Verisign seizes .com domain registered via foreign registrar (blog.easydns.org)
We've just posted this on the easydns blog, we think this is a very troubling development. State of Maryland went straight to Verisign to seize a .com domain operated outside the US via non-US registrar.
154 comments
[ 2.7 ms ] story [ 181 ms ] threadIt's going to be a pain as well, there are thousands of links, so I'll need to keep the .com domain if only for redirects.
I understand the "censorship/free speech" deal. But I can't really defend these guys, they were blatantly breaking the law. Like, there wasn't a gray area - they just jumped right over the line.
To make this a "true argument" we'd need the US to take down a domain that interferes with free speech.
Because, that's really what's happening here. Bodog is a non-American company, operating outside of America, with assets that aren't in America. Please elucidate on how exactly you think they are subject to American law before you give a smug "well, don't break the law then" response.
In Bodog case one could only wonder how much traffic they were getting from US. At some point, perhaps if they knew whats coming, they could ban US traffic or put notices all around their web that "there may be some laws in your country banning you from purchasing out products" etc.
http://en.wikipedia.org/wiki/.tel
I am interested to know why you think .se is not trustworthy?
I understand why TPB moved away from DotCOM, but I don't understand why they moved to DotSE. However, I do know that they were put on trial for breaking Swedish copyright law. The trial resulted in fines and jail time, with their Supreme Court refusing to hear the appeal just this month. While the trial was happening, I read reports of many strange legal things going on in court, and I read opinions about this being due to inordinate influence of the industry on the Swedish government. Regardless of the veracity of those reports and opinions, it seems obvious that you wouldn't want to use the domain of a country where you have already been in serious legal trouble, and lost.
http://en.wikipedia.org/wiki/The_Pirate_Bay#Legal_issues
EDIT: DotTEL is not at all limited, as long as you can transition to the mindset of decoupling your content from its address.
EDIT: DotTEL answers pretty much all of the concerns regarding speed, in this other HN thread, from today.
http://news.ycombinator.com/item?id=3648956
http://en.wikipedia.org/wiki/Precedent
https://webcache.googleusercontent.com/search?q=cache:http:/...
While not something I necessarily agree with - I don't think this particular move indicates all .COMs are now threatened.
Flip it around. Suppose someone is selling online under a Somali .so domain rather than a .com; the law should operate in the same way as long as the web servers themselves aren't located in USA.
Isn't it the assumption that any transaction with a .com is essentially under the purview of USA law that is at issue?
This just emphasises the need for .com to be considered neutral territory. It's only a redirection mechanism - USA can have and apply their laws to .co.us and of course any server that is based in USA.
It's all about the money. Not .COMs.
Running a gambling site on an .so domain and hosting the servers overseas while profiting in the US will still get you indicted. The government might not have the authority to shut off your internet presence but I'm sure they could turn off finances in the US. And certainly make travel to certain countries an issue.
Well yes, but in principle that's exactly right. Really think about this: in principle you need to know the entire legal code of the US and all of the ways that someone in the US might use your site to try to break that legal code, before you know whether you're safe. If you start operating the next version of CraigsList and people in the US start using it to sell fish which were caught in violation of U.S. law, it doesn't matter whether you realized it was happening at the time, whether those fish are legal in your country, or any such thing; the U.S. Fish and Wildlife Service could get a prosecutor to convince a judge to issue a takedown warrant for your domain.
What's that, you say? You just run a tasks-and-dates management web app? You'll ban users from the U.S. from logging in? That's not necessarily going to help. If your service gets used by some radical Muslims in some country that the U.S. happens to be bombing, they might take you down. Given the tempting targets, I guess you'd best be banning Iran from logging in, just in case the elite there find your app useful.
Bottom line is, in this case it's quite possible that the gambling enterprise that they were running was perfectly legal in their home country and happened to be illegal in one state in the U.S. -- and people in the U.S. were using it for its intended purpose illegally. So in the bigger picture, if you really think about it, the fact that you're not catching the US government's attention yet is no defense: in principle you need to know all of the things which are illegal in the U.S., and how users both inside and outside of the U.S. might use your site to do those things. Otherwise, you'd better move off of .com, to some domains run by a government which doesn't routinely steal them.
I spend a good part of this morning figuring out how to keep Iranians off of the scheduling calendar. I believe that world peace would be much better served with more Iranians learning English but I really do not want my business to get in trouble with the US over it. Sad really.
http://www.wired.com/images_blogs/threatlevel/2012/02/ccips....
LOL what? "You can't flout the law just because you're outside the jurisdiciton of the law".
---
Also, the crux of the article is that a .COM domain registered an operated by Canadian entities was "taken over" by Verisign at the behest of DHS. Verisign added NS records at the root to redirect the affected domain to a takedown page.
EDIT: An interesting read... http://www.vegassportsmasters.com/?q=article/feds-arrest-eng...
Didn't Britain just extradite (or at least accede to an extradition 'request') a young man to the US for operating a service providing media links (but apparently no copyright material) - where it's likely that his actions were wholly legal under English law and he never set foot outside of the country ...
Seems like USA has their way regardless of other peoples democracy.
--
http://www.telegraph.co.uk/news/uknews/crime/9013408/Student...
Drug trafficking, for all that it generally isn't enforced in the case of marijuana, is illegal in Canada; so a Canadian accused of trafficking drugs into the US was extradited. Selling prescription medications to patients with proper prescriptions is legal in Canada.
It appears that, while non-viable seeds are explicitly legal, there does not appear to be any prohibition against viable seeds, unless they are considered a marijuana "preparation". I suspect there's some case law floating around where a court has decided whether or not cannabis seeds are considered a marijuana preparation.
Edit: Erowid is somewhat helpful in this regard, although the linked article is broken:
http://www.erowid.org/plants/cannabis/cannabis_law.shtml
But see also this (someone else posted it on HN, but I can't remember who or where):
(http://cphpost.dk/news/international/us-snubs-out-legal-ciga...)
Instead, DHS would rather set precedent that a judge's signature in Maryland (a suburb of Washington DC) is all that is necessary to seize .com/org/net domains anywhere in the world. It's a fait accomplit against a foreign company, they're less likely to fight back, and the precedent extends their authority.
However, a quick google search strongly implies that sports betting is in fact legal in Maryland. http://www.legalgambling.net/is-sports-betting-legal-in/mary...
Something is amiss.
Edit: While the Rosenstein quote erroneously states that "Sports betting is illegal in Maryland", it seems more likely that this was actually a breach of the 1961 Federal Wire Act, which banned sports betting over the wire. If Bodog allowed bets to cross state lines, then they're involved in interstate commerce, so the Wire Act applies.
The nation states are going to do their best to reign the freedom technology provides back in.
The big question is whether U.S. jurisdiction can extend beyond U.S. based border based solely upon the fact that Verisign is located in the U.S. For instance, if a Canadian set up a .com gambling site, but only did business with other Canadians, could MD prosecute the site owner based on MD state laws against online gambling? I would guess no. But I'm not a lawyer.
1) Any warehouse you have in the US that is part of your widget operation can be seized (this is the equivalent of the .com being taken over)
2) The US can request extradition of you and it is up to your countries courts to decide if they will comply
Yet you are saying that I am now beholden to US law because I interacted with a customer located in the United States ...
I regularly get letters from overseas companies offering to put my trademarks into "International Trademark Registries". They charge $1000's of dollars hoping that someone's bookeeper will be fooled and pay. They very very clearly violate US laws in many ways. Yet they still keep coming. The government doesn't go to the trouble of attempting to shut them down (they could block wire transfers or credit card payments etc but the don't). It's simply not important enough to them.
This idea that just because something can happen it will is ridiculous.
It's also breaking the law to go 56 mph in a 55 mph zone. But how many people have received tickets for doing that?
http://www.iana.org/domains/root/db/info.html http://www.afilias.info/about-us
Regardless, stupid law, Team America strikes again!
Under US law it is now possible for the US to seize any of these domain names -- and it will continue until the international organization in charge of this system (ICANN) says "oh, that's retarded, we're changing the system so that the US doesn't host .com and .org domains."
We had to fight against two acts proposed in the US which would have made it possible for the US to build a sort of DNS firewall to deny access to other domains from users working within the US -- our own rough draft of the Chinese firewall, if you like. (That was SOPA and PIPA.) But this other right was granted earlier than that, and is now being used to chilling effect.
EDIT: Just read about BitCoin! Sounding better and better now!
EDIT: This is wrong, see peteri's post.
.org is essentially the same as .com, owned by the US government and managed by Verisign.
So far the US has not publicly tried to drop wikileaks.org, forcing WikiLeaks migrate to a TLD that is clearly outside US reach. Maybe they wouldn't want the bad press.
I'm wondering what is possible if I simply have a relationship with a reseller in the US (e.g. the one with the superbowl ads, or eNom), but my TLD registrar is outside of reach. I assume they could make the reseller drop the contract, or terminate it.
They are not very expensive ($35 seems about right for a domain name) I considered a domain there, but was not sure if I needed to be a resident of Iceland.
I like how Iceland has been spunky enough and stood up to a lot of international pressure at times (fish wars with UK, granting citizenship to Bobby Fischer who US really did not like, but otherwise was quite harmless, the way Iceland has handled banking crisis).
What I am wondering is what gives Iceland this power to say NO to big powers?
It would seem like majors could just ostracize it just like most countries that ran afoul of bigger countries. Is it because going against Iceland would anger Scandinavian countries?
There are other reasons as well such as the way Iceland decided to ignore the IMF and default rather than go the Irish or Portuguese route when their economy blew up during the credit crunch.
Check out www.1984.is - I have a couple of .is domains registered through them and would consider their VPS service if I had something controversial to host.
Edit: forget to mention you don't need to be an Icelandic resident - registration is open to all.
Edit: I forgot to add that probably the safest TLD is from countries on their own and not being affected by Team America. Spain is not an option, we got our own SOPA by official pressures...
Edit 2: Oh, what about Switzerland? .ch anyone?
The domain itself (bodog.com) was unused. The operation continues under bovada.lv (for US) and bodog.eu/co.uk for European custom.
Nearly all US-facing gambling operations have been moved to non-dotcom domains (dot.eu, dot.co.uk and dot.ag - for Antigua and Bermuda - the most common) for this very reason.
To read more from an industry perspective [full disclosure, i am co-editor of this site]: http://pokerfuse.com/news/law-and-regulation/undercover-inve...
The domain seizure itself was of interest only as it showed the DOJ/DHS have a continued interest in trying to take down what it sees as illegal online gambling operators; that they can order a dot-com domain name seizure is par-for-the-course these days.
1: http://pokerfuse.com/features/in-depth/a-whos-who-of-blue-mo...
Why? Is that just on principle? Or do you see this behavior by the government as rising to the level of the US taking down sites that flout or even break the law in a de minimis way?
Keep in mind that to do what they did there is a level of case preparation required to get the proper signoffs to make this happen.
I think if someone is doing something illegal they have something to worry about, sure. But for 99.9% of the web sites out there why is this a cause for worry?
Edit (since I can't reply to below):
"the "convenience factor" of owning a .com no longer outweighs the potential risk"
The reason to own a .com is not convenience. It's ubiquity at least in the US. Speaking as someone in the business who deals with customers of registration domains all the time (and also with people buying valuable domains) at this time using a non .com domain is a non-starter for the majority of people.
I think it's a combination of several factors. One is definitely principle. The other major reason is that if I'm running a business from outside the US, and do not deal with US customers or business partners, why should I waste my time figuring out whether what I'm doing is contrary to some law in one US state, just to ensure that the US doesn't steal my domain from me?
Especially in some industries, there are vastly different notions of what is considered appropriate in the US vs. Europe (see the sports betting example). My opinion is that based on cases such as this, the "convenience factor" of owning a .com no longer outweighs the potential risk of losing the domain on the whim of the US government.
This can only be a boon for the .EU domain, ccTLDs and all their registers, especially those which allow second-level domain names like .de.
There is simply too much uncertainty with using American-hosted domains already and it is increasing every week.
And they're not being tried in those courts. Their domain has simply been seized because that's easier than winning in court.
If you are in one country, and are clearly and unambiguously doing business with someone in another country -- with written agreements, money/goods/etc. transferring -- then it's simply not a new idea that you may end up subject in some way to the laws of that other country. It also isn't a particularly scary idea.
The idea that "on the internet" is some sort of magical extra-jurisdictional space is the new and scary idea.
Non-US site, non-US registrar, non-US accounts/transactions.
Still seized by DHS. Because it's illegal in the US. That means you can be put on trial in any country in the world if you break any laws, anywhere. That's what the article is getting at.
"The reason to own a .com is not convenience. It's ubiquity at least in the US."
I know. I was not talking about the US.
"at this time using a non .com domain is a non-starter for the majority of people."
I disagree. For anyone who is not in the US (which is the majority of people), having a non-.com domain is probably not a big deal.
Awesome site. I tried subscribing to your newsletter, and the server responded:
Edit: I wonder if the site's trying to detect CSRF with a cookie, which I rejected. I hope not, because that would mean I won't be subscribing to your newsletter.The mailing list is run through mailchimp, you can sign up directly here:
http://eepurl.com/fsyQo
Thanks!
The dot-com domain name seizure is symbolic and will hurt their SEO; it will have little effect on their business.
[but indicting 4 top-level execs and aggressively pursuing their payment processors, however, will certainly have an effect]
The internet-age wrinkle is that by virtue of ".com" domains being property located in the US, they can be seized pursuant to these charges. Jurisdiction over property is very specific to the locality where the property is located. Maryland couldn't, for example, seize the company's real estate assets in Canada pursuant to its criminal charges for violation of Maryland law. Since all ".com" domains are logically located in the United States, that becomes a pretty substantial piece of leverage the U.S. has over other countries.
They moved to http://www.firstrowsports.eu/
The analogy for finance, my industry, would be a hedge fund registered in the Caymans either trading US securities or trading with Americans in the United States (it gets sketchy if an American citizen comes to Switzerland to do a transaction) not getting to ignore SEC rules just because they're "not based in the US".
I'd get concerned about jurisdictional over-reach if a Spanish company doing business primarily in Spain (where American customers aren't specifically marketed to but may be picked up indirectly) got DMCA'd :). Though at this point I'm starting to think any content-based company should have a non-US domain and server at the very least ready as a fall-back in case of regulatory lunacy on the order of SOPA/PIPA.
That comparison doesn't seem to quite fit. If a company violated SEC rules it would have to be trading through a US exchange and would therefore have agreed to abide by US rules. In this case we have US users who are breaking the law by doing something illegal in their own country. They should be punished, not the foreign website.
Not necessarily. If ABN AMRO markets Turkish bonds to US investors it will have placed itself under SEC jurisdiction just as much as Lehman Brothers marketing mini-bonds in Indonesia placed itself under Indonesian jurisdiction.
The US government has gone further with financial institutions. Take, for example, the Swiss banks helping Americans with tax evasion. Let's exclude those with US branches, e.g. UBS. Here you have American citizens travelling to Switzerland and opening accounts and the Swiss company is held responsible merely for doing business with an American.
I'm not making specific arguments on whether this is jurisdictional over-reach, but characterising the .com seizure in the OP an un-precedented move by Luddite judges isn't fair.
i) Doing trade with someone who is located in America means you have to obey those American laws? This seems reasonable, unless you've taken measure to exclude Americans ("Click here to agree that you're not in US" and using filters etc) and you're still getting done.
ii) It doesn't matter what domain name you use. But if you use a .com (and some others) the US can seize the domain names.
iii) Depending what country you are in the US may ask for an extradition because you broke an American law; even if what you did was legal in your country. Depending what country you're in (UK) that extradition request may be granted.
EDIT: I want to add that there is not very clear case law on the .com issue - that was what SOPA was in part designed to do, make a statutory provision to allow assertion of jurisdiction. I think it's important to keep in mind that the filing of the indictment is not a judicial ruling and is not necessarily "the law of the land". The quotes the article used were true, but taken out of context. They are referring to funds being transferred outside of US but related to business done cross-border.
What's the reasoning behind this? I agree that we will likely not see a new body in charge of that which ICANN currently does, but there's no reason why a parallel system couldn't arise should DC go overboard with its malfeasant retardation.
ICANN has inertia, but if it continues to fail to protect the Internet, something else will pop up.
If things get bad enough, users will simply point their resolvers to some alternate root. Trying to block DNS requests to alternate resolvers is a laughable proposition from a technical perspective.
ISPs can block outbound port 53 like they block port 25, or use DPI to detect DNS packets headed out of the ISP network. The only way around that is universal encryption, which the ISPs can slow down but not stop by blocking any high-entropy packets.