

Verisign seizes .com domain registered via foreign registrar - StuntPope
http://blog.easydns.org/2012/02/29/verisign-seizes-com-domain-registered-via-foreign-registrar-on-behalf-of-us-authorities/
We've just posted this on the easydns blog, we think this is a very troubling development. State of Maryland went straight to Verisign to seize a .com domain operated outside the US via non-US registrar.
======
heyitsnick
The domain seizure is nothing out of the ordinary. At least a dozen have been
seized over the last 12 months, including those during the indictments of
Black Friday (nb pokerstars.com, fulltiltpoker.com have been handed black) and
Blue Monday (at least 10 domains still under seizure including truepoker.com).

The domain itself (bodog.com) was unused. The operation continues under
bovada.lv (for US) and bodog.eu/co.uk for European custom.

Nearly all US-facing gambling operations have been moved to non-dotcom domains
(dot.eu, dot.co.uk and dot.ag - for Antigua and Bermuda - the most common) for
this very reason.

To read more from an industry perspective [full disclosure, i am co-editor of
this site]: [http://pokerfuse.com/news/law-and-regulation/undercover-
inve...](http://pokerfuse.com/news/law-and-regulation/undercover-
investigation-spanning-six-years-leads-bodog-indictments-domain-name-seizure/)

The domain seizure itself was of interest only as it showed the DOJ/DHS have a
continued interest in trying to take down what it sees as illegal online
gambling operators; that they can order a dot-com domain name seizure is par-
for-the-course these days.

~~~
cmatthias
If you read the article, you will discover that the author asserts that this
situation is different, because it's the first time that a .com domain
registered through a foreign registrar has been subject to seizure by US
authorities. I don't know enough about the history of domain seizures to know
whether this is true or not, but if so, it definitely represents an increased
level of enforcement by US authorities -- if I owned a company operated and
registered outside the US, I'd now think twice about using a .com name as my
primary address.

~~~
larrys
"if I owned a company operated and registered outside the US, I'd now think
twice about using a .com name as my primary address."

Why? Is that just on principle? Or do you see this behavior by the government
as rising to the level of the US taking down sites that flout or even break
the law in a de minimis way?

Keep in mind that to do what they did there is a level of case preparation
required to get the proper signoffs to make this happen.

I think if someone is doing something illegal they have something to worry
about, sure. But for 99.9% of the web sites out there why is this a cause for
worry?

Edit (since I can't reply to below):

"the "convenience factor" of owning a .com no longer outweighs the potential
risk"

The reason to own a .com is not convenience. It's ubiquity at least in the US.
Speaking as someone in the business who deals with customers of registration
domains all the time (and also with people buying valuable domains) at this
time using a non .com domain is a non-starter for the majority of people.

~~~
cmatthias
"Why? Is that just on principle? Or do you see this behavior by the government
as rising to the level of the US taking down sites that flout or even break
the law in a de minimis way?"

I think it's a combination of several factors. One is definitely principle.
The other major reason is that if I'm running a business from outside the US,
and do not deal with US customers or business partners, why should I waste my
time figuring out whether what I'm doing is contrary to some law in one US
state, just to ensure that the US doesn't steal my domain from me?

Especially in some industries, there are vastly different notions of what is
considered appropriate in the US vs. Europe (see the sports betting example).
My opinion is that based on cases such as this, the "convenience factor" of
owning a .com no longer outweighs the potential risk of losing the domain on
the whim of the US government.

~~~
drucken
Exactly.

This can only be a boon for the .EU domain, ccTLDs and all their registers,
especially those which allow second-level domain names like .de.

There is simply too much uncertainty with using American-hosted domains
already and it is increasing every week.

------
mike-cardwell
Seems to be down. Here's a clickable Google Cache link:

[https://webcache.googleusercontent.com/search?q=cache:http:/...](https://webcache.googleusercontent.com/search?q=cache:http://blog.easydns.org/2012/02/29/verisign-
seizes-com-domain-registered-via-foreign-registrar-on-behalf-of-us-
authorities/)

~~~
peterwwillis
Bad redirect. Here's the URL: [http://blog2.easydns.org/2012/02/29/verisign-
seizes-com-doma...](http://blog2.easydns.org/2012/02/29/verisign-seizes-com-
domain-registered-via-foreign-registrar-on-behalf-of-us-authorities/)

------
DanBC
I'm a bit confused by this thread. Can someone check this?

i) Doing trade with someone who is located in America means you have to obey
those American laws? This seems reasonable, unless you've taken measure to
exclude Americans ("Click here to agree that you're not in US" and using
filters etc) and you're still getting done.

ii) It doesn't matter what domain name you use. But if you use a .com (and
some others) the US can seize the domain names.

iii) Depending what country you are in the US may ask for an extradition
because you broke an American law; even if what you did was legal in your
country. Depending what country you're in (UK) that extradition request may be
granted.

~~~
unavoidable
i) and iii) are pretty well established in American jurisprudence. ii) is less
so and is the reason for the uproar. The article is making the proposition
that ii) is true, but I don't think that's actually correct. On the facts of
this case i) and iii) are sufficient to lay charges here, but the indictment
is written to look like ii) is true.

EDIT: I want to add that there is not very clear case law on the .com issue -
that was what SOPA was in part designed to do, make a statutory provision to
allow assertion of jurisdiction. I think it's important to keep in mind that
the filing of the indictment is _not_ a judicial ruling and is not necessarily
"the law of the land". The quotes the article used were true, but taken out of
context. They are referring to funds being transferred outside of US but
related to business done cross-border.

------
mbowcock
This seems to be the same issue as megaupload. A company outside the US,
marketing a service that's illegal in the US to US citizens. Money paid for
the service is then moved overseas. (I understand there may have been users in
other countries, like megaupload)

While not something I necessarily agree with - I don't think this particular
move indicates all .COMs are now threatened.

~~~
MatthewPhillips
It indicates that anyone using a .COM domain must either: 1) Not do business
with American customers. or 2) Be aware of every U.S. law to avoid allowing
their American customers from breaking one of them.

~~~
mbowcock
But that is already an issue - whether or not you have a .com domain name. The
domain name is just an asset and the government routinely seizes assets when
filing criminal charges.

~~~
pbhjpbhj
If .com domains weren't considered to be USA based though then a USA citizen
would be the one that was being charged for breaking the law wouldn't they?

Flip it around. Suppose someone is selling online under a Somali .so domain
rather than a .com; the law should operate in the same way as long as the web
servers themselves aren't located in USA.

Isn't it the assumption that any transaction with a .com is essentially under
the purview of USA law that is at issue?

This just emphasises the need for .com to be considered neutral territory.
It's only a redirection mechanism - USA can have and apply their laws to
.co.us and of course any server that is based in USA.

~~~
regularfry
.co.us is Colorado. .com.us?

~~~
pbhjpbhj
Yes, .com.us. Sorry, we use .co.[ccTLD] here.

------
JumpCrisscross
There is a difference between a Canadian company doing business with Canadians
on a .com domain and a Canadian company doing business with Canadians _and
Americans in the United States_.

The analogy for finance, my industry, would be a hedge fund registered in the
Caymans either trading US securities or trading with Americans in the United
States (it gets sketchy if an American citizen comes to Switzerland to do a
transaction) not getting to ignore SEC rules just because they're "not based
in the US".

I'd get concerned about jurisdictional over-reach if a Spanish company doing
business primarily in Spain (where American customers aren't specifically
marketed to but may be picked up indirectly) got DMCA'd :). Though at this
point I'm starting to think any content-based company should have a non-US
domain and server at the very least ready as a fall-back in case of regulatory
lunacy on the order of SOPA/PIPA.

~~~
mcantelon
>The analogy for finance, my industry, would be a hedge fund registered in the
Caymans either trading US securities or trading with Americans in the United
States (it gets sketchy if an American citizen comes to Switzerland to do a
transaction) not getting to ignore SEC rules just because they're "not based
in the US".

That comparison doesn't seem to quite fit. If a company violated SEC rules it
would have to be trading through a US exchange and would therefore have agreed
to abide by US rules. In this case we have US _users_ who are breaking the law
by doing something illegal in their own country. They should be punished, not
the foreign website.

~~~
JumpCrisscross
_If a company violated SEC rules it would have to be trading through a US
exchange_

Not necessarily. If ABN AMRO markets Turkish bonds to US investors it will
have placed itself under SEC jurisdiction just as much as Lehman Brothers
marketing mini-bonds in Indonesia placed itself under Indonesian jurisdiction.

The US government has gone further with financial institutions. Take, for
example, the Swiss banks helping Americans with tax evasion. Let's exclude
those with US branches, e.g. UBS. Here you have American citizens travelling
to Switzerland and opening accounts and the Swiss company is held responsible
merely for doing business with an American.

I'm not making specific arguments on whether this is jurisdictional over-
reach, but characterising the .com seizure in the OP an un-precedented move by
Luddite judges isn't fair.

------
rayiner
The gambling charges are pre-internet jurisdictional law. By doing business
with citizens of Maryland, you bring yourself within Maryland's jurisdiction,
at least to the scope of that business. Domains have nothing to do with why
Maryland can enforce its gambling laws against a Canadian company.

The internet-age wrinkle is that by virtue of ".com" domains being property
located in the US, they can be seized pursuant to these charges. Jurisdiction
over property is very specific to the locality where the property is located.
Maryland couldn't, for example, seize the company's real estate assets in
Canada pursuant to its criminal charges for violation of Maryland law. Since
all ".com" domains are logically located in the United States, that becomes a
pretty substantial piece of leverage the U.S. has over other countries.

------
snowwrestler
Aren't there two elements to the question of jurisdiction here? The fact that
.com is managed by Verisign is one (on which this article focuses), but the
other is that Bodog was executing financial transactions with residents of
Maryland. Thus, by doing business in the state, they expose themselves to that
state's jurisdiction.

The big question is whether U.S. jurisdiction can extend beyond U.S. based
border based solely upon the fact that Verisign is located in the U.S. For
instance, if a Canadian set up a .com gambling site, but only did business
with other Canadians, could MD prosecute the site owner based on MD state laws
against online gambling? I would guess no. But I'm not a lawyer.

~~~
calloc
So if I have a European company that sells widgets online, and I ship to the
United States I now have to comply with US laws at my expense?

~~~
aidenn0
Yes, with at least these consequences:

1) Any warehouse you have in the US that is part of your widget operation can
be seized (this is the equivalent of the .com being taken over)

2) The US can request extradition of you and it is up to your countries courts
to decide if they will comply

~~~
calloc
Except I don't have a warehouse in the United States. All I have is widgets
located in Europe, I put them in a box and I ship them using parcel post to
anyone anywhere in the world.

Yet you are saying that I am now beholden to US law because I interacted with
a customer located in the United States ...

~~~
marshray
<https://en.wikipedia.org/wiki/Richard_O%27Dwyer>

------
greedoshotlast
At least a warrant was filled. In the recent JotForms takedown no warrant was
filled. It just disappeared off the face of the planet. That is mainly my
argument: the US Secret Service or any government organization has no right to
make sites, it JotForms's case a legitimate business, just disappear from the
face of the planet without due process.

------
joejohnson
What is the safest ccTLD be for businesses to register under? .se?

~~~
ihsw
Probably .info, it's not managed by any national government.

~~~
kamjam
I missed the whole thing where .com was managed by the US, i thought that's
why the .us domain was invented... i don't think anyone outside the US
associates a .com meaning US based.

Regardless, stupid law, Team America strikes again!

~~~
drostie
The company which manages .com is headquartered in the US. This is also true
for .org and .net and .us and .gov.

Under US law it is now possible for the US to seize any of these domain names
-- and it will continue until the international organization in charge of this
system (ICANN) says "oh, that's retarded, we're changing the system so that
the US doesn't host .com and .org domains."

We had to fight against two acts proposed in the US which would have made it
possible for the US to build a sort of DNS firewall to deny access to other
domains from users working within the US -- our own rough draft of the Chinese
firewall, if you like. (That was SOPA and PIPA.) But this other right was
granted earlier than that, and is now being used to chilling effect.

~~~
kamjam
Wow, thanks, I didn't know that. Why this stuff isn't decentralised is crazy,
but at this point I guess there is a lot of vested interest to keep it that
way.

EDIT: Just read about BitCoin! Sounding better and better now!

------
veyron
Title of the article is

    
    
        Verisign seizes .com domain registered via foreign Registrar on behalf of US Authorities.

------
guan
How long before they pull something from the root zone using the same
reasoning?

~~~
astrodust
You would have to pull a whole TLD if you're removing something from the root
zone.

~~~
olefoo
Given that the floodgates on new TLDs are opening, it seems quite possible
that a TLD operator could run afoul of the law and put thousands if not
millions of domains at risk.

~~~
regularfry
You just know someone's going to get .torrent, and then all hell will break
loose...

~~~
wmf
No, if you look at the byzantine gTLD application process and the history of
.xxx it would be hard for anyone to get .torrent.

~~~
regularfry
If only that were true. <http://newgtlds.icann.org/en/>

------
overshard
Good to see that the .com tld will finally start to become a non-priority
thanks to this. People/startups/companies in other countries will hopefully
start to think twice before they purchase a .com domain name and consider
using their own countries tld or a tld more appropriate to their website.

------
charlieok
One of the building blocks of developing an internet more resistant to abuses
of power, alongside efforts such as Tor, is a distributed directory service as
an alternative to the centralized DNS service.

I hope to be able to contribute toward some real progress in this area.

~~~
finnw
Like NameCoin? (<http://dot-bit.org/Main_Page>)

~~~
DiabloD3
I can't upvote this enough.

------
redthrowaway
>Of course, the replacement of ICANN will never happen

What's the reasoning behind this? I agree that we will likely not see a new
body in charge of that which ICANN currently does, but there's no reason why a
parallel system couldn't arise should DC go overboard with its malfeasant
retardation.

ICANN has inertia, but if it continues to fail to protect the Internet,
something else will pop up.

~~~
marshray
The funny thing here is that all of this big-money big-government
international strategic arm twisting is over DNS settings, something users can
change as easily as changing two numbers.

If things get bad enough, users will simply point their resolvers to some
alternate root. Trying to block DNS requests to alternate resolvers is a
laughable proposition from a technical perspective.

~~~
nitrogen
_If things get bad enough, users will simply point their resolvers to some
alternate root. Trying to block DNS requests to alternate resolvers is a
laughable proposition from a technical perspective._

ISPs can block outbound port 53 like they block port 25, or use DPI to detect
DNS packets headed out of the ISP network. The only way around that is
universal encryption, which the ISPs can slow down but not stop by blocking
any high-entropy packets.

------
vlnul
Hypothetically, how difficult should be for civilians build root servers?
After that what we need is to update the bind package right?

~~~
wmf
Yes, it's trivial to run your own root server. Convincing other people is the
hard part.

------
gbaygon
I have a doubt, if megaupload would have been megaupload.hk instead of .com,
could the fbi have acted the same way?

~~~
nextparadigms
I think so, because they also claimed Megaupload had some servers in US. But
their case would've probably been weaker then. I think this power to take down
.com, .net .org domains comes mostly from the Pro IP Act from 2008 that passed
right before our noses, just like SOPA almost did. If we want DHS to stop
doing this, we'll need to get the Pro IP Act repealed.

------
ghshephard
At least it should now be clear to anyone purchasing a .com domain that they
have to comply with all US laws and regulations or risk suffering forfeiture
of their property.

If you want to work under the laws of the UK, acquire a co.uk site.

------
AJ007
Everyone everywhere is subject to US law. On the extreme end of the spectrum,
the US will send their military and remove your government if you are non-
cooperative.

------
AshleysBrain
Could this set a precedent in the SOPA vein of things?

------
elb0w
Next, U.S. Government declares anyone buying a non us domain (.com, .net, org,
.biz and maybe .info) will be considered a terrorist.

------
schwit
Not just .com. US law applies to any TLD managed by a US registrar. An example
is .tv which is managed by Verisign.

~~~
tonfa
Do you have any examples of that? As far as I know while .com/.net/.org are
under US jurisdiction, it isn't the case of other TLDs managed by Verisign.

~~~
schwit
<http://www.firstrowsports.tv/>

They moved to <http://www.firstrowsports.eu/>

~~~
tonfa
Thanks. I'm surprised by that, are there more details about the seizure? What
it through Verisign or the registrar?

~~~
schwit
Verisign is the registrar for all .tv and .cc domains.

------
jenncom
playnow.com is a gambling website operating in Canada but registered in the US
through Verisign/Netsol. The only difference in this case is the BC gov't owns
and operates playnow.com. I wonder if the US will seize this domain name too
because gambling is illegal in the US?

------
jacquesm
High time to relieve verisign of their .com registry freeride and move it to
an international body.

~~~
wmf
ITU would be happy to take it over, but they'd double prices and allow every
country to censor domains instead of just the US.

------
jrockway
I can live with this. DNS is an insecure and non-robust system, and the modern
Internet has broken it. The good news is, we know the weaknesses and how to
defend against them, so at some time in the future, DNS buggery will no longer
be possible.

------
dpearce
It looks like all Bodog did is relaunch as Bovada.lv

~~~
heyitsnick
Bovada.lv has been active since November; but even before then it was
operating all US activities from Bodog.eu. The dot-com domain name has been
'dormant' (i believe it redirected to one of the two).

The dot-com domain name seizure is symbolic and will hurt their SEO; it will
have little effect on their business.

[but indicting 4 top-level execs and aggressively pursuing their payment
processors, however, will certainly have an effect]

------
mariuolo
I was waiting for this to happen.

------
lhnn
“Sports betting is illegal in Maryland, and federal law prohibits bookmakers
from flouting that law simply because they are located outside the country,"
DHS said.

LOL what? "You can't flout the law just because you're outside the
jurisdiciton of the law".

\---

Also, the crux of the article is that a .COM domain registered an operated by
Canadian entities was "taken over" by Verisign at the behest of DHS. Verisign
added NS records at the root to redirect the affected domain to a takedown
page.

~~~
raganwald
Are they saying that an English company (where sports betting is legal) taking
bets from English punters is running afoul of Maryland law? I doubt it. What
they are saying is that doing business with American citizens is subject to
American laws.

EDIT: An interesting read...
[http://www.vegassportsmasters.com/?q=article/feds-arrest-
eng...](http://www.vegassportsmasters.com/?q=article/feds-arrest-english-
shore-bookmaker-del-mar-begins-67th-season)

~~~
DanBC
But why aren't they going after the Americans who are breaking American law,
rather than the non-Americans who are just doing business?

But see also this (someone else posted it on HN, but I can't remember who or
where):

([http://cphpost.dk/news/international/us-snubs-out-legal-
ciga...](http://cphpost.dk/news/international/us-snubs-out-legal-cigar-
transaction))

~~~
marshray
They could easily go after Americans, but then they'd having things like due
process and trials by jury to worry about.

Instead, DHS would rather set precedent that a judge's signature in Maryland
(a suburb of Washington DC) is all that is necessary to seize .com/org/net
domains anywhere in the world. It's a fait accomplit against a foreign
company, they're less likely to fight back, and the precedent extends their
authority.

------
desaiguddu
isn't it ridiculous??????

