DNS: February 2008 Archives

 

February 25, 2008

Blake Ramsdell alerted me to this lawsuit over Network Solutions whois domain locking policy:
LOS ANGELES, Feb. 25 /PRNewswire/ -- Network Solutions has forced millions of people to buy Internet domain names from them instead of cheaper competitors through a scheme that's netted the firm millions of dollars, a federal class action lawsuit filed today by Kabateck Brown Kellner, LLP states. ICANN, whose policies facilitate the scheme, is also named in the suit, filed in U.S. District Court, Central District of California.

...

Whenever someone searches for the availability of a domain name through Network Solutions' website, the company immediately registers the name for itself, preventing other companies from selling it and forcing consumers to pay Network Solutions' expensive fees.

If a consumer were to go to another, cheaper site to register the name, they would find the name is "unavailable." Consumers are never informed that inquiring as to a name's availability through Network Solutions results in the company holding a monopoly on selling that name.

I'm not too surprised to see someone suing NSI over this, but what's interesting is that they're suing ICANN. Based on ICANN's contract with NSI, it looks like ICANN can promulgate rules that would forbid NSI from doing this name locking trick (though it would require the creation of a "Consensus Policy"). But that doesn't necessarily mean that you can sue ICANN to require them to promulgate such a policy—or rather that you can prevail.

 

February 20, 2008

Cayman bank Julius Baer Bank and Trust has convinced a federal judge to shut down DNS service for wikileaks.org.
On Friday, Judge Jeffrey S. White of Federal District Court in San Francisco granted a permanent injunction ordering Dynadot, the site's domain name registrar, to disable the Wikileaks.org domain name. The order had the effect of locking the front door to the site -- a largely ineffectual action that kept back doors to the site, and several copies of it, available to sophisticated Web users who knew where to look.

Domain registrars like Dynadot, Register.com and GoDaddy .com provide domain names -- the Web addresses users type into browsers -- to Web site operators for a monthly fee. Judge White ordered Dynadot to disable the Wikileaks.org address and "lock" it to prevent the organization from transferring the name to another registrar.

The feebleness of the action suggests that the bank, and the judge, did not understand how the domain system works, or how quickly Web communities will move to counter actions they see as hostile to free speech online.

The site itself could still be accessed at its Internet Protocol address (http://88.80.13.160/) -- the unique number that specifies a Web site's location on the Internet. Wikileaks also maintained "mirror sites," or copies usually produced to ensure against failures and this kind of legal action. Some sites were registered in Belgium (http://wikileaks.be/), Germany (http://wikileaks.de) and the Christmas Islands (http://wikileaks.cx) through domain registrars other than Dynadot, and so were not affected by the injunction.

There's also a mirror at cryptome.

For those of you who don't know how this all works, there's registries, who actually run the domain name (.org in this case) and then there are registrars, who actually deal with the customers. Any given top level domain typically has multiple registrars that service it, all of whom populate the same database, operated by the registry. So, the locking thing stops Wikileaks from transferring their domain to another registrar who would then reactivate it.

OK, so this order controls the registrar. But can Wikileaks just go to the registry and get them to move it to some other registrar, locking notwithstanding? In this case, Wikileaks is under .org, which is run by the Public Interest Registry. Operationally, the PIR is run by Afilias. Both of these are based in the US, so presumably the injunction could be expanded to include them as well. On the other hand, as the article notes, there are plenty of registries with no US connection and the only way for a US judge to take down them domains under them would be to go after ICANN, which, despite complaints about the US running the DNS seems pretty unlikely.

As you may be gathering at this point, this is all pretty pointless. It's basically impossible to censor stuff like this once it gets out. We're seeing the first level of countermeasure here, but even if by some miracle the judge managed to shut down every domain name serving the contraband material (and since the decision loop for spreading those domain names is a lot faster than your average judge's decision making process), people can just move to IP addresses published by some other means (like other people's web sites). And there are about three levels of escalation up from there, all of which are progressively harder to censor.

It will be interesting to see if JBBT goes after cryptome.org, though.