Feeds

Nominet claws back cops' automatic .UK takedown power

New plan: court order needed in some cases

Security and trust: The backbone of doing business over the internet

UK cops hoping to swiftly shutdown .uk websites accused of being involved in counterfeiting will have a harder time under proposed changes to Nominet policy.

Under the changes, which will affect all .uk domain names, Nominet will be able to deny a site suspension request unless police provide a court order or the site is accused of putting the public at serious risk - such as flogging dodgy drugs.

New rights for registrants to object to and appeal a suspension have also been proposed, and the new draft policy also makes it clear how serious and non-serious crimes are handled.

The recommendations feed on the responses of "well over 100" punters who submitted comments on earlier drafts of the policy, according to Nominet policy director Alex Blowers.

A volunteer "Issue Group" comprising cops, techies, policy experts and academics has been working on a process to enable law enforcement agencies to shut down .uk sites selling fake pharmaceuticals or bootleg handbags for the last several months.

Early draft recommendations came in for criticism because police would be able to instruct Nominet to take down unlimited numbers of domains without a court order.

Following previous coverage, many El Reg readers were outraged that the proposals didn't seem to do enough to protect ordinary .uk owners from over-zealous cops.

While Nominet has always said that the takedown policy should always be a last resort for police, the new draft, which is open for public comment until the end of Friday, 18 November, addresses some of those concerns, according to Blowers.

"We're trying to make sure there's a process by which people can hold us to account for our conduct and the administrative processes we put in place," he said. "Law enforcement agencies should be prepared to go to court and obtain a court order if the application of this policy is challenged."

The new draft recommendations state that should a suspension notice be objected to by a domain's registrant, Nominet would be able to consult an "independent expert", likely an outside lawyer, before deciding whether to ask police for a court order.

Risk to the public?

A new revision also draws a distinction between serious cases of botnets, phishing and fake pharmaceuticals sales, which pose an "imminent risk" to internet users, and cases of counterfeiting, which are perhaps not as risky.

Nominet would draw a distinction between the two scenarios. If it received a suspension request relating to a 'low risk' crime, such as alleged counterfeiting, it would have to inform the registrant, giving them an opportunity to object and/or rectify the problem, before it suspended the domain name.

The policy has stated in all drafts that it would not be applicable to private complainants, such as intellectual property interests, and that hasn't changed.

"We're excluding all civil disputes," Blowers said. "If the MPAA [for example] wanted to bring down 25,000 domains associated with online piracy, that would fall outside of this process."

The policy has also been tweaked with respect to free speech issues. Now, it states that cases involving "hate speech" or obscenity, which would usually require the authorisation of the Director of Public Prosecutions or Attorney General to prosecute, are specifically excluded.

In other words, to take down an overtly racist or egregiously pornographic site, Nominet would not suspend the domain name without a court order.

The recommendations are still in draft form, but Blowers said he expects them to be submitted to the Nominet board of directors for approval in December. A working policy could be implemented early next year.

Friday is the last day to submit comments on the proposals. The drafts themselves, background information and contact details for commenting, can be found here. ®

Beginner's guide to SSL certificates

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.