Domain seizures

I’m just back from the latest Nominet meeting about domain seizures. I’ve also spent time meeting law enforcement agencies on behalf of ORG to get a better picture of what they are doing, and what is needed.

Law enforcement are certainly currently confining their requests to some of the worst abuses. Requests come from the Met, Trading Standards, SOCA and may in the future include the Medical health Regulatory Authority.

Nominet have produced some useful figures about requests. The numbers involved are 2650 locks or suspensions so far. The requests are largely about counterfeit goods sites (83%), phishing (9.6%), drugs (6.3%) and fraud (0.8%). Complaints are put back to law enforcement who reexamine their request. Only 9 reinstatements have been made.

The police and trading standards are likely to expand them number of requests and their range. Their requests are currently not based on a legal power. In fact, they are very clear that they are not insisting on requests, but wish Nominet to know about “breaches of terms and conditions”.

This is not a satisfactory state of affairs, of course. On the one hand, law enforcement are making detailed investigations, but are not taking responsibility for the actual suspension. Nominet are being informed that they may be liable for criminal activity taking place on domains they have in their registry, but equally may be liable for mistakes if domains are taken down.

Perhaps the worst aspect is that the current set up leaves no scope for deciding what sort of criminal activity should be addressed, and places no real external accountability on law enforcement.

The obvious place for accountability over law enforcement is through court procedures. Achieving court supervision may be difficult, however, as it requires legislation. Nevertheless, if law enforcement agencies are making bulk requests on the basis of a wide range of possible criminality, we need a process which is transparent and accountable. Someone other than Nominet and the law enforcement agencies needs to check that tests of seriousness, urgency and obvious criminality are met.

The scope for future abuse is considerable. Many complicated areas of criminality may cause future requests. Some of these like copyright claims will be possibly criminal, or possibly civil, but clearly complicated, and need to be out of scope. Other areas that are concerning might include political speech or organization that may be classed as criminal: would a site helping people to organize ‘criminal trespass’ for instance be the possible subject of a request?

Many areas of political protest and speech have become potentially or actually criminal acts. The result is that a takedown policy by Nominet cannot simply draw a line at showing that ‘criminality’ is alleged to be taking place.

Nominet have acted very wisely in seekimg to consult widely around this issue, but the group itself also needs to take time in thrashing out these issues. Most importantly, the group members need to remember that policing is a public role, enforcement is also public, and Nominet are fulfilling a public role as a registry for our businesses and websites. The procedures Nominet needs must set a high standard of protection against abuses and mistakes for the public to have confidence in them.

If you wish to talk to Nominet, or have specific concerns, please get in touch.