[governance] US gov's Domain seizing activities

parminder parminder at itforchange.net
Mon Nov 29 05:06:05 EST 2010 

BTW, do click on http://www.torrent-finder.com/ to see the seizure notice .

As the article mentions, the seizure of the domain space is done not at 
Registrar level but at TLD owner level, a privilege only available to US 
gov for most top TLDs.

On Monday 29 November 2010 02:54 PM, parminder wrote
>
>
> On Monday 29 November 2010 02:52 PM, parminder wrote:
>> (For some reason, domain seizing activities of governments of 
>> developing countries
>
> correction. i of course meant developed countries here
>
>
>> , done for IP enforcement, receives so much less attention that that 
>> of developing countries done for political and cultural reasons.  See 
>> below.)
>>
>>
>>     The Background Dope on DHS Recent Seizure of Domains
>>
>> http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/
>>
>> As has been reported, it looks like ICE 
>> <http://www.ice.gov/iprcenter/>, which is the principal investigative 
>> arm of DHS, has begun seizing domains under the pretext of IP 
>> infringement. But it’s actually not ICE who is executing the 
>> mechanics of the seizures. It’s a private company, immixGroup IT 
>> Solutions <http://www.immixgroup.com/>. Here is what is going down.
>>
>> In May of this year, immixGroup IT Solutions 
>> <http://www.immixgroup.com/news/pr_display.cfm?ID=117> is awarded a 
>> one year IT Services contract with DHS. The particulars of this contract:
>>
>>     Under this new contract, immixGroup will provide information
>>     technology operational services and support, implementation, and
>>     maintenance of DHS ICE C3′s software applications, network and
>>     CyberSecurity systems, as well as the maintenance and enhancement
>>     of applications that support law enforcement activities.
>>
>>     The contract includes one base year, one 12-month option period,
>>     and two six-month option periods; covers all four divisions of C3
>>     (Child Exploitation, Cyber Crimes, Computer Forensics, and Cyber
>>     Training); and is critical to C3′s pursuit of criminal activity.
>>     immixGroup’s services in this effort include network maintenance,
>>     application development and support, forensic lab assistance,
>>     data storage maintenance, and information assurance.
>>
>> On November 24th, immixGroup IT Solutions registered the domain 
>> SEIZEDSERVERS.COM, and primary and secondary nameservers, 
>> NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM, with Network Solutions, 
>> which is the registrar for this domain. Since the DHS contract is 
>> provisionally for one year only, the domain was only registered for 
>> one year(expires in one year).
>>
>> immixGroup IT Solutions is using CaroNet <https://www.caro.net/> to 
>> host their domain, including the authoritative name 
>> servers(NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM) for this 
>> domain. They have setup a simple web page, http://seizedservers.com/ 
>> or http://74.81.170.110 which is the same “Notification of Seizure” 
>> page you will get if you type in one of the seized domains in browser 
>> address bar(if you’re paranoid: yes, they are tracking using both 
>> Google analytics and piwik).
>>
>> ICE is not actually “seizing” any servers or forcing hosting 
>> companies to remove web content from their servers; what they are 
>> doing is using immixGroup IT Solutions to switch the authoritative 
>> name servers for these “seized domains.” But they are not doing it at 
>> the Registrar level(by contacting the registrar for the domain and 
>> forcing them to update the authoritative name server info to point to 
>> NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the 
>> agency who controls the top level domain. In this case, all the 
>> “seized domains” appear to be .com and the agency/company who has the 
>> ICANN contract for this TLD is VeriSign(which also controls .net 
>> TLD). The changes are being made at the top-level authoritative name 
>> servers for the .com TLD, which would be the [a-m].gtld-servers.net. 
>> These are controlled by VeriSign(note: these top-level name servers 
>> are also authoritative for .net and .edu TLDs).
>>
>> So, VeriSign, the owner of the .com TLD, is working in cooperation 
>> with DHS, and it appears immixGroup IT Solutions has what we might 
>> call an “IT Support Ticket system” setup with VeriSign.
>>
>> That web servers are not being seized and web content not being 
>> deleted can easily be verified by clicking this link, 
>> http://208.101.51.57, which is the original IP Address of a seized 
>> domain, *torrent-finder.com*. It’s still up, and it appears it has 
>> registered a new domain, *torrent-finder.info*, that resolves to the 
>> original IP address. This site is being hosted by SoftLayer 
>> Technologies in Dallas, TX. So, it is certainly within US 
>> jurisdiction to be shut down if there was “a case to be made.”
>>
>> Now the .info TLD is not controlled by VeriSign; it’s controlled by 
>> Afilias <http://en.wikipedia.org/wiki/Afilias>. So, an interesting 
>> little experiment would be to see if the *torrent-finder.info* domain 
>> remains up. As of now, we can only conclude that there is back deal 
>> between DHS and VeriSign that makes any .com or .net domain subject 
>> to seizure by the actions of immixGroup IT Solutions.
>>
>> Lastly, there has been some speculation that this recent business of 
>> “domain seizure” portends the same tactics being used to seize the 
>> “wikileaks.org” domain. From a technical standpoint, understand that 
>> the .org TLD is not controlled by VeriSign; it is controlled by the 
>> Public Interest Registry. An interesting thing however: PIR has 
>> contracted out the technical operations to Afilias. So, if we were to 
>> see *torrent-finder.info* similarly seized, then this would mean that 
>> Afilias is also in cahoots with DHS, which could imply the .org TLD 
>> could be subject to the same type of “domain seizures.” As of now, 
>> there is no evidence of that. And, it should be clear, these type of 
>> domain seizures are completely different than the 2008 attempted 
>> shutdown of wikileaks.org by the US government. In that case, a U.S. 
>> District Court issued an injunction ordering Dynadot, which was the 
>> registrar for the domain, to remove all traces of Wikileaks from its 
>> records. That didn’t hold up.
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20101129/a0cb955c/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list