There's been a lot of interest in the story of the Secret Service completely shutting down JotForm.com through a request to GoDaddy. It appears that the suspension is now ending, though it hasn't fully propagated. What's amazing is that no one in the US government (or at GoDaddy) seems to be willing to explain what happened. When GoDaddy completely shut down JotForm.com with no notice, the folks at JotForm had to inquire as to what the hell happened to their entire website. They were merely told to contact a Secret Service agent. That agent then told JotForm she was too busy to respond to them and would get back to them within a week.
Think about that for a second. The US government completely takes down a small business' website and then is too busy to explain why.
JotForm noted that it was willing to cooperate fully if there were specific users that were a problem, but the Secret Service did not seem to care that it had almost destroyed an entire startup's business:
When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.
So far, the Secret Service still isn't talking, returning a bland and meaningless statement to press requests:
"We are aware of the incident and we're reviewing it internally to make sure all the proper procedures and protocols were followed."
GoDaddy, similarly, appears to be staying almost entirely silent.
All of this is completely unacceptable. Almost everything about this sets off alarm bells about over aggressive (and potentially illegal) censorship by the US government of protected free speech. We've been seeing a much more aggressive and overreaching effort by US officials against websites over the past 18 months or so, and at some point, they're going to get smacked down by a court who will explain to them the nature of the First Amendment and the fact that you can't unilaterally take down entire websites without recognizing the collateral damage on legitimate web businesses.
One of the key principles behind the growth of the internet was belief in protection against secondary liability claims. That is, if you set up a website where users can post stuff, the people who post stuff are liable for the content -- not you as the service provider in the middle. This is the core purpose behind Section 230 of the CDA (and, to a lesser extent) the DMCA's safe harbors. But there are some loopholes where technically there are no official safe harbors (though common sense says you still shouldn't be liable). The website JotForm.com, which allows individuals to create their own forms easily, has had its main domain, jotform.com "suspended" by the US government, due to "an ongoing investigation." Because of this JotForm is forcing all of its users to change their forms to use their .net domain rather than their .com.
Many people on the comments assumed the content was posted by us. This can happen to any site that allows public to post content. SOPA may not have passed, but what happened shows that it is already being practiced. All they have to do is to ask GoDaddy to take a site down. We have 2 millions user generated forms. It is not possible for us to manually review all forms. This can happen to any web site that allows user generated content.
I'm at a loss as to how this possibly makes sense. Even if the forms were being used for some illegal purpose (and it's important to note that Section 230 does not apply to criminal activity -- just civil offenses), I still can't fathom a reason why it should lead to everyone else getting censored and an internet startup facing a massive hardship wherein tons of users have had their service disrupted with millions of useful forms being suddenly disappeared.
And I won't even bother spending any time on the fact that apparently it was GoDaddy who helped the US government "suspend" the domain.
For a government that insists it's trying to help small businesses and startups, to go and disrupt one and all of its users over some possible illegal usage by a small number of users is just crazy. It's this kind of overly broad censorship (and, yes, this is clear censorship) that is what people were afraid of under SOPA. As JotForm notes, it's important to recognize that the US government already believes it has these powers. And the damage here for a small business is massive. JotForm has been filling its Twitter feed with customer service attempts at helping upset customers, and making it clear it has no information on why the .com disappeared. It looks like the US government asked, and GoDaddy just took away the domain. If you've never worked for a startup, perhaps you can't imagine just how insanely disruptive and destructive such a situation can be. Everyone is so busy working and building a company -- but something like this means suddenly all of their time has to switch over to help all of those upset customers (and doing so without being able to use the site that everyone will go look at first!).
Activities like this will chill innovation and entrepreneurship in the US. Why locate here or even setup under a .com if the US government might kill your business with no explanation at any moment?
Last year, we wrote about how the UK was following in the footsteps of the US's Homeland Security/ICE domain seizures. As we noted, the process there is even less rigorous than in the US -- often without a court being involved at all. Law enforcement just had to ask, and Nominet would take down the domain. Still, we hadn't heard about any specific domains that were seized -- and we hadn't heard of any non-Nominet (which handle .co.uk domains) being subject to UK claims.
The site, like many music blogs, did post various videos and commentary about new music. Perhaps some were infringing, but you'd think that there would be a trial first. This takedown is apparently happening via SOCA, the Serious Organized Crime Agency in the UK -- who, amusingly, puts a copyright symbol on their takedown splash page. There are all sorts of issues to be raised here.
First and foremost, as mentioned, this is the first time we've heard of a foreign country seizing a .com -- which the US DOJ/DHS appear to claim as their own jurisdiction. While perhaps this was done in concert with US law enforcement, it seems pretty questionable that the US would allow what they insist are "domestic" domains to be seized by foreign countries. Think of the precedent that sets for... say... Iran. The operators of the site appear to have been in the UK, so that may be the reasoning behind this, but it still raises significant jurisdictional questions about just who can seize a .com.
Second, the big red warning at the top is insane. Merely downloading music wouldn't be a criminal offense with a possibility of 10 years imprisonment. While I'm not as familiar with the differences between civil and criminal infringement when it comes to UK copyright law, I believe it's not that different than the US, where merely downloading is going to be civil, not criminal. A quick review of UK law suggests that it can only be a criminal issue if it's done at commercial scale, and doesn't seem to apply at all to personal downloads. In fact, the UK explicitly fought the idea of expanding criminal sanctions to file sharing. So, SOCA is basically lying.
Next, the splash page claims that the music was "stolen" from artists. While the copies may be infringing, it's doubtful that the music was literally stolen.
The scare tactic of displaying your IP address and pretending that this suggests they're coming after any visitor to the site. This is, again, insane. The RIAA tried this years ago when it got the Grokster site and it was just as silly then as it is now. Merely visiting a site is not breaking the law, and splashing your IP address next to a message suggesting visitors are about to be put in jail is insane hyperbole.
Further, claiming that SOCA has the ability to "monitor" you is also an exaggeration. While it may be able to monitor certain transactions, it seems to be implying that it's watching your every move.
Claiming that "young, emerging artists may have had their careers damaged" because of this site is pretty silly. Most young, emerging artists are actively leaking their works to such sites so they can emerge. They know that obscurity is a much bigger threat than piracy ever was or will be.
Saying that downloading music means you have (absolutley) "damaged the future of the music industry" is again insane hyperbole. The music industry has continued to grow pretty consistently over the past decade. It's just one segment -- the direct sales of music -- that has stumbled, and that was the part that rarely pays artists very much anyway.
This whole thing is pretty crazy, and I'm surprised such blatant censorship by UK law enforcement of a "US" domain hasn't received more attention yet.
Despite the massive failures of Immigration and Customs Enforcement's (ICE) program to seize domains on questionable legal theories, it's right back at it. ICE has just seized over 300 domains apparently all related to the Super Bowl (of course). They did this last year too... and now the US government is in court over it with the Rojadirecta sites. Many of the sites were selling counterfeit merchandise, which is a more reasonable target, but still seems to be overblown. I'm still at a loss as to how this is any of the government's concern, rather than a civil issue that could be taken up by the NFL itself. Do we really want law enforcement officials spending time working for the NFL?
Sixteen of the sites in question, however, were supposedly offering video streaming -- which is what Rojadirecta was accused of doing (under a bogus legal theory, since it didn't actually offer the streams, but merely links). In this case, ICE also arrested one guy for running a streaming site:
Additionally, Yonjo Quiroa, 28, of Comstock Park, Mich., was arrested Wednesday by special agents with HSI. He is charged with one count of criminal infringement of a copyright related to his operation of websites that illegally streamed live sporting event telecasts and pay-per-view events over the Internet. Quiroa operated nine of the 16 streaming websites that were seized, and he operated them from his home in Michigan until yesterday's arrest.
The website seizures during Operation Fake Sweep represent the 10th phase of Operation In Our Sites, a sustained law enforcement initiative targeting counterfeiting and piracy on the Internet. The 307 websites are in the process of being seized by law enforcement, and will soon be in the custody of the federal government. Visitors to these websites will then find a seizure banner that notifies them that the domain name has been seized by federal authorities and educates them that willful copyright infringement is a federal crime.
Of course, this has to raise a pretty significant question: exactly how is someone streaming the Super Bowl harming... well... anyone? The entire point of the Super Bowl is to get as many people watching the advertisements as possible. Having the game streamed only increases the number of people watching those ads. Who, exactly, is harmed by this?
In discussing these particular website seizures (not the ones about counterfeiting products), ICE ridiculously declares that it's somehow protecting American ideas from being stolen. Do they even realize how idiotic that sounds? What "idea" is being stolen when someone makes it easier to watch the ads that go with the Super Bowl?
In looking over Eric Goldman's excellent "linkwrap" of a bunch of recent SOPA/PIPA stories, it pointed me to a News.com article from last month, about how SOPA was really about going after one single site: The Pirate Bay. I've actually heard this repeatedly -- and from folks heavily involved with the bill itself. The whole point of the bill is to try to take down The Pirate Bay. Now, we can argue back and forth about how pointless that is... but there's something else that seems important:
As written, nothing in SOPA can touch ThePirateBay's main website, ThePirateBay.org
That's because the current version of the bill excludes any .com or .org. from being a target (though, they can be required to take action against other sites). This has caused some confusion, mainly because of the changes between the original version of SOPA and the "manager's amendment," which is the current version of the bill. The manager's amendment makes you jump through some hoops to understand this, but the key point is that a "U.S.-directed site" is defined to be a "foreign internet site" in the bill (in the original SOPA, a U.S.-directed site could be any site). Then, a foreign domain name is listed as not a "domestic domain" (keep hopping!), which itself is defined as "a domain name that is registered or assigned by a domain name registrar, domain name registry or other domain name registration authority that is located within a judicial district of the United States."
This means that all .com or .org domains are domestic, since they're assigned by a registry that is located within the US (for those confused, a domain registry is a company like VeriSign that runs the master database of all domains under a single top level domain). The thinking here is that (as ICE and the Justice Department have claimed) any website that has a TLD that is controlled by an American company can be dealt with via existing laws, such as the one that ICE uses to seize websites. .com is run by VeriSign, which is based in the US. And .org is run by the Public Interest Registry, which is also based in the US (Virginia, specifically).
That means that thepiratebay.org -- the main website for The Pirate Bay... is actually immune from the two key parts of SOPA (sections 102 and 103, since both clearly state that they only cover "U.S.-directed sites").
So, based on the law as written... The Pirate Bay is immune from SOPA (though, potentially not from ICE just seizing the domain). It's worth noting the same is true of both RapidShare and Megaupload -- two other sites frequently cited by the MPAA and the US Chamber of Commerce as the types of awful, evil sites that these bills are targeted to take down. In fact, remember that "53 billion visits to rogue websites" claim that the US Chamber of Commerce loves to repeat? Nearly half of that is from RapidShare and Megavideo/Megaupload. And yet, those sites are clearly excluded from SOPA based on the definitions. So why would they still be trotting them out as examples?
It stars ICE Director John Morton, reprising his usual ridiculous refrain in which he conflates actual counterfeit goods with copyright infringement. But this time, he shows off his ability to stroll quickly through a warehouse while doing a walk-and-talk. I have to admit that it feels like a parody video most of the time. He kicks it off with a claim that he's explaining how to "steal an American job." Then he claims, "here's how to save an American job: IPR enforcement!"
He's wrong. First of all, the "job loss" from counterfeits is totally and completely exaggerated. As has been shown by multiple studies, most people buying counterfeits (hell, and downloading infringing works) wouldn't have bought the real thing instead. They know they're buying a fake good. So no "job" is lost there. And, as the government's own GAO noted last year, the idea that this all leads to lost jobs simply isn't supported by the data.
Second, enforcement does not "save jobs." It does put massive burdens on legitimate sites. Something Morton should know about since he's been taking down legitimate American sites with no legal basis for quite some time.
But before we get to that, he shows off some counterfeit products. There's a handbag, some fake drugs (they always have to show the fake drugs, despite it being a tiny issue, but they have to show some sort of "danger"). And then there's a video game mod chip. He says it "allows you to hack into video games and steal the game for free. That's illegal. That's IP theft." Of course, it's debatable if mod-chips are really illegal. They have substantial non-infringing purposes other than "hacking into video games to steal them for free" (do people steal stuff not for free?). But, you know, that's ICE under John Morton: declaring it illegal for you to modify products you legally purchased, like your gaming console. Thanks, US government!
Then we get to website censorship. And boy is he proud of that. You can see him gleaming as he says that ICE has "done a phenomenal job" and "every time they make a bust, every time they make an arrest, an American job is saved."
So, I wonder, can John Morton explain whose job was saved when his staffers incorrectly seized and censored Dajaz1.com for over a year? I'm curious. Because it sure seems like he actually hurt the ability of the Americans who run that site to make money. I'm curious whose job was saved when his staff deported a missing teen to Colombia (where she was not from). Is that the kind of "phenomenal" work under John Morton we should expect more of?
He then shows off "the news coverage" that ICE has gotten for seizing websites. Notice that he leaves out the stories about the mistaken seizure of multiple websites beyond Dajaz1. Like the seizure of 84,000 legitimate sites that were replaced with a statement claiming that they were all involved in child porn. Somehow those clips just didn't make the cut. Phenomenal work "saving American jobs!"
Morton goes on to talk up how "proud of the results" he is over the seizing of websites. Once again, no mention of the ones he seized by mistake, causing tremendous harm to those who he falsely declared as criminals. What's amazing is that he's never issued an apology over those false seizures. Instead, he's "proud of the phenomenal job" his team has done? What a joke.
Finally, he highlights the PSA that ICE put on the websites they forfeited. What he leaves out, of course, is that the PSA was both created by and owned by NBC Universal -- something ICE has never publicly admitted, but which we found out via FOIA requests. It's still shocking that a government agency would be using misleading propaganda from a private company and pretending that it's an official government production. Even worse, despite numerous requests, ICE has failed to show any proof that it properly licensed the video from NBC Universal, leading us to wonder if they "pirated" it.
ICE under John Morton has become a massive joke and a disgrace to American ideals of innocent until proven guilty and important things like free speech and due process. Rather than making this joke of a video (which certainly has Hollywood-style production... I wonder how that happened...), Morton should be issuing apologies for the mistakes that were made under his watch, and tendering his resignation. Instead, he's celebrating? Sickening.
Yesterday, we noted that it appeared that the "GoDaddy boycott" concept may have been losing steam, thanks to the company's decision to move away from supporting the bill... combined with a new aggressive advertising campaign. Finally, on Thursday morning, the company went a step further: saying it hadn't just stopped supporting SOPA but now directly opposed SOPA. Even though the company notes that it saw "a spike in domain name transfers," it looks like the actual "boycott" day fizzled out. Looking at the results from DailyChanges shows that GoDaddy actually had a strongly positive day, netting 20,748 more domains at the end of the day than the beginning. On transfers alone, there were nearly double the number of transfers in as out (27,843 in to 14,492 out) as well as more new registrations than deleted domains (43,304 new registrations compared to 35,907 deletions).
This isn't that surprising, really. There was a big burst last week, which is what resulted in GoDaddy changing its stance on the bills. In other words, it seemed like most people jumped to make the move immediately, rather than waiting a week. On top of that, GoDaddy's change in position very likely did ease the concerns of many. And, many made the quite reasonable argument that continuing the boycott after GoDaddy officially changed positions would be counterproductive, since it would discourage other companies from changing their position as well. Of course, a counter argument would be that the goal of the boycott was less about convincing others on the list to change positions as it was to make sure that no other companies decided to support SOPA or any similar future regulations.
Either way, it appears that for those who were hoping for a big boycott on Thursday, that didn't happen. I'm sure some SOPA supporters will use this as fodder to suggest the whole effort was a failure, but that's ridiculous. The whole thing still got a large company that was a huge supporter of these terrible bills to switch its position and recognize that it can't run roughshod over the wishes of its customers. It also helped draw more attention to the overall issue, and helped in getting other companies to back away from supporting the bill. It also got some attention among elected officials about how supporting this bill could get the internet activated. It may not be enough to kill the bills yet, but more politicians are aware of the issues. All in all, getting GoDaddy to change its position was a huge victory against SOPA and PIPA, but remains just one battle in a long and still ongoing war.
Update: There are a bunch of comments insisting that this can't be true, and I'm happy to see more data. NameCheap claims that it had 32,000 domains transfer in, and it's true that Daily Changes isn't a perfect proxy for domain transfers -- but it's a pretty good one. Some are suggesting that delays in processing will show more transfers over the next few days. We'll be watching. It's possible that there were a lot more transfers, but just because people want it to happen, doesn't mean it actually happened. Update 2: NameCheap says in the last week they've received around 80,000 transfers.
Well, today was the day originally scheduled as the GoDaddy boycott day, in which people who had registered domains with GoDaddy were going to transfer them out. With GoDaddy officially dropping support for SOPA, there have been some questions about whether or not that boycott will still happen in significant numbers. There have already been some high profile transfers, such as from the Imgur folks, and there are still plenty of people talking about going through with the boycott as planned.
However, GoDaddy seems to be focusing on what's worked for it in the past: advertising with scantily clad women (and Danica Patrick in particular). Apparently it's been putting full page ads in the NY Times (and other papers?) with Patrick covered strategically by a sign.
And... the strategy may have worked so far.
While tons of domains transferred out at the end of last week, this week has been a bit of a different story. On Monday, it looks like GoDaddy basically broke even, with 18,401 new registrations and 14,853 transfers in... vs only 8,862 transfers out and 24,120 domains deleted. That netted out to an increase for GoDaddy of 272 domains. Tuesday was even more positive for the company. Even though another 16,662 domains were transferred out and another 27,564 were deleted, there was a big bump in new registrations: 31,574 (perhaps driven by new ads?) and another 15,452 transferred in. Net change? 2,800 in the plus column for GoDaddy. Finally, that same trend continued for Wednesday: an impressive 33,251 new registrations and 17,549 transfers in. That goes against 15,524 transfers out and 30,634 deletions. Net: 4,642 more domains under GoDaddy control.
Left unanswered: is this a lull before a bunch of transfers today? Or has the whole boycott issue subsided?
After GoDaddy made its very public announcement that it no longer supports SOPA, after being a very vocal supporter (despite the fact that it almost certainly violated the original version of the law), many have doubted the sincerity of the company, especially since it confined its remarks to SOPA. So after getting some more pressure, the company put out a separate clarifying statement that it doesn't support PIPA (PROTECT IP) either.
Still, there are plenty of people who don't buy it. It didn't help that the company's new CEO (though he's been at the company in other roles for a while) gave a really weak answer, when pressed on the company's level of support, suggesting that it may have just stepped back from publicly supporting the bills, but hasn't actually switched its full position:
Adelman couldn’t commit to changing its position on the record in Congress when asked about that, but said “I’ll take that back to our legislative guys, but I agree that’s an important step.” But when pressed, he said “We’re going to step back and let others take leadership roles.” He felt that the public statement removing their support would be sufficient for now, though further steps would be considered.
Either way, it appears people keep on transferring domains. Before the talk of a boycott happened on Thursday, it looked like GoDaddy was losing about 13,000 to 15,000 domains a day anyway. Then, on Friday, when people started transferring en masse, it jumped to 21,054. On Christmas Day, it looks like another 22,542 transferred out, so it doesn't look like people are all that mollified by the public change in position. Another 26,032 were "deleted," according to DailyChanges. And, remember, the "official" day that people had talked about for everyone to transfer their domains wasn't until Thursday, December 29th, so all of this was happening before the "big day." Who knows if the statements are enough to calm people down. For what it's worth, plenty of people are still registering new domains with GoDaddy and transferring them in, but the transfers out and deletions definitely outweigh the new registrations and transfers in. It was definitely enough activity to make GoDaddy realize it was going to be in trouble if it didn't change its position.
I just got a call from #GoDaddy. The rep said he noticed that I'd transferred my 60+ domains away... and wanted to know if I'd tell them why. I got to tell them that it was because of their #SOPA support, and that I couldn't in good conscience give my money to a tech company that would support legislation like that. I told him I was aware that they had reversed their position, but that their explicit support of it in the first place had cost them my confidence in them, as it is at the best viciously ignorant, and at worst, malicious. The rep was quite sincere in his apology to me, asked if there was anything they could do to win me back. He had a "We support IP protections, and now realize that support of SOPA is too broad" song-and-dance routine that probably came in from a PR memo today. I told him "no thanks", and that was that. I'm impressed by the customer service hustle, but it shows that this little incident really spooked them.
It really makes me wonder if GoDaddy will ever be able to win back the confidence of many who joined this boycott. Perhaps not.