It's Official: Registrars Cannot Hold Domains Hostage Without a Court Order

← Back to Stories (view on slashdot.org)

It's Official: Registrars Cannot Hold Domains Hostage Without a Court Order

Posted by Soulskill on Friday January 10, 2014 @06:50AM from the dns-hostage-negotiators-suddenly-unemployed dept.

Stunt Pope writes "Back when the City of London Police issued those 'takedown requests' to domain registrars, most complied. However, as previously reported here, easyDNS didn't. A bunch of the taken-down domains wanted to move to easyDNS. One problem: their registrar wouldn't let them. It took awhile, but easyDNS fought it. They've finally gotten a ruling (PDF) under the ICANN policy that ordered the hostage domains transferred."

33 of 112 comments (clear)

Min score:

Reason:

Sort:

hmm.... by Anonymous Coward · 2014-01-10 06:56 · Score: 4, Interesting

how about like when whole domains are being used for malware, phishing, or fraud?
do we have to go thru a court to get a registrar to do something? that isn't reallllly that good of news.
namesearchhere.com is being used for botnet clickfraud. along with probably hundreds of others... now the registrar can just sit on their hands and say... welp. nothing i can do but charge fees. my hands are tied!
registrars are making money of DGA, clickfraud, and all manner of shitty activities. now they can really drag their feet.
1. Re:hmm.... by gandhi_2 · 2014-01-10 07:20 · Score: 2
  
  Ahh. So with Google safe-browsing in Firefox and Chrome, and MS whateverthefuck filter, clearly there are no successful phishing attacks involving websites.
  No, I've reported phishing domains that stayed up for over 48 hours. Google (stopbadware, opendns anti-phishing) and Netcraft respond pretty quickly to phishing reports but people still end up at the sites trying their damnest to log in.
  Maybe hosting providers should be the same way when you report one of their servers as hacked and being used for a botnet check-in or malware hoster. Do nothing until a court order. That should work well!
  
  --
  THL phish sticks
2. Re:hmm.... by Anonymous Coward · 2014-01-10 07:23 · Score: 5, Insightful
  
  how about like when whole domains are being used for malware, phishing, or fraud?
  do we have to go thru a court ....
  How about when Anonymous Cowards like you are murdering babies? Do I have to go through the whole judicial thing to stop it? Shouldn't my word just be enough to come over and judicially execute you and have all your property transferred into my name as compensation for my time? I think all this "judicial stuff" is just getting in the way of my killing off idiots^W^W^W protecting the family.
3. Re:hmm.... by fred911 · 2014-01-10 07:44 · Score: 5, Insightful
  
  Why should he registrar be responsible for content? Is the phone company responsable for publishing phone numbers of unscrupulous businesses? The responsibility for mal-content is that of the host, not the directory.
  
  --
  09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
4. Re:hmm.... by Anonymous Coward · 2014-01-10 07:57 · Score: 5, Insightful
  
  Maybe hosting providers should be the same way when you report one of their servers as hacked and being used for a botnet check-in or malware hoster. Do nothing until a court order. That should work well!
  Better 100 idiots without a scanner installed get infected than one innocent site get shut down by an asshole with an agenda.
5. Re:hmm.... by LordLimecat · 2014-01-10 08:04 · Score: 4, Insightful
  
  Protecting the good guys from abuse often protects the bad guys to some degree.
  Its all about what kind of internet you want to deal with: One where someone can trivially take your content down, or one where you know that theres bad stuff out there.
6. Re:hmm.... by LordLimecat · 2014-01-10 08:05 · Score: 2
  
  No, Ive got it, they should take the domains down immediately with no verification and no court order whenever someone presses the "report domain" button!
  Seriously, what are you proposing?
7. Re:hmm.... by Stunt+Pope · 2014-01-10 08:13 · Score: 5, Insightful
  
  Registrars can takedown domains for net abuse, the main thing is their terms of service are between them and their registrants, they enforce their policies.
  The easyDNS Plain English terms of service state domains will be taken down for net abuse, but if you want to compel a takedown from the outside because *you* say it's illegal, you need a court order.
8. Re:hmm.... by ancientt · 2014-01-10 08:13 · Score: 3, Insightful
  
  do we have to go thru a court to get a registrar to do something? that isn't reallllly that good of news.
  Registrars can voluntarily do something when asked, so no, you don't have to get a court order to get a registrar to do something. They are absolutely supposed to let people move their domains when people want to also, but some of them weren't following the rules. Having them follow the rules is a good thing.
  If, however, you want to force a registrar to do something which isn't part of the rules, then yes, you should have to get a court order.
  Did you like the scenario where companies don't have to follow the rules you both agreed to? Most of us don't.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
9. Re:hmm.... by Obfuscant · 2014-01-10 08:16 · Score: 2
  Why should he registrar be responsible for content?
  Because they have made themselves responsible through their Acceptable Use Policy agreement. For example, EasyDNS includes these conditions upon the registree:
  
  The Applicant warrants to easyDNS that the details submitted by the Applicant to easyDNS are true and correct, and that future modifications or additions to those details will be true and correct.
  The Applicant agrees not to use the services provided by easyDNS to conduct any business or activity or solicit the performance of any activity that is prohibited by law.
  easyDNS reserves the right to revoke any or all services associated with a domain or user account, for policy abuses. What constitutes a policy abuse is at the sole discretion of easyDNS and includes (but is not limited to) the following:
  
  transmitting Unsolicited Commercial Email (UCE)
  transmitting bulk email
  posting bulk Usenet articles
  Denial of Service attacks of any kind
  copyright infringement
  unlawful or illegal activities of any kind (this includes Ponzi schemes and HYIPs)
  promotes net abuse in any manner (providing software, tools or information which enables net abuse)
  causing lossage or creating service degradation for other easyDNS users whether intentional or inadvertent.
  Is listed in the DNS Providers' Blacklist or in any other blacklist / RBL which easyDNS may reference.
  
  Emphasis mine. And even more interesting:
  
  No Protection for Abusers: Domains and user accounts determined by easyDNS to be in violation of our Terms of Service are not entitled to privacy protection....
  The City of London was well within reason to ask them to look at whether one of their users was violating their terms, and all they had to do was say "no".
10. Re:hmm.... by ancientt · 2014-01-10 08:16 · Score: 3, Insightful
  
  Mod parent up.
  Not saying I haven't wanted to bypass the legal system myself from time to time, but given the choice, don't you want to live in a world with laws?
  Sure, I'd like to live in a world that doesn't need laws, but since ours does need them, then having people forced to follow them is the best we can hope for.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
11. Re:hmm.... by Lazere · 2014-01-10 08:29 · Score: 2
  
  Since this is /. I'm assuming you didn't even read TFS in order to get first post. If you had, you'd have noticed that this has nothing to do with domain takedowns and everything to do with domain transfers. Basically, the legitimate people who had been taken down in this bit of BS tried to move their domain to easyDNS, but the registrars they were currently on wouldn't let them. All this decision says is the registrars have to let people move their domains unless there is a court order saying otherwise.
12. Re: hmm.... by Obfuscant · 2014-01-10 08:56 · Score: 3, Informative
  
  I've read the summary. I've read the ruling. Have you? The summary and ruling aren't directed at the City of London and say nothing about whether the City of London was incorrect in asking easyDNS (or any other registrar) to review their terms for a possible breach. The summary and ruling deal with domain registrars who made the decision that the customer WAS in violation of their terms and thus shut them off, who then refused to release the domain name.
  This should be clear from the very beginning of the ruling:
  
  easyDNS Technologies Inc. v. PDR Ltd. d/b/a PublicDomainRegistry.com
  It's easyDNS vs. another registrar, not easyDNS vs. City of London.
  I've also read the "takedown order", which is quoted in part in the ruling itself. Maybe you should read it. It is rather clear in asking the registrar to review the conduct of the customer to see if it violates the registrar's acceptable use policy, and for the registrar to make a decision what action is appropriate.
  The City of London did NOTHING that you or I could not do, and I have done many times in the past when trying to get spammers and such shut down. I've even been more forceful by saying that the registrar SHOULD shut them off, not just that they ought to review the policy to see if they think the customer is breaching it.
  Yeah, the CoL went further by asking the registrar, once they had made a decision to shut the domain off, to take certain steps that would help the CoL maintain evidence of the activity for later legal action. That's not out of line, either, and it still is based on the registrar making a decision, not a demand from the CoL.
13. Re:hmm.... by Obfuscant · 2014-01-10 09:02 · Score: 2
  
  Right, so now they deny you service if you are breaking the law, but the arbiters of whether you are breaking the law or not is the court. Not themselves and not any other body.
  Quoting the easyDNS terms of service:
  
  Such determination on what constitutes a violation of the above or whether a domain has or is "likely" to violate the above is solely at the discretion of easyDNS.
  "The above" includes "unlawful or illegal activities of any kind (this includes ponzi schemes and HYIPs)". I don't know where you get the idea that "now" it has to be a court. That wasn't what the ICANN ruling dealt with. The ICANN ruling dealt with transfer of domains being held hostage by other registrars, not whether the City of London needs a court order to ask a registrar to review a customer's activities for a potential violation of the registrar's terms. They don't, and neither do I. Or you.
14. Re:hmm.... by Anonymous Coward · 2014-01-10 11:53 · Score: 5, Funny
  
  Better one pithy expression pulled out of his ass than 100 sophisticated economic analyses.
15. Re: hmm.... by Anonymous Coward · 2014-01-10 12:44 · Score: 2, Informative
  
  That is done with court orders and warants dipshit.
16. Re: hmm.... by Dan541 · 2014-01-10 14:21 · Score: 3, Insightful
  
  If you break the law then, to quote you, it's your own damn fault.
  How can you tell if a website is breaking the law? An illegal activity in the United States may be legal in the country that the website is located in. Thus making it a legal website.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Godaddy by neoform · 2014-01-10 06:58 · Score: 5, Informative

As someone who had godaddy hold my domain hostage, this is great news.
GoDaddy had received a single complaint from an anonymous source, which was apparently enough for them to threaten to revoke my domain if I didn't pay their $200 extortion fee.

--
MABASPLOOM!
1. Re:Godaddy by TWiTfan · 2014-01-10 07:26 · Score: 2, Informative
  
  GoDaddy, oh man. Hard to believe that I used to actually recommend them to clients for hosting. Then they started in with those ad campaigns that made Hooters ads look like church bulletins. That alone guaranteed that I would never recommend them again, even without the accompanying rumors of assorted other sleazy practices. It's a shame too. Their hosting was reasonably-priced and pretty reliable in its day.
  
  --
  The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
2. Re:Godaddy by mythosaz · 2014-01-10 08:11 · Score: 2
  
  The city of London, or the City of London?
  http://en.wikipedia.org/wiki/City_of_London
  Up next, a discussion of "United Kingdom"
3. Re:Godaddy by Obfuscant · 2014-01-10 08:30 · Score: 2
  
  The information is very well hidden in the FA, but this applies to Canada. The "City of London" will be the one in Ontario.
  
  The "City of London" being referred to is the one in the UK. It says as much in the linked ruling:
  
  On September 24, 2013, the City of London Police issued a Domain Name Suspension Request regarding a large number of domain names, including the three at issue in this case. The Request asked the relevant registrars to do the following: We request that you review your processes to see if you provide a service for the identified domain(s). If so, we would ask you to review the terms and conditions on the basis of which that service is provided and withdraw or suspend the service if you are satisfied that the terms and conditions have been breached.
  This is the infamous "takedown order" that asks a registrar to review a customer's actions with respect to the registrar's own acceptable use policy and make their own decision. The ruling continues:
  
  This request was for the following reason: "The owners of the aforementioned domains are suspected to be involved in the criminal distribution of copyrighted material either directly or indirectly and are liable to prosecution under UK law."
  which makes it clear that it is the City of London in the UK. But this ruling actually has nothing to do with the City of London, it applies to domain registrars.
4. Re:Godaddy by Anonymous Coward · 2014-01-10 08:37 · Score: 2, Interesting
  
  I also had GoDaddy hold my domain hostage, it was for a web security site, mostly used to find security holes in OSS as a hobby. Someone reported my site to GoDaddy and said it was a "hacking website" so I had to pay GoDaddys "penalty fee" to get control of my domain again so I could transfer it to someone else. I read through all their ToS and there was nothing about this "penalty fee" anywhere, which I pointed out to them, they replied with something along the lines of tough shit (they used nicer language but does that really matter). So I paid their "fee" to "unlock" my domain and I tried to transfer it to another registrar, I couldn't, everything in the control panel was set to allow me to transfer, I checked with GoDaddy support they said nothing was stopping me from transferring so I checked with the Registrar I was transferring to and they said everything on their end was working and had to be something with GoDaddy.. So.. I contacted GoDaddy support again, they still claimed nothing was stopping me from transferring the domain.. I tried to transfer to a different registrar than the first and same thing it still wouldn't transfer.. the support of this registrar informed me that like the first GoDaddy wasn't allowing the transfer.. so... back to GoDadddy support, they still claim I should be able to transfer even though I provided them with evidence that I tried two different registrars at my expense with the same problem and the only common denominator was GoDaddy.. at this point I started to act like a flat out asshole and after being transferred around they finally admitted that oh turns out they were the reason for the vein popping out of my head and the reason why I couldn't transfer the domain and that they made a change and I should be able to transfer the domain in 48 hours and if not "to contact support" again, because that worked out so well in the first place.. so long story short my domain is not with GoDaddy anymore and I would not recommend anyone to use them.
There's money at stake by damn_registrars · 2014-01-10 07:03 · Score: 5, Insightful

... so ICANN cares. Where were they when people were asking them for help shutting down spammer-friendly (and scammer and thief friendly) registrars? When the registrars could make more money, ICANN was happy to comply. Now something is up that could interfere with registrars' ability to make money, so we see from them again.

The rest of us, of course, can all go to hell as far as ICANN is concerned.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:There's money at stake by damn_registrars · 2014-01-10 07:28 · Score: 2
  
  But the private sector can always do it better! The Libertarians say so!
  I'm not entirely sure which way you're arguing here, as a lot of people errantly assume that ICANN is somehow a part of the US government. You may already know that the colossal fuck-ups known as ICANN are actually a nonprofit private organization. Personally I take exception with their "nonprofit" status as clearly they are, at the very least, driven by interest in producing profit for their members.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
2. Re:There's money at stake by Yakasha · 2014-01-10 08:19 · Score: 2
  
  But the private sector can always do it better! The Libertarians say so!
  They can.
  The problem is there are 7,000,000,000 different opinions on this planet about what "better" means, exactly.
Thanks EasyDNS. by Capt.DrumkenBum · 2014-01-10 07:12 · Score: 2

Thank you for your good work on behalf of all of us.
I have used EasyDNS in the past, and found them a very pleasant company to deal with.

--
If I were God, wouldn't I protect my churches from acts of me?
1. Re:Thanks EasyDNS. by Anonymous Coward · 2014-01-10 07:40 · Score: 5, Interesting
  
  EasyDNS is a great registrar. Some years ago I had an issue with one of my domain names because a law firm in North Carolina registered a very similar name. The only difference was that they inserted a hyphen in their name and I didn't have one. Naturally some of their clients omitted the hyphen in the address and I received the emails instead, which I passed on to them.
  That was a mistake. The law company was very angry at me, and they accused me of intercepting their mail, using my domain in bad faith, etc. They ignored the fact that my domain name was registered over 5 years before they registered their name. They attempted to get EasyDNS to lock my domain and transfer it to them. They attempted to harass both me and EasyDNS. Eventually they attempted to take my domain through ICANN name dispute resolution proceedings, which failed. They even attempted to get the FBI involved, which resulted in an interesting interview with two agents, but nothing else.
  EasyDNS was wonderful. They investigated and they decided there was no reason to interrupt my domain service. They supported me through the resolution proceedings. I would not use any other domain registrar for any domain name I really care about.
  EasyDNS isn't the least expensive registrar, but they aren't the most expensive either. The fact they in Canada (and therefore outside USA jurisdiction) is an added bonus.
Domain Registars to avoid by FriendlyLurker · 2014-01-10 07:21 · Score: 3

As someone who had godaddy hold my domain hostage, this is great news.
GoDaddy had received a single complaint from an anonymous source, which was apparently enough for them to threaten to revoke my domain if I didn't pay their $200 extortion fee.
Buried in the ruling the offending registar is named: PublicDomainRegistry.com (PDR Ltd) wouldn't let EasyDNS do the transfer. Add GoDaddy to the list, what other registrars should we be voting with our wallets and abandoning?
City of London = Privately owned Corporation by rea1l1 · 2014-01-10 08:06 · Score: 4, Interesting

the City of London is a privately owned corporation. I would imagine their police are also.
Do not mistake London the city with the City of London.
http://www.theguardian.com/commentisfree/2011/oct/31/corporation-london-city-medieval
1. Re:City of London = Privately owned Corporation by mythosaz · 2014-01-10 08:16 · Score: 2
  
  They exist in another time-space, I'm certain of it...
  
  The Lord Mayor of London and the two Sheriffs are chosen by liverymen meeting in Common Hall. Sheriffs, who serve as assistants to the Lord Mayor, are chosen on Midsummer Day. The Lord Mayor, who must have previously been a Sheriff, is chosen on Michaelmas. Both the Lord Mayor and the Sheriffs are chosen for terms of one year.
  Midsummer Day? Are you effing kidding me?
namecoin to the rescue by mydigitallifesucks · 2014-01-10 08:15 · Score: 2

...if we only had some form of decentralized name registration. oh wait we do. namecoin ftw.
National Association of Boards of Pharmacy by rueger · 2014-01-10 10:33 · Score: 4, Interesting

Lord - things are never dull over at easyDNS. Hot on the heels of the decision above, some called the National Association of Boards of Pharmacy (NABP) is demanding that easyDNS play Cop.

It's almost surreal to be getting this letter from the National Association of Boards of Pharmacy (NABP) addressed to ICANN Registrars requesting that "you adopt and implement policies and procedures, consistent with this letter,", given the timing of what we just went through with the City of London Police takedown requests. What are those policies and procedures the NAPB wants all ICANN Registrars to adopt? Glad you asked:...

--
Three Squirrels
Did you think this through? by xiando · 2014-01-10 17:02 · Score: 2

We have a bunch of free blog services. You can sign up and get a free blog and use it for the criminal activity until we notice or someone points it out to us. Do you really think it is fair take a domain with thousands of subdomains under it because it was " involved in actual criminal activity" at some point? You must really love fascism and the current governments in the "free world".

--
9/11: Never forget it was a false-flag operation