Hi Wendy, I was in a meeting today wherein Tom Ristenpart explained to the University of Wisconsin network people why he needed to run an exit relay to support his research. One of the concerns they raised was whether a Tor exit would endanger their agreements with the copyright mafia, per the new 2008 law where universities agree to enforce the copyright mafia's goals in exchange for federal funding. Do you know any details here? My guess is it's another case of "they say you have to have a policy, but they don't say the policy has to do anything". That said, I noticed the word 'effectively' in it. I'm cc'ing some existing exit relay operators in case they've encountered this issue (or if they haven't but I have just worried them ;) --Roger ----- Forwarded message from Thomas Ristenpart <rist@cs.wisc.edu> ----- Date: Tue, 12 Mar 2013 16:07:05 -0500 From: Thomas Ristenpart <rist@cs.wisc.edu> To: Roger Dingledine <arma@mit.edu> Subject: Higher education act http://net.educause.edu/ir/library/pdf/EPO0938.pdf ----- End forwarded message -----
Thanks Roger, On 03/12/2013 06:12 PM, Roger Dingledine wrote:
Hi Wendy,
I was in a meeting today wherein Tom Ristenpart explained to the University of Wisconsin network people why he needed to run an exit relay to support his research.
One of the concerns they raised was whether a Tor exit would endanger their agreements with the copyright mafia, per the new 2008 law where universities agree to enforce the copyright mafia's goals in exchange for federal funding.
Yes, the HEOA (Higher Education Opportunity Act). I've been concerned for some time that the law indirectly reshapes Internet architecture to be more friendly to copyright enforcement than communications. I don't believe it requires higher education institutions to block research, but many of them have interpreted it that way because it's easier.
Do you know any details here? My guess is it's another case of "they say you have to have a policy, but they don't say the policy has to do anything". That said, I noticed the word 'effectively' in it.
The law's "effectively combat the unauthorized distribution of copyrighted material," doesn't mean "completely prevent, at the cost of a great deal of non-infringing activity." I'll reach out to Educause, who have done some work on HEOA policies.
I'm cc'ing some existing exit relay operators in case they've encountered this issue (or if they haven't but I have just worried them ;)
For my research and ongoing conversations in Washington, I'm very interested to know about others who have heard this justification for network-restriction. --Wendy
--Roger
----- Forwarded message from Thomas Ristenpart <rist@cs.wisc.edu> -----
Date: Tue, 12 Mar 2013 16:07:05 -0500 From: Thomas Ristenpart <rist@cs.wisc.edu> To: Roger Dingledine <arma@mit.edu> Subject: Higher education act
http://net.educause.edu/ir/library/pdf/EPO0938.pdf
----- End forwarded message -----
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Policy Counsel, World Wide Web Consortium (W3C) Fellow, Berkman Center for Internet & Society at Harvard University Visiting Fellow, Yale Law School Information Society Project http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
On Tue, Mar 12, 2013 at 06:43:42PM -0400, Wendy Seltzer wrote:
For my research and ongoing conversations in Washington, I'm very interested to know about others who have heard this justification for network-restriction.
We've considered HEOA requirements, though the act doesn't directly apply to us as written (we have no students), only in spirit. We didn't re- engineer or add restrictions to our network, but doing so was suggested. The HEOA does apply directly to most of our USA-based member or affiliate institutions, as they are degree-granting universities with graduate programs in atmospheric, oceanic and related sciences (e.g., Harvard, Yale, Univ. of California, Berkeley), and hence have students. Our member institutions do send us student and faculty visitors, plus a large number of post-doctoral researchers, some of whom become staff here, or researchers at other member institutions. For that reason, I'm personally concerned with the HEOA, in spirit. The HEOA also applies to many of our peer institutions who are members of the Front Range GigaPOP (FRGP, www.frgp.net). The discussions I'm aware of within the FRGP community necessarily left HEOA compliance measures to each individual institution, as each has a different population and culture, and some are not subject to the act. The FRGP provides transit, not filtering. However, it does in effect assist with efficiently providing paid content to consumers at member institutions via co-located CDN nodes (e.g., Akamai) and service caches (e.g., Netflix). This is done for maximizing upstream bandwidth efficiency, and not for HEOA compliance, though I would be surprised if it escaped any affected members' notice that it can also be a win for "alternatives" language. It was initially suggested by some staff (when the bill was being debated) that UCAR might have to redesign some of our network to follow the HEOA. However, we figured out that our existing copyright policies and education efforts, as well as our technical protections against outside network attack, would continue to prevent the problems that the HEOA was intended to address. This has proven to be the case in practice, with only 2 DMCA takedown notices that might might have been legitimate (but were false alarms) received among the thousands of more mundanely erroneous DMCA takedown notices delivered or misdelivered. Note that this HEOA consideration has not yet involved our Tor exits. Those are not used for exiting by our local staff or visitors, per design of the protocol. Also, as we know, Tor is poor for file sharing both in terms of speed and easy de-anonymization of the sharer. Further, we do not monitor Tor network traffic, per reasonable and necessary Tor network rules for preserving user anonymity. The critical and significant non-infringing uses of Tor for intel gathering, malware analysis, censorship evasion, safety/life preservation, and more general research mean it would be a major re-engineering step, and loss of essential functionality, to restrict Tor nodes. I don't think such restrictions would pass muster here for HEOA, especially as I believe Tor already contains in its nature effective combating of unauthorized distribution via file sharing (e.g., inherent bandwidth shaping, and no scrubbing of in-packet leaks of origin IP addresses from file-sharing software). All that said, after reading the EPO0938.pdf (thanks, Thomas), I now have a new action item for work. I've got to see about expanding our staff and visitor education regarding fair use. UCAR's Open Sky initiative [1] is a good start on the producer and archivist end, but I think we need more scientists explicitly aware of fair use from other sources. In summary, we didn't re-engineer or additionally restrict our network, though we discussed the matter and determined our existing technical measures and education efforts were effective for satisfying the spirit of the HEOA. Restricting/re-engineering Tor use for HEOA probably wouldn't fly here, as it could be seen as overkill on top of a protocol that's already technically and naturally ill-suited for file sharing. Richard [1] https://opensky.library.ucar.edu/ (I greatly appreciate our librarians.)
This issue didn't come up at all for us. On Mar 12, 2013 6:12 PM, "Roger Dingledine" <arma@mit.edu> wrote:
Hi Wendy,
I was in a meeting today wherein Tom Ristenpart explained to the University of Wisconsin network people why he needed to run an exit relay to support his research.
One of the concerns they raised was whether a Tor exit would endanger their agreements with the copyright mafia, per the new 2008 law where universities agree to enforce the copyright mafia's goals in exchange for federal funding.
Do you know any details here? My guess is it's another case of "they say you have to have a policy, but they don't say the policy has to do anything". That said, I noticed the word 'effectively' in it.
I'm cc'ing some existing exit relay operators in case they've encountered this issue (or if they haven't but I have just worried them ;)
--Roger
----- Forwarded message from Thomas Ristenpart <rist@cs.wisc.edu> -----
Date: Tue, 12 Mar 2013 16:07:05 -0500 From: Thomas Ristenpart <rist@cs.wisc.edu> To: Roger Dingledine <arma@mit.edu> Subject: Higher education act
http://net.educause.edu/ir/library/pdf/EPO0938.pdf
----- End forwarded message -----
_______________________________________________ tor-relays-universities mailing list tor-relays-universities@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universitie...
Our institution's response to the HEOA doesn't involve blocking anything so we haven't needed any exceptions to support TOR on our network. We view TOR as being covered by the "safe harbor" provisions for "transitory digital network communications". So far that hasn't causes us any problems in this area. That being said- tor is a *lot* slower than a direct connection (ie: bandwidth limited) and we do run a reduced exit policy on our exit node (ie: we block well-known P2P ports). That gives us two check marks in the 'technology-based deterrents' category. We have had law enforcement communicate with us many times due to varied nefarious uses of TOR. A few local level police departments have grumbled that we don't have logs (because they don't understand TOR) but the feds and state level ones usually stop pestering us right after we tell them the IP is a TOR exit node. We've never had any legal problem related to TOR on the civil side of the law beyond takedown notices (and we send those the canned TOR P2P response.) Internally when discussing TOR I've found it helps to point out that TOR receives funding from the US Government for its development and that the US State Department specifically and publicly called for technologies including TOR to be deployed by the US to assist the spread of democracy (such as in the "Arab Spring" revolutions. See "Promoting Global Internet Freedom: Policy and Technology", US State Department, May 2011) -- Timothy Hayes Rutgers, The State University of New Jersey Office of Information Technology, Information Protection & Security Voice: 848-445-7515 Fax: 732-445-8023 Email: thayes@rutgers.edu
participants (5)
-
Leonid Reyzin -
Richard Johnson -
Roger Dingledine -
Timothy Hayes -
Wendy Seltzer