Feeds

Nominet claws back cops' automatic .UK takedown power

New plan: court order needed in some cases

Internet Security Threat Report 2014

UK cops hoping to swiftly shutdown .uk websites accused of being involved in counterfeiting will have a harder time under proposed changes to Nominet policy.

Under the changes, which will affect all .uk domain names, Nominet will be able to deny a site suspension request unless police provide a court order or the site is accused of putting the public at serious risk - such as flogging dodgy drugs.

New rights for registrants to object to and appeal a suspension have also been proposed, and the new draft policy also makes it clear how serious and non-serious crimes are handled.

The recommendations feed on the responses of "well over 100" punters who submitted comments on earlier drafts of the policy, according to Nominet policy director Alex Blowers.

A volunteer "Issue Group" comprising cops, techies, policy experts and academics has been working on a process to enable law enforcement agencies to shut down .uk sites selling fake pharmaceuticals or bootleg handbags for the last several months.

Early draft recommendations came in for criticism because police would be able to instruct Nominet to take down unlimited numbers of domains without a court order.

Following previous coverage, many El Reg readers were outraged that the proposals didn't seem to do enough to protect ordinary .uk owners from over-zealous cops.

While Nominet has always said that the takedown policy should always be a last resort for police, the new draft, which is open for public comment until the end of Friday, 18 November, addresses some of those concerns, according to Blowers.

"We're trying to make sure there's a process by which people can hold us to account for our conduct and the administrative processes we put in place," he said. "Law enforcement agencies should be prepared to go to court and obtain a court order if the application of this policy is challenged."

The new draft recommendations state that should a suspension notice be objected to by a domain's registrant, Nominet would be able to consult an "independent expert", likely an outside lawyer, before deciding whether to ask police for a court order.

Risk to the public?

A new revision also draws a distinction between serious cases of botnets, phishing and fake pharmaceuticals sales, which pose an "imminent risk" to internet users, and cases of counterfeiting, which are perhaps not as risky.

Nominet would draw a distinction between the two scenarios. If it received a suspension request relating to a 'low risk' crime, such as alleged counterfeiting, it would have to inform the registrant, giving them an opportunity to object and/or rectify the problem, before it suspended the domain name.

The policy has stated in all drafts that it would not be applicable to private complainants, such as intellectual property interests, and that hasn't changed.

"We're excluding all civil disputes," Blowers said. "If the MPAA [for example] wanted to bring down 25,000 domains associated with online piracy, that would fall outside of this process."

The policy has also been tweaked with respect to free speech issues. Now, it states that cases involving "hate speech" or obscenity, which would usually require the authorisation of the Director of Public Prosecutions or Attorney General to prosecute, are specifically excluded.

In other words, to take down an overtly racist or egregiously pornographic site, Nominet would not suspend the domain name without a court order.

The recommendations are still in draft form, but Blowers said he expects them to be submitted to the Nominet board of directors for approval in December. A working policy could be implemented early next year.

Friday is the last day to submit comments on the proposals. The drafts themselves, background information and contact details for commenting, can be found here. ®

Beginner's guide to SSL certificates

More from The Register

next story
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.