Previous Politech message: http://www.politechbot.com/2007/01/26/godaddy-pull-plug/ -------- Original Message -------- Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security domain name without warning [fs] Date: Fri, 26 Jan 2007 07:10:30 -0800 From: Marc Perkel <marc@private> To: Declan McCullagh <declan@private> References: <45B9C4BE.9060301@private> Declan, Last your GoDaddy yanked the domain for the data center where my computers are hosted. (nectartech.com) They managed to take thousands of domains offline as a result. I helped get them back online by recording two phone calls to their tech support department. http://marc.perkel.com/archives/000861.html http://marc.perkel.com/audio/godaddy.mp3 http://marc.perkel.com/audio/godaddy2.mp3 -------- Original Message -------- Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security domain name without warning [fs] Date: Fri, 26 Jan 2007 09:00:28 -0600 From: Buzz <buzz@private> Reply-To: Buzz <buzz@private> To: Declan McCullagh <declan@private> Declan, This may not be on the same scale, but I recently had a personal website shut down by GoDaddy. The site is for a humorous rock band some friends and I have been in for many years now (http://www.bhtch.com); it gets very little traffic. One day the site just disappeared. The site was hosted via SiteFlip, which is a reseller of SSLcatacombnetowrks.com. Getting into contact with SiteFlip was next to impossible, as they are one of those fly-by-night, email-contact-only web hosts run out of some guy's garage. The response I eventually got gave me no indication as to why the hosting was shut down, and it took massive effort by multiple members of our band to get them to let us get our data off their servers (essentially, they kept canceling our tech support accounts). As far as I was able to discern, they were told to shut us down by our registrar, i.e. GoDaddy. Mind you, we were never given any sort of refund of hosting fees. As far as I could tell, our site was never in violation of SiteFlip's TOS. Our domain does get spoofed a lot by spammers, as you can imagine, but I would have thought the Powers That Be at our host and registrar would possess basic postmaster skills like reading email headers. I used to work for an ISP as acting postmaster, and I can tell you it's not rocket science. Regardless, I've since transferred all domains away from GoDaddy, and I will never use them, SiteFlip, or any SSLCatacomb-related services ever again. I'm now with eNom, the registrar for ICDSoft, which is one of the best hosting companies I've ever dealt with. I've had other sites hosted with them for years with no problems, and their tech support is amazing. Cheers, Buzz -------- Original Message -------- Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security domain name without warning [fs] Date: Fri, 26 Jan 2007 15:26:58 +0530 From: Suresh Ramasubramanian <suresh@private> Organization: -ENOENT To: Declan McCullagh <declan@private> References: <45B9C4BE.9060301@private> Hey Declan Curious what you get when you add two and two together (and this case could very well be me getting an answer "twenty two", but still..). Myspace is suing Scott Richter for illegally accessing thousands of myspace accounts and posting spam bulletins to the friends list of those accounts .. And now there's this big list of myspace accounts floating around online. This stuff is quite possibly phished from myspace users, usually naive kids who routinely post the kind of personal information online that's an ID thief's dream come true, There's a huge amount of phishing spam targeted at myspace, so it need not necessarily be shoddy security on myspace's part. Coincidence? Or not? -------- Original Message -------- Subject: RE: [Politech] MySpace, GoDaddy pull plug on computer security domain name without warning [fs] Date: Fri, 26 Jan 2007 10:32:41 -0500 From: Richard M. Smith <rms@private> To: 'Declan McCullagh' <declan@private> As an aside, using the DNS system to censor Web sites is sometimes necessary. Back in 2004, a number of folks and myself investigated a piece of malware that turned people's home computers into Web proxy servers in order to host porn and phishing Web sites. Every 10 minutes, DNS records would get updated to move a Web site from one home computer to another. The goal was to make it hard to shut down the Web sites. I tried to get the domain registration company to turn off the domain names being used by the scammers, but had no luck. The system was finally shut down when analysis of the malware showed that a master host system at Everyone's Internet was running the whole show. Turning off the master killed the network of scam Web sites. Had the scammers moved the master system around to other hijacked home computers, the DNS system might have been the only way to turn off the scam network. Richard -------- Original Message -------- Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security domain name without warning [fs] Date: Fri, 26 Jan 2007 11:41:50 -0500 From: Paul Levy <plevy@private> To: <declan@private> We have had our own go-around with Christine Jones, after Domains by Proxy (an affiliate of GoDaddy) gave us very little time to get into court to oppose a subpoena to identify a Doe. It was like pulling teeth to get even a couple of days extension, and even though the time they were willing to delay compliance with a subpoena is much less that the real biggies like Yahoo! and Google insist on as a matter of course, she used similar words, "very generous," to describe her response to our requests. Of course, when a case is pending far from where you are (this one was in Arizona), the lawyer who wants to help needs time not only to review the case and prepare papers, but to find local counsel. We were able to get to court in time, thank goodness, and the court quashed the subpoena. http://www.citizen.org/hot_issues/issue.cfm?ID=1526 We attacked Ms. Jones her publicly for her company's grudging response to a customer's appeal for time to protect his anonymity, and although she responded by saying how hurt she was, we have actually found that she has been much more responsive WRT anonymity issues more recently, at least to us. We certainly commend her for this improvement, and her responsiveness has been useful to us as regular litigators representing clients trying to preserve their anonymity. Whether relying on personal relationships to decide when to be responsive to customers seeking to preserve their anonymity is a good idea for a company that wants to build its business by offering a "protect your anonymity" product is another question. The same reasoning would apply to her "good corporate citizenship" response to criticism over her willingness to pull a web site without notice or opportunity to respond and persuade. We can only hope that GoDaddy will learn from this experience and build a more reasonable policy for future cases. Your comment on the relevance of the DMCA also brings to mind the question about whether we should be thinking about reforming the DMCA takedown provisions both to ensure better protection for the "accused" end user who is victimized by this sort of demand, and at the same time extend the DMCA approach -- absolving the host of liability in return for entering into the takedown minuet -- to areas other than copyright. In some ways, one might shudder at the extension of a procedure that isn't working well for the end user, but on the other hand the big ISP's have, as a practical matter, extended the model to other legal claims through programs like eBay's VeRO. Given the current language of the DMCA (and the Communications Decency Act, which protects ISP's against liability based on hosting but exempts "intellectual property" claims), if a company claims a trademark violation, of a violation of other rights at the edges of intellectual property such as the right of publicity or trade secrets, the ISP has no protection against liability even if it gives notice, receives a put-back response, and then refrains from removal. Knowing the limits of the DMCA protection, companies routinely and rather cynically throw claims other than copyright into their takedown notices. There are a couple of ways in which the DMCA take-down process might be improved. Currently the ISP takes down content immediately upon receiving a Notice of Claimed Infringement (NOCI), then sends notice to the end user. If the end user files a counternotice, the ISP puts the material back online fourteen days later unless the content-owner files suit during that period. This system gives the content owner a free 14-day temporary injunction. A better way would be to notify the user as soon as the NOCI is received, and give a reasonable amount of time (10 days) to file a counternotice. If the counternotice is filed within the time period, the material will never have been taken down and the ISP will still enjoy the benefit of safe harbor. The content owner would then have to seek an injunction to take the material offline. Moreover, one might, for example, provide that once an alleged victim claiming wrongdoing initiates the takedown minuet and the user responds to the takedown notice, not only the complainant but the ISP also is committed to the process, and the ISP is BARRED from removing the material unless the claimant actually does go to court. At that point, the ISP should act as a stakeholder, leave the resulting action dependent on what happens in the litigation. Paul Alan Levy Public Citizen Litigation Group 1600 - 20th Street, N.W. Washington, D.C. 20009 (202) 588-1000 http://www.citizen.org/litigation _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Fri Jan 26 2007 - 09:24:48 PST