52 comments

[ 3.1 ms ] story [ 120 ms ] thread
This doesn't make any sense. Seizing top-level domains of a country because of terrorism happening in it? Or is it because of state-sponsored terrorism?
These families were hurt by Iran (via Hamas, which is sponsored by Iran) and are trying to exact some kind of legal revenge. In this case it's rather misguided and pointless, but they'll likely take anything they can possibly get.
It's not really clear, but the impression that I get is that they want to seize (and sell off) valuable assets to pay off a court-imposed debt, because Iran itself refuses to pay. An analogy would be if I were sued and lost, but moved all my money to a Swiss bank account and skipped the country before the litigants could collect, they could try to seize any cars, real estate, etc. I'd left behind to pay the judgment.

It's still pretty ridiculous, of course. I'm not sure how, or if, it's even technically possible to "repossess" a TLD, let alone sell it for cash.

It certainly would be technically possible. ICAN would have to alter the records in the root DNS server to point to a new IP address controlled by the family. The family could then extort existing users of the domain for the privilege of retaining their domain name, begin collecting yearly fees from them, or open a new register for anyone that wants .ir domain name. Yes this would be disruptive and quite possibly trigger a split in the DNS records but it is very technically possible.

It is also possible the family already knows all this, and don't care. It is conceivable that they aren't after money so much as looking for ways to hurt Iran.

> Yes this would be disruptive and quite possibly trigger a split in the DNS records but it is very technically possible.

More likely it would trigger a change in how DNS works. The only reason that DNS can work the way it does is that things like this don't happen.

ICANN can't force anybody's DNS resolver to point at their root servers. The root servers operate based on consensus. The only reason everyone uses the same ones is that everyone agrees how they should resolve top level domains. As soon as you start forcing decisions using courts and politics you destroy the consensus and blow the whole thing up.

I'm not sure the whole world would find and aggree on an alternative root that quickly, though.
That's actually the problem. You could end up with more than one root. Or dissolution of the root altogether and some free for all for top level domains with whoever can convince Comcast, Google, China or British Telecom to add a top level domain record to their resolvers.
That would be the end of ICANN. It would be more or less immediately replaced by a distributed system and rightly so.

Russia would be one of the parties supporting such a decentralized system, China quite possibly as well and even the US would probably not want a judgement in favor of the plaintiffs in this case.

All the easier to feed the correct information to subjugated subjects.
And then Iran just keeps the DNS and IP entries active in their country anyways so that its people can keep on using those resources. And i doing so, we have broken the internet.

This is why an organization that manages something as important as IP addresss distribution and Domain management, can NOT be part of 1 country. Why does 4 families and a judge have the power to basically kill all internet access in a country, because someone got killed, no matter how they died.

It's part of a concerted push to go legally after everything with a link to Palestine. There are lawyers going after every Arab owned house in Israel too, looking for every mean to expel them legally: a typo in the property act, a construction code problem, any detail is good. They are also going after the arabic banks that provide assistance to victims of Israeli retaliations. If someone in the family does anything against Israel, they destroy the family houses without any legal process, and some arabic States are providing welfare to those newly homeless families.
Wrong country.
which one did I get wrong? they were injured in Jerusalem, and they are trying to reach Iran through a connection with Hamas.
They're trying to seize US based assets of Iran. That doesn't have much to do with evictions in Jerusalem.
From the article -

The attempt to grab the domains is part of a court case begun by the families of four Americans injured in a suicide bombing in Jerusalem in 1997 for which Hamas claimed responsibility.

This sort of things is why countries traditionally have sovereign immunity. Can't say I support the plaintiffs in this case.
"countries have sovereign immunity.", somebody should explain this concept to the US.
It is not just ccTLD, the writ of attachment applies to IP prefixes allocated for Islamic Republic of Iran as well.

>But there are other possibilities, Darshan-Leitner said. “ICANN may decide that it just isn’t worth their while to do business with Iran anymore, because all the money coming in will go to the terror victims.” In that case, Darshan-Leitner said, ICANN could “pull the plug” on Iran’s Internet, suspending use of the .ir domain and disconnecting Iranian IP addresses from the web. Even if ICANN decided not to do that, Shurat Hadin could demand an auction of the Iranian Internet assets, arguing that it could realize more compensation money that way – meaning that Iran would no longer be in control of its own websites. http://www.timesofisrael.com/israeli-us-terror-victims-now-o...

>Plaintiffs hold several money judgments against the governments of Iran, Syria and North Korea (collectively, the “defendants”). Plaintiffs endeavor, with the Writs of Attachment, to attach the .IR, .SY and .KP country code top-level domains (“ccTLDs”), related non-ASCII ccTLDs, and supporting IP addresses (collectively, the “.IR, .SY and .KP ccTLDs”), all of whichrepresent a space on the Internet for use by the citizens of Iran, Syria and North Korea. - https://www.icann.org/en/system/files/files/ben-haim-motion-...

well, they can't really take away their IP space.
The could seize IP space using a security system, which began deployment three years ago, called the RPKI[1].

If you use the RPKI to protect the internet against BGP attacks, you provide a technical mechanism which governments, or other actors, could use to seize addresses. I just presented a paper on this[2].

IP takedowns are a risk, the Iranian case is not the only example, for instance RIPE was ordered to seize IP Space by a dutch court[3].

[1]: http://en.wikipedia.org/wiki/Resource_Public_Key_Infrastruct...

[2]: See paper "From the Consent of the Routed" http://www.cs.bu.edu/~goldbe/papers/RPKImanip.html

[3]: http://www.internetgovernance.org/2013/08/09/court-says-ripe...

What an absolutely idiotic lawsuit. Why are they also asking for Syria and North Korea? Have they been reading tired old G. W. Bush speeches about the "Axis of Evil"?
It would be quite interesting to go after the .us in the name of the 100.000 victims in Iraq.
Why stop at .us, .com would be a lot more effective.
Just auction the the DoD IPv4 space</irony>.
Nope, you have to go after Iran again, which is funding the terrorist groups who did the bulk of the killing in Iraq (and still are).
The ones that Saddam was keeping at bay?
Iran's involvement doesn't clear the US of responsibility.
I wonder if Argentina and the hedge funds suing them are watching this case. If ICANN loses here, the consequences of that loss for their legal battle might be very interesting.
If ICANN loses this then Argentina is the least of our problems, the whole DNS system will be overhauled and severely broken until a solution is put in place.

Essentially this would break the internet as we know it.

"Essentially this would break the internet as we know it." Thats probably the real intention.
You're suggesting that there is some sort of technical workaround that can be deployed to solve this possible legal (and, ultimately, political) problem.

I'm not that optimistic. As far as I can tell, the argument being made in this case is: According to US law, country X owes me money and hasn't paid. You, ICANN, a US entity, provide thing-of-value to country X. You should give thing-of-value to me instead (as compensation and/or increased leverage towards getting my debt paid).

While the precise contours of the problem would depend on exactly how ICANN hypothetically loses, I see no reason why that template wouldn't also apply to OpenDNS, Google, Comcast, AT&T or Level 3. If too many pieces of the Internet's infrastructure are "within legal reach", it doesn't matter what technical wizardry someone comes up with - it couldn't be deployed.

So, all holders of subdomains of those ccTLDs should pay collectively for the deeds of their country?

That's a pretty warped view of justice. ccTLDs are not 'assets' that you should be able to seize but registries. Imagine trying to seize the land registry of Iran or their registry of vehicles because Iran refuses to pay some foreign entity.

This is an excellent illustration of why ICANN should be replaced by a system that is distributed enough that nobody would ever think of even attempting to do something like this ever again.

What a tremendously misguided lawsuit, even if we're not getting into the 'x supported y and y did harm' part of the argument, which makes this even more tenuous.

If everybody that suffered from the meddling of some country through indirect sponsorship had a legitimate grievance and was given the power to shut down some large chunk of the internet as a remedy in order to extract some amount of money then that would open up a huge can of worms, .COM would be the first to go.

all holders of subdomains of those ccTLDs should pay collectively for the deeds of their country

That's the least problematic issue and yes, you're routinely expected to pay for deeds of some larger organization, your government in particular. Every time the government is sued and loses for example, you foot the bill.

This however has the potential of completely breaking routing of any global network. If they can seize IP addresses, domains, then why not phone prefixes.

>This is an excellent illustration of why ICANN should be replaced by a system that is distributed enough that nobody would ever think of even attempting to do something like this ever again.

Such as?

DNS is useful because it is authoritative. What would happen if two parts of this 'distributed' ICANN disagreed on something? Different parts of the internet would see a completely different state (e.g. who owns gov.uk?), Thus rendering DNS effectively useless.

The only alternative I could see to ICANN being a US organisation is for it to be given authority by treaty. And that would open up a whole other can of worms. ICANN run like the ITU?

Well, another alternative would be to turn ICANN over to Iran, would you be comfortable with that? How about the Swiss? I'd be perfectly happy if ICANN were a Swiss organization.
Why do you believe Switzerland would be a good home for ICANN like organisation?
>DNS is useful because it is authoritative. What would happen if two parts of this 'distributed' ICANN disagreed on something? Different parts of the internet would see a completely different state (e.g. who owns gov.uk?), Thus rendering DNS effectively useless.

This problem can be solved in distributed system using bitcoin-like proof of work scheme. If two parts of the network disagree, the bigger part is considered right. Namecoin project is trying to implement distributed DNS using this technique - http://namecoin.info/ .

Namecoin is one way. But why do you really need an authoritative registry? Think about Google's Real Names policy. Who does it benefit? If I don't want you to see my real name, why would I want you to find me by my real name? You should be able to find me only through existing connections you already have established in internet space.

If you want some authoritative distributed hash map, you can use namecoin like you said. But think about why you actually need an authoritative registry.

Hyperlinks? The document embedding the hyperlink can also embed the IP number. In fact, that's how the underlying IP routing system works. BGP isan interesting target for spoofing as of late.

At the very least, a website wishing for others to find it by its domain name should tell more than one registry, so there isn't a single point of failure. In the trade-off between consistency and having no single point of failure, you can think of the latter as failover or backup plan.

> ICANN run like the ITU?

Do you see any problem with that?

For some political background, this comes in the wake of the tremendously successful UANI attempt to get Iran kicked off SWIFT, which showed - after the Wikileaks banking blockade - very clearly just how politically manipulated our financial systems are. https://en.wikipedia.org/wiki/UANI#Leadership

After that success, this is an attempt to go one step further and knock out fundamental civilian and government communications systems... though we can be sure that virtually all internet, satellite, radio and telephony communications out of Iran are already logged and searched by similar parties, seizure of network addresses would be an extremely damaging move.

If ICANN loses this, they must immediately lose control of the root domain space and need to be suspended until they can be replaced - as the meeting is already convened to discuss - with either some kind of international organisation by treaty (iana.int?) or something related to the IETF.
What are they really trying to achieve? The creation of a "Western Block Internet" by forcing all the others to create independent parallel structures?

That's what will happen, if they succeed in seizing these TLDs.

In effect, this would create a new Iron Curtain, but this time it'll be initiated by our governments.

Unless I'm remembering history completely wrong, wasn't the other Iron Curtain also initiated by governments?
It wasn't initiated by our western governments, but by the Soviets.

This time it might be initiated by western governments, because the Chinese, Russians and others wont accept TLD seizures at will by the US.

It will be an iron curtain around a large subset of the Anglophone internet. I don't think that countries outside of Five Eyes are very appreciative of the spying that the NSA and the GCHQ have been carrying out.

Not that it would necessarily be the only intranet at a (inter)national level; I'm sure that the Chinese government would love a political excuse to cut off their citizens' access to parts of the internet outside their borders.