Re: William was raided for running a Tor exit node. Please help if you can.

[George Herbert <george.herbert () gmail com>]

The entire question here is whether CALEA's covered entities
definition and ISP "common carrier" (not exactly, but the commonly
used term for CDA protections available, see earlier discussion)
definitions overlap.

The answer is no.  It always has been no.  Plenty of publishers and
access providers do not fall under CALEA.  The FCC and law enforcement
are aware of that.  The conflation of the two in this conversation has
not been useful or educational.

What the future might hold is an open question, but for the time
being, CDA protections are available (at least theoretically, or
arguably) for a lot of people for whom CALEA clearly is not
applicable.

CDA protections are available whether you log commenters' IP addresses
on your blog, keep long lasting web acces logs, allow unrestricted
wireless access point access without logging, or what.  Responsibility
under it does not kick in unless you're aware of or notified of an
issue, with some exceptions.  Plenty of sites do not keep logs long
and some do not log.


-george

On Thu, Nov 29, 2012 at 12:59 PM, Naslund, Steve <SNaslund () medline com> wrote:
> 1. Running open access wireless does not make you legally an ISP and if
> your open wireless is used to commit a crime you could be criminally
> negligent if you did not take "reasonable care" in the eyes of the
> court.
>
> 2. If I provide access to four or five friends, I am not an ISP and in
> fact I am responsible if they use my connection to do something illegal
> since I am the customer of record.  If you loan your car to an
> unlicensed driver and he kills someone, you are on the hook.
>
> 3. I guarantee you that if your blogging site, wiki or whatever is
> publishing content like child porn, you are going to jail.  There is no
> "ISP like protections" for that.  If you do not take action as soon as
> you know a crime is being committed, you are going to get nailed.
>
> The question in this case would be all about whether the Tor exit node
> is viewed as a device specifically enabling a criminal or something that
> was incidentally used to commit a crime.  For example, if I give you a
> hammer and you break into someone's house with it, I am probably not
> criminally negligent.  If I provided you with lock picking equipment and
> you are not a locksmith, I might be criminally negligent.  This is not
> so clear cut a case that there would not be a fight about it.
>
> Steven Naslund
>
>
>
> -----Original Message-----
> From: George Herbert [mailto:george.herbert () gmail com]
> Sent: Thursday, November 29, 2012 2:06 PM
> To: Tom Beecher
> Cc: NANOG
> Subject: Re: William was raided for running a Tor exit node. Please help
> if you can.
>
> On Thu, Nov 29, 2012 at 11:58 AM, Tom Beecher <tbeecher () localnet com>
> wrote:
> > Not really comparable.
> >
> > Speaking from a US point of view, ISPs has strong legal protections
> > isolating them from culpability for the actions of their customers. I
> > know internationally things are different, but here in the US the ISP
> > doesn't get dinged, except in certain cases where they are legally
> > required to remove access to material and don't.
> >
> > End users have no such protections that I'm aware of that cover them
> > similarly.
> >
> >
> > On 11/29/2012 2:50 PM, George Herbert wrote:
> > > On Thu, Nov 29, 2012 at 11:18 AM, Tom Beecher <tbeecher () localnet com>
> > > wrote:
> > > > Assuming it's true, it was bound to happen. Running anything , TOR
> > > > or otherwise, that allows strangers to do whatever they want is just
> folly.
> > > Such as, say, an Internet Service Provider business?
>
> There are plenty of ISPs with no or little customer contracts; anyone
> running open access wireless.  Plenty of "open access" sites with free
> accounts.
>
> And any but the largest ISPs are "end users" of upstream bandwidth.
>
> The analogy of a small free access ISP and a Tor exit node is legally
> defensible.  I know of five, six, seven that I can think of off the top
> of my head that are run by people I know, one of whom has started and/or
> been architect or operations lead for 5 or more commercial ISPs.
>
> Even more, ISP like protections are extended in the US to many "end
> user" sites such as blogging sites, Wikis, etc; where the site is
> "publishing" content but not creating it or exerting control over it,
> etc.
>
> This is US specific, and the case of a user in Austria is entirely
> unrelated to US law, but I don't know that this type of response would
> hold up in US court for these reasons.  I am going to ping my internet
> law contacts in the US and see what they think, as IANAL.
>
>
> --
> -george william herbert
> george.herbert () gmail com



-- 
-george william herbert
george.herbert () gmail com