Legal response to real abuse

Mike Perry mikeperry at
Sat Aug 7 06:48:36 UTC 2010

Ideally, it would be great to hear from Wendy, Seth, and/or Peter to
cite specific precedent, but my understanding is the key legal concept
is that Tor routers are common carriers, and provide transit for any
material that attempts to use them. There is quite a bit of legal
precedent in the US that protects communication carriers from liability. 

This is also a main reason why we discourage attempts to monitor and
filter Tor exit traffic, because your legal responsibilities change.
So long as you are acting as a common carrier, you are no more
personally liable for events that traverse your network than Comcast,
Sprint, or Level3. 

Now personally, I think that what might be more likely to win you
points with your ISP is to reiterate that these events are
extremely rare in comparison to the number of requests and the amount
of traffic that you carry. The overwhelming majority of people are
using the service legitimately, and the incident rate is close to that
of the normal Internet.

It also helps to remind them that for serious cases, traditional
police work is still very effective. Almost all crimes (especially
harassment) are committed by people with means, motive, and
opportunity. These three factors are far more damaging to anonymity
sets than IP addresses, and the police have been working with
anonymously delivered harassment letters and the like for centuries.

Thus spake Trystero Lot (lot49 at

> same thing with me. 2 weeks ago the isp called and told that my server
> being used for "scam" . it's my first time since running an exit for
> the last 3 months or so.
> On 8/7/10, Moritz Bartl <tor at> wrote:
> > Hi,
> >
> > The Tor website provides pretty good legal information and references in
> > regard to DMCA complaints (to supposedly ease the communication with the
> > ISP). I had to limit our exit policy for the US node anyway, so the only
> > complaints my ISP is receiving now are worse cases, ie. actual abuse:
> > Hacking, spamming, defacements, you name it. Today for example, an
> > individual contacted my ISP about his (successfully) hacked email
> > account using one of our Tor exit nodes.
> >
> > I know that this is probably a hard question, but are there any
> > paragraphs in US law I can quote to make my ISP feel more comfortable
> > about that? And me? :)
> >
> > Moritz
> >
> > ***********************************************************************
> > To unsubscribe, send an e-mail to majordomo at with
> > unsubscribe or-talk    in the body.
> >
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at with
> unsubscribe or-talk    in the body.

Mike Perry
Mad Computer Scientist evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the tor-talk mailing list