Wednesday, March 26, 2008

A public service announcement about public surveillance

This animated short by David Scharf is one of the best explanations I've seen as to why we should be worried about sleepwalking into a surveillance society, not to mention a beautifully crafted piece of visual art in its own right.

You can see larger, better quality versions of the video at

Tuesday, March 04, 2008

Domain Name Registrars - The New Points of Control?

Jonathan Zittrain has pointed out that regulation of the internet has tended to proceed - whether by way of litigation or legislation - by identifying particular intermediaries and compelling them to act as points of control over user behaviour. The intermediaries targeted have included hosts, ISPs, search engines, hyperlinkers and financial intermediaries (which have been compelled, for example, to stop credit card payments to gambling sites). Some relatively recent developments suggest that domain name registrars are joining them in the firing line - and that this may result in some interesting cross-border legal issues.

An early example took place in the Rate Your Solicitor saga, where the plaintiff in an Irish defamation action succeeded in 2006 in persuading US registrar Godaddy to disable the domain (apparently for false WHOIS data) notwithstanding that Godaddy would appear to have enjoyed immunity under section 230 CDA. (Not that this deterred the critics of Irish lawyers, who promptly moved to where they remain today.)

At around the same time, the plaintiffs in the Spamhaus litigation set out to persuade an Illinois court to order ICANN (rather than the Canadian registrar!) to suspend the Spamhaus domain name - on the basis that Spamhaus (located in the UK) could not otherwise be made to comply with that court's order. (Ultimately, however, the court accepted that ICANN and the registrar were not involved in the defendant's actions nor able to control them, and consequently an order should not be directed towards them.)

The Spamhaus case didn't, however, deter the lawyers acting for Bank Julius Baer in its attempt to silence, who succeeded (albeit temporarily) last month in persuading the Californian courts to issue an interim order requiring the registrar (Dynadot) to disable the domain name and remove all DNS hosting records. (This despite the lack of any obvious role for the Californian courts in adjudicating on a dispute between a Cayman Islands bank, its Swiss parent company, a Swiss former employee, and the various individuals around the world responsible for Wikileaks, and despite the lack of any full hearing.) Daithi has a particularly good post on why this amounted, in effect, to an internet death penalty and was a disproportionate prior restraint on speech.

Now the New York Times reports that the US government has ordered domain name registrars to disable domain names which it alleges breach its ban on trade with Cuba:
Steve Marshall is an English travel agent. He lives in Spain, and he sells trips to Europeans who want to go to sunny places, including Cuba. In October, about 80 of his Web sites stopped working, thanks to the United States government.

The sites, in English, French and Spanish, had been online since 1998. Some, like, were literary. Others, like, discussed Cuban history and culture. Still others — and — were purely commercial sites aimed at Italian and French tourists.

“I came to work in the morning, and we had no reservations at all,” Mr. Marshall said on the phone from the Canary Islands. “We thought it was a technical problem.”

It turned out, though, that Mr. Marshall’s Web sites had been put on a Treasury Department blacklist and, as a consequence, his American domain name registrar, eNom Inc., had disabled them. Mr. Marshall said eNom told him it did so after a call from the Treasury Department; the company, based in Bellevue, Wash., says it learned that the sites were on the blacklist through a blog.

Either way, there is no dispute that eNom shut down Mr. Marshall’s sites without notifying him and has refused to release the domain names to him. In effect, Mr. Marshall said, eNom has taken his property and interfered with his business. He has slowly rebuilt his Web business over the last several months, and now many of the same sites operate with the suffix .net rather than .com, through a European registrar. His servers, he said, have been in the Bahamas all along.
What's the significance of this? As in some of the other cases, it means that internet speech may be shut down without any prior notice to a party, and without any hearing. It also means that disputes which have no underlying connection with a particular jurisdiction may end up subject to the law of that jurisdiction:
Susan Crawford, a visiting law professor at Yale and a leading authority on Internet law, said the fact that many large domain name registrars are based in the United States gives the Treasury’s Office of Foreign Assets Control, or OFAC, control "over a great deal of speech — none of which may be actually hosted in the U.S., about the U.S. or conflicting with any U.S. rights."

"OFAC apparently has the power to order that this speech disappear," Professor Crawford said.
There's also a very important practical point here. Website owners are already acutely aware that hosting liability varies from jurisdiction to jurisdiction - and for that reason many chose to host in the US where section 230 CDA makes it less likely that a host will take down a site based on vague and unjustified threats. These cases illustrate that domain owners should be equally cautious in deciding which registrar to use - pick a registrar located in the wrong jurisdiction, or one which (as Dynadot appeared to do in the Wikileaks case) caves in too easily and you may find your domain name vanishes.