Free Speech

Court Throws out Lawsuit Against Tor for Providing Anonymous Routing

Tor, a leading service for anonymously accessing the Internet, is shielded by 47 U.S.C. § 230.

|The Volokh Conspiracy |

From a decision yesterday by U.S. District Court Judge Dee Benson in Seaver v. Estate of Cazes (D. Utah):

This action arises from the death of G.S., a 13 year-old boy, caused by ingesting the illicit drug U-47700. The parents of G.S. have brought suit against the website that sold the drug to G.S., the service provider that created the network through which G.S. was able to access the website on the dark web (Tor), and the mail service that sent the drug to G.S. Plaintiffs have brought claims for strict products liability, negligence, abnormally dangerous activity, and civil conspiracy….

Tor provides software for enabling anonymous communication and transactions on the internet. To use the Tor Browser, an individual must visit Tor's website to download the software. When downloaded, installed, and used by an end-user such as G.S., the Tor Browser automatically starts Tor background processes and routes Internet traffic through the Tor network, which relays traffic through a worldwide network. The Tor network provides security to a user's location and Internet usage to anyone conducting network surveillance or traffic analysis.

The Tor Browser operates through a group of volunteer-operated servers whose users employ the Tor network by connecting through a series of virtual tunnels, or relays, rather than making a direct connection. Tor estimates, on average, between 350,000 and 400,000 directly connecting users in the Unites States over the past three months. Information regarding the location of these users and relays is not publicly available. Via its website, Tor invites users to run a relay in order to help the network grow….

Plaintiff's claims are barred by the Communications Decency Act, 47 U.S.C. § 230 …. The CDA provides that "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The CDA further provides that "[n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section." Through these provisions, the CDA "creates a federal immunity to any state law cause of action that would hold computer service providers liable for information originating with a third party." … The purpose of this immunity is to "facilitate the use and development of the Internet by providing certain services an immunity from civil liability arising from content provided by others."

First, Tor qualifies as an interactive computer service. An "interactive computer service" is "any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet…." 47 U.S.C. § 230(f)(2). Tor fits this definition squarely because it enables computer access by multiple users to computer servers via its Tor Browser.

Second, Plaintiff seeks to hold Tor liable for information regarding the illicit drug U-47700 that G.S. was able to access through the Tor Browser. In other words, Plaintiff seeks to treat Tor as the "publisher or speaker" of third party information—"a result [the CDA] specifically proscribes."

Third, the content that provides the basis for liability here—information regarding U-47700 and the ability to purchase it on the dark web—was not created by Tor. Rather, a third party provided the information and G.S. accessed it through use of the Tor Browser. "A service provider must 'specifically encourage[ ] development of what is offensive about the content' to be 'responsible' for the development of offensive content. Plaintiff has not alleged that Tor played any part in the creation of the content accessed by G.S.

All of Plaintiff's claims are state law causes of action that would hold Tor, an internet service provider, liable for information originating with a third party. Those claims are barred by the CDA. Accordingly, Plaintiff's claims against Tor are dismissed.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

246 responses to “Court Throws out Lawsuit Against Tor for Providing Anonymous Routing

  1. It’s Judge Dee Benson, with an “s.”

    1. Whoops, fixed, thanks!

  2. In other words, Plaintiff seeks to treat Tor as the “publisher or speaker” of third party information—”a result [the CDA] specifically proscribes.”

    Yeah, who cares what the facts actually are? If to get the result you want, you have to purport as a matter of law to decide the facts of cases, before the actual facts even occur, you are doing it wrong. Public tolerance for doing it wrong this flagrantly won’t last forever. The victim will be free speech itself.

    Once again, it is past time to change the law to require publishers, internet or otherwise, to read everything before publishing it. That is the only way to be certain that actually murderous information, as in this case, does not get published, and cause harm that can never be redressed.

    1. Are you saying you think browser makers should be required to read all of the content on the internet before allowing users to have access to their browser? Which browser do you use? How would you comment on this website if your browser’s maker was required to read all content on the internet before supplying you with the browser?

      1. No. I am saying internet publishers should be required, just as ink on paper publishers are required, to read everything they publish.

        I made that clear, so what are you trying to accomplish?

        1. No. I am saying internet publishers should be required, just as ink on paper publishers are required, to read everything they publish.

          They are. What you want is to force them to read things that other people publish.

          Tor doesn’t publish a darn thing. It’s a software company. Holding Tor accountable makes as much sense as holding Apple accountable because the kid ordered the drug from his iPad.

          1. What you want is to force them to read things that other people publish.

            Yes. In exactly the way the NYT is forced to read the things other people publish when the NYT collaborates with other people, including, for instance, it’s letter writers, to publish their work. The law has since forever treated actual ink-on-paper publishers and their contributors as joint publishers. I doubt the law had ever treated just the contributors as publishers, until Section 230 was passed, but I haven’t looked into that. It was certainly not the norm before Section 230.

            1. Who do you think Tor “collaborates with” in this context? Again, they make a browser. Do you think Google “collaborates” with Reason.com? Should Microsoft be required to read everything posted on this website, since users can access it with Internet Explorer?

              That’s what the plaintiff wants, to hold an internet browser maker liable as a “publisher”. It probably wouldn’t work even pre 230, because it’s such a preposterous theory. So what is the windmill you’re tilting at on these facts? What is it you think should have happened in this case? Tor be liable?

              1. “Again, they make a browser”

                They do make a browser, but to nitpick … ‘tor’ is an acronym for ‘the onion router’, where ‘onion’ is sort of describing a routing protocol where an attacker has to ‘peel the onion’ to match inputs and outputs.

                So, at it’s heart, it’s a routing system for packets. It doesn’t care whether those packets come from a browser or any other kind of client.

                IIRC (and I may not; take this with a grain of salt), the Tor browser came about because several years ago because people were using Tor with a normal browser (firefox?) that happened to leak info even through Tor, and so the Tor folks wrote their own privacy oriented browser. It may well be that most people’s interaction with Tor is via that browser, but at its heart its a routing protocol, not a browser.

                Apologies for the pedantry, but several people have made comments that seem to imply that Tor is just a browser flavor.

                1. Instead of nitpicking here, why not provide some justification for treating a browser or a router as a publisher? If you focus on tor as a packet router, you’re setting up an even harder analogy -how can you justify holding a router liable as publisher for the info routed?

                  Must Cisco inspect all packets to know they don’t contain damaging into before selling a router to avoid such liability?

                  1. “how can you justify holding a router liable as publisher for the info routed?”

                    You’d have to ask someone who thinks Tor should be liable here 🙂

                    1. K y bad, thought your post was from Stephen.

        2. You keep saying this. And you’re still wrong. Ink-on-paper publishers were never held to the standards that you are trying to hold internet providers to. You’re basing your arguments on a fantasy.

          1. Rossami, haven’t you already been corrected on that by EV himself? Maybe you didn’t check back and missed it.

            If, like Nieporent, you want to contend that Tor is not a publisher, then there might be something to talk about. I contend that what defines publishing is assembling an audience, and monetizing it. If Tor does not do that, then I am mistaken about it being a publisher. What keeps Tor in business? Does it sell its browser? If so, and if that is all it does, then it is indeed a software company, as Nieporent claims.

            If, however, Tor assembles an audience, and sells advertising based on advertiser access to that audience, then it is a publisher. If the law says otherwise, that does not mean reality has changed, it just means the law has chosen (recklessly) to pretend, in order to grant privileges to internet publishers which it withholds from ink-on-paper publishers. The resulting decline in public support for speech freedom will continue apace as a consequence.

            To complete the picture, I acknowledge that the internet created one new category in the world of information distribution—the internet search engine, which is not exactly a publisher, because it does nothing to assemble the content it distributes, but which nevertheless sells advertising. I do not think Google is a publisher.

            Perhaps Tor is not distinguishable from Google, or perhaps it is. Maybe Tor, with its encryption, networks of anonymizing servers, and focus on particular kinds of content, is yet another new category, which will require separate regulation.

            1. I contend that what defines publishing is assembling an audience, and monetizing it.

              That can’t be a satisfactory definition, since it’s both underinclusive and overinclusive. It’s overinclusive in that it would include bookstores in its ambit; it’s underinclusive in that a publisher that disseminates information for free is still a publisher. A random blogger who does not have any ads on his blog is still publishing the blog.

              The resulting decline in public support for speech freedom will continue apace as a consequence.

              There is no such decline in public support for speech. There’s just a decline in your support for speech, once you no longer had any special privileges as a newspaper publisher.

              1. “There is no such decline in public support for speech. There’s just a decline in your support for speech, once you no longer had any special privileges as a newspaper publisher.”

                Why would a newspaper publisher have any special interest in freedom of speech? Freedom of the press, obviously, but why speech?

            2. “Does it sell its browser?”

              No. It’s free.

              “What keeps Tor in business?”

              It’s a non-profit. The overwhelming majority of its income comes directly from the US Government “to aid democracy advocates in authoritarian states.” The Swedish government is another major donor.

              “If, however, Tor assembles an audience, and sells advertising based on advertiser access to that audience, then it is a publisher.”

              Well it doesn’t do that.

              1. NToJ, thank you for that. I misunderstood the Tor business model. Based on that, most of my other commentary is off the mark.

                1. Good thing you went out of your way to accuse this judge of recklessly ignore the facts in his decision, then.

        3. Tor is NOT an internet publisher! It merely provides the software which enables others to communicate. The argument you are making here is exactly like asserting that every printing press manufacturer should be held liable for anything which its printing press is ever used to print. And if you can’t see just how ridiculous that is, then something is seriously wrong with you.

      2. Oh, I get it. You think that because Tor features its own browser that it isn’t also acting as a publisher? Is that it?

        1. Tor does not operate host the server or provide the hosting services for the darknet markets; they’re as related to it as your ISP. Not that I think an idiotic troll such as yourself won’t be responding that Verizon better be damn sure I don’t witness a user comment anywhere on the internet that offends whatever your definition of acceptable speech is.

          1. Wait a minute, farfalone. Tor does not host the servers in the anonymizing server chains it assembles? How does it assemble those chains without becoming hostishly involved in assembling them?

            There is a mystery there to be cleared up, I think.

            I confess I’m not especially versed in Tor practice details. I wonder if anyone commenting here is?

            1. Tor users volunteer to run servers for it on their own computer. Tor just provides the software.

              It’s kind of like bit torrent in that regard; The software sets up a network that runs entirely on users’ hardware.

              1. “The software sets up a network that runs entirely on users’ hardware.”

                A bittorrent (or TOR) network that runs only on users’ own hardware would be unsatisfactory for most applications.

        2. What you’re advocating — as a purely practical effect — is the end of internet posting. As things already stand, companies such as Facebook, which have developed policies to arrest content they or their minions don’t approve of–even using fancy algorithms to help!–“publish” a lot they wished they’d caught, and remove a lot they later admit they “should have” left alone.

          Do you really thinks there’s a way around this? Perhaps we should more closely follow China’s efforts?

          1. What you’re advocating — as a purely practical effect — is the end of internet posting.

            I’ve told him that many times over the years; he doesn’t care. Or, rather, he welcomes that. He used to be a newspaper publisher, and he pines for the days when people like him got to decide what everyone else was allowed to read.

          2. What you’re advocating — as a purely practical effect — is the end of internet posting.

            No, no more than I am advocating the end of ink-on-paper publishing. My interpretation of purely practical effect is that because internet technology enables world-wide publishing at practically zero cost, it enormously increases publishing possibilities for everyone.

            I am advocating an end to the failed novel experiment with liability-free publishing. It is a mistake to equate that with internet posting. Internet posting does not require suspension of liability laws. Those laws previously advantaged, rather than hampered, ink-on-paper publishing. Even with libel responsibility restored, internet commenting could be done as readily as the letters to the editor sections of newspapers everywhere.

            Two novel differences wrought by the internet will still favor commenters. First, lower costs mean more outlets will be available. Second, would-be commenters will be better empowered than previously, again by lower costs, to bypass established outlets and create their own. As always, folks who publish on their own will have to assemble their own audience—and that will be the one notable disadvantage, compared to present internet practice.

            Do you really think there’s a way around this? Perhaps we should more closely follow China’s efforts?

            Recognizing that as the sarcasm you intend, do you nevertheless equate the private editing at the local hometown newspaper with Chinese censorship practiced nation-wide? Private editing is the way around this. It always has been.

            When private editing was the norm, none of the flagrant problems now threatening to discredit speech freedom on the internet were much seen. Libel, scurrilous invasions of the privacy of inconsequential people, copyright violations, fake news stories, internet bullying of students, weaponized speech practiced by ginned up mobs of internet trolls, false-light frauds, reputation-protection rackets, foreign interventions in our nation’s elections, mug shot extortion rackets—none of that could get much purchase in a publishing world built around private editing. On the internet today, none of it can be stopped, or even slowed down, because—as you seem to understand—it is all going to be published world-wide before anyone sees it.

            Worse, because all that is happening, and no one can think of any other way to stop it, the very government censorship you rightly fear is now commonly bruited as the solution. Look at all the cases on this very blog which center on courts striking down incipient censorship attempts. Government bodies ranging from state legislatures to local zoning boards are getting into it. In a democracy, in the long run, what the people want is what is going to happen. A sandbar cannot hold back a tsunami, and the courts will not indefinitely hold back this flood-tide of would-be censorship.

            To prevent an otherwise inevitable public assault on speech freedom, repeal Section 230.

            1. WE MUST KILL FREE SPEECH TO SAVE IT! So stupid. Speakers are already liable for your parade of horribles.

              “…it is all going to be published world-wide before anyone sees it.”

              The drafter sees it, right?

              1. NToJ, speakers, as a practical matter, are not being held liable (even assuming as seems obvious, but arbitrary, that you intend to exclude publishers as speakers). Nor if they were, would anything about that liability do much to prevent the damage unleashed by the game of catch-up that is built into publish-first, sue-later. Especially in the case of judgment proof speakers, which will be nearly all of them, there isn’t even anything to keep a found-responsible speaker from repeating the offense using his cellphone on the way home from court. Holding publishers responsible is what prevents all of that.

                1. I’ll just put you down in the “OK to hold people responsible for what totally different people have done” column.

                  It is true that judgment-proof people can’t be held to account in the civil court system. In other news, there’s no criminal penalty for murder-suicide.

                  1. James Pollock, with regard to the law of defamation, the traditional practical interpretation would be that publishers and their contributors are NOT totally different people, at least with regard to their joint action in causing the defamation. Only the intervention of Section 230 changed that. Because my subject is, and has been, the baleful effects of Section 230, I don’t think taking its terms as a ruling premise is arguing in good faith against the points I am making.

                2. Judgment proof is just a euphemism for poor. The human condition has been improved by the internet, which allows the poor to reach much larger audiences than they previously would have been able to reach. It’s democratizing in a way that nothing in human history before could manage. That’s a feature, not a bug. The rich no longer have a monopoly on mass speech.

                  1. ” The rich no longer have a monopoly on mass speech.”

                    You just hand-waved away the digital divide.

                  2. NToJ, there is nothing inherent in ink-on-paper publishing, nor in traditional broadcasting, nor in private editing and news directing, which gives advantage to the rich over the poor. Other factors might, but not any factor that uniquely attends traditional publishing. The history of publishing abounds with poor people made famous and influential by the traditional press. Tom Paine began poor. Who among the poor now publishing on the internet has achieved more influence, or more democratizing influence, than Paine?

                    Consider the career of Frederick Douglass. Rising from enforced illiteracy and slavery, Douglass became a self-taught force who rocked the nation again and again, on the strength of his pen. As a result, historians now believe that no 19th century American addressed so many people as Douglass did, nor was as frequently photographed.

                    Douglass was a renowned orator. But what won Douglas that fame, and the use of those platforms, was ink-on-paper publishing, first practiced by others who supported Douglass, and then by Douglass himself. By the end of his life, Douglass had been a long-time newspaper publisher, and he had published 3 autobiographies. Others publishing about Douglass had made him celebrated in England before he ever went there. On the strength of publishing in the American South, Douglass became anathema, before he ever returned to it, after fleeing slavery in Maryland.

                    And what about that other 19th century upstart from ordinary circumstances, Mark Twain? Presumably you don’t think traditional publishing was any bar to his career.

                    1. When Thomas Paine published Common Sense, he probably sold 100,000 copies in the first year. If he did that online today, 3.2B people could access it.

                    2. NToJ, there is nothing inherent in ink-on-paper publishing, nor in traditional broadcasting, nor in private editing and news directing, which gives advantage to the rich over the poor.

                      Every time you think Lathrop can’t get dumber on the subject, he proves you wrong. “Look at this poor person who became famous. This proves that rich people don’t have an advantage in becoming famous.” Obviously Joe Smith, a guy who worked in an auto plant in Detroit in 1920, was at no disadvantage compared to William Randolph Hearst in getting his views out there. Hell, if he were really serious about it, he’d just have bought the Dearborn Independent like Ford did.

                    3. When Thomas Paine published Common Sense, he probably sold 100,000 copies in the first year. If he did that online today, 3.2B people could access it.

                      The Drudge Report gets millions of views every day.

                    4. Nieporent, you cite fame in point of comparison, and call me dumb?

                      Do you suppose Hearst in his time, or Ford, or Drudge in our time, ever achieved fame on the scale of the 3 examples I offered in their own times, or in ours? Paine, Douglass, and Twain will all be taught in schools public and private a hundred years hence—when the names you picked will be little more than footnotes, mostly forgotten, even by archivists.

                      Drudge—the only of your examples whose reputation depends on the internet instead of on traditional publishing—if he is remembered at all, will be remembered as a figure with stature similar to Petroleum Vesuvius Nasby, but less humorous. Don’t remember Nasby? Neither will anyone remember Drudge.

                      I suppose I ought to be grateful for the insight that internet utopians expect twaddle they publish online to make them immortal. I wouldn’t have thought of it on my own.

                    5. “Do you suppose Hearst in his time, or Ford, or Drudge in our time, ever achieved fame on the scale of the 3 examples I offered in their own times, or in ours? Paine, Douglass, and Twain will all be taught in schools public and private a hundred years hence”

                      Hearst, too. If the invention of Yellow Journalism isn’t enough, there’s the role he played in the Spanish-American War. History classes LOVE to talk about wars.

                    6. “there is nothing inherent in ink-on-paper publishing, nor in traditional broadcasting, nor in private editing and news directing, which gives advantage to the rich over the poor.”

                      Freedom of the press only applies to those who own a press.

                    7. @Stephen,

                      “Do you suppose Hearst in his time, or Ford, or Drudge in our time, ever achieved fame on the scale of the 3 examples I offered in their own times…”

                      Probably. Literacy rates and population size alone would have made Hearst, Ford, and Drudge more listened to in their own times than Paine was. But you’re not even using good examples. How many Mark Twain books have been sold? 60 million? In 150 years? Some Swedish YouTube star named PewDiePie has 96.1 million subscribers today, and his videos have been viewed 21.5 billion times. He’s probably reached a broader audience than Hearst, Ford, Drudge, Paine, Twain, and Douglass combined. But sure, ink and paper is no limit whatsoever on exposure.

                    8. NToJ, it is too simplistic to suppose that fame is a pure numbers game. Salience in memory, and influential effect count far more. Also, when you cite population growth as a cause of increased fame, you ignore population growth as a cause of increased disregard. The proportions, compared to the conditions of their times, matter.

                      But even taking everything you assert at face value, we could do a test. I would propose we make a modest bet on the outcome of name recognition polling at the Vince Lombardi rest stop—or any similarly diverse venue you choose—Mark Twain against any of the names on Nieporent’s list, or even PewDiePie, if that’s your choice. I suggest we could do the polling in Sweden, and I could still give odds and make money.

                      I think it likely that not one person famous principally because of internet exposure, is as famous today as Mark Twain—and that after Twain has spotted them all more than a century of public forgetfulness. Try to prove me wrong. See if you know anyone who doesn’t recognize Mark Twain. Then see if you can find anyone who doesn’t know PewDiePie. I already know what you would expect, because you felt you had to explain PewDiePie when you named it here.

            2. “Internet posting does not require suspension of liability laws.”
              Yes it does, actually, and that is why Section 230 exists. You don’t understand that technical nature of how the internet actually works, and the massive scale of said functionality. The potential liability would lead to so many suits that only massive companies could potentially stay in business, simply by legal costs alone, even if they never lost a judgement. And even the massive companies would not have enough financial incentive to do so, since the risk-reward ratio would not justify it. So yes, there literally would be zero sites that allowed user-posted content, in the long-term.

              1. You could, hypothetically, fix things on the tort law end, instead of the liability exemption end. More extensive use of loser pays, for instance.

                1. “You could, hypothetically, fix things on the tort law end, instead of the liability exemption end. More extensive use of loser pays, for instance.”

                  You support abandonment of the American Rule?

                  1. Yes, including cases where the government loses a case. You initiate a legal proceeding against somebody, and lose, you should make them whole.

                    Empirically, the rare nature of loser pays, (Even though judges can in theory impose it as a sanction for frivolous lawsuits.) has encouraged excessive litigation.

                    1. I think it’s just as likely that abandoning the American rule will lead to more litigation. But if you have data I’ll look at it.

                    2. ” You initiate a legal proceeding against somebody, and lose, you should make them whole.”

                      May I suggest that you adjust your circumstances by relocating to a place that practices the English Rule?

                      Seems easier to move just you rather than re-jigger the entire legal system of a country to suit you.

                    3. May I suggest that you adjust your circumstances by relocating to a place that practices the English Rule?

                      Seems easier to move just you rather than re-jigger the entire legal system of a country to suit you.

                      This seems like fairly silly response. I don’t read Brett Bellmore to be saying that switching to a loser pays system would fix every problem facing the US today, or even that it’s a particularly important issue — just that it’s an improvement over our current system. The fact that he might have concluded that, in spite of not implementing an optimal policy in this one area, the US is still on balance the best place to live doesn’t invalidate his position.

                    4. “This seems like fairly silly response. ”

                      You picked up on that? Good.

                      ” I don’t read Brett Bellmore to be saying that switching to a loser pays system would fix every problem facing the US today”

                      Are you assuming someone did? That seems a foolish assumption.

                2. “You could, hypothetically, fix things on the tort law end…”

                  That’s what 230 does.

              2. So yes, there literally would be zero sites that allowed user-posted content, in the long-term.

                That seems far-fetched. At some point during the scale-back toward zero—and long before the zero point—the demand for internet posting opportunities would exceed the supply, as would the demand for internet advertising exceed the capacity of available outlets. The scarcity curves and the value curves would intersect. Because of marginal scarcity, both the value of advertising and the value of posting would increase. Publishers would find a variety of ways to monetize those values.

                On yet another curve, the cost of liability screening (and every other kind of screening a publisher utilized to add value to its content) would be declining in proportion to the decreasing number of would-be posters on a publisher’s list of usefully valuable candidates. The publisher would be empowered to focus most of its screening attention on the subset of posting candidates judged by the publisher and the advertisers to offer the best value in terms of audience recruitment. These dynamics would apply alike to article authors, commenters, and audience.

                Would-be posters thus excluded by Publisher A, would then become candidates for publication by Publisher B, and so on. The market would determine the eventual size of a viable national enterprise in internet publishing, with the cost of liability screening scaled to stay within the value which internet publishing could actually return—a high value, as everyone knows.

                Even at its higher cost point, the far more expensive process of ink-on-paper publishing has already shown that an enduring market for adequately screened contributions exists. Lower costs on the internet will broaden that scope, enabling many more would-be contributors to participate—but not all of them. That is the best you can do.

                The potential for defamation damage—which internet publishing can and does inflict (as did its predecessors)—can not be wished away. And neither can other more diffuse but very real costs be wished away—the costs of social chaos, such as the unprecedented frauds, scams, intellectual property thefts, defamations, novel means of election tampering, tendencies toward monopoly, and other such hazards which uniquely attend internet publishing. Those costs must either be paid willy-nilly (and often as externalities inflicted on the public, which arouses public hostility and censorship demands), or instead defrayed in a more orderly way within the (still lower than ink-on-paper) cost of internet publishing.

                Speech can be cost-free, publishing cannot be. The internet since Section 230 has been an experiment in ignoring that reality—ignoring it in favor of a utopian vision of cost-free publishing for everyone. The experiment is failing, because costs which must be paid are not being paid. Experience tells us they can be paid, at a price which will prove a bargain, when compared to the price of the ink-on-paper alternative. The lower costs* will improve publishing opportunities for everyone, but the utopian vision will not be realized—because it is impossible.

                *For hostile skeptics who don’t understand the economic comparison between internet publishing and ink-on-paper, please note that for a typical daily newspaper the costs of paper, ink, printing, and distribution typically account for approximately 70 – 80% of total expenses—and always more than half. (At its peak, the printed weight of the Sunday Los Angeles Times was measured in thousands of tons, all processed and distributed within about half a week’s time.) Those expenses are all gone on the internet. That suggests it is foolish to suppose there are not resources available to defray the costs of monitoring comments.

                1. You sure used a lot of words to say you don’t understand the Internet.

            3. “I am advocating an end to the failed novel experiment with liability-free publishing.”

              What gives you the right to define the criteria upon which success or failure of said experiment should be judged?

            4. “Even with libel responsibility restored, internet commenting could be done as readily as the letters to the editor sections of newspapers everywhere. ”

              Respectfully, this is a dumb statement. Internet websites do not function the same way that newspapers do, and this is a good thing, and forcing them to operate like newspapers do is short-sighted and obtuse.

              A newspaper that publishes “letters to the editor” devotes resources to do so. Those resources are tightly controlled and censored for content.

              Internet publishing allows for much greater individual freedom. If you require Internet sites to be responsible for all of the content added by all of the individuals who think they have something to say, they have to review all of them prior to publication. That takes time, effort, and money, and imposes a HUGE chill on what the site owner tolerates. Yes, they’ll take real efforts to block illegal content… but the other 99.9% gets limited, too.

              To see the other side, look at copyrights and Internet publishing. You get cases like a mother’s video of her child being depublished because a copyrighted song can be heard in the background.

              1. James Pollock, do you intend your comment as advocacy to legalize (and/or regularize) libel, fraud, copyright violation, and foreign election interference on the internet? Publishing content without reading it first guarantees that the damage done by all those practices (and more, the list grows continuously) will, at best, always occur, and then have to be redressed in court afterwards, if at all.

                It also means that people who are judgment proof are either going to be licensed to use those practices again and again, with impunity, or a great deal of speech will have to be made criminal to stop them. It means that speech freedom will come into such disrepute among both the direct victims of those practices, and also among a public forced to pay for them as externalities, that democratic government and sober considerations of self-interest will combine to conjure up a pro-censorship movement in politics.

                It is time to abandon the utopian dream of liability free publishing for everyone. It is a dream which can never be realized. There has never previously been any such regime. There is nothing about mere technical change which empowers it now.

                1. “do you intend your comment as advocacy to legalize (and/or regularize) libel, fraud, copyright violation, and foreign election interference on the internet?”

                  No. Do you?

                  ” Publishing content without reading it first guarantees that the damage done by all those practices ”

                  How does my posting comments on this site without having it approved by an editor interfere with foreign elections?

                  “It also means that people who are judgment proof are either going to be licensed to use those practices again and again,”

                  Somehow, I don’t think the allure of being judgment-proof are going to cause a stampede in that direction.

                  “It is time to abandon the utopian dream of liability free publishing for everyone.”

                  Darn. Who held this dream, exactly?

        3. “You think that because Tor features its own browser that it isn’t also acting as a publisher? ”

          Tor is a publisher???? Oy vey. Is the USPS the publisher of every letter it transmits?

          1. There is a book publishing company called Tor Books; it occurs to me that maybe he thinks that this is related to that in some way.

        4. You REALLY don’t understand how TOR works.
          It’s a web browser/access point to the TOR network. They don’t publish anything. They simply provide a tool to access the internet anonymously – including some of the shadier bits.
          You’re basically calling for making EVERYONE who has some part in allowing people access to the internet responsible for the bullshit that people post.

          The rough equivalent would be making bookstores and the newspaper delivery boy responsible for the bullshit that the NY Times puts out.

          1. I agree that I really don’t understand how TOR works. I doubt if you do. Two things:

            1. That “TOR network,” is the part that bothers me. Everyone seems to be just gliding past that, as if it doesn’t really contribute to the character of the company, or in any way define what it does.

            2. It is striking that the case was decided on the basis of Section 230, which of course was enacted to protect internet publishing, not ISP-type activity.

            So I suggest the comparison with the newspaper boy is not a good one.

            Finally, I am only calling for internet publishers to be held responsible for the content of what they publish—not Verizon, not Google, which don’t publish.

            1. Yeah, you really don’t understand how TOR works. It isn’t a site. It’s a browser that uses a network of servers run by users of that browser to route your internet access through a bunch of anonymous jumps, so that a third party can’t track what sites you’re visiting.

              They don’t publish squat. They don’t have the technical capacity to read traffic through their browser even if they wanted to, it isn’t going through anything they own or have control of.

              1. Based only on the description I have from you of how Tor manages servers, I’d say your comment is way more assured than it ought to be.

                1. Oh, sure, they theoretically could include some kind of tattle tail routine in the browser or server software. Then the user base, who tend to be just a smidge more internet savvy than IE users, would publicize it and they’d be dead.

              2. “Yeah, you really don’t understand how TOR works.”

                You may or may not understand it yourself, but you don’t know how to explain it.

                The TOR browser isn’t the important part. It’s literally just a fork of Firefox. The important part is the network of routers.

            2. “1. That “TOR network,” is the part that bothers me. Everyone seems to be just gliding past that, as if it doesn’t really contribute to the character of the company, or in any way define what it does.”

              It’s not clear that you even understand what a network is. Why don’t you tell us what you think is important about the “TOR network”?

              “2. It is striking that the case was decided on the basis of Section 230, which of course was enacted to protect internet publishing, not ISP-type activity.”

              It’s “striking” to you that a case is decided on the basis of the plaintiff’s theory? If I sued you as an internet publisher because of comments that David Nieporent said, and you defended on the basis of 230, would that also be “striking”?

              1. “Why don’t you tell us what you think is important about the “TOR network”?”

                The principal feature of the the TOR network is that it obscures who is connecting to who. It is harder (but not entirely impossible) to tell who is connected to what when they use onion routers to obscure the routing of their network packets.

                Now, ordinarily, users don’t have to care about the routing of Internet packets, and choose to remain blissfully in the dark about how it all works. A few people do still have to care, and they work as network administrators keeping all the stuff working. If you want your traffic to be confidential even from your network administrators, then using TOR is entirely your prerogative; there’s nothing inherently illegal in masking your activity from your IT staff. That said, there’s plenty of illegal things you CAN do, for which masking your traffic is something you might want to do… in much the same way you wouldn’t want to use your car, with your license plate on it, to make a getaway from a bank robbery, you might not want to browse child-porn or terrorist recruitment sites from your home computer.

                1. I’m interested in hearing whether Stephen (or you) thinks the fact that illegal things can be done with Tor, should make Tor liable for those things.

                  1. “I’m interested in hearing whether Stephen (or you) thinks the fact that illegal things can be done with Tor, should make Tor liable for those things”

                    Then you should have read the comment where I answered that question directly. As of 5:00-ish on 5/22, it’s just a couple of comments down.

                    1. “Then you should have read the comment…”

                      My time machine was out of fuel.

                    2. You need a time machine to read comments written and posted prior?

                      The comment you didn’t/hadn’t/couldn’t read was posted at 1:14pm, your comment was posted at 3:30pm. My response pointing you to my earlier comment posted at 5:36pm. Care to explain why a time machine figures into things?

              2. NToJ, the plaintiff’s theory was that they should be thrown out of court on the basis of Section 230? Somehow, I thought that was the judge’s contribution, perhaps in response to arguments offered by the defendant.

                Just speaking as a layman, I took it as interesting that the judge used a legal theory based on protecting internet publishing to decide a case which almost everyone here is asserting didn’t involve publishing. (If there is anyone getting ready to tell me again that Section 230 is about not-publishing, save your trouble. I already have you guys in mind—as the folks who insist dogs have 5 legs.)

        5. No, I’m saying that since the only liability that Tor could have was for its browser, it wasn’t acting as a publisher in the case at issue. Tor does publish, occasionally. Their website, for instance, contains content that Tor publishes.

          But in this case, the parents weren’t suing Tor for anything they published on their website. They sued Tor because their child used a Tor browser to access somebody else’s website and bought drugs there. So since you thought liability should attach, the only conclusion I could reach is that you thought Tor was a publisher because it has a browser.

          1. You might argue that TOR publishes the routing tables that onion routers use to reach other onion routers. This is flimsy, at best, and not sufficient for liability to attach.
            It would be like suing the phone company for publishing a yellow-pages phone book that had ads in it for massage parlors or escort services, because (gasp) some of those turned out to places where prostitution might happen.

            1. It would be like suing the phone company for publishing a yellow-pages phone book that had ads in it for massage parlors or escort services, because (gasp) some of those turned out to places where prostitution might happen.

              The plaintiff’s theory — which, I stress, I think is bogus — is that nobody in the U.S.¹ legitimately needs to anonymously surf the Internet in the manner that Tor allows, so therefore Tor knows that the only people using its software are criminals like these drug sellers. And, that, in fact, drug transactions like these depend on Tor. Therefore, Tor is being negligent by allowing people to use Tor.

              ¹Sure, other countries have political dissidents, but we’re the land of the free so we don’t need to worry about it.

              1. “The plaintiff’s theory — which, I stress, I think is bogus — is that nobody in the U.S.¹ legitimately needs to anonymously surf the Internet in the manner that Tor allows”

                It is bogus, since people can (and do) choose to surf the web anonymously for lots of different reasons, and in some cases no good one.

        6. >”oh I get it”

          Big eye roll on that one.

    2. There’s a big difference saying it’s a bad law and Congress should change it, and saying the judge didn’t interpret the law correctly or apply the law currently to the facts, given the law as it now is.

      1. Completely agree. I contend that Section 230 ought to be changed, not that judges should ignore it.

    3. Unlike FB or Twitter, Tor literally IS just an impartial conduit. They don’t censor at all. They thus have a much better claim to section 230 protection than any of the social media sites, for that reason.

      1. No, Brett, they don’t have a better claim to 230 protection for that reason. The alt-right lawtwitter folks have been lying to you when they started talking about “platforms” vs. “publishers.” The main reason why 230 was passed was to allow sites to “censor” without liability.

        1. It was passed to allow them to censor in good faith without liability. Don’t write that language out of the law, it’s right there in black and white: They’re only protected in so far as their censorship is a good faith effort to police objectionable content, and objectionable content is actually defined.

          Granted, with the usual catch-all, but those are always interpreted as meaning things of the same nature as those listed, not something completely different.

          I would say TOR is extra protected, because without censorship, there can’t be any question at all about whether censorship is done in good faith.

          1. Good faith can mean censoring liberal or conservative perspectives.

            1. If one or both are objectionable to the intended audience.

          2. “It was passed to allow them to censor in good faith without liability.”

            It was passed to allow them to PARTIALLY censor.

            The fact that comment A was removed does not imply that the fact that comment B was allowed to remain constitutes endorsement of comment B.

            In print, the publisher has control over what gets printed, either directly or by hired agent. So if a story in a newspaper is defamatory, the writer and the paper can be sued for defamation. If a letter-writer (not an employee) writes something defamatory, the paper can still be sued because although it wasn’t written by an employee, and employee still exercised editorial judgment in deciding to publish it. Websites with comment functions (like, say, this one) allow users to publish WITHOUT going through an editor first. If the publisher intentionally exercises no editorial power over comments, there’s no basis to assign the publisher liability for what the users post.
            What section 230 does is allow the site to use some editorial control over the comments, without thereby taking on liability for all of them. So they can take out the boner-pill ads, and the Nigerian Oil-Minister scams, without thereby becoming liable for what Joe User had to say. Joe User remains liable for what Joe User said.

            1. “What section 230 does is allow the site to use some editorial control over the comments, without thereby taking on liability for all of them.”

              But the point is that it only does this as long as the moderation is done in good faith.

              That’s the claim in regards to these platforms, (TOR not being a platform in this sense.) that they’re engaged in bad faith moderation. They’ll say they’re policing advocacy of violence, when they’re actually policing political ideology.

              YT, for instance, putting Prager U videos in “restricted” status meant for porn and extreme violence, despite their being just civil discussion of political issues.

              1. Brett,

                What is it you think YT should be liable for if they are engaged in allegedly “bad faith” moderation by putting Prager U videos in a restricted status? Are you saying any defamation, anywhere on YT, is now actionable because 230 is out? Are you saying that since they mislabeled Prager U, any violent content that is watched and which causes violence, they’re now liable for? Could you explain what liability you think YT is exposing itself to with your alleged “bad faith” editing?

              2. “But the point is that it only does this as long as the moderation is done in good faith.”

                Yes. If they INTENTIONALLY leave something up because they endorse it, THEN they are liable for endorsing it. If they remove something because it’s objectionable to them, they get a pass. It doesn’t (and shouldn’t) include any text along the lines of “‘Good Faith’ means reasons that are acceptable to Mr. Brett Bellmore, and no others.”

                “They’ll say they’re policing advocacy of violence, when they’re actually policing political ideology.”

                Which is their right to do. When did you stop believing in property rights? Internet publishers fall into a couple of categories, most of them being “for-profit business”. They choose their actions based on profit motive. If the majority of their customers don’t like your politics, AND don’t like it enough that losing you (and people who agree with you) as a customer is a net positive for them, why should they eat the cost of catering to you?
                It seems that you’re just mad because people who agree with you didn’t manage to invent/build Internet sites that were compelling to a general audience.

            2. JP, what do you suppose would happen to an ink-on-paper publisher which allowed defamatory material to be published without reading it, and the person defamed suffered damages?

              I have never known whether the story is apocryphal or not, but plenty of old time print journalists were educated to believe that the reason newspapers say the jury found the defendant “innocent,” was because publishers feared the liability if the “not” in “not guilty,” somehow didn’t make it into the paper.

              1. “JP, what do you suppose would happen to an ink-on-paper publisher which allowed defamatory material to be published without reading it, and the person defamed suffered damages”

                I don’t have to suppose, I can look at the case law.

  3. With all the trolls, pranksters, pirates, and efreedom freaks that used to be on the internet I’m a little surprised and disappointed that Tor isn’t 10x bigger and more capable than it is. As it is, it seems reasonably effective for routine privacy against random websites but not really much use against a determined and well resourced attacker. Yet its still pretty much the only game in town for what it does.

    Depressing isn’t it? Nobody cares about privacy or anonymity anymore. Except in a trivial sense like where a chick is angry at her next door neighbor taking nudie pics of her and wants to sue. The cyberpunk books were filled with tales of free spirits rising against the corporations yet here the snot nose kids sell out to work for g00gle and farcebook. Their noble fight against all odds is the fight with the full backing of Silicon Valley and Governments against wrongthink.

    1. Most TOR users who get caught are caught via correlation attacks. Even the ones caught by Uncle Sam. Drop by your local internet cafe, and that significantly increases the difficulty inherent in de-anonymizing you. Use TAILS on someone else’s hardware, and that’s even better.
      Of course, that level of effort isn’t really necessary if you’re only using TOR to keep your ISP from snooping on you.

    2. ” I’m a little surprised and disappointed that Tor isn’t 10x bigger and more capable than it is.”

      Tor takes effort to use. Never underestimate the laziness of the general public.

  4. All of these decisions based on S230’s shield is making the internet seem awfully fragile right now. The right wants to destroy 230 because of reasons x, the left wants to destroy 230 because of reasons y, and then there’s reasons z that both the left and the right want to destroy 230 over.

    If 230 were to fall, is there any legal defense to fall back on to prevent basically the end of user-content on sites? Pre-screening every post seems pretty much impossible at scale, and something is bound to get through anyway.

    1. This ^ !

    2. Pre-screening every post seems pretty much impossible at scale, and something is bound to get through anyway.

      Right. At gargantuan, national-monopoly scale, pre-screening would be, at least, expensive and cumbersome to manage. Why isn’t that a feature, not a bug? In what world are gargantuan publishing monopolies a good thing?

      It is precisely Section 230 which opened the door to the vacuum-up-everything business model which enabled internet giantism, and which is currently severely depleting variety among publishing sources throughout the nation.

      Right wingers have already developed a sensitivity to that, and so they should. Everybody should.

      Private editing is the fall back, not the problem. Private editing can be practiced on a national scale, by creating a diversity of outlets. That will accomplish multiple good results at once:

      1. End monopolistic publishing,

      2. Vastly improve internet content,

      3. Spike the growing trend in calls for government censorship,

      4. Diversify beyond any previous precedent the availability of publishing outlets for commenters,

      5. Broaden now-monopolized advertising markets, to make entry into internet publishing once again a viable business plan,

      6. Create hundreds of thousands, or perhaps millions, of jobs in new publishing businesses, which will require writers, editors, photographers, graphic artists, advertising sales people, and administrators.

      Repealing Section 230 would be a great thing for commentary, for publishing, for business, and for the nation.

      1. I see we can agree about something, at least. Gigantic platforms are a bad way to go. The internet was a better place as an ecosystem of smaller independent sites.

        But I don’t think getting rid of 230 would spike the growing trend for censorship, which is actually driven by the left’s ideological determination to silence all expression of competing views.

        The right, notably, isn’t demanding that FB, for instance, censor. It’s demanding that FB stop censoring.

        1. “The right, notably, isn’t demanding that FB, for instance, censor. It’s demanding that FB stop censoring.”

          Yes, the right is simply demanding that a private company not remove content the right prefers. It’s not censorship, though, because, uh, it’s freedom.

          1. A problem endemic to the right is short-memory syndrome. The only two words necessary to deal with a claim that the right doesn’t endorse censorship are “Ed Meese”.

            (For those who legitimately don’t remember, Attorney General Ed Meese tried unsuccessfully to ban anything he considered pornography. It was that other guy who had the statue of Justice covered up because (eek!) in that statue, Justice is a WOMAN with BREASTS!

            Rightists aren’t asking FB to censor. Textbook publishers, on the other hand, should absolutely continue to censor.

            Pretending that only one side of the Great Ideological Divide wants things censored is silly, and shows either A) a person so partisan that their opinions can be safely discarded unexamined, or B) a person whose opinions aren’t informed and again, who can be safely ignored.

            1. ” The only two words necessary to deal with a claim that the right doesn’t endorse censorship are “Ed Meese”.”

              Are you joking? Ed Meese was somebody when I was in high school. I’m 60 now!

              “Isn’t” is present tense. I’d never claim that censorship was never a right-wing thing, decades ago.

              But, TODAY, the demand for, and the execution of, censorship, is on the left. And the right isn’t demanding that social media platforms engage in censorship, they’re complaining about them engaging in censorship.

              It’s perhaps a bit depressing that the parties swapped stances on censorship as soon as who got to play censor changed, but don’t pretend it didn’t happen.

              1. Ashcroft censoring Justice is much more recent though. Had his stance changed since he’s been out of office? Don’t pretend the religious right isn’t into censoring content they find objectionable.

                1. That is a little bit more recent, but changing the decor in what is, for the duration, your own facility, is scarcely the sort of censorship we’re talking about.

                  1. Censoring textbooks is an ongoing process. Censoring sex education to omit contraception is still a thing… in some states. Which states have abstinence-only sex ed?

                    If you can’t find the examples of censorship by right-leaning folks, it’s either because you didn’t bother to look, or your partisan goggles blocked the view. Either way, your opinion on the subject is without value.

              2. “…as who got to play censor changed…”

                It never changed. The government can censor. FB cannot. Free speech requires that private entities be entitled to play “censor”. But that isn’t censorship. It’s freedom of the entity doing the censoring.

                1. “It never changed. The government can censor. FB cannot. Free speech requires that private entities be entitled to play “censor”.”

                  Respectfully, nonsense. Private entities can’t violate the first amendment, which is not the same thing as saying they can’t censor. The Catholic Church has been banning books for centuries, but they’re only “the government” in a couple of blocks of downtown Rome.

                  1. The Catholic Church could ban books when it was the state. When it isn’t the state, it can’t ban me from reading books. Which books is the Catholic Church prohibiting me from reading right now?

                    1. I’m not Catholic.

                    2. You’ve revised your argument from “The Catholic church can’t censor because they’re not a government” to “the Catholic church can’t censor because you’re not a Catholic”?

                      Doesn’t matter, they’re both wrong.

                    3. The Catholic Church can’t censor because the only people it has authority over (when it isn’t acting as government) are its voluntary members. If you don’t want to be governed by Catholic Church rules you just leave the church.

                      Freedom of association requires that churches be allowed to “censor” their members’ conduct. It’s still voluntary by the censored. Freedom of speech requires that newspapers/websites/etc. be allowed to decide who gets to post to or on them.

                  2. “The Catholic Church can’t censor because the only people it has authority over (when it isn’t acting as government) are its voluntary members”

                    I’m not Chinese, so China can’t censor.

                    Want to try again, or quit at three times wrong?

                    You’re still confusing violation of the first amendment, which can only be done by (American) government, and censorship, which can be done by anyone.
                    Bowdler censored Shakespeare. The Hays Code censored motion pictures. Editors and publishers censor authors. The State of Texas censors textbooks that are sold in states that are not Texas.

                    1. “I’m not Chinese, so China can’t censor.”

                      Are you fucking with me? China is a government. Governments can censor. So long as the Catholic Church is acting like a government, it can censor. But when it’s just banning its own members who read books, it’s not censoring anything that its members are not voluntarily agreeing to censor.

                      Thomas Bowdler couldn’t prevent people from reading Shakespeare in its original form. The Hays Code was self-censorship in anticipation of government censorship. But even so, still voluntary. Some Like it Hot was produced without approval by the MPPC, never received its certificate, and still was a box office hit.

                      The State of Texas is a government.

              3. “Ed Meese was somebody when I was in high school. I’m 60 now! ”

                How old was Lincoln when you were in high school?

                “But, TODAY, the demand for, and the execution of, censorship, is on the left”

                I refer you to my previous statement on this subject:
                Pretending that only one side of the Great Ideological Divide wants things censored is silly, and shows either A) a person so partisan that their opinions can be safely discarded unexamined, or B) a person whose opinions aren’t informed and again, who can be safely ignored.

              4. Are you joking? Ed Meese was somebody when I was in high school. I’m 60 now!

                I know some people here don’t think much of your intelligence, but surely you weren’t still in high school at age 28. (At which point Ed Meese was Attorney General of the United States.)

      2. Right. At gargantuan, national-monopoly scale, pre-screening would be, at least, expensive and cumbersome to manage. Why isn’t that a feature, not a bug? In what world are gargantuan publishing monopolies a good thing?

        Your premises are completely wrong. First, there aren’t any monopolies here, and second, it isn’t merely “gargantuan, national-monopoly scale” sites that can’t pre-screen posts. No site bigger than a solo blog nobody reads can afford it. Again: we couldn’t be posting comments at Reason (or any other iterations of the Volokh Conspiracy) without § 230. The bloggers here would have to read every single comment before deciding whether to approve it. This would not result in a carefully-curated higher-quality comments section; this would result in no comments section.

        Also, obviously, gargantuan platforms are better in the world of network effects; ten Facebooks that are 10% the size of the current Facebook are not each 10% as useful as the current Facebook.

        1. “Your premises are completely wrong. First, there aren’t any monopolies here”

          Apple’s lawyers were recently disabused of this claim.

      3. “It is precisely Section 230 which opened the door…”

        To you commenting on this website. If Reason.com was held to be “publishing” your comments, you wouldn’t be posting comments here.

        1. Reason is different from FB in a very important respect: Reason actually engages in the sort of good faith moderation that Section 230 refers to, deleting only the worst sort of genuinely offensive comments. You can openly advocate anarchism, communism, conservatism, libertarianism, they don’t care. You have to actually get into extreme stuff like posting child porn to get the boot.

          FB engages in ideological censorship under the pretext of good faith moderation. They’re failing to qualify for Section 230 protection because their moderation isn’t in good faith.

          1. They still qualify for Section 230(c)(1), which has nothing to do with good faith.

            Section 230(c)(2)(A) says they can’t be held liable for decisions to censor in good faith. So you think they censor in bad faith. What is it you think they’re liable for? They still aren’t publishers under 230(c)(1). FB doesn’t need protection under 230(c)(2)(A) unless it’s a publisher. And it remains not a publisher even if it does something Brett thinks is in “bad faith”. (This argument also loses, since “otherwise objectionable” will end up giving FB as much latitude as they need to avoid bad faith.)

            It’s also stupid because FB’s policy does allow them to moderate on the basis of ideological censorship.

          2. “FB engages in ideological censorship under the pretext of good faith moderation”

            You keep repeating this. Whose talking point is it?

            “They’re failing to qualify for Section 230 protection because their moderation isn’t in good faith.”

            That’s still not how it works.

            1. Then what meaning do you attribute to that “good faith” in the statute? It has to have SOME meaning.

              1. I suppose the ordinary, common, well-known concept of “good faith” could be what they meant when they used the term “good faith”.

        2. NToJ, if Reason.com wanted to get out of the internet publishing business—and take with it all the like minded, Section 230-enabled freak shows on the internet, that would be fine with me. Excellent. Ideal.

          I would immediately get to work using a newly-freed-up business model that would spring up to fill the vacuum. I would make a lot of money, create a lot of jobs, and add interest and variety beyond what you see now.

          Until then, I can’t reasonably do that because publishing profitably on the internet requires advertising income. Advertising income won’t be forthcoming for smaller sites until the giants are out of the picture. Smaller sites won’t see demand from larger advertisers until the larger advertisers are desperate for media which offer geographically defined marketing opportunities. The universal reach of the ad monopoly giants on the internet is what prevents that now.

          1. So your Quixotic jihad against Sec. 230 is a way of having the government squelch your competitors? Crony capitalism FTW, I guess.

            “which offer geographically defined marketing opportunities.”

            I’m not sure what you’re actually saying, but if your business model depends on current internet advertising not supporting ads targeted by location, I wouldn’t mortgage the house.

            1. I’m not sure what you’re actually saying, but if your business model depends on current internet advertising not supporting ads targeted by location, I wouldn’t mortgage the house.

              No, that’s not what he’s saying. Refer to your first paragraph about crony capitalism: he wants to effectively ban national Internet publications so that the only outlet for advertisers will be smaller local publications that can offer geographically targeted advertising.

              I don’t know why he thinks Americans would want a Facebook that doesn’t reach an audience, though.

          2. NToJ, if Reason.com wanted to get out of the internet publishing business—and take with it all the like minded, Section 230-enabled freak shows on the internet, that would be fine with me. Excellent. Ideal.

            That would be ideal for someone who hates libertarianism. Hard to see why people who actually care about the things Reason publishes would want that, though.

            But that’s sort of an aside, because again, you misunderstand the law. Reason.com isn’t enabled by § 230. § 230 does not help Reason.com publish its own stuff in any way. It’s the public participation aspect of the site — like these discussions — that § 230 enables. If you repeal § 230, Reason.com would still be publishing.

    3. “If 230 were to fall, is there any legal defense to fall back on to prevent basically the end of user-content on sites? ”

      You’d have to do it by contract. Before accessing any content on a webpage, you’d first have to click through a user agreement, and included in the user agreement would be a hold-harmless clause.
      Then all the legal fighting would be over whether you can contract away your right to complain about something before you can even see the something. That sounds like a couple of decades of up-and-down before a meaningful precedent emerged from what would undoubtedly be multiple cases for the Supreme Court to resolve.

      1. A hold-harmless clause would not accomplish what you think it would accomplish. If Website allows Poster X to post defamatory material about me, that is reported in the NYT, the plaintiff doesn’t have to visit Website to sue. (So the plaintiff is never bound by the hold harmless.)

        1. “A hold-harmless clause would not accomplish what you think it would accomplish.”

          A hold-harmless clause would accomplish exactly what I think it would accomplish. Perhaps it is your assumption(s) which is/are wrong?

          “If Website allows Poster X to post defamatory material about me, that is reported in the NYT, the plaintiff doesn’t have to visit Website to sue.”

          They lose the lawsuit, however, because hearsay is inadmissible.

          1. They lose the lawsuit, however, because hearsay is inadmissible.

            I assume this is another of your “jokes” that only you think is funny.

            1. Congratulations! Your status as a humorless twit will be adjusted to just “twit”.

  5. All of Plaintiff’s claims are state law causes of action that would hold Tor, an internet service provider, liable for information originating with a third party. Those claims are barred by the CDA.

    Something about this does not seem right. The CDA bars treating someone as a “publisher or speaker” of certain content. That works well where the cause of action concerns publishing information, e.g. defamation. (Which was what the CDA was drafted for.)

    But the claims here rest not on disseminating information, but facilitating the sale of a dangerous (and illicit) substance. The various causes of action have different mental states (strict liability, negligence, knowing conduct). Is that really within the language of the CDA?

    Suppose an ISP knows that someone is using it to sell a dangerous substance (e.g., food that is tainted with toxic chemicals). The Seller wants to use the ISP to advertise and sell the product. Is that really within the CDA? I am dubious.

    1. Bored Lawyer just posted the kind of comment that keeps me coming back here.
      Now I’m curious. Is there a legal difference between “facilitating the sale” and advertising?
      I acknowledge a difference between a web site that says “Buy fentanyl!” and one with an Add to Cart button for it.
      Very curious what legally knowledgeable people think about whether this is outside section 230.

    2. Just imagine all the crime Ford, Nike, DeWalt, Verizon, and Microsoft have facilitated.

    3. It’s more a matter of, suppose an ISP knows as a general matter that some of it’s customers are using it to sell a dangerous substance, (Because they know in a general way that sort of thing happens.) but have no way of knowing which customers are doing it, because they don’t look at the traffic they carry, they just carry it.

      I mean, the phone company knows that crimes are frequently arranged over the phone, but they’re not (supposed to be) listening to the calls, so they’ve got no idea who is doing it.

    4. phoqueue and Brett Bettlemore:

      You both raise good points, but the way criminal and civil law generally deals with this is requiring knowledge by the facilitator. Unless the facilitator knows or is willfully blind to the fact that its assistance is being used to do a wrong, there is no liability.

      The issue of general vs. specific knowledge was actually decided by the Second Circuit (at least for trademark law) in Tiffany (NJ) Inc. v. eBay Inc. 600 F.3d 93 (2nd Cir. 2010). eBay knew that, generally there are lots of counterfeits being offered on its site. That is not enough, held the Second Circuit — it has to have specific knowledge of a specific listing for liability to attach.

      My point is, though, none of these have to do with the CDA, which is a special immunity for ISPs. The first question one needs to ask, I think, is what liability would Tor have without the CDA? If the answer is none, then who cares about the CDA.

      If the answer is there is liability, then would that liability be as a “publisher or speaker?” Or some other basis?

      1. “My point is, though, none of these have to do with the CDA, which is a special immunity for ISPs.”

        Section 230 isn’t for ISPs. It’s for Internet publishers that want to allow user interaction (like, say, a comments section). They aren’t going to do this if they can be held liable for every loonie who can operate a keyboard and knows of their website.

        The comparison is to the “letters to the editor” columns in the local newspaper. The publisher hires editors to decide which letters to print and which ones to ignore, and which ones to forward directly to law-enforcement agencies. Everything that sees print is reviewed by, and approved for publication by, an employee of the newspaper who is acting at the publisher’s direction.
        Section 230 allows for something different on the Internet… Interactive websites that allow users to post what they like, without it having gone through an employee of the website first. Things may be removed (for various reasons) but the publisher does not have to hold every item for review before publishing it (though, of course, they can choose to do so.) Joe Public can type whatever they see fit, and hit “Publish”, and poof! there it is on the Internet, available to anyone who comes along. Section 230 limits liability to the person who wrote it, and NOT to the website owner, unless the website owner does something beyond just allowing the user to publish comments.

        1. I was using ISP as a shorthand. The statute applies to any “provider or user of an interactive computer service.”

          Broadly speaking, anyone that allows third parties to post content can claim the immunity. Even if they review and edit or censor the content or some of it.

          1. “Broadly speaking, anyone that allows third parties to post content can claim the immunity.”

            Yes. Which is different from ISPs.

            If I sue Verizon because Person X wrote something on Corporation A’s website, for being Corporation A’s ISP, that’s not the same thing as suing Corporation A. It turns out that both are immune from suit, but that immunity comes from different sources.

    5. “But the claims here rest not on disseminating information, but facilitating the sale of a dangerous (and illicit) substance.”

      These aren’t as separate as you seem to think. A market-maker works by publishing information… making would-be buyers aware of would-be sellers, and vice-versa. Consider the Real Estate Multiple Listing Service, a publisher of information, and also, at the same time, facilitating the sales of real property. Or consider Ebay, or Craigslist, which fall under the category of publishers of information, but who also “facilitate sales”.

      The point of section 230 of the CDA is to limit liability to the person/entity most responsible. If some jackass lists an Ebay auction for his child-porn collection, we go after the guy with a child-porn collection, not Ebay. If some other jackass uses Twitter to threaten to kill people, we go after the homicidal jackass, not Twitter.

      1. I get that they are related. But the statute is not an all-purpose tort immunity. It says, specifically, that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider” (47 U.S.C. § 230).

        Treating someone as a publisher or speaker fits well with defamation claims. But you don’t have to be a publisher or speaker to be held liable for knowingly assisting a tort (in those jurisdictions that allow aiding and abetting for tort claims.)

        Let’s say in this case someone supplied bottles for the seller to put Fentanyl in, knowing that what was intended. That at least plausibly gives rise to a tort claim for aiding and abetting a tort. (Not to mention criminal liability).

        Why would Tor be any different? The claim is not that it was a publisher or speaker, it was that it provided some assistance to a wrongful act (assuming you can show knowing conduct, which I doubt very much).

        1. So it would be logically possible to impose liability for selling poison while preserving protection against injustices like the Stratton Oakmont case?

          On the other hand, if selling something is commercial speech, then being neither the publisher nor the speaker seems like it would put the web host out of the legal line of fire.

        2. “Why would Tor be any different? The claim is not that it was a publisher or speaker, it was that it provided some assistance to a wrongful act”

          Because the wrongful act is “assisted” by publishing or speaking. Section 230 cuts off that liability (by design).

          We also don’t let you sue sound-amplification-equipment manufacturers for what someone said over a loudspeaker.

    6. I think it is, but it might not be, since an ISP can get outside the CDA if it specifically encourages the content. To the extent your fact pattern moves you closer to specific encouragement, that should be the answer.

  6. I think there’s an argument to be made that the internet is now a relatively mature technology, so some of the powers and immunities granted to help develop it should be rolled back somewhat. Internet companies have complete control over user information and complete immunity from liability. One could argue both features should be tempered, at least in places.

    1. Any such compromise would somehow need to be tailored to make SLAPP suits like Stratton Oakmont versus Prodigy difficult or impossible. Open discussion of the idea is healthy. ReaderY, what are your thoughts about how to structure a change safely?

    2. “Internet companies have complete control over user information”

      Tor transmits encrypted packets between anonymous users. It has no way of knowing whether the users are Iranian LGBT activists or druggies.

      As phoqueue says above, Tor knows people are using its software for buying drugs like Ford knows people are using its cars in bank robberies – after the fact from the results. Or that the same drug transactions Tor is facilitating are also being facilitated by Microsoft, whoever wrote the device driver for the keyboard, etc, etc. Heck, the device drivers and operating system even handled the information before it was encrypted.

      1. “Heck, the device drivers and operating system even handled the information before it was encrypted.”

        Indeed, blaming TOR for facilitating illegal conduct is like blaming a keyboard manufacturer for not including a key logger in their device driver for police convenience.

        1. “… blaming a keyboard manufacturer for not including a key logger in their device driver for …”

          … the convenience of the police, Chinese and Russian intelligence, random hackers, etc, etc.

          Thought I’d FTFY before anyone got ideas 🙂

        2. “blaming TOR for facilitating illegal conduct is like blaming a keyboard manufacturer for not including a key logge”

          A better analogy:
          Blaming TOR for facilitating illegal conduct is like blaming a door manufacturer for all the illegal things done behind closed doors.

      2. Tor the foundation does not transmit anything.

        Tor the foundation wrote and distributed the Tor software, that’s only thing they transmitted or published (plus some mailing lists, technical documents and so forth).

        This software, when executed on the machine of a person not affiliated with TOR, transmits things.

        1. Thank you nonzense! I was about to post this.
          The TOR network is a collection of volunteers with servers. The TOR project is a software development organization.

    3. ” Internet companies have complete control over user information and complete immunity from liability.”

      Apple would like to learn more about this complete immunity from liability.

    4. “I think there’s an argument to be made that the internet is now a relatively mature technology, so some of the powers and immunities granted to help develop it should be rolled back somewhat”

      Some of them have. Online retailers can now be compelled to collect sales taxes for states they aren’t in, for example.

  7. I’m surprised at the comments above suggesting we tighten/reduce 230’s protections.

    The infrastructure (i.e. ISPs, internet browsers, social media sites, e-mail providers, sites with comments [like VC]), is not the problem.

    Yes, individuals use these services to facilitate their criminal activity, but that’s the same as saying people use public streets and sidewalks when they rob a bank.

    Keeping the 230 protections in place helps insure freedom of speech.

    1. Yeah, my only concern is that the words, “good faith” in 230 actually be given some teeth. The problem today is that 230’s protection is being extended to sites that are engaging in ideological and political censorship under the pretense of policing objectionable content.

      “No provider or user of an interactive computer service shall be held liable on account of—
      (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected;”

      Sure, there’s a catch all clause, but that would normally be interpreted as content of the same nature as the listed items. Interpreting it as authorizing absolutely any sort of restriction whatsoever would render the “good faith” language void.

      1. So what’s the problem?

        Facebook, Volokh Conspiracy, etc., delete user/commenter material all the time based on their standards (whatever those standards are including changing the standards whenever and for whatever reason they want).

        I guess the only change I would make to 230 is to delete “voluntarily taken in good faith.”

        No provider or user of an interactive computer service shall be held liable on account of—
        (A) any action to restrict access. . . .

        1. I should as long as other non-discrimination laws are obeyed, i.e. can’t deny service because of age, disability, sex, etc.

      2. “The problem today is that 230’s protection is being extended to sites that are engaging in ideological and political censorship”

        Since removing objectionable content is allowed under the statute, why are you complaining that owners of websites are removing content they find objectionable? Just because you don’t find something objectionable, doesn’t mean that they can’t.

        If you want a website that censors things they way you would, build it yourself, and quit whining that other people do things differently than you would, and quite whining that other people won’t let you use their stuff the way you want to.

        If you don’t like the way Facebook does (or doesn’t) control content on its service, demand a refund and stop using the service.

        1. I would prefer a website that censors NOTHING.

          1. Then you should only visit websites that censor nothing…?

          2. “I would prefer a website that censors NOTHING.”

            Then don’t censor anything on your website. Problem solved.

          3. This quickly devolves into spammer, trolls and a lowest-common-denominator mindset.

            A better approach might be the way Reddit allows anyone to create a sub-community, people can leave/join those sub-communities at will, but within them the moderators have very substantial authority.

            1. The point was, the available choices are A) use someone else’s website according to their rules for doing so, or B) make your own website, and impose your choice of rules on people who come to it. Forcing other people to let you use their stuff on the terms you’d like is not one of the choices.

        2. I’m pointing out that the statute provides a list to illustrate what sort of ‘objectionable’ is meant. And sites like FB are removing content on other basis that are not of that nature, and lying about why it was removed.

          What meaning would you give that “good faith”, or do you just want it to be rendered moot?

          Would I stop FB from deleting whatever they want? No, I’d just deprive them of Section 230 protection on that basis, because they’re not actually complying with the terms of Section 230. Their moderation is bad faith moderation, as regularly demonstrated.

          1. “And sites like FB are removing content on other basis that are not of that nature, and lying about why it was removed.”

            So you keep saying. When will you be suing them, and under what theory?

      3. Why do you think conservative websites ought to be dragged into court by liberal commenters challenging their good faith censorship of liberal comments?

      4. What in the statutory language prevents consideration of political leaning as being considers “otherwise objectionable”.

        For instance, if I run a gun forum, I might simply not want to have posters advocating for gun control. Under §230, I believe I ought to be allowed to consider this objectionable simply because I don’t think that discussion belongs there. It goes to the core purpose of my forum that we want to have some matters discussed and not others.

        It would be very odd to believe that “otherwise objectionable” must be read to exclude this sort of thing. That would essentially mean that it would not be possible to run limited-topic forums, and that anyone could post on any topic anywhere, so long as they were not obscene or lied. Congress could not have possibly intended this.

        1. What prevents it is the list illustrating what is meant by “objectionable”.

          A gun forum would remove content that isn’t gun related on TOS basis, but FB TOS do not specify political ideology as a basis for removal of content. If they did, then I wouldn’t call their ideological curation of content bad faith moderation.

          What meaning would you give that “good faith” that’s right there in the text of the law? The law expressly contemplates a forum losing Section 230 protection on the basis of the way they carry out moderation!

          1. A gun forum would remove content that isn’t gun related on TOS basis, but FB TOS do not specify political ideology as a basis for removal of content. If they did, then I wouldn’t call their ideological curation of content bad faith moderation.

            They specify “anything they damn well feel like” as a basis for removal of content.

            (Well, that’s Twitter. I assume FB still says something similar, but I haven’t looked in a while.)

          2. I mean, ‘otherwise objectionable’ seems to indicate things that are objectionable for other reasons.

          3. “What meaning would you give that ‘good faith’ that’s right there in the text of the law?”

            I would assume that “good faith” continues to mean what it has always meant, rather than attempt to redefine it the way you want to. Isn’t that the core of our disagreement?

        2. “For instance, if I run a gun forum, I might simply not want to have posters advocating for gun control. Under §230, I believe I ought to be allowed to consider this objectionable simply because I don’t think that discussion belongs there.”

          And, I’m going to suggest that there might be (hypothetical) people on your (hypothetical) website that have even stronger feelings than you do, who might, say, threaten violence towards the gun control advocate who stumbles into your gun-enthusiast midst. If you leave their posts up because you only pay attention to the flagged comments, and your sites visitors keep flagging the gun-control advocate but didn’t flag the guy who offered to shoot him with each of his weapons, you’d be free from liability if the guy followed through.

      5. Are you arguing against owners of private property setting their own rules?
        I regularly visit the home of someone with a house rule against discussing politics under his roof. It’s constitutionally protected speech. I have a right to make it, he has a right to throw me out and forbid me to return.
        That’s not a rhetorical question, because there is precedent that after the town square is purchased by a developer there is still free speech allowed there. Facebook is so big that I wouldn’t be contemptuous of an argument that they are the new town square. A single-family home is a very different situation.

  8. Did any of the defendants countersue for negligent parenting, for allowing a 13-year-old to access the dark web unsupervised? Because that’s the real problem in this story.

  9. People who still support sec. 230 need to start thinking about how to reform it, at least a little. Because its enemies are increasing in numbers from both sides, for their own reasons.

    The middle is not going to hold.

    1. You’re probably right but that’s just the normal ebb-n-flow of democracy.

      1. Sure but the supporters are just “free speech”-ing away the complaints. As we see in these comments.

        They are going to have to do better than that if its going to survive.

        1. Arguing in favor of free speech is not “‘free speech’-ing away the complaints.” There aren’t any better arguments. If you have better arguments, let’s see them.

          1. My complaint about FB, YT, Twitter, is that they’re moderating in bad faith, and thus by the express terms of Section 230, have removed themselves from its shelter.

            They claim not to politically curate content, but they do. They lie about the basis of their moderation.

            If FB just came out and announced, “We’re a social platform for left-wingers, no right-wing content is allowed.”, I’d withdraw my objections, they would be honest about how they’re moderating content. But they don’t do that. They claim to be ideologically impartial, while moderating on the basis of ideology.

            That is categorically bad faith, and Section 230 does not protect bad faith moderation.

            1. They claim not to politically curate content,

              I don’t see that anywhere in the TOS.

              1. I’ve seen it in the public statements of their press spokesmen.

              2. That was in Zuckerberg’s testimony to the Senate earlier this year, so assuming he wasn’t perjuring himself (I.e. he knew it was false), and this isn’t a word games deal (we don’t censor based on politics only when we’re giving testimony about it, the rest of the time we do censor based on politics) that’s a pretty clear statement from FB

            2. “They lie about the basis of their moderation. ”

              (Pretending the claim is true)
              What statute requires them to be 100% open about how their moderation filters work?

              Most platforms allow users to signal bad content to management. Most platforms (if not all) will react to things that generate lots of these before moving on to other things.

              Thus, if one side gets moderated more, it may be because the site’s owners are biased to the other side. It ALSO may be because the people who get moderated are boorish, rude, or otherwise objectionable, and also happen to be mostly on one side.
              So, if you and your side are getting moderated a lot, maybe check to see if you’re hanging out with a bunch of rude jerks, and adjust accordingly.

              1. “What statute requires them to be 100% open about how their moderation filters work?”

                THIS statute, the one we’re discussing, which says, “good faith”, rather than allowing sites total freedom to moderate in any way whatsoever.

                You seem absolutely determined to strip those words of any force.

                1. THIS statute, the one we’re discussing, which says, “good faith”, rather than allowing sites total freedom to moderate in any way whatsoever.

                  Why do you think that total freedom to moderate is somehow bad faith?

                2. “You seem absolutely determined to strip those words of any force.”

                  Not joining you in interpreting them to mean “moderation in any way I don’t agree with is bad faith”, you mean.

    2. It’s just a pendulum swinging. Once the protection is removed, some widely publicized, ludicrous result will emerge (involving lawyers that the public hates), and we’ll be right back to 230. You can’t keep good ideas down, especially after people have enjoyed the benefits for decades.

      And we’ve already seen the reform. Last year, for instance, 230 was modified to have no effect on sex trafficking.

      1. “And we’ve already seen the reform. Last year, for instance, 230 was modified to have no effect on sex trafficking.”

        Just to kill one website (Backpage) that was actively cooperating with law enforcement on tracking down posters of genuine human trafficking adds.

        1. Right, which is another example why we shouldn’t tolerate fucked up “reform”. This idea that we have to negotiate because inevitably the people will turn on free speech is wrong. The rejoinder is to convince the people that free speech is good, not to abandon it.

  10. The best thing about all this is that even if the lawsuit succeeds (perhaps in a future without §230) and the TOR foundation goes bankrupt and dissolved, the TOR network will continue to function just fine. The source code itself is open source and freely copied/mirrored around the world in the possession of non-TOR-foundation entities. The network continues to run on machines completely unaffiliated with the foundation, new users would have to either get and build the source or, more likely, binaries would be built by other parties.

    One could imagine trying to clamp down on publishing both the source and compiled binaries, but this is a bit like trying to chase down people distributing pirated movies, except much harder since there is no aggrieved rightsholder to drive the process. Indeed, the software itself is permissively licensed!

    1. More solid information from nonzenze! I apologize for misspelling your name earlier.

    2. “the TOR foundation goes bankrupt and dissolved, the TOR network will continue to function just fine.”

      It’s compromised. If that fits into your definition of “just fine”… yes, it will continue to be “just fine” if there is no maintenance/development.

      56-bit encryption once seemed “just fine”, too.

      1. Its open-source, there will be plenty of maintenance/development from third parties

        And no, this third party development need not fragment the network, just as forked clients didn’t fragment the old P2P networks

      2. Wait, how would it be compromised?

        And what’s to stop maintenance/development? The source is (extremely) permissively licensed, so there are no legal/IP hoops to prevent individuals from contributing patches.

        1. “Wait, how would it be compromised?”

          The FBI won’t say. They’ve been letting USAs drop cases so they don’t have to testify about how they broke it.

          “The source is (extremely) permissively licensed, so there are no legal/IP hoops to prevent individuals from contributing patches.”

          And when everybody’s running their own version of the client, they all work together because positive thinking?

          1. No, they work together because the specifications necessary to do that are public domain.

            1. The specifications to make a network that the FBI can track. I thought you wanted one they can’t track.

  11. Since some have mentioned reforming the CDA, a possible model would be the printer-publisher partial immunity for trademark infringement, contained in 15 U.S.C. 1114(2). (Too long to copy here.) Basically, printers and publishers of infringing materials who can show they acted innocently (meaning in good faith) are not liable for damages, but only for an injunction against future infringements. (And even there, there are some limitations on injunctive relief if the injunction would cause delay in dissemination of a newspaper, periodocal. etc.)

    So if you act in good faith, all that might happen is you will be ordered to take down and not repeat the offending item.

  12. I don’t know enough about how courts have interpreted it, but I’ve always read (2) of Sec. 230 differently. I just read it to clarify that censoring in good faith can’t be used to prove that you actually are the publisher, but I don’t know whether censoring in bad faith automatically means that you ARE the publisher.

  13. It is remarkable to me that so many here can write so much, and speak to authoritatively on a topic without having the slightest understanding of the fundamental nature of the subject.

    It’s also remarkable that the court doesn’t either. And, that a very simple internet search could have cleared this up.

    A special note to Stephen Lathrop: you have written so much here that is so ill informed, I recommend you do a little research before you “launch” again. Go to wikipedia. Or, in this case, go directly to tor.org.

    Tor is not an internet service provider, a network, or a publisher, of any kind. It is a 501(c)(3) research-education nonprofit organization who’s primary products are the Tor network and Tor browser, free and open source.

    A few snippets from wikipedia:

    The Tor Project, Inc. is a Massachusetts-based 501(c)(3) research-education nonprofit organization founded by computer scientists Roger Dingledine, Nick Mathewson and five others. The Tor Project is primarily responsible for maintaining software for the Tor anonymity network.[4]

    The Tor Project was founded by computer scientists Roger Dingledine, Nick Mathewson and five others in December 2006. The Electronic Frontier Foundation (EFF) acted as The Tor Project’s fiscal sponsor in its early years, and early financial supporters of The Tor Project included the U.S. International Broadcasting Bureau, Internews, Human Rights Watch, the University of Cambridge, Google, and Netherlands-based Stichting.net.[5][6][7][8][9]

    As of 2012, 80% of The Tor Project’s $2 million annual budget came from the United States government, with the U.S. State Department, the Broadcasting Board of Governors, and the National Science Foundation as major contributors,[34] “to aid democracy advocates in authoritarian states”.[35] The Swedish government and other organizations provided the other 20%, including NGOs and thousands of individual sponsors.[8][36] Dingledine said that the United States Department of Defense funds are more similar to a research grant than a procurement contract.

    1. “Tor is not an internet service provider, a network, or a publisher, of any kind. It is a 501(c)(3) research-education nonprofit organization who’s primary products are the Tor network and Tor browser, free and open source.”

      You lose credibility when you claim they’re not a publisher of any kind in one sentence, and then one sentence later describe what they publish.

      1. Snarky reply. Providers of software are not “publishers” in the context of that term here.

        1. You lose even more credibility when you insist that publishers aren’t publishers, or that when you say “publishers”, you don’t mean “publishers”. (Whichever it was you just did.)

          1. What’s your point, James? Are you just being “correct” about everything? You’ve made 46 comments on this entry already, and haven’t contributed much to the conversation, except to criticize other people’s comments.

            I fully understand that a software provider may be referred to as a publisher. Believe it or not, words in English can take on different meanings depending on context. It’s called connotation.

            In the context of this discussion, “publisher” refers not to suppliers of software, but to an entity that disseminates content. The software at issue here, the TOR browser and the router, are analogous to the printing press, not to the entity that uses the printing press (publisher) to disseminate content. That’s what I meant.

            If you have a substantive criticism, or some content to offer, go ahead. But to snark at me, say that my credibility is injured by my use of a term in an otherwise informative reply to this blog entry, is not helping anyone.

            By the way, your comment “Tor takes effort to use” – not so. You can simply install the TOR browser and be up and running, near zero effort.

            1. “What’s your point, James?”

              Your argument is crap. Was this not clear?

              “In the context of this discussion, “publisher” refers not to suppliers of software, but to an entity that disseminates content.”

              What did I say previously about your attempts to redefine “publisher” to not mean “publisher”?

              “By the way, your comment ‘Tor takes effort to use’ – not so. You can simply install the TOR browser and be up and running, near zero effort.”

              You haven’t learned the lesson yet that saying something in one sentence, then in the very next sentence saying something that contradicts what you just said, doesn’t work. Maybe next time.

              1. You are being deliberately obtuse, in not acknowledging that “publisher” takes on different meanings in different contexts, i.e., the connotation of “publisher” here. Surely you have the intelligence and capacity to grasp this. Whey do you ignore the distinction? Or maybe you don’t grasp it. If someone creates a newspaper called “NewsPaper using Adobe tools, and puts it on the web using IIS, and includes content written by John Doe, who’s the publisher? NewsPaper, John Doe, Adobe, Microsoft? While MS ‘publishes’ software that may enable distribution of content, I don’t think any reasonable person would say MS is the publisher in this context. Get it?

                In the second part are you saying that installing a browser is equal to “some effort to use?’ If so, ridiculous. For example, the Android version installs from the Play Store by simply hitting the “install” button. No other config required. Maybe you should try it.

                1. “You are being deliberately obtuse, in not acknowledging that “publisher” takes on different meanings in different contexts”

                  “Publisher” means “publisher”. This is not difficult for anyone (except, apparently, to you.)

                  ” If someone creates a newspaper called “NewsPaper using Adobe tools, and puts it on the web using IIS, and includes content written by John Doe, who’s the publisher? NewsPaper, John Doe, Adobe, Microsoft?”

                  All of the above are publishers in your example (assuming “NewsPaper” has some sort of legal status independent of Mr. Doe.)

                  “While MS ‘publishes’ software that may enable distribution of content, I don’t think any reasonable person would say MS is the publisher in this context. Get it?”

                  They publish, but aren’t publishers? Nope, don’t got it. Nothing to get. Try this instead: “They publish. That makes them a publisher”. See how easy?

                  “In the second part are you saying that installing a browser is equal to ‘some effort to use?'”

                  Yes. Because “some effort” means “some effort”. Is English your second language, or third?

  14. There are exceptions to free speech, comments such as assault, aspects of fraud, insider trading and the like. TOR is a cesspool of criminal activity and anyone abetting by technical means is abetting criminal acts.

    Given the full nature of the TOR environment it seems perfectly reasonable to me for the Fed’s to go after the group that makes the TOR browser using (at a minimum) the RICO act.

    1. You saw the part above that says “As of 2012, 80% of The Tor Project’s $2 million annual budget came from the United States government, with the U.S. State Department, the Broadcasting Board of Governors, and the National Science Foundation as major contributors,…”??

      So the US Government is going to use RICO to have the US Government declared a racketeering organization?

      Oh wait … on second thought, what’s the downside?

      Seriously, though, suppose you do break Tor. That will
      1)hurt dissidents worldwide, and…
      2)not really make drugs any less available
      Are you sure that’s a good bargain?

  15. Good news! Tor browser is now available for Android!

  16. By the way, is there anyone here who supposes TOR provides any security at all from surveillance by the U.S. government?

    1. Well, sure it does.

      Tor security is a complex subject, and one where a lot of work has been done. It’s not a subject that can be neatly summarized in a paragraph. If you are interested, I’d suggest doing some research instead of just imagining what the facts must be. Have you even read the wikipedia page yet?

      1. Absaroka, I don’t propose to undertake the absurdity of turning myself into a self-styled national security expert by researching the subject from the outside. James Bamford already went down that road, retired the trophy, and still ended up telling his readers notably less than events subsequently disclosed was going on.

        I grew up in the DC area, in circumstances notably embrined by juices from the national security pickle barrel. I know enough about the boundaries of what I can’t know to distrust the notion of finding much out by research. It is not for nothing that our nation’s national security adversaries employ shockingly aggressive methods to pick up mere tidbits.

        My advice to other ordinary citizens who take an interest in national security practices is precisely, “Imagine what the facts must be.” In doing that, start with what you think you know about capabilities, then assume the government is doing whatever its most ambitious national security entrepreneur recommends for the use of those capabilities. Then remind yourself again that you really don’t know anything reliably. And that among the things you really don’t know will be interesting capabilities you never dreamed of. That’s about as good as anyone can do, I think.

        I would prefer less secrecy, and a national security posture for the nation notably more constrained than the one the secrecy enables. With that in place, research would look more promising. But for now, if someone came to me and said, “I’ve done the research, and here is what is happening,” my response would be, “Have you tried imagining what the facts must be? At least that way, if you get it right, they won’t have to shoot you.”

        1. “I don’t propose to undertake the absurdity of turning myself into a self-styled national security expert by researching the subject…”
          “My advice to other ordinary citizens…”

          Why am I hearing “I don’t propose making even a trivial effort to learn about vaccines, but my advice about vaccines is …”

          There are genuine experts out there who do understand these things. Bruce Schneier is on the Tor board, for goodness sake. To not even listen to them … words fail.

          “Imagine what the facts must be.”

          Sure; you have a habit of that. But it’s not a good habit, because oddly enough, when you imagine what the facts must be, the ‘facts’ always seem to support your preconceived notions. Inferring the facts from your conclusions is not the right direction.

          1. ” Inferring the facts from your conclusions is not the right direction.”

            Well, it often works in the short-term, as long as there are enough people who ALSO want their facts to align with your conclusions. Say you are a tobacco producer, and your customers want to keep smoking. Surprise! All your facts show that smoking doesn’t cause health problems, and the smokers keep smoking until they die. Or say you’re a petroleum extractor or refiner. If people though climate change was related to your industry’s actions, they might want you to start paying for it! So, your “facts” show that there is no climate change, and there’s no reason to extract any of your profits to address the problem. Get a political faction on your side, and watch as the “fact” that climate change isn’t happening gets repeated and repeated, even by people looking directly at where their house used to be, before the tornado.

        2. “My advice to other ordinary citizens who take an interest in national security practices is precisely, “Imagine what the facts must be.””

          This is how conspiracy theories work. Inject a little bit of paranoia, and then you can start believing all that stuff you imagined.

    2. Is Tor a silver bullet? Absolutely not.

      In some cases, could Tor be one part of a comprehensive opsec posture? Depends heavily on the details.

    3. ” is there anyone here who supposes TOR provides any security at all from surveillance by the U.S. government?”

      Yes, it does.
      The FBI lets USAs drop cases rather than reveal how its surveillance of the TOR network works.

      1. James Pollock, at least we agree on that. I suggest it is foolish to suppose that the U.S. Department of Defense would pay to develop a security tool that did not enable ready access by the U.S. surveillance community. But just reading the newspapers tells me that with that access in place, protection of sources and methods would lead to ignoring essentially every offense that did not seem to affect U.S. national security. For those cases which did harm national security, some way would be found to respond without disclosing the source of the information.

        Of course what that may point a cynic to conclude, is that TOR does provide high-quality security to perpetrators of ordinary crimes—none better, because none of the alternatives can guarantee no one will say anything, even after they catch you.

        Implications for TOR users among the international political community are more sinister still.

        1. “I suggest it is foolish to suppose that the U.S. Department of Defense would pay to develop a security tool that did not enable ready access…”

          Do you understand what ‘open source’ means?

          If entity X provides object code and says ‘trust us, we didn’t put in a backdoor’ then … reasonable people assume there is a back door. But it’s a little harder to do that with open source. As Nonzenze aptly says above, tor isn’t a silver bullet. There are attacks that can work when an attacker (NSA Cough!) has ubiquitous enough surveillance to watch both entry and exit nodes. And tor traffic is uncommon enough that using it makes you stand out, so all your other computer security better be up to snuff. This is all widely known and discussed in e.g. the wiki page … hint hint.

          1. Do you understand what ‘open source’ means?

            Not the right question.

            I am sure that even if I had a perfect understanding of open source, that would not put me on a par with an NSA team with comparable understanding, plus access to an array of workarounds not directly related to open source, but highly relevant to defeating open source security schemes.

            The right question is, what gives you the confidence you know about all that stuff as well as the NSA does?

            1. “I am sure that even if I had a perfect understanding of open source, that would not put me on a par with an NSA team with comparable understanding, plus access to an array of workarounds not directly related to open source, but highly relevant to defeating open source security schemes.”

              You are a (paranoid) fool.

              “open source” means that anybody can see how something works. No amount of mystical NSA-ness changes this to allow them to hide things in open code.

              1. “open source” means that anybody can see how something works. No amount of mystical NSA-ness changes this to allow them to hide things in open code.

                James, problem is, you think you are playing a game of complete knowledge. But you aren’t. You would be a fool to take that attitude into a poker game, thinking that just because everyone can see the up cards in stud poker, everyone is on an even footing, so the down cards can’t make any difference. You would get killed if you played that way.

                But playing against the NSA, it’s much worse than that. In their game, they are the only ones who ever get to see down cards. You are playing a game of uncertain knowledge, against opponents with certain knowledge and a far bigger bankroll. And you are all shiny and confident because you can see the up cards? I don’t like your chances.

                1. “James, problem is, you think you are playing a game of complete knowledge. But you aren’t. You would be a fool to take that attitude into a poker game, thinking that just because everyone can see the up cards in stud poker,”

                  Gad, what a twit.

                  If you can see all the cards, you’d probably do quite well in poker.

                  Wait, did I just flip from your “seeing all the up cards” to “seeing all the cards”? That’s cheating! But, it’s ALSO how open source works. There are no hidden cards.

                  “I don’t like your chances.”

                  But you DO like your chances of winning this argument about information security you’ve gotten yourself into, where you’re arguing against an information security professional who keeps telling you that you don’t even have a grasp of the basics?

                  1. James, I recalled the subject of poker out of fond memory. In college, I attended a regular poker game, which featured some pretty good players. One in particular was on the lookout for folks like you—people who not only overestimate the value of what they know, but also assume there can’t be anything else of more value that their adversaries can know.

                    So my friend would go from time to time to the bulletin board at the hall of graduate studies, and post a card to tout the undergraduate poker game, hoping to connect with technically minded grad students who were experts in advanced mathematics. He had learned from experience that those guys thought like you. In their case it wasn’t open source, of course, but they knew as confidently as you do that their technical chops would give them a secure edge over mere undergraduates.

                    Long story short, my friend discovered those types were surprisingly plentiful, and amazingly confident. The results were awesome to behold, as each in turn was quickly cleaned out and sent packing—never suspecting he had encountered an expert at managing and leveraging non-quantifiable risks—both his own, and those of his opponents. Nor suspecting either that my expert friend owned an added and remarkable psychological skill—an ability to motivate opponents to do what he wanted them to do, at the time he wanted them to do it.

                    Knowing you as I do now, I know what you are thinking—that this has absolutely nothing to do with what you have tried with such futility to explain to me. Dream on, my friend. And if you ever see a guy who calls himself Eric Random, stay away from the poker table.

                    1. “James, I recalled the subject of poker out of fond memory.”

                      Steve, your fondness for poker doesn’t make it magically apply.

                      ” my expert friend owned an added and remarkable psychological skill—an ability to motivate opponents to do what he wanted them to do, at the time he wanted them to do it.”

                      Ah. You’re trying to say your friend cheats when he plays cards.

                      “you have tried with such futility to explain to me.”

                      Futility is right. You prefer the facts you imagine to the facts as they are explained to you.

        2. ” I suggest it is foolish to suppose that the U.S. Department of Defense would pay to develop a security tool that did not enable ready access by the U.S. surveillance community.”

          That is because you don’t understand information security. A “secure” communications system that can be cracked by your intelligence agencies is a communications system that can be cracked by ANYBODY’S intelligence agency. The reason that the US government supports TOR is so that oppressed people worldwide can communicate without surveillance by intelligence agencies.

  17. Inferring the facts from your conclusions is not the right direction.

    Exactly, it’s absurd. Which doesn’t mean there are not situations when something absurd isn’t as good or better than something else—such as supposing that as a national security outsider you can research your way to insight into what would surely be a SCI classified program. That is beyond absurd.

    Absaroka, I don’t suggest imagining facts because I think that’s a great route to the truth, or even a useful one. (Which is why I repeatedly noted that anyone trying it as method has to stop to remind himself that he doesn’t really know). Instead, I suggested it to emphasize my belief that it is pretty far out to think you can research facts which not even national security insiders with the highest clearances can access, or even know exist.

    You write as if you think you are knowledgeable about national security, and I don’t assume you are not. But so far I haven’t seen anything specific in what you have written here to suggest more-than-typical public knowledge on any subject except programming—which isn’t the subject I have been discussing.

    Because you usually seem pretty well informed, I do assume you probably know what SCI means, and what it implies for this discussion. But because you haven’t been writing here as if you know that, maybe Wikipedia could help you out.

    If there are other readers following this discussion, who don’t know what I am talking about, Google: national security SCI. It is a security system which uses code word authorizations to keep even people with the highest security clearances from knowing about the existence of some programs—typically to protect sources and methods used in intelligence gathering.

    People judged to already have sufficient security clearances are chosen for SCI program participation by superiors, on a need-to-know basis, informed of the program’s existence, and told the code word. Until that happens, no matter how high and various the person’s clearances, he typically can’t even find out the program exists, barring a very big deal security breakdown.

    1. And by the way, Absaroka, around DC, at least, and among Hollywood script writers, too, what I wrote above is pretty typical public knowledge. I don’t pretend to be telling you anything which sets me apart as an insider with special access. I’m just wondering why a well-informed person such as yourself writes comments that seem not take account of stuff you can find out about in the movies.

      1. “among Hollywood script writers, too, what I wrote above is pretty typical public knowledge”

        Hollywood script writers don’t know how ANYTHING works. Try this experiment:
        Step 1: Take any movie or TV show about anything that requires specific knowledge.
        Step 2: Ask someone how has specific knowledge about the topic whether or not the movie got it right.
        Step 3: Wait for the person who knows that they’re talking about to stop laughing.

        Approximate number of network television shows which accurately depict information security at any point in their program: 0.0

    2. I think you don’t understand what open source means.

      1. I think “open source” is just the tip of the iceberg of what he doesn’t understand.

  18. That is because you don’t understand information security. A “secure” communications system that can be cracked by your intelligence agencies is a communications system that can be cracked by ANYBODY’S intelligence agency. The reason that the US government supports TOR is so that oppressed people worldwide can communicate without surveillance by intelligence agencies.

    This from Schneier seems relevant:

    What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

    Do you see any contradiction between that and what I quoted from you above?

    1. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

      Relevant.

      1. “Relevant.”

        The softest spot in any information security system is always people.

    2. “Do you see any contradiction between that and what I quoted from you above?”

      They don’t contradict each other; they just aren’t related in any way.

      You made a specific claim that Tor had a builtin backdoor: “I suggest it is foolish to suppose that the U.S. Department of Defense would pay to develop a security tool that did not enable ready access…”

      That’s false (because … open source).

      Unrelated to that claim are these generally true things:
      1)The NSA has skilled hackers, and more (e.g. supply chain compromises).
      2)Various TLA’s have skilled burglars that can pick your house locks and install keyloggers, cameras, microphones, …
      3)TEMPEST – don’t forget TEMPEST!
      4)As DMN mentions, ‘enhanced interrogation’ is always an option.

      I’m honestly not sure if you’re arguing in bad faith, or just don’t understand much about the field.

      “I don’t pretend to be telling you anything which sets me apart as an insider with special access. ”

      That’s pretty obvious.

      1. “‘Do you see any contradiction between that and what I quoted from you above?’
        They don’t contradict each other; they just aren’t related in any way.”

        There’s a tangent. Schneier is saying that once you’ve come to the attention of a national intelligence agency, you must assume that they can penetrate your information systems.
        The point of using TOR communications is, in part, to avoid coming to the attention of national intelligence agencies.

        In analogy, if you are driving while intoxicated, and you get pulled over, you can expect to be arrested and prosecuted. This does not imply, as Mr. Lathrop imagines, that cops have infiltrated automaker supply lines to place intoxicated-driver detectors in all the cars on the road. (In fact, automakers have started installing features that make it harder to detect intoxicated drivers, because the car now does lane-keeping and collision-avoidance automatically.)

    3. I stand by my conclusion that you don’t understand information security. Mr. Schneier does, but you don’t understand HIM.

      1. James, I think I can characterize Schneier better than you have. I think he is saying that you, as an individual, can’t have information security, at least not in the face of an adversary as imposing as the NSA. He holds out a (wan) hope that really extraordinary information security techniques, widely enough practiced, would accomplish a sort of herd immunity inoculation, by making NSA work too hard to target everyone. But even then, if the NSA has decided to target you specifically, your supposed security is toast.

        The cherry on top of that fine news is that Schneier cheerfully admits there is stuff going on at NSA he knows nothing about.

  19. “James, I think I can characterize Schneier better than you have.”

    There’s no evidence that you can. I continue my previous conclusion.

    1. James Pollock, thanks for the reassertion. I don’t necessarily think it means you can’t refute my points. Maybe I just tired you out.

      1. ” I don’t necessarily think it means you can’t refute my points.”

        It means you HAVE no points.

        To use the poker analogy that you’re so fond of, you’re trying to play poker but there’s only one card in your hand, and it’s a trey. I don’t know why you imagine that it’s a four-of-a-kind, but you won’t be disabused of the notion.

Please to post comments

Comments are closed.