Domain Name System welcomes #313
Why hackers keep breaking software: Insanity, or something more?

Thought paper on Domain Name Seizures

This post was originally made 8 March 2012 and was revised 16 March 2012.

On behalf of the ICANN Security Team, I've written a paper that offers guidelines for anyone who prepares or contributes to the preparation of legal orders that include domain name seizuress, modifications of DNS configurations, or domain name registration transfers.

The paper offers a technical and operational perspective, based on input and insights collected from a variety of sources, including law enforcement agents, security professionals, TLD registry and registrar technical staff and others who are familiar with  the business or legal aspects of operating DNS or domain registration services.  Several of the contributors had first-hand experience in dealing with the botnet dismantling operations in 2011 (RustockCoreflood, Kelihos).

The primary purpose of the paper is to help folks ask the right questions and gather the right information as they prepare a court order, to make clear exactly what actions the issuer expects. The paper assumes that a court may serve registries or registrars with an order and that they often comply. It also explains how three sets of data that are critical to the Internet's name system - DNS, registry databases, and Whois - will be affected when the order is satisfied. Asking certain questions during preparation will increase the likelihood that the information made available to registries or registrars will be sufficient for them to comply with the order. The answers will also make clear what terms like  "takedown" or "seizure" mean to the issuer.  

The announcement and the thought paper itself are hosted at ICANN's web site. 

Are you "pro takedown"?

Despite my attempt to place the paper in a non-legal context, and despite assertions here and elsewhere that the paper does not discuss whether or not a takedown or seizure is constitutional, meets due process criteria, some comments accuse me of being pro censorship and ICANN of capitulating to government control.

Rather than immediately reacting by defending the paper, I and others decided to let the "thought paper" stimulate thought. Several comments posted subsequent to the criticisms correct certain misconceptions as well or better than I might have. A comment from Elgin correctly dismisses the notion that the paper endorses domain seizures, saying,

"The paper is not an endorsement of seizures, and has nothing to do with ICANN being a party to such. It merely acknowledges that court orders are issued regarding domain names, and that people issuing those orders need to understand how domain names and DNS work so they don’t get things wrong and cause collateral damage."

Thank you, Elgin. This is exactly what was intended.

A comment from Franck makes a complementary observation that,

"This document does not encourage nor discourage take downs, it just says, if you want to do it, here is the information to provide to have the request considered in a timely manner... This will help normalize the process and hopefully avoid silly things like SOPA."

Thanks, Franck. Friends and followers who read my blog are familiar with my opposition to SOPA. I sincerely hope that the thought paper will help people work with existing legislation rather than create new, misguided legislation. 

Rod Rasmussen's comment confirms that the desire to minimize collateral damage is clear in the thought paper:

"Providing guidance for being precise in what is requested and who it is requested of (whether it’s a registrar or registry) is vitally important to allow law enforcement, prosecutors, judges, and others to do their jobs appropriately and without harm to the greater community... this document simply tries to assist the court or whoever is making a request to be more precise, and should be invaluable to help get things done right, and avoid some of the very bad effects we’ve seen with some court sanctioned take-downs that have done harm to other innocent parties "

I wrote about one of those bad effects in an earlier post (JotForm).  It's important to recognize that today, courts serve registries and registrars with  legal or regulatory orders that request changes to the DNS, Whois, or domain name registrations. Providing preparers of such orders with a list of questions to consider during preparation that aso illustrates how orders affect the Internet name system may result in more thoughtful preparation, execution, or less collateral damage.

I want to thank everyone who read the paper thoroughly and thoughtfully. I'm encouraged that the positive remarks posted at the ICANN blog as well as those I've received directly come from people who have to deal with seizures at ground zero.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)