Archive

Archive for the ‘policy’ Category

Verisign domain takedown proposal very worrisome

October 11th, 2011 Comments off
The following post was originally published on the EasyDNS blog by entrepreneur Mark Jeftovic and was syndicated with his kind permission.
Under a proposed Verisign initiative, all .COM/.NET domains exist at the pleasure of the United States government.

Verisign just released an overview of their proposed “Anti-Abuse Domain Use Policy” Under ICANN’s Registry Services Evaluation Process. The program’s chief aim is to provide a takedown mechanism of malicious websites distributing malware. In itself, not a bad thing, considering some registrars are unresponsive toward abuse or network stability issues.

However, lumped in with the conditions under which Verisign can invoke their takedown capabilities are some troubling “add ons”, as quoted below:

The new anti-abuse policy, would be implemented though a change to the .com. ,net and .name Registry Registrar Agreements and would allow the denial, cancellation or transfer of any registration or transaction or the placement of any domain name on registry lock, hold or similar status as necessary:

(a) to protect the integrity, security and stability of the DNS;

(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental  agency, or any dispute resolution process;

(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;

(d) per the terms of the registration agreement,

(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),

(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),

(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or

(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;

The main problem here is Section (b), which let’s Verisign takedown any domain that is inimical toward a government “requirement” or at the “request” of a law enforcement or other governmental or quasi-governmental agency.

What does this mean?

It means domains can be taken down without judicial process and in the absence of any overt network abuse. I refer anybody who thinks the possibility of abuse of this policy is remote to the actions of Senate Committee on Homeland Security and Governmental Affairs Chairman Joe Lieberman,  last December regarding Wikileaks – an entity which has still never been charged with any offence in any jurisdiction and which continues to operate in a perfectly legal manner. (Lieberman called on “any company or organization that is hosting Wikileaks to immediately terminate its relationship with them.” – Which sounds like a “request” to me.)

What Wikileaks did was expose bad actions of the various governments themselves, some of those – illegal. It can be assumed that governments that are acting against the interests of their constituents or committing actual crimes have a “requirement” that everybody shuts up about it. Thus any whistleblower, journalist or egregious truth-teller using a domain under .com or .net to bringing light on issues such as these could find themselves with their domain unplugged under this policy.

In the case of Wikileaks, Lieberman’s staff telephoned various web services providers and demanded that they sever ties and cease providing services.  Next time all they would have to do is call Verisign and tell them that the government “requires” them to takedown their domain. (Of course, Wikileaks is under .org, not .com or .net, but next time it may not be Wikileaks. Maybe it’ll be Zerohedge. Maybe it’ll be easyDNS. Maybe it’ll be you.)

Under the proposed rules, it’s not just the government that could initiate takedowns but even “quasi” governmental agencies. What’s a quasi-governmental agency?  It’s a government created entity that undertakes commercial activities on behalf of the government. That would mean entities like Fannie Mae and Freddie Mac or the Federal Crop Insurance Corporation could takedown any .com or .net domain based on having a “requirement” or making a “request” to do so.

Section (c) is also troublesome: providing that Verisign can takedown any domain to avoid liability to themselves. So if other avenues of removing a troublesome domain fail, you could just simply sue, or threaten to sue Versign and they can unplug the underlying domain.

Last year the US Department of Homeland Security (Immigration and Customs Enforcement) began a series of domain takedowns intended to enforce copyright violations. In one case they seized a third-level domain provider (mooo.com) which resulted in the takedown of over 84,000 unrelated and innocent websites.

Since the ICE takedowns were arbitrary and widening in scope, there became a perceived benefit to using non-US based Registrars for domain registration, as the takedowns were being implemented via court orders to those US-based registrars.

If this policy goes into effect, there are no safer jurisdictions for any .com or .net domain anywhere in the world. They all come under US government, quasi-governmental and law enforcement agency “requirements”.

The Verisign proposal concedes that:

Registrants may be concerned about an improper takedown of a legitimate website.  Verisign will be offering a protest procedure to support restoring a domain name to the zone.

Which is not very comforting. What is the “protest procedure” and how long will it take? Will a contested takedown put the domain in an online or offline state while the procedure is implemented, and how long does that take?

Proposed Modifications

If this is to move forward, our recommendations are as follows:

  • Section b should be stricken, and the current model that government inspired domain takedowns be requested via the Registrar of record be retained.
  • In cases of court-ordered takedowns, Verisign should only intercede in the case of a non-responsive Registrar and again, under a court order.
  • Section c should be stricken. Verisign already insulates itself from liability in its Agreements with Registrars and under the various Registrant Agreements already in place. This should not be a back-door method into taking down a domain.
  • If a Registrar feels a false-positive takedown has occurred, there needs to be a mechanism to bring the domain back online immediately pending the outcome of a challenge or disputed takedown.

Editorial Add-on by Frank Michlick

I completely agree with the comments by Mark, but I’d like to one step further and comment on the plan to pro-actively scan the domain registration base for malware sites as highlighted in the Domain Name Wire article on the same topic. While I am not a lawyer, I think it is very dangerous grounds for a registry operator to start actively monitoring registered domain names for their content and its compliance with laws. Once a registry does this as a pro-active service, it could imply that the registry becomes liable for sites that it misses in its scans, since it should be aware of the content of the sites for the domains registered through them. I think that a registry should act as a technology provider and facilitator the registry should not be active in developing the policy that decides what is illegal and what isn’t.

(c) 2011 DomainNameNews.com (1)


Advertisement
Tap into the most comprehensive Whois database
on the planet: Discover the details of a domain’s current ownership,
learn a domain’s pedigree and find all the domains ever owned by a
specific company or individual by accessing historical information from DomainTools.com.


UK Registry Seeks Input for Domain Expiry Policy

May 12th, 2011 Comments off

The market for catching dropping .UK domains is overrun by many companies, thus making it often a matter of luck who catches the released names. The reason for this is apparently the drop times and order picked at random by the registry along with the low fees for becoming a .UK registrar.

The registry just sent a message to one of it’s mailing lists soliciting feedback from stakeholders for a potential reform of how expired domain names are treated. Nominet also published a document (PDF) that explains the context of the request. The summary mentions and explains issues like expired domain tasting by the registrar, expired domain auctions and drop catching.

The main questions asked by the registry operator are:

  1. What should the principles of the expired period be?
  2. What should Nominet’s and the registrar’s obligations be to the registrant in the renewal of domain names?
  3. Many registrars will have provisions in their terms and conditions which outline what the registrar will do when a domain name expires. What type of notice and level of transparency should registrants reasonably expect where specific practices are undertaken in the expired period?
  4. In the context of encouraging innovation within the industry, how should Nominet’s  policies support the development of new business models whilst ensuring registrants’ expectations are met?
  5. What further background information would it be helpful for Nominet to provide to the issue group members to assist their discussions?

Instructions on how to participate can be found on the Nominet Website. Participation is open to all interested parties.

(c) 2011 DomainNameNews.com (6)


Advertisement
DomainConvergence 2011, May 12-13, Montreal, Canada


Have Your Say on Domain Transfers and Domain Hijacking

July 7th, 2010 Comments off

The following is a guest post by Michele Neylon, founder of the web hosting company Blacknight and chairman of the working group asking for feedback in this article. Since ICANN policy affects us all, we encourage our readers to provide their feedback on the issues identified by the working group.

ICANN’s Generic Names Supporting Organisation (GNSO) has formed a working group to consider changes to the domain transfer process to enhance security and reduce hijacking.  The working group consists of registrars, aftermarket players, domainers and other members of the ICANN Community.  The group published its preliminary recommendations at the ICANN meeting in Brussels two weeks ago and the 20-day comment period has just begun.

The key areas of focus for the working group are as follows:

  1. Whether a process for urgent return/resolution of a domain name should be developed, as discussed within the SSAC hijacking report (http://www.icann.org/announcements/hijacking-report-12jul05.pdf; see alsohttp://www.icann.org/correspondence/cole-to-tonkin-14mar05.htm);
  2. Whether additional provisions on undoing inappropriate transfers are needed, especially with regard to disputes between a Registrant and Admin Contact. The policy is clear that the Registrant can overrule the AC, but how this is implemented is currently at the discretion of the registrar;
  3. Whether special provisions are needed for a change of registrant near a change of registrar. The policy does not currently deal with change of registrant, which often figures in hijacking cases;
  4. Whether standards or best practices should be implemented regarding use of Registrar Lock status (e.g., when it may/may not, should/should not be applied);
  5. Whether, and if so, how best to clarify denial reason #7: A domain name was already in “lock status” provided that the Registrar provides a readily accessible and reasonable means for the Registered Name Holder to remove the lock status.

Comments by registrants, registrars and other interested parties are strongly encouraged and can be viewed at:

http://www.icann.org/en/public-comment/#irtp-b-initial-report

The deadline for submitting comments is 25 July, 2010.

(c) 2010 DomainNameNews.com

Advertisement
Upcoming Domain Industry Events, Conferences & Auctions


David Olive joins ICANN as VP Policy Development Support

January 29th, 2010 Comments off

ICANN has named David Olive Vice President of Policy Development Support. Olive ends his 20 year tenure at Fujitsu where he most recently was General Manager and Chief Corporate Representative in the Washington office and will join ICANN on February 15th, 2010. He has also served as a member of the Commercial Board of Directors of TechAmerica and as the Public Policy Chairman for the World Information Technology and Services Alliance (WITSA), a consortium of over 70 information technology industry associations from economies around the world.

“ICANN is undoubtedly one of the most important entities on the globe in terms of Internet governance,” said Olive. “So it’s exciting to land in a position, where I can exercise my passion for foreign affairs while exploiting my experience in technology policy formation.”

“David’s skill sets are a perfect match for this position,” said Rod Beckstrom, ICANN’s CEO and President. “Our unique bottom-up policy formation model gives our international community an instrumental role in the development of ICANN’s policies. And while that translates into some amazing opportunities, it also creates some unique challenges, and there’s no doubt that with his demonstrated excellence in diplomacy and collaboration David is up to managing those challenges.”

[via TradingMarkets]

(c) 2009 DomainNameNews.com

Advertisement

European Domain Registration