----- Forwarded message from "Michael Froomkin - U.Miami School of
Law" <froomkin@xxxxxxxxxxxxx> -----
From: "Michael Froomkin - U.Miami School of Law"
<froomkin@xxxxxxxxxxxxx>
Date: Thu, 29 Nov 2012 18:07:48 -0500 (EST)
To: "Naslund, Steve" <SNaslund@xxxxxxxxxxx>
Cc: NANOG <nanog@xxxxxxxxx>
Subject: RE: William was raided for running a Tor exit node. Please
help if
you can.
User-Agent: Alpine 2.00 (LRH 1167 2008-08-23)
Reply-To: froomkin@xxxxxx
On Thu, 29 Nov 2012, Naslund, Steve wrote:
1. Running open access wireless does not make you legally an ISP
and if
OK.
your open wireless is used to commit a crime you could be
criminally
negligent if you did not take "reasonable care" in the eyes of the
court.
I believe this is incorrect under US law. Do you have any support,
statutory or case law, for this claim?
2. If I provide access to four or five friends, I am not an ISP and
in
fact I am responsible if they use my connection to do something
illegal
since I am the customer of record. If you loan your car to an
unlicensed driver and he kills someone, you are on the hook.
The key word above is "unlicensed". And the other key word -- not
present
-- is "knowingly". But the analogy breaks down because you don't
need a
license to use the Internet. Consequently, in most cases you will
not
know, and cannot reasonably be expected to know, about legal
violations.
If you let your buddy use your home wireless while he's staying with
you
for the weekend, and he commits, say, a fraud, or blackmails
someone, you
are not legally responsible for any of it unless you participated
knowingly
in some way. Of course, that you didn't know may be hard and
expensive and
unpleasant to try to prove, but that's a different question.
3. I guarantee you that if your blogging site, wiki or whatever is
publishing content like child porn, you are going to jail. There
is no
Child porn is an unusual strict liability crime. If you publish or
possess
it, even unknowingly, you face real risks. As a practical matter
most
prosecutors do not bring cases against innocent victims (e.g.
someone on
AOL who gets an evil popup unexpectedly). In theory maybe they
could, but
I suspect they don't really want the test case.
"ISP like protections" for that. If you do not take action as soon
as
you know a crime is being committed, you are going to get nailed.
The question in this case would be all about whether the Tor exit
node
is viewed as a device specifically enabling a criminal or something
that
I do not think that would be the analysis under US law at all. The
first
question is mens rea. We do not charge the car rental company with
something if its car is used to rob a bank -- unless they knew in
advance
that was the plan. Cars enable criminals too.
was incidentally used to commit a crime. For example, if I give
you a
hammer and you break into someone's house with it, I am probably
not
criminally negligent. If I provided you with lock picking
equipment and
you are not a locksmith, I might be criminally negligent. This is
not
The term "criminally negligent" really has no role here. Negligence
is in
most cases a civil not a criminal offense. There are specific
crimes.
There is aiding and abetting. There may be criminal negligence in
unrelated cases where you have a duty to secure something or protect
(or
not harm) someone and fail to do so (e.g. you leave your car in a
position
to roll downhill and it hurts someone, or you are willfully blind to
a
danger to child for whom you should be caring, or you act with such
inattention so as to kill someone). But in the USA ***you have no
legal
duty to secure your wireless***. None. You can leave it open, just
as
you can leave your window open and let people enjoy what you are
playing
on your stereo (modulo public nuisance law, and copyright rules
against
some types of unlicensed public performance). Thus there can be no
negligence in leaving it open, at least absent specific knowledge
that a
person intends to do a specific thing.
so clear cut a case that there would not be a fight about it.
Steven Naslund
[...]