US Government 'Suspends' JotForm.com Over User Generated Forms; Censorship Regime Expands

from the not-cool dept

One of the key principles behind the growth of the internet was belief in protection against secondary liability claims. That is, if you set up a website where users can post stuff, the people who post stuff are liable for the content — not you as the service provider in the middle. This is the core purpose behind Section 230 of the CDA (and, to a lesser extent) the DMCA’s safe harbors. But there are some loopholes where technically there are no official safe harbors (though common sense says you still shouldn’t be liable). The website JotForm.com, which allows individuals to create their own forms easily, has had its main domain, jotform.com “suspended” by the US government, due to “an ongoing investigation.” Because of this JotForm is forcing all of its users to change their forms to use their .net domain rather than their .com.

Many people on the comments assumed the content was posted by us. This can happen to any site that allows public to post content. SOPA may not have passed, but what happened shows that it is already being practiced. All they have to do is to ask GoDaddy to take a site down. We have 2 millions user generated forms. It is not possible for us to manually review all forms. This can happen to any web site that allows user generated content.

I’m at a loss as to how this possibly makes sense. Even if the forms were being used for some illegal purpose (and it’s important to note that Section 230 does not apply to criminal activity — just civil offenses), I still can’t fathom a reason why it should lead to everyone else getting censored and an internet startup facing a massive hardship wherein tons of users have had their service disrupted with millions of useful forms being suddenly disappeared.

And I won’t even bother spending any time on the fact that apparently it was GoDaddy who helped the US government “suspend” the domain.

For a government that insists it’s trying to help small businesses and startups, to go and disrupt one and all of its users over some possible illegal usage by a small number of users is just crazy. It’s this kind of overly broad censorship (and, yes, this is clear censorship) that is what people were afraid of under SOPA. As JotForm notes, it’s important to recognize that the US government already believes it has these powers. And the damage here for a small business is massive. JotForm has been filling its Twitter feed with customer service attempts at helping upset customers, and making it clear it has no information on why the .com disappeared. It looks like the US government asked, and GoDaddy just took away the domain. If you’ve never worked for a startup, perhaps you can’t imagine just how insanely disruptive and destructive such a situation can be. Everyone is so busy working and building a company — but something like this means suddenly all of their time has to switch over to help all of those upset customers (and doing so without being able to use the site that everyone will go look at first!).

Activities like this will chill innovation and entrepreneurship in the US. Why locate here or even setup under a .com if the US government might kill your business with no explanation at any moment?

Filed Under: , , , ,
Companies: godaddy, jotform

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “US Government 'Suspends' JotForm.com Over User Generated Forms; Censorship Regime Expands”

Subscribe: RSS Leave a comment
371 Comments
Anonymous Coward says:

Actually, it is legally one of the problems of user submitted sites, and one that uses your own arguments against IP addresses as being valid to prove the point.

If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings. Remember now, a log of IP addresses is something that most people here claim isn’t enough for prosecution, so why should it be enough to prove innocence?

The safe harbors should exist only to protect the company, not the individuals involved. They should be required to know who is uploading, who is responsible, so that the law can be applied fully. Otherwise, the safe harbors become a shield for illegal activity.

Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.

Anonymous Coward says:

All they have to do is to ask GoDaddy to take a site down.

If people bothered reading TOS/AUP BEFORE giving them the money to run the backbone of their site, then they wouldn’t have a problem. Plenty of excellent registrars that will require a court order to do anything. But GoDaddy can terminate your account and auction off your domain simply because they tell you they can. People need to learn to read, especially when it’s the door to your business.

minerat (profile) says:

Wow, and here’s the super helpful response from the investigating agency.

http://news.ycombinator.com/item?id=3597821

Founder of JotForm here. I?d like to thank you all for your sympathy.

JotForm.com has been suspended by Godaddy for more than 24 hours now. They have disabled the DNS without any prior notice or request. They have told us the domain name was suspended as part of an ongoing law enforcement investigation. In order to resolve the issue, they asked us to contact the officer in charge at U. S. Secret Service.

When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.

Our guess is that this is probably about a phishing form. We take phishing very seriously. Our Bayesian phishing filter has suspended 65.000 accounts last year. We have been training it for many years, so it can detect phishing forms with great accuracy. We also take any reports about phishing very seriously and quickly suspend the accounts and let the other party know about it. By the way, we are also very serious about false positives. If we suspend an account accidentally, we will quickly resolve the issue, and apologize.

I believe this can happen to anybody who allows users to create content on the web. So, if you have such business, my recommendation would be to make sure that you can contact your most active users quickly if your domain is disabled. Many of our users are shocked and angry at us. But, many also thanked us for quickly letting them know about the issue by email and providing instructions to continue operating their forms. Since DNS propagation takes some time, many active users were able to switch their forms to the new domain before it went down. We still have not contacted all users, we are sending emails most active users first.

minerat (profile) says:

Re:

Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.
Right, but the company is supposed to be presumed innocent until proven guilty. Hell, all the investigating agency had to do was, you know, investigate the site to see that they have hundreds of thousands of users and are proactive in combating phishing. Then do something crazy like contacting the owners to see if they respond / can provide useful information about the problem form(s).

weneedhelp (profile) says:

Re:

“Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company.”

You do realize how asinine that sounds?
Without proof of who is actually uploading you should not ASS-U-ME anything.

“If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings.” Please tell me how you do, and dont assume.

“it’s a pretty good assumption” No, its not really.

Silly AC.

yogi says:

Ditch the US

Yes, that is exactly what I told my wife, the musician: that her website, domain name, and server location should be as far away as possible from the US. I imagine that any other start-up not already based in the US would do the same.
Basically US has turned into Soviet Russia as far as freedom of speech and due process are concerned. The KGB is alive and well in America, thanks to the MAFIAA, the Democratic Party, and especially Obama, who made the necessary appointments in his government to make this possible.

Rikuo (profile) says:

Re:

I didn’t know that establishing someone’s guilt in a criminal case just involved the investigation not having enough evidence.

Seriously, you need help. You say that without proof (evidence) then its a good thing to just assume that someone is guilty?

Oh look. I had a dinner party and a purse belonging to one of my guests was stolen. Without proof of who actually stole it, it’s a pretty good assumption that the theft was the guy hosting the party (i.e., me). There is no proof to the contrary.

PaulT (profile) says:

Time to go

Depends on what you mean by “hosted”. In terms of servers, a weaker dollar means that it can be much cheaper to use the US than other regions. The exchange rate alone can be a big saver, especially on things like bandwidth compared to some other countries.

If you refer to having the .com domain, which appears to be the case here, it’s down to marketing and visibility. For better or worse, people automatically assume that a site will end in .com, and if you want one of those you have to involve the US.

That Anonymous Coward (profile) says:

So this is the way it works online, lets apply it in reality.

We know that some members of Congress are corrupt and taking bribes. Until we can get around to getting the actual lawbreaker, we are suspending Congress and holding all members until a week from next Tuesday when we might read the case and figure out that grabbing hundreds of uninvolved people might have been stupidity on a scale the likes of which we haven’t seen since the last **AA press release.

Makes perfect sense.

Are you mad? says:

Re:

“Actually, it is legally one of the problems of user submitted sites, and one that uses your own arguments against IP addresses as being valid to prove the point.

If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings.”

This is were RIAA etc.. massively fall down. You don’t prove negatives you prove positives.

Hypothetical situation, someone has stolen a tv, you have a very basic description, tall, mid 30’s, black hair. Person A matches this. How do you use their description to prove it wasn’t them….

You can’t.

You can’t use IP addresses to show whose who in any circumstance. They can be used to give an indication i.e. if my friend was arrest for something he did online and his IP at the time was mine, then it could be used as support evidence (although it would be circumstantial)

If you suspect companies who have safe harbour provisions are taking the mickey and want to protect against this then the best you can push for is to require them to log their activity, but this is a massive infringement on the employees basic rights, which ultimately trump copyright/int prop rights.

Paul Clark says:

Guilty Until Proven Innocent

ok. So you are guilty until proven innocent?

So under that logic are you ok with this logic?

You own a fast car. People with fast cars speed. I am going to issue you 5 tickets in a row because you commute to work each week day and I know you are going to speed each day. Oh wait. Five tickets means your license is suspended so you can’t drive at all. Since we know that you will drive without a license as you are a criminal, we are impounding your car. After your license suspension, if you can prove that you will not speed again, your car will be returned to you. In the meantime, we will make use of your car as we see fit.

That Anonymous Coward (profile) says:

Re:

http://www.techdirt.com/articles/20120215/18044017773/us-government-suspends-jotformcom-over-user-generated-forms-censorship-regime-expands.shtml#c100

It might have been a form used in phishing, but they haven’t had time to actually look at the case and tell them while they are diligently working on destroying the entire business over what could be a complaint on 1 form that may or may not have already been removed by the automated system designed to combat these things.

Adam j says:

Whew! I’m glad that RIMDOJ (Riaa/ICE/MPAA/DOJ) stepped in and took down the website before finishing the investigation (insert sarcasm). So do we need SOPA/ACTA when RIMDOJ already takes down stuff they don’t like or understand? Nope.

I wonder if GoDaddy even hesitated, or considered the ramifications to Jotform’s business and all of its customers before it right clicked and hit “disable”.
I think it might be time for another GODADDY boycott.

PaulT (profile) says:

Re:

Wow, where to start…

“If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings”

If “in the company”, you mean within the company hosting the service, they will have their own logs. Most companies will use an internal network that translates IP addresses to communicate to the outside world. Therefore, you should be able to tell quite easily whether the internal network or external network was involved.

It can be a little more complicated than that, but you immediately have a greater level of falsifiable evidence than the RIAA have ever submitted to a court.

“The safe harbors should exist only to protect the company, not the individuals involved.”

Indeed, but one of the things that goes along with the due process you mock people here for defending is the idea of the assumption of innocence before proof of guilt. It’s down to you to prove that the company is guilty, not for them to prove your accusation false. Since, as you admit, it’s a company and not an individual that needs to be identified, the burden of proof is lower.

“They should be required to know who is uploading, who is responsible, so that the law can be applied fully.”

…and how do they do that, genius? You seem to again be talking about identifying individuals rather than simply whether an internal or external source was involved. How do they do that to satisfy you?

“Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.”

It’s a pretty good assumption that you were paid to write this post by GoDaddy to make their critics look bad. There is no proof to the contrary.

That’s as accurate as what you’re saying.

el_segfaulto (profile) says:

Time to go

I moved all of my sites belonging to a startup that I’ve been working for to another outside of the United States. The datacenter we used to use was in the same city, now we have to deal with increased latency and a plethora of other small issues. The issue was that we didn’t want to be vulnerable to a competitor with a similar business model.

Yeah…SOPA will create jobs and keep businesses in the U.S.

Anonymous Coward says:

Competition is a bitch

I see in the comments on that post that at least one competitor has jumped in to steal users already… a competitor that isn’t even setup to allow user registration (which is kind of ironic for a webform generating tool).

Makes one wonder if this “competitor” had anything to do with the phishing scam that got jotform in trouble.

Michael says:

Re:

That’s what I’m trying to figure out. If they’re going to seize a website, they should’ve informed the owner immediately as to the specific reason why. This sort of case is setting a precedent for the future where government/law enforcement just walks up and seizes without explanation. Today it’s JotForm.com; tomorrow there will be another. Perhaps they’re trying to condition us into becoming complacent with this sort of behavior.

Baldaur Regis (profile) says:

Time to go

We were about to launch with a .com address and an American registrar; now we’ll have to take the time to research an alternate route.

It’s informative to read the user comments on the JotForm blog – a .com address is considered by many to be more “legitimate” than others; until recently this was possibly true.

After this incident we have concluded that America is no longer a safe place to conduct business. Pity.

Anonymous Coward says:

Re:

Innocent until proven guilty doesn’t mean “ignore until convicted”. If there is a criminal complaint, then law enforcement needs to act.

It would appear that it’s a question of something that was on a form, or what the form was doing. A quick example I could come up with would be forms with child porn images on them, being used as part of CP distribution. I could also picture the same for various other forms of illegal porn, from snuff to the old two girls, one cup deal.

It’s not clear what the issue specifically is, but clearly it is enough to merit law enforcement taking action.

Further, let’s be clear here: The old “too big to check” excuse is getting very, very tired now. It’s a sad excuse that companies can pretty much abdicate responsibility for what is on their site, while at the same time not being able to indicate the sources for it. That is an untenable situation, which creates the mysterious “nobody is responsible”, which just won’t stand.

Too big to check? That just isn’t a tolerable excuse anymore.

The eejit (profile) says:

Re:

You, sir, are an idiot.

How do you prove a negative? And why, may I ask, are you even posting here if you wish to ramian anonymous? What laws such as SOPA do, is to remove anonymity, which is, to a point, essential for demodracy to function.

What companies like Universal fail to realise, is that they are trading long-term growth, for short-term profit at the expense of the consumer. And that is an unsustainable business model, as once the consumers no longer trust you in a symbiotic economic relationship, it makes the situation ripe for a new competitior to steal their market share by learning from their mistakes.

Rikuo (profile) says:

Re:

You just defeated your own argument. You argue that one form could possibly be illegal content – yes, that’s probably true, it can happen. But it doesn’t mean you BLOCK THE ENTIRE WEBSITE!

And how is too big to check intolerable? Youtube has days worth of video being uploaded every minute. This site had millions of forms. Besides, what’s being argued is not “too big to check” but being too big to check proactively, at a cost of both immense resources, time, money and civil rights. For example, Youtube could check each and every video before its uploaded: but because it can’t determine what’s legit and what’s not, that would simply be a waste.

Anonymous Coward says:

It would appear that jetform was being used as a landing site for phishing scams, and some have suggested in comments (and on other pages in Google) that when RSA complained to them, they did not promptly remove the forms, and allowed more similar forms to be created.

If this is the case, this is clearly one of those reasons why you cannot simply have a blank “user submitted” universe without responsibility.

PaulT (profile) says:

Re:

At this point, it doesn’t really matter. The domain’s been seized, rendering many of the company’s services broken. This has a knock-on effect to all the other companies utilising their services, probably a rather sizeable number given the number of forms created.

If jotform themselves were the ones responsible for the complaint, they have been denied due process, and the shutdown was ineffective at stopping them (since the site is still active on another domain). If they weren’t, then they were shut down because someone else did something wrong, as were all of their other customers.

Regardless of what the original problem was, there’s no justifying this.

Anonymous Coward says:

Ditch the US

Ah, you were so close, you had me till you took a sharp turn into the looney bin of people who believe that Jack Johnson is different from John Jackson (the donkeys and elephants). Take a moment to realize they’re ALL the same when it comes to being in big business’ pockets and the only difference between them is which part of life they want to dictate how we live, which they have no business to be a part of.

Yes, 25 years ago, there was a difference. Now, there’s not.

Anonymous Coward says:

Whenever I come across articles here that seem somewhat counterintuitive I try to do a quick bit of research to see how it is being reported by legacy and other media sources that have an established and widely respected reputation for being sources of generally unbiased news.

Unfortunately, here the only reporting as of now are various websites and blogs merely repeating what they read elsewhere. Thus, no new insights or facts are added from which I can get an idea what are the relevant facts.

The only thing I did learn, but as of now it is unsubstantiated, is that a request was purportedly lodged with GoDaddy by the US Secret Service. If this proves true, then perhaps there is something present on the site that is not an ordinary, run of the mill document.

I guess I will have to wait a little bit until more of the facts are fleshed out. In the meantime, I believe it would be inappropriate to post comments based on conjecture.

That Anonymous Coward (profile) says:

Re:

well jetform is the devil then.
Shame they shut down jotform.

RSA, you mean the morons who were hacked by the incompetence of their staff and ended up denying they lost the keys to the kingdoms until the 4th customer of theirs was hacked using the stolen RSA keys?

Cause everything on the web is reals and stuff…
Google Santorum… I’ll wait.

Q – If RSA sends you a letter asking you to burn your house down would you do it?

Define “promptly”.

Your one of the reasons the idea of personal responsibility is dead. Its not my fault I got hacked, this form hosted online without a secure connection, from someone I’d never heard of told me I was getting MILLIONS of course I filled it out.

A blank user submitted universe would suck, which is why its awesome that people create things.

Buhbye mr shill man….

0/10 – cite sources, spell names correctly, get new buzzwords

That Anonymous Coward (profile) says:

Re:

They found a baggie of weed in a house 4 doors down from yours, so they closed down the entire city.

This is what Secret Service did, and they can not even be bothered to tell the owners what law they supposedly violated. They need a week to review the case before they can say anything.

This is shades of when the government meant to take down a website, and instead killed an entire domain and informed all of the visitors that they were shut down for being pedophiles. Because the idea of subdomains was something they lacked comprehension of. Still not sure they said sorry for that yet…. because that will surely undo accusing people of being pedophiles… works for the media.

Keroberos (profile) says:

Time to go

After this incident we have concluded that America is no longer a safe place to conduct business.

Incorrect, the U.S. is a perfectly safe place to conduct business, as long as you’re a multi-billion dollar corporation with millions of dollars of lobbying bribes, you can buy all the government protection you need–Including the ability to stifle all competition.

That Anonymous Coward (profile) says:

Re:

OpenDNS disagrees

Results for http://www.jotform.com
United States
Chicago, Illinois, USA Dallas, Texas, USA

NO RESPONSE

NO RESPONSE

Los Angeles, California, USA Miami, Florida, USA

NO RESPONSE

NO RESPONSE

New York, New York, USA Palo Alto, California, USA

NO RESPONSE

NO RESPONSE

Seattle, Washington, USA Washington, DC, USA

NO RESPONSE

NO RESPONSE

International
Amsterdam, The Netherlands Frankfurt, Germany

NO RESPONSE

NO RESPONSE

London, England, UK Singapore

NO RESPONSE

NO RESPONSE

Try “Refresh the cache” first. That will fix problem #1 below.

Four possibilities:

Domain was recently moved and the new address has not propagated.
Domain does not exist in DNS.
Domain’s nameservers have problems, temporary or otherwise.
There is a problem with a record on OpenDNS servers.

Gwiz (profile) says:

Re:

Too bad that this has nothing to do with copyright.

Fuck me, you guys are dense and fast to judgement!

Would you like to share with the rest of the class then, AC?

Since it appears that you are somehow omnipotent and have information that the guy running Jotform doesn’t even have, please fill us in. Or were you just pulling crap out of your ass again?

Machin Shin (profile) says:

Time to go

Well it is not really that simple is it? You say I have the “right” to leave the country. What do you think will happen when I try to board a plane for another country? After getting raped by the TSA they are going to tell me I cant leave without passport. The other country also will not let me in. So no I don’t really have the right to leave.

On to other point. I am a US citizen. I was raised to be proud of what this nation stood for. I refuse to leave because some asshole is screwing the nation up. I will stand and fight for what principles this nation was built on. I will not abandon it to be destroyed.

Anonymous Coward says:

Re:

Rikou, it would appear (from what I can gather) that the forms in questions were phishing scams or similar, and were put up repeatedly. Some reports suggest they were not removed or handled promptly by the company when notified. I don’t know if this is true, but there you go.

This is a case where taking the domain domain is the most expedient way to assure that nobody is phished.

Baldaur Regis (profile) says:

Time to go

Oh, we’re Americans too, and that’s the bitch of it – setting things up offshore is an incredible hassle (just think non-US payment systems, for one fun example).

And to the AC above who suggests people can leave if they don’t like it – a very special fuck you AND the horse you rode in on. America is awesome; the government is not.

Trails (profile) says:

Re:

“If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings”

Prove you didn’t kill someone or the gov’t will seize your domain.

Remember now, innocence is assumed, and the gov’t is the one who needs to come up with substantiating evidence in order to seize property.

Your strawman is teh suk, please try again (or not).

Machin Shin (profile) says:

Re:

Yup and by your logic the government should be allowed to have cameras in all our homes and businesses. Every move every person makes should be watched. Privacy is just a shield criminals hide behind.

In other words, until you setup webcams in every part of your house broadcasting 24/7 to the web so we can be sure you are not doing anything illegal I will just reject any arguments you make to take away my privacy online.

Anonymous Coward says:

Re:

“If “in the company”, you mean within the company hosting the service, they will have their own logs. Most companies will use an internal network that translates IP addresses to communicate to the outside world. Therefore, you should be able to tell quite easily whether the internal network or external network was involved.”

Paul, you are one of the ones who has pointed out that IP addresses are not enough (in your opinion) to convict anyone. Any computer guy with half a lick of sense could whip up all sorts of fake logs. What’s your point?

Someone working at the company can upload to the servers, and then fake the log to show it coming from outside. Is that really proof?

Come on. If you are going to take the side of an argument, accept that it applies in both directions. Stop flip flopping.

That Anonymous Coward (profile) says:

Re:

“fast to judgement”

You understand the little icon lets us know you were the same shill jumping up to suggest there was a connection to child porn and this website riiiight?

And bending over backwards to point out how it was totally reasonable to kill an entire website over x number of things that could have been surgically removed.

but it is fun to see you get your teeth kicked in on the issues and resort to using insults and lashing out.

Got news for you… thats my schtick around here…

Anonymous Coward says:

Re:

The owner of jotform has indicated that it is something to do with uploaded user forms.

There are plenty of indications that jotform was being used as a phishhaus. Just google “jotforms phishing” and you can enjoy plenty of interesting stories and “how to” websites.

There is absolutely no indication that this has anything to do with copyright. How are you making that conclusion?

Manok says:

Isn’t there a dot-something of some country that can not be harassed? Island seemed to take some steps. The North Koreans have been pretty good at sticking up the middle finger to the U.S… perhaps the web hosting business and .nk domain name business would finally be a good money earner for them. 🙂

Or how about a browser plugin that allows for a not yet existing domain extension, (.earth or .web or so) and resolves that directly to an IP address. It would need to something distributed, like torrents…

Rikuo (profile) says:

Re:

“No, that is a bad example. Any one of the guests could be responsible. Are you truly that dumb?”

Obviously, when I said that I, the host of the party, would be held responsible, I was being sarcastic and also pointing out the fallacy of your argument. You argued that, in the absence of evidence, you should just assume (your word) that someone is guilty.

“You guys always push that IP addresses aren’t enough to convict anyone. Well, why should they be enough to prove that the site owners didn’t put up the content?”
You can’t ask someone to prove a negative. That’s why.

Anonymous Coward says:

Time to go

Most un-American of you. True American would stay and defend against erosion of his rights, demand accountability from his elected officials, expect and receive justice for all, call out corruption and abuse done by those he pays with his tax dollars, question the benefit of the status quo, push for change for the better of all, even if it may inconvenience him or go against his personal belief system. True American would do this not just for himself but for his fellow citizens because he knows that if his fellows don’t have their basic rights defended, then neither will he.

He wouldn’t cut and run. You can thank him later for doing the work for you.

But you probably won’t.

And if any of that bothers you, there’s the door.

That Anonymous Coward (profile) says:

Re:

We would look at their site….
EXCEPT ITS OFFLINE.
*headtilt* are you new to the interwebs?

And from that webcached site…

“Note:
? Your form will not last forever so check your form daily if it still working and if not, make another form then replace your Facebook”
(bet your surprised I managed to copy paste off of that site as they “block” you doing that.)

So like jotform actually did scan and remove bad things…

It would appear guns are very popular with criminals… LETS SEIZE THEM ALL!!!! RARWBLARGH!

*yawn*

E. Zachary Knight (profile) says:

Re:

No, that is a bad example. Any one of the guests could be responsible. Are you truly that dumb?

I think it was a great example. Why? Because it forced you to contradict your original point.

Your original point was that because law enforcement couldn’t identify the form creators, it was the site owner’s who were guilty. Now you claim that any of the users could have been responsible. Which is it?

Think about it. I know it is hard, but THINK.

James Litwn (profile) says:

Thanks US Government

Where was the risk? Who would expect this to happen considering there was no indication that jotform or a company like this was at risk of being shutdown.

Jotform was a solid service provider and could do what we needed at a fraction of the cost and resources that would involve a programmer. So by your reasoning we should not outsource anything and it would look like especially to the US.

Someantimalwareguy (profile) says:

Re:

You guys always push that IP addresses aren’t enough to convict anyone. Well, why should they be enough to prove that the site owners didn’t put up the content?

Think about it. I know it is hard, but THINK.

And if someone calls the police with accusations of your wife beating activities you will not scream when they cuff you and throw you in the back of the squad car in front of all your neighbors then?

Josef Anvil (profile) says:

WOW

How difficult is it for the Secret Service to call a company and say, “Hi, your company is under investigation for fraud. We need information from you, the owner, regarding illegal content on your site.” ?????

Maybe the higher ups were unaware of the SOPA/PIPA/ACTA/TPP conflict. Maybe they are actually supporters of the opposition to those policies and saw this as a GREAT way to fuel the fire against more draconian laws.

Job done.

Violated says:

What The Hell?

So who exactly in the US Government is responsible for this domain suspension? This is a horror story with no named villain.

I have looked into this and JotForm provide a very useful service to those looking to create online forms. This is clearly all user creations.

Then after looking into where their .com has gone I see this…

Domain servers in listed order:
NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM

I would call that shocking. No matter the complaint one look at the service would clearly highlight this is some user problem.

JotForm so need to switch domains to NameCheap.

Anonymous Coward says:

Re:

Marcus, WTG on trying to take something out of context.

If the material is there, the “proving innocence” is showing that they are not the source. Think about it. In legal terms, the site is owned by the company, the servers are operated by the company, and the material is on the servers operated by the company. In a very basic way, this is “dead to rights”. What these “user submitted” companies are doing is claiming innocence because someone else did it. That would be “proving innocence”.

Nice of you to totally misunderstand. Typical of your crap.

Anonymous Coward says:

Arrgh@!

agreed, i dont know if their trolling or if they actually believe in what they say, all i know is that their comments, through ignorance or arogance, makes me want to get involved, rather then assume that enough people will contest the corruption, so, a big thankyou guys, you big bunch of idiots, instead of letting it die down, which to me felt like a real risk, you instead keep us on our toes

oh and finally, the obligatory….STFU, with the understanding that its your right not to STFU, either way …..STFU

December Advocate (profile) says:

Re:

So you say “without proof of who is actually uploading” and then go on to suggest that it can be assumed that the company itself is involved. Well, that’s the thing about law is that you can’t just go assuming without proof or the whole thing falls apart.

I mean, I’m assuming you are responsible. I can’t find proof that you aren’t so I am going to assume you are and take legal action accordingly.

Anonymous Coward says:

Re:

You don’t point out any fallacy. If the host is the only person in the house besides the 1 guest, they would be considered the prime suspect unless there was forced entry into the house.

You are alluding to a room with a bunch of guess people can see. That just isn’t a parallel to this story at all.

The only point you are making is that you don’t understand the difference between a room full of people and anonymous web posting.

Anonymous Coward says:

Arrgh@!

Yet, here we are in another situation where you guys are all off riding your copyright horses, not realizing that this probably has nothing to do with copyright at all.

I think your STFU is more an indication that you don’t want to hear the truth, you have already drawn a conclusion and nothing will change your views.

Too bad. You use to be a good debater.

Anonymous Coward says:

Re:

Umm, can you please learn to read? I didn’t say that the site had child porn on it, only that an unchecked system would be an open invitation for these people to operate there.

“And bending over backwards to point out how it was totally reasonable to kill an entire website over x number of things that could have been surgically removed.”

How do you know that for sure? Are you 100% confident that this is only on a single form, and not many? Are you 100% confident that nobody involved in the company, it’s service providers, and such are not involved at all ever? How do you happen to have this proof?

See how it works?

You are a sad, sad troll.

Dirkmaster (profile) says:

Too big to check isn't tolerable

But the only solution to a “too big to check” is to have an algorithm that checks, WHICH THIS COMPANY HAD. So effectively, you are saying that there’s no way for them to win. Or that the only solution is a perfect algorithm.

Let me know when you write that.

The simple truth is that this is overreach by the government pure and simple. And the fact that a business can be shut down, and the investigating officer can be too busy to look into it FOR DAYS is inexcusable and SHOULD BE criminal. But of course, the law will PROTECT the abuser, while punishing the innocent.

Shameful.

Marcus Carab (profile) says:

Arrgh@!

Yet, here we are in another situation where you guys are all off riding your copyright horses, not realizing that this probably has nothing to do with copyright at all.

There are like three people here who have mentioned copyright. The post doesn’t mention it at all, and the majority of commenters are not talking about it. And it is a related topic, even if it’s not the specific issue at hand here. We’re hardly “all off riding our copyright horses”

Violated (profile) says:

Re:

It sounds like the US Secret Service are operating outside their area. From Wikipedia…

The U.S. Secret Service has two distinct areas of responsibility:

Treasury roles, covering missions such as prevention and investigation of counterfeiting of U.S. currency and U.S treasury securities, and investigation of major fraud.

Protective roles, ensuring the safety of current and former national leaders and their families, such as the President, past Presidents, Vice Presidents, presidential candidates, foreign embassies (per an agreement with the U.S. State Department’s Bureau of Diplomatic Security (DS) Office of Foreign Missions (OFM)), etc.

The closest match there is major fraud but of course JotForm have not done even minor fraud when anything that has happened is through their users.

I would say the person at JotForm was being nice to her for her to get irritated. Had it been me I would so be calling her three-word abusive terms by now with the middle word always being “lazy”

You would think she would be able to answer exactly why this domain was taken offline even before she took it offline. So to now have no answer indicates that there was no valid reason to take it offline.

Anonymous Coward says:

Re:

First off, let’s be clear: if the company runs the servers, and the servers contain illegal material (let’s say phishing to make it legally easier to understand). Now, at that point, the company is pretty much “dead to rights”. Their answer would be to say “wait, that is a user account, and this is the user information”, right?

The problem? They may not have user information, they may have nothing more than an IP address in a log. Now, if that IP isn’t enough to merit a conviction in other cases, why should it be enough to get them off?

If the form is on the server, and the server belongs to the company, they are already very close to proving guilt, don’t you think?

Rikuo (profile) says:

Re:

Youtube.com is owned by Youtube LLC, their servers are operated by Youtube LLC and all videos are on servers operated by Youtube LLC.
Now suddenly, Youtube is guilty of copyright infringement, using the metric you outlined above.
Again, due process says that the government should prove guilt before punishment. No law says that you have to prove your innocence. If I’m accused of a crime and the government can’t bring any actual evidence to trial, I don’t have to say anything or do anything at all. The lack of evidence (should) get me acquitted.

Marcus Carab (profile) says:

Re:

If the material is there, the “proving innocence” is showing that they are not the source. Think about it. In legal terms, the site is owned by the company, the servers are operated by the company, and the material is on the servers operated by the company. In a very basic way, this is “dead to rights”. What these “user submitted” companies are doing is claiming innocence because someone else did it. That would be “proving innocence”.

Umm, okay, but my point remains: they shouldn’t have to “prove” their innocence before they are punished like this. Because yes, it is a punishment – a few days without your domain and a few thousand confused customers can be enough to sink a startup.

The fact that it’s possible for employees to use the service for illegal purposes does not justify seizing it without any actual evidence that they are doing so. That’s insane.

Caliburn (profile) says:

And this is why you shouldn’t host a domain name with GoDaddy… they’re useless.

Personally I’d be hounding the Secret Service every 60 minutes day and night until I received an answer. I would have also already lawyered up and moved to file a lawsuit against GoDaddy and the Secret Service.

Crippling an entire business like this… it’s sickening.

Marcus Carab (profile) says:

Thanks US Government

How about hiring a programming and making your own forms, so you are not relying on a third party to do a key part of your business for you?

Holy shit you cannot be this stupid. Yeah, let’s just do away with all B2B services and all outsourcing. Every company that wants a web presence should hire an entire web development team. Everybody who needs a blog should build their own CMS. And any company that attempts to offer reliable third-party solutions should be laughed at.

Rikuo (profile) says:

Re:

Room full of guests = the meatspace equivalent of a server with a couple million forms. i.e., there’s more than one obvious suspect and still a lack of evidence that either the guests (the users) or the host (Jobform) are guilty.
In both cases, the law says that no-one can be punished without having a trial and being declared guilty.

Again, you have argued for assuming that someone is guilty when you have no evidence.

Anonymous Coward says:

Arrgh@!

Hence the “with the understanding that its your right not to STFU”

Door swings both ways my friend, both sides, are essentially saying STFU, just in a more eloquent and not so eloquent way

They can say what they like, i, just like them, dont have to like whats being said

Im happy to listen to Government sheep, once i feel that Government choices and decisions are no longer influenced by those with power and money, and are in fact more interested in debating with its people

Rikuo (profile) says:

Re:

“If there are phishing forms on the server, and the server belongs to the company, then who’s forms are they?

Nobody’s?”

Then do some f*cking investigative work and find out who is responsible.
You DO NOT shut down the website without due notification. You DO NOT assume someone is guilty when you declare a a lack of evidence.

Just…why are you arguing that, in the event of the police being unable to find out who actually posted the phishing forms, then the company must automatically be guilty of the crime?

Anonymous Coward says:

Arrgh@!

Marcus, you have, yourself, mentioned censorship in this deal. Are you saying that shutting down illegal activity is censorship?

I can (barely) accept the very thin argument of censorship in relationship to copyright violations, even though I think it’s another foxhole to try to hide in more than anything. But I have a much harder time taking a term like censorship seriously in relationship to illegal activities.

It just doesn’t add up, sorry.

Marcus Carab (profile) says:

Arrgh@!

Umm, you didnt accuse us of riding our “censorship” horses – you said “copyright” horses.

Did you mean “censorship”? That’s fine if it was a typo. Yes – we are all talking about censorship, because that’s what happened here. A whole bunch of protected speech got censored. It doesn’t matter that a little bit of illegal speech got stopped with it.

A Monkey with Atitude (profile) says:

Ditch the US

not really… only difference is ones mostly Marxists at this point and the other are corporate shill/corportists (let the big corps rule, cant remember the proper term)…

Ill let you decide which is which… both could give a piss about the rest of us you know the actual citizens) and both tell tall stories to try get you believe they are different.

Anonymous Coward says:

Time to go

Marcus, you are making a very standard mistake that is often made on this site.

It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many users are signed up to a service and say “well, we can’t police that one, can we?”.

If the site was currently being used in a phishing scam (as has been suggested on other sites), it was expedient to protect millions of potential victims by shutting the domain down, at least temporarily, until a solution can be found. I for one find it comforting that law enforcement isn’t willing to just play whack-a-mole with it, shutting down the ones they know about.

It sucks for the other people involved, but what can you do?

Let’s say there is a guy in the youth hostel you live in with a gun. He is holding police at bay. The police remarkably stop you from getting back to your bunk. Are they stopping your rights to freely move about? Is your right to move about more important than their right to deal with a law breaker, an illegal situation?

Based on what I can see on Google, jotform is one of the “tools of choice” for phishing and email collection scams. The domain has been blocked before for phishing scams by opendns, etc. There is plenty of indication out there that this service was used widely by phishers. If I was a potential user of their service, I would sort of check them out first. I wouldn’t stake my multi million dollar online business on a third party form builder being up and online.

Marcus Carab (profile) says:

Time to go

It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. … Let’s say there is a guy in the youth hostel you live in with a gun. He is holding police at bay. The police remarkably stop you from getting back to your bunk ….

No, you are making the elementary mistake you always make by forgetting that things are different when it comes to speech. Staying in a hostel is not speech; providing web forms to interact with people is. You cannot shut down protected speech just to get at the illegal speech – just as you cannot seize a printing press because a newspaper printed one illegal thing.

Anonymous Coward says:

Re:

Marcus, this isn’t punishment, any more than police showing up to execute a search warrant and locking the doors to the business would be. It might be no different than towing away to impound an ice cream truck found to have a pound of crack in it.

This is perhaps the best explanation I can give you. What happens isn’t any different from the real world in this regard.

It’s not considered punishment when done in the real world, is it?

Anonymous Coward says:

Re:

It would be nice if the owners of the site were actually informed of what the problem was or why the site was seized, wouldn’t it?

Who cares that it was purportedly popular w/scammers? Scammers don’t run or own or operate the site. Those that do are the ones due an explanation when legal action is taken against them.

It’s only fair until it happens to you, right?

Anonymous Coward says:

Re:

Marcus, would you considering the police shutting down a book store temporarily during an investigation as censorship, or a criminal investigation?

Would you consider it an affront to free speech if a library was closed because there was a crazed gunman inside?

Would you consider it broad censorship if a radio station was taken off the air because police needed to shut down the transmitter to get to someone who was hanging off the transmission tower threatening suicide?

There is no absolutes in play here. If the allegations floating around are true, I feel sorry for the other users, but phishing scams are a real crime, a real problem, and they need to be addressed directly. Your short term “freedom of speech” issues are not enough to stop law enforcement from doing their jobs.

MrWilson says:

Time to go

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it.”

Your logic elsewhere: “It doesn’t matter how many LEGAL messages were being sent by email, if email is used for illegal purposes like selling counterfeit viagra, we must shut email down.”

“It doesn’t matter how many LEGAL items were being sent by UPS, if UPS is used for illegal purposes like shipping illicit drugs or counterfeit goods, we must shut UPS down.”

“It doesn’t matter how many citizens defend themselves with firearms LEGALLY, if guns are used for illegal purposes like robbery and murder, we must confiscate all guns.

Anonymous Coward says:

Re:

“Marcus, this isn’t punishment, any more than police showing up to execute a search warrant and locking the doors to the business would be.”

Except seizing the domain doesn’t actually seize any evidence. It would be like locking the front door to the business but leaving the back alley door alone. Which I don’t think police have ever done unless there was something about the front door in particular that was a problem.

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. “

Seriously? Then we need to shut down the Internet. The wire going from California to Florida has a TON on illegal stuff going over it, we need to sever it! And since the Internet will automatically try to route around the damage, we need to sever every single connection because otherwise it will be used for illegal activity.

Or if you think that only applies to domains – well, as people have said, pretty much every email provider has hosted illegal emails. Every generic search provider has returned links to sites doing illegal things. Any site that allows user-generated content has at least the potential for an illegal submission. There won’t be much left if your standard is that any illegal activity means a domain needs to shut down, regardless of the percentage.

Anonymous Coward says:

Time to go

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many users are signed up to a service and say “well, we can’t police that one, can we?”.”

That is the freaking problem the police doesn’t check, the business is not responsible for what others do and should not be, to close it all down because of others is foreclosing the entire business of offering something to others, is like closing down Ford because one of its suppliers is a crook.

Marcus Carab (profile) says:

Re:

*sigh*

I assume you are trying to lead me down the rabbit hole to Arcara v. Cloud so you can triumphantly wave that in my face. But once again, you are making an elementary mistake: none of those crimes you give as examples involve speech. They may take place alongside speech, or in a place where speech happens, but they are not speech themselves, and that changes the legal contours.

The key here is United States v. O’Brien, which requires a statute that quashes illegal speech to be no broader than necessary. Cloud Books presented that in their defense, saying that closure of the book store was broader than necessary to prevent prostitution. However, the courts in Arcara v. Cloud held that since prostitution is not itself an expressive activity, U.S.v.O’Brien had no relevance.

That is the difference between your examples (which are all very similar to Arcara v. Cloud) and the situation with JotForm, where the illegal activity is also itself speech, just not protected speech.

Anonymous Coward says:

Re:

There is no simple way but there is a way that is why they pay “investigators” for isn’t it?

You don’t go around closing others people’s business because you suspect he is a crook you first prove it.

I hope the people responsible for this get slapped hard with a counter suit asking for millions in restitution and damages this is just abuse.

Someantimalwareguy (profile) says:

Re:

And if someone wanted to really screw with you for some reason and planted a packet of crack in your car while you are in the store and then calls the police with a “tip” about you having illegal narcotics in your car? Are you guilty?

What if a LEO had a gripe against you and did this him/herself and then arrested you to up their arrest rate statistics…are you still guilty?

Should you be arrested for that crack in your car if some perp tried to hide their illegal activities while running from the police by throwing the evidence into an open window while you were away from your vehicle?

Anonymous Coward says:

Re:

“It’s on par with a pound of crack on the drivers seat of your car.”

No, it’s more on par with a pound of crack in a suitcase in the back seat of a taxi. It would be foolish to assume it belonged to the driver. And in THAT case you might even impound the taxi – but only becasue it actually might contain evidence. The domain name does not contain evidence. The servers might, but they aren’t seizing the servers. It’s like they welded shut the passenger side door of the taxi. The taxi can still drive, it can even still drive the people transporting crack. They just have to walk over to the driver’s side.

“There is at least enough there to merit further investigation.”

Fine, investigate!

Anonymous Coward says:

Re:

So what, the police should go after the people responsible for the scams not the provider of a service that make it easier for them to do it, which is not illegal and is directed for law abiding citizens not them scamers.

This nothing like say a torrent website I want to see the government demonstrate that the majority of the users there are scamers and not honest people doing business.

E. Zachary Knight (profile) says:

what does jotform do?

They are down for all intents and purposes. Most of the people and businesses using the site legitimately have linked to the .com. Now all those links are broken causing massive user issues that would not have occurred had the site not been seized.

This is a censorship issue. Just because you refuse to see it that way does not mean it is not true.

Anonymous Coward says:

Time to go

I think the problem is this: the suitcase is in the hotel “luggage storage area”, has been for weeks, has no name tag on it, etc. While they may not assume it’s the hotel’s bag, they might question the staff about it, because it would require some complicity for it to stay there that long without any tag or claim on it.

Further, if the hotel only allowed guest to register as “anonymous” and nobody was actually ever shown in the rooms, what would you think?

If every fire hose cabinet and every stairwell space was packed with bags full of fake money, don’t you think the hotel would come under SOME suspicion? Don’t you think if the police found counterfeit money in multiple places that they might lock the doors and start a careful search?

We don’t know the circumstances, but we do know that there are issues. You don’t eliminate suspects in a crime just because they seem nice.

Torg (profile) says:

Time to go

I’d like to poke at this “until a solution can be found” business.

This website is based around user submissions. Letting people quickly and easily create forms to fill out is their business model. Finding a good general solution to the occasional phisher would require each submission to be reviewed manually. That isn’t feasible given their traffic volume. I suppose it could also be possible for a computer to clear each submission, provided that Artificial General Intelligence is invented soon, but that doesn’t seem like a safe assumption. So as reviewing everything their customers do isn’t an option, the remaining solution is whack-a-mole. You know, the thing they could’ve done in the first place instead of shutting the site down.

Anonymous Coward says:

Re:

Needed to act responsably and in a way to minimize any collateral damage, not go in and try to destroy a business because of a few bad apples.

Do the police seize the assets of labels for the bad habits of their singers and employees?

Of course not they would have been hit with so many counter lawsuits they would be litigating for decades.

Maybe is that what people should do prepare a super fund for legal expenses and just wait for the government to come around and BAM sue them for loss of business, damages, calumny, defamation, incompetency and anything possible so they learn that they can’t just go seizing anything at will.

Gwiz (profile) says:

Re:

There is absolutely no indication that this has anything to do with copyright. How are you making that conclusion?

Umm. I haven’t made a conclusion either way. You did when you stated empirically that it had nothing to do with copyright. So I asked how you might possibly know that.

And yes, I did see a few indications that this somehow involved phishing scams. I also saw a claim that this was a result of a DMCA notice, so…..

Anonymous Coward says:

Re:

Seizing the domain (at least for the moment) stops all of the potential phishing activity cold. If some group has spiked the domain with thousands of phishing forms, it’s pretty much a better deal to do something to stop the illegal activity, and work to restore service to valid customers going forward.

I would rather than millions of people are protected from scammers than a few thousand businesses get to keep using freebie forms. That’s just my opinion.

ltlw0lf (profile) says:

Re:

You are right this isn’t about copyright, its about prior restraint. There are half a million users at JotForm.com. There are now over 300,000 web sites that have partial functionality because of this take down by the Secret service. Blog comments forms, contact forms, order forms, etc all taken down due to a lack of due process.

If they can do it to JotForm.com, they can easily do the same with Google Docs. I have a ton of shared forms on Google Docs, and have seen others use them for the same purpose. If Google Docs goes down, I believe the web itself would disappear for a while.

Rikuo says:

Re:

“Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.”

That’s what you said, directly quoted. You are saying that when you have no proof of who is guilty of a crime, you can still ASSUME someone is guilty anyway, based on a tangential link.

COP: Good evening, Mr. Jotform owner. There’s a phishing form found on one of your servers. At this point in time, we don’t know who is responsible for it, either an external user, or someone from your company. But, we’re going to shut down your entire website anyway. Be thankful we didn’t arrest you as well!

That’s what you’re arguing (or at least, half the time. You keep switching between no evidence required and evidence required).

Torg (profile) says:

Time to go

Hotel luggage storage areas tend to be small enough for mortals to examine without trouble. If a hotel’s storage area was the size of, say, Massachusetts, I’d be willing to give them the benefit of the doubt.

And then you go off on this tangent about a hotel being filled to the brim with counterfeit money and none of the customers ever using their rooms. I have no idea where you’re getting this idea from, since “is used by phishers” and “is dedicated solely to phishing” are as far apart as a city that contains drug dealers is from a city in which you can’t turn your back on anyone or they’ll run up behind you and fill you with heroin. Yes, in the second case I’d think that the people running the city had something to do with it, but we haven’t seen any evidence that this website’s phishers are anything but the natural result of a website that helps people to collect information other people give them.

Anonymous Coward says:

Time to go

“Don’t you think if the police found counterfeit money in multiple places that they might lock the doors and start a careful search?”

Again… all they did was lock the front door. Which (A) Will cause many customers to go away, not knowing about the back door, and will greatly harm the business. (B) Does allow anyone to use the back door, legitimate users and criminals alike. (C) Alerts the hotel owners (and hotel users) to the existence of the investigation. (D) Does nothing to obtain evidence. (E) Does nothing to preserve evidence. (F) Totally ruins the chess tournament that was going to be held in the conference room, because only 6 people show up instead of 50. I guess the tournament organizers shouldn’t have based their entire business model on a third-party location, right?

Look: Even you have to admit, seizing one domain while leaving the site active on another is stupid. If you think the site should be shut down, then the site should be actually shut down. If you think it should not be shut down, then it should not be shut down. Going halfway serves no purpose, and I would like to know exactly why the government feels this was the correct course of action.

As to why they went halfway: My guess is that they didn’t have enough evidence to actually do anything. But you don’t need evidence to politely ask GoDaddy to shut down the domain. After all, that’s not the government shutting down the demain, that’s GoDaddy shutting down the domain. So they did this, because they could.

Anonymous Coward says:

Re:

Okay, let me give you a better example to work from. Say a newspaper (nice legit business full of free speech) is doing well. But one of the guys running the printing press has found a way to use that press to print money in the off hours. He stores the fake money in broom closets and storage rooms all over the newspaper building.

Further, the techniques used to do this printing are hidden on the company’s computers.

Now, would you consider it censorship if the newspaper building was locked for, say, 48 hours during an investigation, searching for the money? Would you consider it an affront to free speech if the company servers were seized, and access to that particular printing press shut down during the investigation?

I have a hard time seeing a computer form as “speech” in any great meaningful way. I just gave you an example that is clearly on speech… how do you deal with it, without hurting the investigation?

Marcus Carab (profile) says:

Thanks US Government

lol. Okay, you go ahead and believe that. You clearly have no idea how business, or the internet, works.

Should nobody use Google Analytics either? Just hire a team of ten full-time developers for a few months to build you your own custom analytics suite, right?

And for that matter, nobody should pay a web hosting company, should they? It’s just a matter of installing a high-capacity line, buying a rack server, and hiring a small IT team to maintain it – then you have your own web server. The software is open source, so clearly everyone should be doing it in-house, right?

Anonymous Coward says:

Re:

Once again: The core difference is that the shutdown in your example is temporary and required for the gathering of evidence. The domain name shutdown is not going to gather or preserve any evidence. And it’s not going to be for just 48 hours, I assume. Maybe they’ll get it back in 9 months with no explaination? That seems to be how the government handles this sort of thing…

“I have a hard time seeing a computer form as “speech” in any great meaningful way.”

I guess it depends on the form. For example, this TechDirt comment submission form. It doesn’t have a whole lot of speech in it, but it DOES facilitate speech – more like how a printing press isn’t speech in itself. Or imagine a form that allows you to solicit donations for a political candidate. I would imagine such a thing would be protected under the First Amendment.

Baldaur Regis (profile) says:

GoDaddy Response

From Domain Name Wire:

Here is a comment from Ben Butler, Director of Network Abuse atGoDaddy:

In an effort to make the Internet a better and safer place, Go Daddy has a long history of following established policies designed to address a variety of issues. One of those policies is to readily comply with orders from courts, as well as confirmed official requests from law enforcement agencies.

Because of our privacy policy, we can?t disclose the specifics of our actions with respect to our customers? accounts. But, we can tell you in general terms, at the specific request of law enforcement, Go Daddy sometimes takes action to prevent further harm being caused by a website hosted on our servers. This would include things like sites engaged in phishing, malware installation, securities fraud, and so on.

Unless such request is the subject of a criminal investigation that is required, under statute, to be treated confidentially, Go Daddy promptly notifies its customers of any action taken, and provides the contact information of the law enforcement agency involved. This gives customers an opportunity to address their concerns directly with the agency in question. Our standard policy was followed in the case you mentioned.

Rikuo says:

Re:

Ahh…I think I get you now. You’re a complete moron. One or two lapses I could accept as mere poor wording on your part.

You’re confusing being a suspect with being guilty. The two are very different. When you’re a suspect, you’re typically arrested, you get the chance for bail and you have certain rights that the government must protect.
Being guilty is when you’ve been through a trial, the judge and/or jury have seen the evidence and decided that you are guilty of whatever the accusation is. You are then punished and either sent to jail/fined/have property seized, etc.
In all the examples you’ve said, yes, I guess I could see thing like that happening to a SUSPECT.
But, in legal terms, you cannot say “assume you are guilty”. You say “You are now considered a suspect, because the phishing forms were found on your computers and there is no other evidence to the contrary”.
The newspaper scenario you posted, because the fact that its a newspaper means the police would need to have a high standard of evidence that there is counterfeiting going on before they can storm in and shut them down for a couple of days (otherwise, you would have the scenario of people complaining to police every three days that Newspaper X is counterfeiting money, and the newspaper being shut down every day).

Hephaestus (profile) says:

Arrgh@!

I want to hear the truth, why don’t you tell it to me. You are not allowed to use ad hominem attacks, repeat the same talking points, use links that have nothing to do with the conversation, and you have to stick to the topic, in this case the removal of JotForm.com from DNS by GoDaddy.

“Too bad. You use to be a good debater.”

Thanks, I still am. I am just very tired of hearing the same talking points from a dozen trolls across 30 or so blogs.

As a side note. What you are seeing online now is very similar to what happened before the Arab spring. Only this time it is targeted at the content industry not a government.

Marcus Carab (profile) says:

Re:

I’m not sure counterfeiting counts as speech, either. But, if the example you describe occurred, and a printing press of a legitimate newspaper was seized because it had been used illegally by an employee, then I suspect that case would make it to the supreme court, because it would be an important prior restraint decision.

I am not saying there is NO way for law enforcement to conduct their investigation, or that there can never be ANY disruption of the site at all. What I am saying is that this is dangerous territory – and law enforcement and the courts are expected to tread very carefully when it comes to freedom of speech. This is not a “48-hour” shutdown – indeed JotForm was told that it would take a week to even tell them why they’ve been shut down. What has happened to JotForms is clearly too extreme and broadly-targeted of a remedy when speech is involved.

A Monkey with Atitude (profile) says:

Re:

except in the case of a website, its even easier for the police to investigate with out taking the domain… if its a phishing scam they can work with jot to figure out what was happening and why in real time.. taking the Domain does nothing other than punish, it preserves no evidence, it does nothing you cite the police doing. And if the police have multiple forms that are bad or suspect of criminal activity you take those, NOT THE WHOLE Fing THING.. ITS STUPID and ITS WHAT I HAVE COME TO EXPECT FROM THE USELESS TITS we have now running both the authorities and the legislation.

AND YOUR THE REASON THEY DO IT because they can point the finger at the likes of you and SAY “FOR THE CHILDREN” and bingo its all good… well i think that is going to come to an end pretty quick as it seems as if people are getting more and more sick of the crap/lies/fundamental destruction of rights….

Anonymous Coward says:

Re:

“Again, are you suggesting “too big to be dealt with by the law?”

There ARE some things that too big to be dealt with by the law – at least if you’re looking for 100% enforcement. The police can monitor a stop sign to make sure nobody runs it. They can respond to complaints about a particular car running the sign at the same time every day (but like an IP address, even a licensed and registered car does not indicate a user, you still need to investigate who was driving!). But they don’t have the manpower to put an officer at every single stop sign in the city. And even if they did, they’d need to have another officer ready to go and actually arrest the guy who ran the stop sign, since the first officer would have to stay at the stop sign in case someone else ran it. And even THEN, what happens when the cop looks down for a second to grab his coffee (hey, monitoring a stop sign for 8 hours is pretty boring work) and isn’t quite sure whether that last car came to a complete stop?

That’s not an indication that the police don’t care if you run a stop sign. It’s cold hard reality. The system of roads in a city is too big to be 100% dealt with by the law. The alternative is to either hire a police force so large it cripples the city, or to severely limit the number of roads, also crippling the city. Similarily, the number of forms submitted to JotForm and the number of videos submitted to YouTube is too large for those companies to look at them individually and determine legality.

Remeber that Beatle who tried to respond to every fan letter? It’s kind of like that. You eventually end up with a 30 year backlog.

Anonymous Coward says:

Time to go

“They aren’t going to just randomly turn it off because someone at justice gave them a call and said “please”.”

Cell phone companies have given out the location of cell phones to law enforcement without any court order or warrant literally *millions* of times. I must admit to not knowing whether a court order was involved in this case or not, but I don’t think we can just assume one was involved.

Hans says:

Time to go

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many users are signed up to a service and say “well, we can’t police that one, can we?”.”

It doesn’t matter how much legal recording is done with VCRs, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many legitimate uses there are for VCRs and say “well, we can’t police that one, can we?”

Anonymous Coward says:

Time to go

So what you are saying is that people having free forms for their sites is much more important than perhaps millions of dollars in fraud if the site is being used for phishing?

I think that you ignore the potential scale of this stuff. If you have ever tried running a fourm with standard software (like vbulletin or other) you will understand the depth of the problem of spam, phishing attempts, and such. These guys go all out. I wouldn’t be shocked to hear that a single group could generate tens of thousands of forms. Whack a mole just wouldn’t deal with it.

Anonymous Coward says:

Re:

Here’s an example… they pull down the domain, and then they look at all the requests for it. They look around for all of the phishing forms, while making it impossible for any spammer who directly linked the forms to get data. Perhaps they are recording all the incoming requests to the .com to see who is actually using the forms in question, etc.

Considering that Jetform has in the past been the host for phishing forms, and has again and again over the last couple of years been noted for the same issues, including on their own chat boards, it would seem that perhaps there is more here than meets the eye. How about we let it settle out before we draw any conclusions?

Anonymous Coward says:

Thanks US Government

Marcus, this is again one of those real world business decision things. Do you (a) use a remote service that you have no control over, that can disappear in an instant, and the like, or do you (b) come up with an in house solution using one of many different form systems handle the form, freeing you from depending on a third party to keep your stuff up?

Even in webhosting, it is HIGHLY recommended that you keep offsite backups / development copies on a local server, such that you always have a backup. Hosting companies do disappear, floods do happen, fires occur, and heck, even servers themselves explode and shred themselves up. If you are operating without a backup, you are foolish.

There are risks in business. You do a risk / reward calculation, and make your move. You can do the forms yourself, you could even contract it out if you need to. In the end, you own it, you control it, and your risk is limited.

Marcus Carab (profile) says:

Thanks US Government

It shows how out of touch you are that you don’t understand how much of the internet relies on people using each others’ services.

Yes, obviously nothing is 100% reliable, and you have to factor that into your business decisions. What is your point? That doesn’t change the fact that this censorship by the government harmed tonnes of legitimate users – and that’s not a good thing.

Boston Marketer (user link) says:

Ah, the goverment at work, screw someone over then tell them you might look into it at some point in the future, if you feel like it.

Pretty stupid move by the goverment, and a horrible situation to be in form JotForm guys. Hope they can recover and won’t suffer too much user loses as a result of this stupidity. Their forms are really nice, so I hope to continue to use them.

Also, if goverment used logic they should be shutting down the .net version of jotforms as well (or they should not have shut down the .com version in the first place) Then again, logic and goverment?

Anonymous Coward says:

Thanks US Government

Still not seeing the censorship, Marcus.

What I am seeing is a service that may have been infested with phishing scams, taken down for a clean up. If you have a problem with censorship, take it up with the people who set up the phishing scams.

Balance it out. People’s rights to forms, or people’s rights not to be scammed out of their hard earned money. I’ll take the latter.

Marcus Carab (profile) says:

Re:

Considering that Jetform has in the past been the host for phishing forms, and has again and again over the last couple of years been noted for the same issues, including on their own chat boards, it would seem that perhaps there is more here than meets the eye.

No, it wouldn’t. Google, Live Mail and Facebook are INUNDATED with illegal spammers, and false accounts being used to commit worse crimes than spam – and despite ongoing efforts to prevent it, it still happens en masse, and has been for years. Shall we seize all their domains as well?

Anonymous Coward says:

Time to go

The police could declare the park a crime scene, and keep it closed for as long as they needed to investigate the crime.

They could also declare something inside the park a public health risk, and close that area for as long as it takes to mitigate the risk.

If the park is filled with guys selling crack, the potential is that they could go in, make arrests, and order the park emptied while the search for drugs and dangerous needles.

You seem to forget that this site wasn’t closed down just for the fun of it. They had something to work from.

Violated (profile) says:

Re:

You are right there. The best defence is always a good offence.

It is shame we do not have this woman’s name and contact details to point out a few facts that JotForm may be too polite to do themselves.

I stand by my claim. Under the law if someone cannot answer why your property has been seized when you ask then this is court quality evidence that they have no justifiable reason.

So JotForm are indeed in a nice position to sue should and when they feel is the right time. I trust they are recording the evidence.

Anonymous Coward says:

Arrgh@!

Congrats for adding nothing.

I brought something to the table. The history of Jotform as it relates to phishing scams, mentioning that it was blocked in the past by opendns as a result of it, etc. We also have Godaddy’s statement of the type of things they would pull a site for. Seems so far we are on the right track.

So there are no talking points, no nothing. Just facts.

“What you are seeing online now is very similar to what happened before the Arab spring.”

All I can say is that you are truly full of yourself. You get on me about speculation, and then you post up that crap? You use to be a good debater, that is really gone now.

Anonymous Coward says:

Arrgh@!

So, what is your version of several?

What happens if the legal 300,000 forms account for 2 million page views, and the “several” phishing forms are getting even 10% of that traffic. How many people have to get scammed before there is a balance?

Would you feel the same if your parents were scammed out of their savings by a phishing scam?

You use to be a good debater, now you are just “angry dude” in a white hat.

Anonymous Coward says:

Re:

“You don’t go around closing others people’s business because you suspect he is a crook you first prove it.”

No, it doesn’t work that way. You don’t have to prove it, you only have to get a reasonable suspicion, the level required to get a warrant or to take action.

Proof is used in a court of law to determine innocence or guilty. The standards for arrests, searches, and seizures pending investigation and trial are a little lower.

Anonymous Coward says:

Thanks US Government

Marcus, this sort of thing has been explained to you about 1000 times over. You are the one about people trying to “lead you down foxholes”, but here you are trying to stand behind the last wall of defense of the indefensible.

Let’s just say that the nature of email is different from the nature of a web page or form. You can go off and study that and try to figure out the answer, you might get it one day.

Careful too, because after this line of defense, it’s a pretty sharp cliff right behind you.

Marcus Carab (profile) says:

Thanks US Government

Let’s just say that the nature of email is different from the nature of a web page or form.

Bwahahahahahaha. Says the guy who is all over this thread posting analogies to gunmen in parks, and people holding up book stores, and guys jumping off of radio towers, and deliverymen smuggling drugs, and hotels stashing counterfeit cash.

That you turn around and accuse me of an inaccurate analogy is fucking hilarious, and since I’m heading out now for a few hours anyway I think I shall take it as final proof that you’ve lost this argument and have nothing more to say.

MeryR says:

Re:

Click the links, dork. They work.

The second link can’t really say if its the people at Jotform who wrote that or not, but that’s what a court case is about.

HOWEVER! Your first link sure seems to indicate that they do indeed respond to reported pfishing forms and remove them.

To quote the response to the forensic investigator’s post in its entirety here you go:


Answered by liyam on January 31, 2012
Thank you for reporting this, Aileen. I have now suspended the account. If there is anything that you need regarding this incident, please let us know and we’ll be glad to assist you.

Warm regards,

Liyam

Note that’s a same day response on a request for them to pull something down. So, we’re going with them being guilty why again? They have forms that clearly there is a guide to make… and its their fault someone else is making something using their service?

Shall we now ban brake fluid, guns, cars, hammers, knives and other sharp/pointy/blunt things that can be used in the commission of a crime?

Hans says:

Re:

What an argumentative asshole. First it’s “Oh? I didn’t see any banner that said “THIS IS A CHILD PORN SITE”.”

and Rikuo does your research for you and posts the link to the easily found image. So what’s your response? Is it “Oh, I didn’t realize, point taken.”? No, it’s “Yup. Were they on a domain that child porn on it?”

Well, how about you do a little research on your own, asshole? You’re clearly just here to argue. Screw off!

Oblate (profile) says:

Time to go

This is not like shutting down a park for a valid reason. This is more like they suspect crime in one park, so they shut down all the parks. Your picnic basket? You’ll get that back when they feel like it. Maybe. Don’t complain, because most of your food will still be in it.
Hopefully this highlights the apparent ridiculousness of the situation.

hmm (profile) says:

Re:

they do that now you know…

If I accuse you of being a terrorist then you get hauled off to camp xray or one of those lovely “holiday villas” they have in alaska, poland or the chinese mainland….no lawyer, never find what you’re charged for for several years…then released with no apology or compensation.

And remember, the FBI sez everyone with a GPS (or a tidy garden) is a terrorist…….

Anonymous Coward says:

Re:

It also stops a business from operating, putting people out of work unnecessarily. Instead of blaming the company and alerting the real criminals, work quietly with the company and catch the real criminals in the act while allowing everyone else their rights. I would rather a few thousand do not have their rights stomped into the curb than a few million avoid having to learn how to avoid a scam.

Anonymous Coward says:

Re:

They are close, yes, but that is not proof of guilt anymore than find a bloody knife in your home proves you stabbed the man on the street. Further evidence is required, as what you have is circumstantial. Ergo, the logs would be examined. You say the logs can be modified, but that does not automatically negate their usefullness. A forensics examiner that specializes in systems can determine if the logs were modified and give a possible time frame as to when. Do not discredit ANY evidence based upon your own bias.

B Pickel (profile) says:

Time to go

I find hypotheticals to compare physical world issues to digital issues are often like line graphs involving x^2, X3 etc where the point(s) crossing the y axis are your base arguments for why the digital world is the same as ?insert situation.?
Nether the less I have adjusted your hypothetical to be more accurate to this issue
?Let’s say there is a guy in the youth hostel you live in with a gun. He is holding police at bay. The police remarkably stop you from getting back to your bunk .?

ltlw0lf (profile) says:

Re:

I really wish they would shut down a really large site.

Give it time. If there is one thing I’ve learned in government is that there is no shortage of stupidity, especially the higher you go.

Given that Google Docs uses docs.google.com, I wonder if they would just block that URL or if they would go for google.com instead? And if they did, much to the chagrin of the ACs here with tinfoil hats, I believe that would be a black day on the internet.

Anonymous Coward says:

Re:

Can you please give me an example of a phishing page hosted on hotmail?

Can you give me an example of a phishing page hosted on Google?

Can you give me an example of Google being used to host many, many phishing pages?

Can you show me hotmail or google providing the technology to specifically collect user information?

Oh, oops. Marcus is about to fail.

Anonymous Coward says:

Time to go

It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it.

That’s why google and youtube were both taken down in 2004, right?

Typically when there is some illegal content on a site with a basis in user-or-algorithmic-generated-content, they tend to work with the webmasters to help clean the site up. In fact there was something passed in America that dealt with that possibility explicitly, maybe you’ve heard of it.

Or maybe you just like spouting crap and have decided that the typical act of going from article to article posting “freetards” is getting old, and decided to instead try your hand at debating and arguing. Word to the wise, stick to the basics, kid, you’re not ready for the big leagues.

Anonymous Coward says:

Time to go

So what you are saying is that people having free forms for their sites is much more important than perhaps millions of dollars in fraud if the site is being used for phishing?

Okay, so this post is either going to be a
-Strawman
-Intentional misrepresentation of the problem
-Attempt to poison the well

Let’s see which it is!

These guys go all out. I wouldn’t be shocked to hear that a single group could generate tens of thousands of forms.

Let’s hear it for misrepresentation!

“CRIMINALS COULD USE FORMS FOR PHISHING SCHEMES, THIS UNRELATED, LEGITIMATE BUSINESS MUST BE STOPPED BECAUSE SOMEONE DOING SOMETHING ILLEGAL USED THEIR SERVICE!”

I heard a criminal once drove a car, let’s impound every car in the country.

What’s funny is that you have no words for things like “Pastebin”, places that could be used to host thousands of magnet links or other illicit links. OR as it’s more commonly used, a place for programmers and other people to save a piece of text to look at later.

But since user generated content is evil, let’s just take down pastebin while we’re at it.

Anonymous Coward says:

Its official ....

Just checked google, it went to the same site he posted that shows 304K backlinks.

Your source shows nothing, because your response is just “USE GOOGLE LOL”.

Gosh I wonder which one to believe, the algorithmic engine that tells me how many backlinks it factually sees or the child that has been crying all up and down the comment section that the site is evil and should be crushed by God’s foot.