Police .uk domain takedowns dive in 2023
The number of .uk domain names taken down as a result of requests from law enforcement shrank substantially last year, according to the latest stats from Nominet.
The registry said today that it suspended 1,193 domains in the 12 months to October 31, down from 2,106 in the previous period. It’s a record low since Nominet started tracking the data, for the second year in a row.
As usual, alleged intellectual property violations were the biggest cause of action. The Police Intellectual Property Crime Unit had 717 names taken down, with the National Fraud Intelligence Bureau suspending 321 and the Financial Conduct Authority 116.
While police takedowns were low, domains suspended by Nominet’s proactive Domain Watch anti-phishing technology were up about 20%, from 5,005 to 5,911. Nominet said this is because the tech, which flags possible phishing domains for human review at point of registration, is getting better.
The number of domains suspended because they appeared on threat feeds doubled, from 1,108 in the 2022 period to 2,230 last year, the company said.
Cybersquatting cases in .uk have also been declining, Nominet reported earlier this month.
While correlation does not equal causation, it might be worth noting that .uk registrations overall have been on the decline for some time. There were 10.68 million .uk domains at the end of January, down from 11.04 million a year earlier.
Worried about governments seizing .com domains? Too late
Language proposed for Verisign’s .net registry contract that some say would give governments the ability to arbitrarily seize domains is already present in the company’s .com contract.
As I reported earlier this month, the .net Registry Agreement is up for renewal and ICANN has opened up some largely uncontroversial proposed changes for public comment.
ICANN has received two comments so far, both of which refer to what one commenter called the “outrageous and dangerous” proposed changes to Verisign’s .net Registry-Registrar Agreement.
The RRA is the contract all accredited registrars must agree to when they sign up to sell domains in a given TLD. For ICANN, it’s a way to vicariously enforce policy on registrants via registrars via registries.
Unsimply put, the RA instructs Verisign to have an RRA with its registrars that tells them what rules their registrants have to agree to when they buy a domain name.
The new language causing the consternation is:
Verisign reserves the right to deny, cancel, redirect or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, as it deems necessary, in its unlimited and sole discretion:
…
to ensure compliance with applicable law, government rules or regulations, or pursuant to any legal order or subpoena of any government, administrative or governmental authority, or court of competent jurisdiction
One commenter states “this proposed agreement would allow any government in the world to cancel, redirect or transfer to their control applicable domain names”, adding “presumably ICANN staff and Verisign would want to also apply it to other extensions like .COM as those contracts come up for renewal”.
In fact, it’s the other way around. The exact same language has been present in Verisign’s .com contract for over three years, a change to Appendix 8a (pdf) that went largely unnoticed when thousands of commenters were instead complaining about the removal of price caps and fretting about the rise of Covid-19 around the world.
For those worried about the new .net language making it into the .com contract one day — worry not! It’s already there.
“Criminal” domain suspensions drop again in .uk but thousands of pandemic domains frozen
Nominet suspended thousands fewer suspected criminal domains in 2020 than last year, according to the registry’s latest annual update.
For the 12 months to the end of October, Nominet took down 22,158 domains, is down from 28,937 in the year-ago period.
As usual, suspected intellectual property crime made up almost all the takedowns — the Police Intellectual Property Crime Unit was behind 21,632 requests, down from 28,606.
Notably, despite the reported uptick in scams related to the coronavirus pandemic, the Medicines and Healthcare Products Regulatory Agency made just 13 takedown requests, down from 31.
This is perhaps due to Nominet taking a proactive approach, putting domains containing certain related keywords on hold at the point of registration. It froze 3,811 such domains this year, later releasing 1,568.
Eight domains were suspended for criminal activity related to Covid-19, the company said.
There were no suspensions related to banned “rape” domains, despite over a thousand new registrations being flagged for manual review. Nor were there any takedowns of domains hosting child sexual abuse material.
It’s the second year in a row that suspensions have been down. In the 2017/18 period Nominet took down 32,813 domains.
EURid suspends and delays thousands of coronavirus domains
Thousands of .eu domains containing words related to the coronavirus pandemic have either been suspended or frozen due to suspicions the registrants may have been up to no good, EURid reported this week.
The company started scanning new and recent registrations for these keywords at the start of April.
It found 3,489 such domains registered in the first quarter, and it suspended 1,709 of them because the registrant failed to verify their identity and confirm that the registration was made in good faith.
From April to the end of September, 4,656 domains triggered the system and were delayed from going live until EURid carried out its checks. Only a quarter of these names have so far passed the checks, EURid said.
While there are many legit sites providing pandemic-related information, the high-profile disease has also attracted many fraudsters.
Nominet to intercept dangerous coronavirus domains
Nominet, the .uk registry, will start providing informational landing pages when it suspends domains for criminal behavior including coronavirus-related scams.
The company already suspends tens of thousands of domains every year at the request of law enforcement agencies.
The vast majority are related to intellectual property infringement such as counterfitting and piracy. A substantially smaller number are suspended due to the sale of fake pharmaceuticals.
Rather than Nominet suspending these domains, stopping them resolving, they will now instead resolve to landing pages “providing consumer advice and education”.
It’s similar to how the FBI handles domains it has seized during criminal investigations in the US, but Nominet says it’s the first example in the world of such a program being rolled out by a registry.
The first LEAs taking part in the program are the Medicines and Healthcare Products Regulatory Agency and the City of London’s Police Intellectual Property Crime Unit.
While Nominet pitched the news as coronavirus-related, the timing appears to be coincidental.
The company first announced its landing page plan last October, when it was opened to public consultation.
A MHRA spokesperson said in a Nominet press release that suspended domains will redirect to its “#fakemeds website”, which currently has a great deal to say about penis pills but nothing at all to say about coronavirus.
Criminal .uk suspensions down this year
Nominet suspended fewer .uk domain names due to reports of criminality in the last 12 months that in did in the prior period.
The registry said last week that is suspended 28,937 domains in the year to the end of October, down from 32,813 in the 2018 period.
That’s 0.22% of all .uk names, Nominet said.
As usual, complaints about intellectual property infringement — filed by copyright owners to the IP cops and handed to Nominet — account for the vast majority of takedowns, some 28,606 in the period.
The rest were suspended due to complaints about fraud, trading standards, financial conduct and healthcare products.
Only 16 requests were denied by Nominet, down from 114 in the previous year, and only five false-positive suspensions were reversed.
The controversial ban on “rape” domains resulted in 1,600 new regs getting automatically flagged, but zero getting suspended.
There were no requests from the Internet Watch Foundation to take down child sexual abuse material.
Nominet’s newish automated anti-phishing system, which uses pattern recognition to flag potential phishing domains at point of registration, saw 2,668 domains suspended before going live, of which 274 were released after the registrant passed due diligence checks.
Nominet takes down 32,000 domains for IP infringement
The number of .uk domains suspended by Nominet has doubled over the last year, almost entirely due to takedown requests concerning intellectual property.
The .uk registry said this week that it suspended 32,813 domains in the 12 months to October 31, up from 16,632 in the year-ago period.
It’s the fourth year in a row that the number of suspensions has more than doubled. In 2014, it was a paltry 948.
While Nominet has trusted notifier relationships with 10 law enforcement agencies, it’s the Police Intellectual Property Crimes Unit that is responsible for almost all of the takedown requests, 32,669 this year.
No court order or judicial review is required. Nominet simply carries out unspecified “administrative checks” then suspends the domain.
Only 114 domains did not make the cut this year, Nominet said, but that’s up considerably from 32 last year.
There’s an appeals mechanism that can be used by registrants to restore their domains, for example if they’ve removed the infringing content. It was used successfully 16 times in the year, up by one on last year.
The registry also reported that no domains were suspended due to its ban on incitement-to-rape domains, down from two last year, but that staff had to manually review 2,717 new registrations containing suspect strings.
Cops tell Nominet to yank 16,000 domains, Nominet complies
Nominet suspended over 16,000 .uk domain names at the request of law enforcement agencies in the last year.
The registry yanked 16,632 domains in the 12 months to October 31, more than double the 8,049 it suspended in the year-earlier period.
The 2016 number was in turn more than double the 2015 number. The 2017 total is more than 16 times the number of suspended domains in 2014, the first year in which Nominet established this cozy relationship with the police.
The large majority of names — 13,616 — were suspended at the request of the Police Intellectual Property Crime Unit. Another 2,781 were taken down on the instruction of National Fraud Intelligence Bureau.
Nominet has over 12 million .uk domains under management, so 16,000 names is barely a blip on the radar overall.
But the fact that police can have domains taken down in .uk with barely any friction does not appear to be acting as a deterrent to bad actors when they choose their TLD.
The registry said that just 15 suspensions were reversed — which requires the consent of the reporting law enforcement agency — during the period. That’s basically flat on 2016.
“A suspension is reversed if the offending behavior has stopped and the enforcing agency has since confirmed that the suspension can be lifted,” the company said.
The company does not publish data on how many registrants requested a reversal and didn’t get one, nor does it publish any of the affected domains, so we have no way of knowing whether there’s any ambiguity or overreach in the types of domains the police more or less unilaterally have taken down.
It seems that the only reasons suspension requests do not result in suspensions are when domains have already been suspended or have already been transferred to an IP rights holder by court order. There were 32 of those in the last 12 months, half 2016 levels.
The separate, ludicrously onerous preemptive ban on domains that appear to encourage sexual violence resulted in just two suspensions in the last year, bringing the total new domains suspended under the rule since 2014 to just six.
Some poor bugger at Nominet had to trawl through 3,410 new registrations containing strings such as “rape” in 2017 to achieve that result, up from 2,407 last year.
Nominet suspends over 8,000 “criminal” domains as IP complaints double
Police claims of intellectual property infringement led to the number of .uk domains suspended doubling in 2016, according to Nominet.
Statistics released today show that the .uk registry suspended 8,049 domains in the 12 months to October 31, compared to 3,889 in the year-ago period.
It’s an almost tenfold increase on 2014, when just 948 domains were taken down.
Nominet suspends domains when law enforcement agencies tell it the domains are being used in crime. No court order is required and Nominet rarely refuses a request.
Registrants can have the suspension lifted if they can show to law enforcement that the allegedly criminal behavior has stopped.
The vast majority of the complaints in 2016 again came from the Police Intellectual Property Crime Unit, which asked for and got 7,617 names suspended.
Just 13 suspensions were reversed, Nominet said. Most of these were due to sites selling so-called “legal highs” being slow to respond to a change in the law.
The controversial ban on “rape” domains resulted in just one suspension among the 2,407 domains automatically flagged for containing rapey substrings.
Nominet published the following infographic with more stats:
Black Ice suspended by ICANN
A small Israeli registrar has had its registrar accreditation suspended by ICANN.
Black Ice domains, which has a few thousand .com and .net domains under management, failed to comply with an ICANN audit and was overdue on its fees by over $5,000, according to the ICANN notice (pdf).
It won’t be allowed to sell gTLD domains or accept inbound transfers from December 19 to March 18, and may be terminated if it fails to come back into compliance.
The registrar is the fourth to have its accreditation suspended by ICANN in 2014. The organization has terminated a further seven registrars, down on the 11 terminated in the whole of 2013.
Recent Comments