[governance] US gov's Domain seizing activities

parminder parminder at itforchange.net
Mon Nov 29 04:22:04 EST 2010 

(For some reason, domain seizing activities of governments of developing 
countries, done for IP enforcement, receives so much less attention that 
that of developing countries done for political and cultural reasons.  
See below.)


    The Background Dope on DHS Recent Seizure of Domains

http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/

As has been reported, it looks like ICE <http://www.ice.gov/iprcenter/>, 
which is the principal investigative arm of DHS, has begun seizing 
domains under the pretext of IP infringement. But it’s actually not ICE 
who is executing the mechanics of the seizures. It’s a private company, 
immixGroup IT Solutions <http://www.immixgroup.com/>. Here is what is 
going down.

In May of this year, immixGroup IT Solutions 
<http://www.immixgroup.com/news/pr_display.cfm?ID=117> is awarded a one 
year IT Services contract with DHS. The particulars of this contract:

    Under this new contract, immixGroup will provide information
    technology operational services and support, implementation, and
    maintenance of DHS ICE C3′s software applications, network and
    CyberSecurity systems, as well as the maintenance and enhancement of
    applications that support law enforcement activities.

    The contract includes one base year, one 12-month option period, and
    two six-month option periods; covers all four divisions of C3 (Child
    Exploitation, Cyber Crimes, Computer Forensics, and Cyber Training);
    and is critical to C3′s pursuit of criminal activity. immixGroup’s
    services in this effort include network maintenance, application
    development and support, forensic lab assistance, data storage
    maintenance, and information assurance.

On November 24th, immixGroup IT Solutions registered the domain 
SEIZEDSERVERS.COM, and primary and secondary nameservers, 
NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM, with Network Solutions, 
which is the registrar for this domain. Since the DHS contract is 
provisionally for one year only, the domain was only registered for one 
year(expires in one year).

immixGroup IT Solutions is using CaroNet <https://www.caro.net/> to host 
their domain, including the authoritative name 
servers(NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM) for this domain. 
They have setup a simple web page, http://seizedservers.com/ or 
http://74.81.170.110 which is the same “Notification of Seizure” page 
you will get if you type in one of the seized domains in browser address 
bar(if you’re paranoid: yes, they are tracking using both Google 
analytics and piwik).

ICE is not actually “seizing” any servers or forcing hosting companies 
to remove web content from their servers; what they are doing is using 
immixGroup IT Solutions to switch the authoritative name servers for 
these “seized domains.” But they are not doing it at the Registrar 
level(by contacting the registrar for the domain and forcing them to 
update the authoritative name server info to point to 
NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the 
agency who controls the top level domain. In this case, all the “seized 
domains” appear to be .com and the agency/company who has the ICANN 
contract for this TLD is VeriSign(which also controls .net TLD). The 
changes are being made at the top-level authoritative name servers for 
the .com TLD, which would be the [a-m].gtld-servers.net. These are 
controlled by VeriSign(note: these top-level name servers are also 
authoritative for .net and .edu TLDs).

So, VeriSign, the owner of the .com TLD, is working in cooperation with 
DHS, and it appears immixGroup IT Solutions has what we might call an 
“IT Support Ticket system” setup with VeriSign.

That web servers are not being seized and web content not being deleted 
can easily be verified by clicking this link, http://208.101.51.57, 
which is the original IP Address of a seized domain, 
*torrent-finder.com*. It’s still up, and it appears it has registered a 
new domain, *torrent-finder.info*, that resolves to the original IP 
address. This site is being hosted by SoftLayer Technologies in Dallas, 
TX. So, it is certainly within US jurisdiction to be shut down if there 
was “a case to be made.”

Now the .info TLD is not controlled by VeriSign; it’s controlled by 
Afilias <http://en.wikipedia.org/wiki/Afilias>. So, an interesting 
little experiment would be to see if the *torrent-finder.info* domain 
remains up. As of now, we can only conclude that there is back deal 
between DHS and VeriSign that makes any .com or .net domain subject to 
seizure by the actions of immixGroup IT Solutions.

Lastly, there has been some speculation that this recent business of 
“domain seizure” portends the same tactics being used to seize the 
“wikileaks.org” domain. From a technical standpoint, understand that the 
.org TLD is not controlled by VeriSign; it is controlled by the Public 
Interest Registry. An interesting thing however: PIR has contracted out 
the technical operations to Afilias. So, if we were to see 
*torrent-finder.info* similarly seized, then this would mean that 
Afilias is also in cahoots with DHS, which could imply the .org TLD 
could be subject to the same type of “domain seizures.” As of now, there 
is no evidence of that. And, it should be clear, these type of domain 
seizures are completely different than the 2008 attempted shutdown of 
wikileaks.org by the US government. In that case, a U.S. District Court 
issued an injunction ordering Dynadot, which was the registrar for the 
domain, to remove all traces of Wikileaks from its records. That didn’t 
hold up.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20101129/f9f3c160/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list