As mentioned in our recent back-and-forth with the US FDA, we recently received the following Notice of Criminality from the City of London PIPCU:
Classification: NOT PROTECTIVELY MARKED
Dear Sir or Madam,
Notice of Criminality
[domain name redacted by easyDNS]
EASYDNS TECHNOLOGIES, INC.
Receipt of this email serves as notice that the aforementioned domain, managed by EASYDNS TECHNOLOGIES, INC. 28/03/2014 is being used to facilitate criminal activity, including offences under:
Fraud Act 2006
Copyright, Designs and Patents Act 1988
Serious Crime Act 2007
We respectfully request that EASYDNS TECHNOLOGIES, INC. give consideration to your ongoing business relationship with the owners/purchasers of the domain to avoid any future accusations of knowingly facilitating the movement of criminal funds.
Should you require any clarification please do not hesitate to make contact.
PIPCU Anti-Piracy | Operations | Police Intellectual Property Crime Unit | PIPCUantipiracy@cityoflondon.police.uk<PIPCUantipiracy@cityoflondon.police.uk > | Address: City of London Police Economic Crime Directorate, 21 New Street, London, EC2M 4TP | ü www.cityoflondon.police.uk<http://www.cityoflondon.police.uk/>
Once again, we are being asked to do (something, we're actually not sure what this time) based entirely on an allegation which has never been tested in a court of law and has been afforded absolutely zero "due process". (The domain in question is a search engine that hosts no content).
What it is we're being asked to do is, in our minds intentionally vague. If you recall, last time the PIPCU came around they wanted us to arbitrarily takedown domains purely on their edict, hijack said domains' traffic and reroute it to an IP address displaying advertisements for IP lobby approved business interests.
We think this time the intent is not to actually get the domain name taken down, but rather to build some sort of "case" (I won't call it legal, perhaps the better word would be "kafka-esque") that we, easyDNS by mere "Receipt of this email" are now knowingly allowing domains under management to be "used to facilitate criminal activity".
Thus, if we don't takedown the domains PIPCU want us to, when they want us to, then we may face accusations in the future (in their own words) "of knowingly facilitating the movement of criminal funds."
Which of course, we don't know at all because there has never even been a court case anywhere to test the PIPCU allegations. I know I never went to law school or anything, but in my mind, until that happens, that is all they are – allegations.
The Slippery Slope is a Road to Tyranny
In the past, when we've been sticklers for "due process" people would ask "why?" and we would respond that we were on a slippery slope and now that domain names were being taken down without it we were on our way to "rule by decree". It was a lot more abstract and hypothetical, but it did seem to be following the script laid out in "First They Came For The File Sharing Domains" that we wrote back in 2010.
Recent events made it all very real, when exigent circumstances prompted our co-operation with the FDA to take down a rogue pharmacy without a court order, and suddenly, very quickly that exact same FDA attempted to parlay that cooperation into further summary takedowns of a domain list that included completely legal websites operating here in Canada.
Let's Spell Out The Obvious
So let's sum up by stating the obvious and enumerating the reasons why domain registrars and DNS providers should not be counted upon by law enforcement and government agencies to summarily takedown domains without any semblance of due process:
- Innocent Until Proven Guilty Do we need to say it? It's a basic building block of modern "democrazies" (hah, typo, I think I'll leave it in) that our overlords cannot penalize us, deprive us of our property, liberty or basic freedoms absent some kind of legal process that finds us guilty of a crime.
- Conflicting Obligations The website the FDA wanted us to summarily takedown without a court order is a lawful Canadian business. If we take them down "because the nice man at the FDA asked us to" then we open ourselves to liability from our own clients. In the absence of a legal proceeding to take down a domain, we need to see clear violations of our ToS or AUP – otherwise, we can and will get sued by those we summarily takedown.
- Disruption Is Not A Crime As a failed musician I do have sympathy and understanding for how the new digital age challenges the existing business models. While I don't have any easy solutions for how content creators can adapt to the new realities, I do know that the way to do so is to embrace the new emergent paradigms, not fight them. The argument that file sharing hurts sales is far from undeniable fact, some studies have found the exact opposite. In any case, when a new model emerges it is always painful, but disruption is the price of innovation, not a crime.
- Registrars Rarely Go To Law School: Whenever a Registrar or DNS provider is asked (or commanded) to summarily takedown a domain name / website, one must understand that absent due process, and absent a deemed violation of the provider's own ToS by the provider itself, then the provider is then being tasked with adjudicating law.
In a larger sense, the these points can be extrapolated into two larger principles:
- The World Can Learn From Canada where the RCMP (particularly the highly clueful Tech Crimes Unit), and any other government agency who comes calling always has their paperwork in order, every time. You may notice that Canada, as a result of it's law enforcement and government agencies following due process, has not collapsed into a heap of post-apocalyptic lawlessness on account of the internet preventing the rule of law from prevailing.
- Finally, Enforce Your Laws in Your Jurisdiction Not Everywhere Else If it is illegal to import something, download something …(or think something) within your country then the LEA apparatus of said country should work toward enforcing the laws locally – that way the citizenry actually sees what is happening (and will hopefully stand up against it if it's egregiously over the line, much like how a public outcry staved off Bill C30 a.k.a. "Lawful Access" here in Canada).
I'm No Expert In "Defamation", but…
(…aside from being sued for not taking down an allegedly defamatory website) It seems to me… that if anybody (law enforcement or otherwise), got into the habit of emailing somebody's, anybody's vendors and business associates and repeatedly telling them that somebody was a criminal, and urged them to sever business ties with that entity in complete absence of proof or legal proceedings to back that up; that would seem a textbook definition of defamation or libel.
Further, hinting that failure to cooperate could result in adverse consequences such as i) being stripped of one's trade accreditation or ii) possibly being accused of a crime in the future, strikes me as coercive or an abuse of position on the part of PIPCU.
Free Webinar: The 7 Deadly Risks You Are Exposed To Through Your Domain Names
Reserve your spot today for Mark's upcoming O'Reilly Webcast where he deconstructs the 7 distinct types of risk that any organization is potentially vulnerable to by simple fact of having a domain name. Click here.