Feeds

Nominet claws back cops' automatic .UK takedown power

New plan: court order needed in some cases

Secure remote control for conventional and virtual desktops

UK cops hoping to swiftly shutdown .uk websites accused of being involved in counterfeiting will have a harder time under proposed changes to Nominet policy.

Under the changes, which will affect all .uk domain names, Nominet will be able to deny a site suspension request unless police provide a court order or the site is accused of putting the public at serious risk - such as flogging dodgy drugs.

New rights for registrants to object to and appeal a suspension have also been proposed, and the new draft policy also makes it clear how serious and non-serious crimes are handled.

The recommendations feed on the responses of "well over 100" punters who submitted comments on earlier drafts of the policy, according to Nominet policy director Alex Blowers.

A volunteer "Issue Group" comprising cops, techies, policy experts and academics has been working on a process to enable law enforcement agencies to shut down .uk sites selling fake pharmaceuticals or bootleg handbags for the last several months.

Early draft recommendations came in for criticism because police would be able to instruct Nominet to take down unlimited numbers of domains without a court order.

Following previous coverage, many El Reg readers were outraged that the proposals didn't seem to do enough to protect ordinary .uk owners from over-zealous cops.

While Nominet has always said that the takedown policy should always be a last resort for police, the new draft, which is open for public comment until the end of Friday, 18 November, addresses some of those concerns, according to Blowers.

"We're trying to make sure there's a process by which people can hold us to account for our conduct and the administrative processes we put in place," he said. "Law enforcement agencies should be prepared to go to court and obtain a court order if the application of this policy is challenged."

The new draft recommendations state that should a suspension notice be objected to by a domain's registrant, Nominet would be able to consult an "independent expert", likely an outside lawyer, before deciding whether to ask police for a court order.

Risk to the public?

A new revision also draws a distinction between serious cases of botnets, phishing and fake pharmaceuticals sales, which pose an "imminent risk" to internet users, and cases of counterfeiting, which are perhaps not as risky.

Nominet would draw a distinction between the two scenarios. If it received a suspension request relating to a 'low risk' crime, such as alleged counterfeiting, it would have to inform the registrant, giving them an opportunity to object and/or rectify the problem, before it suspended the domain name.

The policy has stated in all drafts that it would not be applicable to private complainants, such as intellectual property interests, and that hasn't changed.

"We're excluding all civil disputes," Blowers said. "If the MPAA [for example] wanted to bring down 25,000 domains associated with online piracy, that would fall outside of this process."

The policy has also been tweaked with respect to free speech issues. Now, it states that cases involving "hate speech" or obscenity, which would usually require the authorisation of the Director of Public Prosecutions or Attorney General to prosecute, are specifically excluded.

In other words, to take down an overtly racist or egregiously pornographic site, Nominet would not suspend the domain name without a court order.

The recommendations are still in draft form, but Blowers said he expects them to be submitted to the Nominet board of directors for approval in December. A working policy could be implemented early next year.

Friday is the last day to submit comments on the proposals. The drafts themselves, background information and contact details for commenting, can be found here. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
Trans-Pacific: Google spaffs cash on FAST undersea packet-flinging
One of 6 backers for new 60 Tbps cable to hook US to Japan
Tech city types developing 'Google Glass for the blind' app
An app and service where other people 'see' for you
UK mobile coverage is BETTER than EVER, networks tell Ofcom
Regulator swallows this line and parrots it back out at us. What are they playing at?
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.