Feeds

VeriSign demands website takedown powers

No court order necessary

Internet Security Threat Report 2014

VeriSign, which manages the database of all .com internet addresses, wants powers to shut down "non-legitimate" domain names when asked to by law enforcement.

The company said today it wants to be able to enforce the "denial, cancellation or transfer of any registration" in any of a laundry list of scenarios where a domain is deemed to be "abusive".

VeriSign should be able to shut down a .com or .net domain, and therefore its associated website and email, "to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process", according to a document it filed today with domain name industry overseer ICANN.

The company has already helped law enforcement agencies in the US, such as the Immigration and Customs Enforcement agency, seize domains that were allegedly being used to sell counterfeit goods or facilitate online piracy, when the agency first obtained a court order.

That seizure process has come under fire because, in at least one fringe case, a seized .com domain's website had already been ruled legal by a court in its native Spain.

Senior ICE agents are on record saying that they believe all .com addresses fall under US jurisdiction.

But the new powers would be international and, according to VeriSign's filing, could enable it to shut down a domain also when it receives "requests from law enforcement", without a court order.

"Various law enforcement personnel, around the globe, have asked us to mitigate domain name abuse, and have validated our approach to rapid suspension of malicious domain names," VeriSign told ICANN, describing its system as "an integrated response to criminal activities that utilize Verisign-managed [top-level domains] and DNS infrastructure".

The company said it has already cooperated with US law enforcement, including the FBI, to craft the suspension policies, and that it intends to also work with police in Europe and elsewhere.

It's not yet clear how VeriSign would handle a request to suspend a .com domain that was hosting content legal in the US and Europe but illegal in, for example, Saudi Arabia or Uganda.

VeriSign made the request in a Registry Services Evaluation Process (RSEP) document filed today with ICANN. The RSEP is currently the primary mechanism that registries employ when they want to make significant changes to their contracts with ICANN.

The request also separately asks for permission to launch a "malware scanning service", not dissimilar to the one recently introduced by ICM Registry, manager of the new .xxx extension.

That service would enable VeriSign to scan all .com websites once per quarter for malware and then provide a free "informational only" security report to the registrar responsible for the domain, which would then be able to take re-mediation action. It would be a voluntary service.

RSEP requires all registries including VeriSign to submit to a technical and competition evaluation.

Sometimes, ICANN also opens up an RSEP question to public comment, as seems likely in this case.

But ICANN's board of directors would have the make the ultimate decision whether to approve the anti-abuse policy and the malware-scanning service.

VeriSign is already anticipating that there may be criticisms from internet users "concerned about an improper takedown of a legitimate website" and told ICANN it plans to implement a "protest" policy to challenge such decisions.

The company's move echoes policy development in the UK, where .uk registry Nominet is in the late stages of creating rules that would allow it to suspend domains allegedly involved in criminal activity at the behest of law enforcement. ®

Intelligent flash storage arrays

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?