Response template for Tor node maintainer to ISP


Written by the Electronic Frontier Foundation (EFF). Last updated 19 Feb 2005.

Note to Tor server operators: In this litigous era, anyone providing routing services may face copyright complaints under the Digital Millennium Copyright Act. Thankfully, the DMCA safe harbors provide immunity from many of them -- both to you and to your upstream provider. If your Internet host forwards a DMCA complaint to you, here's a template you can use to write a response. You can tailor this to your own circumstances: if you think your host would be disturbed to hear you're running a server on the network, you may want to take that part out. Of course it's up to you to comply with your ISP's terms of service. If you're not comfortable including so much legal explanation, feel free to invite the ISP to contact EFF for a fuller discussion.

Also, if you received this document from anywhere besides http://tor.eff.org/eff/tor-dmca-response.html, it may be out of date. Follow the link to get the latest version.


Dear [ISP]:

Thank you for forwarding me the notice you received from [copyright claimant] regarding [content]. I would like to assure you that, contrary to the assertions in the notice, 1) I am not hosting or making available the claimed infringing materials, and 2) you are already protected by the Digital Millennium Copyright Act's ("DMCA") safe harbor from any liability arising from this complaint. The notice is incorrect, probably based upon misunderstandings about law and about some of the software I run.

First, in terms of legal liability, this notice does not create any risk for you as a service provider. As you know, the DMCA creates four "safe harbors" for service providers to protect them from copyright liability for the acts of their users, when the ISPs fulfill certain requirements. (17 U.S.C. § 512) The DMCA's requirements vary depending on the ISP's role. You may be most familiar with the "notice and takedown" provisions of DMCA 512(c), but those apply only to content hosted on your servers, or to linking and caching activity. The "takedown notice" provisions do not apply when an ISP merely acts as a conduit. Instead, the "conduit" safe harbor of DMCA 512(a) has different and less burdensome requirements, as the D.C. Circuit Court of Appeals held in RIAA v. Verizon (see http://www.eff.org/legal/cases/RIAA_v_Verizon/opinion-20031219.pdf) and the Eighth Circuit Court of Appeals confirmed in RIAA v. Charter (see http://www.eff.org/IP/P2P/Charter/033802P.pdf).

Here, any content that came from or through my computers merely passed through your network, so DMCA 512(a) applies. Under DMCA 512(a), you are immune from money damages for copyright infringement claims if you maintain "a policy that provides for termination in appropriate circumstances of subscribers and account holders of the service provider's system or network who are repeat infringers." If you have and implement such a policy, you are free from fear of copyright damages, period.

As for what makes a reasonable policy, as the law says, it's one that only terminates subscribers who are repeat infringers. A notice claiming infringement is not the same as a determination of infringement. The notification you received is not proof of any copyright infringement, and it certainly is not proof of the "repeat infringement" that is required under the law before you need to terminate my account. I have not infringed any copyrights and do not intend to do so. Therefore, you continue to be protected under the DMCA 512(a) safe harbor, without taking any further action.

You might be curious, though, about what did trigger the notice. The software that likely triggered the faulty notice is a program I run called Tor. Tor is network software that helps users to enhance their privacy, security, and safety online. It does not host or make available any content. Rather, it is part of a network of nodes on the Internet that simply pass packets among themselves before sending them to their destinations, just as any Internet host does. The difference is that Tor tunnels the connections such that no hop can learn both the source and destination of the packets, giving users protection from nefarious snooping on network traffic. Tor protects users against hazards such as harassment, spam, and identity theft. In fact, initial development of Tor, including deployment of a public-use Tor network, was a project of the U.S. Naval Research Laboratory, with funding from ONR and DARPA. (For more on Tor, see http://tor.eff.org/.) As an organization committed to protecting the privacy of its customers, I hope you'll agree that this is a valuable technology.

Thank you for working with me on this matter. As a loyal subscriber, I appreciate your notifying me of this issue and hope that the complete protections of DMCA 512 put any concerns you may have at rest. If not, please contact me with any further questions.

Very truly yours,
Your customer, [User]