First DMCA takedown notice, yay! (part 1)

Bookmark and Share

Id: 81

Last night I started operating a Tor relay on my Slicehost server (the same one that runs this website). A Tor relay is an anonymizing proxy, essentially a service that allows connections between computers without revealing the identity of each one to any other. In the Tor project, there’s a whole network of these relays, and what would ordinarily be a simple TCP conversation between two computers instead becomes a long chain of random, unpredictable connections in which each relay along the chain (except for the first and last) has no idea of the original source or final destination of the data it’s processing. This kind of system is great for hiding your tracks from, say, government censors, since it’s painstakingly difficult at best, impossible at worst, to actually follow the path that data takes from computer to computer. Obviously this is going to be very useful for a lot of people in Iran right now. (In fact, that’s why I set up a Tor relay in the first place.)

Because Tor relays don’t reveal information about the ultimate source of a TCP packet to its final destination, and vice versa, when you make a connection to some external server through Tor, the server doesn’t know that the connection originates from your computer. (which is the whole point, of course) It only knows about the Tor exit relay that it’s directly connected to. (The exit relay is just the last relay in the chain) So, for example, if someone downloads a movie file from a website through Tor, it’s the exit relay that shows up in the web server’s logs, not the actual downloader’s computer.

This is basically what happened. Here’s how the notification email started out:

We have received a notice pursuant to the Digital Millennium Copyright Act (“DMCA”) from Bay TSP regarding certain content appearing at the above-referenced website (the “Website”). This company alleges that material posted on your company’s website infringes on their copyright.

…which is slightly crazy, and more than slightly false. Sure, the material may be a copyright infringement, but it’s not posted on my website.

Please remove the content claimed to be infringing from the Website and confirm to me in writing that you have done so by 8:00 A.M. Central Time, Friday, June 26, 2009. If the allegedly infringing content is not removed and/or I have not received your written confirmation by that time, Rackspace will suspend network access to the server(s) hosting the Website.

OK, now that’s a problem. I can’t remove the content because there’s nothing to remove, so how’s a law-abiding sysadmin to keep the server connected?

I’m certainly not the first one to encounter this problem, and there’s already a lot of information out there about how to respond to a DMCA takedown request when there’s nothing concrete you can do. But that will have to wait for a followup post while I hash out the details.

The chronology of my DMCA experience continues in part 2.

P.S. For anyone interested, here’s more information about setting up a Tor relay or bridge to help Iranian activists and/or, more generally, the cause of open communication worldwide.