

Whatever happened to due process? - peteforde
http://blog.easydns.org/2013/10/08/whatever-happened-to-due-process/

======
freejack
"Rapid takedown" was foisted on us in 1999 when the original registrar
agreements were being negotiated at ICANN. At the time, it was held out as a
threat - agree to rapid takedown, or be subject to US regulation. At the time
we didn't realize that it was the intellectual property community making the
threat - it came to us under the cloak of the ISP community, which we've since
realized meant "Big Telco's with massive media holdings".

Its been a slippery slope every since.

oBDisclaimer: I work at a large registrar and was in the room when the
original contracts were being discussed and negotiated. I'm sorry for the part
I played!

~~~
bigphishy
Freejack, very interesting. What would be the best course of action to
preventing these takedowns, or at the very least, prevent the abuse of
takedown notices?

------
Sharlin
There was an incident a week or so ago where the admin of a Finnish punk
website posted a scan of an "information request" he had received from the
police. This request was to provide registration information (especially email
and IP addresses) of certain users of the site.

The common factor was that these users had participated in a forum thread
discussing organizing a (apparently entirely peaceful) "shadow event" of the
traditional presidential Independence Day reception.

The "request" came with a gag order and without any mention of an appeal
process. The rationale included was a generic boilerplate "investigation or
prevention of crime" with no mention of anyone being suspected of any crime or
planning thereof. The gag order was, obviously and quite defiantly, disobeyed
by the admin.

Now it appears that these kinds of requests are perfectly legal, do not
require the authorization of any member of the judiciary, and appear to be
used quite carelessly to gather information about people not officially
suspected of anything. Getting "official" personally identifying information
from ISPs _is_ much harder, though, but this does not look good especially
given that the new police law currently in planning stages is expected to
considerably extend the electronic powers of the police.

~~~
coldcode
Each country has its own laws for this sort of thing, so it's hard to
generalize.

~~~
Sharlin
Sure; I wrote the post in a bit of haste, just meant to share a related
anecdote. The alarming thing about the case is that it seems to have come as a
surprise to most observers that the police actually does have such powers in
the first place.

------
ashray
Due process went out of the window a long time ago when the US showed everyone
that it is certainly possible and even admissible to seize domains without any
sort of process. The US (department of homeland security, no less!) started
seizing domains about 2 years ago. They went and basically took down any
domain that was related to large scale piracy (demonoid) or counterfeit goods
(sites that sold fake gucci bags, that kind of stuff..). The other kind of
site that they targeted were mostly sports streaming sites (ones that streamed
ESPN, etc.).

It was obvious that the UK would follow soon enough seeing that such a thing
was entirely possible. Of course when the US seized a spanish website
(rojadirecta) domain, they were challenged in court and lost. [0] There were
also several other incorrect seizures where the US government ended up seizing
sites that had nothing to do with any illegal activity and then returning them
a year later [1]. This is what happens when you ignore due process.

Most small service providers and ISPs feel threatened when a big government
like the US comes after them. Unless they have properly defined protocols for
dealing with this kind of stuff, the support rep will probably buckle under
pressure and hand over the data.

Personally, I've seen instances where domain registrars are often requested
for private registration data without court orders or any sort of legal basis.
Some registrars hand out the data. Some registrars email their customers
asking them to transfer away (so stop being our customers) to continue
protecting their privacy. Some registrars actually have the guts to say no. It
really varies.

We're certainly at a point now where governments can easily coerce internet
businesses to bend to their will. There will be a brave few who will stand
tall but I don't know how long it will be before their backs/businesses are
broken and bent (lavabit being a recent example).

Of course the UK government probably doesn't have access to the root name
servers and therefore is left with sending out notices. But there's no telling
when governments (who are of course sponsored by corporations as we all know
by now..) will start cooperating with each other for such take down requests.
Sort of like the reverse surveillance agreements with Germany/Australia/etc.
(can't spy on my own citizens ? no worries, you spy on mine, I'll spy on
yours, and we'll exchange notes!)

And I thought the dark days of the internet were in the 90s...

[0] - [https://torrentfreak.com/u-s-returns-seized-domains-to-
strea...](https://torrentfreak.com/u-s-returns-seized-domains-to-streaming-
links-site-after-18-months-120830/)

[1] - [http://torrentfreak.com/feds-return-seized-
domain-111208/](http://torrentfreak.com/feds-return-seized-domain-111208/)

------
slg
Is due process the wrong term? Can't due process occur after the fact? For
example, you can be arrested for suspicion of drunk driving, taken off the
road, put into custody, and found to be innocent, and that is still part of
due process. Your actions appeared to be causing a threat to others, so the
government stopped your actions immediately and let the courts decide your
guilt or innocence. How is that different than taking a site that is suspected
of harming other people offline immediately and then work on deciding guilt or
innocence?

 _Note:_ I don't necessarily disagree with the author, but I am playing
devil's advocate here.

~~~
TallGuyShort
I think you make a good point. I've always thought in such situation law
enforcement should be responsible for some damages if the verdict is innocence
to disincentivize overly aggressive tactics. If you're taken off the road for
drunk driving, but are found innocent and missed work, I believe the police
should be responsible for lost wages. At least within reasonable limits. In
this case, I think it would be good for law enforcement to be willing to put
up restitution to legitimate business that are hurt by these tactics.

edit: Sadly, I fear the costs would merely get passed on to tax payers
eventually anyway, and would perhaps not actually promote more prudent and
judicial use of powers.

~~~
asperous
Drunk driving endangers lives, can websites really endanger lives?

~~~
dfrey
Would you download a car... while drunk?

------
moomin
A little background: the guys who sent the letter are PIPCU, a new department
with funding for two years who are undoubtedly keen to get results quickly and
cheaply.

A weirdness of PIPCU is that they're City of London police, not London
Metropolitan Police as you'd expect for a department with such a wide remit.

~~~
toomuchtodo
What is the difference between City of London police and London Metro police?
(US resident, my only time in London was a quick drunken jaunt through SOHO on
a long layover)

EDIT: Thank you all for informing me!

~~~
rcthompson
I would think it's the distinction between the "City of London" (just the city
itself) and the "London Metropolitan Area" (the city and surrounding sprawl).

~~~
alexeisadeski3
"The City" is a tiny little slice with something like one hundred residents.
It bears zero relation to London, the London Urban Area, the London Metro
Area, or the London Municipal Area.

~~~
topbanana
7400 at the last census (2011), but many thousands of workers during the day.

~~~
alexeisadeski3
What's 7300 human lives between friends?

------
dingaling
Amazing that in this era of phishing the PIPCU expect someone to take
significant action _against their own customers_ on the basis of an e-mail.

And I'm 99.9% positive it wouldn't have been PGP or S/MIME-signed for
authenticity.

Kudos to Mr Jeftovic for insisting on proper instruments, such as a court
order.

------
StuntPope
Wow, check out the page they wanted us to redirect the domain too
[http://83.138.166.114/](http://83.138.166.114/)

"Don't use those other guys, use these guys instead"

It's like reverse online piracy, hijack the traffic from a bunch of domain
takedowns and push your own cronies sites.

pro-music.org - based in london, UK whymusicmatters.org - London, UK
thecontentmap.com - London, UK

Nice scam

------
clarkmoody

      What gets me about all of this is that the largest, most 
      egregious perpetrators of online criminal activity right 
      now are our own governments, spying on their own citizens, 
      illegally wiretapping our own private communications and 
      nobody cares, nobody will answer for it, it's just an out-
      of-scope conversation that is expected to blend into the 
      overall background malaise of our ever increasing serfdom. 
    

The truth doesn't have many friends with the powers that be.

------
pallandt
This should get on the front page, the title is ambiguous, but the article
itself is about a very abusive law enforcement request.

------
brewdad
How can an email be considered legally binding? This would go straight into my
spam folder.

~~~
ddunkin
It can't, I would have deleted it immediately. The real requests comes in
snail mail and are the only ones I reply to.

------
endou
They are only ordering to redirect the domain to a sole ip address? Not
serving HTTPS? Should links point to secure versions of seized domains or
simply to attest their identity. I think it's ok to say they are the criminals
on the internet and not necessarily the other way. Not that requests cannot be
legitimate but at least a basic level of quality must go into the actual
process because here it just looks awkward. Not to mention shitty html behind
it: if you takedown domains, please show some style :)

------
AJ007
We need more support for ICANN alternatives, so when something stupid happens
its just inconvenient.

[http://dot-bit.org/How_To_Browse_Bit_Domains](http://dot-
bit.org/How_To_Browse_Bit_Domains)

------
squidi
The title of the article (as fascinating as it was) seems rhetorical. Can't
easydns just point the PIPCU to their own Domain Takedown Policy and instruct
them to take it further with ICANN and the courts of the Province of Ontario?

------
shmerl
Due process, presumption of innocence and other such "nuisances" are something
that the DRM lobby tries to kill.

------
w_t_payne
It's not the 'net that they want to censor. It's your brain.

------
gcb1
it says a lot when siding with criminals is in the best interest of law
abiding citizens than siding with the goverment.

------
ffrryuu
Dead and buried.

