Classification: NOT PROTECTIVELY MARKED
Dear Sir or Madam,
Re: Website domain name suspension request #2
On the 24th September 2013, EasyDNS Technologies was emailed a domain suspension request for the following domain(s) that to date we have not received a reply nor seen action taken:
[redacted].com [IP redacted]
The domain(s) continues to be accessible by members of the public and is still making illicit financial gains for the criminals operating it.
It would be appreciated if you would respond either positively or negatively to this request confirming if you will assist Police in preventing this ongoing crime.
The request came from The City of London (UK) Police Intellectual Property Crime Unit, and it had me thinking about this issue all morning, whether I should write anything about it, etc. It's a strongly worded email "The domain(s) continues to be accessible by members of the public and is still making illicit financial gains for the criminals operating it." Ok, what exactly makes the website operators criminals (the website in question is a bittorrent search engine, I don't even think they're hosting the torrent files locally).
It wasn't until I got to the office that I realized that there was a PDF attached to the email request, in it were further details/instructions:
- It referenced the section 126.96.36.199.3 of the ICANN RAA which states "accreditation as a Registrar can be terminated if the Registrar is found to have ‘permitted illegal activity in the registration or use of domain names’." (Although I cannot find this text in the current RAA)
- It requests that we freeze the whois record and permit no further changes to it.
- It directs us to redirect the DNS for the domain to 188.8.131.52
- It "reserves the right" to refer the matter to ICANN
After I read the attached order I realized I had to post because this opens all kinds of thorny philosophical issues which we've been talking about for years.
The lack of any semblance of due process when it comes to domain name takedowns.
Who decides what is illegal? What makes somebody a criminal? Given that the subtext of the request contains a threat to refer the matter to ICANN if we don't play along, this is a non-trivial question. Correct me if I'm wrong, but I always thought it was something that gets decided in a court of law, as opposed to "some guy on the internet" sending emails. While that's plenty reason enough for some registrars to take down domain names, it doesn't fly here.
We have an obligation to our customers and we are bound by our Registrar Accreditation Agreements not to make arbitrary changes to our customers settings without a valid FOA (Form of Authorization). To supersede that we need a legal basis. To get a legal basis something has to happen in court.
The request also suggests we look at the whois contact information for the domain (which looks perfectly valid) and go ahead and suspend the domain based on invalid whois data. Again, there's a process for that, you have to go through the ICANN Whois Inaccuracy Complaint process and most of the time that doesn't result in a takedown anyway.
What gets me about all of this is that the largest, most egregious perpetrators of online criminal activity right now are our own governments, spying on their own citizens, illegally wiretapping our own private communications and nobody cares, nobody will answer for it, it's just an out-of-scope conversation that is expected to blend into the overall background malaise of our ever increasing serfdom.
If I can't make various governments and law enforcement agencies get warrants or court orders before they crack my private communications then I can at least require a court order before I takedown my own customer.
Before anybody tells me "this is just some bittorrent domain, just take it down", remember what we said back in 2010: First They Came For the File Sharing Domains.
About a week after that was posted Senator Lieberman and friends went batshit crazy trying to take down wikileaks. Why? Egregious truth telling. Again, this is the entire point of due process it's there to keep us collectively away from the top end of the slippery slope.
Unfortunately, we're most of the way down that slope and into the mud of blatant mass online surveillance – the next phase will be concerted repression of inconvenient truth-tellers and facts.
- The Official easyDNS Takedown Policy
- First They Came For the Filesharing Domains
- Registrars that Complied with Shakedown Requests may now be in violation of ICANN policy
- We have initiated a Transfer Dispute Resolution Process against another registrar who has complied with these requests.
- Domains locked by City of London Police ordered transferred to easyDNS
We took a look at http://184.108.40.206/ – the IP address they wanted us to redirect all of this domain's traffic to.
In other words, they are ordering us to take down competing websites, with no legal basis, hijacking the traffic, and redirecting it to competing commercial services, all of which are based out of (guess where?) London, UK.
And here they are complaining about "profiting from illegal activity".
I've seen a few comments around the internet that this was so over-the-top wrong that it couldn't be real and was probably an elaborate phishing attempt.
I too suspected as much, so I looked at the headers before writing this post, it looks like the real deal:
X-Greylist: Passed host: 220.127.116.11
X-Greylist: Passed host: 18.104.22.168
Received: from mail.pnn.police.uk (mail.pnn.police.uk [22.214.171.124])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by c3po.easydns.com (Postfix) with ESMTP id 8720F8B7DB;
Tue, 8 Oct 2013 07:01:14 -0400 (EDT)
From: PIPCUantipiracy <PIPCUantipiracy@city-of-london.pnn.police.uk>
To: "'erol@[redacted]" <erol@[redacted]>
CC: "'markjr@[redacted]'" <markjr@[redacted]>
Subject: Website domain name suspension request #2 (NOT PROTECTIVELY MARKED)
Thread-Topic: Website domain name suspension request #2 (NOT PROTECTIVELY
Date: Tue, 8 Oct 2013 11:00:05 +0000
Accept-Language: en-GB, en-US
x-officeenforcer-classification: NOT PROTECTIVELY MARKED
X-OriginalArrivalTime: 08 Oct 2013 11:00:05.0750 (UTC) FILETIME=[8BB3D960:01CEC415]
X-ACL-Warn: X-Virus Scan: F-Secure 9
Looks like it really did originate from the London Police servers.
A friend emailed me and said that after reading this post, it wasn't crystal clear what we did about this or what our policy is. I've seen a couple comments (slashdot story here, etc) that seem to allude that the domain in question now points to the IP we mentioned.
So just to clarify:
1) We haven't taken down the domain.
2) We told them to get a court order.
Also, some people have observed that our own AUP mentions copyright infringement as grounds for termination. This is true and we have referred to it in the past in cases where the domain was actually hosting copyrighted material and refusing or ignoring legitimate takedown requests for that material.
That said, our AUP states clearly: What constitutes a violation of our AUP is at the sole discretion of easyDNS. I cannot possibly imagine who else should be the final arbiters of that. An AUP and ToS is an agreement between the customer and the service provider. It is not a mechanism for third-parties to shoehorn their whims into somebody else's affairs. If you want to do that, get a court order.
It also occurs to us that any registrars that did comply with these requests may now be in violation of the ICANN transfers policy if they don't let those domains transfer away.
We have initiated a Transfer Dispute Resolution Process against another registrar who has complied with these takedown requests and will not let 3 domains transfer-away to easyDNS.
It was a long haul, but the NAF panel found in our favor and ordered the three domains locked down at another registrar to be transferred to easyDNS.