Slashdot Mirror

← Back to Stories (view on slashdot.org)

VeriSign Wants Ability To Suspend Domains Without Court Order

Posted by Unknown on from the only-criminals-want-due-process dept.

GeorgeK writes "VeriSign, the monopoly registry operator for .com/.net domain names, has submitted a proposal to ICANN (PDF) describing an 'Anti-Abuse' policy. If allowed to proceed with such a policy, they would become judge, jury and executioner, with the ability to suspend or even cancel alleged 'abusive' domain names without due process for registrants. The proposal even recognizes that legitimate domain names may be taken down improperly, and offers a 'protest' procedure. However, VeriSign does not appear to offer any ability to protest an accusation of abuse before the suspension or cancellation. They intend to 'shoot first and ask questions later.'"

32 of 123 comments (clear)

  1. Of Course... by Bobfrankly1 · · Score: 2

    ...this presents no opportunities for abuse.

    1. Re:Of Course... by Anonymous Coward · · Score: 5, Insightful

      Don't forget to pay your $299.99 VeriSign Domain Protection Reactivaton Fee, you cocksmoking teabaggers!

    2. Re:Of Course... by fuzzyfuzzyfungus · · Score: 2

      I'm sure their solid record of "cooperation" will prove a valuable asset when the next round of selecting-the-guys-to-run-the-.com-TLD comes around...

    3. Re:Of Course... by MightyMartian · · Score: 2

      Mod +10 insightful. That's exactly what will come next, or some sort of Verisign Domain Deactivation Insurance Fee. Why, after all ill deeds of this company ICANN still allowed them within a thousand miles of being primary root/registrar for the two most important TLDs is beyond me. VeriSign has shown sufficient avarice, maliciousness and incompetence on a sufficient number of occasions that it just baffles my mind that they didn't have it yanked years ago.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:Of Course... by Anonymous Coward · · Score: 2, Insightful

      Do you have any assurance that someone else could do a better job? Better the devil you know...

      That is the devils argument.

      Change, change again, change again and sooner or later you will find something you can tolerate.

    5. Re:Of Course... by MightyMartian · · Score: 3, Insightful

      I was the network guy for a small ISP when Verisign introduced Site Finder. Believe me, at that point my boss and I decided it couldn't be worse if Satan was running those TLDs, and we weren't quite sure if it wasn't Satan running them.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    6. Re:Of Course... by Pf0tzenpfritz · · Score: 3, Informative

      IIRC, ICANN/IANA tried to sue them out of business in the late 1990s when they partially screwed up DNS (replacing NXDOMAIN answers with their "domain finder" landing page). VeriSign won in the last second using legal tricks and soon made friends with similar minds in the US gov. Since then they grew rapidly and -which irony- went from rogue provider to "security provider" and even CA. Wikipedia has some very insightful articled about the "domain finder" affair.

      --
      Oh, the beautiful gloss of greality!
  2. This is nuts by GameboyRMH · · Score: 2

    Governments and corporations keep leapfrogging each other as the biggest threat to the Internet. How are we supposed to know which threat to focus on dammit!

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
    1. Re:This is nuts by dintech · · Score: 5, Insightful

      You just have you realise that Goverment and Corporations are actually the same thing, then your job becomes easier.

    2. Re:This is nuts by bill_mcgonigle · · Score: 3, Insightful

      How are we supposed to know which threat to focus on dammit!

      Don't. Build the distributed replacement for DNS.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    3. Re:This is nuts by Gideon+Wells · · Score: 2

      People who are greedy, people who are power hungry, etc. are the same no matter where. They go to where the path of least resistance is. In some countries they are the inner party. In others they wear top hats and monocles. At times they lead the guilds/unions. Sometimes they co-opt the press. In some they have the top hats, inner parties, unions and press badges.

      The Noble Peace Prize was created after Noble realized his peaceful and life saving invention of TNT had been co-opted for war. TNT is just a tool. So is the press, government, unions and corporations. It is who is using them you need to consider.

      --
      by Anonymous Coward: I, for one, welcome the shift from car analogies to pizza analogies. um.. overlords?
    4. Re:This is nuts by bill_mcgonigle · · Score: 2

      So... DNS? DNS is already distributed.

      The root of each TLD is centralized. That's how we wind up with TFA's problem.

      There's a group that has something working reminiscent of the way torrent magnet links work. I can't remember their name now.

      You don't need everybody to switch - you just need to get resolvers to support the alternate lookup method and provide a better solution for enough users. If it works right, most people don't notice the alternate plumbing.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    5. Re:This is nuts by Pf0tzenpfritz · · Score: 2

      Which is very close to the truth in case of VeriSign.

      --
      Oh, the beautiful gloss of greality!
    6. Re:This is nuts by HiThere · · Score: 4, Insightful

      No it hasn't. You've just become more aware. You can trace deals like this at least as far back as the building of the railroads in the US. I believe that Britain has records of similar hijinks that go back to the middle ages. I'm sure other countries do too. They'd go back further, but corporations were invented during the middle ages. Before then, and even while they were developing, most of the slimy deals were made by individual wealthy people. Corporations didn't really become commonly dominant until after WWI, possibly as late as WWII. Before then the major problem was tycoons. And before them aristocrats.

      None of them have ever been worth trusting as classes, though I'll admit that individual people were sometimes trustworthy. But that was unusual. Powerful organizations are not trustworthy. It's not money that corrupts, it's lack of consequences. You see it in corporations, you see it in politicians, you see it in police, you even see it in anonymous e-mail. It's pretty nearly universal. Some individual people avoid corruption. But it isn't what one should expect.

      This is why control in civilization should be decentralized. So that people can't create for themselves "spheres of invulnerability". But this goes contrary to what everyone wants, because everyone wants a "safe space", where they can control what happens. This isn't a problem, unless that "safe space" infringes on other people.

      P.S.: Anyone know a cell phone that has a white-list option? (I, too, want a safe space. A space where I can decide who is allowed to interrupt me.)

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    7. Re:This is nuts by bill_mcgonigle · · Score: 2

      Yes, but there's nothing stopping us as a collective from changing who controls those roots. If we want to give com to Joe Bob, it is just a matter of having everyone update their DNS server settings.

      I totally agree. Then we need to worry about how Joe Bob is going to behave instead of NetSol. Mass-consensus is good, but single points of failure are undesirable.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    8. Re:This is nuts by bill_mcgonigle · · Score: 3, Insightful

      All true, and great for a time when John Postel was what it meant to run a registry. The RFC's didn't anticipate the kind of interference that NetSol is proposing.

      There doesn't have to be namespace collisions, though. Why is it that Visa cards are all 4xxx, MasterCards are 5xxxx and Discover cards are all 6xxx? Couldn't Visa start issuing cards in the 5xxx range? Of course, but it's mutually beneficial for all of the players to interoperate. Nobody would trust a name service provider that was purposefully destructive (unless forced to through monopoly) so we would expect they'd operate in a trustworthy manner by default.

      Also look at the world BGP routing table. It's all distributed, you have to earn trust to participate, and there are occasional mistakes. Even still, it lets me get these characters from here to wherever Slashdot's server are, and has proven effective, even if there's room for improvement. Imagine if everybody had to go register their routes through a single route registrar and make changes on their website.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    9. Re:This is nuts by DriedClexler · · Score: 2

      Alright, points taken and I withdraw my objection (to the extent that has any significance on Slashdot). You certainly know the topic better than I.

      --
      Information theory is life. The rest is just the KL divergence.
    10. Re:This is nuts by icebraining · · Score: 2

      Bittorrent already works fine without trackers, it uses DHT. You just need one - any - node to connect.

      As for torrent sharing websites, how are they centralized? Anyone can build one. You can put the same torrent file on multiple, so even if one is taken down it still works.

      Hell, here. Slashdot is now a torrent sharing site, thanks to magnet links. How's that for decentralized?

      --
      Dilbert RSS feed
  3. Pretty domain. 'Shame if something were to happen. by cgenman · · Score: 5, Insightful

    I'm sure they will offer a service where your domain is "Pre-Verified" and not subject to abuse takedowns... For $1,000 per year, of course.

    --
    The ______ Agenda
  4. Slightly used domains for sale by wulfbyte · · Score: 2

    Doesn't matter if the original owner doesn't want to sell, for a price it can be made available.

  5. Domain Names are Corporations are people! by 140Mandak262Jamuna · · Score: 2
    Domain Names have all the rights of corporations which are people ?

    Many of these abusive domains are very fleeting and transient designed to live for just a few hours. If you want due process, it has to come before the registration. So domain name registration would then follow guidelines similar to Trade Mark and other corporation registration rules. It would slow down the registration process a lot and impact the fees Verisign is currently collecting. The domain name abuse is getting to be very bad, and it could trigger legislation. Legislation by the congress critters who imagine internet to be a series of tubes would put onerous burdens in the registrants and the registrars. So it is heading it off at the pass.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Domain Names are Corporations are people! by Miamicanes · · Score: 4, Interesting

      Well then, a reasonable compromise to limit the potential for collateral damage might be a rule that makes it impossible for them to suspend a domain that's been registered in good standing for more than a year without full due process, and provides a way to register a domain quickly, but subsequently complete a more exhaustive registration process that -- when completed -- immediately grants the domain the same protected status as one that's been around for more than a year.

      That way, they can still nuke botnet command & control domains, but somebody whose domain has been around for more than a year (OR who has completed the more time-consuming registration procedure) could sleep at night knowing that Metaphorical Judge Dredd isn't allowed to touch THEIR domain. It wouldn't completely eliminate collateral damage, but it would eliminate the overwhelming majority of situations where a legitimate domain owner could suffer financial damage due to a careless or hasty employee somewhere.

  6. Summary execution by pablo_max · · Score: 2

    I am asking for such powers. Just because I asked for it, does not mean I will get it.

  7. Re:Sounds like a fine idea. . . . by fuzzyfuzzyfungus · · Score: 2

    That should provide robust protections for, oh, anybody who can afford a protracted legal battle... Shouldn't be a problem.

  8. Re:Anonymous by fuzzyfuzzyfungus · · Score: 3, Interesting

    A DDoS or a petty "doxing" would be boring; but my schadenfreude lobe would be pulsating with happiness if their private signing key(s) were to make their merry way into the world.... Can you imagine the mayhem?

  9. Yes, I read the FA. by poofmeisterp · · Score: 4, Interesting

    They intend to 'shoot first and ask questions later.'

    This is helpful for potential malware/virus/etc sites - take it down NOW and address afterwards. As long as the ones taking the deactivation move witness it themselves, it's doable.

    The problem comes with reports. Let's say you get 100 reports of a domain being a nasty one in a 5-minute period of time. You just *wham-bam* take that domain down without looking at it and you could have just been the worst link in a staged act chain.

    I'm not trying to be an ass, but I'm posting what I witness daily: Everyone wants to save money, including big companies. If VeriSign were to have this ability (along with other TLD registrars), then they will likely want to automate everything they can. See paragraph 2 above.

  10. Re:Sounds like a fine idea. . . . by TouchAndGo · · Score: 3, Insightful

    Add in the fact that they'll probably start slipping forced arbitration clauses in their contracts like a lot of companies are doing and I can't see this going wrong at all

  11. Re:Monopoly? by imric · · Score: 3, Informative

    You can be a monopoly. It's not illegal.

    It's illegal to abuse monopoly status, though.

    --
    Paranoia is a Survival Trait!
  12. Send Comments to ICANN by GeorgeK · · Score: 5, Informative

    Thanks for accepting the article. ICANN is still reviewing the proposal. If folks share my concerns, please do send them your comments by emailing registryservice@icann.org (from the top of ICANN's Registry Services Evaluation Process page). You can view comments by others here. EasyDNS has submitted their concerns too.

    At a minimum, they should open up a formal 30 day public comment period that is widely advertised, in order that domain name registrants can be heard.

  13. This might make sense for domestic-only... by davidwr · · Score: 2

    ... in countries where the government-licensed utilities already have this power.

    If TLD management were split among countries, so that Verisign handled .com and .net for US-based companies and foreign subsidiaries or foreign registrars handled it in foreign countries, then this kind of power might make sense for some foreign subsidiaries of Verisign or for some foreign registrars.

    As for companies based the United States who use a domain registrar in the United States, yanking a domain name without a court order insults the Constitution.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  14. This is a great idea. by idbeholda · · Score: 2

    I propose that they should not only implement this idea, but to track down the offenders and subject them to a gratuitous full body cavity search. You should be glad they won't need or require your consent, as this will be for your own good.

  15. Re:Monopoly? by russotto · · Score: 2

    Something like this seems to fall under the category of "abuse", but I'm sure the well oiled lawmakers see it differently.

    The US government WANTS this. They can then do takedowns without even the pro forma court-orders they get now; just a word to Verisign and the domain is gone, no questions asked.