Verisign, the US-based company that oversees the .com and .net domain nameservers, has submitted a request to the Internet Corporation for Assigned Names and Numbers (ICANN) for the authority to revoke website registrations at the request of US law enforcement officials, with or without a court order. The “anti-abuse” policy would “allow the denial, cancellation or transfer” of domains based on court orders as well as “laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process.” So, in theory, US law enforcement officials only need to say ‘jump’, and all Verisign would ask is ‘how high.’
Ostensibly aimed at countering sites harboring malware, Verisign’s power-grab would go well beyond protecting the average netizen from internet gremlins. Verisign has already demonstrated its eagerness to comply with this type of US law enforcement request. Earlier this year, we brought you the story of 23-year-old UK student Richard O’Dwyer, who was threatened with extradition to the US to face piracy charges. O’Dwyer’s crime? He ran a Verisign-registered website that offered links to other websites containing copyrighted material owned by US citizens. The fact that O’Dwyer was not a US citizen and that his site was hosted on servers outside the US made no difference to US law enforcement. (And if the PROTECT IP Act passes, intellectual property right holders would be granted a private right of action to make similar domain takedown requests, without the need to first obtain law enforcement’s okay.)
While Verisign is promising a “protest procedure” for domain holders negatively affected by its proposed new powers, details on this appeals process are scant. Speaking with tech site Ars Technica, American Civil Liberties Union attorney Aden Fine suggested Verisign was throwing domain owners under the bus. “The default shouldn’t be ‘take down first.’ Any time the government is involved in seizing websites, that raises serious First Amendment issues. It doesn’t matter if it’s a private company pushing the button.” Electronic Frontier Foundation analyst Rebecca Jeschke called Verisign’s plan “an extraordinarily bad idea. We’ve already seen how problematic domain seizures are through the ICE (Immigration and Customs Enforcement) shutdowns … If you’re going to do something as drastic as taking a whole site offline, you at least need some meaningful court review.”
Even some US politicians are increasingly uncomfortable with the US’ willingness to project its laws and ‘values’ beyond its borders. Earlier this year, Sen. Ron Wyden (D-OR) reacted negatively to ICE’s takedown of Rojadirecta, a site that linked to live sports on the web (which had twice been declared legal by Spanish courts). “What standard does [the Department of Justice] expect foreign countries to use when determining whether to seize a domain name controlled in the US for copyright infringement? I worry that domain name seizures could function as a means for end-running the normal legal process in order to target websites that may prevail in full court.” Wyden went on to describe the DoJ’s attitude as “alarmingly unprecedented in the breadth of its potential reach.” Alarming, yes. Unprecedented? Not so much.