
U.S. Government Shuts Down 84,000 Websites, ‘By Mistake’ - Uncle_Sam
http://torrentfreak.com/u-s-government-shuts-down-84000-websites-by-mistake-110216/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Torrentfreak+%28Torrentfreak%29
======
bugsy
Wow, it's not just that they shut them down, but the US government put a big
label on all the sites for all the users to see which basically says it was a
child porn site, even though it wasn't, it was all some sort of error and most
of the sites were small business sites doing normal ordinary things.

Their customers are going to assume that the government would have done some
sort of investigation, got a warrant, there was a trial, etc, so they will
believe that the claims are true. Some people might be angry enough that they
track down the owners of the site or business and kill them.

What has happened is criminally negligent and outrageously dangerous. But the
out of control government is not responsible for any of its actions, therefore
these abuses will not only continue, but get worse.

------
alecco
If affected you should do this ASAP: [http://torrentfreak.com/google-helps-
seized-bittorrent-site-...](http://torrentfreak.com/google-helps-seized-
bittorrent-site-to-regain-lost-traffic-101231/)

It seems .com is no longer safe for business on top of being ridiculously
expensive for no good reason and already filled with domain squatters.

------
waterlesscloud
I feel much better about the Internet Kill Switch now.

------
incant
So does this render DNSSEC effectively moot? It's not much good for
authentication if the government can change the authoritative name servers for
any .com/.org/.net domain and then sign that change.

But perhaps I don't understand how DNSSEC works. It seems unlikely that its
designers would ignore that concern.

Edit: Or were they only concerned cache poisoning? There's been much talk of
using DNSSEC to authenticate websites and even people. If I'm understanding
DNSSEC correctly, it seems terribly misguided, even worse than the idea of
"government key escrow".

~~~
marshray
My understanding is that DNSSEC neither helps nor hurts in this scenario. It
mainly enforces the accuracy of the registration database, which in this case
is being modified at the request of DHS.

------
eli
_"Even at the time of writing people can still replicate the effect by adding
“74.81.170.110 mooo.com” to their hosts file as the authorities have not
dropped the domain pointer yet"_

What's a "domain pointer"? That IP address serves up a seizure notice no
matter what hostname you request it with.

~~~
AlexTahan
Yes they have wildcards set up, but the server displays a copyright warning on
random names you try. The server displays a child porn warning when you add
mooo.com.

74.81.170.110 reallyfakehostname111.com 74.81.170.110 mooo.com

See the difference?

------
DanielBMarkham
Oh geesh. What an awful story.

I worked as a subcontractor for a vendor servicing ICE back when it was INS.
Nobody that I knew was very impressed with the quality of service that INS was
providing, either internally or externally. Changing their name to make them
sound better and then putting them in charge of something like this is just,
well, very sad. (I don't mean to disparage an entire agency. All I have is my
personal experience)

~~~
nkassis
Having dealt with the INS and then the Dept of Homeland Security. The changes
were for the worse. I get that they wanted to integrate all the agencies now
making up the DoHS for better information sharing but there is a point when
departments get so big that it just doesn't function anymore. They should have
kept them smaller to remove the bureaucratic cruft.

------
spoiledtechie
It begs the question, is anyone currently building an OPEN DNS?

~~~
marshray
I know of people and groups who are talking about it, the kind of folks who
actually do stuff.

The problem is that the single point of failure in this system is the
registrar operating in some legal jurisdictions. Registrars do provide a
useful service some large percentage of the time.

------
callahad
This is one of the reasons I host my DNS outside of the US. Hopefully there
would be a few more hurdles to jump over before a mistake like this could
happen.

~~~
__david__
But it wasn't the DNS providers for those domains, was it? I'm pretty sure
they got it changed on the master .com dns. So unless you mean you avoid all
the US top level domains, you are still vulnerable.

------
code_duck
It sure would be nice if the government just didn't know about the internet.

~~~
knieveltech
Back when the government didn't know about the internet it was very nice. Then
a bunch of folks decided this could be a great new method for selling stuff,
distributing porn, etc, and now you see where we are.

------
polynomial
Is there some reason I can't select just the title of this article without
also selecting half the elements on their page? Ugh.

------
nicpottier
Am I the only one that is amused that the site they redirect to serves a
single gigantic GIF totally 205K in size?

It is also exactly 1024x768, which seems even sillier, I guess people browsing
child porn run their browsers in full screen mode all the time?

<http://74.81.170.110/>

~~~
nightpool
Maybe they were thinking people wanted to use it as their background?

~~~
graywh
I'm not sure I could find a working monitor that small...

------
marknutter
Am I right in assuming that even if a domain name is seized, the IP address
will still work? If this is true, couldn't there just be a hosted index of all
IP's and their associated domain names so that people could get to these sites
by referencing this information? Hell, it could even be a browser plugin, so
that if you type the domain name in and it happens to have been seized, it
will be redirected to the proper IP address. Is this feasible?

~~~
th
DNS is really just a huge peer-to-peer network with a few central nodes, so
this shouldn't be too difficult. You can already use an alternate primary
nameserver, such as Google's 8.8.8.8. You'd just need your alternate
nameserver to maintain a different cache than all of the other servers.

~~~
marshray
It's distributed, but not really peer-to-peer. It's almost completely
hierarchical.

------
swombat
I don't really understand how come, in the lawsuit-happy US, there isn't a
class action lawsuit in place already to sue the government for the damage
caused by this sort of error.

~~~
blakeweb
My first thought when I saw this was that it wasn't possible to bring civil
claims against the federal government.

But looking it up, I found the Federal Tort Claims Act
(<http://en.wikipedia.org/wiki/FTCA>) which changed that in 1946.

~~~
jusfacts
That bill was passed after the b-25 crash on the empire state building in 1945
to allow for exceptions to soverign immunity in only very specific and
sometimes hard to define cases. In 1947 there was the texas city disaster
where 581 people died. The largest industrial accident in us history. Under
the FTCA legislation the case was taken all the way to the supreme court where
they ruled the government wasn't liable for claims of damages.

~~~
jrockway
Pretty sure that's why they added the Second Amendment to the Constitution.

(Not saying you should go shoot up the government whenever you have a minor
disagreement, but the only reason why guns are legal at all these days is
because the Framers thought that this would help keep the government honest.
Not sure that this actually works in real life though.)

~~~
knieveltech
If you're fuzzy on this allow me to provide clarification. A truckload of
assault weapons, bunker full of food and a couple of dozen like-minded
compatriots are a hand-written invitation to get raided by the Feds. It's not
possible for a citizen or group of citizens to arm themselves sufficiently to
provide any kind of real check on the government.

------
davidu
It's not obvious what technical solutions exist that are practical to combat
this.

I feel like a lawsuit against DHS / ICE and related parties is an unfortunate
but necessary step.

~~~
sudonim
Start with that their seizure notices are not 508 compliant. They should be
accessible to americans with disabilities.

~~~
davidu
I'm talking about technical solutions, perhaps in the DNS.

------
benihana
I have a great idea: Let's give these people more power!! You know, for like,
Net Neutrality and stuff.

~~~
webXL
That was my first reaction, too. What could possibly go wrong?!

While I can't definitively say the free market is more intelligent than the
USG, at least its actions aren't backed up by force.

------
tomjen3
I have said this before I will have to say this again until we can get a good
answer:

What the fuck is the government waisting time doing this crap when they have a
war on terror to fight? Concentrate on what is necessary for the war effort,
dammit.

~~~
axod
I assume you're being sarcastic.

How about the government concentrate on reducing the massive debt or getting a
decent healthcare system setup?

Waging war and pointless internet censorship aren't high on my list.

~~~
marshray
DNS is bad enough, but you really want these people in charge of your
healthcare too?

------
tibbon
While there are more important things in life (like being accused wrongly of
child pornography), I wonder how that effects their Google rankings to
suddenly have your entire domain ripped out from underneath you and pointing
to a duplicate content site.

Is there any recourse for this action? Seems that this would trigger
unreasonable search and seizure.

~~~
patio11
_While there are more important things in life (like being accused wrongly of
child pornography), I wonder how that effects their Google rankings to
suddenly have your entire domain ripped out from underneath you and pointing
to a duplicate content site._

My educated guess based on experience working with people affected by
dissimilar causes but similar appearance to Google: a massive hit to
rankings/traffic within about 48 hours, and recovery to a fraction of normal
several weeks later.

I doubt that one can easily convince a judge that loss of Google rankings is a
cognizable harm under tort law, but given that an agency of the US government
just called you a child pornographer on your own property, if there isn't a
sovereign immunity defense you will _hardly_ need to justify what a high
ranking on Google is worth to receive damages.

~~~
dedward
The problem seems to be (for lack of better information) that sites are shut
down pre-emptively with no warning.

I'm all for prosecuting child pornographers, and shutting down their content
as quickly as possible - but that should be possible by a court order against
the hosting provider.... or if said provider is unreachable / out of
jurisdiction, and has STILL had some reasonable attempt at contact to press
charges, then sure, go after the domain - but there needs to be some due
process behind things rather than just having the federal authorities and DNS
layer just whomping things down with little to no oversight.

~~~
marshray
Well that's just the thing - if someone is unambiguously a child pornographer
- throw their ass in jail!

WTF are they doing screwing around with DNS registrations in cases where they
know that is taking place?

It sure seems to me like some adversarial government entity simply found a
knob they can turn to screw with people when they don't actually have the
standard of evidence required for a prosecution.

------
joeybaker
I can think of two questions I'd love to see a journalist track down:

1\. What's the legal process for banning a book?

2\. If it's not equally as hard (or harder) for the government to take down a
website, why?

~~~
tibbon
From my understanding, there are no 'banned books' in the US, but rather ones
that are blacklisted by library, teaching and bookstore groups making them
difficult to come by. I'm personally unaware of any book that the US
Government has banned, although I'm always willing to be wrong :)

~~~
joeybaker
hmm… you appear to be right: [http://en.wikipedia.org/wiki/List_of_most-
commonly_challenge...](http://en.wikipedia.org/wiki/List_of_most-
commonly_challenged_books_in_the_United_States)

That brings me to my second question: why don't we have a similar process for
websites?

~~~
peterwwillis
The book Bridge to Terabithia (of which a 2007 film was adapted) was at number
8 on the ALA's list of frequently challenged books because:

"The censorship attempts stem from death being a part of the plot; Jess'
frequent use of the word "lord" outside of prayer; concerns that the book
promotes secular humanism, New Age religion, occultism, and Satanism; and for
use of offensive language."

Maybe it's better we don't have a similar process.

~~~
joeybaker
Fair point, but the merits of the book banning system: are that it appears to
be relatively difficult to implement or enforce, and that it's restricted to
localities instead of a whole country.

~~~
cookiecaper
The only way to have a publication legally banned in the United States is to
have it declared legally obscene. Obscenity is a local consideration and it's
practically impossible to get something banned universally. The only way
publications are kept out are complaints to vendors and/or the willful
adoption of mandatory rating systems, which generally have a rating that is
equivalent to a commercial blackout (see "AO" from the ESRB or "NC-17" from
MPAA; material so rated is not generally available because most "respectable"
vendors refuse to stock it).

IANAL.

------
yardie
It's amazing that these operations and bills are intentionally wrapped in
wording that makes them politically untouchable. I can see why lawmakers
wouldn't want to investigate this. Who wants to be the congressman/woman that
went against _Operation Save our children_?

~~~
GrandMasterBirt
How about a better question: Why is this allowed in the united states? This is
an absofuckingloutely clear violation of the due process in our constitution.
Yes save the fucking children, but do it properly. We see the abuses that
arise from improper giving of power. I guess people are waiting until
basically we live in communist russia where you got to bribe cops to not give
you speeding ticket, impound your car, and throw you in jail, because they
felt like breaking some balls. And then you get to sit in a nice abusive
prison cell for a few months awaiting trial.

Sure it sounds like paranoia, but the government will never turn to a giant
powergrab overnight. It will always be gradual, slowly taking power until its
too late.

~~~
anigbrowl
What, specifically, is a violation of due process? According to the story, ICE
mistakenly included mooo.com in the domains they were seizing. Since that site
functions as a DNS provider, the 84,000 subdomains hanging off it had their
names resolved to the IP address with the scary law enforcement warning.
That's a bad thing, of course, and I'll come back to that aspect of it - but
it's not a violation of due process.

Let's back up a little. There are sites that host child porn or support a
traffic in counterfeit goods, and part of ICE's job is to shut that down.
Every country has a customs service, and the US is no exception. Art. 1 sec. 8
of the Constitution begins 'The congress shall have power to lay and collect
Taxes, Duties, Imposts and Excises, to pay the debts and provide for the
common Defence and general Welfare of the United States [...]' and later in
that same section, 'to regulate Commerce with foreign Nations, and among the
several States [...]' A1S8 is also the source of authority to act against
counterfeiters (of currency), to define and act against piracy, and various
'Offenses against the law of nations.'

So there's nothing unconstitutional about the existence of an agency such as
ICE: Immigration and Customs Enforcement are among the specific enumerated
powers granted to Congress, and Congress can in turn delegate those powers to
agencies that it creates. This is why some kinds of customs activities can be
conducted without reference to the judicial branch - no warrant is necessary
for inspection of cargo at the border for collection of customs duties, and
the various other enumerated powers in that section combine to give the
government fairly wide latitude to poke around in people's baggage and so on
too. It should go without saying, but I'll say it anyway, that all nations
assert the power to decide what may be imported, whether to protect their
domestic agriculture or to prevent the spread of things like child
pornography. Of course such power can be abused to support despotism too, but
that's an issue of governance, rather than some inherent flaw in the law
itself - just as a computer and the software it runs can be used for
worthwhile or nefarious purposes.

Now when it comes to seizure of websites, ICE is exercising its power (as
delegated) to regulate commerce, both foreign and interstate. For this, they
do need to get a warrant. Here's an example of a warrant in template form:
[http://www.uscourts.gov/uscourts/FormsAndFees/Forms/AO109.pd...](http://www.uscourts.gov/uscourts/FormsAndFees/Forms/AO109.pdf)
I am not sure if this the same warrant that would be used for a domain name
seizure (IANAL) but if not then it will be quite similar - the principle is
basically the same as impounding a boat or cargo container. Child porn is
certainly subject to forfeiture, and if it's being trafficked across state or
national borders, then all ICE has to do is show the court the website, the
fact of its illegal content, and request the warrant be issued. And that's
exactly what they do - there's no fourth amendment violation.

As for due process, that isn't abridged either in this situation. If the
warrant was correctly issued, then the court is already satisfied that
contraband exists. When it's executed against the listed websites, their
domain names are seized and fall into the custody of ICE who has them
redirected to their warning page. If one of the domain owners disagrees - say,
because he does host porn but had a statement on the website that all
performers are over 18 and he has documentary evidence on file - there is an
opportunity to argue that in court. The warrant is not the end of the process;
the government puts the seized property into evidence and a civil trial is
held; if the government wins, then the domains become the legal property of
the government.

Often in customs enforcement, counterfeit goods or money are seized but nobody
is caught. The trial is still held; if you look at court calendars you'll see
entries in federal district court every week for cases with names like 'United
States v. $250,000 in cash,' or 'United States v. 100,000 capsules of a
controlled substance,' or 'United States v. 5603 counterfeit handbags.' The US
attorney describes the issue of the warrant and the seizure, displays the
seized material or documentary proof of where it is stored, nobody shows up to
contest the government's claim upon it, and the government wins and takes
ownership of it (if it's money) or destroys it (if it's drugs or counterfeit
stuff). I always like to imagine an actual heap of cash piled up on the
defense table with its own lawyer in cases like these, but that doesn't happen
:) Anyway, they will do the same thing as regards these seized domains that
had child porn, and likely nobody will show up to claim them as their property
- because unless they had ironclad proof that it was not child porn and so a
_legal_ mistake has resulted, then they'd be arrested for the criminal act of
trafficking in such material.

With mooo.com, ICE made a _technical_ mistake - but they made this mistake
while they were in the process of executing a legitimate warrant. they have
not any point claimed that mooo.com or any of its subdomains were involved in
illegal activity. If they did so, then it would be weeks or months before the
matter was put to trial. That the mistake was reversed within hours tells you
that mooo.com was never listed on the search warrant in the first place. I'd
bet money that the mistake actually occurred at a computer console - as the
seized domains listed in the warrant had their DNS altered, the operator
miscounted and pasted the ICE IP address over the next entry in the list,
which happened to be mooo.com. Why? Because I have made that sort of mistake
many times, and so has anyone else who uses a computer.

It is _not_ acceptable, but it is understandable - whereas there is no
evidence at all for the picture that's being painted of corrupt authoritarians
abusing the helpless public. Imagine the scene: a technician sitting at a
console, while some uniformed ICE officers clutching a crumpled warrant in
their sweaty hands stand behind her, drunk with power. The technician says
'well, all done officers.' 'Wait! Wait! What is that other site, that m-o-o-o
dot com?' 'Oh, that's just the next entry in the DNS database, officer -
totally unrelated.' 'Well, I'm on a roll - take that one out too.' 'but,
officer, that's not-' 'Silence! Obey, unless you wish to live out your life in
a federal prison surrounded by the scum of humanity! I can totally do that,
you know. Now, zap it!'

Really? You find that more plausible than a simple screwup, of the kind we
have all experienced and which was quickly corrected? Come on.

I repeat, it should _not_ have happened. ICE has a responsibility to use its
enforcement powers carefully and accurately, and failed to do so here. Because
mooo.com happened to be a DNS business, ICE's mistake did not just affect one
site but mooo.com's 84,000 customers as well. And their mistake didn't simply
result in those sites being inaccessible for a few hours - they resulted in
those sites (and by implication, their owners and operators) being publicly
identified as traffickers in child pornography.

That is a very serious charge, easily enough to wreck a person's reputation or
even put their life in danger. When the government says such a thing about a
person, even as a mistake which is quickly corrected, many people think no
more but accord that accusation the same weight as a criminal conviction. With
so many people affected, it's probable that at least a few of them have
already been fired from their jobs, or received a visit from their local child
protection services, or had their spouse file divorce papers. All those
results would be radical overreactions to the sight of ICE's web page, but an
official government seal and the words 'child porn' will be enough to provoke
that in some viewers - it's literally something that people do not like to
_think_ about, and so people do not bother to question the immediate emotional
response they feel. 10 years ago in the UK, a bunch of uneducated vigilantes
ran a doctor out of her home - they misunderstood her job title of
'paediatrician' on her clinic door to mean 'paedophile,' assumed she was a sex
offender, and vandalized her house. Imagine how much more damning an official
government warning of actual crime must look to anyone unfamiliar with the DNS
or the legal system. You'd be better off being accused of murder than a sex
crime; even if you were falsely convicted, you would be able to survive in
prison while you appealed. Convicted child abusers usually have to be isolated
for their own safety inside prison, and are marked for life outside.

ICE's carelessness seems seriously negligent, and since so many people were
affected a class action lawsuit against the agency seems very probable. Suing
the government is more complex than suing a private party because the
government has immunity from some kinds of liability, so I do not know what
technical path the lawsuit might take. But for the government to slap a 'child
porn warning' on 84,000 or more people at once, even if it was 'only for a few
hours, and only on the internet,' is about as bad a screwup as you can make.
With 1, 5, or 10 people it might be feasible for ICE to write some humble
letters of apology and offer a settlement to mitigate their trouble, but with
tens of thousands a trial is the only efficient solution.

But this was not a failure of due process - it's just another example of
internet's multiplier effect. In this case, technology allowed a technical
error to affect 84,000 websites at once. The problem here is not the law, but
the fragility of the domain name system.

~~~
SmokenJoe
Please note more words don't ad validity to an argument. Violation of due
process is simple to show. There is no warning or process for trial or appeal.
The trial is secret and there is as of yer no appeal. This is a simple end run
around the court system.

I really don't understand the need to complicate things this is outside the
intended capacity of the customs. There are still people that don't have their
sites back that were falsely accused and no means of appeal. How can this
possibly be justice? Secret trials are not part of due process either they are
not notified prior to conviction.

~~~
anigbrowl
_Please note more words don't ad validity to an argument. Violation of due
process is simple to show. There is no warning or process for trial or appeal.
The trial is secret and there is as of yer no appeal. This is a simple end run
around the court system._

If they're secret, how is it that I can see customs-related asset forfeiture
cases on the court calendar, and that they're open to the public?

Here's the annual report/audit for last year on the US treasury asset
forfeiture account (where all the money ends up when there's money involved):
[http://www.treasury.gov/resource-center/terrorist-illicit-
fi...](http://www.treasury.gov/resource-center/terrorist-illicit-
finance/Asset-Forfeiture/Documents/FY_2010_ACCOUNTABILITY_REPORT__Final.pdf)

And here's an easily readable article on the legal concept:
<http://en.wikipedia.org/wiki/In_rem_jurisdiction> The customs service has had
powers like this since _1799_.

edit: I forgot to mention that of course the website owners who were affected
can sue the government individually or via a class action. I'd be very
surprised if they didn't; I'm sure there are attorneys who specialize in such
things busy typing articles about it right now, in case any of the persons
affected are wondering who would be able to advise them on the subject.

