Slashdot Mirror
ICANN Grants Temporary Reprieve to Spamhaus
daringone writes "ICANN released a statement that says they "...cannot comply with any order requiring it to suspend or place a client hold on Spamhaus.org or any specific domain name" They do, however leave the door open for the registrar that registered the domain name to then be forced to turn the lights off for Spamhaus."
Judges aren't required to know how technology works, they just make rulings that affect it.
Basically, ICANN is saying, "It's not our job to suspend domain registrations; it's the registrar's job. We just coordinate registrars."
In English, ICAAN can't do anything even if they're ordered to. They don't have the power. However, Tucows (Spamhaus' registrar) may be ordered to take them down.
Custom, hands-free Linux installs. Instalinux
Basically, ICANN says that they've not been ordered to act and suspend the spamhaus.org domain, and even if they had they couldn't do it "because ICANN does not have either the ability or the authority to do so".
They also state that ICANN is not party in the lawsuit and is not involved in it.
They end their posting by stating that only spamhaus.org's registrar or the Internet Registry have the ability and authority to suspend an individual domain name.
They close their posting by stating that this comment was made in response of the community's interest (in the ICANN's position on the matter).
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
e360: wah wah wah
Spamhaus:
e360: wah wah wah wah wah
Spamhaus:
Judge: OK, I guess you win, e360.
Spamhaus:
e360: Judge, please suspend their domain name until they pay us!
Spamhaus:
ICANN: Not my problem, man, go talk to the registrar.
Don't Tread on Me
Okay, I think I sort of get it now.
FTFA:
So E360 wanted to get a "client hold" on the domain name, but ICANN refused, saying they don't have the authority to do so.
(If you haven't been following the 360 Insight vs Spamhaus thing then you'll have no idea what's going on here!)
Never email donotemail@WeAreSpammers.com
They actually state that "no order has been issued in this matter requiring any action by ICANN". In a word, they were NOT ordered to take down spamhaus.org, they note that "a Proposed Order referencing ICANN has been submitted to the court" (which would mean that the proposed order hasn't been accepted by the court yet)
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
We should add a few letters to ICANN's name, therefore making it "ICANNOT." They literally supervise domain names and the IP space, however that's about it.
Now if Spamhaus registered the domain with GoDaddy, all 'e360' needs to do is say the site contains some severely questionable content and down the domain will go. GoDaddy has a good history with that...
Instead they demonstrated an admirable restraint and intelligence, in a situation where both the Judge and Spamhaus have failed to do the same.
excitingthingstodo.blogspot.com
No, what they say is:
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Main idea IMHO is that in this way ICANN can say, nicely, NO to US court ruling. If they agreed they would actually gave up their independence and would become easy target for more attacks from US jurisdical system.
In this way they effectively explained themselves from executing court orders.
Good job for freedom of speech ICANN!
"an experienced, industrious, ambitious, and often, quite often, picturesque liar" - Mark Twain
10 Second History
Spamhaus listed E360 as spammers
E360 sued Spamhaus in an Illinois court, saying that they weren't spammers.
Spamhaus said that an Illinois court has no jurisdiction and didn't show up.
E360 won a default judgement because Spamhaus didn't show up.
Spamhaus still said the court had no authority and ignored the judgement.
E360 filed for an injunction, asking the court to order either ICANN or the domain registrar to block the Spamhaus domain because Spamhaus ignored the judgement.
This Story
ICANN is saying leave us out of it. We don't have any part in it and can't do anything about it.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
OK, in "modern english" from my amateur interpretation of the article (feel free to correct me)
...
e360 has joined the chat
spamhaus has joined the chat
e360: omg we aren't spammers so we sue u becos u think we are!
spamhaus:
court has joined the chat
court: spamhaus won't reply, so default judgement of $12 million in litigation costs for them
court: oh, and u must remove e360 from ur spammer list now!!
court: and btw, tell u did wrong on ur website...
icann has joined the chat
icann: wtf! whats e360 claims based on anyway??
e360: omg take down every spamhaus domain until they comply with court's order! FFS
tucows has joined the chat (= Spamhaus.org domain registrar)
tucows: ??? wtf is all the ruckus about!
e360: just sign the papers to bring down the assholes u idiot
** start of these news **
icann: i dunno... but WE cant do shit.. we lack teh authority..
icann: spamhaus never wrote a contarct with us... its up to tucows i guess
icann: hell we werent even brought to court properly by 360
Will be interesting to see how it unfolds... If I understand things right, TUCOWS has not responded.
Beware: In C++, your friends can see your privates!
Which while annoying briefly, might be a Good Thing(tm). Face it, those who use services like Spamhaus probably don't realize *how much* spam there is. If your government official gets 1 spam in 20, well, they thing "just hit delete" works fine if their total spam load is 1,000 emails a day (50 spams get through). If, on the other hand, they suddenly are hit with the full brunt of it, there may be changes. Imagine Grandma who gets 5 or 6 spams a week after her ISP's filters (which probably are quite effective). And then suddenly getting 600 a day. It may open up the eyes of those who don't believe it to be a problem because they're sitting behind a wall protecting them. It's just we've all been sitting "behind the wall" to see true increases. When the amount of mail that makes it past the filters doubles, total traffic may have increased 10 times or more.
This might encourage development of a new email infrastructure that gets rapidly adopted by the Internet, suddenly faced with the realities of how much spam there really is in the world.
I for one, would love to see the end of poorly-configured MTAs who send me bounce emails that are improperly formatted. Of all things an MTA should do, is to generate proper emails! Otherwise they're contributing to the spam problem (I've got hundreds all addressed as "Mailer Daemon " and even more from antivirus/antispam systems, and nevermind whitelist systems. They all seem to contribute to the spam problem by generating even more email in response to email.)
Also I want that judge to decalre the "do not call" list created by the US Govt illegal. If someone talks to you, you have to drop everything and listen. If someone sends you a piece of junk mail, you must read it.
How asinine can any judge get?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
What did the judge do?
I just glanced over the thing, and it says that at a certain point Spamhaus' laywers stopped showing up to court, so the judgement defaulted to the plaintiff. I'm pretty sure the judge didn't have a lot of leeway to do any judging at that point.
(oh yeah, great job using "mail", "judge", and "bomb" together - enjoy being an enemy combatant... ah crap! I'll see you at Gitmo...)
sic transit gloria mundi
The judge is just following the law, and, indeed, the constitution. This has nothing to do with "freedom of speech". Spamhaus asked for a civil suit to be moved to Federal Court, and then failed to defend themselves. Wham. Default judgement.
It doesn't matter whether Spamhaus is being sued for describing Ted Kaczynski or "Spamford" Wallace as a spammer. It doesn't matter if this is Spamhaus or SPEWS. It doesn't matter if spam is a nuisance or welcomed by millions of people across the world. They failed to turn up. They're subject to a default judgement and legal sanctions to prevent them from continuing the offense.
That's what the law and constitution says is the correct response, and therefore, while it might be unpopular, this is the correct thing for the judge to do. For all the criticisms of judges "legislating from the bench", it seems that the majority of people would rather they do that than follow the law. (Witness SCOTUS's response to the Connecticut eminent-domain thing. For some reason, everyone decided it was SCOTUS at fault. The real problem was a vague phrase in the constitution, an out of control local government, and state and Federal legislatures who'd failed to impose legal limits. But everyone blamed the judges.)
The judge needs to follow the law, even when it's unpopular. The legislature needs to be told to deal with this fiasco. And Spamhaus needs to be more careful and less stupid and contradictory in their ways of dealing with courts.
You are not alone. This is not normal. None of this is normal.
In many ways, I am very happy about ICANN's decision. They are recognizing that the internet should not be controlled by politics or a single country/government. If ICANN had blocked the domain, politicans would start to think that they controlled the internet (although some do think that way...)
Follow the actual story:
1) Spamhaus is used in Illinois court.
2) They APPEAR in court, and request that the case be moved to federal court, as IL does not have jurisdiction.
3) The case IS moved to federal court.
4) Spamhaus stops showing up.
They requested the involvment of the federal district court. In your example, the defendant was never involved. Here, they were. If they had argued that the U.S. has no jurisdiction in IL, they probably would have won. Instead, they argued that the federal court had jusisdiction.
It's a little different than your Hong Kong example.
It's a bit different than that.
Spamhaus is not based in the USA, and has no offices in the USA, so therefore the court has no jurisdiction to sieze anything from them. It's even dubious that the judge has the right to sieze the domain name, as it's registered with another non-US company. ICANN is just saying "Don't bother slapping us with a subpoena because we can't do it anyway."
This has much further reaching implications than it may seem at first. First Spamhaus, then online gambling sites that are perfectly legal in other countries. After that will come torrent sites, crack sites or anyone who does anything that might be illegal in the USA but legal elsewhere.
It's a slippery slope.
So in layman's english ICAAN is simply saying ICAAN'T.
disclaimer: I've been known to store numbers in my ass for which to dig out when quantities are required.
While it's technically true that they could get around it, legally, it's not a great idea.
ICANN's contention seems to be that even if ordered to remove the record, its not technically possible for them. Only the registrar (TUCOWS in this case) could remove the registration.
Is this accurate? Don't the glue records get published through ICANN, and couldn't they remove them?
Of course I am in favor of Spamhaus and against SPAMers...I'm just curious if this is a legal ploy on ICANN's part to help Spamhaus (which I would applaud), or if its just ICANN telling the truth (which I would also applaud...I'm easy to please).
Also, if true, couldn't Spamhaus just move their registrar from TUCOWS (Canada?) to a registrar in a less US court friendly country where any order to remove the registration could be ignored?
I think the likely choices are either Tucows (as the registrar) or the Public Interest Registry, who is the actual maintainance organization for the .org TLD.
I'm not sure how PIR is structured and how responsive they would be to a U.S. court order -- a lot of their board of directors seem to be European, although their mailing address is in Reston, VA, and I'm not sure where they're officially incorporated -- but Tucows is probably in a position where they have a lot to lose if they ignored it.
Still, can a registrar really "pull" a domain? It's the PIR that maintains the root DNS servers for the TLD, so if they decide to just not delete spamhaus's DNS entry, then the domain stays active. Tucows basically sends requests to the PIR to add new DNS records when someone registers a new domain, but they don't (at least, I don't think they do) actually operate the servers themselves. What is Tucows supposed to actually do?
It would be interesting if PIR just said "no" to the order, once it goes to them from Tucows, and refused to do it. There could be some very interesting precedent as a result of this: should a U.S. court have the authority to pull a domain belonging to a non-U.S. corporation or citizen? Should a German court be able to order a domain for a U.S. corporation or citizen pulled? How about a Saudi Arabian court?
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Tucows will be subject to the Federal court's jurisdiction, because they maintain business offices in the US (Starkville, MS, according to their website). So if Tucows is ordered to suspend/place on hold the domain registration, they'll be forced to comply.
12 Second History
4
Spamhaus listed E360 as spammers
E360 sued Spamhaus in an Illinois court, saying that they weren't spammers.
Spamhaus said Illinois court has no jurisdiction, take it to Federal courts.
E360 sued Spamhaus in a Federal court, saying that they weren't spammers.
Spamhaus doesn't show up to Federal court, despite having accepted their jurisdiction.
E360 won a default judgement because Spamhaus didn't show up.
Spamhaus still said the court had no authority and ignored the judgement.
E360 filed for an injunction, asking the court to order either ICANN or the domain registrar to block the Spamhaus domain because Spamhaus ignored the judgement.
Check out this Illinois lawyer's take on the matter for the full(er) explanation:
http://blogs.securiteam.com/index.php/archives/66
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
And Tucows being a canadian company, I'm not sure of the leverage an Illinois court could have over them to take down the domain of an english spamfighting organization.
Me guess none, but who knows.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Actually, Tucows is not an US-based registrar (it's canadian).
Also, spamhaus already has spamhaus.co.uk, but it's explicitely said that it didn't want to domain-switch, because it'd be detrimental to the users of the existing lists.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
For a while now, the EU and other bodies have been grousing about ICANN being under the control of the US (Dept of Commerce, IIRC). I wonder if this stance *against* a US court will somewhat mollify those objections? ICANN's hardly a US puppydog if it distances itself from the US court system...right? Maybe?
I realize they aren't acting in defiance of a court order (they haven't even been contacted by the court yet, if I understand the press release), but at least they're toeing the "We're independent and neutral" line.
Just junk food for thought...
Wait... I'm fairly sure Tucows is Canadian, I wonder if they can get a Canadian company to enforce an american court order against a british company.
Although Tucows is listed on the American Stock exchange, it is actually Canadian based company (non-US based).
Head Office:
Tucows Inc.
96 Mowat Avenue
Toronto, Ontario
Canada
(Witness SCOTUS's response to the Connecticut eminent-domain thing. For some reason, everyone decided it was SCOTUS at fault. The real problem was a vague phrase in the constitution, an out of control local government, and state and Federal legislatures who'd failed to impose legal limits. But everyone blamed the judges.)
The judge needs to follow the law, even when it's unpopular.
Reminds me of the Dread Scott v. Sandford case. I think it was Chief Justice Taney who was a die hard abolitionist (anti-slavery) but sided with the majority as, while he didn't believe in slavery, he believed the constitution and laws pertaining to the case supported it. Which, turned out to be a severe blow to the abolitionit movement.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Couldn't an independant organization just register the name and direct it to spamhaus's servers? Wouldn't that make it impossible to revoke the domain name?
"Spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today). Arguably, and this makes sense intuitively even if you don't understand the finer points of U.S. civil procedure, doing so inherently acknowledged the jurisdiction of the federal court."
Here's an idea if Spamhaus ends up deciding to comply with removing e360 from their spammer list.
Create a "People Who Sued Us" list. Make this list functionally similar to the normal ROSKO list, allowing IT admins to choose to use the PWSU list for e-mail filtering purposes. Chances are that anyone on the PWSU list is a known spammer, since only a known spammer would have to resort to shady legal practices to get removed from ROSKO. However, the PWSU list is based only on the easily provable fact of someone suing Spamhaus, meaning that nobody on that list could complain that they were being treated unjustly.
I'll bet Spamhaus.org is being transferred to a UK registrar right now. I wouldn't risk anything with Tucows, they have too much going on in the US.
The court has the authority to order whatever it likes. If the person/representative of the company so ordered fails to comply, then a warrant can be issued for their arrest. That applies no matter what country the subject of the order is in.
However, that said, if the subject of the order is in a different country, they can choose to ignore the order on the assumption that their home country will not prosecute or extradite them. For something this trivial, there's almost no chance that they would do so.
First Spamhaus, then online gambling sites that are perfectly legal in other countries. After that will come torrent sites, crack sites or anyone who does anything that might be illegal in the USA but legal elsewhere.
Fine, all those things will be hosted on servers outside of the US, with domains registered through registrars outside the US, and the people running them will avoid visiting the US.
All courts of all countries are perfectly free and entitled to make whatever orders they like; they just can't necessarily expect them to be enforced, except in their own jurisdiction.
ObDisclaimer: I don't even pretend to be a lawyer, that's not legal advice, rely on it and you're an idiot, etc.
It's official. Most of you are morons.
A "public service" that they charge for, and that makes them little different than other companies offering blocking lists. You can _no longer_ download their list of blocked IP adresses unless you pay:
Just an FYI.
In these situations things just keep on coming and coming.
Judges and the judicial system are set up so that court orders can be enforced. Usually against reluctant subjects, so dealing with whiners is not new to them.
Even in civil cases you can get a cop with a gun to go into a business and help you settle things up if the judge orders it. Unless anti-spam people think tucows is going to arm its US office and start shooting people, they are going to comply with this order.
Spamhaus had an easy out, make a special appearance and talk about jurisdiction. Or they could have moved it to federal and fought it on the merits, which would have likely established a positive precedent in the US for voluntary opt-in to these types of published opinion blacklists. Instead they try to game the legal system in the US. That's fine, but they are likely to lose their ability to work within the US by doing so.
Spamhaus appear to have been expecting action against their domain name, as on 14 September they registered the domain spamhaus.org.uk, over which US courts have (one hopes) no jurisdiction at all.
There has been an arms race between spammers and admins, in many senses of the word. Spammers learned long ago that they will have an edge if they operate anonymously, either relaying through insecure relays in the old days, or more recently taking control of insecure PCs and servers and operating a fleet of zombie nodes. Their origin is masked. Or they might purchase services through dirty middlemen who then purchase services through dirty ISPs. Either way, spammers try to hide.
But the admins who fight spam often do not hide, usually because they are part of a reputable organization and are well respected by the community, and proud of their work. Also, the way blacklist technology is used (RBL, DNSBL) makes it difficult to conceal who you are. Unfortunately this makes organizations like Spamhaus vulnerable to DoS attacks, harassment, and frivolous lawsuits (remember that spammers call themselves 'internet marketers' and pretend they are legit businessmen). Other organizations like SPEWS are somewhat better at hiding their operation.
There are ideas floating around, however, on ways to harden blacklists agaist attacks of various sorts. The idea proposed in that 2004 paper would conceal the blacklist publisher, and use distributed resources to serve the list, kind of like how spammers use a fleet of zombies (except spammers steal those resources).
Spammers are a dirty bunch, they fight dirty. Maybe it's time we look more seriously at protecting the blacklists and their operators from various types of 'attacks'.
Not only that, but Spamhaus' registrar is Tucows. Tucows is a Canadian company. Let's see if a U.S. judge will try to exert jurisdiction in Canadia.
Pull my finger for my public key.
If a UK judge orders their domain shut down and they comply with that, but then just switch domains and keep right on going, the judge could hold them in criminal contempt of the court, depending on how the ruling was worded and how severe the cout thinks the infraction is.
In the US, a person is either held in contempt or not, but in the UK judicial system, a person can be in civil contempt or criminal contempt. Criminal contempt charges (from what I understand; IANAL) can be very serious, entailing heavy fines and sometimes jail time.
This all seems to be moot, as the UK doesn't seem to have any great interest in prosecuting anybody over this case. However, that is the hypothetical situation the GP was talking about.
I'm sorry but that's utter rubbish. Spamhaus did no such thing to OpenBSD users. Any OpenBSD user can still query the Spamhaus blocklist. But Spamhaus has to charge for the rsync access to the list, in part for the cost of bandwidth, and in part to help ensure Spamhaus can continue as an organisation (for example, in paying for lawyers!).
Just because DeRaadt didn't want to re-code his app to use DNS instead of a local copy he put this FUD in his commit message.
Matt. Want XML + Apache + Stylesheets? Get AxKit.
Influence, yes. Legal rights, no. All they could do was plead their case and hope the Swedish authorities did what they wanted them to do. If the Swedish authorities would have just told them to bugger off, nothing would have happened.
"But this one goes to 11!"
A Federal Court has no jurisdiction over a UK company either.
One of the beautiful things about the Internet is that anyone can setup the services they want. Some are abusive, most are not. Your proposal says that individuals have no reason to do what they want to do. The only way to go is to trust corporate-supplied services. That is not the Internet I signed up to.
Slashdot: Where nerds gather to pool their ignorance
> Is this accurate? Don't the glue records get published through ICANN, and couldn't
.org TLD to be delisted, ICANN would be the outfit to contact.
.com registry was run, last I recall, by Network Solutions. (That may have changed, because I haven't paid attention recently, but whether .com is still run by netsol is not really germaine to the discussion.) Assuming that that is still the case, then the root domain servers, over which ICANN has charge, will basically say that for .com you consult the nameserver over at Network Solutions, and for .uk you consult the nameserver of some UK outfit that runs that one, and so on.
.org in the case of Spamhaus), and that would be a much more weighty thing to do. However big a deal you think it would be to delist Spamhaus, take that up a couple of orders of magnitude and you start to get an idea how big a deal it would be for ICANN to delist a TLD.
> they remove them?
Unless I am mistaken, no.
ICANN is responsible for the *root* domain servers, i.e., the ones that tell you which (other) domain servers have authority for various *top-level* domains. So if the court wanted the
However, the individual domains _within_ each TLD are the responsibility of certain key registries who run the authoritative servers for those domains. For instance, the
To get a specific site's domain delisted, you'd have to go to the people who hold the domain the next level up, i.e., the people who run the nameserver that authoritatively lists the domain you're trying to get delisted. You can't go to ICANN and say, "please delist galion.lib.oh.us", for instance -- you'd have to go to whoever currently runs the nameserver with authority for the lib.oh.us domain (which was OARNET last I knew). If ICANN were to act, they'd be delisting the whole TLD (.us in the library's case, or
Cut that out, or I will ship you to Norilsk in a box.
I believe this has a lot to do with net neutrality as well. If ICANN pulls the plug they would be violating it.