Privacy enables legitimate commerce.

The Roman Storm case asks whether a tool builder is responsible for how someone misuses their tool.

In business brokerage, we ask a related but different question: how do we build a framework that makes misuse costly enough that legitimate buyers self-select, and bad actors stay out?

I'm deep into redlining Wolf Creek Ranch's standard non-disclosure agreement. The document every prospective buyer is required to sign before they're permitted access to the data room. Dense stuff. Pages of legalese about what happens if someone misuses what we share with them.

I need a break.

To go for a mental walk, I started reading about Roman Storm. His most recent hearing was two weeks ago, on April 9, 2026, before Judge Katherine Polk Failla: a motion for acquittal on all remaining charges.

Roman Storm is the founder of Tornado Cash, a crypto protocol (software program) that launched in 2019. It was designed to let people move cryptocurrency in a way that obscures who sent what to whom.

Financial privacy, essentially, baked into opensource code.

The government's theory is that Roman built the tool and is therefore responsible for every bad actor who used it.

Last fall in 2025, he was convicted on one charge: conspiracy to operate an unlicensed money-transmitting business. But the jury deadlocked on the more serious counts of money laundering and sanctions violations. The split verdict was telling. Twelve Americans heard four weeks of evidence and couldn't agree that writing code was the same as running a criminal enterprise.

At one point during the most recent hearing, the prosecutor argued that the presence of criminal funds inside Tornado Cash had "dirtied" the funds of innocent users as well because those innocent transactions had, in the government's view, helped conceal the nefarious transactions alongside them.

It was reported that audible gasps were heard in the courtroom.

Link to the journalist's article summarizing the hearing here.

Guilty until proven innocent? Is that what the prosecutor was saying? The implication seemed to be that private transactions themselves are inherently suspect, that the act of seeking financial privacy is evidence of something to hide.

That's a remarkable thing for the government to argue. And it has sent me down a rabbit hole.

Roman's defense team cited case law from the supreme court dating back to 1940, during prohibition: United States v. Falcone.

Read that precedent here.

A wholesaler named Falcone had sold large quantities of sugar — legally — to distributors who ultimately supplied bootleggers. The prosecutor argued Falcone should be treated as a co-conspirator to bootlegging because he knew, or should have known, how the sugar would be used.

The central question, as the court framed it, was whether a seller of goods that are legal in themselves becomes a conspirator with the buyer simply by knowing the buyer intends to use those goods unlawfully. The court's answer was no. Selling a legal product, even knowing it might be misused, does not make the seller a party to the conspiracy that does the misusing.

What's required is actual agreement, actual concert of action, between the seller and the criminal scheme. Suspicion isn't enough. Proximity isn't enough. Selling more sugar when the stills are running isn't enough.

Roman's attorneys invoked this logic in their argument for his acquittal. Tornado Cash operated without Storm's custody or control over any user's funds. Storm wrote the code. Someone else moved the dirty money. Users always maintained total control of their own assets and most never engaged in any nefarious activity.

Eric Hughes had something to say about this.

On March 9, 1993, Eric Hughes published A Cypherpunk's Manifesto. It's about 700 words long.

Read it if you haven't.

He understood something about information that feels newly urgent: that once released, it cannot be recalled. The only defense against unwanted disclosure is to control it at the source. To build systems that don't release information unless the right conditions are met.

Eric drew a distinction that cuts to the heart of Roman Storm’s case: privacy is not secrecy. An anonymous transaction system, he argued in 1993, is not a secret transaction system. It is one that lets individuals reveal their identity when they want to, or need to, and only then.

Tornado Cash is, in a very real sense, the thing Eric was describing in 1993. A tool for private transactions on a public ledger. Allowing participants to choose what to reveal, and to whom.

Which brings me back to the NDA on my desk.

When a business owner lists with Wolf Creek Ranch, they extend an enormous act of trust. They hand over their revenue figures, their customer lists, their lease terms, their staff composition, often the most personal financial details of their life.

That information, in the wrong hands, is a weapon. A bad actor could approach key employees directly, spook the deal, and walk away with intelligence they never paid for.

The NDA is the mechanism that makes a transaction possible at all. Without it, most deals never start, not because sellers are secretive, but because the information is too valuable to release without a framework protecting it.

The NDA is the legal structure that enables selective disclosure: 1) here is what I'm sharing, 2) here is who you're permitted to share it with, 3) here is what happens if you betray that agreement.

I'm going to close the browser and get back to the redline now. It feels a little less tedious than it did an hour ago.