Law enforcement agencies are not happy with the proposed 2013 Registrar Accreditation Agreement, saying it doesn’t go far enough to help them catch online bad guys.
Europol and the FBI told ICANN’s Governmental Advisory Committee yesterday that people need to have their full identities verified before they’re allowed to register domain names.
They added that new gTLDs shouldn’t be allowed to launch until a tougher RAA is agreed to and signed by registrars.
The draft 2013 RAA would force registrars to validate their customers’ email addresses or phone numbers after selling them a domain, but law enforcement thinks this is not enough.
“We need a bit more in this area,” Troels Oerting, head of Europol’s European Cybercrime Centre, told the GAC during a Sunday session. “We need a bit more to be verified in addition to the phone or email.”
“It’s very, very important that we are able to identify perpetrators able, to identify the originators, and it’s not enough that you just put in the email or phone,” he said.
He added that there should also be re-verification procedures and ongoing compliance monitoring from ICANN, and said that only registrars signing the 2013 RAA should be allowed to sell new gTLD domains.
Europol has sent a letter to ICANN (not yet published, it seems) outlining four areas it wants to see the RAA “improved”, Oerting said.
Given that many GAC members, including the US, seem to support this position, it’s yet another threat to ICANN’s new gTLD launch timetable, not to mention privacy and anonymous speech in general.
The law enforcement recommendations are not new, of course. They’ve been in play and GAC-endorsed for many years, but were watered down during ICANN’s RAA talks with registrars.
At least three of the European domain names seized in this year’s batch of Cyber Monday anti-counterfeiting law enforcement are now pointing to servers controlled by the US government.
We’ve found that chaussuresfoot.be, chaussurevogue.eu and eshopreplica.eu are now hosted on the same IP addresses as SeizedServers.com, the US Immigration and Customs Enforcement site.
But the three domains, believed to be among the 132 grabbed ahead of this year’s online shopping rush, display warnings incorporating the logos of multiple European law enforcement agencies.
While domains in .dk, .fr, .ro and .uk were also targeted by this year’s transatlantic crackdown, none appear to be using SeizedServers.com.
According to an ICE press release yesterday, this was the first year that Operation In Our Sites, which kicked off at this time in 2010, has included overseas law enforcement.
The partnership, coordinated between ICE and Europol, was code-named Project Transatlantic.