The case involving Samourai Wallet raises a crucial issue regarding how the United States views non-custodial software and its developers. Keonne Rodriguez and William Lonergan Hill did not run a financial service or manage customer assets; they developed and maintained software that enabled users to create collaborative Bitcoin transactions while preserving privacy. Throughout the lifespan of this tool, users retained control over their keys, initiated their own transactions, and never depended on Samourai or its developers to transmit or protect value. The difference between a custodial service and a non-custodial tool is not merely a technicality; it marks the essential line that the Bank Secrecy Act, FinCEN guidance, and years of regulatory practice use to separate software creators from regulated financial intermediaries.
This distinction was reinforced by FinCEN itself. In an internal review, the agency determined that the design of Samourai did not qualify as money transmission since no third party possessed or controlled user funds. That conclusion was never shared with the defense while the prosecution promoted a theory that claimed the contrary: that developing software for user privacy was functionally the same as running a financial institution. When this analysis eventually came to light, it validated what has long been recognized within the industry and the regulatory community—that non-custodial tools lie outside the BSA’s money-transmitter framework due to the absence of third-party value transfer. The case ultimately characterized the developers as accountable for users’ independent actions despite their lack of involvement in executing, intermediating, or approving transactions. While some individuals misused the tool, as can occur with any privacy or security technology, the law has never held creators liable for such misuse. We do not consider the authors of encryption libraries, VPN protocols, or email clients as complicit in unlawful activities simply because malicious actors utilize those tools. Blurring the line between creating a tool and running a service could impose an untenable risk on anyone developing privacy-enhancing or security-critical software.
Moreover, there is a significant speech aspect to consider. Courts have consistently acknowledged that code is a form of expression, and the publication of open-source software constitutes an act of communication. When publication is treated as proof of “operation,” the legal distinction between authorship and conduct becomes obscured, threatening a wide spectrum of legitimate technologies. Any precedent suggesting that developers are liable for unforeseen downstream use would have immediate implications for cryptography, cybersecurity research, and open-source endeavors at large.
Rodriguez and Hill ultimately accepted plea deals amid considerable sentencing risks, despite the fact that governmental records undermined the primary regulatory argument of the case. Their convictions now rest on a framework that contradicts established guidance and the trajectory of federal policy since then. A pardon would align the legal outcome with the actual facts: this was about software development, not money transmission, and the involved individuals should not face criminal liability for creating code that users executed independently.
This case has already created a discernible chilling effect on developers engaged in privacy and security tool creation in the United States. Upholding the convictions would deter responsible innovation and drive essential work to jurisdictions that do not share our commitment to open research and transparent development. A pardon would rectify a clear misapplication of federal law, uphold the integrity of long-standing distinctions in financial regulation, and reaffirm that publishing non-custodial software is not—and must not become—a criminal act.
Disclaimer – This is a guest contribution by Zack Shapiro, originally published by the Bitcoin Policy Institute (BPI). The opinions expressed are solely those of the author and do not necessarily reflect the views of BTC Inc or Bitcoin Magazine.
