"Cybercrime" investigator Rob Holmes has an interesting post arguing that seizing domains is a recipe for making the problems of illegal activity online even worse. He takes credit for being one of the first to suggest that domains could be viewed as "tools" of a criminal, thus making them ripe for seizure. However, he's not impressed by those in law enforcement who are eagerly seizing domains by the dozens -- in part because he thinks it helps actual criminals more than it hurts them:
The reason we are fighting the good fight is to stop people from doing bad things and hold them accountable for their actions. Whether you are enforcing trademark rights or car thefts, this has to be done one person at a time. In 2010 a client asked me what we could take away from the offenders to make them stop. My simple answer was “Their freedom.” Entrepreneurs will always find a way to do business. Bad guys need to be put away to reflect on their actions. Nothing else will stop them. When you take away only the tool, you are training the criminal to improve. I am not in the business of training crooks. Are you?
This, of course, is a different perspective. Most of us have been concerned about the free speech and collateral damage issues raised by domain seizures. But Holmes is making the argument that, even when we're talking about confirmed criminal activity, domain seizures are counterproductive because they're going after a tool rather than those actually responsible.
New York City officials are apparently all excited about a guaranteed $3.6 million "risk free to taxpayers" after signing a deal with a Virginia company to offer .nyc domains. This is one of those things that sounds good until you think it through, and then you realize it's effectively a hidden business tax. NYC gets to promote it as a way for more companies in NYC to have domains, and to identify themselves as NYC-based companies. But for companies already based there, they now need to buy up these domains they don't want or need, just to keep others from buying them up.
To businesses, which only need one website address, new domain names are often a tax they must pay to protect their brand. It’s as if someone printed an alternate copy of the White Pages and asked companies to buy a listing before it was sold to someone else.
In this case, a New York City company like Bloomberg would have to buy Bloomberg.nyc or face having to buy it back at a higher price. Other iconic New York City brands will likely watch nervously to see what becomes names like of “gossipgirl.nyc” or “magnoliabakery.nyc”
The company behind this is asking people to pre-register "for free," but (tellingly) does not share how much the .nyc domains will actually cost once registration opens for real. So while NYC officials can pretend that they've "found" money here, the reality is that they're creating a totally wasteful business tax and a true nuisance for NYC businesses.
IP maximalists now seem to be targeting ICANN as yet another way to overclaim their rights and block legitimate domains from existing. As we've been discussing, there have been several fights concerning the new generic top level domains (gTLDs) where we've seen folks like the entertainment industry demand extra special measures to keep them from being used to infringe copyrights. But the trademark folks may be going even further. We already have the (somewhat flawed) UDRP (Uniformed Domain Dispute Resolution Process) system for trademark holders to try to claim rights over a domain. This process lets trademark holders go through an arbitration process if they feel someone is abusing a trademark in a domain. In the past, we've discussed how this process is pretty sloppy, but it still heavily favors trademark holders. As in many arbitration situations, the big companies who bring back business to the arbitrators (magically) seem to win quite frequently.
However, that's just not enough for these trademark holders. Last year, for these new gTLDs, they were also able to establish a separate process, the URS (Uniform Rapid Suspension System) which, everyone was told, would only be used for the most egregious cases of trademark infringement -- the cases where it's so totally obvious that the domain in question infringes that the whole process can be cheap and streamlined.
However, before this process has even really been tested, trademark holders are trying very, very hard to basically lower the standards on URS and broaden the reach of it, such that it more or less replaces the UDRP process -- and thus makes it a system that lets trademark holders seize the domains of those they accuse of infringement very cheaply, with minimal review, and to also block certain words from being registered in domains. Even more incredible? They're abusing an ICANN comment process to push this plan (which ICANN had earlier rejected).
All of this came out recently in a letter to ICANN's board raising concerns about this effort. ICANN had opened up a comment period for a specific issue having to do with gTLDs, and the trademark folks went hogwild, asking for all of these other things, including:
Lowering the standard for when the simplified URS process (seize domains quickly, ask questions later) process can be put in place. Originally, the bar had been set high so that this process could only be used in truly egregious cases where there was no question that the domain was infringing. But the proposal sought to lower the standard such that it's the same as the UDRP standard (effectively stepping in and replacing UDRP).
Changing the already agreed upon URS system, such that domains that go through the process aren't just suspended, but transferred to the trademark holder. In other words, rather than just shutting down the domain, this fastpass system would simply turn the domains over to the trademark bullies.
Saying that the URS process (which was developed just for these new TLDs) should also be expanded to cover the most important TLD of all: .com. Yes, that's right. That's the goal in all of this. To actually make it much, much easier for trademark bullies to completely shut down and gain control of domains that they don't like others to use, and to do it cheaply, with very little review.
And they did all this by abusing a comment process that has nothing to do with these issues, and despite the fact that earlier hard-fought battles over these issues came out with them on the losing side. But, this is how IP maximalists work. They just keep trying every way possible to get the same ridiculous rules made in their favor.
The feds domain name seizure powers seem simple enough (if of extremely questionable legality, seeing as domains involve speech which requires a higher standard to seize), so it really amazes me how badly they seem to regularly screw up in using them. The latest is the seizure of Bodog.com as well as the indictment of Bodog boss Calvin Ayre. While there's been lots of attention paid to the seizures of sites having to do with copyright and trademark infringement, the same feds (ICE and the DOJ) have also been using the same powers gleefully to stop you from playing poker online. You may recall that they seized PokerStars, Full Tilt Poker and Absolute Poker last April, followed up by 10 more domain seizures in May (which was especially bizarre, since the key thing that's illegal is processing payments, but in that case, the federal government set up its own fake payment processor for those sites...).
Bodog, however, has been considered the "big dog" of online poker for quite some time, raising some questions as to why it wasn't included in last years' busts. Of course, in typical fashion, the feds seem to have targeted the wrong domain. Bodog gambling sites moved off of Bodog.com ages ago -- first due to a patent dispute, and later to avoid having the sites on US controlled domains. For quite some time the company has mainly relied on bodog.eu, and more recently has been offering a different domain called Bovada.lv for US-based players.
As for Bodog.com? It had become the face of the "Bodog Brand" and was used for licensing the Bodog name, but wasn't itself a gambling site in ages. The affidavit for seizure (pdf and embedded below) claims that federal agents set up accounts and gambled on Bodog.com, but I really wonder if they didn't miss the fact that they were redirected to another site. Checking the internet archive, it certainly looks like Bodog.com was pretty much out of commission long before the feds claimed to have set up and used accounts there. Either way, the seizure seems unlikely to do much to stop gambling on Bodog sites, considering that the actual gambling was happening on sites, other than Bodog.com, which likely are still perfectly operational.
As for the actual indictment (pdf and embedded below) against the individuals, it's more or less what you'd expect. They focus a lot how Bodog moved money around, but much of that was only necessary because of the (relatively recent) decision by some politicians in the US to sneak an anti-online gambling bill into a bill about protecting our ports and harbors. Ever since then there's been a growing effort in Congress to actually make online gambling legal again -- in part because the big casinos who mostly supported the original ban have now changed their minds and want in on the action. In other words, while it is likely that Ayers and his team did violate the law, there are a lot of questions about the law itself, and there's a half decent chance that what he was doing will be perfectly legal before too long.
Kinda makes you wonder why the feds are spending their time and taxpayer-funded resources on such a thing, doesn't it?
As for Ayers, he sounds pretty defiant, suggesting that this is really just the feds acting in the best interests of large casinos who don't like the competition:
I see this as abuse of the US criminal justice system for the commercial gain of large US corporations. It is clear that the online gaming industry is legal under international law and in the case of these documents is it also clear that the rule of law was not allowed to slow down a rush to try to win the war of public opinion.
These documents were filed with Forbes magazine before they were filed anywhere else and were drafted with the consumption of the media as a primary objective. We will all look at this and discuss the future with our advisors, but it will not stop my many business interests globally that are unrelated to anything in the US....
The whole thing seems like a big waste of time by some federal officials who like big headlines, but don't seem particularly focused on stopping crimes that actually cause real harm.
There's been a lot of interest in the story of the Secret Service completely shutting down JotForm.com through a request to GoDaddy. It appears that the suspension is now ending, though it hasn't fully propagated. What's amazing is that no one in the US government (or at GoDaddy) seems to be willing to explain what happened. When GoDaddy completely shut down JotForm.com with no notice, the folks at JotForm had to inquire as to what the hell happened to their entire website. They were merely told to contact a Secret Service agent. That agent then told JotForm she was too busy to respond to them and would get back to them within a week.
Think about that for a second. The US government completely takes down a small business' website and then is too busy to explain why.
JotForm noted that it was willing to cooperate fully if there were specific users that were a problem, but the Secret Service did not seem to care that it had almost destroyed an entire startup's business:
When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.
So far, the Secret Service still isn't talking, returning a bland and meaningless statement to press requests:
"We are aware of the incident and we're reviewing it internally to make sure all the proper procedures and protocols were followed."
GoDaddy, similarly, appears to be staying almost entirely silent.
All of this is completely unacceptable. Almost everything about this sets off alarm bells about over aggressive (and potentially illegal) censorship by the US government of protected free speech. We've been seeing a much more aggressive and overreaching effort by US officials against websites over the past 18 months or so, and at some point, they're going to get smacked down by a court who will explain to them the nature of the First Amendment and the fact that you can't unilaterally take down entire websites without recognizing the collateral damage on legitimate web businesses.
One of the key principles behind the growth of the internet was belief in protection against secondary liability claims. That is, if you set up a website where users can post stuff, the people who post stuff are liable for the content -- not you as the service provider in the middle. This is the core purpose behind Section 230 of the CDA (and, to a lesser extent) the DMCA's safe harbors. But there are some loopholes where technically there are no official safe harbors (though common sense says you still shouldn't be liable). The website JotForm.com, which allows individuals to create their own forms easily, has had its main domain, jotform.com "suspended" by the US government, due to "an ongoing investigation." Because of this JotForm is forcing all of its users to change their forms to use their .net domain rather than their .com.
Many people on the comments assumed the content was posted by us. This can happen to any site that allows public to post content. SOPA may not have passed, but what happened shows that it is already being practiced. All they have to do is to ask GoDaddy to take a site down. We have 2 millions user generated forms. It is not possible for us to manually review all forms. This can happen to any web site that allows user generated content.
I'm at a loss as to how this possibly makes sense. Even if the forms were being used for some illegal purpose (and it's important to note that Section 230 does not apply to criminal activity -- just civil offenses), I still can't fathom a reason why it should lead to everyone else getting censored and an internet startup facing a massive hardship wherein tons of users have had their service disrupted with millions of useful forms being suddenly disappeared.
And I won't even bother spending any time on the fact that apparently it was GoDaddy who helped the US government "suspend" the domain.
For a government that insists it's trying to help small businesses and startups, to go and disrupt one and all of its users over some possible illegal usage by a small number of users is just crazy. It's this kind of overly broad censorship (and, yes, this is clear censorship) that is what people were afraid of under SOPA. As JotForm notes, it's important to recognize that the US government already believes it has these powers. And the damage here for a small business is massive. JotForm has been filling its Twitter feed with customer service attempts at helping upset customers, and making it clear it has no information on why the .com disappeared. It looks like the US government asked, and GoDaddy just took away the domain. If you've never worked for a startup, perhaps you can't imagine just how insanely disruptive and destructive such a situation can be. Everyone is so busy working and building a company -- but something like this means suddenly all of their time has to switch over to help all of those upset customers (and doing so without being able to use the site that everyone will go look at first!).
Activities like this will chill innovation and entrepreneurship in the US. Why locate here or even setup under a .com if the US government might kill your business with no explanation at any moment?
Last year, we wrote about how the UK was following in the footsteps of the US's Homeland Security/ICE domain seizures. As we noted, the process there is even less rigorous than in the US -- often without a court being involved at all. Law enforcement just had to ask, and Nominet would take down the domain. Still, we hadn't heard about any specific domains that were seized -- and we hadn't heard of any non-Nominet (which handle .co.uk domains) being subject to UK claims.
The site, like many music blogs, did post various videos and commentary about new music. Perhaps some were infringing, but you'd think that there would be a trial first. This takedown is apparently happening via SOCA, the Serious Organized Crime Agency in the UK -- who, amusingly, puts a copyright symbol on their takedown splash page. There are all sorts of issues to be raised here.
First and foremost, as mentioned, this is the first time we've heard of a foreign country seizing a .com -- which the US DOJ/DHS appear to claim as their own jurisdiction. While perhaps this was done in concert with US law enforcement, it seems pretty questionable that the US would allow what they insist are "domestic" domains to be seized by foreign countries. Think of the precedent that sets for... say... Iran. The operators of the site appear to have been in the UK, so that may be the reasoning behind this, but it still raises significant jurisdictional questions about just who can seize a .com.
Second, the big red warning at the top is insane. Merely downloading music wouldn't be a criminal offense with a possibility of 10 years imprisonment. While I'm not as familiar with the differences between civil and criminal infringement when it comes to UK copyright law, I believe it's not that different than the US, where merely downloading is going to be civil, not criminal. A quick review of UK law suggests that it can only be a criminal issue if it's done at commercial scale, and doesn't seem to apply at all to personal downloads. In fact, the UK explicitly fought the idea of expanding criminal sanctions to file sharing. So, SOCA is basically lying.
Next, the splash page claims that the music was "stolen" from artists. While the copies may be infringing, it's doubtful that the music was literally stolen.
The scare tactic of displaying your IP address and pretending that this suggests they're coming after any visitor to the site. This is, again, insane. The RIAA tried this years ago when it got the Grokster site and it was just as silly then as it is now. Merely visiting a site is not breaking the law, and splashing your IP address next to a message suggesting visitors are about to be put in jail is insane hyperbole.
Further, claiming that SOCA has the ability to "monitor" you is also an exaggeration. While it may be able to monitor certain transactions, it seems to be implying that it's watching your every move.
Claiming that "young, emerging artists may have had their careers damaged" because of this site is pretty silly. Most young, emerging artists are actively leaking their works to such sites so they can emerge. They know that obscurity is a much bigger threat than piracy ever was or will be.
Saying that downloading music means you have (absolutley) "damaged the future of the music industry" is again insane hyperbole. The music industry has continued to grow pretty consistently over the past decade. It's just one segment -- the direct sales of music -- that has stumbled, and that was the part that rarely pays artists very much anyway.
This whole thing is pretty crazy, and I'm surprised such blatant censorship by UK law enforcement of a "US" domain hasn't received more attention yet.
Despite the massive failures of Immigration and Customs Enforcement's (ICE) program to seize domains on questionable legal theories, it's right back at it. ICE has just seized over 300 domains apparently all related to the Super Bowl (of course). They did this last year too... and now the US government is in court over it with the Rojadirecta sites. Many of the sites were selling counterfeit merchandise, which is a more reasonable target, but still seems to be overblown. I'm still at a loss as to how this is any of the government's concern, rather than a civil issue that could be taken up by the NFL itself. Do we really want law enforcement officials spending time working for the NFL?
Sixteen of the sites in question, however, were supposedly offering video streaming -- which is what Rojadirecta was accused of doing (under a bogus legal theory, since it didn't actually offer the streams, but merely links). In this case, ICE also arrested one guy for running a streaming site:
Additionally, Yonjo Quiroa, 28, of Comstock Park, Mich., was arrested Wednesday by special agents with HSI. He is charged with one count of criminal infringement of a copyright related to his operation of websites that illegally streamed live sporting event telecasts and pay-per-view events over the Internet. Quiroa operated nine of the 16 streaming websites that were seized, and he operated them from his home in Michigan until yesterday's arrest.
The website seizures during Operation Fake Sweep represent the 10th phase of Operation In Our Sites, a sustained law enforcement initiative targeting counterfeiting and piracy on the Internet. The 307 websites are in the process of being seized by law enforcement, and will soon be in the custody of the federal government. Visitors to these websites will then find a seizure banner that notifies them that the domain name has been seized by federal authorities and educates them that willful copyright infringement is a federal crime.
Of course, this has to raise a pretty significant question: exactly how is someone streaming the Super Bowl harming... well... anyone? The entire point of the Super Bowl is to get as many people watching the advertisements as possible. Having the game streamed only increases the number of people watching those ads. Who, exactly, is harmed by this?
In discussing these particular website seizures (not the ones about counterfeiting products), ICE ridiculously declares that it's somehow protecting American ideas from being stolen. Do they even realize how idiotic that sounds? What "idea" is being stolen when someone makes it easier to watch the ads that go with the Super Bowl?
In looking over Eric Goldman's excellent "linkwrap" of a bunch of recent SOPA/PIPA stories, it pointed me to a News.com article from last month, about how SOPA was really about going after one single site: The Pirate Bay. I've actually heard this repeatedly -- and from folks heavily involved with the bill itself. The whole point of the bill is to try to take down The Pirate Bay. Now, we can argue back and forth about how pointless that is... but there's something else that seems important:
As written, nothing in SOPA can touch ThePirateBay's main website, ThePirateBay.org
That's because the current version of the bill excludes any .com or .org. from being a target (though, they can be required to take action against other sites). This has caused some confusion, mainly because of the changes between the original version of SOPA and the "manager's amendment," which is the current version of the bill. The manager's amendment makes you jump through some hoops to understand this, but the key point is that a "U.S.-directed site" is defined to be a "foreign internet site" in the bill (in the original SOPA, a U.S.-directed site could be any site). Then, a foreign domain name is listed as not a "domestic domain" (keep hopping!), which itself is defined as "a domain name that is registered or assigned by a domain name registrar, domain name registry or other domain name registration authority that is located within a judicial district of the United States."
This means that all .com or .org domains are domestic, since they're assigned by a registry that is located within the US (for those confused, a domain registry is a company like VeriSign that runs the master database of all domains under a single top level domain). The thinking here is that (as ICE and the Justice Department have claimed) any website that has a TLD that is controlled by an American company can be dealt with via existing laws, such as the one that ICE uses to seize websites. .com is run by VeriSign, which is based in the US. And .org is run by the Public Interest Registry, which is also based in the US (Virginia, specifically).
That means that thepiratebay.org -- the main website for The Pirate Bay... is actually immune from the two key parts of SOPA (sections 102 and 103, since both clearly state that they only cover "U.S.-directed sites").
So, based on the law as written... The Pirate Bay is immune from SOPA (though, potentially not from ICE just seizing the domain). It's worth noting the same is true of both RapidShare and Megaupload -- two other sites frequently cited by the MPAA and the US Chamber of Commerce as the types of awful, evil sites that these bills are targeted to take down. In fact, remember that "53 billion visits to rogue websites" claim that the US Chamber of Commerce loves to repeat? Nearly half of that is from RapidShare and Megavideo/Megaupload. And yet, those sites are clearly excluded from SOPA based on the definitions. So why would they still be trotting them out as examples?
It stars ICE Director John Morton, reprising his usual ridiculous refrain in which he conflates actual counterfeit goods with copyright infringement. But this time, he shows off his ability to stroll quickly through a warehouse while doing a walk-and-talk. I have to admit that it feels like a parody video most of the time. He kicks it off with a claim that he's explaining how to "steal an American job." Then he claims, "here's how to save an American job: IPR enforcement!"
He's wrong. First of all, the "job loss" from counterfeits is totally and completely exaggerated. As has been shown by multiple studies, most people buying counterfeits (hell, and downloading infringing works) wouldn't have bought the real thing instead. They know they're buying a fake good. So no "job" is lost there. And, as the government's own GAO noted last year, the idea that this all leads to lost jobs simply isn't supported by the data.
Second, enforcement does not "save jobs." It does put massive burdens on legitimate sites. Something Morton should know about since he's been taking down legitimate American sites with no legal basis for quite some time.
But before we get to that, he shows off some counterfeit products. There's a handbag, some fake drugs (they always have to show the fake drugs, despite it being a tiny issue, but they have to show some sort of "danger"). And then there's a video game mod chip. He says it "allows you to hack into video games and steal the game for free. That's illegal. That's IP theft." Of course, it's debatable if mod-chips are really illegal. They have substantial non-infringing purposes other than "hacking into video games to steal them for free" (do people steal stuff not for free?). But, you know, that's ICE under John Morton: declaring it illegal for you to modify products you legally purchased, like your gaming console. Thanks, US government!
Then we get to website censorship. And boy is he proud of that. You can see him gleaming as he says that ICE has "done a phenomenal job" and "every time they make a bust, every time they make an arrest, an American job is saved."
So, I wonder, can John Morton explain whose job was saved when his staffers incorrectly seized and censored Dajaz1.com for over a year? I'm curious. Because it sure seems like he actually hurt the ability of the Americans who run that site to make money. I'm curious whose job was saved when his staff deported a missing teen to Colombia (where she was not from). Is that the kind of "phenomenal" work under John Morton we should expect more of?
He then shows off "the news coverage" that ICE has gotten for seizing websites. Notice that he leaves out the stories about the mistaken seizure of multiple websites beyond Dajaz1. Like the seizure of 84,000 legitimate sites that were replaced with a statement claiming that they were all involved in child porn. Somehow those clips just didn't make the cut. Phenomenal work "saving American jobs!"
Morton goes on to talk up how "proud of the results" he is over the seizing of websites. Once again, no mention of the ones he seized by mistake, causing tremendous harm to those who he falsely declared as criminals. What's amazing is that he's never issued an apology over those false seizures. Instead, he's "proud of the phenomenal job" his team has done? What a joke.
Finally, he highlights the PSA that ICE put on the websites they forfeited. What he leaves out, of course, is that the PSA was both created by and owned by NBC Universal -- something ICE has never publicly admitted, but which we found out via FOIA requests. It's still shocking that a government agency would be using misleading propaganda from a private company and pretending that it's an official government production. Even worse, despite numerous requests, ICE has failed to show any proof that it properly licensed the video from NBC Universal, leading us to wonder if they "pirated" it.
ICE under John Morton has become a massive joke and a disgrace to American ideals of innocent until proven guilty and important things like free speech and due process. Rather than making this joke of a video (which certainly has Hollywood-style production... I wonder how that happened...), Morton should be issuing apologies for the mistakes that were made under his watch, and tendering his resignation. Instead, he's celebrating? Sickening.