DeYoung: Do you think that CBDCs are the privacy nightmare that everybody's making them out to be, or is that overblown?
[00:12:27] Harry Halpin: Currently, all the CBDC designs I've seen, with the possible exception of the EU and Swiss designs, are privacy nightmares. So, you know, we have seen a lot of pushback against CBDCs. I think that pushback is justified. And in the U.S., that pushback is primarily from the Republicans, who believe that CBDCs will be used to target and remove financial freedom from the political opposition. And we have seen that happen with, for example, the anti-COVID protest in Canada where people were cut off from financial access due to protesting, as is their right, against COVID restrictions. And it ends up historically, you know, it looks like the Canadian protesters were probably on the right side of history. We, no one knew that at the time, but that does seem to be the case. So, you know, CBDCs further centralize payments in the hands of the government and therefore allow the government to basically… just as the government can, governments, the U.S. government can put Iran and Cuba on their shit list and get them removed from the global financial order, that could happen to, for example, people that, whatever, don't believe in vaccines or, who don't believe in, maybe eat meat or, who believe the U.S. government has too much surveillance or have dissenting political beliefs. We don't want a world where people get their financial freedom restricted arbitrarily by a centralized bank, and that's what CBDCs allow. So, I do think CBDCs should be blocked. And the designs we've seen in the U.S. have been not privacy-preserving. The only privacy-preserving design we've seen from the United States has been Project Hamilton out of MIT, which uses kind of Zcash as kind of a centralized version of Zcash smart contracts. And it's an interesting design, but it looks like the MIT design is not what people are going forward with. We're seeing a preference by most governments for kind of more what I would call Chinese-style design, where the blockchain is fully transparent to the government and therefore allows centralized control and censorship of transactions. There has been some work in CBDCs that we don't know in Switzerland, with David Chaum, who's the great inventor of mixnets and Ecash. That design looks to be more privacy-preserving, but I'm not sure if it's officially adopted yet. I hope it is. So, if there is going to be a CBDC, it should at least be privacy-preserving and not allow arbitrary censorship of transactions. That being said, you know, the EU also put forward regulations on this, the EU regulations and RFP for CBDC creation. We analyze this on the Nym blog and say that the CBDC should enforce privacy, but then guess who it looks like the European Union chose to build their CBDC? It looks like they chose Amazon. I don't trust Amazon for being privacy-preserving at all. At least, that's the rumor I've heard. So, I would be very shocked if you say, oh yeah, we preserve privacy; you're going to make sure it's not just a fig leaf to cover up more technical censorship and surveillance. So overall, given the amount of damage that CBDCs can use, and given the fact that, you know, cash works pretty well and a lot of privacy, cryptocurrency pretty works well, I think tit for tat, I support the people that are against CBDCs and overall agree they shouldn't happen. And I think it's better… I'd rather see CBDCs not happen at all than see privacy being used to essentially what I call zero-knowledge-wash, to kind of whitewash an inherently centralized and dangerous technical design.
[00:15:51] Jonathan DeYoung: Why do you think that there is this anti-CBDC kind of current among Republicans? And obviously the reasons for being against it make complete sense to me. But it seems, like I imagine after 9/11 when Republicans and Democrats alike united to push through all these horrible surveillance capabilities that still exist today. So, why is it? I'm curious your thoughts because this has been on my mind. Like, why are politicians now anti-surveillance? Has something changed?
[00:16:19] Harry Halpin: Well, I think after 9/11, you know, generally, the Republican, Democratic Party were basically very much aligned under a kind of neoliberal consensus that the U.S. empire should rule supreme. Anyone that strikes against is a terrorist and should go to jail. And there was very little disagreement really between the two parties. It really didn't matter if George Bush or Clinton or Al Gore was president; there was very little substantial internal policy difference, and there was basically no foreign policy differences. Now, 20 years later, there’s huge foreign policy differences, right? So, we see the unrestricted support by the Biden administration for what looks like Israel's genocide in Gaza. Of course, you know, there’s unrestricted report from the Republicans as well. I think Nikki Haley is even personally signing missiles. So, on some level, there's still alignment. But on other levels, like the Ukraine-Russia conflict, there's a lack of alignment, right? So, you know, Trump is claiming he's going to be a peacemaker. You know, there's clearly belief from some parts of the Democratic Party and the Republican Party that China may be a new enemy. But there's disagreement on Russia, disagreement on the EU, disagreement on U.S. foreign policy, with the Republicans becoming more isolationist. And internally, you know, it was Democrats and Republicans that both pushed for greater surveillance measures. But now that the Democrats are very concerned that the Republicans will transform the U.S. into an authoritarian state, the Democrats are, ironically, pushing for more measures of authoritarian surveillance. So, you know, even when he was president, Trump was very worried that he was under NSA surveillance and that he was on the bad side of the FBI and CIA. You know, it's kind of hilarious, but as indeed, what I think Trump thought, the Republicans are worried that this approach will be used against them. And therefore, there is tremendous concern if you're the underdog, or you believe you're an underdog, that this power will be used against you. So that's why they're against it. Because there's now fairly substantial differences between the two parties. That being said, you know, I'm sure if the Republicans come to power; they will pass surveillance mechanisms against their enemies and vice versa. And what we lack in the U.S. is we lack any kind of party that's actually against surveillance and for individual rights. And so I'm hoping that maybe Robert F Kennedy or grassroots movements will push for these rights, regardless of their own personal political situations, because that's just the right thing to do. And ultimately, you want to be on the right side of history.
[00:18:47] Jonathan DeYoung: We mentioned this in our catch-up conversation for what Nym has been up to the past year, but to bring it into this conversation, we were talking about artificial intelligence, and you were talking about the dangers of — maybe it was this conversation, I might… Worlds are blending together. But the dangers of AI surveillance and how they can take a very powerful AI, presumably with quantum computing coming would be even more powerful, could take very limited pieces of information about somebody's online trail and de-anonymize somebody. So, can you speak a little bit about the potential dangers of AI surveillance, your thoughts on that? And then what does Nym do, maybe blockchain in general, to help fight back against them?
[00:19:34] Harry Halpin: Yeah. So, AI surveillance is very dangerous in so far as, as you said, very small amounts of information can be used to identify you and track you, not just track your online presence, but also, for example, be it phone-based metadata, track your physical presence, what shops you're going to when you're awake, when you're asleep, who you're with, who your talk with, who your friends are. Preferences such as sexual preferences, religious preferences, political preferences. Essentially, the whole point of surveillance is to create a kind of digital double of you that they can use to both observe and then control and predict your behavior, and maybe even nudge it and make you do what they want you to do. And AI has made that much more easy than it used to be. Without AI, you know, all this data becomes too hard to go through. It becomes too hard to unify with AI. You can unify this data and do analytics on it in a way that was simply not possible before. And the large, massive amount of big data that have been collected by surveillance can be effectively mobilized in a way that was hitherto unimaginable. So, yeah, it's very dangerous. And we think that mixnets, that's what Nym is building, provides one kind of defense. Mixnets basically add noise to data, mixing the data up, scrambling it, and then adding kind of noise to the underlying signal. And this basically makes it impossible, or at least incredibly difficult — we can even give mathematical bounds in terms of entropy on its difficulty — for AI to de-anonymize someone. We think that's very important. And everyone's very interested in funding the next AI hype coin or company. We think the real future will be in providing tools to allow people to resist surveillance, interact with the AI on landscape and terrain of their own choosing.
[00:21:17] Jonathan DeYoung: So, do you think there'll be an equal pushback of these anti-AI tools projects?
[00:21:23] Harry Halpin: I think it's going to start growing slowly but surely. I think people, including myself, are very entertained with ChatGPT. We're going to start seeing its limits. There's no silver bullet. And big data and AI are not a silver bullet for humanity's problems. They can't help us. I'm quite a fan, for example, of the work of Sandy Pentland, MIT, which shows, you know, how you can use AI to, for example, help climate change and help with economic issues. But there's no magical solution, and people should be very wary of surveillance in general. The chances of misuse of this data is higher than the chances of its use for good, particularly with the very corrupt governments you currently have in power having access to all this data. Same with very corrupt and monopolistic Silicon Valley-based companies.
[00:22:08] Jonathan DeYoung: And I guess the last question I'll ask then is on the panel today, you mentioned earlier in this conversation, that there are people in, let's say, Iran that want to be using the VPN. You're going to Ukraine soon. Can you give some examples of like the very practical use cases of how Nym, let's just use them as an example because you're from them, are being used by people on the ground, activists?
[00:22:35] Harry Halpin: So, you know, Ukraine has one of our largest tokenholder communities. And interestingly enough, we had a Telegram group where we had Ukrainians and Russians together, and so far, they're still together. And they get along, which is interesting. And I think it's because people are united by this desire for freedom. People want access to the internet. They want to also have a free country and to be left alone and to develop how they want to develop. With the Russian invasion of Ukraine, everyone's very focused on the tanks and the drones. We have to remember that it's internet-based surveillance that targets the tanks and the drones. If a target is, you know, if this surveillance is done by monitoring, for example, the internet service providers in Ukraine and the telephone system. So even though Ukraine hasn't been cut from the internet, we're fairly certain that Russia’s surveillance, the Russian government surveilles all of it, and that they can use this information to target and damage Ukrainian critical infrastructure and civilians as well. So we're, you know, we do have interest from a lot of people in Ukraine and using our technology to, you know… Russia, they probably have the whole country on lockdown. They probably see every single phone call, every byte [unintelligible] wire. So they need something that's more powerful than a standard VPN to even let them safely access the internet. And interestingly enough, they share that problem with people in Russia. If you're a Russian dissident, you know, and I was in Russia in 2017 with Moxie from Signal. And I have Russian dissident friends. You know, if you get caught, for example, doing something that the Russian government doesn't want you to do, you could easily get thrown in jail and murdered. And so people in Russia who are against the war in Ukraine or who maybe just don't really want to deal with Putin and the Putin government, they have equal desire for freedom, free access to the internet. And they're actually censored, right? So Russia is shutting down their internet. They're making VPNs illegal. So you need some kind of decentralized VPN just to allow ordinary Russian people to access the internet freely and safely and not be spied on. And we imagine that general use case will be the case in countries like Iran. And who knows what the U.S. election… there may eventually be, you know, surveillance or banning of services in the United States. We're seeing discussion of the banning of TikTok, which I disagree with. I don't understand why people should be prevented from using TikTok. Or, you know, maybe no matter who wins, if you're a Democrat, the Republicans, or you're afraid Trump's going to win, and you'll become a persecuted minority and vice versa. Biden wins again, you're a Republican, you're afraid that you may get thrown in jail or unfairly prosecuted. So we think that this VPN technology that Nym's creating, which is decentralized and it prevents AI-based surveillance, should be accessible to all people because you never know when your own government… And I bet the U.S. and Europe will start under the name of content moderation and stopping, quote-unquote, Russian propaganda, the U.S. government will start increasingly censoring and moderating, and censoring is really just a synonym for moderating people's free access to the internet. In order to preserve that free access, we will need decentralized mixnet, and Nym is honestly the only game in town, and so we think everyone will need it. Everyone in Ukraine, everyone in Russia, and everyone in Europe and the U.S.
[00:25:43] Jonathan DeYoung: Is a decentralized mixnet similar to a traditional VPN where you need a certain mass of users, and the more people are using it, the better it is for your privacy?
[00:25:53] Harry Halpin: Yeah, yeah, although that's not the case with VPNs. With VPNs, the VPN provider knows exactly what you're doing if they're centralized, right? And even a decentralized VPN… Tor, for example, doesn't actually mask your anonymity within a large group because you can statistically correlate traffic flows between the entrance, the exit of decentralized VPNs and Tor. Unlike these products, mixnets actually mix the traffic together and add noise, and this combination lets us basically provide privacy. And we provide privacy by mixing traffic, people's traffic together. So, the more people that use a network, the more private everyone is. Thus, the saying privacy loves company, which comes from Roger Dingledine from Tor. And so we expect that there'll be more, and more as more and more people use the software, math is an interesting feature, where it becomes more and more private. And also, the more people that use the software, the less mixing everyone needs to have the same level of privacy, so the faster the network will be. So it kind of scales well. It becomes better the more people that use it. And even if you're just downloading a file or watching Netflixm by very virtue of using the Nym mixnet, you're defending, for example, I don't know, human rights defenders in the Middle East from being persecuted by their own government. We think that's a great thing. So everyone can contribute, and everyone becomes more anonymous together.
[00:27:12] Jonathan DeYoung: That's why I pay for my Proton services, not to shout out a competitor.
[00:27:16] Harry Halpin: Oh no, we like Proton as well. They're down the street from us, and they're really good people, but they are centralized. So, we hope when our decentralized VPN launches, we’ll convince you to switch from Proton VPN to Nym. But we do hope to work with Proton, and we think even Proton should eventually probably turn their VPN off and support a decentralized alternative like Nym.
[00:27:35] Jonathan DeYoung: But yeah, but I pay for all my memberships, and I'm willing to pay the premium that Proton charges because I know that they subsidize the free VPN services with the paid ones.
[00:27:45] Harry Halpin: So yeah, we do the same thing. So we allow the paid customers, particularly in the Global North, to subsidize people that otherwise can't pay for it, who are, you know, human rights activists, dissidents and revolutionaries. And we think that's a good thing.
[00:27:59] Jonathan DeYoung: Sure. Well, thank you for your time, Harry. Pleasure to see you again.
[00:28:10] Ray Salmond: The Agenda is hosted and produced by me, Ray Salmond.
[00:28:14] Jonathan DeYoung: And by me, Jonathan DeYoung. You can listen and subscribe to The Agenda at Cointelegraph.com/podcasts or on Spotify, Apple Podcasts and wherever else podcasts are found.
[00:28:26] Ray Salmond: If you enjoyed what you heard, rate us and leave a review. You can find me on Twitter at @HorusHughes, H O R U S H U G H E S.
[00:28:35] Jonathan DeYoung: And I'm on Twitter, Instagram, and just about everywhere else at @maddopemadic. That's M-A-D-D-O-P-E-M-A-D-I-C.
[00:28:45] Ray Salmond: Be sure to follow Cointelegraph on Twitter and Instagram at Cointelegraph.
This podcast episode transcription was generated with the assistance of artificial intelligence (AI) technology. While we strive for accuracy, please be aware that AI-generated transcriptions may contain errors or inaccuracies.
