[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: ATTN: for-profit Tor operators

On 11/25/05, Mike Perry <mikepery@xxxxxxxxxx> wrote:
> Thus spake Anthony DiPierro (or@xxxxxxxxx):
> > On 11/25/05, Mike Perry <mikepery@xxxxxxxxxx> wrote:
> > All that said, I'm not sure there is much threat by copyright law
> > (including the DMCA) in being a Tor operator.  About the only time I
> Yeah, this is probably true. I think this is why the EFF is so sure it
> could win a DMCA case. But I agree it would probably be very unlikely
> that a DMCA notice against a Tor node would ever make it to court, esp
> since the supplied EFF letter to ISPs is already pretty close to a
> DMCA put-back notice
> (http://www.chillingeffects.org/dmca512/faq.cgi#QID132).
Well, read below for more explanation, but I really don't even know
what it means for "a DMCA notice against a Tor node" to "make it to

> > could see it coming into play is if you're supporting a hidden service
> > which has copyright infringments on it.  Then, if you've registered as
> > an ISP under the DMCA, you might have to disable access to that hidden
> > service (assuming this is possible - I figure it must be possible to
> > at least disable it for whoever is doing the DNS resolution).  If
> > you're not registered as an ISP under the DMCA, well, then you don't
> > get the protections of the DMCA.  The CDA might still kick in, but
> > it'd probably be a good idea to register under the DMCA anyway.
> Your points about registering as a service provider are very
> interesting. Is this a common practice of Tor operators? Is it even
> possible? http://www.copyright.gov/onlinesp/ is nearly unreadable
> bureaucrat-ese, and it seems like they still haven't set up the red
> tape for a proper process yet, referring to this "interim" nonsense..
> Also registering with the government for anything like this rubs me
> the wrong way on principle, since I do not agree with the DMCA in the
> first place. Registering seems to be a second-order endorsement of it
> somehow.. Not to mention my belief that a "service provider" should be
> a legal definition in the DMCA itself rather than some tangle of red
> tape and "official iterim" database lists..
Frankly, I think you are basing this on a misconception as to what the
DMCA is, one which in my opinion has been propagated in part by the
EFF (though Slashdot and some other techie media companies can be
blamed for a lot of it too).

The DMCA (specifically, the OCILLA) provides a defense against certain
types of copyright infringement.  Before the DMCA and the CDA, there
was a good chance an ISP could lose a lawsuit for direct and/or
contributory and/or vicarious copyright infringement simply for being
an ISP.  The DMCA (OCILLA) came in and gave ISPs a positive defense,
*if* they follow certain rules.

Yes, there are other parts of the DMCA other than OCILLA.  There are
parts about circumvention of copyright protections, and there are
parts giving certain subpoena powers which otherwise wouldn't be
available (this part is technically part of OCILLA, I believe).  Some
parts are bad (in my opinion), and some of them might even be
unconstiutional (especially the subpoena powers), but the parts that
are relevant to Tor (again, in my opinion) are a good thing.

One relevant case to look at is RIAA vs. Verizon.  See

As for your "belief that a 'service provider' should be a legal
definition in the DMCA itself", I believe this is actually the case,
but having not registered for myself or any other entities, I can't
say for sure.

> Lasly, if I am registered as a service provider, presumably I would
> get complaints and takedown notices directly. Who do I deliver them
> to? They would basically just have to go in the trash. I guess this
> might be your point, but it just seems so insanely pointless and more
> likely to irritate someone who is accustomed to being handled by the
> bureaucracy for a bit before being ignored :)
Depends on why you get the takedown notice.  As I alluded to, the only
place I can see them being useful is in the case of a hidden service,
in which case you should probably do whatever you can to
"expeditiously disable access to the work".  Otherwise (although you
could argue even in the case of a hidden service), the information is
just passing through the ISPs network (something the DMCA calls
"transitory network communications"), and "there are no takedown
provisions", "even if it is infringing and they know it"
 Should you then throw them in the trash otherwise?  Well, it might be
smarter to send back a letter explaining why the takedown notice is
not applicable.  You might even want to cite RIAA vs. Verizon which
says "any notice to an ISP concerning its activity as a mere conduit
does not satisfy the condition of § 512(c)(3)(A)(iii) and is therefore

So, I actually misspoke when I said "If you're not registered as an
ISP under the DMCA, well, then you don't get the protections of the
DMCA."  You still do get some of the protections, such as the ones for
"transitory network communications".  Maybe this is all you need. 
It'd be nice if someone with more knowledge of OCILLA (and the Tor
protocol) would clarify.

A lot of people misunderstand "DMCA takedown notices", thinking that
they are used for violations of the DMCA.  But more often the
infringement involved is regular old copyright infringement.  The
takedown notice provides the ISP with "actual knowledge" of the
infrinement, and therefore the ISP no longer has "safe harbor" under
OCILLA to defend against a copyright infringement case.  Even that
doesn't mean they are necessarily guilty of anything, though.  To
quote Wikipedia again, "Even if a removal is found not to be
'expeditious' within the meaning of the law and the so-called 'safe
harbor' under the DMCA is lost, in many cases the ISP may still be
protected" (for example, under the CDA, another bad law with some good
provisions in it).

> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs