SOPA bans Tor, the US Navy's censorship-busting technology

Tor, the censorship-busting technology developed by the US Navy and promoted by the State Department as part of the solution to allowing for free communications in repressive regimes, is likely illegal technology under the Stop Online Piracy Act. SOPA makes provision for punishing Americans who contribute expertise to projects that can be used to defeat its censorship regime, and Tor fits the bill.

"I worry that it is vague enough, and the intention to prevent tunneling around court-ordered restrictions clear enough, that courts will bend over backwards to find a violation," says Mark Lemley, a professor at Stanford Law School who specializes in intellectual property law.

Smith's anti-circumvention language appears designed to target software such as MAFIAAFire, the Firefox add-on that bypassed domain seizures, and ThePirateBay Dancing and Tamer Rizk's DeSOPA add-ons, which take a similar approach. (As CNET reported in May, the U.S. Department of Homeland Security has tried, unsuccessfully so far, to remove MAFIAAFire from the Web.)

But Smith worded SOPA broadly enough that the anti-circumvention language isn't limited to Firefox add-ons. In an echo of the 1998 Digital Millennium Copyright Act's anti-circumvention section, SOPA targets anyone who "knowingly and willfully provides or offers to provide a product or service designed or marketed by such entity...for the circumvention or bypassing" of a Justice Department-erected blockade.

How SOPA's 'circumvention' ban could put a target on Tor (Thanks, James!)


  1. Hate on the RIAA and MPAA all you want (they certainly deserve it), the real danger with SOPA has nothing to do with preventing privacy.  It’s about censorship, plain and simple.  It’s about trying to shut down the Internet’s ability to allow for the exchange of information and ideas – especially if those ideas go against the will of the government.  Every one of those SOBs in Washington who vote for this know exactly what they’re voting for – restricting your rights.

      1. Wikileaks. If SOPA/PIPA are not about piracy, and it seems reasonable to suspect that they’re not… Let’s remind ourselves that the government has been looking for ways to shut down Wikileaks and prosecute Assange. Really looking (as has been revealed by whistleblowers). Under SOPA/PIPA they can probably finally do all that because Wikileaks has published ‘stolen intellectual property’ from commercial sources unabridged. The same goes for many, many publications made by Anonymous and sympathizers and so on.

        Of course the bills are worded vaguely enough that almost any (future) publication or technology on the net that’s a nuisance to big corporations/government can be obstructed or disappeared. Including ‘stolen’ Lady Gaga MP3s.

        Food for thought.

        The powerful badly want their secrecy back. And then some.

  2. The fact that the US is trying to block a tool for “allowing for free communications in repressive regimes” kind of sums up how I feel about that country these days. When is everyone going to realise this and do something about it?
    “Land of the free” is now the “Land of the Massively Oppressed”

  3. Oooh, I just read the details a bit more. Could we make the Justice Department try to “arrest” the State Department or the Navy for developing/promoting Tor in the first place?

  4. From SOPA: “A service provider shall take technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States…”

    The key phrase here is “technically feasible and reasonable”.

    It is technically feasible to block DNS. It is technically feasible to block an IP. It is not technically feasible to decrypt Tor or SSL, and it is not reasonable to wholly block them as they have many non-infringing uses. It is not feasible or reasonable to prevent the use of alternate DNS or a hosts file.

    Tor doesn’t fall under the category of something designed or marketed to bypass SOPA blocks. Not by itself. I really do think that language targets pay-for crap that might package a specially-configured bittorrent or Tor,  or point your browser to a proxy, or something like that. Kind of like the old dialer scams. Saying Tor would be blocked because it could bypass a SOPA block is like saying all encryption will be blocked: We tried to block strong crypto with arms export regulations in the past. For many of the same reasons. It didn’t work. This won’t either.

    What bothers me on a much deeper level is all the hyperbolic analyses of SOPA from the tech community. We have the content industry saying “if we don’t pass SOPA the terrorists win” and the tech industry saying it will destroy the Internet. Where are the facts? Not opinions, facts.

    How does it feel to use the same tactics the right-wingers employ to keep people “skerred of terrists”? And for the same reasons FOX News does it. Page views. Ad impressions. Money. For bloggers, all of the above plus their 15 minutes of fame.

    You are above that kind of speculation, pandering, and deceptive exaggeration.

    As for Listener43 and the rest bawling about free speech…  Really? Why do you think SOPA is going to block a blog critical of SOPA? Give me a good argument. I thought the DMCA and the PATRIOT act were supposed to mean the end of free speech for everyone? Hell, PATRIOT was supposed to make any and all dissent terrorism and put us all in Gitmo. Show me how any law has stopped YOU from saying “the gub’mint sucks” on the Internet, because I see a crapload of it right here.

    SOPA is a stupid, unenforceable law, but it’s not going to destroy the Internets.

    1. It doesn’t matter if some people can bypass SOPA – the majority won’t, and as a result will have restricted access to information. Sites can be blocked without any notice given. The ways this act can be abused are endless – do you honestly think sites such as Wikileaks will escape takedowns?

      The ordinary decent people who can bypass this law will be made criminals and subject to severe punishment. It is a direct attack on Freedom of Speech for the profit of private interest. I would hardly call that hyperbole.

      1. You mean did I read a piece based on the opinions of the author and others? Yes. Read it again just to make sure.

        FYI, “Privacy, Inc.” is an op-ed column by a political correspondent, not political news by said correspondent. Just because CNet puts it under news doesn’t mean it is fact.

        The paragraph you put in quotes is Cory’s summary. Specifically, “Tor fits the bill” is his opinion. It is not in the article. Did you read the article?

        This is from the article and conveniently not mentioned by Cory:

        During last week’s SOPA debate in the House Judiciary committee, Rep. Zoe Lofgren, a California Democrat whose district includes the heart of Silicon Valley, offered an amendment to revise the anti-circumvention language.

        “Those very same tools that we have worked to devise, that we have funded to develop in some cases, are the same tools that could also be used by Internet users in the United States to circumvent the blocking of a foreign infringing site under the bill,” Lofgren said.

        Smith replied by suggesting that “you and I and others involved could write language that would address your concerns.”

        the amendment proposed by Lofgren was that the SOPA anti-circumvention language “does not include any product or service designed or marketed for the circumvention of measures taken by a foreign government to block access to an Internet site.” 
        .. which is a disaster in the way that it is worded, in that it says if any foreign govt blocked the same site as SOPA, a tool to circumvent the block would be excluded from anti-circumvention.

        Summary: Concerns have been raised. Smith is willing to work with them.

        As an aside, I fully expect if Wikileaks could feasibly be blocked, it would be and you don’t need SOPA to do it. Wikileaks is hosting US classified information, there are plenty of existing laws that already apply. And so far it seems untouchable as long as it isn’t hosted in the US or using US-based services.

        1. I am always amazed at how willingly people line up to hand over their rights to others.  Sheep, meet the slaughterhouse.

          Summary: If Wikileaks – the site hosting classified US documents – cannot be blocked in any case then why, oh why is SOPA needed at all?  

          1. Its simply because there are no laws in place allowing the government to order ISPs to interfere with the DNS system. The DNS system is run by ICANN which even though it has been partnered with the US govt…does not answer to the US Govt.
            However, this law will give the government a mechanism for censoring sites which it NEVER had. There has never been a time when the US Govt. has touched the DNS system or blocked a domain that was not registered in the US. 

            How easy will it to include Wikileaks under SOPA’s vague language.

            TL;DR SOPA will make it so that the US can easily block “illegal” sites such as Wikileaks or Piratebay

    2. Why do you think SOPA is going to block a blog critical of SOPA? Give me a good argument.
      A piece of history, the case of – a Finnish website poking holes into the secret blocklist of “child porn” sites. Different country (even one that seems to be more free than the US), different year, different pretense, same principle.
      Do you really think SOPA won’t be abused in the same way?

    1. You might want to consider moving your servers out of the United States if you continue to do this. While they can still order your servers blocked under SOPA, they would be not able to prosecute you. 

      1. I’ve been thinking about it. Unfortunately, my contacts are in countries that are less friendly with their speech laws.
        It’s a good ideas anyways to keep some VPS services running outside the states in case you host files or discussion boards on the off chance someone says or posts content that the States doesn’t like.

    1. well, I hope you feel the same way about the Internet, modern encryption, and computers in general.

      Specifically when it comes to encryption, and more generally with any security technology, the DoD won’t use something it can easily defeat. The attitude is that if the DoD can break it, opposing forces might be able to as well. Especially if classified details or analysis of said technology were to leak. That NEVER happens, right?

      Case in point: IBM developed DES and the NSA requested changes. The changes were public but the reason was classified. It turns out the NSA’s work on DES was not to introduce a backdoor, rather they found a weakness and fixed it. Still, the NSA kept their analysis of DES classified for so long because they weren’t sure there weren’t other weaknesses… and more than likely they were using DES as it was the best available crypto at the time.

  5. Well, I can’t see any harm in making all your high level internet users into criminals.  Why, if hacking becomes the only way to get to a free & uncensored internet, I’m sure that won’t make more people start…doing it!  I mean, I don’t use Tor now, but if I had to use Tor…well, I’m sure I would stop, especially if it might be illegal.  I mean, who needs rights, when you can just surrender them for no reason?*

    *sorry, I don’t think what I’m saying makes sense; too much sarcasm & anger.

    1. The only applies to the PROVIDERS of such services, and NOT the USERS. You would not be breaking the law using Tor, but the providers of Tor and Tor servers would be breaking the law.

      1. Good call. I would only then be DEFINITELY NOT donating dollars to them as an organization fighting oppressive regimes in favor of free speech. NO WAY would that happen.

      2. Good call. I would only then be DEFINITELY NOT donating dollars to them as an organization fighting oppressive regimes in favor of free speech. NO WAY would that happen.

      3. I do expect the next step to be the government passing laws like they have in Oman and Pakistan requiring a “VPN Licence”, even to connect to a VPN at your workplace. The Feds will eventually get tired of playing “whac a mole” trying to shut down VPN and other proxy providers, that I think laws requiring VPN licensing, like those in Oman and Pakistan, will be the next step.

        As the government shuts down foreign VPN providers, more will pop up in their place, and the Feds will eventually get tired of playing whac-a-mole trying to shut them down.

        I expect those VPN laws to possibly be introduced in 2013 or 2014.  

        1. And that will be a boom day for OpenVPN, as that thing can work inside a regular-looking SSL-encrypted TCP connection. (Or a UDP connection – a bit faster and sometimes a bit more hairy to setup.) It works for setting up VPNs even for Comcast, where “regular” IPsec-based VPNs are (or were?) blocked on non-business accounts.

          In principle, a VPN requires some sort of sufficiently fast bidirectional connection. And IP tunnelling can be done through next to everything, including DNS requests or ICMP packets. I can imagine a protocol using low-bandwidth non-filterable connection type for negotiation of a higher-bandwidth VPN-like one.

          I expect such laws to be introduced, and to be vague, impotent and entirely unenforceable.

  6. “SOPA bans Tor…” “…is likely illegal” These are two different situations. It’s exaggerations like this that pop holes in your arguments and destroy your credibility time and again.

    1. It’s not an exaggeration to examine (and expect) the worst-case scenario.  Governments have a habit of doing whatever their citizenry will let them get away with.

      1. Actually, it is an exaggeration because the fact is that this is possible, not the current reality… and that’s why it’s bad/sensationalistic journalism. 

  7. So it’s sounds like now is the time to set up a lot more Tor nodes, wouldn’t you say? Critical mass is a powerful tool.

    I want a Tor node virus. All those grannies with brand new boxes they just use for email that are terribly firewalled should be clicking on attachments from their clever grandkids and suddenly, poof, the network spreads.

    Really, though, it’s one more attempt for scared little people to put the genie back. The larger the ratio of genie to bottle, the less luck they’ve have. And when half the Internet is running dark and peer-to-peer, well, let’s say I don’t like their odds.

  8. Tor is not anonymous at the edges of the network. Plus, for bitTorrent, it is possible to find identity within the network. I think Bram Cohen said as much at the RightsCon conference. 

    While onion networks provide deniability, that only works if the potential attacker cares. What if a pedophile request exits the network through my node? Am I aiding and abetting that pedophile’s deniability? Decisions in the 90’s would say no; pure carriers are not responsible for the content. SOPA’s premise makes that a “maybe”.

  9. SOPA makes provision for punishing Americans who contribute expertise to projects that can be used to defeat its censorship regime

    Hmmm.. the entire Internet infrastructure can, indeed, be used to defeat censorship.  I guess SOPA, in essence, bans the entire Internet.

    Oh well, no more Internet because of greedy, idiotic, fucktard corporatists…

  10. Some of you are dismissing the concerns about Tor being banned because of the language in the legislation. I think you’re being naive. The law doesn’t have to make things like Tor illegal to bring them down. All it has to do is to open them up to litigation. If, under SOPA, some organization with deep pockets can go to court to allege that Tor is in violation of the law, that alone could kill it. The mere cost of defending oneself in court is often enough to destroy something. The risk of prosecution is often enough to cause people to avoid doing something, even if it is probably legal. And if the thing goes to court, the court may issue an injunction against it until the case is decided, which would also kill it.

  11. 1.)  Its yet another badly crafted law, creating chilling effects to solve a problem that could be addressed by currently existing law.

    2.) Has anyone considered the theory/rant from about how the media giants promoted the spread of piracy tools (since post napster)?  Limewire, Kazaa, Bittorrent, all distributed almost exclusively on affiliate sites owned by SOPA supporters.

  12. Someone pointed this article out to me on G+.  

    I was the founding executive director of Tor.  We’d been discussing this on Stanford’s Liberation Technology listserv today, and I quoted the current execdir’s response from those public discussions:

    Andrew Lewman, the current executive director of The Tor Project, commented on a public listserv, in relation to the BB cited CNET article and a Chilling Effects blog article which Declan quotes on CNET:


    If Tor was marketed as a way to explicitly defeat the SOPA provisions, if SOPA is passed as is, and if the US Attorney General’s office comes after Tor for specifically marketing Tor as a way to defeat the DNS censorship of a blocked url in the US, then perhaps Declan is correct.

    Even Wendy’s blog post mentioned in Declan’s blog post is full of ‘could’ and ‘if’ statements. I take Declan’s post with a huge grain of salt.

    In some bizarre world where the First Amendment of the US Constitution is gutted, then Tor falling under SOPA is the least of our concerns.


    back to my comments:

    It’s probably true that the set of people who care about the future of Tor and the set of people who think that SOPA sucks have a nearly 100% overlap for a huge number of reasons. 

    If you care about these things and you live in the US and you aren’t kicking your congressional delegation’s butts on this bill — what are you, dead? And if you live outside the US, and you care about these things, and you know people in the US who are not calling their congressional delegation about SOPA — educate them, and raise them from the dead.

    We have enough zombies, we don’t need a further apocalypse in our civil liberties.If they don’t call their congressional delegation to protect their civil liberties, make them listen to this.

    (the civil liberties rickroll)

Comments are closed.