February 27, 2003

420 Redux

As I mentioned earlier, CNET and a few others are reporting on the seizure of a number of domain names by US law enforcement agencies like the DEA. As usual, the more mainstream press gets the story, well, just plain wrong. I'm not sure why they did this, but CNET mixed at least two stories together. The first, concerns the seizure of the ISONews website after the plaintiff had already entered a guilty plea.

No big deal here.

Where the story gets interesting is as it relates to the seizure of six websites by the US Drug Enforcement Agency. And what's even stranger is how they did it.

On February 25th, Verisign's zone files showed that the pipedreams.dea.gov DNS signature was the new home to six domain names. Stranger still is the fact that there are no other domain names in all of .com, .net, .org, biz or .info that call this DNS server home.

These domain names all used to call other DNS servers home - five different homes actually; bigstep.com, calpop.com, compuzone.net, feynman.net and stargateinc.net. So the question is, how did they move from their own homes to their new one run by the DEA?

Well, that's the interesting part. According to the internal structures of the internet, the DNS, they just did. There is no real record of who made the changes, why or under what authority. But it just didn't happen magically. Someone had to intervene and actually change the DNS record as hosted by the registrars for these domain names. So the question is, the story is - who did this and under what authority?

Standard practice may have been to lock the domain name with the registry so that it couldn't be transferred out of the juridiction to another supplier. Or, it could have been put on hold so that the internet wouldn't be able to see it at all. But this didn't happen - instead, someone edited the DNS because the DEA said so.

Let me repeat that - someone edited the zone files because the DEA said so.

Compound that thought with the reality that there are only really two practical ways to change what goes into the zone files. By editing what the registrar of record knows about the domain name and having them submit it to the registry for publication to the rest of the world - or - have the registry make the change to the zone directly.

What is unclear is where this change actually took place. Usually it takes place at the registrar, but technically the registry can do it - they're just not supposed to. According to the 2600 article, the whois data at some of the registrars like GoDaddy and Register.com displayed data that would be consistent with the registrar editing the data directly. On the other hand, Verisign's whois displayed data consistent with that which would have been edited directly at the registry with no involvement by the registrar.

If the former is the case, then we are left with a question as to whether or not the DEA is over-reaching their mandate. If the latter is the case, we are left with that question and a new one - why would Verisign edit the zone files, without the involvement of a registrar, at the behest of a government agency?

This is a problem and we need straight answers now.

We need to know why this happened for the very simple reason that there is a massive difference between domain names, DNS and the World Wide Web. Government needs to take care to ensure that they are enforcing their laws in an appropriate way. Now, instead of alleged criminals simply being off the air while criminal charges are being sorted out, we are left to deal with a dangerous precedent - that an agency of the US Government has stepped in and arbitrarily determined what was published into the zone.

I don't have a serious problem with one government agency caretaking the zone - I do have a problem with a bunch of them messing with it. I sincerely hope that the DOC tells the DEA to go find their own sandbox. I also hope that we get some straight answers regarding how this actually happened, under what authority and by whom.

Posted by ross at 11:33 PM | Comments (0) | TrackBack

Verisign Sells Out Industry to DEA?

[Update 18:33] There seems to be a lot more at work here than I had originally noted. I'm going to clean up a lot of these updates later on when I get in - suffice to say, I'm not comfortable with the actions of the USG and the lack of clarity concerning what authority they acted under is very concerning. I no longer think that this was a sell-out as I had initially presumed - there's something far worse at work here. You read the redux here in which I try to what happened.

I am simply amazed that Verisign would cooperate with the feds to the degree that they would hand-over domain names to the feds - nameservers and all before the courts have made a determination. CNET has the full story. Feds confiscate 'illegal' domain names | CNET News.com

Apparently Virginia law presumes guilt before and during the until proven otherwise part...

More on this when I've recovered some from my rather emotional (I really can't believe how heinous this is) initial reaction. I'm sure that this will be picked up rather quickly across the internet.

[Update 12:20] So I've read this over again with a little bit more care and it seems that Verisign would be acting under the authority of the judge presiding over the matter. I still don't like the implications however - someone has made the leap of faith that domain names, dns and webserver content can all be treated the same.

In fact, they are all very different and probably deserve different treatment. Extend this type of treatment to domain names, dns and email and some of the problems that this leap of faith causes quickly comes into relief. The mappings between content and routing identifier is tenuous and rarely direct - the law needs to take this into account lest we get more bad law.

I've not heard Verisign's side of the story, but I sincerely hope that this was not an issue of choice for them. If it was, they made the wrong one.

Posted by ross at 12:14 PM | Comments (0) | TrackBack

How suite it is...

So I've been sitting here for the last two hours, at home, pulling together the data that Bhavin asked for in response to Verisign's waffle. I've been listening to good morning music - springsteen, jewel, CSNY and other equally easy to digest at this early hour type music.

It all of a sudden occurs to me how cool the internet actually is. (Like, where have I been for the last seven years...)

I'm sitting here listening to tunes that I'm streaming over ethernet from my homebrew media server researching data located in California in response to a post to a mailing list that is managed by someone in France. And its all pretty seamless thanks to the various applications that make it all possible.

Even cooler, the internet also provided me with a neat distraction just now. I don't really listen to lyrics, so occassionally I will google a song title and append "lyric" to the search just to get a bettter idea of what the vocalist is yodelling about. This time it was "Suite Judy Blue Eyes" that made me realize I had no idea what the song was about. I absolutely love the translation of this closing refrain...

How happy it makes me to think of Cuba,
the smiles of the Caribbean Sea,
Sunny sky has no blood, and how sad that
I'm not able to go
Oh go, oh go go

Suite indeed. I'm beginning to love what the internet is turning into - for me at least. I hereby dub today "First Annual 'Thanks for Open-Standards and Affordable Access' Day" here in Radersburg.

Posted by ross at 08:55 AM | Comments (0) | TrackBack