November 4, 2011

ICANN: The Stakes in Registrar Accreditation

Filed under: ICANN, Internet, censorship, domain names — wseltzer @ 12:15 pm

Law enforcement demands to domain name registrars were a recurring theme of the 42d ICANN public meeting, concluded last week in Dakar. The Governmental Advisory Committee (GAC) took every opportunity at its public meetings with GNSO and Board, and in its Communique to express dismay, disappointment, and demands for urgent action to “reduce the risk of criminal abuse of the domain name system.”

This conversation about domain name abuse benefits from a multi-stakeholder environment, where it can include domain registrars, registrants, and Internet users, along with law enforcement representatives. Broad debate helps because the question is not just how to “mitigate criminal activity using the domain name system,” but how to recognize criminal activity at the DNS level, how to implement due process to protect legitimate online speakers from abusive or mistaken takedowns, and how to protect the privacy and security of non-criminal users of the domain name system.

ICANN’s processes, particularly the GNSO Policy Development Process, are designed to bring these viewpoints together and find consensus. The Generic Names Supporting Organization has representatives from domain registries, registrars, business, and non-commercial users. (I sit on the GNSO Council as a Non-Commercial Stakeholder Group representative.) Governments are invited to participate in these processes, as well as having a specially privileged role to give “Advice” to the ICANN Board, which the Board must explicitly consider. The rights of domain registrants and Internet users depend on the terms of the Registrar Accreditation Agreement between domain registrars and ICANN. Under all the acronyms lie important issues of free expression.

Yet the U.S., speaking through the GAC, demanded a bigger stick and a smaller discussion, asserting that domain registrars should have unilaterally acceded to the 12-point law enforcement demands instead of going through community comment, negotiation, and discussion. The U.S. cannot simultaneously seek public support for multistakeholder processes while attempting to circumvent those processes in action. Thus I welcome the ICANN Board’s resolution starting an Issue Report for the GNSO to consider issues for RAA amendment.

Now some of the law enforcement demands — publication of a contact address, identification of registrars’ principals — appear relatively innocuous, but even those could be the prelude to assessing intermediary liability and pressure on those who facilitate speech. More troubling, law enforcement wants to force registrars to do extensive verification of domain name registrants’ identities, and to constrain the privacy and proxy services that currently permit registrants to shield identities and addresses from public disclosure.

Domain names are often tools of individual and group expression; not so much through expressive content of the strings themselves, but through the speech hosted at a domain, the conversations carried on through URLs and hyperlinks, and the use of domains to route email and other messaging. Domain names provide stable location pointers for individuals’ and groups’ online speech; as such, they also present possible chokepoints for censorship and suppression of speech.

In the specific instance of responding to law enforcement requests for the publication of registrar contact information, the potential impact is indirect but not insubstantial. In response to law enforcement requests for “registrar cooperation in addressing online crime,” the resolution considers a requirement that registrars “must publish on their respective web sites e-mail and postal mail addresses to which law enforcement actions may be directed.”

If we could be sure that the requests would relate only to activity universally agreed to be criminal, from law enforcement agencies following due process of law and respecting human rights, the proposed requirement would be uncontroversial. As legal regimes and their approaches to human rights are not uniform, we cannot make that blanket assumption. The contacts could be used to censor.

I don’t want to interfere with legitimate law enforcement. I do want to specify explicit procedure and limitations so that these contact points do not become points of control through which registrars can be pressured into removing domains that provide access to critical or “inharmonious” speech. To that end, it’s important that the discussion take place in the GNSO forum where civil society is represented to raise these concerns and develop procedural protections.

June 9, 2011

UN Rapporteur on Free Expression on the Internet

Filed under: Chilling Effects, Internet, censorship, open, privacy — wseltzer @ 5:54 pm

“[D]ue to the unique characteristics of the Internet, regulations or restrictions which may be deemed legitimate and proportionate for traditional media are often not so with regard to the Internet.”

This statement of Internet exceptionalism comes not from the fringes of online debate, but from the UN Human Rights Council’s Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression. The Rapporteur, Frank La Rue, recently presented a report emphasizing the importance of rule of law and respect for free expression.

  • State-sponsored content blocking or filtering is “frequently in violation of their obligation to guarantee the right to freedom of expression.” Blocking is often overbroad and vague, secret (non-transparent), and often lacks independent review.
  • Intermediary liability, even with notice-and-takedown safe-harbor, “is subject to abuse by both State and private actors.” Private intermediaries, like states, will tend to over-censor and lack transparency. They’re not best placed to make legality determinations. “The Special Rapporteur believes that censorship measures should never be delegated to a private entity, and that no one should be held liable for content on the Internet of which they are not the author.”
  • Disconnecting users cuts off their Internet-based freedom of expression. The report calls out HADOPI, the UK Digital Economy Bill, and ACTA for concern, urging states “to repeal or amend existing intellectual copyright laws which permit users to be disconnected from Internet access, and to refrain from adopting such laws.”
  • Anonymity. “The right to privacy is essential for individuals to express themselves freely. Indeed, throughout history, people’s willingness to engage in debate on controversial subjects in the public sphere has always been linked to possibilities for doing so anonymously.” Monitoring, Real-ID requirements, and personal data collection all threaten free expression, “undermin[ing] people’s confidence and security on the Internet, thus impeding the free flow of information and ideas online.”

    “The Special Rapporteur calls upon all States to ensure that Internet access is maintained at all times, including during times of political unrest.” I couldn’t say it better myself.

  • February 2, 2011

    Super Bust: Due Process and Domain Name Seizure

    Filed under: Internet, copyright, domain names, sports — wseltzer @ 10:22 pm

    This domain name has been seizedWith the same made-for PR timing that prompted a previous seizure of domain names just before shopping’s “Cyber Monday,” Immigration and Customs Enforcement struck again, this time days before the Super Bowl, against “10 websites that illegally streamed live sporting telecasts and pay-per-view events over the Internet.” ICE executed seizure warrants against the 10, ATDHE.NET, CHANNELSURFING.NET, HQ-STREAMS.COM, HQSTREAMS.NET, FIRSTROW.NET, ILEMI.COM, IILEMI.COM, IILEMII.COM, ROJADIRECTA.ORG and ROJADIRECTA.COM, by demanding that registries redirect nameserver requests for the domains to, where a colorful “This domain name has been seized by ICE” graphic is displayed.

    As in a previous round of seizures, these warrants were issued ex parte, without the participation of the owners of the domain names or the websites operating there. And, as in the previous rounds, there are questions about the propriety of the shutdowns. One of the sites whose domain was seized was Spanish site /, a linking site that had previously defeated copyright infringement claims in Madrid, its home jurisdiction. There, it prevailed on arguments that it did not host infringing material, but provided links to software and streams elsewhere on the Internet. Senator Ron Wyden has questioned the seizures, saying he “worr[ies] that domain name seizures could function as a means for end-running the normal legal process in order to target websites that may prevail in full court.”

    According to ICE, the domains were subject to civil forfeiture under 18 U.S.C. § 2323(a), for “for illegally distributing copyrighted sporting events,” and seizure under § 981. That raises procedural problems, however: when the magistrate gets the request for seizure warrant, he or she hears only one side — the prosecutor’s. Without any opposing counsel, the judge is unlikely to learn whether the accused sites are general-purpose search engines or hosting sites for user-posted material, or sites providing or encouraging infringement. (Google, for example, has gotten many complaints from the NFL requesting the removal of links — should their domains be seized too?)

    Now I don’t want to judge the sites’ legality one way or the other based on limited evidence. Chilling Effects has DMCA takedown demands from several parties demanding that Google remove from its search index pages on some of these sites — complaints that are themselves one-side’s allegation of infringement.

    What I’d like to see instead is due process for the accused before domain names are seized and sites disrupted. I’d like to know that the magistrate judge saw an accurate affidavit, and reviewed it with enough expertise to distinguish the location of complained-of material and the responsibility the site’s owners bear for it: the difference between direct, contributory, vicarious, and inducement of copyright infringement (for any of which a site-owner might be held liable, in appropriate circumstances) and innocent or protected activity.

    In the best case, the accused gets evidence of the case against him or her and the opportunity to challenge it. We tend to believe that the adversarial process, judgment after argument between the parties with the most direct interests in the matter, best and most fairly approaches the truth. These seizures, however, are conducted ex parte, with only the government agent presenting evidence supporting a seizure warrant. (We might ask why: a domain name cannot disappear or flee the jurisdiction if the accused is notified — the companies running the .com, .net, and .org registries where these were seized have shown no inclination to move or disregard US court orders, while if the name stops resolving, that’s the same resolution ICE seeks by force.)

    If seizures must be made on ex parte affidavits, the magistrate judges should feel free to question the affiants and the evidence presented to them and to call upon experts or amici to brief the issues. In their review, magistrates should beware that a misfired seizure can cause irreparable injury to lawfully operating site-operators, innovators, and independent artists using sites for authorized promotion of their own materials.

    I’d like to compile a set of public recommendations to the magistrate judges who might be confronted with these search warrants in the future, if ICE’s “Operation In Our Sites” continues. This would include verifying that the alleged infringements are the intended purpose of the domain name use, not merely a small proportion of a lawful general-use site.

    February 1, 2011

    Reflections on Egypt and the Net

    Filed under: Internet, censorship, networks — wseltzer @ 9:07 am

    Over the last week, I’ve been glued to my Twitter feed (hashtags #jan25, #egypt, and @ioerror, @jilliancyork and @EthanZ are good aggregators) and Al Jazeera English to follow events in Egypt. I can only watch and tweet my support (and work with groups like Tor Project whose technology and training helps dissidents stay safer when they have Net access) as people mass in Tahrir Square for a million+ person march.

    I recognize the location of some of Al Jazeera footage from a visit to Cairo. Poignantly, that was in November 2008, in the final days of the U.S. presidential election, when I used the Internet to make skype-based get-out-the-vote calls. Since Mubarak has been in power for 30 years, the Egyptians who cheered Obama’s victory around me had never had the opportunity to vote in meaningful free elections.

    As Egypt’s January 25 protests continued, the Egyptian government cut off Internet access (see reports from The Tor Project, Renesys, and RIPE) and mobile SMS from most of the country’s providers. Yesterday,, the final provider that had continued to offer Internet connectivity, also became unreachable. Even phone service is uncertain. Andrew McLaughlin eloquently called upon Communications Minister Tarek Kamel to restore communications.

    That cut-off in itself demonstrates some of the value of Internet communications: the unpopular government fears the organizing resources the Net provides for citizens, and the window it gives to the world watching and trying to help. While it’s far too early to measure the Net’s impact on revolutionary movements in Egypt, and Tunisia only weeks earlier, we can find potential impacts. Were Egyptians inspired by news from Tunisia’s uprising, some of it reaching them faster online? Did they use social media to organize, along with off-line means? Did social media help to amplify off-line protests, showing solidarity among friends and people they respected, encouraging more to take to the streets? It’s clear that we in the United States have had access to much more information, through the Net, even cut off as it has been, than we’d get quickly from a pre-Internet revolution.

    We also see that the Internet is not any particular means of data transport. The independence of layers means that applications don’t care what the route underneath looks like, so long as there is one. That meant that even cutting off Internet service providers couldn’t stop information flows: while Egyptians could call out from the country, they could tell their stories at @jan25voices, and through the Google-Twitter-Phone service, @speak2tweet, that automates some of the voice-Twitter connection. Other providers outside Egypt have offered dial-up lines.

    Moreover, the situation illustrates the value of open Internet here at home. Al Jazeera English, the television broadcaster giving the most thorough coverage of the Egyptian events — despite having its Cairo bureau closed and six of its journalists jailed — is not available through most US cable providers. Ryan Grim on Huffington Post calls this a “blackout”, but thanks to the Internet, that need not be a barrier. I’m watching Al Jazeera English on my computer, through pipes that can carry video, audio, and text of my choice. (So it’s disturbing to see Chris Sacca tweet that he “worked at an Akamai competitor when Al-Jazeera sought CDN [content delivery network: local caching that can help improve network delliery] help in 2002. US Gov made clear to us that we would suffer.” Cable’s limited-purpose pipe, where subscribers get only bundles chosen from among the channels their providers offer, seems an anachronism in the Internet age. We may still want to watch video (and not only create it ourselves), but we need Net neutrality’s assurance that we can get it from any source: peer, professional, or dissident.

    I’ll continue to watch the tweets and video online, hoping that in the near future, I’ll be able to celebrate with the Egyptian people as they vote in free and democratic elections.

    September 21, 2010

    Copyright, Censorship, and Domain Name Blacklists at Home in the U.S.

    Filed under: Chilling Effects, Internet, censorship, copyright, trademark — wseltzer @ 12:33 pm

    Last week, The New York Times reported that Russian police were using copyright allegations to raid political dissidents, confiscating the computers of advocacy groups and opposition newspapers “under the pretext of searching for pirated Microsoft software.” Admirably, Microsoft responded the next day with a declaration of license amnesty to all NGOs:

    To prevent non-government organizations from falling victim to nefarious actions taken in the guise of anti-piracy enforcement, Microsoft will create a new unilateral software license for NGOs that will ensure they have free, legal copies of our products.

    Microsoft’s authorization undercuts any claim that its software is being infringed, but the Russian authorities may well find other popular software to use as pretext to disrupt political opponents.

    “Piracy” has become the new tax evasion, an all-purpose charge that can be lobbed against just about anyone. If the charge alone can prompt investigation — and any electronics could harbor infringing copies — it gives authorities great discretion to interfere with dissidents.

    That tinge of censorship should raise grave concern here in the United States, where Patrick Leahy and Orrin Hatch, with Senate colleagues, have introduced the “Combating Online Infringement and Counterfeits Act.” (PDF).

    This Bill would give the Attorney General the power to blacklist domain names of sites “offering or providing access to” unauthorized copyrighted works “in complete or substantially complete form, by any means, including by means of download, transmission, or otherwise, including the provision of a link or aggregated links to other sites or Internet resources for obtaining such copies for accessing such performance or displays”; as well as those offering items with counterfeit trademarks. The AG could obtain court orders, through “in rem” proceedings against the domains, enjoining the domain name registrars or registries from resolving the names. Moreover, in the case of domains without a U.S. registrar or registry, other service providers, financial transaction providers, and even advertising servers could be caught in the injunctive net.

    While the Bill makes a nod to transparency by requiring publication of all affected domain names, including those the Department of Justice “determines are dedicated to infringing activities but for which the Attorney General has not filed an action under this section,” it then turns that information site into a invitation to self-censorship, giving legal immunity to all who choose to block even those names whose uses’ alleged illegality has not been tested in court. (Someone who is listed must petition, under procedures to be determined by the AG, to have names removed from the list.)

    Finally, the statute’s warped view — that allegations of infringement can only be good — is evident in the public inputs it anticipates. The public and intellectual property holders shall be invited to provide information about “Internet sites that are dedicated to infringing activities,” but there is no provision for the public to complain of erroneous blockage or lawful sites mistakenly or maliciously included in the blacklist.

    Hollywood likes the Bill. Unfortunately, there’s plenty of reason to believe that allegations of infringement will be misused here in the United States. Even those who oppose infringement of copyright and trademark (myself included) should oppose this censorious attempt to stop it.

    Cross-posted at Freedom to Tinker.

    December 8, 2009

    Personalized Search Opacity

    Filed under: Internet, code, search — wseltzer @ 6:11 am

    Google announced Friday that it would now be “personalizing” all searches, not just those for signed-in users. If your browser has a Google cookie, unless you’ve explicitly opted out, your search results will be customized based on search history.

    Danny Sullivan, at Search Engine Land, wonders why more people aren’t paying attention:

    On Friday afternoon, Google made the biggest change that has ever happened in search engines, and the world largely yawned. Maybe Google timed its announcement that it was personalizing everyone’s search results just right, so few would notice. Maybe no one really understood how significant the change was. Whatever the reason, it was a huge development and deserves much more attention than it has received so far.

    I agree this is a big deal, even if it’s only the next step in a trend begun by customized search for signed-in users years ago. And except for here, I won’t even mention the P-word, “privacy.” Because on top of the implications of storing all a user’s search history, I wonder about the transparency of personalized search. How do we understand what search looks like to the world as it gets sliced up by history, location, and other inferences search providers make about their searchers?

    As users, we’ve basically come to terms with the non-transparency of the search algorithms that determine which results to show and how to order them. We use the engine that mostly gets us relevant results (or perhaps, that offers shopping discounts). If we’re dissatisfied with the results Google returns, we can use Yahoo or Bing.

    We also have some degree of trust that search isn’t systematically discriminating against particular pages or providers for undisclosed reasons. When Google received copyright takedown demands from the Church of Scientology years ago, prompting it to remove many links to “Operation Clambake,” Google sent the takedowns to Chilling Effects and linked them from its search pages so searchers could see why the search had apparently become more pro-Scientology in its results. More recently, the search engine has worked with the Berkman Center’s StopBadware to flag malware distribution points and let searchers know why sites have been flagged “harmful.” When a racist image appeared in searches for “Michelle Obama,” Google used an ad to explain why, but did not tweak algorithms to remove the picture.

    How do we verify that this trust is warranted, that page visibility is a relative meritocracy? With open source, we could read the code or delegate that task to others. With a closed platform where we can’t do that, our next best alternative is implicit or explicit comparison of results with others. Investigative journalists might follow a tip-off that liberal media seemed to rank higher than conservative, and run some comparisons and questions to test and report back; search engine optimizers, motivated to improve their own pages’ rankings, might also alert us to biases that caused unfair demotions — we can believe we’re seeing a reasonable mix of digital camera stores because proprietors would complain if they were omitted. If something “feels wrong” to enough people, chances are it will bubble up through the crowd for verification (or debunking — see the complaints that iTunes “shuffle” feature isn’t random, by listeners who confuse randomness with a non-random even distribution). If a search engine failed to disclose payment-induced bias, the FTC might even follow with a complaint.

    With personalized search, these crowd-sourced modes of verification will work less well. We won’t know if the biases we encounter in search are also seen by others, or if the store shuffles its end-caps when it sees us walk in. It would be easier for an Evil search provider to subtly tweak results to favor paying clients or ideologies, unnoticed.

    Finally, I’m reminded of the “ants” in Cory Doctorow’s excellent Human Readable — an automated adaptive system so complex even its creators can’t debug it or determine its patterns. If someone is paying off the ants, society can’t trace the payments.

    When I asked a version of this transparency question to the “real-time search” panel at Supernova, Barney Pell of Bing suggested that users don’t want to know how the search works, only that it gets them useful results. Part of my utility function, though, is fairness. I hope we can reconstruct that broader view in a world of ever-more-personalized search.

    September 25, 2009

    Updates on the State of the Chill

    Filed under: Berkman, Chilling Effects, DMCA, Internet — wseltzer @ 1:28 pm

    With the help of Chilling Effects’s terrific new research associate, Rebecca Schoff, we’ve been updating the “Weather Reports” blog to provide timely updates on the climate for free expression online. Recent posts check in with the wild west of fair use, Veoh’s DMCA safe-harbor victory and some bites at the Apple. Add Chill weather RSS or follow @chillingeffects on twitter or

    We’re also working behind the scenes to get takedown notices posted more quickly. In conjunction with Blogger, we’ve been working to help Bloggers get better information about DMCA notices demanding removal of material from their blogs, so they can determine whether to remove or edit the posts, or to counter-notify instead.

    June 12, 2009

    HADOPI: 3 Strikes Law Gets Its Own Strike

    Filed under: Chilling Effects, Internet, censorship, copyright, law — wseltzer @ 3:13 pm

    The French Constitutional Court Wednesday struck down the provisions of the HADOPI “graduated sanction” law that would have required Internet service providers to cut off subscribers access (while continuing to take their payments) after repeat warnings of copyright infringement.

    The Court’s ruling recognizes the importance of Internet access and the necessity of due process — before access is cut off:

    12. Whereas under Article 11 of the Declaration on the Rights of Man and Citizen of 1789: “The free communication of thoughts and opinions is one of the most precious rights of man: every citizen may therefore speak, write and print freely, except to respond to the abuse of this freedom in cases determined by law” that in the current state of communications and given the widespread development of communication services to the public online and the importance of these services for participation in democratic life and to the expression of ideas and opinions, this right includes freedom to access these [Internet] services;

    See more at La Quadrature du Net.

    Although French legislators say they will revise the law to leave its graduated warnings, the stripping of its automatic termination provisions is an important recognition that copyright cannot trump democratic communication.

    UPDATE: While preparing for my SouthEast LinuxFest talk, it occurred to me that this is a good example of the power of generative demonstration: The hundreds of thousands of users participating in democratic communications via the Internet are all part of the wave that helped the Constitutional Court to see the Internet as a critical medium for speech and its access as a core human right. Five years ago, this decision would be unlikely, five years from now, it will seem inevitable.

    June 9, 2009

    Don’t believe the anti-hype: Twitter succeeds by leaving room for failure

    Filed under: Internet, code, innovation — wseltzer @ 11:57 am

    Don’t believe the anti-hype around Twitter.

    Twitter hype punctured by study, reports the BBC on a recent Harvard B school finding: The median user has written only one tweet, and “the top 10% of prolific Twitter users accounted for over 90% of tweets.” As though it sealed Twitter’s fate, the BBC adds:

    Research by Nielsen also suggests that many people give the service a try, but rarely or never return.

    Earlier this year, the firm found that more than 60% of US Twitter users failed to return the following month.

    “The Harvard data says very, very few people tweet and the Nielsen data says very, very few people listen consistently,” Mr Heil told BBC News

    Rather than taking the study as a condemnation, though, I’d suggest that the fact Twitter works despite the large number of “unproductive” users is a sign of success.

    More power to the Twitter team for creating a tool that allows so many people to try it so easily that the seemingly small percentage who get value out of it can find and continue using it. We should be celebrating what happens when infrastructure is cheap enough that we can accept that 60% just throw it away (even assuming all those non-tweeters aren’t using the service to listen). Rather than trying to force users to its model, Twitter has usually adapted to the customs its users have developed — and has responded to feedback when it breaks some of those conventions (see #fixreplies).

    I’d go further and say a platform is only successful if it allows for failure and “unproductive” uses. If we were forced to justify our photo collection by its first picture or our word processors against the number of poorly-argued misspelled first drafts we’ve written, would we ever get to round 10, where something good emerges? Making failure cheap makes success possible.

    [I like the free network service and cross-tweet there. I credit the Twitter team with recognizing the value in openness along many other important dimensions.]

    March 24, 2009

    Susan Crawford to the White House on Ada Lovelace Day

    Filed under: Internet, commons, innovation — wseltzer @ 4:01 pm

    Just in time for Ada Lovelace Day comes the news that Susan Crawford is headed to the White House as special assistant to the president for science, technology, and innovation policy.

    Susan is one of clearest thinkers I know on technology policy — which is critical to the continued development of technology (see, for example, her “Biology of the Broadcast Flag” (PDF), showing early the errors of technology mandates). She founded OneWebDay, an “Earth Day for the Internet,” and reminded a global community that we sometimes need to demonstrate the Web’s values in order to preserve them. She understands that the Net’s openness and accessibility has fueled innovation around it, and has thought deeply about how we (as public, industry, and government) can help to keep that spirit going.

    I’m thrilled to celebrate Ada Lovelace Day with the news of Susan Crawford’s appointment! I look forward to the advice she’ll be able to provide on the development of the open Internet.

    Next Page »

    Powered by WordPress