Section 230 Protects Tor Project from Liability for Tragic Drug Overdose–Seaver v. Estate of Cazes

This case involves the tragic death of a 13 year old boy from ingesting an illegal opioid (U-47700) he bought via the dark web. Allegedly, the boy used a Tor browser to find and purchase the drug. Among other defendants, the parents sued the Tor Project for its role in the transaction.

The court is bound by the 10th Circuit’s Section 230 precedent, which includes the Ben Ezra Weinstein v. AOL, FTC v. Accusearch, and Silver v. Quora. Though the Accusearch ruling arguably remains the most plaintiff-friendly Section 230 ruling on the books, the Section 230 analysis is straightforward:

* provider of ICS: Tor “enables computer access by multiple users to computer servers via its Tor Browser.”

* publisher/speaker claim: “Plaintiff seeks to hold Tor liable for information regarding the illicit drug U-47700 that G.S. was able to access through the Tor Browser”

* third-party content: “the content that provides the basis for liability here—information regarding U-47700 and the ability to purchase it on the dark web—was not created by Tor.”

The court’s conclusion: “All of Plaintiff’s claims are state law causes of action that would hold Tor, an internet service provider, liable for information originating with a third party. Those claims are barred by the CDA.”

This ruling joins other rulings (uncited in this opinion) that have found Section 230 applies to claims over deaths from illegal drugs purchased online. See Dyroff v. Ultimate Software (the 9th Circuit oral argument is scheduled for early June in Seattle) and Witkoff v. Topix,

There’s been some chatter about an opioid exception to Section 230, but what exactly should Tor have done differently here? As far as I can tell, exposing Tor to liability for its function as browser software would end Tor–and possibly all other browser software as well, because they too can be used to engage in online illegality. I hope the parents find the justice they seek, but the browser software provider was never the right defendant.

While the Section 230 news is good, the case has an unfortunate jurisdiction ruling. The judge seems perplexed by Tor, saying:

The court is presented with a unique issue here, because the very essence of Tor’s business is privacy and anonymity. Tor’s network relies on volunteers who download its product nationwide to operate effectively, but the court does not have before it specific data about those users or the exact number of users in Utah. However, as Plaintiff observed, given the volume of users Tor claims to have, the number of Tor users in Utah is likely to be between 3,000 and 4,000 each day.

Though the court doesn’t mention the old Zippo precedent, the court engages in an analogous and very old-school “sliding-scale” analysis using the 10th Circuit Shrader v. Biddinger precedent:

Tor is a uniquely interactive and commercial website. In order to use the service, a user must download the Tor browser. Many Tor users actually become part of the service by accepting Tor’s invitation to run a relay in order to help the network grow. Tor also enables a large set of commercial transactions on the dark web that would otherwise not be possible. Plaintiff has set forth substantial evidence to support the assumption that many of these transactions and relays are occurring in Utah on a daily basis. The court finds that Plaintiff has provided sufficient evidence to set forth a prima facie showing that Tor maintains continuous and systematic contacts in the state of Utah so as to satisfy the general jurisdiction standard. The court also finds that the exercise of jurisdiction would not offend traditional notions of fair play and substantial justice.

WTF? The court apparently says that Tor is subject to general jurisdiction everywhere that its users engage in dark web transactions…even if it’s a guess about how many, because no one can quantify the number of transaction or the number of Utah-based Tor users. Read literally, this says every browser software manufacturer is subject to general jurisdiction wherever their users engage in illegal transactions–which is everywhere. That isn’t the law. If the plaintiffs appeal the Section 230 ruling, I hope Tor cross-appeals the jurisdiction ruling.

Case citation: Seaver v. Estate of Cazes, 2019 WL 2176316 (D. Utah May 20, 2019)