Help Fight Against Extrajudicial Suppression of UK Domain Names

With so many bad things happening in the digital world at the moment- ACTA, TPP, Digital Economy Act, HADOPI, La Ley Sinde etc. - there is a natural tendency to focus on your own country's woes. But there's something spectacularly awful going on...


With so many bad things happening in the digital world at the moment- ACTA, TPP, Digital Economy Act, HADOPI, La Ley Sinde etc. - there is a natural tendency to focus on your own country's woes. But there's something spectacularly awful going on in the US at the moment that is likely to have very serious ramifications here, too.

It's called the "Stop Online Piracy Act" (SOPA), which gives a clue what it aims to do. But that doesn't prepare you for how it aims to do it, which involves attacking just about every aspect of Web sites, both outside and inside the US. Here's the EFF's quick summary:

As with its Senate-side evil sister, PROTECT-IP, SOPA would require service providers to "disappear" certain websites, endangering Internet security and sending a troubling message to the world: it's okay to interfere with the Internet, even effectively blacklisting entire domains, as long as you do it in the name of IP enforcement. Of course blacklisting entire domains can mean turning off thousands of underlying websites that may have done nothing wrong.

But wait, there's more:

Under this bill, service providers (including hosting services) would be under new pressure to monitor and police their users' activities. Websites that simply don't do enough to police infringement (and it is not at all clear what would qualify as "enough") are now under threat, even though the DMCA expressly does not require affirmative policing. It creates new enforcement tools against folks who dare to help users access sites that may have been "blacklisted," even without any kind of court hearing. The bill also requires that search engines, payment providers (such as credit card companies and PayPal), and advertising services join in the fun in shutting down entire websites. In fact, the bill seems mainly aimed at creating an end-run around the DMCA safe harbors. Instead of complying with the DMCA, a copyright owner may now be able to use these new provisions to effectively shut down a site by cutting off access to its domain name, its search engine hits, its ads, and its other financing even if the safe harbors would apply.

That's all incredibly bad, but there's one part in particular that must concern everyone in the world of free software: the fact that it creates "new enforcement tools against folks who dare to help users access sites that may have been 'blacklisted'." The problem is that quite a few open source tools do precisely that, even though it is not their focus. The EFF has pulled out a few examples:

No longer content to just blacklist entries in the Domain Name System, this version targets software developers and distributors as well. It allows the Attorney General (doing Hollywood or trademark holders' bidding) to go after more or less anyone who provides or offers a product or service that could be used to get around DNS blacklisting orders. This language is clearly aimed at Mozilla, which took a principled stand in refusing to assist the Department of Homeland Security's efforts to censor the domain name system, but we are also concerned that it could affect the open source community, internet innovation, and software freedom more broadly:

Do you write or distribute VPN, proxy, privacy or anonymization software? You might have to build in a censorship mechanism — or find yourself in a legal fight with the United States Attorney General.

Even some of the most fundamental and widely used Internet security software, such as SSH, includes built-in proxy functionality. This kind of software is installed on hundreds of millions of computers, and is an indispensable tool for systems administration professionals, but it could easily become a target for censorship orders under the new bill.

Do you work with or distribute zone files for gTLDs? Want to keep them accurate? Too bad — Hollywood might argue that if you provide a complete (i.e., uncensored) list, you are illegally helping people bypass SOPA orders.

Want to write a client-side DNSSEC resolver that uses multiple servers until it finds a valid signed entry? Again, you could be in a fight with the U.S. Attorney General.

As this makes clear, even the mighty Mozilla might find itself targeted by this legislation.

Obviously, there's not a lot those of us outside the US can do to influence the course of events there (although signing this Avaaz petition and spreading the word about how bad this SOPA really is can't hurt.) But as it turns out, here in the UK we may be about to take the first step down the SOPA path thanks to plans by Nominet, which manages the .uk domain on the Internet. That gives it a huge amount of power in the UK, and makes the following proposal deeply worrying [pdf]:

We believe that formal policy advice is needed to underpin proposals for a change to Nominet's Terms and Conditions to give a contractual basis to suspend domains where Nominet has reasonable grounds to believe they are being used to commit a crime (e.g. a request from an identified UK Law Enforcement Agency).

Clearly, there are some highly contentious issues there: what are "reasonable grounds", and why can a UK law agency ask for domains to be suspended without the need for formal proof of wrongdoing? The similarity with parts of SOPA is clear, although nowhere near as bad – yet...

This discussion has been going on for a while, apparently: to my shame, I missed it before. I came across it thanks to this excellent analysis of what's at stake by Alex Bligh.

He seems to have been fighting for the public pretty much on his own. Fortunately, we have until the end of this week for more of us to offer comments on the latest version of Nominet's Draft Recommendations [.pdf]: I urge you to read that, and Bligh's detailed response [.pdf] and then to send your own thoughts on this important issue to [email protected] As usual, I have added my submission below.

I am writing to you in connection with the consultation on the Draft Recommendations for dealing with domain names used in connection with criminal activity.

First, I must apologise for not submitting to earlier consultations on this topic: I have only come across this important issue. Secondly, I must express my surprise and concern that Nominet is contemplating bringing in a set of guidelines for suppressing domain names without due judicial process at all.

Surely this is precisely what the legal system was designed to do? Just because actions take place across the Internet does not mean that the principle of innocence until proven guilty is suddenly abandoned. If serious criminal offences are allegedly being committed, I am sure judges will be only too happy to provide the necessary legal tools for suspending domains: so why short-circuit the system and rules that 900 years of legal tradition have created for precisely that reason?

Doing so can only give the impression that summary justice is being meted out, and that the UK police can simply order sites to be censored. That, certainly, will be what repressive regimes around the world will claim when they point to this policy as yet another example of liberal Western hypocrisy.

There are also serious practical problems with the proposal. Very often domain names are used for criminal purposes by those who have nothing to do with the site itself. This might result in a request to suppress the name, punishing hundreds or even thousands of innocent users. Removing domain names in this way is a very blunt instrument and is likely to cause huge collateral damage.

There is also a specific problem with paragraph 7b: "The domain is directly involved in the criminal distribution of counterfeit goods." At the very least, this is strange, since the damage caused by counterfeit goods cannot be described as "serious" in any sense unless they are counterfeit medicines – and that is explicitly mentioned in paragraph 7a. In fact, any kind of counterfeit item that truly threatens health and safety is already caught by the phrase "The nature of the alleged criminal activity creates a clear risk of “imminent serious harm” to an individual or individuals. “Imminent serious harm” is defined as urgent or on-going harm," so paragraph 7b is redundant.

Worse, if left in, 7b will inevitably be used by copyright industries in an attempt to shut down sites that may have infringing materials – or that may point to them. Again, these cannot by any stretch of the imagination be termed "serious" crimes: not only is it not clear whether digital piracy causes any economic harm, there is a growing body of research which suggests the opposite – that sharing digital files actually increases sales (I link to some of these studies in my submission to the Hargreaves Review, available here:

In summary, I urge Nominet not to start descending this slippery path towards censorship and extra-judicial suppression of Web sites, and at the very least to remove the unnecessary and dangerous paragraph 7b completely.

Follow me @glynmoody on Twitter or, and on Google+

"Recommended For You"

Police close down over 2,500 counterfeit designer goods websites SOPA Stopped: So Back to ACTA