Domain seizure just got even more scary.

Mar 18, 2012

I remember, once upon a time, when it was said by many that the Internet transcended mere political boundries. A user in the United States could chat with another user in France, read breaking news in Japan, and swap code with hackers in Iceland. Those were the times when it cost beaucoup to register your own domain; Network Solutions was the only game in town and you paid through the sinuses to own smartcards.com or energy-efficient-lanters.org. That began to change around 1999 or 2000 and now anybody with a couple of bucks to spare can register a domain in any of a few dozen top-level domains (save for a few that are run by governments) from a variety of registrars. Every registrar is accredited by ICANN, the Internet Corporation for Assigned Names and Numbers. ICANN is the entity that is in charge of coordinating the allocation of routable IP networks, the global DNS infrastructure, and which entities are blessed to provide domains that can be added to the aforementioned DNS infrastructure.

In recent years it's become more or less standard operating procedure for the US Department of Homeland Security to seize the domains of groups that they don't think should be on the Net. They've mostly been going after sites deemed to be offering pirated content but domains that don't have been caught in the crossfire as well. A few recent attempts to enshrine such activities in law were narrowly averted because of the risk of political censorship. Lately we've seen a cycle of same-bad-law-renamed-and-resubmitted start inside the DC Beltway, but that's not what has me concerned. What has me worried is that DHS has started to pull some dirty tricks to get domains that they can't legally go after taken down. Thus begins the saga of bodog.com.

When you purchase a domain through a registrar only that registrar can do anything to the domain in question. If you register foobar.net through name.com (which, so far, doesn't suck), godaddy.com (which does suck) can't just take over the registration for the domain. A transfer process has to be initiated on both registrars (by the entity that bought the domain) for the global records to be changed. bodog.com was an Internet gambling site based out of Canada but doing business with anyone anywhere on the Net who felt like placing some bets. In the state of Maryland, such betting is illegal but because bodog.com's computational infrastructure wasn't in the United States, Maryland law enforcement couldn't do anything about it. So, a federal warrant was issued in Maryland to Verisign, the company which is (among other things), responsible for the entire .com top-level domain as well as two of the thirteen root level nameservers of the whole Net. The federal warrant commanded Verisign to override the records for the registrar bodog.com was registered through with its own that lead to the now-familiar DoJ/DHS badge-and-legalese "this domain has been seized" graphic.

The scary thing is the utter disregard for jurisdiction in this instance; none of the parties in the US that were involved had any but they did it anyway. This means that DHS has decided that they can take down the domains of business entities that aren't based in the United States - and in fact are legal in the countries where they exist - just because. ICANN, which is supposed to be the arbiter of such things because they're at the root of, well, most of the infrastructure of the Net isn't saying a word about it. The implication of this action is that any .com (and by extension, .net or .org) domains are within the jurisdiction of the United States even if those entities aren't based in the United States. When last I checked, USian law enforcement couldn't just waltz into another country without a lot of red tape and bureaucratic negotiation to do stuff, so by extension USian LEOs can't interfere in the operation of legitimate businesses that are based out of other countries, so this has a lot of people in the domain registration and DNS operation worlds concerned. If a net.gambling site can be taken down so readily, at what point will this power be abused? When will political activism sites be targeted by people who happen to have lots of money (and thus, power, for the two are inextricably linked whether or not we like to admit it) because might be a future problem? The FBI already monitors people whom they think might be a problem, and local police do it, so why not DHS?

The logical response, and the one already being applied by some sites today is to register domains that are part of other countries' TLDs which are out of USian jurisdiction (for the moment). If .com sites are fair game, then .cc, .cx and the others probably aren't (for now, anyway). Some groups are starting to do just that in the hopes of avoiding net.censorship power plays. bodog.com is gone but bodog.ca is still up, running, and doing business. How long that will continue to work remains to be seen. Whether or not having a non-USian TLD while still hosting in the US will be of any help remains to be seen because hosting providers in the US can still be commanded to take sites down. It is believed certain that, because ICANN is a USian entity more and more registrars will be leaned on to take domains down as part of international contract enforcement laws, vis a vis, organizations around the world that are in legal relationships with ICANN have to do what ICANN tells them because ICANN has to do what the US government tells them. A document recently penned by ICANN, 22 domain registries, and over 700 accredited domain registrars contains a recommendation that domain registrars be held liable for criminal negligence if they allow the purchase of domains involved in criminal activity ('criminal activity' does not seem to be defined in the recommendation).

In closing, some pretty scary things seem to be on the horizon. Some are calling this an act of economic warfare, possibly the second of its kind (the first being the financial blockade of Wikileaks, an act unprecedented in the information age). If a business entity in Canada can have its net.presence knocked down (rendering it unreachable, and thus unable to transact business) by US law enforcement, when will other business entities come under fire? The US is all hot and bothered about keeping this country an economic powerhouse because what were once considered third world countries are beginning to bootstrap themselves into industrial and post-industrial ecnonomies (note: the implications of economic, corporate, and industrial espionage inherent in my statement will not be addressed in this article; suffice it to say that it is my somewhat educated opinion that foreign nationals educated in the United States who then returned to their home countries to do business are also part of this phenomenon, not to say that espionage isn't). I don't know how likely this is, but is possible that such measures may be employed in the future to knock some perceived competitors down a few notches. It's pretty common inside the Beltway to hear figures about how much money is lost from the US economy every year due to espionage. The last figure I heard (last week, in fact) was that over one trillion US dollars of damage is done by economic espionage to the US economy every year. Other figures put it between two billion and 400 billion US dollars. A couple of Google searches turned up some unclassified reports written by the Office of the National Counter-Intelligence Executive, but none of them seem to have any hard figures on losses and damages incurred by the US. Regardless, when figures involving more than three consecutive zeroes on the left side of the decimal point turn up in conversation, it's a safe bet that the kid gloves came off a while ago and we're just now finding out about it.