Latest news of the domain name industry

Recent Posts

VeriSign’s .com takedown power grab causing controversy

Kevin Murphy, October 11, 2011, Domain Policy

VeriSign’s request for a wide-ranging set of powers that would enable it to shut down .com and .net domain names that are suspected of abuse is already attracting criticism.

The proposals came in a Registry Services Evaluation Process request to ICANN that I reported on for The Register this morning.

It’s asking (pdf) to be able to create a new anti-abuse policy that would refocus many of the controls currently in the hands of registrars to the registry level instead.

The policy would “allow the denial, cancellation or transfer” of any VeriSign-managed domain if any any of these conditions were triggered:

(a) to protect the integrity, security and stability of the DNS;

(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;

(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;

(d) per the terms of the registration agreement,

(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),

(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),

(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or

(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;

As you can see, that’s a pretty broad range of justifications.

Notably, it would enable a domain to be canceled or transferred at the “requests of law enforcement or other governmental or quasi-governmental agency”, which would seem to circumvent the current practice of a court order being obtained before a domain is seized.

The question of what constitutes a “quasi-governmental agency” is also interesting. Is ICANN itself such a thing?

The policy would also enable a take-down “to avoid any liability, civil or criminal”, which seems to be just begging for VeriSign to be named spuriously in commercial lawsuits between .com registrants.

The RSEP also suggests that VeriSign plans to extend its hand of friendship to law enforcement agencies from outside the US:

Pilots with European Law Enforcement, Government CERTS and Registrars are planned, and other global test pilots will follow, to ensure global collaboration in the continuing development of the procedures.

Today, US agencies can get court orders instructing VeriSign to hand over domains. While imposing US law on .com owners from other countries is controversial, at least overseas registrants know where they stand.

Now VeriSign is talking about cooperating with European law enforcement agencies too.

At the risk of getting dangerously close to invoking Godwin’s Law, this brings us back to an old jurisdictional problem – what if the French police demand the seizure of a .com site selling Nazi memorabilia, which is illegal in France but legal in the US, for example?

Taking it a step further, what if VeriSign starts entertaining takedown requests from some of the world’s least pleasant theocracies, banana republics and dictatorships?

Half of .com could disappear overnight.

Since VeriSign has a business to run, that’s obviously not going to happen. So the company is going to have to draw a line somewhere, separating criminality from legitimate behavior and free speech.

I’m speculating wildly here, of course, but the RSEP doesn’t contain nearly enough detailed information about VeriSign’s proposed procedures to make a more informed analysis.

VeriSign knows what it is proposing is controversial. The RSEP says:

Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone.

The proposals have been made following many months of discussions between registries, registrars, law enforcement agencies and other community stakeholders.

It’s not entirely clear from VeriSign’s RSEP, which sometimes confusingly conflates the abuse policy with a separate proposed malware scanning service, how a takedown notice would be processed.

One likely reading is that VeriSign would act almost like a centralized clearinghouse for takedown requests, forwarding them to individual registrars for enforcement.

The registrars could be obliged by the terms of an amended Registry-Registrar Agreement to follow whatever process had been laid down.

There seems to be some concern in the ICANN community about this.

ICANN senior VP of stakeholder relations Kurt Pritz recently sent a document to PIR’s David Maher and Oversee.net’s Mason Cole outlining the procedure for amending the RRA.

The flowchart (pdf) describes a trilateral negotiation between the registry proposing the change, the Registrars Stakeholder Group and ICANN, with the ICANN board having the ultimate decision-making authority.

However this proceeds through ICANN, it’s going to cause some heated community debate.

Buy a .com in England, go to jail in America?

Kevin Murphy, July 5, 2011, Domain Policy

People who register .com or .net domain names to conduct illegal activity risk extradition to the United States because the domains are managed by an American company.

That’s the startling line reportedly coming from the Immigration and Customs Enforcement agency, which is trying to have the British operator of TVShack.net shipped out to stand trial in the US.

According to reports, 22-year-old student Richard O’Dwyer is fighting extradition to face charges of criminal copyright infringement.

ICE assistant deputy director Erik Barnett told The Guardian that any overseas web site using a .com or .net address to spread pirated material is a legitimate target for prosecution in the States.

The agency has already started shutting down .com and .net sites by seizing their domains, even if the sites in question had been found legal in their own overseas jurisdictions.

It does so by serving a court order to VeriSign, the registry manager, which is based in Virginia. The company is of course obliged to obey the order.

TVShack.net provided links to bootleg movies and TV shows, rather than hosting the content itself. It appears to be a matter of some confusion in the UK whether that behavior is actually illegal or not.

The site reportedly was hosted outside the US, and O’Dwyer never visited the US. The only link was the domain name.

I’m British, but DI is a .com, so I’d like to exercise my (presumed conferred) First Amendment rights to call this scenario utterly insane.

The issue of legal jurisdiction, incidentally, is one that potential new gTLD applicants need to keep in mind when selecting a back-end registry services provider.

Most incumbent providers are based in the US, and while we’ve seen plenty of upstarts emerge in Europe, Asia and Australia, some of those nations sometimes have pretty crazy laws too.

Feds did not seize conspiracy domain

Kevin Murphy, June 9, 2011, Domain Policy

I reported earlier in the week that the US Immigration and Customs Enforcement agency had seized a domain name belonging to an anti-vaccine conspiracy theorist.

It seems I may have jumped the gun. The seizure of lowellsfacts.com almost certainly didn’t happen.

Ars Technica called up ICE for the affidavit used to win the court order to seize the domain, and received this statement from an apparently baffled press officer:

ICE has not taken any enforcement action against this site. The site owner/administration redirected www.lowellsfacts.com to our name server, where the seizure banner is hosted.

If this is true, it seems that any idiot can change their name servers to ns1.seizedservers.com and ns2.seizedservers.com and ICE will happily serve up a warning about copyright infringement without even checking whether the domain has actually been seized.

While the lowellsfacts.com case did seem odd, I had assumed that ICE was doing some basic domain verification before displaying its increasingly infamous banner.

This was not an unreasonable assumption – previously, domains seized due to child pornography have displayed a different banner to those involvement with counterfeiting.

There is some code on the site checking the incoming domains before displaying the banner, in other words, apparently just not enough to stop the wave of spoof seizures we’re now likely to see.

Feds seize conspiracy theorist’s domain

Kevin Murphy, June 7, 2011, Domain Policy

The US Immigration and Customs Enforcement agency has seized the domain name of an anti-vaccine conspiracy theorist.

Update: This story is probably bogus.

The domain lowellsfacts.com has started resolving to the now-familiar ICE banner, warning visitors about the penalties for counterfeiting and copyright infringement.

Its name servers switched this week to ICE-owned seizedservers.com.

Judging from the Google cache, the site was devoted to spreading dangerous misinformation about the the efficacy of various vaccines, particularly Gardasil, which is used to prevent HPV infection.

Unlike previously seized domains, lowellsfacts.com does not, at least from the cache, appear to have been prominently pimping counterfeit goods.

It was registered using Go Daddy’s private registration service, but once belonged to one Lowell Hubbs.

You can listen to Hubbs’ theory about vaccines and the Rockerfellers on YouTube. He makes Jenny McCarthy look sensible. He was apparently a regular Huffington Post commenter.

A blog devoted to criticizing Hubbs and his theories can be found at lowellhubbs.blogspot.com and the reply to that blog, purportedly written by Hubbs, can be found, confusingly, at costnermatthews.blogspot.com.

The Hubbs’ blog claims the seized site had been hacked and filled with illegal porn links. His critic’s blog says he was likely shut down for using copyrighted material without permission.

Domain seizures can’t stop online drug pushers

Kevin Murphy, June 6, 2011, Domain Policy

Two US senators have reportedly asked the Drug Enforcement Agency to seize the domain name of Silk Road, a web site that lets drug users buy heroin and other narcotics online.

There’s just one problem: the site doesn’t have a domain name.

Silk Road is reportedly a bit like eBay, but for illegal drugs. You can buy ecstasy, marijuana, heroin and so forth, from actual dealers, using the peer-to-peer virtual currency Bitcoins.

This weekend, Sen. Charles Schumer and Sen. Joe Manchin wrote to the DEA to demand that the site’s domain name be seized, an increasingly popular tactic in law enforcement.

But Silk Road’s address is apparently ianxz6zefk72ulzz.onion, which is only accessible through the mostly anonymous TOR onion-routing P2P network.

As far as I can make out, there is no registry for .onion addresses – they’re cryptographic hashes of private keys known only to the registrant, which ensures almost-uniqueness without the need for a central repository.

In other words, seizing the domain is going to be impossible.

ICE seizes more piracy domains

Kevin Murphy, May 23, 2011, Domain Policy

The US Immigration and Customs Enforcement agency has seized a small number of domain names that were allegedly being used to distribute bootleg movies and other goods.

But the number of domains falling to Operation In Our Sites in the latest round appears to be smaller than reported over the weekend by TorrentFreak.

The newly seized domains seem to be watchnewfilms.com, mygolfaccessory.com and re1ease.net.

Another half-dozen domains reportedly grabbed within the last few days were actually seized last November, as part of ICE’s major Thanksgiving crackdown.

The false positives were likely spotted because the domains recently changed name servers to ICE’s seizedservers.com, but this appears to be due to a domain management issue, rather than a fresh seizure.

ICE domain seizures enter second phase

Kevin Murphy, April 20, 2011, Domain Policy

The US Immigration & Customs Enforcement agency seems to be consolidating its portfolio of seized domain names by transferring them to its own registrar account.

Many domains ICE recently seized at the registry level under Operation “In Our Sites” have, as of yesterday, started naming the agency as the official registrant in the Whois database.

ICE, part of the Department of Homeland Security, has collected over 100 domains, most of them .coms, as part of the anti-counterfeiting operation it kicked off with gusto last November.

The domains all allegedly either promoted counterfeit physical goods or offered links to bootleg digital content.

At a technical level, ICE originally assumed control of the domains by instructing registries such as VeriSign, the .com operator, to change the authoritative name servers for each domain to seizedservers.com.

All the domains pointed to that server, which is controlled by ICE, resolve to a web server displaying the same image:

ICE seized domains banner

(The banner, incidentally, appears to have been updated this month. If clicked, it now sends visitors to this anti-piracy public service announcement hosted at YouTube.)

Until this week, the Whois record associated with each domain continued to list the original registrant – a great many of them apparently Chinese – but ICE now seems to be consolidating its portfolio.

As of yesterday, a sizable chunk — but by no means all — of the seized domains have been transferred to Network Solutions and now name ICE as the registrant in their Whois database records.

Rather than simply commandeering the domains, it appears that ICE now “owns” them too.

But ICE has already allowed one of its seizures to expire. The registration for silkscarf-shop.com expired in March, and it no longer points to seizedservers.com or displays the ICE piracy warning.

The domain is now listed in Redemption Period status, meaning it is starting along the road to ultimately dropping and becoming available for registration again.

Interestingly, most of the newly moved domains appear to have been transferred into NetSol from original registrars based in China, such as HiChina, Xin Net and dns.com.cn.

After consulting with a few people more intimately familiar with the grubby innards of the inter-registrar transfer process than I am, I understand that the names could have been moved without the explicit intervention of either registrar, but that it would not be entirely unprecedented if the transfers had been handled manually under the authority of a court order.

If I find out for sure, I’ll provide an update.

Feds seize billion-dollar poker domains

Kevin Murphy, April 15, 2011, Domain Policy

Five domain names associated with online poker sites have been seized by the FBI as part of an investigation that has also seen 11 people indicted.

The principals of PokerStars, Absolute Poker and Full Tilt Poker, along with third-party “payment processors”, stand accused of engaging in a massive money laundering scheme in order to accept billions of dollars of payments from American gamblers in violation of US laws.

The charges carry possible maximum sentences of between five and 30 years in prison, along with substantial monetary fines. Two men have been arrested, a third is due to be arraigned, and the remainder are currently outside of the US, according to a press release (pdf).

The US Attorney for the Southern District of New York said five domain names have been seized by the FBI in connection with the prosecutions.

It’s not yet clear which domains have been seized.

From where I’m sitting in London, absolutepoker.com already shows an FBI warning banner, but pokerstars.com and fulltiltpoker.com both resolve normally. I may be receiving cached DNS data.

Blogger Elliot Silver, sitting behind a resolver on the other side of the pond, reports that ub.com is among the seized domains.

Unlike previous recent seizures, which were carried out by the US Immigration and Customs Enforcement agency, this time the FBI appears to be the responsible agency.

And this time, these aren’t two-bit file-sharing forums or Chinese knock-off merchandise sites, we’re talking about businesses that are perfectly legal in many jurisdictions, clearing billions in revenue.

But according to US Attorney’s charges, the companies carried out an elaborate plan to cover up the sources of their revenue through third parties and phoney bank accounts.

The companies are even alleged to have made multi-million dollar investments in failing banks in order to get them to turn a blind eye to the illicit gambling activities.

It appears that the FBI went straight to the .com registry, VeriSign, as some of the affected domains appear to be registered through UK-based corporate registrar Com Laude.

If you’re wondering whether this is yet another confirmation that all .com domains are subject to US jurisdiction, this is your takeaway sentence, from Manhattan US Attorney Preet Bharara:

Foreign firms that choose to operate in the United States are not free to flout the laws they don’t like simply because they can’t bear to be parted from their profits.

The suits seek $3 billion in allegedly ill-gotten gains to be returned.

Plug-in works around seized domains

Kevin Murphy, April 15, 2011, Domain Tech

Disgruntled coders have come up with a new Firefox plug-in to help people find piracy web sites after their domain names are seized by the authorities.

MAFIAA-Fire hooks into the browser, checking DNS queries against a list supplied by the developers, to see if the name corresponds to a seized domain.

If it does, the browser is redirected to an approved mirror. If it does not, the DNS query is handled as normal through the browser’s regular resolvers.

The plug-in was created in response to the seizure of domain names alleged to be involved in distributing bootleg movies, music and software.

The US Immigration and Customs Enforcement agency has been sending court-ordered take-down notices to US-based registry operators such as VeriSign for the last several months.

Some sites immediately relocate to top-level domains outside of US jurisdiction. MAFIAA-Fire is designed to make the process of finding these new sites easier.

As the plug-in site acknowledges, if any fraudulent data were to make its way onto its manually-authenticated list of domains, it could cause a security problem for end users.

MAFIAA stands for “Music and Film Industry Association of America”, a corruption of RIAA and MPAA. The “Fire” suffix comes from the fact that fire melts ICE.

The plug-in, which was first reported by TorrentFreak, is hosted at a .com address.

  • Page 2 of 2
  • <
  • 1
  • 2